Tuesday, June 14, 2005
Now that the MS propaganda is out of the way (in the first message...), let's look at a few things.
A good argument can be made that Linux is at least as mature as Windows. The operating systems have been worked on for approximately the same length of time (if you consider the fact that XP and 2000 are basically expanded-but-less-stable heirs to NT 3.51, one of the best operating systems *anybody* ever made). Microsoft has thousands of developers working on their products; some of the smartest, most able developers in history using one of the most fundamentally flawed development models in history ("Code Complete"). Linux has far fewer full-time developers (yes, there are a few, scattered here and there - Red Hat, IBM, OSDL and so on), but their development model (open source via distributed projects) and release model (when it's ready, and not when marketing/CxOs say it has to go) is far superior in terms of quality delivered to the user.
Apache is the leading Web server in the world, without serious question, on a wide variety of platforms. Microsoft IIS is now, as of version 6.0, a quite-capable system which, properly patched, does not appreciably degrade the security of the hosting system. But too many Microsoft platform-hosted sites fell as easy prey to crackers for too many years; the cast-in-concrete conventional wisdom is that Microsoft-hosted sites are by definition vulnerable. Hence, the wholesale centralisation on Apache as seen in all major Web-hosting surveys, notably Webtrends. Apache comes with most Unix and Unix-like operating systems (including Linux, BSD and Macintosh OS X), and is also offered for Windows. For better or worse, the majority of the world is now standardised on Apache. [Though, to be honest, my recommendation to my clients who are concerned about security overall is to host on Mac OS X using StarNine; that platform is how the US Army solved their long-standing Web security woes, and if a monoculture is bad in operating systems, a common argument among anything-but-Microsoft types, why is a monoculture among Web servers any better?]
MySQL has for some time been the best-known and most-widely-used open source database system, and MySQL AB one of hte most successful companies based on an open-source business model. MySQL 5.0, with the long-awaited support for stored procedures (among myriad other improvements), is certainly capable of handling the needs of just about any small-to-less-than-humongous application thrown at it. It may not have all the features or speed of DB2 or PostgreSQL, but it is certainly adequate for the task. And since it, like Apache, is not tied to a single platform, sites can upgrade their hosting systems to meet increased usage needs without modifying existing code, queries, tables, etc.
The P part of the LAMP acronym, being expanded as either PHP, perl or Python, depending on your environment, offers many of the benefits alluded to earlier. With open-source implementations of all three commonly available for numerous platforms, code created in any one language on one platform is portable to other platforms, and properly-designed and -written code can be reused across applications. With the variety of choice between PHP, perl and Python (all interpreted, server-side scripting languages), users have the ability to choose any based on their needs, without getting tied to any one single vendor (even with Zend's preeminence over PHP). Being open source and freely available, anybody can learn the basics quickly, and it is not terribly difficult to find experienced developers for any given project.
Finally, another great benefit of LAMP to businesses, particularly in the post-9/11 world, is auditability. For the first time, it is now possible for *any* business to review, or engage competent auditors to review, each and every single line of code running on a major line-of-business system. System managers have complete and total control over their systems, being able to install exactly and only what is needed for a particular task or set of tasks, and to continuously verify security and monitor actual or attempted modifications to the system. This level of granularity and control simply is not practical in *any* closed-source, proprietary system, and is a major source of LAMP's appeal to security-aware businesses.
It is easy to see why the mainstream IT media is starting to notice that smart businesses have been using LAMP for some time, with sizable growth in the last couple of years. The real question is why ZD, in particular, has been denigrating it for so long. That has provided ill service to its readers.