
BCHS Stack - BSD, C, Httpd, SQLite - fcambus
http://www.learnbchs.org/
======
ohitsdom
> "BCHS (pronounced /biːtʃəz/, beaches) is for real development. It's a
> hipster-free, open source software stack for web applications."

Everything about how this is written is _so_ hipster. Cool idea though.

~~~
orf
I thought that, seems to me writing web apps in C is one of the most hipster
things you can do.

~~~
ocschwar
I'm using an obscure assembler. You've probably never heard of it.

------
tracker1
I'm not sure how this is significantly better than using say Rust or Go with
sqlite embedded, which can be built statically and target any number of
hosting platforms with less chance of memory bounds, leaks and the host of
issues that tend to surround applications built in lower-level languages at
any kind of scale.

It's a nice advertizement for OpenBSD, and in general, I feel the BSDs don't
get enough recognition as an alternative to "Linux Everywhere"... that said,
I'm not in favor of C as a core tech stack language for higher level line of
business applications, which is a majority of software developed (in isolation
from other, or more popular or more widely used software).

~~~
girishso
IMO Nim language (which compiles to C) is a better option than writing web
applications in C.

[http://nim-lang.org/](http://nim-lang.org/)

------
wwweston
Having actually written web applications with C as my very first web-dev job,
my opinion of this is... not high.

I'm sure at this point there are better abstractions to use (nobody knew how
to structure a web app way back when) and there's less ad hoc templating and
other string cobbling now, but I can't imagine going back unless there were
compelling performance gains I needed and couldn't get any other way.

C also:

[https://news.ycombinator.com/item?id=6402885](https://news.ycombinator.com/item?id=6402885)

------
jitl
Seems like a hilarious parody. The only problem is that it isn't typeset in
Comic Sans, the official font of the OpenBSD web presence.

------
nickpsecurity
I like this little project. Nice combo. Let's take it to another level:

BALS (pronounced "Balls"): What you have when you combine [Open]BSD, Ada,
Lighttpd, and SQLite. Smokes BCHS in both safety (Ada) and probably speed (web
server). Especially when you rewrite the web server in Ada/SPARK with all
checks on. :)

~~~
feld
Is lighttpd still in use? It's had terrible memory leaks gone unfixed for
years and the development is awfully slow.

~~~
nickpsecurity
Idk. I thought YouTube ran on it, it was fast, and also lightweight. I figured
hackers already had plenty of goes at it given that.

------
atmosx
"hipster-free" really? :-) I think it's the definition of _hipster_ : Low
value framework(compared to established web frameworks), will be used a bunch
of devs for corner cases OR (mostly I guess) to brag about it (on hackernews,
reddit, mailing-lists, forums, chats, etc.)

That said, I'm glad it exist, the more choice we have the better :D

~~~
mixedCase
Hipster is one of those words whose meanings have shifted over time towards
their complete opposite.

In this case I believe it goes hand in hand with the "hipster look" growing
into the mainstream a few years ago. With many people going for the "I'm not
like other people" mindset, ironically they ended up looking like everyone
else in the "hipster" group, thus kind of reversing the meaning of the word in
the eyes of most people.

<flameshield> In the case of the programming world, Ruby/RoR used to be the
go-to hipster language/framework, but even as Rails grew into the mainstream
with big actors like Microsoft adopting bits and pieces from it for their own
tooling the label never really left, creating a situation where you have a big
popular... hipster thing. </flameshield>

------
koolba
> BCHS (pronounced /biːtʃəz/, beaches) is for real development. It's a
> hipster-free, open source software stack for web applications. To prepare a
> BCHS environment, install OpenBSD. Then get started.

Referring to something as "hipster-free" automatically classifies you as
hipster. It's similar to how asking " _Am I cool_?" automatically disqualifies
you from being cool.

------
victorhugo31337
"It's a hipster-free, open source software stack for web applications." :-D

~~~
tlrobinson
Doesn't the act of declaring yourself "hipster-free" in some way actually make
you "hipster"?

~~~
btreesOfSpring
the hipster proclamation paradox.

~~~
rvense
For a brief period in 2009 I decided to self-identify as a hipster, to like
totally short-circuit the concept, man.

But nobody really cared much and it's not come up since.

------
legulere
There's buffer overflows missing in the list of features.

~~~
akadien
That's better than the hipster references. Well done!

------
btrask
With sufficient sandboxing, and depending on the needs of the site in
question, this is actually possible to do securely.

When you use sandboxing properly, the security of your application doesn't
depend on how complex it is or how many features it has. This is a huge
advantage over secure programming languages, where bugs are less likely but
still some constant factor of KLOC.

That said, not every application can be sandboxed easily.

------
Hydraulix989
Man, there's so much irony with using OpenBSD (an OS designed with security in
mind) with a web app written in C.

While half asleep the other night, I randomly found a very obscure but also
dangerous remotely exploitable buffer overflow in C++11 code I had written a
while ago -- it's still very possible even with a modern C++ codebase.

~~~
Sanddancer
Keep in mind that OpenBSD also has a very much locked down malloc in addition
to everything else, so buffer overflows are more likely to crash loudly and
quickly than to corrupt data and/or allow for exploits. The malloc used in
glibc -- ptmalloc2 -- is absolutely terrible for pretty much anything modern,
and really should be set on fire and pushed off a cliff.

~~~
Hydraulix989
Out of curiosity, does the Android OS use ptmalloc2? I'm using the NDK for my
current project. How performant is the OpenBSD allocator in comparison?

~~~
Sanddancer
Android uses dlmalloc, which is basically the parent of ptmalloc2 and rather
similar. With using the NDK, I have doubts that you'd be able to mix and match
mallocs. I'm not finding any benchmarks one way or another with OpenBSD's
malloc, other than the caveat that in debug mode, it becomes a lot slower, so
I imagine that performance is similar.

------
geofft
> [http://man.openbsd.org/OpenBSD-current/man1/gcc-
> local.1](http://man.openbsd.org/OpenBSD-current/man1/gcc-local.1)

Wait, is it really true that OpenBSD's gcc is from the 4.x series?

Apart from the general idea that you shouldn't be writing network-facing
software in C when good alternatives (Rust, Go, C++11, Haskell, just about
anything else) exist, there's a lot of good work happening in _upstream_ GCC.
How up-to-date is OpenBSD's -fstack-protector compared to GCC 6's?

> _Write portable and secure C._

If you're running on the BCHS stack, why? And how is it possible to reconcile
this with the suggestions to use systrace(4), pledge(2), and capsicum(4),
which aren't even portable _among the vibrant BSDs_?

------
protomyth
On a non-joke tangent, I do like the new httpd for OpenBSD. It works quite
nicely for our small websites.

------
Millennium
That acronym has some... unfortunate... plausible pronunciations.

~~~
dsabanin
Looks like it's official pronounciation:

BCHS (pronounced /biːtʃəz/, beaches)

~~~
ht85
I'm Reach Beach

------
mrweasel
Should I be concerned that all the FastCGI links are to an now dead site and
that fcgi seems to be unmaintained?

------
smitherfield
I'm 95% sure this is a joke; like it links to this site:
[http://www.fastcgi.com/](http://www.fastcgi.com/)

~~~
aidenn0
That was previously the home of the fast cgi specification.

------
danieltillett
I should write up my stack BSTD (pronounced b'stard) - BSD, SQLite, TUX, D.

------
k__
I used SQLite for development sometimes, how good does it scale in production?

~~~
petercooper
SQLite is one of the world's most popular databases in production (I heard
it's _the_ most deployed database in the world, but I'm not entirely
convinced) so it surely can't be _awful_ at least..

For webapps, it's a mixed bag. I've run a few sites with low 6 figure
pageviews per month (i.e. as big as probably 90% of all sites) on it without
problems but in situations with high levels of concurrent writes, it's
classically been advised against. If your app or framework of choice likes to
timestamp every database record it touches or logs heavily to the database, be
careful ^1.

(^1 - SQLite 3.7, which I've not played with yet, supports a write-ahead log
mode which means writers and readers don't block each other. This could
resolve a lot of potential performance snafus.)

~~~
kentonv
> I heard it's the most deployed database in the world, but I'm not entirely
> convinced

That's absolutely true but not really a fair comparison. sqlite is the go-to
method for storing structured data in desktop and mobile applications
(Android, iOS, Windows, Chrome, Firefox, ...), accounting for many billions of
installations, whereas the other things that people usually call "databases"
(e.g. MySQL) obviously aren't meant for that use case.

------
Hydraulix989
Sqlite isn't even sharded, good luck scaling your next unicorn startup!

~~~
nbevans
Except that it can be sharded just by splitting your databases on to separate
storage mediums. Dismiss SQLite at your own peril.

~~~
Hydraulix989
I can't downvote yet, so I'll just _facepalm_ instead

~~~
nbevans
Reinforcing the stereotype I see.

------
oxplot
Given that a C server is most likely multithreaded, wouldn't it be more heavy
weight than an equivalent green thread/coroutine setup like golang?

------
abimaelmartell
I've worked with that exact same stack before, it's pretty fun, there's a lot
of cool libraries and tools for C.

------
akadien
Almost as funny as [https://threatbutt.com/](https://threatbutt.com/)

------
cpach
I really like the design of this page!

------
aidenn0
I wonder why slowcgi over libfastcgi?

------
khattam
It is kinda funny... but it would be funnier if this was not a joke.

------
zxcvcxz
>forget your LAMP instincts to desperately search Google and StackExchange for
every parameter: man pages are your new best friend.

The amount of arrogance here is astounding. For one thing it's a trope that
Linux doesn't have good documentation, RHEL has better docs than anything I've
seen from BSD. C is a whole software language and AFAIK you can't just "man c"
and even if you could why would you want to read the whole manual/handbook for
the C programming language to figure out something trivial? You would google
it anyway.

The only reason using man pages on BSD might be better than google is because
90% of the answers you'll find on google will be from a Linux perspective and
you'll have to do a second search to figure out how to apply the answer to
BSD. Yes, 90% of the time the Linux solution will work on BSD but the 10% of
the time when it doesn't is a huge pain.

~~~
d3ckard
That was my first thought too, but there actually might be something to it.

The thing about man pages is that they require effort and force you to develop
deeper understanding about the tools you use. From that perspective, it can
actually be helpful to apps quality. I genuinely think that most of web
developers now (myself included) got used to solving problems by quick and
dirty means. Our whole development process seems to be based on piling
technical debt until we can't figure out what's going on.

I'm not actively encouraging using this stack for development, but as a wake
up call it's not without merit.

------
ninjakeyboard
Lol this is funny.

------
nothrows
this page is garbage. no useable information what so ever. just a fucking joke
site

