Hacker News new | past | comments | ask | show | jobs | submit login
OpenBSD imports nginx into tree as future apache replacement (marc.info)
137 points by b3n on Sept 24, 2011 | hide | past | web | favorite | 37 comments



Pretty amusing, in a weird sort of way (perhaps just a sign of some stupid tech-snobbery on my part) to see a very recent message indicating that a large, pretty high-profile and deeply entrenched and respected software project is using CVS.

I'm so used to the constant bombardment about Git (and other DVCS:es) here, that even projects using Subversion seem to be a bit "left behind", and here's all of OpenBSD doing their thing with CVS.

I guess it proves that the tools aren't everything.


In defense of CVS (which I personally wouldn't use anymore today), there's still a point to be made for being to able operate your VCS with only a handful of (mostly) unambiguous commands and having all of those exhaustively explained in a single man-page that doesn't fill a book-shelf.

Especially git has been doing a rather poor job at insulating the user from the immense complexity that the added flexibility incurs.

This is one area where our fancy new DVCS still have to learn from their ancestors.


The usage of CVS as the OpenBSD version control system comes up once in a while on the mailing lists (usually brought up by trolls or people new to the community).

Many OpenBSD developers are used to CVS and don't see a strong reason to change to another system. However, they are aware of the deficiencies of CVS, and OpenCVS is supposed to fix some of them. For instance, atomic commits was on the roadmap (but I don't think it is implemented yet). You can also regularly see commit messages complaining about problems with CVS.

I know some OpenBSD developers use Git locally to track their patches before committing them to the official repository.


Also, not to be ignored, a transition doesn't happen by flipping a switch. There is a good writeup by the postgres team about switching from CVS to GIT:

http://lwn.net/Articles/409635/

Time frame: three years for a safe transition.

You should weight carefully whether thats worth it.


Its a rewrite of CVS with the emphasis on security:

http://www.opencvs.org/

Edit: this project may not have actually happened - my apologies.



opencvs (which you linked to) is not installed by default, we still install the gnu cvs version (in gnu/usr.bin/cvs).

opencvs is run on some openbsd anoncvs mirrors, but is not used on our main cvs server nor used by many developers.


The Lua team at PUC-Rio still use RCS. They have a "closed development/open source" model, and they only need to coordinate patches between 3 or 4 people who all work at the same university, so it's probably not as crazy as it sounds.


It's hard to change when you've used a tool effectively for so long. How long did Linus resist using ANY source control software?


Didn't he initially use some proprietary tool called BitKeeper?


Not initially, but he did use it for a while.


>I guess it proves that the tools aren't everything.

Sort of, it proves that a psychotic mob of minutiae obsessed sufferers of Autism are capable of incredible productivity in spite of anachronistic tooling.

Cf. people that build houses using pre-19th century technology and refuse to use modern plumbing.


Tools are just means to an end. The OpenBSD devs can write better software with punch cards than you can with a modern language. Take your hipsterer-than-thou attitude and shove it.

tl;dr fed the troll.


>The OpenBSD devs can write better software with punch cards than you can with a modern language.

I'm a coder that lives inside of Emacs and m-x shell. What about what I just said would make you believe anything other than that I consider the person to be more important than the tool?


OpenBSD developers are autistic and psychotic?

Fuck off, and die.


Relax, there is no reason to get so worked up about a little trolling. Someone who just two hours ago told us that his favourite tools are emacs and a terminal emulator certainly doesn't have any weight in the anachronistic tool debate.

Most people are unaware of the OpenBSD workflow, and cvs commits are only the final step in it. There is little "active" development done with cvs. It's for the most part used to commit already reviewed patches. Plenty of developers seem to manage their patches with other systems, including git.


>his favourite tools are emacs and a terminal emulator certainly doesn't have any weight in the anachronistic tool debate.

That should've been your hint that I have an admiration for them and their project.


>>it proves that a psychotic mob of minutiae obsessed sufferers of Autism are capable of incredible productivity in spite of anachronistic tooling

>That should've been your hint that I have an admiration for them and their project.

You called the developers a psychotic mob of Autism sufferers. A hint of admiration, you say?


I'm not sure mere mortals can really implement secure cryptosystems.

The only normal/personable coder that could is probably cperciva.

OTOH, you have Theo.

shrugs Point stands.


Does OpenBSD still maintain their own fork of Apache 1.3? If so, that might explain their interest in a replacement.


yes, it is heavily patched to support things like IPv6 (which the Apache foundation claimed was "impossible"). However, the code-base is getting a bit long in the tooth, a more modern replacement will be nice. I am curious however about how they are going to implement CGI with nginx, as tons of applications still rely on this.


nginx supports FastCGI, and CGIs can be supported via fcgiwrap and similar tools, it works remarkably well, and configuration's easy.


Nginx is a well-engineered piece of software. The only problem, in my opinion, is that does not support loadable modules; any features you want or don't want need to be configured at compile-time, and those are only the official ones that are part of the mainline code. Third-party "modules" such as Phusion Passenger are essentially patches. Since Nginx has a modular architecture, those patches are admittedly very clean, but it's still a pretty ugly situation compared to Apache's elegant loadable module system.


For a base web server included in OpenBSD by default, I don't think dynamic loading is actually a huge win. Auditing and hardening a single, statically-compiled binary is easier than doing the same thing for one that loads shared objects at runtime.

Since adding and removing Apache modules already requires a restart of the httpd process, a good source-based build system like ports can make adding and removing modules via build flags nearly as straightforward as dynamic loading.


Not for OpenBSD, maybe, but for other operating systems based on precompiled binary packages. Nginx uses a forked worker model that probably would allow adding/removing modules without restarting the entire server.


Considering that you can upgrade the binary without any downtime then yeah, it probably would. I personally think there are bigger issues that needs to be covered first, such as support for persistent connections to backends and HTTP/1.1 support when reverse proxying. (Was just added in 1.1.4, now it just needs testing!)


I'd like to see DSO support for nginx as well. The lack of this feature is the reason I still haven't moved from Apache.


It works if you have a package management system like gentoo, that compiles from source, or the BSDs, just not most Linux distros.


Though not a bsd user myself, I'm glad to see this happening. A few extra security-minded eyes on the nginx source code can only make it better.


I presume they mean nginx will be the default web server, rather than removing Apache altogether? You can't just replace Apache with nginx, they're two different pieces of software - admittedly with some overlap.


> I presume they mean nginx will be the default web server, rather than removing Apache altogether?

It says "to provide an apache replacement for base." OpenBSD has a Base system, plus it has Packages and Ports. Packages and Ports do not go through the same security audit as the Base system. Currently the version of httpd in Base is 1.3.x, which is all patched and secure, Packages/Ports has httpd 2.2.x. I suspect they mean nginx will replace httpd in the Base system, while httpd will still be in Packages/Ports.


Or in other words it'll be on the CD and Apache'll be in a repo.


No - that's not how things work in *BSD systems.

On Linux distributions, all software is typically "equal" - everything is a package, and the only difference is what repository it comes from.

In BSD, the base system and ports are entirely distinct. The base system is a single coherent unit installed and upgraded as one piece (although the installer allows you to omit some portions of it).

The ports provide additional software packages installed and managed separately on top of the base system. The base system is maintained and patched by the core developers and officially supported by the organization. The ports are provided effectively as a convenience, and are not covered by the same security and maintenance procedures as the base system.


nginx doesn't have to be a drop-in replacement for apache in order for it to succeed apache as the base system's web server.


Some more discussion on reddit where the original poster found this link and title: http://www.reddit.com/r/BSD/comments/kp3e7/openbsd_imports_n...


what's the usr.sbin in the path? why isn't that usr/sbin? this looks like some convention i've never met before (and i have no idea how to google for it...)


It looks like this way of organising the source (src) tree started in 4.1BSD (1982?). Before that, all the commands lived under /usr/src/cmd/. See http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.1cBSD/usr/src and http://minnie.tuhs.org/cgi-bin/utree.pl?file=4BSD/usr/src

I guess it's there to flatten the source tree depth and probably had something to do with tiny disks of the time, shells without tab-complete or it was just a whim. In any case the convention stuck and it is now that way in all modern BSDs.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: