Hacker News new | past | comments | ask | show | jobs | submit login
Gwan – a fast 150kb web server supporting 14 scripting languages (gwan.ch)
80 points by MrBuddyCasino on Aug 4, 2014 | hide | past | favorite | 34 comments

"GWAN isn't designed to be a robust webserver, it's designed to perform exceptionally well in contrived and outlandish benchmarks [...]"

from http://tomoconnor.eu/blogish/gwan-snakeoil-beware/

Very interesting, and - entertaining. I've had a feeling something was off, looking at the website. If something is too good to be true, it probably is.

Perhaps I'm overly critical and/or cynical, but it's difficult to take this page seriously when there's a graph right at the top showing that IIS 7.0 Windows / C# can handle 0 concurrent users per sec.

Either this is a poor attempt at humor (indicating a naive or dangerous opionated author), or the testing isn't thorough (indicating the author isn't thorough enough to care despite making very bold claims about similar software). Neither lead to very promising conclusions about the quality of the software.

If you look closely, the point is a little past 0, perhaps 5-10.

I've read somewhere that, a laboratory has been able to to acheive this level. I'm unable to find the article to back this claim up, however.

(I'm a .NET developer)

That article then proceeds to say absolutely nothing about its performance.

From reading the article, it's clear that repeated tries didn't yield a working server. I'm not surprised that there was no performance testing of something that does not work at all.

I wrote that (the article, rather than the software), incidentally.. The most interesting thing that happened was that it prompted a Disqus flame-war where I was inundated with comments on that post, and a whole bunch of others from G-WAN employees (and their friends - I presume) taking pot-shots.

I realise that my writing style can sometimes be seen as abrasive, but I still don't think that I've done a very good job of explaining my surprise that a) GWAN exists at all, or b) people are actually using it..

I spent a whole weekend trying to get my head inside it, and eventually gave up, after wondering what on earth I was doing.

Oh, and their examples are weird. I found this snippet earlier on, and it made me go “Huh?”

    if(s[0] == '%' && s[1] == '2' && s[2] == '0') // escaped space?
That can read past the end of the string if it ends in a '%'. The length check is missing. Maybe it's not such a big deal here, and this is only an example, but if the author's examples are this sloppy, and we can't see the actual source code of his server, then it's hard not to generalise.

It will not read past the string if it's null-terminated.

It took me a moment to figure out why that won't happen. It could use a comment in that place.

"G-WAN is the Gentoo of the Application Server field."

False. Gentoo is all about control and configurability.

I kind of feel bad when this project gets a bad rap online. Lets look at the pros and cons :


1. Very fast


1. Author looks unstable. (S)He may leave the project causing technical debt. Mitigation : Use the proxy in some standard way ?

2. Author's criticism of open source. Seriously ? You will not use someone's software because of his/her political opinion ?

3. Non-open source. How many of us use Windows ? Linux with binary blobs ? Fully open processors ?

4. Author seems conceited. So what ? (S)He managed to do something no one else has, shouldn't (s)he be proud ?

I agree with you. There are legitimate reasons to only want to use open source software, but the people who take it to the extreme and get angry at other people for choosing to use closed source software, or who think closed source software should not exist, kind've irk me.

This is probably not a product I would ever recommend to anyone. It's not a product I would deploy myself on an important project, but the level of negativity and name calling against the product and the author is completely unwarranted. He has a right to his opinion, and he has a right to distribute his product however he wants. You have a right not to use it and to criticize him - but keep it respectful!

More cons: - cheating for benchmark's sake (https://news.ycombinator.com/item?id=4735670)

Also, quoting Wilde instead of Sorros would be infinitely more classy :-)

e.g.: "Experience is simply the name we give our mistakes." - Oscar Wilde

More cons:

5. Nobody appears to use it. No community.

6. Example code is bizarre and irrational.

7. Benchmarks are probably not representative of real-world workloads.

whilst performance does look staggeringly good, it is entirely negated by the pitiful rationalisations made against not being open source. given everything that's happened regarding privacy recently, why on earth should anyone trust their binaries?

it might fly in the world of Windows, but i can't see this becoming a thing on Linux.

Yeah, it inspires a reaction of "these numbers look surprisingly good" followed by "the only evidence I have for its performance is that a person who is clearly crazy claimed they got these results".

I would like to see some independent testing, by somebody who is alert for benchmark-cheating hacks.

I'm sure I read that it only works on *nix environments, because Windows execution is slower. If true, it doesn't fly in any worlds.

if you are considering it for any serious use, may be you want to refer previous discussion.


This comment is helpful: https://news.ycombinator.com/item?id=4110471

it seems to do what it says

Awhile back I tested this by making my own lib which did sleep and then print a random number, it worked fine, but the moment I did a benchmark, with randomized cookies and other things, which is read from inside the source, all requests returned the same result.

This server will not respect contexts which will change what the user sees. It just games the benchmarks with an in-memory cache.

150KB? No... it's packed with UPX. Unpacked size is over 400KB.

This, and the fact that he seemingly chose to obfuscate random strings in the binary with an absolutely trivial cipher, make me quite wary of trusting this.

A few releases ago, it was also killing (with segv!) whatever process was observing the server with ptrace(), such as gdb or strace. I ended up unpacking and firing IDA; found the routine, and yes, that was exactly what was happening. I don't know if the current version does that anymore.

Sure enough, trustleap.ch offers custom crypto, too. Quote: "TrustLeap will protect your data forever [...] we can do so without disclosing how it works."

These guys are, in all likelihood, selling gourmet food snake-oil.

The frontpage describes what it actually supports:


Interestingly they do not provide a windows version of the server, citing it being slower than the nix one, which entirely ignores that quite a few people develop on windows and deploy to nix.

Edit: Oh wow.

http://gwan.ch/insurance : "To Secure your Investment on G-WAN... ...Buy G-WAN's Source Code!"

To be fair in enterprise software we end up with escrow agreements all the time. It’s not that crazy. Can’t speak to the author of the project, just this one little snippet.

Oh wow, since 2009, I tried it at work for a minute, it was indeed very fast. That's all I can say. He should have let the old version online just for the sake of trying.

Looks interesting, but the C# benchmark is horrible.

There's no way a properly written C# program would take IIS + ASP.Net C# ............ 171.8 ms! A bare bone Katana/OWIN self-hosted hello world echoing endpoint can easily surpass 5K+ req/s while the equivalent ASP.NET MVC hello world echoing endpoint can surpass 3.5K+ req/s with the standard routing.

I suspect the biggest contributor to the slowness is all that string concatenation - because every 'version' of a string is hashed and stored in memory e.g. "a" ["a"], "a" + "b" ["a","b","ab"] etc. (use StringBuilder or write directly to the output)

I suspect the Java benchmark also suffers due to this. (use StringBuffer)

I couldn't find the windows version, sorry. But I found someone who has built a cms ontop of this server.


Also there seem to be some people creating projects with it on Github: https://github.com/search?p=1&q=gwan&ref=cmdform&type=Reposi... I thought you might be interested in the code :)

So where is it in use?

I am always skeptical of any claim of more than twice of an improvement over things that are already highly optimized (like nginx).

Found this list of "customers" http://twd-industries.com/customers.html but not sure if gwan users or what websites.

g-wan website needs a redesign for certain

I think it performs really well on some crappy vps's. That floating point exception is happening with the newer kernels, but who really cares. The claim with php (500k requests) they actually managed to get there with ph7 (which is way off). Still, even so, you could use gwan to get some high performance out of your static files.

Unless you're only serving static files (on a 10Gbit+ connection) or are still running Apache/IIS, the web server is not the bottleneck, it's either your (Python/Ruby/Node/...) code or the underlying database.


How trustworthy, the person that is listed after the Developer is his legal backup.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact