Developer, author, musician, global domination theoretician
@JaimieSirovich @nitinanuj @vankenn @kschroeder You are exactly right. Apache will do better with 100% dynamic requests. Only by a little, but it will do better. Nginx/PHP-FPM is best with a combo of dynamic and static content without a LB. Apache (w/ prefork) is a better choice when it is only dynamic content and it is protected by a high-concurrency proxy server to protect it against connection persistence.
In the end, the blog post was to explain why Nginx/PHP-FPM was better than Apache, which is the claim that I've heard said over and over. As should be expected, and to my surprise, the answer is, as always, "it depends".
3 months, 2 weeks ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@nitinanuj @vankenn @kschroeder Yes, achieve, but practically that will only happen in the event of a significant problem on the system. The original comment was that you could breach the 65k connection limit using FastCGI. My comment was stating that from a practical standpoint that limit should never be an issue because in order to do that you would need multiple 10's of thousands of CPU's to handle the level of concurrency required to hit that number of connections.
@vankenn This post is to say that while Nginx is good with one type of workload (static files, lots of connections) that doesn't automatically make it better in all scenarios. In fact, in most low-medium traffic scenarios Apache is slightly better. Nginx RAM usage has nothing to do with Apache memory usage; it is PHP-FPM which is better, though I have talked to Sysadmins who have reduced it significantly through module removal and configuration options so that Apache and Nginx/PHP-FPM are on par.
The bottom line of the article is that Nginx isn't automatically better than Apache. The answer, as with most questions, is "it depends".
@vankenn @kschroeder @nitinanuj 43,000 concurrent PHP requests on 72 cores? That is 597 requests at a time per core. I doubt it. Or you're running a Hello World app.
@BrianLayman ... I think I may have had "a pour" when writing this...
5 months ago on 3 things to do that can make you completely successfull
@BrianLayman Yep, it does show that Nginx is faster than Apache. I was hoping that Apache's Event MPM would bring Apache close. In the end it doesn't. The "faster" that I referred to was that Nginx has been reported to be faster than Apache and is, therefore, always a better choice. My quick test was the previous blog post that I referenced which showed that, when running PHP (that's key), the Apache prefork MPM is faster. Just a smidge, but faster. That benefit goes away, however, once static content is included at which point Nginx is faster.
5 months ago on Performance of Apache 2.4 with the event MPM compared to Nginx
@Gwyneth Llewelyn A "true" PHP application would actually make the results a little more murky because the test would likely involve more logic to be executed. And, largely (though there might be some circumstances that might negate this), once you are in PHP, the web server doesn't matter much. As such the true performance difference would be minimized. The actual performance difference between the two, once a true PHP application is executed, is negligible and the performance benefit from Nginx largely comes from dishing out static content.
@Kinsman Thank you for your comments. I don't hear much from those in your position; most of the people I know have done straight foster. Because of the adoption updates I received I usually viewed it from the perspective of having failed kinship placements, seldom thinking about what a "successful" kinship placement looks like and so your story is important to me. Thank you for what you do and I pray for your strength.
6 months ago on What being a foster parent is really like
@nitinanuj Then you'll need about 30,000 cores to handle those requests, so it's not something I'd be too worried about.
11 months, 2 weeks ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@JaimieSirovich @kschroeder @Jason Yang @petewarnock I don't know exactly what goes on behind the scenes, but the thread safety adds a significant amount of overhead. Enough so that even Microsoft said to not use it on IIS and use FastCGI instead.
1 year ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@JaimieSirovich @Jason Yang @petewarnock That is the conclusion that my testing supports. That said, threads would not be better than processes because then you would need to use ZTS and your performance would tank.
@garet1 @kschroeder @Gopalakrishna Palem That is not true. Neither mod_php nor php-fpm cache opcodes by default. It is internal to the Zend Engine itself and has no bearing on which web server you are using.
1 year, 1 month ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@Gopalakrishna Palem It's a completely different test. I was testing *PHP* throughput.
@onmountain Yep, you can deploy to non-Zend PHP installations.
1 year, 2 months ago on Zend Server is proprietary. NNNOOOOO!!!!
@DimaSoltys If it's on the local host I will always connect via Unix socket if it's available.
1 year, 3 months ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@akaMrJohn @Gwyneth Llewelyn The data seems to support that assertion. One additional qualification would be that Apache is protected via load balancer or CDN reverse proxy from serving frontend requests. The concurrency restrictions of the prefork MPM are still pertinent.
@ocelikdemir I don't have them since it required a code change and I needed to revert back. What I did was add code to the end of Mage_Core_Model_App::dispatchEvent() that took the results from memory_get_usage() and did file_put_contents(<filename>, $data, FILE_APPEND), ran it through awk to build a CSV file and then opened the CSV file in Excel and created the graphs.
1 year, 4 months ago on How much memory does Magento use?
@DIREKTSPEED I should also mention that the point of this was not to see which is faster, but to address _common_claims_about_nginx_against_apache_. People say "Nginx is faster" and I say "ehhhhh, not so fast." That is it.
1 year, 5 months ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@DIREKTSPEED You don't need to get your panties in a bunch. This was testing the typical Apache scenario against the typical Nginx scenario for PHP. The event MPM for Apache is irrelevant to this discussion. It will not be any faster with PHP because PHP then will need to use PHP-FPM for Apache in exactly the same manner as you would with Nginx. This post was about PHP, not static content.
@gokulmig I did a similar test on Gluster a while back http://www.eschrade.com/page/testing-glusterfs-for-magento/
1 year, 7 months ago on More – The file system is slow
Actually, employers have difficulty finding PHP developers. If you know PHP well you will probably get a job.
And I defined what "effective" meant. It can get the required job done quicker and with less resources than other options. (yes, I expect that this will be argued with as much anecdotal evidence as can be mustered)
But note the actual point of the article instead of bickering over the pointless banality that happens on so many tech blogs. Google was surprised that their implementation of PHP on the App Engine was as popular as it was. My point is that it should not be surprising given what PHP has and is doing. Given that Google has the best data concerning the web, their surprise must be based on something OTHER than data. THAT is my point.
1 year, 9 months ago on Google finally acknowledges that PHP exists
@indy2kro @blacksonic I'm not sure why this is funny. You specifically state that it may be true for open source projects, i.e., publicly available platforms. I was not talking about private applications. Note the paragraph before. I was talking about Wordpress. Note the paragraph after. I was talking about Magento, Wordpress, Joomla, etc. I made no claim that Magento was the biggest PHP project.
@shayfalador I redid the test while watching vmstat and IOWait time was zero. System time was at 3%. I re-ran the test with 3 concurrent processes and IOWait time touched on 2 once and system time was at 8. Most of the time spent was in the logger userland code (65%).
Disks have a bad reputation as being slow, and they are... when they are functioning as memory, such as swapping. However, when disks are being used as they should be (persistent storage) I have seen very few instances where disk speed, itself, was the actual problem.
1 year, 9 months ago on How much does logging affect performance?
@shayfalador There are a couple of things wrong with your assertions. First of all, hard disks being "slow" really depends on what you are comparing it to. I did a test the other day on my local drive in a VM and got about 43MB per second for writes, or 45,088,768 bytes. The logged element in my example was 140 bytes long. I would need about 300,000 writes per second for the drive interface to be saturated, simulating about 3000 requests per second. And that is on a desktop machine with an old 7200RPM hard drive. That hardly is problematic from a "scale" perspective.
A more realistic scenario that would require 100 log writes per request is that this would be a request of a moderate to complex application which would take several hundred milliseconds to run. A web server running that kind of application will not be serving 1000 requests per second, unless it is a VERY high powered machine at which point my hard drive numbers would be significantly higher because you don't have a single 7200RPM drive on a machine like that.
What it basically comes down to is that your assertion of 1000ths of a second per request be a lot is wrong when it is put into the context of an application that would require 100 log events per second.
And when you are working with an application of this kind of complexity you will be flying blind in your production environment when you are trying to figure out why something is not behaving properly. 1/1000th of a second price for a request that takes several hundred milliseconds is peanuts when compared to the insight you can get.
I would venture to say that Nginx with FastCgi would be faster
1 year, 9 months ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@edushyant My test was just with the opcode cache and not the data cache and so no configuration in Magento was necessary. That said, Optimizer+ from Zend Server had an APC compatibility layer built into it. I believe it is still there but I don't know offhand.
1 year, 9 months ago on Magento Performance on PHP 5.3, 5.4 and 5.5RC3
@EricHerrmann2 Requests per second
1 year, 10 months ago on Magento Performance on PHP 5.3, 5.4 and 5.5RC3
@Obdurodon Oh, and I should also mention that the reason why I did this test was because I ran into a customer who was using GlusterFS instead of NFS and I wanted some data to see how it compared. So I wasn't just pulling it randomly out of a stack of possible solutions.
2 years ago on Testing GlusterFS for Magento
@Obdurodon Thanks for the info. FS-Cache is one of the things I want to take a look at. For the type of workloads that I see I wouldn't need consistency so much as I need cache invalidation. Many Magento users use NFS as the base to store user files such as product images. If someone saves one of those images it is not the end of the world if a few milliseconds of delay occurs while the cache is invalidated on multiple machines. There are multiple solutions that can be implemented to handle that, but for most Magento customers they represent an infrastructure complexity that many merchants shouldn't take on. So, for the scenario that I tend to work in, working out of the box so that I can have files cached across multiple machines is one that I would prefer.
That said, I really do like what has been done with GlusterFS. While it doesn't solve the problem I'm trying to solve it's got some really neat things in it.
@vinai Yep. Did a lot of copying and pasting from there.
2 years ago on EAV Properties for Magento
@henrylearn2rock I'm pretty sure, yes. Most, if not all, modern operating systems have disk block caching. The test is easy. Do a code loop writing to the file system and another one reading. if they are vastly different then the OS is caching.
2 years ago on For the last time, the file system is not slow!!
@dragooni It is a feature of the kernel and not the file system. Therefore it would be available to all file systems (I'm pretty sure this is true). It can be "bypassed" by passing the O_DIRECT option to open() in C which allows the application to directly control physical reads and writes.
2 years, 1 month ago on For the last time, the file system is not slow!!
@mkevac Yes, but if you are running PHP-FPM with NginX you still have the same problem. Even though NginX can handle 10k connections does not mean that you want 10k PHP processes running in the background to handle the requests. So while your assertion is true it's an apples/oranges comparison. For static content, absolutely NginX is the best server. However, for running PHP loads, Apache handles the request just a little more efficiently.
2 years, 1 month ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
@tubalmartin @Eugene OZ Every time someone uses shell_exec() for async operations a kitten gets a tummy ache.
I've not tried that. Do you have any benchmarks?
2 years, 1 month ago on Why you should not use .htaccess (AllowOverride All) in production
If you have no access to httpd.conf then your options are pretty limited. That said, I don't know what your requirements are for running a shared host, but I have the cheapest Linode VM which gives me full access for $20 a month and I love it.
If throughput is a concern. As we saw in the benchmark, disabling AllowOverride caused a 40% improvement in performance for static files. There is also the inherent security issue of allowing items in your document root change the configuration of your web server on the fly.
Technically AllowOverride IS the alternative. The preference would be to keep config settings in httpd.conf.
My thought would be to copy the superglobals to a backup variable and then overwrite them after the opcodes, objects and variables have been copied.
2 years, 2 months ago on Would this be a dumb idea for PHP core?
Additionally, 70% of all successful attacks come from inside an organization. Having a configurable value a) requires you to manage the key, and b) is something that an internal attacker may have knowledge of. Using a large pseudo-random number requires no configuration management and is not known by an internal individual. Defense in Depth, baby!
2 years, 2 months ago on Generating secure cross site request forgery tokens (csrf)
Could you explain why hashing values that are relatively easy to figure out is better than a pseudo random number generator?
There are parts of token generation that, on a basic level, do fall into the realm of cryptography since cryptography is about "writing secrets". Beyond that the link to crypto is simply that the cryptographic tooling does a better job of providing more, better, pseudo-random values.
When we're talking about predictability it will depend on which function we're talking about. If you have a timestamp, uniqid() is actually pretty easy to guess. It was designed to be unique, not unpredictable. And mt_rand() isn't so much predictable as it has a significantly smaller pool of values to choose from. In other words, mt_rand() is good, but openssl_random_pseudo_bytes() is better.
Cryptos (κρυπτός) and graphein (γράφειν) just means "secret writing". When we're generating a token what we want to do is give a secret to the person on the web page that will be extremely difficult to predict. The examples that I've found tend to rely on uniqid() which is based off of the time and, thus, predictable. So when you're thinking about cryptography you are probably thinking about the actual act of encryption, which is not what we're talking about. We are using the tool from one of the first steps in the chain for creating an "unpredictable" value.
The 32 bytes (256 bits) of data give us 1.1579208923731619542357098500869e+77 values, which is a pretty big set of values for you to use and so I doubt that you would deplete entropy.
However, mt_rand() returns an integer, not a series of bytes. That means that you have only 4 billion or so numbers to choose from. Compared to that other huge number, I would choose the latter.
It uses that as an example for generating a token, but that page also specifically states that it is based off of microtime. Because of that the value would be predictable.
...I should say a *significant* loss in security.
Thanks. That's a good point. In other words, using md5() or sha512 is not as important as getting the actual random bits. The hashing, itself, is really only there to make sure that the bits that come out do not break the format. One could almost say that when using openssl_random_pseudo_bytes() you could use md5(), hash_hmac() or base64_encode() without a loss of security, something that would not be possible to say about uniqid().
Sounds like the files were not actually pushed to the container. I would suggest that you contact support on the Get Satisfaction page for PHPCloud. I don't work for Zend anymore and so they may have changed things since I last worked on it.
2 years, 3 months ago on Connecting to the Zend Developer Cloud using NetBeans for PHP
It went pretty well. I have a second one coming up as soon as I can get it scheduled. We'll see how the next one goes.
2 years, 3 months ago on You gotta know when to fold ‘em
Yep. Used FPM
2 years, 3 months ago on Why is FastCGI /w Nginx so much faster than Apache /w mod_php?
... in other words, yes, memory utilization is more efficient with NginX. But one of the claims I heard was that NginX was faster, which turned out not to be true. With memory being cheap these days, memory usage should not be a primary factor for determining the server to use. The arguments _for_ NginX can be made quite easily without having to go to secondary arguments.