Dailydave mailing list archives
Re: Graphing: Don't believe everything you see.
From: Felix von Leitner <felix-dailydave () fefe de>
Date: Wed, 7 Feb 2007 03:58:54 +0100
Thus spake Dave Aitel (dave () immunityinc com):
Complexity only correlates with insecurity; it doesn't let you make order-of-magnitude judgment calls. Especially not based on graphs like that.
Actually, an asynchronous webserver needs these syscalls to handle the two requests: GetQueuedCompletionStatus returns [socket+AcceptEx+CreateIoCompletionPort to queue the next request] CreateFile on the file to be served GetFileSize et al to get header data (optional) TransmitFile to send the response CloseFile to close the file ReadFile to read the second request GetQueuedCompletionStatus returns again CreateFile on the file to be served GetFileSize et al to get header data (optional) TransmitFile to send the response CloseFile to close the file closesocket That's it. No, really. Sprinkle in some VirtualAlloc and friends for malloc and free, but that's it. So if you see a graph in fine print about how a couple hundred syscalls are being called by a web server, that's a pretty good indicator that there's something wrong with it. Keep things simple. That said: this particular troll is from mid-2006 and has been on Slashdot back then, too. There is no reason to get worked up about it now. Felix PS: Apache is a bloated pig. People use it because so many other people are using it, not because there are any actual rational reasons to use it. IIS is a pig, too. People use it because it comes with Windows, and because it cheats (so it's faster than a pure user space web server can be). _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Graphing: Don't believe everything you see. Dave Aitel (Feb 06)
- Re: Graphing: Don't believe everything you see. Felix von Leitner (Feb 06)
- Re: Graphing: Don't believe everything you see. dan (Feb 07)
- Re: Graphing: Don't believe everything you see. Adam Shostack (Feb 07)
- Message not available
- Re: Graphing: Don't believe everything you see. Adam Shostack (Feb 08)
- Re: Graphing: Don't believe everything you see. Douglas F. Calvert (Feb 09)
- Re: Graphing: Don't believe everything you see. dan (Feb 07)
- Re: Graphing: Don't believe everything you see. Felix von Leitner (Feb 06)
- Re: Graphing: Don't believe everything you see. Robert E. Lee (Feb 07)
- Re: Graphing: Don't believe everything you see. jf (Feb 07)
- Re: Graphing: Don't believe everything you see. LMH (Feb 07)
- Re: Graphing: Don't believe everything you see. Dave Aitel (Feb 09)