Why the open source mindset can be crazy-making for IT professionals

Why the open source mindset can be crazy-making for IT professionals

Summary: This is the environment many IT managers are stuck working in. No wonder many sites run out-of-date software. The updates break too much.

TOPICS: Open Source, Linux

All projects: DIY-IT Project Guide
This project: Migrating a massive legacy CMS system to WordPress

Okay, I'm just going to come out and say it. Microsoft would never pull this crap. There it is, the opening gambit for yet another rant about software built without professional product management.

See also: Why I've finally had it with my Linux server and I'm moving back to Windows

This time, the subject of my wrath isn't Linux, it's Apache. I like Apache. Well, I like Apache the way you like that particularly hot girlfriend who -- most of the time -- is completely normal. But once in a while, she goes completely and totally off the reservation, channeling a form of crazy you normally only see in movies.

I've had a very long relationship with Apache. I've run it on a wide variety of systems going back to 1996 or so. I know it's idiosyncratic, I know it's sometimes unnecessarily complex, but I also know it'll get the job done. Mostly, anyway.

It doesn't particularly like Windows as much as it likes Linux, so if you're going to run a production server with Apache, you probably want it to be on Linux. At various times over the years, Apache's own documentation has stated that it's somewhat less supported and somewhat less reliable on Windows.

That's why, even though I've reached thermonuclear levels of frustration with Linux over the years, I'm still running my production servers on Linux. To keep me marginally sane, I'm running Linux in a VM, and that VM is running on Windows Server 2008 R2. I know, you Linux kids think that's horrible, but being able to RDP into a real server environment, with a real GUI -- and not have to fight terrible documentation and inconsistent configurations for every single feature -- is a godsend.

Anyway, let's get back to today's Apache experience.

I develop on my Windows 7 laptop and upload my code to the server. To test my code locally, I run the XAMPP WAMP stack. It's run quite well for a few years now.

I'm porting a major CMS, and that requires rewriting almost a hundred thousand URLs on the fly. To do this, I've used the Apache mod_rewrite module with something called a RewriteMap. This allows me to run a Perl script that reads the incoming URL, does a database lookup, and redirects to the destination URL. The code for all this was developed and tested on my local XAMPP stack, before I uploaded it to the live server.

Last month, I bought a much faster laptop. It rocks. But I had to reinstall all my software on it, including XAMPP. Now, unbeknownst to me, XAMPP transitioned from version 1.7x to 1.8. The key difference is that 1.8 is using Apache 2.4 rather than 2.2 -- I know, lots of numbers, but stay with me for a moment.

I probably could have checked the versions, but Apache is Apache is Apache, right? Wrong!

Apparently, when Apache transitioned from 2.2 to 2.4, they changed how the Rewrite system works. They used to use a directive called RewriteLock with prn: rewrite code. Now, they use something completely different, a "mutex" system.

I know this all seems arcane, but here's the gist of it: the new version completely breaks the old version.

Yes, I just got "lock-blocked" by an Apache upgrade.

Mod_rewrite itself is relatively poorly documented, with a few good web sites and a lot of folklore. The programmable RewriteMap sub-feature has even less documentation. But all that documentation talks about the necessity of using RewriteLock. None of the documentation even knows of this "mutex" thing.

But today, when I installed the new XAMPP on my laptop and tried to start Apache with my old configuration files, it wouldn't start. Digging in resulted in my finding an error saying it didn't know anything about this "RewriteLock" thing.

An hour or so of Web searching found out that RewriteLock had been deprecated in favor of this mutex thingamajig. Did the error message for RewriteLock bother to say that? Of course not. Google is your friend, right?

It gets worse. Here's what the Apache site now says about using RewriteMap: This feature utilizes the rewrite-map mutex, which is required for reliable communication with the program. The mutex mechanism and lock file can be configured with the Mutex directive.

Fine. Here's the what the Upgrading to 2.4 from 2.2 document says: Directives AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath have been replaced with a single Mutex directive. You will need to evaluate any use of these removed directives in your 2.2 configuration to determine if they can just be deleted or will need to be replaced using Mutex.

That's it. "You will need to evaluate any use of these removed directives." Thanks a heck of a lot.

Do you think there might be some documentation that says, "Well, if you're using this old directive, code it this way"? No. Of course not. That's the open source mindset. Just figure it out.

Do you think there might be some transition feature, so the upgrade won't completely toast your server? No, of course not. That's the open source mindset. If you can't make it work, you shouldn't be using it.

This is what I've got against the open source mindset. In a commercial environment, each deprecated feature would have been considered, and each would have a clear upgrade path. In most cases, each deprecated feature would even be emulated with the newer technology, so the system wouldn't just stop working.

But with the open source mindset, there's no product management. If there's a better technology or a cooler way to implement something, they just do it. Even if that means killing a bunch of installations, that doesn't matter. Even if that means inconveniencing users or leaving them without direction, so what? After all, if you really want to know how it works, the source code is available. Go read it.

It's crazy. But this is the environment many IT managers are stuck working in. No wonder many sites run out-of-date software. The updates break too much.

Me, I'm going to download an older version of XAMPP and install it. For my development laptop it doesn't really matter. But I've just been served notice that I can't upgrade my production servers to Apache 2.4 without somehow figuring out how to make my very complex rewrite system work in an entirely new -- and almost completely undocumented -- way.

And people wonder why I'm cranky. Hours wasted just trying to stay even with what once worked.

P.S. The reason I'm not running IIS (I tried) is that WordPress and PHP don't run quite as well on it. Really, if you're running a supported, solid WordPress installation, you need LAMP. But that doesn't mean I have to be happy about it. Grrr.

See also: Mea culpa: coming clean about my n00b Linux mistakes

Topics: Open Source, Linux


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • really?

    shock news - software gets updated!

    Did you get annoyed with anything in IIS when it was upgraded from v5 to 6? Not yet... Did you get pissed at your apps that worked fine on XP but refused to run on Vista? Or Windows 8 for that matter? Or IE6 to IE7? or.. well, it goes on forever in this industry, for all platforms.

    This is what happens with software updates. You did get a warning though moving from Apache 2.2 to 2.4, the version jump tells you things change. Now you'd have some sort of point if Apache had dropped 2.2 from its list of available and supported versions, but it hasn't - you can still run it, and you will still get security updates. That's pretty damn good of them isn't it, so what's stopping you from installing the older version that works with your old code? Nothing.

    As for telling you, try looking on the website for the "upgrading from 2.2. to 2.4" page. It tells you what has changed. Admittedly, nowhere did anyone consider your individual needs, what a pity, but wait... they did.. they still support the old version. Use it and stop with your childish "me me me" tantrums.
    • Awesome

      Hello Sheldon.
    • No because when going from IIS5 to IIS6 all the IIS5 stuff still worked

      just fine. Same going to IIS7. Hmmm yes that's exactly his point.
      Johnny Vegas
      • No it doesn't

        here - the article "Migrating from IIS 5 to IIS 6 - manual way" (damn antispam won't let me post url). It starts "A few years back I tried to migrate from IIS 5 to IIS 6 with the tools provided but failed miserably."
        Anyway - Johnny Vegas has spoken! It must be true! :-P
      • Migrating from IIS

        You're having a laugh. Classic ASP applications no longer work out of the box in IIS. They've worked just fine since Personal Web Server on Win9x and now they don't work AT ALL. I have referenced every single document I can find on making classic ASP work with IIS7 and after days of struggling with it, none of the suggestions MS or otherwise helped in the least. Plus the way that IIS handles permissions is different across those 3 versions. What about the stupid requirements for a Web.config even if you are not running a .NET application? What about the nuances IIS has with PHP setup across the versions?

        Like I said - you clearly have no idea what you are talking about in addition to having a complete and utter hysterical fit of laughter.
    • David should be pleased...

      ..that the very first comment on his article basically illustrates the exact attitude that drives many people away from Open Source software.

      • David is not a

        newbie! He should be spanked for what he did (and didn't do).
        If you are a newbie and come with this problem to any apache forum - you'll get step-by-step on how you fix.
        • "Spanked?" For what - testing a point upgrade with his existing software?

          "If you are a newbie and come with this problem to any apache forum - you'll get step-by-step on how you fix."

          So what.. support is only there for newbies now? Someone who's been in the business for 20 years but comes accross a new, undocumented problem all of a sudden is S.O.L.? And should be "Spanked" for discovering said problem while building a new testing platform?

          Still sounds like a pretty poor attitude - I don't know about you, but I would call that quite elitist.
          • Spanked?

            For screwing his dev environment upon which his production environment depends! If this dev env is important - check software versions, if it's not - don't rant about it!
            Blaming Linux and OSS for your own laziness on public blog buys you a "spanking", yes.
            And he didn't "discover said problem" - it's listed right there in release notes.
            And if you want call someone elitist - point your finger at David: Windows Server 2008 R2 just to run a VM? That's what $1,000 retail? Not exactly the kind of computing affordable to masses, is it?
      • Is that attitude...

        ...confidence born of confidence? Seriously, certain tech shows cover David's rants and then laugh about them as they explain how the problem is him rather than the software he's complaining about. :-(
    • Microsoft...

      has done the same over the years. Especially with its development tools.

      Moving from VB3 to VB4 was "fun". At least MS put a convertor in the package - that broke most applications beyond repair. Going to VB6 was much more of an adventure, as was going to .Net.

      Borland/Embarcadero are the same. You just bought the new version of Delphi XE2 and you have old code? No worries. What, they support legacy code? No. If you have legacy code, you get free licences to download the previous versions, so you can support the old code.
      • VB6 Code still run today

        VB6 code written in VB6 on Windows 98 still run today on Windows 7 32 and 64bits. VB3 code might maybe still run on Windows 7 32bits.

        Classic ASP code from 1996 still run on today's IIS.

        We're not talking about porting code, but about running it.
        • Support...

          Code written in VB6 in the mid 90s is unlikely to be bug free and requirements change.

          The point is, code written in VB6 can only be supported and maintained in VB6, if you have VB.Net and are asked to make a quick bug fix, you are SoL.
        • Really?

          "Classic ASP code from 1996 still run on today's IIS."

          Uhm... not really...
      • We're talking about server software here..

        Granted, you would still expect a development tool to upgrade more gracefully, however the purpose of the software itself dictates that making such a change isn't going to be as destructive as, say, a major change to server software that breaks all the applications meant to run under said software.

        Software development tools are built for software developers who, by nature of being software developers, can work around those changes fairly easily.

        A web server, on the other hand, that is potentially used to serve enterprise applications, reporting tools, or in David's case, a content management system, should not break every application running under it with a point upgrade. At the very least, it should be developed with a clear upgrade path in mind so that the authors of said applications can also patch their offerings in a timely manner to maintain compatibility.
        • you'd also

          make sure that you properly test your software. The testing env must coincide with that of the production one. Not that you test you perl cgi on IIS for Apache, or vice versa. "Perl is Perl is Perl, right?" This is almost what the author has done.
          Hence his credibility should be questioned.
          • Very true...

            "you'd also make sure that you properly test your software."

            Although it appears that's what David was doing when he ran into these problems. He didn't attempt the upgrade on his clients' server, he attempted it on his spiffy new laptop, presumably with the hope that he can be ahead of the game if/when his client does decide to upgrade to the new version of Apache.

            His major beef isn't that "Apache hosed my server", it is that "Apache *would* hose my server if I attempted to upgrade it."
          • Use Linux or BSD

            >>it is that "Apache *would* hose my server if I attempted to upgrade it."
            If he'd be using most of the GNU/Linux or BSD distros, he'd be safe. They really look into the software, anticipate the possible problems and make sure the upgrade would go smoothly. It's taken care for you. Apache will be supporting its 2.2 branch for quite a while like did (and still do!) with 1.*
            BTW on my newest LMDE I get:
            ~$ apt-cache showpkg apache2.2
            Package: apache2.2-common
            2.2.22-1 ....................
            On my other LTS system I get 2.2.12
          • addendum:

            On my other LTS system I get 2.2.12 and its fully patched
          • it was, last time I checked

            2.2.12, it's now 2.2.14 . Nothing broke.