24
Tue, Dec
1 New Articles

The Linux Letter: Shedding Light on LAMP

Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The "LAMP" phenomenon has been in the spotlight for a couple of years, yet many people don't really understand what it is. The acronym has been tossed around so much in varying contexts that its true meaning has become obscured. This month, we'll shine some light into the murky waters surrounding LAMP.

Whole Is Greater

Let's start with the short version: LAMP is an acronym for Linux, Apache, MySQL, and PHP. That's simple enough. Unfortunately, defining the acronym doesn't really do justice to the power that this combination represents. The whole is greater than the sum of the parts. Let's look at each component.

First, of course, is Linux. Anyone who calls himself a technology buff already knows about this. It's the free, powerful operating system that's causing the group from Redmond sleepless nights and bouts of heartburn. I'll revisit the operating system component shortly.

Next is Apache, the Web server that has more than a three-to-one lead over its nearest competitor, Microsoft's Internet Information Server (IIS). So powerful and feature-rich is this Web server that in the iSeries, IBM even replaced its custom Web server with a version of Apache that it ported over. Thus, the pedigree of the Apache product is not in doubt.

Perhaps a lesser-known component is the next: MySQL. MySQL is a lightening-fast DBMS produced by MySQL AB. While Linux and Apache have similar licenses (the former GPL and the latter the GPL-compatible Apache license), MySQL is one of those products that has a dual-licensing scheme. If you're using it for an open-source, GPLed application, you're free to use it at will. If you want to embed the DBMS into a proprietary product or your design, you can do so without obligating yourself to the terms of the GPL by purchasing a commercial license from MySQL AB.

The final component of LAMP is PHP, the server-side scripting language. PHP is simple to learn and is being adopted by many organizations for quickly creating dynamic Web sites. Anytime you go to a site and find a link to a page that ends in .php, you are experiencing the results of the language.

Bundled together, these four products comprise an extremely compelling Web platform that is available at no-to-low cost. As a bundle, they represent what can be, not what is. That is, LAMP provides the infrastructure necessary to build a dynamic Web site. It doesn't actually provide any content by itself. This is no big deal, though, given that virtually all of the content management systems (such as PostNuke) and other projects (such as DocMGR) provide the missing puzzle piece.

Variations

It's important to keep in mind that the products that make up the acronym aren't specific; the LAMP acronym applies to any combination of open-source OS, Web server, DBMS, and scripting language. If you want to substitute other open-source applications for the products that make up the acronym, you're more than welcome to do so. You'll still maintain the spirit of the acronym. Thus, Linux can be replaced with one of the other open-source *nix-like operating systems, such as FreeBSD. Apache runs on them all, so it could be replaced, but I'm not sure why you would want to do so. MySQL has a competitor that has been around a lot longer and is more feature-laden, PostgreSQL, which I wrote about last month. And PHP could just as easily be Perl or Ruby or any other of the popular scripting languages. Heck, you could just as easily substitute Windows for Linux, if you are more comfortable in that environment.

The variations on the theme are many. You do have to do a bit of research to determine the requirements of your desired project before picking the server. Some products, such as PostNuke, expect to use MySQL as a back-end database. DocMGR supports only PostgreSQL (because of the superior text-indexing of PG). Most projects use one or the other based on the original developers' familiarity with or bias toward. Newer projects are starting to get smarter and are separating the DB access layer from the code so that any DBMS can be plugged in. Me? I cover my bases by installing both DBMSs, which eliminates the hassle.

Assessing the Risk

While the benefits of LAMP are many (cheap and powerful being my top two choices), you do need to assess some risks. Most of them center around the use of the PHP language. Early in PHP's history, there existed many holes that nefarious crackers could exploit. These have slowly been corrected as the producers of the Linux distributions have set more-strict default configurations to preclude common attacks and as the authors of the various CMS packages have learned to write tighter, more-protected code. If you deploy a commonly available product, you can be assured that the script kiddies will start poking at your site to find vulnerabilities. The worst that I have ever been subjected to was defacement to a Web site. Quite frankly, I had overlooked updating the CMS software that powered the site. That taught me a lesson: Don't get caught falling behind on the security patches! You may forget, but the script kiddies won't.

Too Much Risk

Now that I've raised the alarm about security, you are probably wondering if you want to deploy LAMP at your location. For intranet sites, it's a no-brainer. The benefits are too great, and the risk is extremely low (at least, inside your protected network it should be). But for Internet-facing sites, the issue becomes more important. My advice is simple: Thoroughly investigate any software you are considering. Visit the project Web site and ensure that the pages are frequently updated (indicating an active project). Then, check CERT and the newsgroups for any telltale signs that all may not be well.

For what it's worth, I just recently noticed that my bank is using PHP on its Web site. Given the recent reports of identity theft caused by security issues at the various financial institutions, I'm not sure whether I should be worried or not. I can only hope that the bank's administrators are keeping up on the updates!

That's it for this month. Do yourself a favor and check out LAMP. If you have one of the common Linux distributions, everything you need will already be "in there" and ready for secure deployment. The price is right, and the performance can be outstanding.

Barry L. Kline is a consultant and has been developing software on various DEC and IBM midrange platforms for over 23 years. Barry discovered Linux back in the days when it was necessary to download diskette images and source code from the Internet. Since then, he has installed Linux on hundreds of machines, where it functions as servers and workstations in iSeries and Windows networks. He co-authored the book Understanding Linux Web Hosting with Don Denoncourt. Barry can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: