No, I don’t have any idea what that means.

I’ve been spending a bit of my off time this last few days building and configuring a blog server for my brother-in-law, and it got me wishing that I had the sack to start the process of building and configuring my own server all over again. If I did, I’d do it on a Mac.

Matt’s server is an old (as in ooooooolllllllld, like, 1999 old) Power Macintosh G3 Blue & White, aka “Yosemite”. I had a couple of these things just sitting around after they were put out to pasture from their jobs as fax servers in the office. We still have one acting as a time clock/NAS box. The Revision 2 Yosemite is just about the most perfect Mac ever made. Rev 1’s had problems with their onboard ATA, but even that could be worked around with the addition of a PCI controller card. These things simply will not die (even as I type this, I bet the solder on some vital internal connector in Matt’s server-so-be is starting to crack, waiting only until he gets it home and plugged in to finally and irretrievably fail). Due to their piss-elegant design, there is so much air space inside them that they stay cool under just about any circumstances. They use industry-standard components for nearly everything (except the power supply; if replacing the G3’s PSU with a standard ATX unit you need to clip a single wire before plugging it into the ATX connector on the board, otherwise bzzt!). They’re made with the quality of construction that was key to Apple’s success at the dawn of the new century. (It seems to me that Apple is pulling slightly ahead of it’s own reasonable expectations for compactness and speed with things like the flat-panel iMacs. It’s just monstrously difficult to build stuff that tightly-packed and have it work as well as you would expect. Apple’s recent rates of unit failure would seem to back me up on this.) And thanks to OS X, Macs can handle a wide variety of low-cost PC hardware right out of the box—gone are the days of “Mac Edition” peripherals that cost 50% more than their PC counterparts. The main exception is video cards, though you can flash most ATi video cards with Apple ROMs, if you have the time and the skill….or you can buy them pre-flashed on eBay for about the same price as the PC versions.

I stuffed 512 megs of PC133 memory and an 80 gig ATA drive I had sitting around  into the thing, along with a Mac-ROM-flashed Radeon 7000 video card and a 10/100 PCI card, and loaded it up with OS 10.4 from a “family-pack” DVD I had bought a year or so ago. (Installable on up to five computers….legally. Realistically there’s no limit to the number of computers you could install it on, because Apple makes their money selling hardware instead of operating systems. If you buy their hardware, they’ll pretty much let you install any copy of their operating system that you like. Unlike Microsoft, which is a seller of operating systems and is therefore denied a sale every time someone installs a single copy of their OS on more than one machine, and who as a result makes it as difficult as practical to do so.) OS X comes with a full suite of Web-ready applications and shims built right in; Apache for Web serving, CGI, PHP, Perl, Python, all there just waiting to be enabled and tweaked. Installing and configuring MySQL for OS X requires only a little technical expertise, and there is a universe of tutorials out there for those who need help (like me!). OS X also has the IPFW firewall and Snort built in, only waiting for a few lines in config files or the introduction of a few free software front-ends to make them spring to life. A few hours later I had a stable, reasonably-well-protected, robust if pokey blog server, complete with a Web stats generator and a handy widget that lets me see who’s connected in real-time. All for the cost of a bunch of technology you could hardly give away at this point.

I ran my own blog on an OS X machine for a long time—actually a series of OS X machines, including half a PowerBook G3—but I had never run an IIS server before and wanted to give it a try. I also wanted to run several major functions simultaneously—a Web server, a security camera server and an Unreal Tournament server—and the spare Apple hardware I had lying around just wasn’t up to the task. For about 400 bucks I was able to put together a Windows machine that….barely….handles all of these tasks at the same time. A comparable Mac (comparable in functionality, not necessarily in raw horsepower, though there’s an argument to be made there as well) would have probably run me closer to six or seven, used.

I have to admit, IIS is extremely easy to set up. Microsoft has made the configuration and administration of an IIS Web or FTP site quite simple. Unlike Apache, which is largely configured via the command line or through the editing of text-based config files, the IIS Administration Console does it in a graphical user interface, with step-by-step instructions and prompts. There are free- and shareware programs available for OS X that provide a graphical front end for Apache, but one has to know they exist and go looking for them; IIS has it right out of the box.

Offsetting this simplicity is the basic vulnerability of Windows (XP, my case) to a number of forms of attack. Any server running under any operating system is vulnerable to one extent or another, particularly a server running a scripting language such as PHP, the brainstem of the common blog. But the number of potential exploits for an unprotected Windows machine is far greater than for an unprotected Mac. That being said, I don’t run any computer attached to the Internet without some form of protection. But with my Windows box, unless I want to learn how to write my own custom DLLs, the security I use must be robust and continuously updated….that is to say, a commercial product. On the Mac, a combination of freeware tools, a basic knowledge of firewall configuration, and the one-two punch of security/obscurity enjoyed by the Mac platform serve to protect me from the majority of attacks. That is certainly not to say that an experienced hacker could not get into a Mac so protected with relative ease; the point is, why would they? I’m only worried about the script kiddies out there. The übergeeks I know who could easily pull off such a caper would have no incentive whatsoever to do so (I try to bake them fresh banana nut muffins on a regular basis to keep on their good sides), and the anonymous penetration pros out there in the Intertubes have much bigger fish to fry than one lowly wiseass shouting from the corner of his yard.

Now that I have played around with both IIS and Apache, I think I would rather run an Apache server. There’s just something satisfying about hammering away at the brainstem of a Web server via text files and getting it just so. Of course, I could always run Apache on my Windows box, but I would still need all the extra medicine needed to keep a Windows machine protected. OS X is the obvious alternative, but I could easily do it under another *nix distribution such as Ubuntu. I’ve put together a couple of Ubuntu machines lately—including one on another Yosemite G3 I had lying around—and I must say, it runs like a top on an older machine. But I’m afraid that I’m just too lazy at this point to make such a sweeping change in my server environment, when things are running so relatively smoothly. I think I’ll wait until the inevitable catastrophic failure before making any major changes. Way my summer’s been going, that ought to be any day now. 😉