[gopher] Re: Gopherd or pygopherd?
On Sat, 13 Mar 2004 15:03:11 -0600
John Goerzen <jgoerzen@complete.org> wrote:
> On Sat, Mar 13, 2004 at 03:42:27PM +0100, Alessandro Selli wrote:
> >   	  I'm just now getting interested in Gopher and I'm currently
> >   	  running
> > a gopherd 3.0.3 server.  Since it's running on a slow machine
> > (Sparc5-85), would you recommend a C-compiled binary server like
> > gopherd or do you think I will not notice a big difference in system
> > load/ memory consumption running an interpreted server like
> > pygopherd?  The server is not serving a community and the Sparc5 is
> > quite beefed up with ram (232MB).  Are there other differences
> > between those two that I should be aware of to choose the correct
> > server for my site?
> 
> Gopherd is no longer maintained.  Security holes were being found in
> it on a regular basis, and nobody really had the inclination to give
> it a thorough security audit given the fact that more advanced Gopher
> servers existed.  Therefore, I would strongly urge you *NOT* to deploy
> UMN Gopherd.
> 
> PyGopherd is, to a great extent, completely compatible with UMN
> Gopherd, and in many cases, is a drop-in replacement for it.  Being
> written in Python, it is immune to a whole class of security bugs that
> plague not just Gopherd but other C-based servers as well.
> 
> You should have no problems at all running Pygopherd on that machine.
> For a project such as a Gopher server, Python will not cause any
> noticable performance changes.  You may be interested that some quite
> high-capacity servers, such as the Zope web application server, are
> written in Python and do not suffer performance problems.
> 
> There are several Gopher servers out there.  As the author of
> PyGopherd, I may be biased here, but I'd say that PyGopherd is the
> most featureful at present, due to its support for most features of
> both the UMN and Bucktooth servers.  However, if you want something
> that is quick to set up and maintain, without a lot of bells and
> whistles, you may want to check into one of the alternatives (or at
> least disable a bunch of PyGopherd modules).
> 
> PyGopherd also supports Gopher+, HTTP, and WAP as optional features,
> and if enabled, will serve your gopher content using those protocols
> as well-- all over a single port (70 by default).
> 
> -- John
> 
I saw the Debian folks supporting UMN Gopherd. It went GNU. They have
made releases since taking over. Most of the work seems to be focused on
fixing security holes. I can't say whether PyGopherd is more advanced or
not than UMN Gopherd. I just wanted to point out that UMN Gopherd is
still being worked on.
My feeling is that there will never be a perfectly secure server. Yeah,
its easier to make mistakes using one programming language than another
but as long as we are human we will make an error - run it chrooted or
in a jail if security is a real concern be it in Python or (heavens
forbid!) assembly language.
I run one of the later releases of UMN Gopherd on a P75 with 32MB of
memory. It works, the documentation could use improvement, and some of
the implemented features are a trip down memory lane (eg. download via
xmodem). If my computer is on, its at vlamer.dyndns.org.
Reply to: