Technology for low RAM servers (not PHP)

Toggle sidebar Toggle sidebar
Leros

Leros

Lifer
Jul 11, 2004
21,867
7
81
I do my web development in Tomcat using Java, but I have access to beefy servers. I'd like to host some experimental projects on a cheap VPS (512MB RAM). You can't really run handfuls of Java webapps on 512MB of RAM.

What's a good technology to use that uses minimal RAM?

I know PHP meets that requirements but I'd prefer not to go there. Perhaps something python based?
 
Doublejr

Doublejr

Senior member
Jul 25, 2004
205
0
0
I have written some small java apps that use the play framework and they run on my KVM vps with 128mb. Compiling can be tricky on the vps but moving a jar and running works fine. Some tweaks may be required to the jvm to not use too much ram, 512mb would be fine for a play app depending on if you want a DB backed application.

If you are using a vps that uses openvz it should work as long as the kernel uses vswap, burst ram has ram issues with java.

May also want to look into node.js I am not sure about the ram usage but 512 should be fine.
 
Cogman

Cogman

Lifer
Sep 19, 2000
10,286
145
106
How about giving go a look? It is slightly slower than java, but has a smaller memory footprint.
 
S

Savatar

Senior member
Apr 21, 2009
230
1
76
Why not PHP? It has functionality that allows you to compile it directly to native code, which makes it very efficient. See: http://www.phpcompiler.org/

Also, some big sites like FaceBook use PHP. PHP, Perl and Python are the big options for server-side code outside of Java (which is really insecure - at least currently - and a resource hog). C# is popular on Windows IIS servers, but probably wouldn't recommend it in an environment with limited resources.
 
Cogman

Cogman

Lifer
Sep 19, 2000
10,286
145
106
Savatar said:
Why not PHP? It has functionality that allows you to compile it directly to native code, which makes it very efficient. See: http://www.phpcompiler.org/

Also, some big sites like FaceBook use PHP. PHP, Perl and Python are the big options for server-side code outside of Java (which is really insecure - at least currently - and a resource hog). C# is popular on Windows IIS servers, but probably wouldn't recommend it in an environment with limited resources.
Click to expand...

Server side Java is not insecure. All of the security exploits for java have been focused the browser plugin.

It is memory intensive, there is no doubt about that.

As for why not PHP

http://stackoverflow.com/questions/385203/no-php-for-large-projects-why-not

There are some fairly good discussion points for the why and the why not. For me, the why not is that the language is kludgy, and if I want to start afresh, I want to use a language I enjoy working in.
 
S

Savatar

Senior member
Apr 21, 2009
230
1
76
Cogman said:
Server side Java is not insecure. All of the security exploits for java have been focused the browser plugin.

It is memory intensive, there is no doubt about that.

As for why not PHP

http://stackoverflow.com/questions/385203/no-php-for-large-projects-why-not

There are some fairly good discussion points for the why and the why not. For me, the why not is that the language is kludgy, and if I want to start afresh, I want to use a language I enjoy working in.
Click to expand...

There are definitely vulnerabilities with 'server-side java' (i.e. the java virtual machine in general)... most of the published exploits that are talked about are just ways to bypass the sandbox in the browser plug-in, which is especially dangerous because of how easy it is to then remotely infect systems by having them downloading and executing some third-party malware, all because a user visits a webpage. Those kinds of vulnerabilities don't impact server-side java because the servers don't visit webpages like that (or at least they shouldn't) - but just having java installed on the server definitely increases the attack surface of the system in ways that neither PHP, Python or Perl does. What if a user socially engineers the administrator of a server to visit a site to get a 'patch', and the site takes advantage of the java plugin that is installed by default when you install java, for example?

Here is just one example of the many java server-side vulnerabilities, this one specifically with the Spring framework (a common framework that developers use): http://www.infosecurity-magazine.co...e-vulnerability-in-spring-framework-for-java/, though that could arguably be considered an 'implementation' problem. Regardless, it helps to illustrate the point. Another vulnerability involved flaws in how java implemented reflection in the run-time or something like that, which allowed malicious users to inject code that wasn't intended to be ran into the application (though this would have required system access, or a way to modify files on the system, to begin with - it's still a problem with 'server-side' java that theoretically could be exploited once access to any system with affected java versions is obtained). In other words, even if you have app 'A', you can't guarantee that app 'A' does what it was originally programmed to do in all cases (though I understand this could be just as true for any programming language that uses a virtual machine).

With the problems it's had, I strongly advise everyone that it's generally safer to avoid Java altogether until Oracle gets their act together... browser plug-in or not.
 
Last edited:
Cerb

Cerb

Elite Member
Aug 26, 2000
17,484
33
86
Leros said:
What's a good technology to use that uses minimal RAM?
Click to expand...
PHP! Actually, if you set up caching, PHP can do quite well, provided things don't get too complicated.

I know PHP meets that requirements but I'd prefer not to go there. Perhaps something python based?
Click to expand...
Or Erlang (but that might be a big learning curve). Python has the advantage of being able to give you an integral web server, so you just need to decide on a framework (not Zope, it's a pig), like maybe CherryPy, and see what you can do. Apache+Mod_python will eat up your RAM in very short order.

RoR tends to be a RAM-hog, but I've also only toyed around a little with it, so it might be OK, might not be...really cool language, though.
 
T

tfinch2

Lifer
Feb 3, 2004
22,114
1
0
If they are just experimental projects where you don't expect a lot of traffic, why not use a PaaS if you want to stick with your Java stack? AppFog has a free option.
 
BrightCandle

BrightCandle

Diamond Member
Mar 15, 2007
4,762
0
76
I haven't found Java to be a memory hog, at least not with the right software. You can write heavy applications in it if you like, use something like Weblogic application server with portal and you'll be lucky to get under 2GB regardless of your application. But getting programs to run in 32MB is more than possible with a lighter weight framework such as Play.

The average RoR app instance seems to run around 100MB, depending on how much load you need it to cope with that might be low enough.

Erlang often runs with very low memory needs, I would suspect a web app would run under 50MB.

I wouldn't worry about it so much, most of these languages can get below 100MB which should be more than enough reduction. But you do have to be careful what you write and on what frameworks because you can choose very heavy solutions in all of them, and equally very light options in all languages as well. I don't know of a language that can't meet your requirement actually, almost all of them are more than capable of running in reasonable amounts of RAM.
 
Cogman

Cogman

Lifer
Sep 19, 2000
10,286
145
106
Savatar said:
but just having java installed on the server definitely increases the attack surface of the system in ways that neither PHP, Python or Perl does.
Click to expand...

How? You haven't provided an example of how that actually increases the attack surface in a way that PHP or Python wouldn't similarly increase the attack surface.

Here is just one example of the many java server-side vulnerabilities, this one specifically with the Spring framework (a common framework that developers use): http://www.infosecurity-magazine.co...e-vulnerability-in-spring-framework-for-java/, though that could arguably be considered an 'implementation' problem. Regardless, it helps to illustrate the point. Another vulnerability involved flaws in how java implemented reflection in the run-time or something like that, which allowed malicious users to inject code that wasn't intended to be ran into the application (though this would have required system access, or a way to modify files on the system, to begin with - it's still a problem with 'server-side' java that theoretically could be exploited once access to any system with affected java versions is obtained). In other words, even if you have app 'A', you can't guarantee that app 'A' does what it was originally programmed to do in all cases (though I understand this could be just as true for any programming language that uses a virtual machine).
Click to expand...

That is an example of user side code having security vulnerabilities, not vulnerabilities in the java language itself. There are plenty of examples of security vulnerabilities in python libraries.. don't believe me?

http://www.cvedetails.com/vulnerabi...99/product_id-18211/Djangoproject-Django.html

Your other problem is, as you point out, requires that the user have access to the system, which, you have bigger issues at that point.

I find it funny that you are scared stiff of java because of client side vulnerabilities (Provide me with a valid server side vulnerability), while you advocate PHP which has had more than its fair share of security vulnerabilities. ( http://www.cvedetails.com/vulnerabi...ct_id-128/version_id-97802/PHP-PHP-5.3.3.html ). Some of them are pretty serious ( http://www.cvedetails.com/cve/CVE-2012-2688/ )
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom