> "BCHS (pronounced /biːtʃəz/, beaches) is for real development. It's a hipster-free, open source software stack for web applications."<p>Everything about how this is written is <i>so</i> hipster. Cool idea though.
I'm not sure how this is significantly better than using say Rust or Go with sqlite embedded, which can be built statically and target any number of hosting platforms with less chance of memory bounds, leaks and the host of issues that tend to surround applications built in lower-level languages at any kind of scale.<p>It's a nice advertizement for OpenBSD, and in general, I feel the BSDs don't get enough recognition as an alternative to "Linux Everywhere"... that said, I'm not in favor of C as a core tech stack language for higher level line of business applications, which is a majority of software developed (in isolation from other, or more popular or more widely used software).
Having actually written web applications with C as my very first web-dev job, my opinion of this is... not high.<p>I'm sure at this point there are better abstractions to use (nobody knew how to structure a web app way back when) and there's less ad hoc templating and other string cobbling now, but I can't imagine going back unless there were compelling performance gains I needed and couldn't get any other way.<p>C also:<p><a href="https://news.ycombinator.com/item?id=6402885" rel="nofollow">https://news.ycombinator.com/item?id=6402885</a>
I like this little project. Nice combo. Let's take it to another level:<p>BALS (pronounced "Balls"): What you have when you combine [Open]BSD, Ada, Lighttpd, and SQLite. Smokes BCHS in both safety (Ada) and probably speed (web server). Especially when you rewrite the web server in Ada/SPARK with all checks on. :)
"hipster-free" really? :-) I think it's the definition of <i>hipster</i>: Low value framework(compared to established web frameworks), will be used a bunch of devs for corner cases OR (mostly I guess) to brag about it (on hackernews, reddit, mailing-lists, forums, chats, etc.)<p>That said, I'm glad it exist, the more choice we have the better :D
> BCHS (pronounced /biːtʃəz/, beaches) is for real development. It's a hipster-free, open source software stack for web applications. To prepare a BCHS environment, install OpenBSD. Then get started.<p>Referring to something as "hipster-free" automatically classifies you as hipster. It's similar to how asking "<i>Am I cool</i>?" automatically disqualifies you from being cool.
With sufficient sandboxing, and depending on the needs of the site in question, this is actually possible to do securely.<p>When you use sandboxing properly, the security of your application doesn't depend on how complex it is or how many features it has. This is a huge advantage over secure programming languages, where bugs are less likely but still some constant factor of KLOC.<p>That said, not every application can be sandboxed easily.
Man, there's so much irony with using OpenBSD (an OS designed with security in mind) with a web app written in C.<p>While half asleep the other night, I randomly found a very obscure but also dangerous remotely exploitable buffer overflow in C++11 code I had written a while ago -- it's still very possible even with a modern C++ codebase.
> <a href="http://man.openbsd.org/OpenBSD-current/man1/gcc-local.1" rel="nofollow">http://man.openbsd.org/OpenBSD-current/man1/gcc-local.1</a><p>Wait, is it really true that OpenBSD's gcc is from the 4.x series?<p>Apart from the general idea that you shouldn't be writing network-facing software in C when good alternatives (Rust, Go, C++11, Haskell, just about anything else) exist, there's a lot of good work happening in <i>upstream</i> GCC. How up-to-date is OpenBSD's -fstack-protector compared to GCC 6's?<p>> <i>Write portable and secure C.</i><p>If you're running on the BCHS stack, why? And how is it possible to reconcile this with the suggestions to use systrace(4), pledge(2), and capsicum(4), which aren't even portable <i>among the vibrant BSDs</i>?
I'm 95% sure this is a joke; like it links to this site: <a href="http://www.fastcgi.com/" rel="nofollow">http://www.fastcgi.com/</a>
Given that a C server is most likely multithreaded, wouldn't it be more heavy weight than an equivalent green thread/coroutine setup like golang?
>forget your LAMP instincts to desperately search Google and StackExchange for every parameter: man pages are your new best friend.<p>The amount of arrogance here is astounding. For one thing it's a trope that Linux doesn't have good documentation, RHEL has better docs than anything I've seen from BSD. C is a whole software language and AFAIK you can't just "man c" and even if you could why would you want to read the whole manual/handbook for the C programming language to figure out something trivial? You would google it anyway.<p>The only reason using man pages on BSD might be better than google is because 90% of the answers you'll find on google will be from a Linux perspective and you'll have to do a second search to figure out how to apply the answer to BSD. Yes, 90% of the time the Linux solution will work on BSD but the 10% of the time when it doesn't is a huge pain.