In the February 2009 survey we received responses from 215,675,903 sites. This reflects a phenomenal monthly gain of more than 30 million sites, bringing the total up by more than 16%.
This majority of this month's growth is down to the appearance of 20 million Chinese sites served by QZHTTP. This web server is used by QQ to serve millions of Qzone sites beneath the qq.com domain.
QQ is already well known for providing the most widely used instant messenger client in China, but this month's inclusion of the Qzone blogging service instantly makes the company the largest blog site provider in the survey, surpassing the likes of Windows Live Spaces, Blogger and MySpace.
Got that? QQ's server QZHTTP just put on 20 million sites in the survey - enough seriously to dent both Apache and IIS (and making the latter look suddenly vulnerable to losing its second place).
Does this represent the dawn of a new (Web server) era?
What makes this all slightly troubling is that I don't know anything about QZHTTP: I presume it's not open souce, since I can't find any links to its code. But can anyone give me any more details, please? (Via @codfather.)
Follow me on Twitter @glynmoody
Has anybody considered the possibility that they have simply faked the HTTP header sent by their server? It is a common security practice to make server-sniffing more difficult (if a hacker doesn't know what OS/web server/version the host is running, they can't easily identify specific exploits). For all we know they could be running Apache or IIS.
ReplyDeleteMaybe QZHTTP is just a rebranded Apache. It is quite easy to have Apache deliver an alternative identifier, and it'd seem silly to build a new HTTP server from scratch unless you had both deep pockets and lofty goals.
ReplyDelete@Tin @anon: true, although it would be an obvious thing to try cracking them assuming they were rebranded, so it's not that much of a defence.
ReplyDeleteAnyway, I'm working on this and will let you know when I find out more.
An NMAP Scan on qq.com flags it as being Apache HTTPD. From my log: "PORT STATE SERVICE VERSION
ReplyDelete80/tcp open http Apache httpd
|_ HTML title: 302 Found"
@Jason: thanks - but might that just be the front-end?
ReplyDeleteThis vaguely has the smell of IBM midrange (iSeries etc.) and the server software packaged with the OS/400 operating system. Just before I semi-retired from the IS profession, IBM presented a long range executive briefing where they emphasized China as one of their three top tier target markets. Retail and Healthcare were the other two. Just a guess, but it sure fires a few of my remaining neurons.
ReplyDeleteInteresting thought - thanks.
ReplyDeletei ran httprint on a selection of 111 sites in the qzone.qq.com domain, 107 were classified as 'thttpd'
ReplyDelete3 as apache, 1 as IIS.
so, either it is a modified 'thttpd' or maybe a proxy, behind which happen to be many thttpd sites.
willem
It is likely rebranded or stock thttpd.
ReplyDeleteBased on the below.
Compare the output to the 400 error produced by a thttpd server
(Live example here: http://www.doupovec.cz/)
(Escaped for posting)
[root@andLinux ~]# nc qzone.qq.com 80
GET / NNNN/1.0
HTTP/1.1 400 Bad Request
Server: qhttpd
Connection: close
Content-Type: text/html
Content-Length: 235
[stripped]Your request has bad syntax or is inherently impossible to satisfy.
[stripped]
@itsme @numerophobe: thanks for your efforts
ReplyDeleteI'm inclined to think this is a Chinese-state-approved httpd. Probably reports every page served (and to whom) back to the central censorship infrastructure for checking.
ReplyDeleteParanoia? Anywhere but China, it would be.
it's apache with a few proxies
ReplyDeleteuser@host:~ $ curl -I www.qq.com
HTTP/1.0 200 OK
Date: Tue, 24 Feb 2009 21:48:08 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=120
Expires: Tue, 24 Feb 2009 21:50:08 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=GB2312
Age: 22
X-Cache: HIT from rainny.qq.com
Via: 1.0 rainny.qq.com:80 (squid/2.6.STABLE5)
Connection: close
I am not being racist here, but what purpose does it serve to be concerned about what the Chinese are doing? For the sake of curiosity maybe, but since their Internet is it's own entity - firewalled and regulated heavily - can China Internet really be considered part of the greater Internet? Should we be instead calling it The Greater China Intranet?
ReplyDeletewell my interest has to do with the impact of Chinese moves on Apache's position in the Web server market. It's also of interest to see what coding the Chinese are doing here - whether it's based on pre-existing code or new.
ReplyDeleteKeep in mind, they;re Chinese. So they care $hit about IP and licensing rights.
ReplyDeleteI bet they just stole Apache code and made "their own" thing on it.
Slay me for this if you like, but we are talking about China here.
ReplyDeleteChina, the country whose judges threw out Microsoft's lawsuits because it's fine that people were using pirated copies of windows. China, the country which has an unlicensed direct copy of Disneyland, Mickey Mouse and Pluto, albeit under different names, paying no royalties to Disney. China, the country where you can get any manner of ripoff gadget, from fake brand t-shirts to copied paper-sleeve DVDs to a fake iPhone before the iPhone's actual release.
Do you really think they're going to develop an entire enterprise-level webserver on their own? Please. This is, at best, Apache with a few lines of code changed. Move along, nothing to see here.
@Jamie: well, that's what I'm interested in finding out about. You're right, it may well just be a dressed-up Apache; equally, there are lot of good coders in China these days, and Web servers aren't exactly new....
ReplyDeleteI am an employee for Tencent, which runs qzone.qq.com and www.qq.com(The later is on Apache).
ReplyDeleteqzhttp is a proprietary web server owned by Tencent. It has nothing to do with Apache or any open source web server.
qzhttp has nothing to do with qhttpd either.
@HelloMarch - thanks for that info.
ReplyDeleteCould you please contact me at glyn.moody@gmail.com, because I'd like to write about this interesting area at greater depth. Thanks.
ID just like to point out that QQ has deep pockets and is always planning big things.
ReplyDelete@fotoflo - do you think there's more coming?
ReplyDeleteI think people miss the point a bit..
ReplyDeleteFirst, qzhttp was what its client sites were running on, so hitting www.qq.com (etc) and getting back apache is no supprise (i mean seriously, did that give you anything but "oh im hitting the wrong site" - after all, netcraft is not that dumb)?
Secondly, if qq took apache, re-coded some of it or forked it and used it on their site as closed source they haven't committed any OSS crimes! You only have to provide source if you distribute a binary - providing a service using that binary is not distributing (this is true both of gpl and apache licenses). Learn your licenses!
But as has been pointed out, qzhttp is none of those things...
Of course, the Chinese would never be able to build their _own_ web server, now would they..?
ReplyDeleteChinese aren't capable of innovations, everything they ever came up with are either stoled or faked, just like compass, printing, gun powder, and paper making... Oh did I mention that the Art of War is actually just a big state propaganda?
ReplyDeleteOf course the Chinese don't have the brains and capacities to develop their own web servers, because they are CHINESE!
Let's not forget that the Apache's license SPECIFICALLY STATED that it's alright for anyone to grab and modify its source code, except for the Chinese, in which case it becomes crime of stealing.
If they can't even steal right, never mind innovate.
Now, that's slightly troublesome and frightening to me...
I hope I didn't give the impression that I was troubled by the idea of Chinese innovation: I'm not. It's more the impact on Apache that concerns me (but there may not be any....)
ReplyDeleteUnder the assumption that if they took Apache, they did not change much, Qzone is highly likely not to run Apache (neverminding the information was already given), and I base this statement upon the different order of HTTP Responde headers.
ReplyDeleteHellowMarch said:
ReplyDelete"qzhttp is a proprietary web server owned by Tencent. It has nothing to do with Apache or any open source web server."
...and there is no melamine in Chinese milk.
OK, people, can we please keep this on the subject of Web servers?
ReplyDeleteSo if "qzhttp is a proprietary web server owned by Tencent. It has nothing to do with Apache or any open source web server." there is one thing that really makes me wondering:
ReplyDeleteWhy ?
What's the benefit for a company to create a new web server from scratch. I mean all the money tencent invested to create qzhttp could have been used further improving their other products, developing new products or starting marketing campaigns.
Any ideas ?
that's what I'm working on...
ReplyDeletePerhaps motive can be found in a sense of national pride. Hyping a glittering market share in a technical field would inspire your collectivist vassals more than tanks in Tiananmen Square.
ReplyDeleteYes, that's possible.
ReplyDeleteI don't think anyone is suggesting all Chinese people are bad, any more than all white people are stupid.
ReplyDeleteClearly, there's misunderstanding on both sides: let's hope that the Internet can help to improve relations between peoples by allowing them to learn more about each other. I'm optimistic.
Last time I checked, geeks were known for being meritocratic: if you've done something good/cool/smart/ass-kicking/1337, you get recognition. It doesn't matter that much if you are tall, handsome, a boy or a girl or how much money do you have in the bank... or if you are Chinese, for that matter.
ReplyDeleteSo please stop the "come on... they are Chineeeese!" stuff, as if there could be no bright people in China as much as anywhere else.
The point here is to find out as many facts as we can about this web server: is it something else or just a rebranded Apache? (more support to HelloMarch's claims would be great) how is it licensed? how/where is it better/worse than others? why did they choose to build something new? (I don't get the reasoning behind this, but it's always possible).
It's about the MERITS of the software, not the predjudices of some commenters.
QZone boasts more than 200 million users. Indeed, a Facebook-like website specifically for Chinese college students launched by QZone in January 2009 already has 20 million users.
ReplyDelete@Nancy: amazing - thanks for that.
ReplyDelete""What's the benefit for a company to create a new web server from scratch. I mean all the money tencent invested to create qzhttp could have been used further improving""
ReplyDeleteask that questions to the creator of lighttpd, nginx, httpd, etc. I think they all can you provide with one or more reasons... Apache et el isn't the answer to all problems.
Is this new thing being used somewhere else? I got interested about it cause it seems to have taken a large chunk of apaches marketshare.
ReplyDeleteWhile we are at it - can i get it somewhere to test it out:P (too high hopes?:D)
@Bobba: unfortunately, this is still shrouded in mystery - the company never replied to my email....
ReplyDelete