Server execution of JavaScript: What could possibly go wrong?

Similar documents
WebApp development. Outline. Web app structure. HTML basics. 1. Fundamentals of a web app / website. Tiberiu Vilcu

To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin,

HTML5 Evolution and Development. Matt Spencer UI & Browser Marketing Manager

Think like an Elm developer

welcome to BOILERCAMP HOW TO WEB DEV

Advance Mobile& Web Application development using Angular and Native Script

Modern App Architecture

Lecture 9a: Sessions and Cookies

Top 10 AJAX security holes & driving factors

Creating an Online Catalogue Search for CD Collection with AJAX, XML, and PHP Using a Relational Database Server on WAMP/LAMP Server

RKN 2015 Application Layer Short Summary

Microservices. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Microservices with Node.js

Surrogate Dependencies (in

ESIGATE MODULE DOCUMENTATION DIGITAL EXPERIENCE MANAGER 7.2

JS Event Loop, Promises, Async Await etc. Slava Kim

WebRTC: Possible? Don McGregor Research Associate MOVES Institute.

MEAP Edition Manning Early Access Program WebAssembly in Action Version 1

Smashing Node.JS: JavaScript Everywhere

Syntax Errors; Static Semantics

Quick housekeeping Last Two Homeworks Extra Credit for demoing project prototypes Reminder about Project Deadlines/specifics Class on April 12th Resul

DreamFactory Customer Privacy and Security Whitepaper Delivering Secure Applications on Salesforce.com

Persistence. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Ur/Web: A Simple Model for Programming the Web. Adam Chlipala MIT CSAIL POPL 2015 January 15, 2015

Tuesday, January 13, Backend III: Node.js with Databases

Backend Development. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Simple AngularJS thanks to Best Practices

Backend Development. SWE 432, Fall Web Application Development

CS50 Quiz Review. November 13, 2017

Evolution of the "Web

Exploring Chrome Internals. Darin Fisher May 28, 2009

We will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries

Javascript Performance in the Browser. Charlie Fiskeaux II User Interface Engineer

Testing Javascript applications

Outline. AJAX for Libraries. Jason A. Clark Head of Digital Access and Web Services Montana State University Libraries

Wakanda Architecture. Wakanda is made up of three main components: Wakanda Server Wakanda Studio Wakanda Client Framework

DESIGN AND IMPLEMENTATION OF SAGE DISPLAY CONTROLLER PROJECT

Model-View-Control Pattern for User Interactive Systems

Virtual machines (e.g., VMware)

Investigating Source Code Reusability for Android and Blackberry Applications

Module 3 Web Component

Get ready for mycourses

COSC Software Engineering. Lecture 23: Multilingual and Component Programming

Module 6 Node.js and Socket.IO

Asp Net Mvc 5 With Bootstrap And Knockout Js Building Dynamic Responsive Web Applications

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

AJAX Workshop. Karen A. Coombs University of Houston Libraries Jason A. Clark Montana State University Libraries

HTML5 a clear & present danger

Website Report for

Unit 3 - Week 2 lectures: Building your webapp

When learning coding, be brave

Man-In-The-Browser Attacks. Daniel Tomescu

Luckily, our enterprise had most of the back-end (services, middleware, business logic) already.

The Multi-Principal OS Construction of the Gazelle Web Browser. Helen J. Wang, Chris Grier, Alex Moshchuk, Sam King, Piali Choudhury, Herman Venter

CS 360 Programming Languages Interpreters

GWT: The Technical Advantage. Presenter: Anirudh Dewani Company Name: Google

Tarek Elachkar, VP Customer Solutions - Jahia A real world story of Angular and Apache Unomi integration.

SALESFORCE DEVELOPER LIMITS AND ALLOCATIONS QUICK REFERENCE

Java Performance: The Definitive Guide

CISC 1600 Lecture 2.4 Introduction to JavaScript

2015 NALIT Professional Development Seminar September 30, Tools for Mobile App Development

WebAssembly. neither Web nor Assembly, but Revolutionary

code://rubinius/technical

React.js. a crash course. Jake Zimmerman January 29th, 2016

Website Report for

How to Install (then Test) the NetBeans Bundle

JavaScript: the language of browser interactions. Claudia Hauff TI1506: Web and Database Technology

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

ANDROID SYLLABUS. Advanced Android

CSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno

SaaS Providers. ThousandEyes for. Summary

ThousandEyes for. Application Delivery White Paper

Enabling High-Quality Printing in Web Applications. Tanu Hoque & Craig Williams

Lecture 14: Parser Conflicts, Using Ambiguity, Error Recovery. Last modified: Mon Feb 23 10:05: CS164: Lecture #14 1

Web Components. Reactive Architecture for the Front End. Steven Skelton. Reactive Programming Toronto December 3, 2014

SALESFORCE DEVELOPER LIMITS AND ALLOCATIONS QUICK REFERENCE

Html5 Css3 Javascript Interview Questions And Answers Pdf >>>CLICK HERE<<<

Presented by Alex Nicolaou

s642 web security computer security adam everspaugh

Learn Web Development CodersTrust Polska course outline. Hello CodersTrust! Unit 1. HTML Structuring the Web Prerequisites Learning pathway.

Building Rich Applications with Appcelerator

Lab 6: Testing. Software Studio DataLab, CS, NTHU

Semantic Analysis. Lecture 9. February 7, 2018

Fall UI Design and Implementation 1

HTML5 for mobile development.

Building Isomorphic Javascript Apps

DreamFactory Security Guide

Final Examination May 5, 2005

Introduction Haim Michael. All Rights Reserved.

31CM From RPG OA to Node.js Modernization and Mobile. Presented by: Greg Patterson Senior Sales Engineer Fresche Solutions May 9, 2017

Project Horizon Technical Overview. Steven Forman Principal Technical Consultant

Development of web applications using Google Technology

Rsyslog: going up from 40K messages per second to 250K. Rainer Gerhards

Project Horizon Technical Overview. Bob Rullo GM; Presentation Architecture

XCOLD Information Leak

Full Stack boot camp

RESTful Services. Distributed Enabling Platform

JavaScript: the Big Picture

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

REST Easy with Infrared360

Transcription:

Server execution of JavaScript: What could possibly go wrong? Brian Geffon Staff Software Engineer

Hello! 2

Outline Introductions Ø Brief History The paradigm shift Problems! Where we are today Closing thoughts and Questions 3

LinkedIn in 2003 Data Center JAVA JSP HTML Browser A single monolithic web application 4

LinkedIn in 2010 Data Center Grails GSP JAVA JSP HTML Browser Ruby ERB New frameworks: productivity boost. 5

New Frameworks: Added productivity Added complexity Difficult to maintain numerous versions of the same template Make it difficult to share content between apps 6

Solution: a single templating language Do these web app frameworks share anything? How can we ensure that we remain D.R.Y. What language can be supported across each architecture? 7

Solution: client side templating Web applications return JSON data Templates are compiled to JavaScript JSON Data is consumed by JavaScript templates which will execute on the client side. 8

Solution: client side templating, contd. Webapps can share UI! Ability to cache templates on the client Better performance? 9

So many options! 10

The winner: Dust.js Dust is a logicless JavaScript templating language Dust is extensible Dust is inherently D.R.Y. https://github.com/linkedin/dustjs 11

Dust.js example gets compiled into a JavaScript function + =

Outline Introductions Brief History Ø The paradigm shift Problems! Where we are today Closing thoughts and Questions 13

The paradigm shift Reusable UI gives rise to component sharing across apps Components are now separated from data models Ability to avoid RTT for components embedded in page. 14

The paradigm shift: Fizzy 15

What s going on here? Web fz.js 1 Fizzy 2 Server 4 3 Profile Contacts Profile 16

What s does the application return? HTTP/1.1 200 OK Content-Type: text/html X-FS-Page-Parse: 1 Web fz.js X-FS-Page-Id: profile-view-fs X-FS-Host-Id: ela4-appxxxx.prod 1 Fizzy 2 Server 4 3 Profile Contacts Profile 17

What do these embedded components return? HTTP/1.1 200 OK Content-Type: application/json X-FS-Page-Id: profile-activity 1 Fizzy 2 Server X-FS-Host-Id: ela4-appxxxx.prod Web X-FS-TL: http://cdn-host/hash-of-template1.js X-FS-Template-Keys: fz.js default =hash-of-template1 4 3 Profile Contacts Profile

What does the browser see?

Yay! A fancy new web architecture Components are now stand alone Nice UI separation Reusability 20

What could possibly go wrong? Large JSON payloads caused many problems with IE7 IE7 doesn t have a native JSON parser! 21

What could possibly go wrong? Some older browsers would take a very long time executing JS Many browsers didn t have optimized JS engines 22

What could possibly go wrong? Search Engine Optimization JS in GoogleBot Yes, many others: No 23

Server Side Rendering (SSR) Unfortunately we need a way to execute JavaScript on the server Could potential performance improvements been seen across the board? 24

The Pieces of SSR High performance caching HTTP proxy Google V8 JS Engine High performance embeddable JavaScript Engine 25

Server Side Rendering: What s going on here? Web fz.js SSR 1 Fizzy Server 2 4 3 Profile Contacts Profile 26

What s does the application return? HTTP/1.1 200 OK Content-Type: text/html X-FS-Page-Parse: 1 Web fz.js X-FS-Page-Id: profile-view-fs X-FS-Host-Id: ela4-appxxxx.prod SSR 1 Fizzy 2 Server 4 3 Profile Contacts Profile 27

What does the browser see?

Yay! A fancy new web architecture We can now support old web browsers We can now gracefully handle SEO It turns out that even for modern browsers sometimes we can execute JavaScript faster! 29

Outline Introductions Brief History The paradigm shift Ø Problems Where we are today Closing thoughts and Questions 30

What could possibly go wrong? A shared JS engine gives rise to issues and vulnerabilities that don t affect browsers that execute JS. 31

What could possibly go wrong? Context Pollution One malicious request can poison the context of another This issue exists with any dynamic language 32

Context Pollution Silly example but illustrates the need for isolation. What if we leave off var in JavaScript? 33

Context Pollution: The solution Each request requires it s own context Completely reload the environment and bootstrap code Performance Hits? 34

What could possibly go wrong? Poorly written JavaScript can take forever to execute! 35

Poorly Written JavaScript: Infinite Loops, Recursion, etc. Although this is tail recursion and a silly example, It illustrates the need for stack protection and time limitations. 36

Long Running JavaScript: The solution Enforce stack size limits that allow you to gracefully kill a VM Sandbox: accept that apps will misbehave and allow them to only hurt themselves. 37

Long Running JavaScript: The solution Execution limits (we use 1000ms) Exponentially decay the execution limit to prevent taking down the entire site! 38

What could possibly go wrong? Garbage Collection! 39

Garbage Collection! Queue times going through the roof! 40

The culprit: Garbage Collection! 41

GC tuning: it takes practice. Avg Queue times < 0.3ms, P99.99 < 2ms. 42

GC Tuning Adjust old generation to be several order of magnitudes less than new generation New generation is critical because of the short lived jobs and contexts. More Threads! 43

Ideas for the future User load times are actually improved with SSR: do it 100% of the time. A generic JS engine: allow apps to return any JavaScript, not just Dust.js 44

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback