Day 85 - Devastating global ransomware attack(??), Node.js event loop

13 May 2017 Tweet 100daysofwriting

A global ransomware attack and the oppurtunity to see it play out in real time? Wow, that’s scary and exciting, no offence to everyone who was affected. It sucks big time, but as someone who is fascinated by how these things start and how they spread, it is particularly of interest to me.

The exploit was a Windows port 445 SMB loophole that the NSA apparently knew about but disclosed to everyone only after their recent leak. Snowden quickly took to twitter to criticise them for reducing the amount of time that everyone had to prepare because they disclosed the exploit’s existence so late.

The way it spread (and the way people were affected) is of more interest to me, because that is what everyone should be on the look out for and not do when the situation arises. Clicking on spam emails and attachments is a security NO-NO that has been re-iterated ever since the existence of Spam emails. As one article pointed out, “It was surprising that NHS computers got affected because NHS employees are instructed not to open spam-looking emails.”

There is some talk about how the worm mainly spread through networks inside businesses where people might have been running outdated software for legacy support reasons.

My internship at Elanic is mainly Node.js backend till now. This talk is a pretty good primer on how Node.js really works. There are some old Ryan Dahl talks about his philosophy when he was building Node.js and why he thought non-blocking asynchronous I/O was the way to go for building web applications as compared to the synchronous PHP way of db.query(...) that was popular in those days. I found his talks to be a bit too dry, and being old, they were also not in HD which made the metrics he was showing rather hard to make sense of.

Nginx apparently runs using an Event loop and uses only a single thread of execution as compared to Apache’s one-thread-per-request model. While that should ensure a significant increase in performance if one switches from Apache to Nginx for a lot of concurrent users on a site, one of the major hurdles is how hard it is to setup Nginx properly compared to the basic configuration of Apache, which is literally just a couple of apt-get install steps.

An nginx reverse proxy to setup Node.js applications seems to be the weapon of choice for people wanting to setup ExpressJS REST APIs, but the scaling part of this setup is something that needs to be managed manually and perhaps providers like Heroku would do a better job at this. At $7 a month compared to Digital Ocean’s slightly cheaper but vastly smaller $5 a month droplet, the difference in costs is perhaps not too decisive at a small scale and would not justify the time that would go into working on scaling servers, compared to developing things.

POST #85 is OVER