Building a commercial Node.js user interface – some do’s and don’ts

If you want to develop Node.js applications coming from a PHP background, the following are some considerations as I have found them. For software developers who were writing user interface in languages such as PHP, writing model->view->controllers comes easy along with a host of useful widgets and controls. For example, Yii framework in PHP makes it elegant and performant to write such web applications. Common server side functionality includes connecting to a database and making API calls. Javascript validation is still used but the inline html execution along with the /var/www/ copy-deployment makes PHP different and easy for UI development.

With Node.js, the language is javascript and if we are familiar with the asynchronous programming model on the client side as is the case with client side scripts in PHP, then this is no different. The server side framework comes with rich templates and parsers such as Hogan/moustache and express for rendering the views. But here are some of the UI artifacts we would like to carry forward:

1)      Templates and variables as output from the controller to the view

we have fine control over the html we can send in the response. For example:

res.render('index', servers, function(err, html) {

             insertion = "<tr><td>{{ server.pk }}</td><td>{{ server.fields.server_id }}</td></tr>";
       var template = Hogan.compile(insertion);
       data = '';
       servers.forEach(function(server, index, array){
            var row = template.render({'server':server});
            data += row; 

             });
      var h = html.replace('LIST_OF_SERVERS', data);
      res.setHeader('Content-Type', 'text/html');
      res.send(h);
});

2)      Flash as a notification to the user for error and info

       req.flash('info', '%s items have been saved.', items.length);

3)      Session as a validation that the user is currently signed in

require('./saml/saml')(app);

function secure(req,res,next){

      // Check session

      if(req.session.currentUser){

        next();

      }else{

        app.settings.saml.startAuth(req, res);

      }

    }

app.all('/', secure); 

4)      Css and layouts as an organization and theme across views

<link rel="stylesheet" type="text/css" href="../stylesheets/screen.css" media="screen, projection" />

<script type="text/javascript" src="../javascripts/jquery.js"></script>

5)      Redirect and rendering  as appropriate

app.get('/', function (req, res){

  res.redirect(login_url);

});

6) Exception handling : Use appropriate state handlers such as the error: and success: in $.post calls and you should have less try-catch-finally to use

7) Logging: You can continue to use a logger that logs to a file

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were describing Haven and the limitations of the original Intel SGX.
It needed new instructions for dynamic memory allocation and protection. SGX doesn't report page faults or GPFs to the enclave and it permitted RDTSC and RDTSCP instructions for practicality and performance. The thread local storage can't reliably switch FS and GS. These were fixed in SGX v2. Haven was tested using SGX emulator. There was no direct SGX implementation at that time.
To overcome this for performance evaluation, a model was used. This model consisted of a TLB flush on Enclave crossings and a variable spin-delay for critical SGX instructions such as enclave crossings, dynamic memory allocation, protection, penalty for access to encrypted memory and slow overall system DRAM clock. The results showed that there was slowdown but it depended on model parameters. Apache had 35% slowdown, SQL Server had 65% slowdown as compared to VMs
10K plus cycles  for SGX instructions and 30% slower RAM was assumed for the study.
The application workloads were chosen as database and webserver to give two different perspectives.
The database server was Microsoft SQL Server 2014, Enterprise-edition and TPC-E, a standard online transaction processing benchmark. They use a default configuration for SQL Server when running naively or in a VM but for Drawbridge and Haven some parameters were varied. Drawbridge does not support large pages or locked physical allocations so they were disabled. The buffer cache was limited to 6.5 GB because LibOS does not report physical memory usage and the server's default behaviour led to excessive paging. The TPC-E clients ran on a single machine connected to a test system by a local gigabit network.For each run, 30 minutes of warm up time were allowed and then the transaction performance was measured for an hour. The web server was Apache 2.4.7. and PHP 5.5.11. The Drawbridge was configured to run Apache's worker processes in the same address space and enclave and modified Apache's configuration to avoid using AcceptEx, which exposed a compatibility bug in LibOS socket code. Mediawiki was backed by a SQLLite database and enabled the alternative PHP Cache for intermediate code and MediaWiki page data. The server was benchmarked using 50 worker threads on the client that repeatedly fetched 14kB main page over persistent SSL connections for a period of 5 minutes.
#codingquestion
Given a set of M unix paths that already exist and N paths that need to be created, find out how many mkdir commands without options need to be given
int GetNumMkdirs(SortedList<string> created, SortedList<string>todo)
{
int count = 0;
foreach (var item in todo)
{
var parts = item.split('/');
string sep ="/";
for (int I = parts.count; I > 0; I--)
{
    result = "/" + String.Join(sep, val, 0, i);
    if (created.contains(result)){
        break;
    }
    count += 1;
}
for (int I = 0; I < parts.count+1; I++)
{
   result = "/" + String.Join(sep, val, 0, i);
   if (created.contains(result) == false)
       created.Add(result);
}
return count;
}

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were describing the shield module uses a reserved area of protected memory and file system and does a sanity check of untrusted inputs. The host may deny service but it cannot alter the behavior of the application. The host maybe malicious for example it may support lago attack. A lago attack is one where the host fails system calls to gain access to the users stack. More on this to come later. To mitigate the lago attacks a shield module includes typical kernel functionality such as scheduling, VM, file system, and interacts with the untrusted interface with host. The shield module has a memory allocator for which the host commits or protects specific pages and performs no address allocation. A private file system is provided by the host. The shield module has a scheduler that does not trust host to schedule threads. It has an exception handler that emulates some instructions. It performs sanity check of untested inputs.

The other kinds of attacks are where the application itself cannot be trusted and the operating system cannot be trusted. That is why the enclave protects guest from the host while the picoprocess it is running in protects host from the guest. The enclave loads the unmodified binaries of the application, a module that forms a subset of windows to run in process and the shield module. The module that interacts with the application binaries uses the windows API and with the shield module using the Drawbridge ABI. The windows kernel loads the Drawbridge host and SGX driver. This enclave is Haven.
The original intel SGX had its limitations. It needed new instructions for dynamic memory allocation and protection. SGX doesn't report page faults or GPFs to the enclave and it permitted RDTSC and RDTSCP instructions for practicality and performance. The thread local storage can't reliably switch FS and GS. These were fixed in SGX v2.
#codingquestion
To the problem described in the previous post, if two players playing red and blue occupy the positions marked 1 alternative determine who will have four pieces in a row when you rotate the board.
Modify BoardHasFourInRow to take color as a parameter and add the check matrix[i,j] == color in as the first condition to proceed or exit in FourInRow function.
void PrintWinner(int[,] matrix, int N)
{
RotateAndDrop(matrix, N);
bool blue = BoardHasFourInRow(matrix, N, BLUE);
bool red = BoardHasFourInRow(matrix, N, RED);
if (blue && red) { Console.Write("both"); return;}
if (blue) { Console.Write("blue"); return;}
if (red) { Console.Write("red"); return;}
Console.Write("neither");
}
int GetMax(List<int> numbers)
{
return numbers.Max();
}
int GetMin(List<int> numbers)
{
return numbers.Min();
}

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were describing how the paper assumes a malicious cloud provider which is a convenient proxy for all real threats. And how it utilizes the hardware isolation provided by Intel SGX to form an enclave and utilizes attestation. This hardware isolation involved new instructions to establish, protect and a gate to be called to enter.A portion of physical memory was encrypted and integrity protected. We now cite some of the attack vectors that influenced the design. The first is lago attacks. This is one where a malicious kernel with a carefully chosen sequence of integer return values to system calls  can lead a supposedly protected process to act against its interest. For example, malloc() returns pointers to user's stack and read() fails with EROFs in a competing system. This paper suggest not to check all the system calls but to admit  OS into the trusted computing base and using a drawbridge ABI ( a selection of few runtime calls) for a shield module within the enclave to communicate with the runtime. The untrusted interface is between the shield module and the untrusted runtime and there is a policy mechanism  enforced by approximately twenty calls with restricted semantics. The policy in the guest is a virtual resource policy affecting virtual address allocation and threads while the policy in the host is a physical resource policy affecting physical pages, VCPUs. The shield module uses a reserved area of protected memory and file system and does a sanity check of untrusted inputs
#codingexercise
To the exercise described earlier using an N*N matrix of 0 and 1, perform an anticlockwise  rotation and gravitation pull on the matrix.

Start      Rotate         Pull

0000      0000          0000

0000      0011          0001

0110      0011          0011

1110      0001          0011
int[,] RotateAndDrop(int[, ] matrix, int N)
{
var newMatrix = new int[N,N];
for (int p = N-1; p >=0; p--)
  for (int  q= N-1; q >= 0; q--)
      newMatrix[N-q-1, p] = Matrix[p,q];
for (int j = 0; j < N; j++)
  for (int i = N-1; i >= 0; i--)
      if (newMatrix[i,j] == 0 && i-1 >=0){
newMatrix[i,j] = newMatrix[i-1,j];
newMatrix [i-1,j] =0;
}
return newMatrix;
}

Check whether the final position  of the board has four elements in a row either horizontally, vertically or diagonally
bool BoardHasFourInRow(int[,] matrix, int N)
{
for (int i =0; i<N; i++)
  for (int j = 0; j<N; j++)
     if (FourInRow(matrix, N, i,j) == true) return true;
return false;
}

Bool FourInRow( int [,] matrix, int N, int i, intj)
{

// horizontal count
Int h = 0;
Int x = i;
While (x>0 && matrix [x,j] == matrix[i,j]) {h++;x--;}
x = i+1;
While (x < N && matrix [x, j] == matrix [i, j]) {h++; x++;}
If h >=4 return true;

//vertical count
Int v = 0;
Int y = j;
While (y>0 && matrix [i,y] == matrix[i,j]) {v++;y--;}
y= j+1;
While (y < N && matrix [i, y] == matrix [i, j]) {v++; y++;}
If v>=4 return true;

// diagonal forward
int d = 0;
x = i;
y = j;
While (x> 0 && y>0 && matrix [x,y] == matrix[i,j]) {d++;y--;x--;}
y= j+1;x=i+1;
While (x < N  && y < N && matrix [x, y] == matrix [i, j]) {d++; y++;x++;}
If d>=4 return true;

// diagonal backward

d=0;

x=i;

y=j;

While (x> 0 && y<N && matrix [x,y] == matrix[i,j]) {d++;y++;x--;}
y= j-1;x=i+1;
While (x < N  && y > 0 && matrix [x, y] == matrix [i, j]) {d++; y--;x++;}
If d>=4 return true;

return false;
}

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We saw that the cloud has a huge trusted computing base comprising of privilegd software, hypervisor, management tools, staff and law enforcement. Although there is a hierarchical security model, essentially any data can be observed and modified and even if encrypted on disk/net.  The current approaches in cloud computing include hardware security modules comprising of dedicated crypto hardware which is expensive, limited set of APIs that provide key storage and crypto operations. These are not general purpose and used only for sensitive data. From the hierarchical security model, the trusted hypervisors suffer the following problems : 1) System administrators have access to these 2) memory snooping and other physical attacks are possible and 3) the hypervisor can be tampered.
Some mitigation in this regard is to use trusted hardware such as a TPM chip where the Basic idea is that there is a signed measurement (hash) of privileged software, remote user checks measurement, and an incorrect attestation implies compromised software. However, the cloud provider merely applies patches and updates and must trust provider for current hash value.
Let us now look at Shielded execution: this is one which enables protection of  a specific program from the rest of the system say using sandboxing, doesn't require the program to be modified which is naiive to threats, ensures confidentiality and integrity of the program and its intermediate state, control flow etc such that input and output may be encrypted and lastly one where the host may deny service but cannot alter-behaviour.
The paper assumes a malicious cloud provider which is a convenient proxy for all real threats. This means all the providers software is malicious- hypervisor, firmware, management tools, etc. All hardware besides the cpu is untrusted - DMA attacks, DRAM snooping, cold boot etc. Denial of service and side channel attacks are out of scope because they can be mitigated with billing.
Intel SGX provides hardware isolation for what is called an enclave -  a trusted boundary.  These come with new instructions to establish, protect and gate must be called to enter. This processor supports remote attestation.Even the virtual address space has a earmarked enclave for code/data and page table mappings are checked to map only to an encrypted and integrity protected portion of physical memory. Registers are also protected and controls are transferred securely.
#codingexercise
You have a N*N matrix of 0 or 1. The 0 means cell is empty and 1 means cell is full. The matrix is such that the occupied cells have to be on top of each other from the bottom as if being acted upon by gravity. This matrix can be rotated clockwise by 90 degrees. And all the elements will then slide down by gravity. Perform the rotation and gravitation pull on the matrix

int[,] RotateAndDrop(int[, ] matrix, int N)
{
var newMatrix = new int[N,N];
for (int p = N-1; p >=0; p--)
  for (int q = 0; q <N; q++)
      newMatrix[q, N-p-1] = Matrix[p,q];
for (int j = 0; j < N; j++)
  for (int i = N-1; i >= 0; i--)
      if (newMatrix[i,j] == 0 && i-1 >=0){
newMatrix[i,j] = newMatrix[i-1,j];
newMatrix [i-1,j] =0;
}
return newMatrix;
}

Today we discuss the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. This paper focuses on a concept called "shielded execution", which protects the confidentiality and integrity of a program as well as the associated data from the platform on which it runs - the cloud operators operating system, administrative software and firmware.The researchers’ prototype, Haven, represents the first system that can achieve shielded execution of unmodified legacy applications on a commodity operating system and commodity hardware. The authors state that with Haven, applications can store data and perform computations with equivalent trust to local computing. This gives privacy from Cloud operator's provider staff and legal authorities.
In the old days, a database server would store the top secret data and the operating system would host the runtime both being protected by firewall but with these moving to the cloud, the data and the runtime can be compromised. Therefore applications running with sql or apache and with their bugs should be able to run privately in untrusted cloud on commodity hardware. The vulnerabilities with cloud are that there application, operating system, hypervisor, firmware/bootloader, management tools or people and Law enforcement are trusted in that order. This is a hierarchical security model and any data can be observed/modified even if encrypted on disk/net. Although the technique of protection involves older concepts such as sandboxing, the host is assumed to be malicious and with that said, the application program still doesn't require modification.
#interview question
There is a hat with W white balls and B black balls. Audience can draw two balls at a time and return one white ball if the colors are the same or return one black ball otherwise. In the end only one ball remains in the hat and we have to guess the color.
Answer Per the question, the audience is left with one black ball when she draws two blacks or she is left with a white ball. Similarly the hat loses a white ball when one  is returned or an unknown otherwise. The trick here is that each color has equal likelihood of leaving the hat so double the smaller number of W or B will be lost anyways. Then because the colors will remain the same only one of that color will remain. This works as long as W and B are not equal.

Today we revisit the number systems in octal and hexadecimal. The base for these number systems is 8 and 16 respectively. Therefore the distinct digit representations are that many in number. As the numbering continues beyond the base it wraps around to more number of digits. For example, 8 is 10 in Octal and 16 is 10 in hexadecimal. Similarly 31 is 1F and 32 is 20 in hexadecimal. As you can see each unit increment rolls a digit to the next one and carries over to the next place order in that system and this occurs after every length(base) numbers.
Therefore if we divide the number repeatedly by the base length and collect the remainders, we get the representation in that number system. This is what we implemented earlier. Now we look at sequential incrementing.

void GetSequence(String pattern, integer number)

{ 

char[] array = pattern.ToCharArray();

int baselen = array.Length;

String num = "0";

for (int i = 0; i < number; i++)

{

int len = num.Length;

if (num[len-1].ToIndex() + 1 >= baselen){

 bool carryover = true;

 int k = 1;

 if (len-k < 0) num.padleft();

 num[len-k] = array[num[len-k].ToIndex() + 1 % baselen];

 k = k + 1;

 while (carryover)

 {

    if (len-k < 0) num.padleft();

    if (num[len-k].ToIndex() + 1 >= baselen){

        carryover = true;

    }else{

        carryover = false;

    }

    num[len-k] = array[num[len-k].ToIndex() + 1 % baselen];

    k = k+1;

 }

}else{

num[len-1] = array[num[len-1].ToIndex() + 1 % baselen];

}

}

Console.WriteLine(num);

}