Sunday 19 August 2012

Is Node.js the answer to all our problems?

I had a look at Node.js today and yesterday, and I can now say that I understand what it is. Apart from the Javascript-like syntax and its support for JSON, Node.js uses a totally new set of objects written in C. The original Javascript was a client technology and it doesn't do servlets, sockets or I/O. Even with the V8 engine Node.js is a lot slower than Java.

Ryan Dahl claims that Nginx is faster than Apache and uses fewer resources because it doesn't use threads and instead serves requests asynchronously. So it makes sense to try to mimic that performance in our web applications and their servers. It also sounds great that at both the server and the client end we use Javascript. However, I have a number of concerns:

  1. I don't understand how using just one thread can possibly be a virtue. Hardware is very much designed for multitasking these days. Not to design software to take advantage of that has little chance of being competitive.
  2. Is Node.js really faster than Apache or Java? The benchmarks I've seen so far are mostly against Node.js.
  3. The end to end Javascript idea sounds cool until you wonder if what was designed as a lightweight, typeless language for the client is really suited to the more demanding programming tasks on the server.
  4. What they don't talk one iota about is security. Long polling sounds a cool idea but it's an open invitation to denial of service. Ruby was cool too but when we attacked the simple ruby web server with a trivial XML denial of service it crippled the whole machine.
  5. It may be good for massive web services that have to deal with lots of small requests. For the rest of us who don't need to service thousands of requests per second or want to do more involved things on the server, Node.js offers no advantage.
  6. Clarity, reliability and reusability should be the goals of every programmer. But a style that uses callbacks and closures instead standard object oriented techniques sounds like a recipe for confusion and endless bugs to me. None of these techniques are new, and they haven't caught on for a reason.
  7. If Node programmers have to write their own web-servers in 10 lines how can that rival the configurability, flexibility and security of a professional web server that is tens of thousands of lines long? I prefer to write an independent server application then choose to run it on one web-server or another, not hard-wire the server into the code. If you want the benefits of asynchronous I/O then why not just run your existing app on Nginx and forget about Node.js?