Planet = erlang.

Once upon a time, Cisco, Ericsson, Klarna, Goldman Sachs, T-Mobile, WhatsApp, Amazon and many other top companies kept a secret. Erlang was that badly kept secret. Many have heard of it, but few realise that it controls vast amounts of infrastructure, including the fixed and mobile networks we use on a daily basis. It was monumental when Cisco revealed that it ships 2 million devices per year running Erlang at the Code BEAM Stockholm conference in 2018. This translates to 90% of all internet traffic going through routers and switches controlled by Erlang. And have you heard about Ericsson? It has Erlang at the core of its GPRS, 3G, 4G and 5G infrastructure. With a market share of 40%, there’s a high probability a program written in Erlang assigned the IP address your smartphone is using today (amongst other things).

Since being released as open source, Erlang has been spreading beyond Telecoms, establishing itself in other verticals such as FinTech, Gaming, Healthcare, Automotive, IoT and Blockchain. How can a technology created to switch phone calls make its way into these verticals? And why should you not only care but consider using it for your server-side development?

Erlang and Elixir are the top dogs in any tech stack and it’s time we let more people and companies know about the BEAM technologies. We are kicking off with this first blog being part of the #MyTopdogStatus series, to showcase Erlang’s success stories. We will follow with the Elixir focus next- so you have the bigger picture of both technologies!

A Solution to a Problem

One of the first things I try to find out when I meet a programming language inventor is what problem were they trying to solve when creating the language. The range of answers is fascinating, and often reveals if it is -or is not- fit for purpose. Ask any of the co-inventors of Erlang and you will get a unanimous response. They were trying to understand how to better build the next generation of telecom systems, the only systems back in the late 90s which had to be scalable, fault-tolerant, predictable and maintainable. They never set off with the intention of inventing a programming language, but the solution to their problem happened to be just that. Programming languages successfully created to solve a problem are the ones to keep an eye out for, as they are, without a doubt, the right tool for the job. If the answer to why a language was invented is experimenting with esoteric computer science concepts, listen, learn, but beware.

At the time of Erlang’s conception, telecom systems were the only systems which had to be scalable, handle peak loads predictably and never fail. The internet changed it all. When Erlang was released as open source, telecom grade resilience and scale gave way to web-scale, which in turn gave way to mobile applications and connected devices, which, through the inception of 4G and 5G gave way to IoT.

How was this transition possible, and why was it so seamless? If you are switching phone calls, SMSs, publish/subscribe, instant and mobile messages, credit card transactions, money, stocks, medical records, online gaming command sequences, blockchain propagation or telemetry data, the business logic is still the same. And whilst it might be ok to lose the odd SMS, or message, or for a device to be offline for hours and not transmit any data, it is absolutely not cool to lose a financial transaction which involves money, stocks or cryptocurrencies. Basically, what changes in all these systems are the tradeoffs in scalability, reliability and consistency of the data, all items which are programming language agnostic and taken care of in the business logic of the system. Everything else remains the same.

There is no better example of Erlang’s reliability than the English National Health Service (NHS). The NHS obviously requires high availability and handles over 65 million record requests every day through its Spine, a centralised point allowing the exchange of information across national and local systems. Using Riak (written in Erlang), the NHS has managed 99.999% availability for over five years.

From health to the advertising industry - AdRoll receives an average of 500,000 real-time bid requests per second (spikes are many times that), with a substantial financial value attached to each. They use Erlang/OTP to manage the real-time bidding platform on the Amazon EC2 platform, pairing up advertisers with users in milliseconds.

Many countries rely on Erlang for their immediate payment switches, allowing instant bank transfers and bill payment services. Vocalink, a Mastercard company, is shipping financial switches implemented in Erlang. And they are far from being alone. Other areas where Erlang is used in anger includes private and public blockchain, payment and credit card gateways, banking APIs and more traditional infrastructure management. If you scratch under the surface, you will find an Erlang team in all of the major banks and financial institutions. And those few not using it will be using RabbitMQ, CouchDB, RiakKV or one of the other open source Erlang applications.

The investment banking giant, Goldman Sachs, use Erlang in part of its hedge fund trading platform. The Goldman Sachs platform is a very low latency (microseconds) event-driven market data processing, strategy, and order submission engine. Erlang is used to help them deliver real-time changes in response to market conditions.

What about massively multi-user online gaming? Nintendo’s Switch has sold over 34 million consoles; the system uses an Erlang based messaging system to handle millions of concurrent connections. Other popular gaming companies such as Riot Games, use Erlang too. League of Legends had up to 7.5 million concurrent players at a time, with an Erlang messaging system allowing them to all chat simultaneously, without interruptions.

Even one of the world’s most used online dating apps used Erlang. Grindr used Erlang in its stack to manage it’s 3.2 million daily active users to handle up to 2000 messages per second. Moving to the BEAM helped them maintain a reliable system with a minimal number of outages.

What’s in a Programming Language?

A programming language, no matter how good it is, is on its own only of limited use. Combine it with a powerful optimised runtime and middleware which abstracts the scalability and reliability of your system, your developers get the foundation of a very powerful ecosystem. The Erlang ecosystem is not just a programming language. It is a family of programming languages, a virtual machine as powerful as an operating system and a set of middleware libraries which abstracts many of the recurring (and tricky) problems you have to deal with when working with scale and resilience.

Screenshot-2019-08-07-at-08-01-13

The Language Itself

Let’s focus on the language itself. When we talk about the Erlang programming language, we mean the language semantics. Language semantics includes aspects taken from functional, logic and concurrent programming, providing a higher level of abstraction resulting in less code which is more expressive and easier to maintain. - ultimately reduces cost for a business.

The language semantics puts the concurrency model in its core, making processes the main building block. Processes provide a natural way to reason around the problem, facilitating the implementation of systems where a lot of things are happening at the same time. This is best described by Joe Armstrong’s tenets:

The world is concurrent.
Things in the world don’t share data.
Things communicate with messages.
Things fail.

Picture this model applied to us, humans. Humans are concurrent entities who do not share brains. They speak to each other through asynchronous messages, sometimes on top of each other. Humans receiving the message process them and store a copy of whatever they believe is relevant to them. And, sometimes, humans fail, but the ones around them continue with their assigned tasks whilst new humans are created, or the humans that failed are repaired. Now model this world in a programming language. It is as simple as that!

BT Mobile (formerly T-Mobile) in the UK uses this approach for many of their core systems. One of them is the Third-Party Gateway, a system written to handle all machine to human SMSs. This includes alert services such as traffic, financial and weather alerts, TV voting, competitions and reminders. Millions of messages are sent and received each day, with many spikes in traffic during TV votes and special promotions. Each SMS being sent or received is a process. The developer needs to reason around sending and receiving a single SMS, with scale handled through the creation of new processes.

Online betting is another industry with extreme spikes and loads to manage, a busy day for betting agencies is like Black Friday at Amazon, but the prices change every second. Many online betting companies, including bet365, use Erlang to manage 100’s of thousands of concurrent users.

Sometimes, I hear complaints that the Erlang way of thinking requires a serious mind shift. The problem is not the mind-shift; it is unlearning the unnatural models other programming languages have taught us and going back to basics using Joe’s tenents. If you understood them, understanding Erlang will be just as easy.

The OTP Middleware

OTP is a set of frameworks, principles, and patterns that guide and support the structure, design, implementation, and deployment of Erlang systems. The innovation in OTP which other languages are copying are the abstract principles used to describe the software architecture. Processes are given a design pattern such as servers, finite state machines, event handlers or supervisors, all packaged in reusable libraries. These libraries have built-in support for debugging, software upgrade and generic error handling. They also abstract and take care of all tricky edge cases which occur with concurrent programming, providing a solid and tried approach to problem-solving. It makes the code easier to understand and maintain, reduces maintenance costs and stops developers from reinventing a square wheel.

Motorola funded a study which involved rewriting a telecommunication system used by the emergency services from C++ to Erlang, focusing on productivity gains. Depending on how you calculated, the code reduction in the Erlang system achieved a result of 4-20 times less code. The 20 times reduction assumed the OTP libraries to be part of the Erlang standard libraries, which they are. As C++ did not have a generic OTP, the original project had to implement a good part of it. That seems to be the norm with any project dealing with concurrency at scale. The norm also being that this implementation is often bug-ridden.

Screenshot-2019-09-10-at-12-20-46

Development on the first OTP release was started alongside some of Ericsson’s major projects, including their broadband solutions and foray into packet-based switching. One of the first projects to use OTP was the AXD301 switch, an ATM switch which allowed generic networks to also be used for telephony. Telecom providers around the world, including BT’s 21st-century network, stopped routing calls through a dedicated network and instead, started routing them in a common backbone. Any long-distance calls you made in the UK were routed using Erlang through an AXD301 switch.

The productivity gains of 4 - 20 times less code are best visible with WhatsApp. When they got acquired by Facebook in 2014, they had 450 million active users, 70% of which were active on a daily basis. Their traffic record at the time was December 31st, 2013. In 24 hours, they sent 54 billion messages, twice the number of estimated SMSs sent that day. The engineering team consisted of 32 people, of which only ten worked on the server-side. The server-side team developed new features, maintained existing ones and supported the whole system. Basically, they were also the ones who got woken up in the middle of the night if something went wrong.

What the WhatsApp acquisition highlighted was how Erlang enhances programmer productivity and scalability on a very modest hardware footprint, and the low maintenance costs these systems entail. A small team was able to develop, support, maintain and scale a system with hundreds of millions of users, which has today scaled to billions.

Using OTP helps the developer avoid accidental complexities: things that are difficult because they picked inadequate tools. This, we know, always enhances productivity and reduces maintenance costs. But other problems remain difficult, irrespective of the programming tools and middleware. Those are the difficulties one should focus on.

The Virtual Machine

Erlang uses a Virtual Machine (VM) when executing code; an approach similar to NodeJS, Java and Ruby. Programs are compiled to low-level instructions called Byte Code. The BEAM is the most commonly used Erlang VM which executes this byte code. It can be seen as an operating system running in a container, a virtual instance, on another operating system or directly on the bare metal. The BEAM has, for the last two decades, been optimised and under heavy load rendered predictable for the types of problems Erlang is good at solving. It is capable of concurrently handling millions of processes, ensuring each process displays soft real-time properties and is fairly treated. Throughput remains constant irrespective of load. If your system handles 100,000 requests per second, it will take a second per request if 100,000 are being served simultaneously. If the number of requests increases to 200,000, throughput will remain the same, but latency will increase to 2 seconds. What is important is that all requests are served with no degradation of throughput, even when spikes happen. With many other Virtual Machines, an increase in requests often leads to a degradation of service, possibly grinding to a halt. Not with the BEAM, as it was built for scale.

As processes do not share memory, memory management is done on a per-process basis. Schedulers allow a process to execute a predefined number of instructions before suspending it, ensuring fair execution. If the process hadn’t completed its tasks, it will be scheduled to continue executing after all other processes have had their go. This will result in a constant execution time for all requests, unlike the Java Virtual Machine, where garbage collecting affects all requests going through the system at that particular point in time or NodeJS, where a request will execute until completion, blocking other requests on that thread until it is done. The RubyVM has not had decades of engineering resources put into it, and as a result, will not scale.

There are no other Virtual Machines around with the properties of the BEAM, making it unique in its capability to predictably handle massively concurrent spikes of traffic. It is not the fastest VM, but it is the most stable and predictable one. How do the advantages of using the BEAM apply in practice?

Imagine a VM handling a million TCP/IP connections, each managed by a process serving a customer, where load share and CPU allocation for each process is fair and constant. This equates to a predictable user-experience, where a million users can be served on a single instance. All the programmer has to worry about is developing code to handle a single user (a process), and the VM will automatically scale it to millions. And if a request fails because of corrupt data or a bug in the software, all other requests will continue executing independently of it, isolating the failure.

WhatsApp achieved 2 million TCP/IP connections (each managed by a process) on a single BEAM instance back in 2012, using the connections to serve messages and notifications whilst minimising its hardware footprint. This, in turn, greatly reduced their infrastructure costs and the size of the team needed to maintain it. Similar numbers were achieved using Elixir and the Phoenix framework in 2015. From messaging, vertical scalability on a single node we move to the web.

Bleacher Report, a news app and website focusing on sports, had a similar impact on operational and infrastructure costs when changing Virtual Machine. When they migrated from Ruby to the BEAM, they were able to reduce their hardware requirements from 150 servers to 5! And Quicken Loans launched a new mortgage offering with a Super Bowl ad, knowing with confidence that their servers would handle the traffic with ease. In fact, they had trouble load testing it with traditional tools, in the end, they needed to fall back to using Erlang to load test Erlang.

You can copy OTP and its libraries, but if it does not run on the BEAM, you can not emulate the semantics. This is why using OTP ported to .net or the JVM will not work. On the other hand, many languages are being ported to the BEAM VM, making full use of OTP, Elixir being the most popular. But let’s not forget Luerl, Lisp Flavoured Erlang, Efene and at least a dozen more.

Is it still a badly kept secret?

In this blog post, we are just scratching the surface. Many companies are using Erlang to power their server-side infrastructure. They are doing it to reduce development costs whilst ensuring their systems scale and are resilient. So resilient that their end-users, often focusing on the glitzy app or website, do not even know it is there. Isn’t it time you looked into Erlang as well?

if you’re part of the pack already using Erlang and would like to share your story, fill out this form.

Monitor your Erlang, Elixir and RabbitMQ systems

Are you currently using Erlang, Elixir or RabbitMQ in your stack? Get full visibility of your system with WombatOAM, find out more and get a free trial on our WombatOAM page.

MyTopdogStatus

Want to see more from our #MyTopdogStatus campaign? Check out our blog on which companies are using elixir, or head to our hub for videos, news from our team and more Erlang & Elixir news. Check it out now!

Be included in this blog

If you’re part of the pack already using Erlang and would like to share your story, fill out this form.

Hear it first

Many of these stories were shared first at Code Sync conferences. Find a conference near you and hear the latest Erlang success stories, directly from the teams involved.

Code BEAM - discover the future of the Erlang ecosystem

Our new online training

Blockchain and Smart Contracts

Permalink

The Best Code BEAM SF talks from the 2010s

Preparations for Code BEAM SF 2020 are well and truly underway. This year marks the 9th anniversary of the conference, meaning that Code BEAM has been bringing the best of the BEAM to the Bay Area for the best part of a decade. To whet for your appetite for this year’s event, and to say goodbye to the decade gone by, we thought it was a timely opportunity to look back at the talks that have made the biggest waves in the community every year since its launch in 2012. From the launch of Elixir to lessons from WhatsApp, we’ve got all the Major BEAM events covered. So sit back, relax and get excited with this comprehensive selection of top-class talks.

Highlights from Code BEAM SF 2019

Operable Erlang and Elixir by Fred Hebert

Successful systems grow, and as they grow, they become more complex. It’s not just the code that gets messier either; it is also the people who are part of the system who need to handle a growing level of complexity. In his talk, Fred Hebert explains why it is not enough to take a code-centric approach. Instead, he argues for a holistic approach to making Erlang and Elixir systems truly operator-friendly. This encompasses how our mental models work, what makes for best practice automation, and, what tools exist on the Erlang VM to help us deal with the unexpected. To learn more head to the page for Fred Hebert’s talk on the Code Sync website.

Announcing Broadway - keynote speech by José Valim

The development of Broadway was a significant step forward for Elixir in 2019. The protocol produced by Plataformatec streamlines data processing, making concurrent, multi-stage pipelines easier than ever. In his talk, José Valim explained how Broadway leverages GenStage to provide back-pressure and how Elixir depends on OTP for its famed fault-tolerance. Learn more about José’s talk at Code BEAM SF 2019 on the Code Sync website.

Highlights from Code BEAM SF 2018

The Forgotten Ideas in Computer Science - keynote speech by Joe Armstrong

Some things are just ahead of their time. In his 2018 keynote, Joe Armstrong looks at ideas from the early days of computing and reflects upon the good ideas that could be helpful to revisit and the bad ideas that we can still learn something from. This thought-provoking talk is one that still holds relevance today and is worth revisiting. Interested in what the forgotten ideas of computer science are? Learn more about Joe Armstrong’s talk at Code BEAM SF 2018.

A Reflection on Building the WhatsApp Server by Anton Lavrik

Whatsapp is arguably the BEAM’s most famous success story. In 2014, when Facebook purchased them, the stories of 10 server-side engineers managing a platform with 450 million active users, sending 54 billion messages a day were shared far and wide.
In his talk, Anton Lavrik described some of the tools they use for developing reliable and scalable servers in Erlang. The talk included tools that were not widely used at the time and methods that went against conventional Erlang practices. Want to find out what those tools and practices were? Learn more about Anton Lavrik’s talk at Code BEAM SF.

Highlights from Erlang Factory SF Bay Area 2017

Building a web app in Erlang by Garrett Smith

The long-held belief has been that Erlang is not suitable for web applications. The arrival of LiveView may have given Elixir the edge, but that doesn’t mean you can’t build web applications in Erlang. In this talk, Garrett Smith shows that Erlang can not only be used to build applications but, that it is actually great for it. The discussion is inspired by a presentation from Ian Bicking entitled “Building a Web Framework from Scratch”. It shows that web apps can be built without monolithic frameworks, starting with nothing and gradually adding functionality using abstractions that closely mirror the Web’s underlying protocols. This particular example may be built in Erlang, but the lessons and principles in the talk apply to developing web applications in general. Learn more about Garrett Smith’s talk at Erlang Factory 2017.

Highlights from Erlang Factory 2016

Why Functional Programming Matters, keynote speech by John Hughes

Nearly a decade before Erlang was released as open source; John Hughes published “Why Functional Programming Matters”, a manifesto for functional programming. In this talk, John takes a deep dive into the history of functional programming and explains why functional programming is more important than ever. Get a more detailed insight into John Hughes talk at Erlang Factory 2016.

Highlights from Erlang Factory 2015

Building And Releasing A Massively Multiplayer Online Game With Elixir by Jamie Winsor

The team from Undead Labs launched State of Decay to rave reviews, but they did have one piece of persistent criticism, ‘why was there no multiplayer option?’ To build the infrastructure to handle the massive scale of concurrent users required for massively multiplayer games online traditionally large engineering and support teams, as well as significant time and financial investment. In this talk, Jamie Winsor explains how they decided on Erlang as the right tool for the job to empower them to fast track their multiplayer offering without jeopardising company culture or their product. Learn more about Jamie Winsor’s talk at Erlang Factory 2015.

Highlights from Erlang Factory 2014

That’s 'Billion’ with a 'B’: Scaling to the Next Level at WhatsApp by Rick Reed

In 2014, Whatsapp was the toast of the tech community with its $19 billion sale to Facebook. The news came bought with it an influx of interest in Erlang, as people looked into how such an agile team of developers were able to build such a robust system. In this talk, Rick Reed explains how the team were able to meet the challenge of running hundreds of nodes, thousands of cores and hundreds of terabytes of RAM to scale and handle billions of users. Get more information on Rick Reed’s talk at Eralng Factory 2014.

Highlights from Erlang Factory 2013

The How and Why of Fitting Things Together by Joe Armstrong

Software is complex, and things get complicated when the parts don’t fit together. But how does this happen? And what can we do to prevent this happening? In his talk, Joe Armstrong answers these questions and explains where Erlang comes in to save the day. See the talk descriptions and more details about Joe’s talk from Erlang Factory 2013.

Highlights from Erlang Factory 2012

Scaling to Millions of Simultaneous Connections by Rick Reed

Just two years before they had to scale to billions, WhatsApp needed to figure out how to scale to millions. In this talk, Rick Reed explains how Erlang helps them meet the growing user-demand while continuing to keep a small server footprint. You can see more details from Rick Reed’s talk at Erlang Factory 2012 here.

Summary

For nearly a decade, Code BEAM SF has been the beacon of BEAM related news in the U.S.A. It provides a space for the Erlang and Elixir community to share great ideas, be inspired, connect and increase their knowledge base. As we enter a new decade, we are excited to see how these technologies will grow and become important players in growth sectors such as IoT, FinTech and machine learning. The first Code BEAM SF of the decade takes place in March, tickets are on sale now and you can see the full line up of speakers at codesync.global.

Optimising for Concurrency: Comparing and contrasting the BEAM and JVM virtual machines.

The success of any programming language in the Erlang ecosystem can be apportioned into three tightly coupled components. They are:
1) the semantics of the Erlang programming language, on top of which other languages are implemented
2) the OTP libraries and middleware used to architect scalable and resilient concurrent systems and
3) the BEAM Virtual Machine tightly coupled to the language semantics and OTP.

Take any one of these components on their own, and you have a runner up. But, put the three together, and you have the uncontested winner for scalable, resilient soft-real time systems. To quote Joe Armstrong, “You can copy the Erlang libraries, but if it does not run on BEAM, you can’t emulate the semantics”. This gets enforced by Robert Virding’s First Rule of Programming, which states that “Any sufficiently complicated concurrent program in another language contains an ad hoc informally-specified bug-ridden slow implementation of half of Erlang.”

In this post, we want to explore the BEAM VM internals. We will compare and contrast them with the JVM where applicable, highlighting why you should pay attention to them and care. For too long, this component has been treated as a black box and taken for granted, without understanding the reasons or implications. It is time to change that!

Highlights of the BEAM

Erlang and the BEAM VM were invented to be the right tool to solve a specific problem. They were developed by Ericsson to help implement telecom infrastructure handling both mobile and fixed networks. This infrastructure is highly concurrent and scalable in nature. It has to display soft real-time properties and may never fail. We don’t want our Hangouts calls on our mobile with our grandmothers dropped or our online gaming experience of Fortnite to be affected by system upgrades, high user load or software, hardware and network outages. The BEAM VM is optimised to solve many of these challenges by providing fine-tuned features which work on top of a predictable concurrent programming model.

Its secret sauce are light-weight processes which don’t share memory, managed by schedulers which can manage millions of them across multiple cores. It uses a garbage collector which runs on a per-process basis, highly optimized to reduce any impact on other processes. As a result, the garbage collectors do not impact the overall soft real time properties of the system. The BEAM is also the only widely used VM used at scale with a built-in distribution model which allows a program to run on multiple machines transparently.

Highlights of the JVM

The Java Virtual Machine (JVM) was developed by Sun Microsystem with the intent to provide a platform for ‘write once’ code that runs everywhere. They created an object oriented language similar to C++, but memory-safe because its runtime error detection checks array bounds and pointer dereferences. The JVM ecosystem became extremely popular with the Internet-era, making it the de-facto standard for enterprise server applications. The wide range of applicability was enabled by a virtual machine that caters for a wide range use cases, and an impressive set of libraries catering for enterprise development.

The JVM was designed with efficiency in mind. Most of its concepts are an abstraction of features found in popular operating systems such as the threading model which maps to operating system threads. The JVM is highly customisable, including the garbage collector (GC) and class loaders. Some state-of-the-art GC implementations provide highly tunable features catering for a programming model based on shared memory. The JVM allows you to change the code while the program is running. And, a JIT compiler allows byte code to be compiled to the native machine code with an intent to speed up parts of the application.

Concurrency in the Java world is mostly concerned with running applications in parallel threads, ensuring they are fast. Programming with concurrency primitives is a difficult task because of the challenges created by its shared memory model. To overcome these difficulties, there are attempts to simplify and unify the concurrent programming models, with the most successful attempt being the Akka framework.

Concurrency and Parallelism

We talk about parallel code execution if parts of the code are run at the same time on multiple cores, processors or computers, while concurrent programming refers to handling events arriving to the system independently. Concurrent execution can be simulated on single threaded hardware, while parallel execution cannot. Although this distinction may seem pedantic, the difference results in some very different problems to solve. Think of many cooks making a plate of Carbonara pasta. In the parallel approach, the tasks are split across the number of cooks available, and a single portion would be completed as quickly as it took these cooks to complete their specific tasks. In a concurrent world, you would get a portion for every cook, where each cook does all of the tasks. You use parallelism for speed and concurrency for scale.

Parallel execution tries to solve an optimal decomposition of the problem to parts that are independent of each other. Boil the water, get the pasta, mix the egg, fry the guanciale ham, grate the pecorino cheese¹. The shared data (or in our example, the serving dish) is handled by locks, mutexes and various other techniques to guarantee correctness. Another way to look at this is that the data (or ingredients) are present, and we want to utilise as many parallel CPU resources as possible to finish the job as quickly as possible.

Concurrent programming, on the other hand, deals with many events that arrive at the system at different times and tries to process all of them within a reasonable time. On multi-core or distributed architectures, some of the execution is run parallel, but this is not a requirement. Another way to look at it is that the same cook boils the water, gets the pasta, mixes the eggs and so on, following a sequential algorithm which is always the same. What changes across processes (or cooks) is the data (or ingredients) to work on, which exist in multiple instances.

The JVM is built for parallelism, the BEAM for concurrency. They are two intrinsically different problems, requiring different solutions.

The BEAM and Concurrency

The BEAM provides light-weight processes to give context to the running code. These processes, also called actors, don’t share memory, but communicate through message passing, copying data from one process to another. Message passing is a feature that the virtual machine implements through mailboxes owned by individual processes. The message passing is a non-blocking operation, which means that sending a message to another process is almost instantaneous and the execution of the sender is not blocked. The messages sent are in the form of immutable data, copied from the stack of the sending process to the mailbox of the receiving one. This is achieved without the need for locks and mutexes among the processes, only a lock on the mailbox in case multiple processes send a message to the same recipient in parallel.

The immutable data and the message passing enable the programmer to write processes which work independently of each other and focus on the functionality instead of the low-level management of the memory and scheduling of tasks. It turns out that this simple design not only works on a single thread, but also on multiple threads on a local machine running in the same VM and, using the built in distribution, across the network with a cluster of VMs and machines. If the messages are immutable between processes, they can be sent to another thread (or machine) without locks, scaling almost linearly on distributed, multi-core architectures. The processes are addressed in the same way on a local VM as in a cluster of VMs, message sending works transparently regardless of the location of the receiving process.

Processes do not share memory, allowing you to replicate your data for resilience and distribute it for scale. This means having two instances of the same process on two separate machines, sharing state updates among each other. If a machine fails, the other has a copy of the data and can continue handling the request, making the system fault tolerant. If both machines are operational, both processes can handle requests, giving you scalability. The BEAM provides the highly optimised primitives for all of this to work seamlessly, while OTP (the “standard library”) provides the higher level constructs to make the life of the programmers easy.

Akka does a great job at replicating the higher level constructs, but is somewhat limited by the lack of primitives provided by the JVM, allowing it to be highly optimised for concurrency. While the primitives of the JVM enable a wider range of use cases, they make programming distributed systems harder as they have no built in primitives for communication and are often based on a shared memory model. For example, where in a distributed system do you place your shared memory? And what is the cost of accessing it?

Scheduler

We mentioned that one of the strongest features of the BEAM is the ability to break a program into small, light-weight processes. Managing these processes is the task of the scheduler. Unlike the JVM, which maps its threads to OS threads and lets the operating system schedule them, the BEAM comes with its own scheduler.

The scheduler starts, by default, an OS thread for every core and optimises the workload between them. Each process consists of code to be executed and a state which changes over time. The scheduler picks the first process in the run queue that is ready to run, gives it a certain amount of reductions to execute, where each reduction is the rough equivalent of a command. Once the process has either run out of reductions, is blocked by I/O, is waiting for a message or completes executing its code, the scheduler picks the next process in the run queue and dispatches it. This scheduling technique is called pre-emptive.

We mentioned the Akka framework many times, as its biggest drawback is the need to annotate the code with scheduling points, as the scheduling is not done at the JVM level. By removing the control from the hands of the programmer, soft real time properties are preserved and guaranteed, as there is no risk of them accidentally causing process starvation.

The processes can be spread around the available scheduler threads and maximise CPU utilisation. There are many ways to tweak the scheduler but it is rare and needed only for edge and borderline cases, as the default options cover most usage patterns.

There is a sensitive topic that frequently pops up regarding schedulers: how to handle Natively Implemented Functions (NIFs). A NIF is a code snippet written in C, compiled as a library and run in the same memory space as the BEAM for speed. The problem with NIFs is that they are not pre-emptive, and can affect the schedulers. In recent BEAM versions, a new feature, dirty schedulers, was added to give better control for NIFs. Dirty schedulers are separate schedulers that run in different threads to minimise the interruption a NIF can cause in a system. The word dirty refers to the nature of the code that is run by these schedulers.

Garbage Collector

Modern, high level programming languages today mostly use a garbage collector for memory management. The BEAM languages are no exception. Trusting the virtual machine to handle the resources and manage the memory is very handy when you want to write high level concurrent code, as it simplifies the task. The underlying implementation of the garbage collector is fairly straightforward and efficient, thanks to the memory model based on immutable state. Data is copied, not mutated and the fact that processes do not share memory removes any process interdependencies, which, as a result, do not need to be managed.

Another feature of the BEAM is that garbage collection is run only when needed, on a per process basis, without affecting other processes waiting in the run queue. As a result, the garbage collection in Erlang does not ‘stop-the-world’. It prevents processing latency spikes, because the VM is never stopped as a whole - only specific processes are, and never all of them at the same time. In practice, it is just part of what a process does and treated as another reduction. The garbage collector collecting process suspends the process for a very short interval, often microseconds. As a result, there will be many small bursts, triggered only when the process needs more memory. A single process usually doesn’t allocate large amounts of memory, and is often short lived, further reducing the impact by immediately freeing up all its allocated memory on termination. A feature of the JVM is the ability to swap garbage collectors, so by using a commercial GC, it is also possible to achieve non-stopping GC in the JVM.

The features of the garbage collector are discussed in an excellent blog post by Lukas Larsson. There are many intricate details, but it is optimised to handle immutable data in an efficient way, dividing the data between the stack and the heap for each process. The best approach is to do the majority of the work in short lived processes.

A question that often comes up on this topic is how much memory the BEAM uses. Under the hood the VM allocates big chunks of memory and uses custom allocators to store the data efficiently and minimise the overhead of system calls. This has two visible effects:
1) The used memory decreases gradually after the space is not needed
2) Reallocating huge amounts of data might mean doubling the current working memory.

The first effect can, if really necessary, be mitigated by tweaking the allocator strategies. The second one is easy to monitor and plan for if you have visibility of the different types of memory usage. (One such monitoring tool that provides system metrics out of the box is WombatOAM).

Hot Code Loading

Hot code loading is probably the most cited unique feature of the BEAM. Hot code loading means that the application logic can be updated by changing the runnable code in the system whilst retaining the internal process state. This is achieved by replacing the loaded BEAM files and instructing the VM to replace the references of the code in the running processes.

It is a crucial feature for no downtime code upgrades for telecom infrastructure, where redundant hardware was put to use to handle spikes. Nowadays, in the era of containerization, other techniques are also used for production updates. Those who have never used it dismiss it as a less important feature, but it is none-the-less useful in the development workflow. Developers can iterate faster by replacing part of their code without having to restart the system to test it. Even if the application is not designed to be upgradable in production, this can reduce the time needed for recompilation and redeployments.

When not to use the BEAM

It is very much about the right tool for the job. You need a system to be extremely fast, but are not concerned about concurrency? Handling a few events in parallel, and having to handle them fast? Need to crunch numbers for Graphics, AI or analytics? Go down the C++, Python or Java route. Telecom infrastructure does not need fast operations on floats, so speed was never a priority. Aided with dynamic typing, which has to do all type checks at runtime means compiler time optimizations are not as trivial. So number crunching is best left to the JVM, Go or other languages which compile to native. It is no surprise that floating point operations on Erjang, the version of Erlang running on the JVM, was 5000% faster than the BEAM. But where we’ve seen the BEAM shine is using its concurrency to orchestrate number crunching, outsourcing the analytics to C, Julia, Python or Rust. You do the map outside the BEAM and the reduce within the BEAM.

The mantra has always been fast enough. It takes a few hundred milliseconds for humans to perceive a stimulus (an event) and process it in their brain, meaning that micro or nano second response time is not necessary for many applications. Nor would you use the BEAM for microcontrollers, it is too resource hungry. But for embedded systems with a bit more processing power, where multi-core is becoming the norm, you need concurrency, and the BEAM shines. Back in the 90s, we were implementing telephony switches handling tens of thousands of subscribers running in embedded boards with 16mb of memory. How much memory does a RaspberryPi have these days? And finally, hard real time systems. You would probably not want the BEAM to manage your airbag control system. You need hard guarantees, something only a hard real time OS and a language with no garbage collection or exceptions. An implementation of an Erlang VM running on the bare metal such as GRiSP will give you similar guarantees.

Conclusion

Use the right tool for the job. If you are writing a soft real time system which has to scale out of the box and never fail, and do so without the hassle of having to reinvent the wheel, the BEAM is the battle proven technology you are looking for. For many, it works as a black box. Not knowing how it works would be analogous to driving a Ferrari and not being capable of achieving optimal performance or not understanding what part of the motor that strange sound is coming from. This is why you should learn more about the BEAM, understand its internals and be ready to finetune and fix it. For those who have used Erlang and Elixir in anger, we have launched a one day instructor-led course which will demystify and explain a lot of what you saw whilst preparing you to handle massive concurrency at scale. The course is available through our new instructor lead remote training, learn more here. We also recommend The BEAM book by Erik Stenman and the BEAM Wisdoms, a collection of articles by Dmytro Lytovchenko.

How to use web scraping in Elixir to gather useful data | Erlang Solutions Webinar

Permalink

Inclusiveness in Language for Outsiders Looking In

Permalink

Operating systems via development

2020-06-24

About two years ago I decided to add HTTPS support to this site, using automatic certification via Let’s Encrypt. All the articles on the subject relied on a tool called certbot. A couple of variations were mentioned, some requiring the tool to run while the site is down, others using nginx + certbot combination. It seemed that installing and running some additional external tool(s) in production was mandatory.

At that point The Erlangelist was a standalone Elixir-powered system which required no external program. It seemed that now I have to start worrying about setting up additional services and interact with them using their custom DSLs. This would complicate operations, and create a disconnect between production and development. Any changes to the certification configuration would need to be tested directly in production, or alternatively I’d have to setup a staging server. Either way, testing of certification would be done manually.

Unhappy with this state I started the work on site_encrypt, a library which takes a different approach to automatic certification:

site_encrypt is a library dependency, not an external tool. You’re not required to install any OS-level package to use it.
The certification process and periodical renewal are running in the same OS process as the rest of the system. No other OS processes need to be started.
Everything is configured in the same project where the system is implemented.
Interaction with site_encrypt is done via Elixir functions and data. No yaml, ini, json, or other kind of DSL is required.
It’s trivial to run the certification locally, which reduces the differences between prod and local dev.
The support for automatic testing of the certification is provided. There’s no need to setup staging machines, or make changes directly on the production system.

This is an example of what I call “integrated operations”. Instead of being spread across a bunch of yamls, inis, jsons, and bash scripts, somehow all glued together at the OS-level, most of the operations is done in development, i.e. the same place where the rest of the system is implemented, using the same language. Such approach significantly reduces the technical complexity of the system. The Erlangelist is mostly implemented in Elixir, with only a few administrative tasks, such as installation of OS packages, users creation, port forwarding rules, and similar provisioning tasks being done outside of Elixir.

This also simplifies local development. The instructions to start the system locally are very simple:

Install build tools (Elixir, Erlang, nodejs)
Fetch dependencies
Invoke a single command to start the system

The locally started system will be extremely close to the production version. There is almost nothing of significance running on production which is not running locally. The only two differences of note I can think of are:

Ports 80/443 are forwarded in prod
The prod version uses Lets Encrypt for certification, while the local version uses a local CA server (more on this later).

Now, this may not sound like much for a simple blog host, but behind the scene The Erlangelist is a bit more than a simple request responder:

The Erlangelist system runs two separate web servers. The public facing server is the one you use to read this article. Another internal server uses the Phoenix Live Dashboard to expose some metrics.
A small hand-made database is running which collects, aggregates, and persists the reading stats, periodically removing older stats from the disk.
The system periodically renews the certificate.
Locally and on CI, another web server which acts as a local certificate authority (CA) is running.

In other words, The Erlangelist is more than just a blog, a site, a server, or an app. It’s a system consisting of multiple activities which collectively work together to support the full end-user service, as well as the operational aspects of the system. All of these activities are running concurrently. They don’t block each other, or crash each other. The system utilizes all CPU cores of its host machine. For more details on how this works take a look at my talk The soul of Erlang and Elixir.

Let’s take a closer look at site_encrypt.

Certification

Let’s Encrypt supports automatic certification via the ACME (Automatic Certificate Management Environment) protocol. This protocol describes the conversation between the client, which is a system wanting to obtain the certificate for some domain, and the server, which is the certificate authority (CA) that can create such certificate. In ACME conversation, our system asks the CA to provide the certificate for some domain, and the CA asks us to prove that we’re the owners of that domain. The CA gives us some random bytes, and then makes a request at our domain, expecting to get those same bytes in return. This is also called a challenge. If we successfully respond to the challenge, the CA will create the certificate for us. The real story is of course more involved, but this simplified version hopefully gives you the basic idea.

This conversation is an activity of the system. It’s a job which needs to be occasionally done to allow the system to provide the full service. If we don’t do the certification, we don’t have a valid certificate, and most people won’t use the site. Likewise, if I decide to shut the site down, the certification serves no purpose anymore.

In such situations my preferred approach is to run this activity together with the rest of the system. The less fragmented the system is, the easier it is to manage. Running some part of the system externally is fine if there are stronger reasons, but I don’t see such reasons in this simple scenario.

site_encrypt makes this task straightforward. Add a library dep, fill in some blanks, and you’re good to go. The certification configuration is provided by defining the certification function:

def certification do
  SiteEncrypt.configure(
    client: :native,
    domains: ["mysite.com", "www.mysite.com"],
    emails: ["contact@mysite.com", "another_contact@mysite.com"],
    db_folder: "/folder/where/site_encrypt/stores/files",
    directory_url: directory_url(),
  )
end

This code looks pretty declarative, but it is executable code, not just a collection of facts. And that means that we have a lot of flexibility to shape the configuration data however we want. For example, if we want to make the certification parameters configurable by the system operator, say via a yaml file, nothing stops us from invoking load_configuration_from_yaml() instead of hardcoding the data. Say we want to make only some parameters configurable (e.g. domains and email), while leaving the rest hardcoded. We can simply do Keyword.merge(load_some_params_from_yaml(), hardcoded_data). Supporting other kinds of config sources, like etcd or a database, is equally straightforward. You can always build declarative on top of imperative, while the opposite will require some imagination and trickery, such as running external configuration generators, and good luck managing that in production :-)

It’s also worth mentioning that site_encrypt internally ships with two lower-level modules, a sort of plumbing to this porcelain. There is a mid-level module which provides workflow-related operations, such as “create an account”, or “perform the certification”, and a lower-level module which provides basic ACME client operations. These modules can be used when you want a finer grained control over the certification process.

Reducing the dev-production mismatch

There’s one interesting thing happening in the configuration presented earlier:

def certification do
  SiteEncrypt.configure(
    # ...
    directory_url: directory_url(),
  )
end

The directory_url property defines the CA where site_encrypt will obtain the certificate. Instead of hardcoding this url, we’re invoking a function to compute it. This happens because we need to use different urls for production vs staging vs local development. Let’s take a look:

defp directory_url do
  case System.get_env("MODE", "local") do
    "production" -> "https://acme-v02.api.letsencrypt.org/directory"
    "staging" -> "https://acme-staging-v02.api.letsencrypt.org/directory"
    "local" -> {:internal, port: 4002}
  end
end

Here, we’re distinguishing production from staging from development based on the MODE OS env (easily replaceable with other source, owing to programmable API). If the env is not provided, we’ll assume that the system running locally.

On a production machine, we go to the real CA, while for staging we’ll use Let’s Encrypt staging site. But what about the {:internal, port: 4002} thing which we use in local development? If we pass this particular shape of data to site_encrypt, an internal ACME server will be started on the given port, a sort of a local mock of Let’s Encrypt. This server is running inside the same same OS process as the rest of the system.

So locally, site_encrypt will start a mock of Let’s Encrypt, and it will use that mock to obtain the certificate. In other words, locally the system will certify itself. Here’s an example of this in action on a local version of The Erlangelist:

$ iex -S mix phx.server

[info]  Running ErlangelistWeb.Blog.Endpoint at 0.0.0.0:20080 (http)
[info]  Running ErlangelistWeb.Blog.Endpoint at 0.0.0.0:20443 (https)
[info]  Running local ACME server at port 20081
[info]  Creating new ACME account for domain theerlangelist.com
[info]  Ordering a new certificate for domain theerlangelist.com
[info]  New certificate for domain theerlangelist.com obtained
[info]  Certificate successfully obtained!

Testability

Since local Erlangelist behaves exactly as the real one, we can test more of the system behaviour. For example, even on the local version HTTP requests are redirected to HTTPS. Here’s a test verifying this:

test "http requests are redirected to https" do
  assert redirected_to(Client.get("http://localhost/"), 301) ==
    "https://localhost/"
end

Likewise, redirection to www can also be tested:

test "theerlangelist.com is redirected to www.theerlangelist.com" do
  assert redirected_to(Client.get("https://theerlangelist.com/"), 301)
    == "https://www.theerlangelist.com/"
end

In contrast, external proxy rules, such as those defined in Nginx configuration are typically not tested, which means that some change in configuration might break something else in a way which is not obvious to the operator.

In addition, site_encrypt ships with a small helper for testing the certification. Here’s the relevant test:

test "certification" do
  clean_restart(ErlangelistWeb.Blog.Endpoint)
  cert = get_cert(ErlangelistWeb.Blog.Endpoint)
  assert cert.domains == ~w/theerlangelist.com www.theerlangelist.com/
end

During this test, the blog endpoint (i.e. the blog web server) will be restarted, with all previously existing certificates removed. During the restart, the endpoint will be certified via the local ACME server. This certification will go through the whole process, with no mocking (save for the fact that a local CA is used). HTTP requests will be made, some keys will be generated, the system will call CA, which will then concurrently make a request to the system, and ultimately the certificate will be obtained.

Once that’s all finished, the invocation of get_cert will establish an ssl connection to the blog server and fetch the certificate of the peer. Then we can assert the expected properties of the certificate.

Having such tests significantly increases my confidence in the system. Of course, there’s always a chance of something going wrong in production (e.g. if DNS isn’t correctly configured, and Let’s Encrypt can’t reach my site), but the possibility of errors is reduced, not only because of the tests, but also because a compiled language is used. For example, if I make a syntax error while changing the configuration, the code won’t even compile, let alone make it to production. If I make a typo, e.g. by specifying theerlangelist.org instead of theerlangelist.com, the certification test will fail. In contrast, external configurations are much harder to test, and so they typically end up being manually verified on staging, or in some cases only in production.

More automation

Beyond just obtaining the certificate, site_encrypt will periodically renew it. A periodic job is executed three times a day. This job checks the expiry date of the certificate, and starts the renewal process if the certificate is about to expire in 30 days. In addition, every time a certificate is obtained, site_encrypt can optionally generate a backup of its data. When the system is starting, if the site_encrypt database folder isn’t present and the backup file exists, site_encrypt will automatically restore the database from the backup.

As a user of site_encrypt you have to do zero work to make this happen, which significantly reduces the amount of operational work required, bringing the bulk of it to the regular development.

For more elaborate backup scenarios, site_encrypt provides a callback hook. In your endpoint module you can define the function which is invoked after the certificate is obtained. You can use this function to e.g. store the cert in an arbitrary secure storage of your choice. Notice how this becomes a part of the regular system codebase, which is the most convenient and logical place to express such task. The fact that this is running together with the rest of the system, also means it’s testable. Testing that the new certificate is correctly stored to desired storage is straightforward.

Tight integration

Since it runs in the same OS process, and is powered by the same language, site_encrypt can integrate much better with its client, which leads to some nice benefits. I mentioned earlier that certification is a conversation between our system and the CA server. Now, when we’re using the certbot tool, this dialogue turns into a three-party conversation. Instead of our system asking for the certificate, we ask certbot to do this on our behalf. However, the CA verification request (aka challenge) needs to be served by our site. Now, since certbot is an external tool, it treats our site as an opaque box. As a result, certbot doesn’t know when we responded to the CA challenge, and so it has to be a bit more conservative. Namely, certbot will sleep for about three seconds before it starts polling CA to see if the challenge has been answered.

The native Elixir ACME client runs in the same OS process, and so it can integrate much better. The ACME client is informed by the challenge handler that the challenge is fulfilled, and so it can use a much shorter delay to start polling the CA. In production this optimization isn’t particularly relevant, but on local dev, and especially in tests the difference becomes significant. The certification test via certbot takes about 6 seconds on my machine. The same test via the native client is about 800ms.

This tight integration offers some other interesting possibilities. With a bit of changes to the API, site_encrypt could support arbitrary storage for its database. It could also support coordination between multiple nodes, making it possible to implement a distributed certification, where an arbitrary node in the cluster initiates the certification, while any other node can successfully respond to the challenge, including even the nodes which came online after the challenge has been started.

Operations

With the bulk of the system behaviour described in Elixir code, the remaining operational tasks done outside of Elixir are exclusively related to preparing the machine to run the Erlangelist. These tasks involve creating necessary accounts, creating the folder structure, installing required OS packages (essentially just Docker is needed), and setting up a single systemd unit for starting the container.

The production is dockerized, but the production docker image is very lightweight:

FROM alpine:3.11 as site

RUN apk --no-cache upgrade && apk add --no-cache ncurses

COPY --from=builder /opt/app/site/_build/prod/rel/erlangelist /erlangelist

VOLUME /erlangelist/lib/erlangelist-0.0.1/priv/db
VOLUME /erlangelist/lib/erlangelist-0.0.1/priv/backup

WORKDIR /erlangelist
ENTRYPOINT ["/erlangelist/bin/erlangelist"]

The key part is the COPY instruction which adds the built release of the system to the image. This release will contain all the compiled binaries, as well as a minimal Erlang runtime system, and is therefore pretty much self-contained, requiring only one small OS-level package to be installed.

Final thoughts

Some might argue that using certbot with optionally Nginx or Caddy is simple enough, and I wouldn’t completely disagree. It’s perfectly valid to reach for external products to solve a technical challenge not related to the business domain. Such products can help us solve our problem quickly and focus on our core challenges. On the other hand, I feel that we should be more critical of the problems introduced by such products. As I’ve tried to show in this simple example, the integrated operations approach reduces the amount of moving parts and technologies used, bridges the gap between production and development, and improves the testability of the system. The implementation is simpler and at the same time more flexible, since the tool is driven by functions and data.

For this approach to work, you need a runtime that supports managing multiple system activities. BEAM, the runtime of Erlang and Elixir, makes this possible. For example, in many cases serving traffic directly with Phoenix, without having a reverse proxy in front of it, will work just fine. Features such as ETS tables or GenServer will reduce the need for tools like Redis. Running periodic jobs, regulating load, rate-limiting, pipeline processing, can all be done directly from Elixir, without requiring any external product.

Of course, there will always be cases where external tools will make more sense. But there will also be many cases where integrated approach will work just fine, especially in smaller systems not operating at the level of scale or complexity of Netflix, Twitter, Facebook, and similar. Having both options available would allow us to start with simple and move to an external tool only in more complicated scenarios.

This is the reason why I started the work on site_encrypt. The library is still incomplete and probably buggy, but these are issues that can be fixed with time and effort :-) I believe that the benefits of this approach are worth the effort, so I’ll continue the work on the library. I’d like to see more of such libraries appearing, giving us simpler options for challenges such as load balancing, proxying, or persistence. As long as there are technical challenges where running an external product is the only option, there is opportunity for simplification, and it’s up to us, the developers, to make that happen.

Copyright 2020, Saša Jurić. This article is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
The article was first published on The Erlangelist site.
The source of the article can be found here.

Permalink

Elixir at fintech with Brex

Welcome to our series of case studies about companies using Elixir in production. We are glad to invite Brex as our first case.

Brex is reimagining financial systems so every growing company can realize their full potential. New customers can get up and running in minutes with corporate credit cards and cash management in a single, strategic account. Launched in June 2018, Brex earned a $1.1 billion valuation with the announcement of their Series C round. By now, Brex is valued at $2.6 billion, with Elixir at the core of their technology stack. Approximately 90% of Brex’s backend codebase is written in Elixir.

Brex website

Why Elixir?

Brex aims to build the next generation of B2B financial services without the restrictions of legacy technology. They choose Elixir and the Erlang VM from day one as their primary technologies.

Thomas Césaré-Herriau, a Lead Engineer at Brex, has recently helped us address the reasons behind this choice: “The reliability and fault tolerance aspects of the Erlang VM are extremely appealing for building financial services. Elixir runs on the same VM, and it provides great onboarding and learning experiences to the platform, which makes Elixir a solid bet for a company like Brex.”

An evolving architecture

Brex architecture is made of approximately 40 microservices running on Kubernetes. There is a front-end application, implemented with Phoenix and Absinthe, that interacts with those services.

Synchronous communication is done via gRPC, and Apache Kafka is used for asynchronous messages and broadcasts. However, they did not arrive at this architecture overnight, and they had many learning moments along the way.

One of their early lessons relates to the applicability of Erlang’s RPC infrastructure. Although Erlang does provide RPC out-of-the-box, Erlang’s built-in clustering establishes a full mesh cluster. This setup is well suited for running homogenous instances, where all nodes run the same code, but it is a bad fit when building isolated microservices. The Brex team also wanted to plan for a future where they may communicate between services implemented in different languages. These requirements led them to explore more widely adopted RPC mechanisms, eventually settling on gRPC.

Brex was also one of the early adopters of gRPC in the ecosystem, which meant they had to tread through uncharted waters here and there. Nowadays, they have a well-defined set of guidelines and practices that go hand in hand with how they were able to scale the company and their Elixir teams.

Growing the team

When Thomas joined the team, back in April 2018, there were only three backend engineers in their San Francisco office. Now, two years later, Brex has more than 100 engineers —most of them programming in Elixir— with additional offices in New York, Vancouver, and Salt Lake City.

Despite the fact that Elixir is a relatively niche language, new hires that never had contact with Elixir before are productive within three weeks

– Pedro Franceschi, Brex's co-founder

Pedro Franceschi, Brex’s co-founder, wrote about their experience when onboarding new engineers: “Despite the fact that Elixir is a relatively niche language, new hires that never had contact with Elixir before are productive within three weeks. There are a decent amount of books/documentation available on the language that accelerate the ramp-up process.”

Thomas echoed similar tones: “Getting started with Elixir is quick, but mastering Erlang/OTP takes a while.” At the same time, he recognizes many frameworks available in the community, and the ones they have built internally, abstract away the concurrency and fault-tolerance concerns, allowing developers to ship reliable services rapidly.

Such quick growth comes with its challenges. Brex codebase started as an umbrella project, which is an Elixir feature for managing multiple applications in the same repository, but Thomas believes they have outgrown its capabilities. Now they’re slowly breaking their umbrella project into individual Elixir applications. All projects still belong to a single repository (a mono-repo), which has also grown to include other languages.

The future ahead

As Brex grows, they want to make sure Elixir’s adoption will scale alongside their team. As Pedro noted back in 2018, “The lack of a type system makes large-scale refactoring harder, and therefore would be a great addition to the Elixir ecosystem.”

With this in mind, Brex decided to join many other companies directly investing in Elixir’s future. They hired Eric Meadows-Jönsson, from the Elixir Core Team and Hex.pm creator, to work on Elixir and increase the amount of static checks done by the compiler. Eric concluded, “The Elixir team has been consistently improving the compiler towards this direction over the years. We introduced cross-reference checking and undefined function warnings back in Elixir v1.3. Since then many other warnings and checks were added. Elixir v1.10 introduced compilation tracers, which allows the community to listen to the compiler and run their own checks. Now we are working towards leveraging existing constructs —such as patterns, guards, and data-constructors— to execute more static checks without requiring explicit developer input.”

Permalink

Authentication in Elixir Web Applications with Ueberauth and Guardian: Part 4

In the previous posts in this series we walked through:

In this post we are going to expand upon that base to allow users to create an account or log in to an existing account using OAuth providers such as Google or Twitter.

OAuth providers

A detailed explanation of OAuth is outside the scope of this blog post. If you’re not familiar with OAuth, this video is a good brief introduction. It will be helpful, however, to explore how OAuth works in the context of using it to log in to accounts in our application. In the case of using an email address and password, our application, Yauth, assumed two responsibilities:

establishing the identity of our users by receiving and storing emails and passwords upon account registration; and
verifying the identity of users by challenging them to produce the correct email and password combination on subsequent attempts to log in to an account.

Our application can, however, offload one or both of those responsibilities to OAuth providers with which we can integrate.

Our users may have already established their identity and the credentials needed to prove that identity with OAuth providers like Google, Twitter, Facebook, etc. Yauth can register with those providers as an application that would like to allow users access via the identity and credentials they manage. When we register Yauth with the provider, the provider gives us a client id and client secret and we give them a callback URL to our application. Yauth can use that information to create a link on Yauth pages. When our user clicks that link, they are redirected to the OAuth provider’s login page (i.e. their identity challenge). When the user completes the identity challenge (e.g. providing their user name and password for that provider), that information is submitted to the OAuth provider’s server. The OAuth server then redirects the user to the callback URL that Yauth provided with the result of the identity challenge. When Yauth receives that data, it creates an account and logs in upon success or displays an error message if the challenge failed.

By using OAuth providers, Yauth can accept the identity information for the user from those providers and allow them to manage user authentication. This provides flexibility for our users, some of whom may not want another password to manage, and could free us from managing passwords, password resets, etc. if we wanted to use OAuth exclusively.

Implementing OAuth log in

We will use Google as our example OAuth provider for this post. The first step will be to create a project with Google and set up credentials for an OAuth client. Walking through that process step-by-step will make this post too long but following “Step 1” in these instructions should get you where you need to be to follow along.

Once we have registered with Google as an OAuth client, we need to implement registration and log in to Yauth using Google. In an earlier post, we described Ueberauth and used the Ueberauth Identity strategy to help us with email/password registration and log in. Here we’ll use the Ueberauth Google strategy.

To get started, we need to add the Ueberauth Google Strategy package to our project.

# mix.exs
defmodule Yauth.MixProject do
  # ...
  defp deps do
    [
      # ...
      {:ueberauth, "~> 0.6"},
      {:ueberauth_google, "~> 0.8"},
      # ...
    ]
  end

  # ...
end

mix deps.get

In our previous post we configured Ueberauth for the Identity strategy. Now we need to provide some configuration for the Google strategy.

# config/config.exs
config :ueberauth, Ueberauth,
  providers: [
    google: {Ueberauth.Strategy.Google, []},
    # ...
  ]

config :ueberauth, Ueberauth.Strategy.Google.OAuth,
  client_id: System.get_env("GOOGLE_CLIENT_ID"),
  client_secret: System.get_env("GOOGLE_CLIENT_SECRET")

The first configuration tells ueberauth which providers we intend to use in the application and the module that implements the strategy behavior for that provider. The second configuration provides the client id and secret for the Google strategy we intend to use in the form of environment variables. These values are available from the Google Developer Console where you set up your application. Remember to export those values in your shell before starting your Phoenix server.

Routes

As you may recall from our previous discussion, Ueberauth uses a “two-phase” approach to authentication. The first phase presents an authentication challenge to the user. The second phase handles the data provided in that challenge. To accomplish this with OAuth providers, we need to provide routes by which users access this functionality.

# lib/yauth_web/router.ex
defmodule YauthWeb.Router do
  # ...

  scope "/auth", YauthWeb do
    pipe_through [:browser, :guardian]

    get "/:provider", AuthController, :request
    get "/:provider/callback", AuthController, :callback
  end
end

The Ueberauth package expects routes to be prefixed with a certain path before the OAuth provider name. The default option is “/auth”, which works for our application, but another path could be used by adding the :base_path option in the ueberauth configuration in your config/config.exs file. We accomplish that by placing these routes in the scope "/auth" ... block.

With the routes in place, we need to provide the controller. Here are the module and function signatures for that controller that we’ll walk through together.

# lib/yauth_web/controllers/auth_controller.ex
defmodule YauthWeb.AuthController do
  use YauthWeb, :controller
  plug Ueberauth

  def request(conn, _params) do
    # Present an authentication challenge to the user
  end

  def callback(%{assigns: %{ueberauth_auth: auth_data}} = conn, _params) do
    # Find the account if it exists or create it if it doesn't
  end

  def callback(%{assigns: %{ueberauth_failure: _}} = conn, _params) do
    # Tell the user something went wrong
  end
end

Authentication challenge

The function AuthController.request/2 exists to provide the authentication challenge to the user. As we are not presenting an authentication challenge (i.e. a form for the user to complete) to the user at this route, we don’t actually need to implement or even define this function. Why not? At the top of the controller we call plug Ueberauth. In the event that the request is for a configured OAuth provider, this plug redirects the request to that OAuth provider’s authentication challenge page in place of any function call within the Yauth controller.

In other words, our Google button on our login and registration pages has the route /auth/google that our Router directs to AuthController.request/2. When the user clicks on that button, the request is directed to the AuthController that first passes it through the Ueberauth plug. That plug sees the request is for a configured OAuth provider and redirects the request to the provider’s URL, circumventing a call to the request/2 function. Our final implementation won’t have this function signature but I wanted to explain why it will be absent as it can be puzzling to see it in the Router but missing in the controller. If we wanted, we could also move all of the handling for the identity strategy out of the RegistrationController and SessionController into the AuthController, which would require implementing request/2 to present the identity authentication challenge, but we’ll leave that as is for now.

Authentication verification

The AuthController.callback/2 is the function registered with our OAuth providers and handles the incoming request from the provider after their authentication challenge has been completed. When the user provides the Google credentials at the Google page, Google sends the requested data to the route handled by this function.

The Ueberauth plug enters the picture in this case as well. That plug calls functions provided by the Ueberauth strategy implementation—Ueberauth.Strategy.Google in our case—that extract the expected data from the incoming request. That extracted data is added to the Plug.Conn assigns where our controller can easily access it. As you can see in the two function heads above, this will assign either the key :ueberauth_auth in the event of success or :ueberauth_failure in the event of failure.

We’re now in a position to fill in the implementation of the callback/2 function. In a successful request we receive the email address of the user and want to do two things. First, we want to see if an account exists with that email address already, either through a previous registration via email address and password or a previous OAuth login. If the account exists, we want to log in the account and redirect them to their profile page. Second, if an account does not exist we want to register and log in an account.¹

As we’ve done in the past, let’s write the code we wish we had and fill in the details as we go.

# lib/yauth_web/controllers/auth_controller.ex
defmodule YauthWeb.AuthController do
  # ...
  alias Yauth.Accounts
  alias YauthWeb.Authentication

  def callback(%{assigns: %{ueberauth_auth: auth_data}} = conn, _params) do
    case Accounts.get_or_register(auth_data) do
      {:ok, account} ->
        conn
        |> Authentication.log_in(account)
        |> redirect(to: Routes.profile_path(conn, :show))

      {:error, _error_changeset} ->
        conn
        |> put_flash(:error, "Authentication failed.")
        |> redirect(to: Routes.registration_path(conn, :new))
    end
  end

  # ...
end

When we successfully receive data from the OAuth provider (as indicated by the :ueberauth_auth key), we pass that data to the get_or_register/1 function on the Accounts context. The controller expects an :ok tuple with the account (either loaded from the database or newly created) or an :error tuple. If we receive the :ok tuple, we use the log_in/2 function we introduced in our prior post on registering with an email and password. Finally, we redirect the user to their profile page. If we receive the :error tuple, we redirect to the registration page with a message telling the user their authentication failed.

We also need to handle a failure from the OAuth provider (as indicated by the :ueberauth_failure key). We can handle that situation with a second head of the callback/2 function.

# lib/yauth_web/controllers/auth_controller.ex
defmodule YauthWeb.AuthController do
  # ...
  def callback(%{assigns: %{ueberauth_failure: _}} = conn, _params) do
    conn
    |> put_flash(:error, "Authentication failed.")
    |> redirect(to: Routes.registration_path(conn, :new))
  end
end

This is a simple function that adds a flash message and redirects to the registration page.

With those in place we need to add the functions to our Accounts context that are called by our controller.

# lib/yauth/accounts.ex
defmodule Yauth.Accounts do
  # ...
  def get_or_register(%Ueberauth.Auth{info: %{email: email}} = params) do
    if account = get_by_email(email) do
      {:ok, account}
    else
      register(params)
    end
  end
  # ...

This function accepts the Ueberauth struct containing our user’s information from the OAuth provider. We pattern match on that struct to get the email address of the user and pass that to our existing get_by_email/1 function. That function returns either an account or nil. If an account is returned we wrap it in an {:ok, account} tuple. Otherwise we call through to the existing register/1 function with the Ueberauth struct. Our register/1 function, however, will need to handle the Google data as well as the identity data we established in our previous post. Ueberauth adds the provider to its data struct so we can pattern match on that value to handle our different use cases. Update the existing register/1 function to handle the identity provider.

# lib/yauth/accounts.ex
defmodule Yauth.Accounts do
  # ...
  def register(%Ueberauth.Auth{provider: :identity} = params) do
    %Account{}
    |> Account.changeset(extract_account_params(params))
    |> Yauth.Repo.insert()
  end
  # ...
end

Now we can add a function head to handle our OAuth-provided data.

# lib/yauth/accounts.ex
defmodule Yauth.Accounts do
  # ...
  def register(%Ueberauth.Auth{} = params) do
    %Account{}
    |> Account.oauth_changeset(extract_account_params(params))
    |> Yauth.Repo.insert()
  end
  # ...
end

This function head calls out to a new changeset function on the Account module.

# lib/yauth/accounts/account.ex
defmodule Yauth.Accounts.Account do
  # ...
  def oauth_changeset(struct, params) do
    struct
    |> cast(params, [:email])
    |> validate_required([:email])
    |> unique_constraint(:email)
  end
  # ...
end

For OAuth data we don’t manage passwords at all but we still want to require an email address and enforce the uniqueness of that email within our application.

Views

Up to this point we’ve added our Ueberauth dependencies, provided the necessary configuration, added routes for social login, and added the controller to handle those requests. All that remains is for us to update our social sign in links to point to the appropriate routes. Update your template with the following:

<!-- lib/yauth_web/templates/session/social_links.html.eex -->
<!-- ... -->
<div class="social-log-in">
  <p>Or log in with</p>
  <%= link(
    "Google",
    to: Routes.auth_path(@conn, :request, "google"),
    class: "button button-outline"
  ) %>
</div>
<!-- ... -->

At this point our users should be able to register for or log in to an account using their Google credentials.

Recap

In this post we expanded our authentication options by letting users use their OAuth service accounts to authenticate with Yauth. We used Google as our example service. We registered our application with Google, added the Ueberauth Google strategy to our application, and provided the controllers, views, and supporting functions to register and log in users who authenticated with Google. To expand our options to Twitter or GitHub or other OAuth providers, we can easily repeat this process with those services.

[1] As an aside, we should note there are more options for handling existing accounts when integrating with OAuth providers. For the sake of simplicity, we allow users with existing identity accounts to use the Google strategy as well. In other words, if you have a Yauth account with a Gmail address and then later use the Google OAuth option with that same Gmail address, you will access the same Yauth account. However, you could not do the same in the opposite direction. The merits and limitations of this approach should be compared with other options when setting up OAuth for production systems. This post chose the simplest path for illustration; using it here is not an endorsement of it as the best way to handle that situation.

Permalink

A Solution to a Problem

What’s in a Programming Language?

The Language Itself

The OTP Middleware

The Virtual Machine

Is it still a badly kept secret?

Monitor your Erlang, Elixir and RabbitMQ systems

MyTopdogStatus

Be included in this blog

Hear it first

Highlights from Code BEAM SF 2019

Operable Erlang and Elixir by Fred Hebert

Announcing Broadway - keynote speech by José Valim

Highlights from Code BEAM SF 2018

The Forgotten Ideas in Computer Science - keynote speech by Joe Armstrong

A Reflection on Building the WhatsApp Server by Anton Lavrik

Highlights from Erlang Factory SF Bay Area 2017

Building a web app in Erlang by Garrett Smith

Highlights from Erlang Factory 2016

Why Functional Programming Matters, keynote speech by John Hughes

Highlights from Erlang Factory 2015

Building And Releasing A Massively Multiplayer Online Game With Elixir by Jamie Winsor

Highlights from Erlang Factory 2014

That’s 'Billion’ with a 'B’: Scaling to the Next Level at WhatsApp by Rick Reed

Highlights from Erlang Factory 2013

The How and Why of Fitting Things Together by Joe Armstrong

Highlights from Erlang Factory 2012

Scaling to Millions of Simultaneous Connections by Rick Reed

Summary

You Might Also Be Interested In:

Highlights of the BEAM

Highlights of the JVM

Concurrency and Parallelism

The BEAM and Concurrency

Scheduler

Garbage Collector

Hot Code Loading

When not to use the BEAM

Conclusion

You may also like:

Footnotes

Operating systems via development

2020-06-24

Certification

Reducing the dev-production mismatch

Testability

More automation

Tight integration

Operations

Final thoughts

Why Elixir?

An evolving architecture

Growing the team

The future ahead

About

Syndicate

Planetarium

Subscriptions