Hussein Nasser public
[search 0]

Download the App!

show episodes
 
Welcome to the Backend Engineering Show podcast with your host Hussein Nasser. If you like software engineering you’ve come to the right place. I discuss all sorts of software engineering technologies and news with specific focus on the backend. All opinions are my own. Most of my content in the podcast is an audio version of videos I post on my youtube channel here http://www.youtube.com/c/HusseinNasser-software-engineering Support my work on PayPal https://bit.ly/33ENps4 🧑‍🏫 Courses I Teac ...
 
Loading …
show series
 
In this episode of the backend engineering show, I’ll discuss the low code movements and their pros and cons. 0:00 Intro 2:00 Evolution of Languages 8:40 Low Code Movement 10:00 Side Effect of Low Code 13:00 Leaky Abstractions Fundamentals of Database Engineering udemy course (link redirects to udemy with coupon) https://database.husseinnasser.com …
 
These are some fundamental technologies that I want to explore in 2022. 0:00 The Way I learn 4:20 Database Engineering 7:00 Network Engineering 9:30 Hardware and Operating Systems 15:00 The problem with software engineering Collateral Knowledge Video https://www.youtube.com/watch?v=6YKbVpWmeLM&t=3s Become a Member on YouTube https://www.youtube.com…
 
In this episode of the backend engineering show, I explain the journey of an HTTP request that gets initiated from a click on a link. I discuss DNS, TCP, API Gateways, reverse proxies, load balancers, backend web servers, and much more. Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🔥 Members Only Content h…
 
In this episode of the backend engineering show, I explain the journey of an HTTP request that gets initiated from a click on a link. I discuss DNS, TCP, API Gateways, reverse proxies, load balancers, backend web servers, and much more. Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🔥 Members Only Content h…
 
Right after the latest patch log 4j 2.16, a new denial of service vulnerability surfaced on log4j resulting in a new 2.17 patch. Let us discuss. 0:00 log4dos 4:50 History of log4j fixes 15:20 All love to the open source maintainers Previous Backend Engineering show episode coverage of log4shell https://youtu.be/77XnEaWNups https://logging.apache.or…
 
In this episode of the backend engineering show, we go through a deep dive to uncover the reason behind the outage on December 7th, 2021 Amazon outage. RCA https://aws.amazon.com/message/12721 All outage analysis videos https://www.youtube.com/watch?v=dhZ5--R42AM&list=PLQnljOFTspQXdkZLiYCCh_5RBP1-T-Rnx Get the Fundamentals of Database Engineering u…
 
In this episode of the backend engineering show, we go through a deep dive to uncover the reason behind the outage on December 7th, 2021 Amazon outage. RCA https://aws.amazon.com/message/12721 All outage analysis videos https://www.youtube.com/watch?v=dhZ5--R42AM&list=PLQnljOFTspQXdkZLiYCCh_5RBP1-T-Rnx Get the Fundamentals of Database Engineering u…
 
In this episode of the backend engineering show, I discuss the log4j vulnerability (CVE-2021-44228 also known as log4shell) that took the Internet by storm. 0:00 Intro 1:00 log4j 5:30 How the attack started 11:00 Attack with DNS 17:00 Remote Code Execution 23:00 Remedy 31:00 Scanning References https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https:…
 
Postgresql database implements MVCC by creating a new row version for any update/delete/or insert. While this is a sound implementation to support concurrent transactions reading old version of the rows, it does have some side effects and this is what I want to discuss in this episode of the backend engineering show. 0:00 Intro 1:00 Postgres MVCC d…
 
Head to https://database.husseinnasser.com to get a discount coupon for my introduction to database engineering. In this video, I answer some of your questions on the Introduction to Database Engineering Course. --- Support this podcast: https://anchor.fm/hnasr/support
 
head to https://database.husseinnasser.com to get a discount coupon for my Introduction to Database Engineering course In this episode of the backend engineering show, I’ll discuss three instances where indexes can be useless and might add overhead to your operations. Let us discuss. 0:00 Intro 1:34 What is an Index? 4:00 The Cost of Indexes 6:40 M…
 
The cost of a long-running update transaction that eventually failed in Postgres (or any other database for that matter.In Postgres, any DML transaction touching a row creates a new version of that row. if the row is referenced in indexes, those need to be updated with the new tuple id as well. There are exceptions with optimization such as heap on…
 
In this episode of the backend engineering show, I’ll discuss all HTTPS/TLS binding options in Microsoft IIS and also explain why every web server and reverse proxy should have some of these fine level control.Chapters0:00 Intro1:00 Require Server Name Indication (SNI)5:00 Disable TLS 1.3 Over TCP8:30 Disable Legacy TLS10:00 Disable OCSP Stapling12…
 
I get a lot of emails asking me to talk about graph databases, so I want to start researching them, but I wanted to give you guys the framework of how I think about any databases to defuse any “magic” that might be there. In this video, I discuss what constrains a database and how the use cases try to work around them. 0:00 Intro 1:50 What constrai…
 
Certificates contain useful metadata including the public key, domain name, signature, etc. However, the private key can be leaked which causes the certificate to be invalid/dangerous to keep around. In that particular situation, we need a mechanism to revoke certificates and that is what I’m going to discuss in this show. 0:00 Intro 0:30 Why Certi…
 
In this episode, I go through the Facebook detailed article regarding their October 4th, 2021 outage and discuss it in length. enjoy Facebook blog: https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ 0:00 Introduction on Facebook Networking Architecture 12:00 The Cause of the Outage 17:00 What’s DNS 23:00 DNS Servers disabled B…
 
Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases. Resources https://www.spookjs.com/ https://www.chromium.org/developers/de…
 
In this episode of the backend engineering show, I’ll go through the SSL Stripping attack, what caused it, what were the mitigations enforced to solve it, and why it is still a problem.0:00 Intro2:10 The Web Security Model14:30 SSL Stripping Example22:00 How to Solve SSL Stripping?27:00 Limitations of HSTS31:00 SummaryBecome a Member on YouTubehttp…
 
The gRPC team just submitted a proposal to support HTTP/3. This is big news and we have been waiting for a long time for this. In this show, I’ll discuss why would you want gRPC, why gRPC picked HTTP/2, what is actually wrong with HTTP/2 and what HTTP/3 solves. And Finally, I’ll discuss what is wrong with HTTP/3 and pitfalls that you as gRPC user m…
 
I discuss keepalive in TCP and HTTP and its pros and cons 0:00 Intro 3:28 What is KeepAlive 8:30 TCP KeepAlive 10:30 Middleboxes and Single-Path TCP 16:30 Middle Boxes and Keepalive 19:30 The FTP KeepAlive trap 25:00 HTTP KeepAlive 30:00 What's a good keepalive timeout? https://daniel.haxx.se/blog/2020/02/10/curl-ootw-keepalive-time/ https://datatr…
 
In this video I’ll illustrate how a proxy server works under the hood. I Will go through how connection establishment works without a proxy, with an HTTP proxy and finally with HTTPS proxy in tunnel mode and TLS termination mode. 0:00 Intro 1:00 Connection Establishment without a Proxy 5:00 Connection Establishment with an HTTP Proxy 15:22 Connecti…
 
In this episode of the backend engineering show, I discuss database clustering. This is also known as table clustering, clustered index or Index organized table all names represents the same thing. I will talk about the benefits of clustering and also the disadvantages of implementing clustering. This feature is also implicitly implemented in certa…
 
In this video, I’ll explain synchronous vs asynchronous operations and then discuss examples where this shows up. In programming, real-time messaging, database systems, and operating systems. 0:00 Definition Synchronous vs Asynchronous 4:15 sync vs async In Programming 7:50 Sync vs Async In Real-time messaging 17:00 Sync vs Async In Database Replic…
 
In this episode of the Backend Engineering show, I'll discuss the advanced section settings in the Application Pool in Internet Information Services in IIS.Chapters0:00 Intro0:30 What is an Application Pool3:00 IIS Multi-processing5:18 .NET CLR Version6:00 32-bit apps6:21 Pipeline Mode (CGI vs ISAPI vs Native)8:45 Max Queue10:18 CPU Limiting16:00 P…
 
While the benefits of partial indexes can have a great impact on your database system performance, the implications are also great if misused. Let us discuss partial indexing (Also known as filtered indexes in SQL Server)Become a Member on YouTubehttps://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join🔥 Members Only Contenthttps://www.youtube.…
 
Replication is the process of pushing changes from the master node to worker replica nodes in a database system to allow for horizontal scalability. One of the methods of replication is statement-based which is popular in MySQL. In this episode of the Backend Engineering Show, I explain why statement-based replication is actually a bad idea.Resourc…
 
This episode of the backend engineering show is sponsored by my friends at RedisLabs. I’m going to break this video into three sections, we will first define features that qualify a primary database? Then we will see if Redis actually check the boxes of a primary database and finally we explore the features of Redis that take it beyond a primary da…
 
There was a two hours DNS outage on a company called Akamai that broke several services today July 22, 2021, https://appleinsider.com/articles/21/07/22/akamai-dns-problem-causing-wide-internet-issues Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🔥 Members Only Content https://www.youtube.com/playlist?list=…
 
IIS (Internet Information Services) is Microsoft's Windows web server. It is feature-rich and very easy to enable. I have been using it for a long time but I noticed I never actually make a video about it. In this video, I'll explore the IIS binding and explain all the options in that form. I might make more videos in the future to explore differen…
 
In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss. 0:00 Intro 1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash 3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation 7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS) Resources…
 
🧑‍🏫 Courses I Teach https://husseinnasser.com/courses In this episode, I’d like to discuss the methods of scaling CPU-bound or intensive workloads on the backend. This show will discuss the scaling of the workload on a single machine taking full advantage effectively of all its resources, then we will discuss horizontal scalability to multiple mach…
 
MongoDB, Postgres, Microsoft SQL Server, or MySQL, or any other database manages concurrency control differently. There are two methods, pessimistic and optimistic, both have their pros and cons. Let explore how different databases implement this and what is the effect on performance/scalability. This is often known as Optimistic vs pessimistic loc…
 
@MrRajputHacker @Th3Pr0xyB0y found critical universal XSS (an XSS that affects the entire browser, not just one page) on Microsoft Edge. They responsibly reported the bug and detailed it in their article. Let us discuss Resources https://cyberxplore.medium.com/how-we-are-able-to-hack-any-company-by-sending-message-including-facebook-google-microsof…
 
In this episode of the backend engineering show I'll discuss the difference between b-tree and b+tree why they were invented, what problems do they solve, and the advantages and disadvantages of both. I'll also discuss the limitation of implementing b-tree over b+tree and how Discord ran into a memory limitation using b-tree Mongo. Check out my ude…
 
SSH Wormable, Written in Bash and VERY hard to detect. Let’s discuss the DarkRadiation ☢️ Ransomware. This new ransomware is cut from a different cloth. Let us discuss * SSH Wormable * Encrypts with AES (OpenSSL) * It mutates so anti-viruses can’t catch it * Bash * Still under development https://www.trendmicro.com/en_us/research/21/f/bash-ransomwa…
 
The ALPACA attack stands for application layer protocol confusion attack and discovered by a group of German computer scientists. Let us spend some time analyzing how this attack really works and how dangerous this is. Resources https://alpaca-attack.com/ALPACA.pdf https://var.thejh.net/http_ftp_cross_protocol_mitm_attacks.pdf https://github.com/RU…
 
This Indian computer scientist uncovered a severe bug that allows anyone to view private content. Let’s see how he did it. https://link.medium.com/goNhkJgv9gb Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses…
 
It is inevitable that a backend service will need to get restarted to pick up a new code change, configuration change, or get out of an invalid state. In this show, I'll discuss why do we need restart services and what alternative ways are there to get around it. And then I'll talk about how to achieve a zero-downtown restart and it is not straight…
 
CAP stands for Consistency, Availability, and Partition tolerance. Understanding the CAP theorem can help engineers make better design choices when building distributed systems. In this show, I will explain the CAP theorem and how you can use it to make tradeoffs in your backend design. You probably already are using the CAP theorem without even kn…
 
Fastly, a very popular CDN went down and took down many services, let’s talk about what could have caused this. Resources https://status.fastly.com/incidents/vpk0ssybt3bj https://twitter.com/fastly/status/1402221348659814411?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1402221348659814411%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Ftwi…
 
On May 27, 2021, Klarna, a popular fintech company has suffered a serious exposure of personal data which caused a planned outage. Resources https://twitter.com/KezStew/status/1397845638956605440 https://www.klarna.com/us/blog/detailed-incident-report-incorrect-cache-configuration-leading-to-klarna-app-exposing-personal-information/ https://en.wiki…
 
Dominos Pizza India hacked and 13TB of customers' data is now on the dark web.https://www.indiatoday.in/technology/news/story/leaked-data-of-dominos-india-users-now-available-on-search-engine-created-by-hacker-1805595-2021-05-22Support my work on PayPalhttps://bit.ly/33ENps4Become a Member on YouTubehttps://www.youtube.com/channel/UC_ML5xP23TOWKUcc…
 
QUIC is officially an IETF standard after a very long time. Is this going to replace the TCP protocol? https://www.theregister.com/2021/05/31/quic_becomes_standard/ https://datatracker.ietf.org/doc/html/rfc9000 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑…
 
Loading …

Quick Reference Guide

Copyright 2022 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login