Igeometry Podcast

In this live stream we have a Q&A about Communication Protocols in the Backend , enjoy. We Talk about Masque, WebTransport, WebSockets, TCP, UDP and more --- Support this podcast: https://anchor.fm/hnasr/support

A group of researchers from UC Riverside and Tsinghua University announced a new attack against the Domain Name System (DNS) called SAD DNS (Side channel AttackeD DNS). In this video I explain this attack 0:00 Intro 1:00 What is DNS? 3:10 Original DNS Poisoning 6:30 DNS Poisoning with Fragmentation Attack 9:30 ICMP Explained 13:00 DNS Poisoning with ICMP Error Messages   Resources https://blog.cloudflare.com/sad-dns-explained/ https://www.saddns.net/ https://bit.ly/3lHTn45 https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol --- Support this podcast: https://anchor.fm/hnasr/support

There is a new Protocol called WebTransport, it sets to solve some limitations in WebSockets, the question is will this completely replaces WebSockets? I’ll leave this question to you guys. Let us discuss Resources https://www.youtube.com/watch?v=jTBM9CDO_Wk&feature=youtu.be https://datatracker.ietf.org/doc/draft-kinnear-webtransport-http2/ https://datatracker.ietf.org/doc/draft-vvv-webtransport-http3/ https://datatracker.ietf.org/doc/draft-vvv-webtransport-quic/ --- Support this podcast: https://anchor.fm/hnasr/support

FireFox Enables HTTPS Only Mode, let us discuss  https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ What does it mean? Death of HSTS? No more plugins Will it ever become default? (Government sites unencrypted, backward compatible) --- Support this podcast: https://anchor.fm/hnasr/support

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses. (CVE-2020-8277)  I discuss this attack in this video and whether you should fix it.  Impacts: * Versions 12.16.3 and higher on the 12.x release line * Versions 14.13.0 and higher on the 14.x release line * All versions of the 15.x release line   Resources https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#:~:text=Denial%20of%20Service%20through%20DNS,a%20larger%20number%20of%20responses. Code Fix  https://github.com/nodejs/node/commit/022899e1d5 --- Support this podcast: https://anchor.fm/hnasr/support

In this Livestream we discuss the following topic  Facebook moving to QUIC https://engineering.fb.com/2020/10/21/networking-traffic/how-facebook-is-bringing-quic-to-billions/ Multiplexed Application Substrate over QUIC Encryption (masque) https://datatracker.ietf.org/wg/masque/about/ KIP500, Kafka removing ZooKeeper https://www.confluent.io/blog/how-to-prepare-for-kip-500-kafka-zookeeper-removal-guide/ DotNET 5 https://devblogs.microsoft.com/dotnet/announcing-net-5-0/ --- Support this podcast: https://anchor.fm/hnasr/support

HTTP CONNECT Method allows the client to create a tunnel through a proxy to forward any free-form content through it. Let us discuss why do the pros and cons of this 0:00 Intro 1:45 HTTP Proxy 5:50 HTTPS Proxy 9:40 HTTP CONNECT 14:15 HTTP CONNECT Chaining 16:10 Pros & Cons of CONNECT 23:20 MASQUE Resources https://tools.ietf.org/html/rfc7231#section-4.3.6 Multiplexed Application Substrate over QUIC Encryption (masque) https://datatracker.ietf.org/wg/masque/about/ What if you want to connect to the secure site? cards 18:40 http/2 clear smuggling https://www.youtube.com/watch?v=B2VEQ3jFq6Q 17:40 layer 4 proxy https://www.youtube.com/watch?v=aKMLgFVxZYk 16:50 WebSockets https://www.youtube.com/playlist?list=PLQnljOFTspQUGjfGdg8UvL3D_K9ACL6Qh 21:00 HTTP/2 https://www.youtube.com/watch?v=fVKPrDrEwTI --- Support this podcast: https://anchor.fm/hnasr/support

HTTP/2 Push is being removed since it is very difficult to implement and has no added value. Let us discuss  Resource https://groups.google.com/a/chromium.org/g/blink-dev/c/K3rYLvmQUBY/m/vOWBKZGoAQAJ Video https://www.youtube.com/watch?v=uAfNRJJ_BrA --- Support this podcast: https://anchor.fm/hnasr/support

An article from 2016 which caused lots of discussions in the software engineering community. We bring it back and open old wounds and discuss it again.  0:00 Intro 3:00 Problems with Architecture of Postgres 4:00 Postgres on-Disk Format 9:45 Replication 13:19 Write Amplification 16:44 Replication Bandwidth 21:16 Data Corruption 24:00 Replica MVCC 31:30 Postgres Upgrades 33:00 MySQL on-Disk Format 37:00 MySQL Replication 40:00 Connection Handling https://eng.uber.com/postgres-to-mysql-migration/ https://news.ycombinator.com/item?id=12166585 --- Support this podcast: https://anchor.fm/hnasr/support

WebRTC (Web Real-Time Communication) is a free, open-source project that provides web browsers and mobile applications with real-time communication (RTC) via simple application programming interfaces (APIs). In this video I go through webrt and discuss all the concepts of WebRTC in details. We will learn about NAT, STUN, TURN, ICE, SDP, Signaling and we will show a demo too! Finally we will talk about the pros & cons 0:00 Intro 3:44 WebRTC Overview 11:17 NAT 16:54 NAT Translation Methods 26:20 STUN 33:30 TURN 35:00 ICE 38:00 SDP 40:52 Signaling 43:30 WebRTC Demo 1:00:00 WebRTC Pros & Cons 1:04:00 Bonus WebRTC Content ! tags webrtc, Web Real-Time Communication, webrtc video, webrtc samples, webrtc tutorial, webrtc , interactive connectivity establishment ice , session description protocol, session initiation protocol, peer to peer, getUserMedia, RTCPeerConnection --- Support this podcast: https://anchor.fm/hnasr/support

Live Q&A discussion of different backend engineering topics --- Support this podcast: https://anchor.fm/hnasr/support

Facebook move to QUIC from TCP was not smooth but they did see some improvement in all their apps. Let us discuss this Article https://engineering.fb.com/networking-traffic/how-facebook-is-bringing-quic-to-billions/ 0:00 Intro 3:00 What is QUIC? 10:45 Facebook Backend 14:30 FaceBook Frontend 15:20 GraphQL 17:00 The Trouble with QUIC 23:00 Static & Video Content 25:15 Instagram App 26:00 QUIC Future --- Support this podcast: https://anchor.fm/hnasr/support

SonaType detected a Malware in NPM registry imitating to be Twilio package that opens a reverse connection to a remote server and allows attacker to access your local machine content. Let us discuss Since this command is unix specific it won’t work on Windows https://blog.sonatype.com/twilio-npm-is-brandjacking-malware-in-disguise Resources SSH Tunneling https://youtu.be/N8f5zv9UUMI Ngrok https://www.youtube.com/watch?v=pR2qNnVIuKE --- Support this podcast: https://anchor.fm/hnasr/support

According to ZDNET "Chrome will soon have its own dedicated certificate root store" Let us discuss what that might mean to privacy   https://www.zdnet.com/article/chrome-will-soon-have-its-own-dedicated-certificate-root-store/ --- Support this podcast: https://anchor.fm/hnasr/support

Ever heard of HTTP Smuggling? will this is smuggling a TCP packet into an HTTP body so that it can be interpreted by the router to open internal ports to your machine. NAT Slipstreaming was discovered by Samy Kamkar,  Article and research by @SamyKamkar  https://samy.pl/slipstream/ --- Support this podcast: https://anchor.fm/hnasr/support

Let us have a casual chat about TLS, Security, Certificates and more --- Support this podcast: https://anchor.fm/hnasr/support

In this live stream I discuss all about Database ACID one by one and we also answer interesting questions!  Enjoy!  Watch stream here https://www.youtube.com/watch?v=QCKZ3VZ87Qo&feature=youtu.be --- Support this podcast: https://anchor.fm/hnasr/support

My Thoughts on Full Stack Engineering --- Support this podcast: https://anchor.fm/hnasr/support

In this video I discuss the new Uber Backend Architecture that they deployed to process payments and jobs and orders. https://youtu.be/mL0fzj7e6WU Revolutionizing Money Movements at Scale with Strong Data Consistency https://eng.uber.com/money-scale-strong-data/ --- Support this podcast: https://anchor.fm/hnasr/support

In this video, I explain the differences between Column vs Row Oriented Database Storage how efficient each method is, and their pros & cons 0:00 Intro 2:50 Row-Oriented Database 15:30 Column-Oriented Database 26:30 Pros & Cons --- Support this podcast: https://anchor.fm/hnasr/support