Igeometry Podcast

Jenkins has just released a statement that there is a potential bug (CVE-2019-17638) where an attacker can steal content from other legitimate requests. In this video, I describe the bug and why being a web server is difficult.  2;00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs 7;50 multi-Threading https://www.youtube.com/watch?v=0vFgKr5bjWI&t=1s   Resources https://nvd.nist.gov/vuln/detail/CVE-2019-17638 https://en.wikipedia.org/wiki/Jetty_(web_server) https://www.jenkins.io/security/advisory/2020-08-17/ --- Support this podcast: https://anchor.fm/hnasr/support

Some of you asked me to talk about how I learned to speak good English on my YouTube videos. I wanted to make a video on the fact that It wasn't always that easy and I struggled a lot and still struggling with English.   I have immigrated to the United State in 2015 In this video, I want to explain my struggle with the English language as an Arabic native speaker and how I got better but still, I need lots of work.  Speaking Tech English is definitely easier than Social. --- Support this podcast: https://anchor.fm/hnasr/support

In this video I explain in details what are third party cookies and how do they work and explain the same site property that google changed  0;30 SameSite 6;00 CORS 6;22 Content Security Policy https://www.youtube.com/watch?v=nHOuakyHX1E  https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html --- Support this podcast: https://anchor.fm/hnasr/support

What if questions sometimes cripple the system design for backend application and complicate the end product. I discuss this in this video.    Stay Awesome Hussein Nasser --- Support this podcast: https://anchor.fm/hnasr/support

Light video today discussing my interviewing skills for software engineering positions. I always ask this open ended question and allow the candidate to go free. --- Support this podcast: https://anchor.fm/hnasr/support

YAGNI stands for You aren’t gonna need it and its a pillar in extreme programming, in this video I discuss this philosophy within the context of Backend Engineering.  https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it  * Extreme Programming Rob Jefferies * You Aren’t Gonna Need it  .. true but only if the design is well defined  * But I am going to need it * Waterfall vs Agile --- Support this podcast: https://anchor.fm/hnasr/support

SNI or server name indication is a TLS Extention that indicate which server/host/domain the client want to communicate with. This is to allow for hosting of multiple websites on the same public static ip address. For the longest time all ISPs used SNI to block hosts and websites, China is now blocking the encrypted version SNI. 0:00 Intro 2:00 DNS and DOH 3:30 SNI 6:30 ESNI 11:00 The Block The ESNI and DOH stops this but China want https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ https://tools.ietf.org/html/draft-ietf-tls-esni-07#section-3.2 --- Support this podcast: https://anchor.fm/hnasr/support

HSBC moving from 65 relational databases to a single Global MongoDB, that might be true but it's misleading as not all systems are moved. Resources https://diginomica.com/hsbc-moves-65-relational-databases-one-global-mongodb-database Why some devs don't use MongoDB https://news.ycombinator.com/item?id=23507197 https://news.ycombinator.com/item?id=19497817 https://news.ycombinator.com/item?id=18366385 https://news.ycombinator.com/item?id=23270429 --- Support this podcast: https://anchor.fm/hnasr/support

SameSite Cookie attribute has been introduced to secure the web and only send cookies within a trusted and safe context.  SameSite Cookies Video  https://www.youtube.com/watch?v=aUF2QCEudPo --- Support this podcast: https://anchor.fm/hnasr/support

A great change by Chrome team, downloading files on HTTP insecure channels is insecure. Let us discuss  Resource  https://www.zdnet.com/article/google-to-block-some-http-file-downloads-starting-with-chrome-83/ --- Support this podcast: https://anchor.fm/hnasr/support

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is on an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.  In this video I go through what homomorphic encryption is and how it will change software engineering forever. 0:00 Intro 2:25 What is Encryption? 3:55 Why we can’t always encrypt? TLS terminator proxies to looks Search and Analyse data Database indexing, functions 8:30 Meet Homomorphic encryption -Perform operations on encrypted data -We decrypt the data to process it.. -Imagine no more TLS termination! In proxies 13:20 IBM FHE toolkit code demo Country csv database, encrypted and then search 21:00 Pros & Cons of Homomorphic Encryption Resources https://github.com/IBM/fhe-toolkit-linux/blob/master/GettingStarted.md https://www.youtube.com/playlist?list=PL0VD16H1q5IOEQuRdgRVt1M8uQSbpVzTb https://arstechnica.co

Dropbox has fully migrated their proxying needs from nginx to envoy proxy. They wrote this detailed article about the reasons and motivations and problems faced during migration. It is an interesting read. Let us discuss https://dropbox.tech/infrastructure/how-we-migrated-dropbox-from-nginx-to-envoy Migrating Dropbox from Nginx to Envoy | Hacker News 0:00 Intro 4:20 What is this Article about? 6:10 Performance 11:15 Security 14:28 Missing Features in NginX 23:24 Migration was NOT Seamless 33:00 Summary --- Support this podcast: https://anchor.fm/hnasr/support

The twitter hackers got caught and the case is closed, what have we learned? what really happened? and how can we prevent such attacks in the future, can homomorphic encryption help? Resource https://www.theverge.com/2020/7/31/21349920/twitter-hack-arrest-florida-teen-fbi-irs-secret-service 0:00 Intro 2:00 Summary of July 15 3:30 How the attack really happened? 8:00 How the attackers got caught? 10:45 How could this be prevented? 12:15 Can homomorphic encryption help? --- Support this podcast: https://anchor.fm/hnasr/support

This is an analysis of the #percona benchmark article comparing MySQL & mariaDB performance with regards to SSD disks with NVMe vs SATA controllers. Pretty neat  0:00 Intro 1:00 MariaDB vs MySQL 2:15 SATA vs NVMe 4:30 SATA Benchmark 7:30 NVMe Benchmark 10:00 SSD & B-Trees 11:20 Best Practices mySQL for SSDs    Resources https://www.percona.com/blog/2020/07/29/checkpointing-in-mysql-and-mariadb/ https://www.percona.com/blog/2020/07/30/how-mysql-and-mariadb-perform-on-nvme-storage/?utm_campaign=2020%20Blog%20Q3&utm_content=135945936&utm_medium=social&utm_source=twitter&hss_channel=tw-35373186 https://www.samsung.com/semiconductor/global.semi.static/best-practices-for-mysql-with-ssds-0.pdf   

Bob Diachenko discovered an attack on MongoDB and ElasticSearch clustered that are unsecured. We discuss this attack in detail and how we as Backend Engineers can secure our databases.   0:00 The Meow Attack again MongoDB & ElasticSearch 1:43 How does it work? 5:00 Scope of the Attack 6:00 How Backup & MVCC Help 8:30 What does “Unsecure” mean? 11:00 Protecting Database Instances --- Support this podcast: https://anchor.fm/hnasr/support

My progress of researching webRTC --- Support this podcast: https://anchor.fm/hnasr/support

This is a podcast I did with @Adarsh Menon where I discuss my journey into Backend Engineering and some lessons learned during the course of my 20+ years engineering journey. Enjoy    0:00 Intro 2:45 Podcast Starts 3:15 How did you get into programming? 10:15 What problems do you solve at Esri ? 14:55 Generalist or Specialist ? 24:45 Advice to people starting out 33:15 On being Humble 47:05 YouTube advice for tech YouTubers 53:45 Thoughts on starting a company 56:45 Advice to 22 year old Hussein     

Was reading this article and it is interesting how relatable to backend engineering and security and how many times I made this mistake before. In this video I discuss how it is not a good idea to ignore certificate validation which can lead MITM attacks.   This article shows an ASUS router that does not verify TLS certificate which is a flaw discovered by Martin Rakhmanov a security researcher.   0:00 Intro 2:00 Validate Certificate  12:18 How to mitigate  18:00 Avoiding MITM   Resources https://www.techradar.com/news/this-router-is-vulnerable-to-fake-updates-and-cross-site-scripting-attacks   

WhatsApp is a chatting application written in Erlang. Let us have a discussion on how WhatsApp managed to run 3 million TCP connections on each FreeBSD server.   WhatsApp has the following metrics 42 Billion messages a day 1 Billion users 3 Million connections!!   0:00 Intro 2:00 How WhatsApp reached 1,2 then 3 Million Connection 7:00 How Many Processes?  10:00 Server Side Load Balancing 13:50 Client Side Load Balancing   Resources https://blog.whatsapp.com/1-million-is-so-2011 https://blog.whatsapp.com/on-e-millio-n https://developers.facebook.com/videos/f8-2016/a-look-at-whatsapp-engineering-for-success-at-scale/   

In this video I go through why TLS 1.0 and TLS 1.1 should go away.   Resources https://threatpost.com/riskrecon-the-tls-1-2-deadline-is-looming-do-you-have-your-act-together/157296/ https://www.zdnet.com/article/chrome-84-released-for-blocking-notification-popups-on-spammy-sites/ ‪https://www.theregister.com/2020/07/20/microsoft_roundup/‬ --- Support this podcast: https://anchor.fm/hnasr/support