Igeometry Podcast

Github security team has found a remote execution code in Node.JS library changelog. In this video I describe the bug and go through the code  Resources https://portswigger.net/daily-swig/github-security-team-finds-remote-code-execution-bug-in-popular-node-js-changelog-library https://github.com/conventional-changelog/standard-version/pull/351/files https://github.com/advisories/GHSA-7xcx-6wjh-7xp2 --- Support this podcast: https://anchor.fm/hnasr/support

In this video I discuss the VPN Leak of 1.2 TB of user logs data, IP addresses, password and much more   Resources https://www.theregister.com/2020/07/17/ufo_vpn_database/ https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/ --- Support this podcast: https://anchor.fm/hnasr/support

In July / 17 Cloud Flare had a 27 minutes outage, we discuss this outage what caused it and my thoughts on this ..  https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ --- Support this podcast: https://anchor.fm/hnasr/support

A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam. In this video I discuss this attack --- Support this podcast: https://anchor.fm/hnasr/support

Server-Sent Events or SSE is when the server sends events to the client in a unidirectional manner. In this video I explain Server-Sent Events and compare it to websockets and HTTP and Long Polling.   Source Code https://github.com/hnasr/javascript_playground/tree/master/server-sent-events  Resources https://developer.mozilla.org/en-US/docs/Web/API/EventSource   0:00 Intro 1:50 HTTP 1.0/1.1 3:40 WebSockets 5:00 Server Sent Events 7:30 SSE Use Cases 9:00 SSE Code Example 18:00 SSE Pros & Cons 25:20 Do You Need SSE? 28:30 Summary --- Support this podcast: https://anchor.fm/hnasr/support

In this video I go through all possible ways the US can use to block TikTok?  0:00 Intro 0:22 App Stores 1:30 DNS 2:20 ISP Level Block  3:30 DOH/ DOT 5:00 SNI  5:50 VPN --- Support this podcast: https://anchor.fm/hnasr/support

This is a question from one of you guys that I thought I'd answer in its own video since its loaded.  Q/A - Shark Beak I currently have the same setup for my side project. What do you think about having a 'create table if not exist' running on startup that creates this table? Good/bad?    It is always a good idea to have a specific database user for each route with specific permissions and use connection pooling as much as possible. --- Support this podcast: https://anchor.fm/hnasr/support

ZeroMQ is an Open Source Messaging Library designed for a high-performance asynchronous messaging library. In this video I discuss this tech and build a simple queue with this tech 0:00 Intro 1:48 What is ZeroMQ? 4:48 Messaging Patterns 6:42 Socket Types 8:55 Simple Queue 11:00 Code 23:20 ZeroMQ Pros & Cons 29:30 Summary Source Code https://github.com/hnasr/javascript_playground/tree/master/zeromq-simplequeue Resources https://github.com/booksbyus/zguide/tree/master/examples/Node.js https://en.wikipedia.org/wiki/ZeroMQ https://blog.scottlogic.com/2015/03/20/ZeroMQ-Quick-Intro.html http://zguide.zeromq.org/page:chapter3#advanced-request-reply Outline What is ZeroMQ? Message library Message Patterns Broker less Simple you build the components that you need Sockets Types REQ REP PUSH PULL ROUTER DEALER Message PatternS Synchronous Request/Response Asynchronous Request/Response Publish/Subscribe

Discussing Layer 7 Reverse Proxy D=DOS Mitigation (Security Now Video by Steve Gibson ) --- Support this podcast: https://anchor.fm/hnasr/support

Google Chrome and Firefox to Join Apple’s Safari in One Year Certificate Validity (My opinion) --- Support this podcast: https://anchor.fm/hnasr/support

TCP Fast Open Spec https://tools.ietf.org/html/rfc7413#section-1 --- Support this podcast: https://anchor.fm/hnasr/support

In this video I discuss what is the TCP Slow Start and its effect on performance of backend applications, proxies and even frontend applications. --- Support this podcast: https://anchor.fm/hnasr/support

In this video, I explain why we can't run unencrypted HTTP/2 or HTTP/3 without enabling TLS. This is because of Protocol Ossification. --- Support this podcast: https://anchor.fm/hnasr/support

Article: Why Turning on HTTP/2 Was a Mistake - Lucidchart - https://www.lucidchart.com/techblog/2019/04/10/why-turning-on-http2-was-a-mistake/  In this video I discuss this article and my opinion.  That is not a limitation of HTTP/2 but of the application that couldn't handle the request. It is like driving a volvo all your life and then switching to a Ferrari and saying it was a mistake because its too fast. I disagree with the solutions of throttling the LB and I think the app should either be architected to not send this much requests if possible or just add more servers since HTTP is stateless you should be able to scale. HTTP/2 however does use more cpu it is dealing with many streams. The article doesn’t explain if it was H2 all the way though or not.    0:00 Intro 1:17 HTTP/1.1 Current Architecture  4:00 What happened when They Enabled HTTP/2 AT LB 7:00 Why I disagree with the throttling  8:00 Proposed Solutions  12:15 Why HTTP/2 can be CPU intensive   

In this video I have a conversation with you on how we one break it into backend engineering answer most of your questions, what should you write in a CV, what recruiters expect for backend engineers etc..   Question: Hey Hussein, I hope you are doing well, Are there any tips or tricks I can do to make it easier to break into the industry as a back-end developer? i mean what are recruiters looking for in a CV? i would be glad if you made a video about that. --- Support this podcast: https://anchor.fm/hnasr/support

In this video I discuss multicast DNS. Wikipedia defines multicast dns In computer networking, the multicast DNS (mDNS) protocol resolves hostnames to IP addresses within small networks that do not include a local name server.    0:00 Intro 0:30 DNS Explained in LAN 4:00 Multicast DNS --- Support this podcast: https://anchor.fm/hnasr/support

In this video, I explain the different cases where we overengineer software especially in two pieces, software code, and system design and architecture.  Chapters 0:00 Intro 1:45 OverEngineering in Software Development 7:15 OverEngineering System Design --- Support this podcast: https://anchor.fm/hnasr/support

We know ISP can block you from going to YouTube all together but can they block you from watching a single youtube video? I discuss that in this video  Stay Awesome, Hussein --- Support this podcast: https://anchor.fm/hnasr/support

In this video I explain what happened to services such as stripe & roku which failed to establish TLS sessions because the ROOT certificate AddTrust External CA Root has expired. This is a bug in openSSL and other software the perform this kind of validation.   I explain what happened in details..   Resources https://twitter.com/sleevi_/status/1266647545675210753 https://tools.ietf.org/html/rfc4158 https://ohdear.app/blog/resolving-the-addtrust-external-ca-root-certificate-expiration --- Support this podcast: https://anchor.fm/hnasr/support

Sharing a Single TCP Connection whether this is HTTP, WebSockets or just RAW TCP protocol between multi-threading or multi-processes application is bound to cause bad undesirable effects. I explain this in this video and give example of how QUIC & HTTP/2 have solved this problem.   Pooling 5:00 QUICK Database 6:30 HTTP/2 Playlist 7:00 --- Support this podcast: https://anchor.fm/hnasr/support