Igeometry Podcast

Some cool new features are coming to the Javascript language namely Optional chaining and nullish coalescing how useful are they? lets discuss So Optional chaining and nullish coalescing are coming to the Javascript language. I think it is already in the Javascript Engines (V8, SpiderMonkey, JavascriptCore and Chakra) which will be picked up by other clients such as browsers, node js , dino other stuff .. Cool stuff lets get into it. Show them (chrome devtools) Where is it available? Node JS not yet (13.9 V7.9) (https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V13.md#13.9.0) Resources V8 release v8.0 · V8 Optional Chaining https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Optional_chaining Nullish coalescing https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Nullish_coalescing_operator --- Support this podcast: https://anchor.fm/hnasr/support

We are one step closer to a more secure web. Firefox disabled TLS 1.0 1.1 It’s a big change that I am very happy about but not everyone is. Let's discuss . Resources https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ https://www.openssl.org/~bodo/ssl-poodle.pdf Firefox disabled TLS 1.0 1.1 It’s a big change that I am very happy about but not everyone is. Lets discuss Resources https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ https://www.openssl.org/~bodo/ssl-poodle.pdf --- Support this podcast: https://anchor.fm/hnasr/support

Google engineer Alyssa Wilk discovers a critical security bug related to whitespaces in header values. Envoy and Node JS fix this by releasing a security patch. let us discuss it. tags: envoy, envoy proxy, envoy security, envoy proxy whitespace, Alyssa Wilk --- Support this podcast: https://anchor.fm/hnasr/support

Node JS Releases a Fix for an HTTP Request Smuggling Vulnerability, we discuss the attack and the fix in detail. --- Support this podcast: https://anchor.fm/hnasr/support

In April 2019 Google blocked sign-ins from Embedded Browsers to avoid man in the middle phishing attacks. In this video, we discuss why.    https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html?m=1 --- Support this podcast: https://anchor.fm/hnasr/support

PostgresSQL version 12 has been released, let's go through the features that I think are most interesting and cool. #softwarenews   Feature Matrix https://www.postgresql.org/about/featurematrix/   - Allow adding columns to Index (GIST) https://www.postgresql.org/about/featurematrix/detail/314/  - COPY FROM WHERE COPY FROM ... WHERE  - More native support of JSON objects https://www.postgresql.org/docs/12/functions-json.html#FUNCTIONS-SQLJSON-PATH  - Reindex concurrently (slow but allows writes) https://www.postgresql.org/docs/12/sql-reindex.html#SQL-REINDEX-CONCURRENTLY - Performance on large partitioned tables - Stored Generated Columns --- Support this podcast: https://anchor.fm/hnasr/support

Google just released the latest version of Chrome (80) and one of the interesting features making a big change to the default cookies that might actually prevent CSRF forever. Let’s discuss this.   #softwarenews  *  Same Site Attribute * Break some apps * Devs must explicitly set None;secure * Will this end CSRF    Resources  https://youtu.be/GPz7onXjP_4  https://www.chromestatus.com/feature/5088147346030592    News Theme 2 by Audionautix is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/by/4.0/) Artist: http://audionautix.com/ --- Support this podcast: https://anchor.fm/hnasr/support

Load balancing is process of balancing incoming requests to multiple machines, processes or services. In this video we will explain two types of load balancers, layer 4 and layer 7. Layer 4 - haproxy, NLB  Pros  - great for simple packet-level load balancing  - Fast and efficient doesn’t look at the data  - More secure as it cant really look at your packets. So if it was compromised no one can look  - Uses NAT  - One connection between client and server NATed  Cons  - Can't do smart load balancing based on the content, such as switch request based on the requested media type  - Cant do microservices with this type  - Has to be sticky as it is a stateful protocol (all segments) Layer 7 (Nginx , haproxy) This type of proxy actually looks at the content and have more context, it knows you are visiting the /users resources so it may forward it to a different server. Essential and Great for microservices , it knows the content is video:image etc.. --- Support

NginX is an open source web server written in C and can also be used as a reverse proxy and a load balancer. In this video, I want to go through the following topics in NginX What is NginX? 2:25 Current & Desired Architecture 4:58 Layer 4 and Layer 7 Proxying in Nginx 8:40 Example 10:25 Install Nginx (mac) 13:30 Nginx as a Web Server 15:00 (webserver.conf) Static context location root 20:00 regular expression 27:00 proxy pass 30:30 Nginx as a Layer 7 Proxy 33:30 Proxy to 4 backend NodeJS services (docker) 37:00 IP_Hash load balaning 43:00 Split load to multiple backends (app1/app2) 46:00 Block certain requests (/admin) 49:00 NGINX as a Layer 4 Proxy 51:30 Create DNS record 1:01:08 Enable HTTPS on Nginx (lets encrypt) 1:05:08 Enable TLS 1.3 on Nginx 1:14:00 Enable HTTP/2 on NGINX 1:17:10 Summary 1:20:10 Cards 3:40 prox

In this podcast I explain what database partitioning is and illustrate the difference between Horizontal vs Vertical Partitioning, benefits and much more.   Why Partitioning? --- Support this podcast: https://anchor.fm/hnasr/support

ARP Address Resolution Protocol is a protocol that maps IP address to a mac address so hosts can be addressed. I want to make a video explaining ARP because it is starting to surface a lot in different videos that I’m making such as man in the middle, load balancing, and security.   --- Support this podcast: https://anchor.fm/hnasr/support

In this video I want to go through what really happens under the hood when you type google.com and you hit enter in a browser. This is inspired by alex’s github page below, it is a great detailed description of what happens. I did however add more details to certain areas and I removed some stuff like keyboard events and low level operating system like that. So if you are interested stay tuned! https://github.com/alex/what-happens-when 5:30 HSTS https://youtu.be/kYhMnw4aJTw 19:30 tcp vs udp https://youtu.be/qqRYkcta6IE 24:42 tls https://youtu.be/AlE5X1NlHgg 40:56 mimesniffing https://youtu.be/eq6R6dxRuiU Initial typing - lookup for most visited sites or an actual search Google.com Enter - parse is it a url or search term? If search do a search if url visit website Which protocol? which port ? HSTS? HTTPS or HTTP? DNS cached? Hosts? DoH? Lookup ? TCP ip / port ? arp? NAT? proxy? HTTP 1.1 ? More than one connection TLS version? ciphers? Alpn? SNI ? H2 ? H3? Quic? GET / - ? Headers compress cookies? binary stre

Failover is the technique of switching to a redundant backup machine when a certain node goes down. This is a very common implementation for achieving high availability and it is often mixed with different load balancing techniques such as layer 4 and layer 7 balancing.  In this video i want to go through following  * What is Failover? 1:47
 * ARP - Address Resolution Protocol 3:00
 * VIP & VRRP 5:40
 * High-availability Example 12:12
  Cards 4:00 ARP 12:50 docker javascript 18:00 OSI Model      --- Send in a voice message: https://anchor.fm/hnasr/message

HAProxy is free, open source software written in C that provides a high availability  layer 4 and layer 7 load balancing and proxying . It has a reputation for being fast and efficient (in terms of processor and memory usage). In this video I want discuss the following Current & Desired Architecture 2:30 HAProxy Architecture  5:50 HAProxy as TCP Proxy & HTTP Proxy (Layer 4 vs Layer 7) 17:00 ACL (Access Control Lists) 19:20 TLS Termination vs TLS Pass Through 20:40 Example 24:23 Spin up the services 25:51 Install HAProxy - 28:00 HAProxy configuration 29:11 ACL Conditional 39:00 ACL Reject URL 48:00 Enable HTTPS HAProxy 53:00 Enable HTTP/2 on HAProxy 1:05:30 Summary Cards Docker Javascript node 4:00 Varnish 15:46 NAT 23:30 Docker Javascript node 26:00 Encryption 56:00 TLS 56:10 HTTP2 1:08:40 Source Code for Application HAProxy config https://github.com/hnasr/javascript_playground/tree/master/proxy Docker application ht

HSTS or HTTP Strict Transport Security is a mechanism to force clients to communicate in HTTPS with a web server if both support this protocol.   In this podcast, I talk through this tech. --- Send in a voice message: https://anchor.fm/hnasr/message

Database engines or storage engines or sometimes even called embedded databases is software library that a database management software uses to store data on disk and do CRUD (create update delete) Embedded means move everything in one software no network client server. In this video I want to go through the few popular database engines, explain the differences between them and finally I want to spin up a database and change its engine and show the different features on each engine Timecodes What is a database Engine 3:00 myISAM 9:43 Aria 16:30 InnoDB 19:00 XtraDB 25:30 LevelDB 27:40 RocksDB 34:00 SQLite 38:11 BerkelyDB 42:00 Demo! 47:11 Cards ACID 4:30 mysql/javascript 56:17 Resources https://youtu.be/V_C-T5S-w8g https://mariadb.com/kb/en/library/changes-improvements-in-mariadb-102/ https://mariadb.com/kb/en/library/why-does-mariadb-102-use-innodb-instead-of-xtradb/ https://github.com/facebook/rocksdb/wiki/Features-Not-in-LevelDB https://mariadb.com/kb/en/library/aria-storage-engine/ Best of MyISAM and InnoD

Database Sharding Crash Course (with Postgres examples) Database sharding is process of segmenting the data into partitions that are spread on multiple database instances to speed up queries and scale the system. What is sharding? sharing key / partition key Consistent Hashing Horizontal partitioning vs Sharding Example Pros and cons What is Sharding? 1:30 Consistent Hashing 4:50 Horizontal partitioning vs Sharding 7:36 Example 8:45 Spin up Docker Postgres Shards 10:02 Write to the shard 17:25 Read from the Shard 39:20 Pros & Cons 51:10 Cards Postgres pgadmin Docker 8:54 Postgres Javascript 18:18 URL vs Query param 22:30 CORS 29:30 sql injection 42:40 Source Code https://github.com/hnasr/javascript_playground/tree/master/sharding Docker commands (including pgadmin) https://github.com/hnasr/javascript_playground/blob/master/sharding/shards/commands.txt Dockerfile & init.sql https://github.com/hnasr/javascript_playground/tree/master/sharding/shards Horizontal partitioning vs Sharding HP same database in

Varnish is a reverse proxy web accelerator  Written in C designed to improve HTTP performance by using server side caching. In this video I’m going to go through how Varnish works, we will spin up a Varnish docker container and finally talk about the pros and cons of this tech. Agenda Classic HTTP Architecture How Varnish Works? HTTP Setup - Varnish HTTPS Setup - Varnish with Caddy as TLS Terminator. Varnish Pros & Cons Summary Pros Cache & prefetching documents Resolve DNS hostnames in documents Rewrite scripts to optimize code Load Balancing Backend Connection Pooling Varnish Modules (VMODS, e.g. rewrite headers) Edge side includes (personalized dynamic page) Cons Cache Invalidation Only works on unencrypted HTTP For HTTPS frontend, terminate TLS For HTTPS backend, no solution in Varnish open source Can’t cache POST requests (e.g. GraphQL queries) HTTP/2 backends won’t benefit docker commands docker run --name varnish -p 8080:80 varnish docker cp default.vcl v

short is a major revision of the hyper text transfer protocol that improves the performance of the web. It uses a binary protocol and multiplexing. In this video I want to go through how HTTP/2 works, its pros and cons and show the performance difference between HTTP 1.1 and HTTP/2 Http/1 request has to wait for a response And if you used up your connection response you can send anything else. Source Code: https://github.com/hnasr/javascript_playground/tree/master/staticpage So hack ! 6 tcp connections Pros One connection Multipex Push ( have to enable) Hpack (compress) Cons Abuse push Proxies that dont support it might slow down Load balancer layer 7 (a layer 7 load balancer that doesnt support h2 will slow down when your web server supports it) Cards 1:25 HTTP crash course 12:30 TLS Time codes HTTP 1.1 2:15 HTTP/2 5:50 HTTP/2 With Push 8:25 HTTP/2 Pros 9:48 HTTP/2 Cons 14:10 Demo 17:15 +----------+--------+---------+---------+ | Protocol | Online | Fast 3G | Slow 3G | +----------+--------+---------+--------

Sorry about the free form audio and low quality thought I post something here its been while