Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is on an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data. In this video I go through what homomorphic encryption is and how it will change software engineering forever. 0:00 Intro 2:25 What is Encryption? 3:55 Why we can’t always encrypt? TLS terminator proxies to look...
Aug 02, 2020•24 min
Dropbox has fully migrated their proxying needs from nginx to envoy proxy. They wrote this detailed article about the reasons and motivations and problems faced during migration. It is an interesting read. Let us discuss https://dropbox.tech/infrastructure/how-we-migrated-dropbox-from-nginx-to-envoy Migrating Dropbox from Nginx to Envoy | Hacker News 0:00 Intro 4:20 What is this Article about? 6:10 Performance 11:15 Security 14:28 Missing Features in NginX 23:24 Migration was NOT Seamless 33:00 ...
Aug 02, 2020•36 min
The twitter hackers got caught and the case is closed, what have we learned? what really happened? and how can we prevent such attacks in the future, can homomorphic encryption help? Resource https://www.theverge.com/2020/7/31/21349920/twitter-hack-arrest-florida-teen-fbi-irs-secret-service 0:00 Intro 2:00 Summary of July 15 3:30 How the attack really happened? 8:00 How the attackers got caught? 10:45 How could this be prevented? 12:15 Can homomorphic encryption help?...
Aug 02, 2020•18 min
This is an analysis of the #percona benchmark article comparing MySQL & mariaDB performance with regards to SSD disks with NVMe vs SATA controllers. Pretty neat 0:00 Intro 1:00 MariaDB vs MySQL 2:15 SATA vs NVMe 4:30 SATA Benchmark 7:30 NVMe Benchmark 10:00 SSD & B-Trees 11:20 Best Practices mySQL for SSDs Resources https://www.percona.com/blog/2020/07/29/checkpointing-in-mysql-and-mariadb/ https://www.percona.com/blog/2020/07/30/how-mysql-and-mariadb-perform-on-nvme-storage/?utm_campaig...
Jul 30, 2020•14 min
Bob Diachenko discovered an attack on MongoDB and ElasticSearch clustered that are unsecured. We discuss this attack in detail and how we as Backend Engineers can secure our databases. 0:00 The Meow Attack again MongoDB & ElasticSearch 1:43 How does it work? 5:00 Scope of the Attack 6:00 How Backup & MVCC Help 8:30 What does “Unsecure” mean? 11:00 Protecting Database Instances
Jul 30, 2020•16 min
My progress of researching webRTC
Jul 28, 2020•23 min
This is a podcast I did with @Adarsh Menon where I discuss my journey into Backend Engineering and some lessons learned during the course of my 20+ years engineering journey. Enjoy 0:00 Intro 2:45 Podcast Starts 3:15 How did you get into programming? 10:15 What problems do you solve at Esri ? 14:55 Generalist or Specialist ? 24:45 Advice to people starting out 33:15 On being Humble 47:05 YouTube advice for tech YouTubers 53:45 Thoughts on starting a company 56:45 Advice to 22 year old Hussein 🏭...
Jul 26, 2020•1 hr 4 min
Was reading this article and it is interesting how relatable to backend engineering and security and how many times I made this mistake before. In this video I discuss how it is not a good idea to ignore certificate validation which can lead MITM attacks. This article shows an ASUS router that does not verify TLS certificate which is a flaw discovered by Martin Rakhmanov a security researcher. 0:00 Intro 2:00 Validate Certificate 12:18 How to mitigate 18:00 Avoiding MITM Resources https://www.te...
Jul 25, 2020•19 min
WhatsApp is a chatting application written in Erlang. Let us have a discussion on how WhatsApp managed to run 3 million TCP connections on each FreeBSD server. WhatsApp has the following metrics 42 Billion messages a day 1 Billion users 3 Million connections!! 0:00 Intro 2:00 How WhatsApp reached 1,2 then 3 Million Connection 7:00 How Many Processes? 10:00 Server Side Load Balancing 13:50 Client Side Load Balancing Resources https://blog.whatsapp.com/1-million-is-so-2011 https://blog.whatsapp.co...
Jul 25, 2020•17 min
In this video I go through why TLS 1.0 and TLS 1.1 should go away. Resources https://threatpost.com/riskrecon-the-tls-1-2-deadline-is-looming-do-you-have-your-act-together/157296/ https://www.zdnet.com/article/chrome-84-released-for-blocking-notification-popups-on-spammy-sites/ https://www.theregister.com/2020/07/20/microsoft_roundup/
Jul 21, 2020•15 min
Github security team has found a remote execution code in Node.JS library changelog. In this video I describe the bug and go through the code Resources https://portswigger.net/daily-swig/github-security-team-finds-remote-code-execution-bug-in-popular-node-js-changelog-library https://github.com/conventional-changelog/standard-version/pull/351/files https://github.com/advisories/GHSA-7xcx-6wjh-7xp2
Jul 21, 2020•11 min
In this video I discuss the VPN Leak of 1.2 TB of user logs data, IP addresses, password and much more Resources https://www.theregister.com/2020/07/17/ufo_vpn_database/ https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/
Jul 20, 2020•17 min
In July / 17 Cloud Flare had a 27 minutes outage, we discuss this outage what caused it and my thoughts on this .. https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
Jul 18, 2020•11 min
A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam. In this video I discuss this attack
Jul 16, 2020•10 min
Server-Sent Events or SSE is when the server sends events to the client in a unidirectional manner. In this video I explain Server-Sent Events and compare it to websockets and HTTP and Long Polling. Source Code https://github.com/hnasr/javascript_playground/tree/master/server-sent-events Resources https://developer.mozilla.org/en-US/docs/Web/API/EventSource 0:00 Intro 1:50 HTTP 1.0/1.1 3:40 WebSockets 5:00 Server Sent Events 7:30 SSE Use Cases 9:00 SSE Code Example 18:00 SSE Pros & Cons 25:2...
Jul 14, 2020•30 min
In this video I go through all possible ways the US can use to block TikTok? 0:00 Intro 0:22 App Stores 1:30 DNS 2:20 ISP Level Block 3:30 DOH/ DOT 5:00 SNI 5:50 VPN
Jul 08, 2020•6 min
This is a question from one of you guys that I thought I'd answer in its own video since its loaded. Q/A - Shark Beak I currently have the same setup for my side project. What do you think about having a 'create table if not exist' running on startup that creates this table? Good/bad? It is always a good idea to have a specific database user for each route with specific permissions and use connection pooling as much as possible.
Jul 06, 2020•7 min
ZeroMQ is an Open Source Messaging Library designed for a high-performance asynchronous messaging library. In this video I discuss this tech and build a simple queue with this tech 0:00 Intro 1:48 What is ZeroMQ? 4:48 Messaging Patterns 6:42 Socket Types 8:55 Simple Queue 11:00 Code 23:20 ZeroMQ Pros & Cons 29:30 Summary Source Code https://github.com/hnasr/javascript_playground/tree/master/zeromq-simplequeue Resources https://github.com/booksbyus/zguide/tree/master/examples/Node.js https://...
Jul 05, 2020•30 min
Discussing Layer 7 Reverse Proxy D=DOS Mitigation (Security Now Video by Steve Gibson )
Jul 02, 2020•14 min
Google Chrome and Firefox to Join Apple’s Safari in One Year Certificate Validity (My opinion)
Jul 02, 2020•14 min
TCP Fast Open Spec https://tools.ietf.org/html/rfc7413#section-1
Jun 30, 2020•12 min
In this video I discuss what is the TCP Slow Start and its effect on performance of backend applications, proxies and even frontend applications.
Jun 30, 2020•12 min
In this video, I explain why we can't run unencrypted HTTP/2 or HTTP/3 without enabling TLS. This is because of Protocol Ossification.
Jun 30, 2020•9 min
Article: Why Turning on HTTP/2 Was a Mistake - Lucidchart - https://www.lucidchart.com/techblog/2019/04/10/why-turning-on-http2-was-a-mistake/ In this video I discuss this article and my opinion. That is not a limitation of HTTP/2 but of the application that couldn't handle the request. It is like driving a volvo all your life and then switching to a Ferrari and saying it was a mistake because its too fast. I disagree with the solutions of throttling the LB and I think the app should either be a...
Jun 28, 2020•15 min
In this video I have a conversation with you on how we one break it into backend engineering answer most of your questions, what should you write in a CV, what recruiters expect for backend engineers etc.. Question: Hey Hussein, I hope you are doing well, Are there any tips or tricks I can do to make it easier to break into the industry as a back-end developer? i mean what are recruiters looking for in a CV? i would be glad if you made a video about that.
Jun 19, 2020•26 min
In this video I discuss multicast DNS. Wikipedia defines multicast dns In computer networking, the multicast DNS (mDNS) protocol resolves hostnames to IP addresses within small networks that do not include a local name server. 0:00 Intro 0:30 DNS Explained in LAN 4:00 Multicast DNS
Jun 17, 2020•7 min
In this video, I explain the different cases where we overengineer software especially in two pieces, software code, and system design and architecture. Chapters 0:00 Intro 1:45 OverEngineering in Software Development 7:15 OverEngineering System Design
Jun 17, 2020•19 min
We know ISP can block you from going to YouTube all together but can they block you from watching a single youtube video? I discuss that in this video Stay Awesome, Hussein
Jun 07, 2020•12 min
In this video I explain what happened to services such as stripe & roku which failed to establish TLS sessions because the ROOT certificate AddTrust External CA Root has expired. This is a bug in openSSL and other software the perform this kind of validation. I explain what happened in details.. Resources https://twitter.com/sleevi_/status/1266647545675210753 https://tools.ietf.org/html/rfc4158 https://ohdear.app/blog/resolving-the-addtrust-external-ca-root-certificate-expiration
Jun 02, 2020•9 min
Sharing a Single TCP Connection whether this is HTTP, WebSockets or just RAW TCP protocol between multi-threading or multi-processes application is bound to cause bad undesirable effects. I explain this in this video and give example of how QUIC & HTTP/2 have solved this problem. Pooling 5:00 QUICK Database 6:30 HTTP/2 Playlist 7:00
May 31, 2020•9 min
