It seems like these incidents are very common and not sure why ElasticSearch in particular. Let us discuss https://www.zdnet.com/article/leaky-server-exposes-users-of-dating-site-network/
Some of you asked me how to deal with stress at my work and my content creation here on YouTube I share my thoughts with you Intro 0:00 Stress from Work 2:40 Feeling down with no clear reason 7:13 Feeling anxious overwhelmed with stuff to learn 14:55 Pandemic 21:14
Unimog is a layer 4 load balancer built for Cloudflare scale. Cloudflare has written a great blog about it so let us discuss this technology. Video: https://youtu.be/Q0irm6xzNNk Resources https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/ 0:00 Intro 3:33 Layer 4 vs Layer 7 Load Balancers 7:00 Anycast 13:45 Packet Forwarding 23:30 XDP and Network stack 26:45 Maintaining established connection 31:00 Edge Computing 32:00 UDP Routing 33:00 Unimog Summary 34:00 Open Source Software 36...
Jake Miller a security researcher discovered a serious flaw in proxies that allow h2c clear text upgrade and bypass proxy rules. Let us discuss Thanks to @Textras for sending this article! https://twitter.com/thebumblesec/status/1303305853525725184?s=21 https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c?hs_amp=true...
Apache Kafka is an interesting software, every design decision the team makes perfect sense. I decided to dive deep into the discussion of the consumer group concept which is underrated and talk more about it. 0:00 Intro 1:24 Messaging Systems Explained 3:30 Partitioning 4:30 Pub/Sub vs Queue 6:55 Consumer Group 10:00 Parallelism in Consumer Group 10:30 Partition awareness in Consumer Group 11:30 Achieving Pub/Sub with Consumer Group 14:00 Head of Line blocking in Kafka...
Someone asked me a question and I felt its interesting to make a video about, is there a limit to the maximum number of TCP connections a Client can make to the server? If there is what is it? and how does that make sense in all the configurations? 0:00 Intro 1:00 Is there a Max Connection Limit? 4:30 64K Connection Limit Explained 7:20 Max Connections on Reverse Proxies and Max Connections 14:30 How does Router get around Max Connections? 7:00 3 million whatsapp https://www.youtube.com/watch?v=...
Doordash the food delivery service has built an asynchronous task processing backend with Celery and RabbitMQ. They are having lots of outages and problems. Let us discuss how they solved their problem by moving to Apache Kafka. Very well written article. Resource https://doordash.engineering/2020/09/03/eliminating-task-processing-outages-with-kafka/ https://www.rabbitmq.com/connections.html#high-connection-churn...
Application-Layer Protocol Negotiation ( ALPN ) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is needed by secure HTTP/2 connections, which improves the compression of web pages and reduces their latency compared to HTTP/1.x. The ALPN and HTTP/2 standards emerged from development w...
In this video I explain when to use TCP vs UDP as a communication protocol on your backend app. I go through the advantages and disadvantages of UDP I also discuss the protocol within the context of Chatting System, Multiplayer game, and building a browser and a web server 0:00 Intro 2:00 UDP 3:00 TCP 6:00 UDP vs TCP for Building a Chatting System 9:20 UDP vs TCP for Building a Multiplayer game 15:30 UDP vs TCP for Building a Browser and WebServer 19:11 Summary
HTTP/2 is a protocol that allows multiplexing which can be very beneficial however HTTP/2 is not always cheap and might not be a good choice for your backend. * Intro 0:00 * What is HTTP/2 ? 1:30 * HTTP/2 Pros 5:10 * HTTP/2 Advantages on Browsers 5:30 * HTTP/2 Advantages on Reverse Proxy Connection Pooling 9:20 * HTTP/2 Problem 11:00 Google Talk https://www.youtube.com/watch?v=xxN4FfwaANk
Envoy is an open-source L7 proxy and communication bus Originally built at Lyft to move their architecture away from a monolith. In this video, I want to go through the following * What is Envoy? 0:00 * Current & Desired Architecture 0:48 * Envoy Architeture 3:00 * DownStream/Upstream 7:30 * Clusters 9:19 * Listeners 10:50 * Network Filters 11:50 * Connection Pools 13:45 * Threading Model 18:34 * Example 21:25 * Show the 4 apps 24:30 * Install Envoy Brew 26:00 * https://www.getenvoy.io/insta...
Envoy Proxy is an L3/L4 Proxy that is designed to be service mesh, In this video, I discuss my initial thoughts about the product, design choices, and much more. The actual full video on Envoy will be coming soon stay tuned.
In this video, I explain Postgres Vacuum while I walk my dog.
Cloudflare is doing fantastic job to the web community security and backend engineering. This latest fix is awesome it is the ability to auto-tune window size buffer when it comes to uploading HTTP/2 traffic. Article https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ 4:15 slow tcp start https://www.youtube.com/watch?v=rgPcxg8gjho&t=1s 5:40 HTTP crash course https://www.youtube.com/watch?v=0OrmKCB0UrQ&t=4s 6:20 TCP crash course https://www.youtube.com/watch?v=qqRYkct...
SameSite Cookie Lax is interesting and we are finding new exceptions everyday. Let us discuss this one where lax cookies will be sent on POST request as long as the cookies are fresh (2 minutes) Resources https://www.chromestatus.com/feature/5088147346030592
This code was introduced for a user experience ending up taking 50% of the traffic on DNS Root server. Sorry I was touching my hair a lot just took a shower lol. With regards to this article I want to ask you guys a question, Chrome put this feature in order to improve the user experience but it ended up having a huge cost. Did you ever make a choice between performance and user experience? which one usually wins for you? would love to know your opinion Resources https://arstechnica.com/gadgets/...
Windows 95 was a great operating system, wrote so many apps on top of it and played so many games too. Join me as I discuss this https://www.theverge.com/21398999/windows-95-anniversary-release-date-history
GraphQL was born to solve a major limitation in REST API, but the cost of GraphQL and barrier to entry is high. Vulcain addresses REST limitations by introducing HTTP/2 push. Is a simpler alternative? let us discuss Learn about Vulcain here https://github.com/dunglas/vulcain
Chrome is enabling Raw TCP and UDP from the Browser, this is big news! let us discuss the implication, security and benefit for us backend engineers. resources https://www.theregister.com/2020/08/22/chromium_devs_raw_sockets/ raw tcp spec https://github.com/WICG/raw-sockets
In this video, I discuss the different concurrency control at database transactions, specifically the pessimistic vs optimistic concurrency control. and the pros and cons of each. 0:00 Intro 3:00 concurrency Control 5:30 Pessimistic concurrency Control 9:20 Optimistic concurrency Control Resources https://en.wikipedia.org/wiki/Optimistic_concurrency_control https://www.baeldung.com/java-jpa-transaction-locks https://docs.oracle.com/javaee/7/api/javax/persistence/OptimisticLockException.html http...
Jenkins has just released a statement that there is a potential bug (CVE-2019-17638) where an attacker can steal content from other legitimate requests. In this video, I describe the bug and why being a web server is difficult. 2;00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs 7;50 multi-Threading https://www.youtube.com/watch?v=0vFgKr5bjWI&t=1s Resources https://nvd.nist.gov/vuln/detail/CVE-2019-17638 https://en.wikipedia.org/wiki/Jetty_(web_server) https://www.jenkins.io/secu...
Some of you asked me to talk about how I learned to speak good English on my YouTube videos. I wanted to make a video on the fact that It wasn't always that easy and I struggled a lot and still struggling with English. I have immigrated to the United State in 2015 In this video, I want to explain my struggle with the English language as an Arabic native speaker and how I got better but still, I need lots of work. Speaking Tech English is definitely easier than Social.
In this video I explain in details what are third party cookies and how do they work and explain the same site property that google changed 0;30 SameSite 6;00 CORS 6;22 Content Security Policy https://www.youtube.com/watch?v=nHOuakyHX1E https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html
What if questions sometimes cripple the system design for backend application and complicate the end product. I discuss this in this video. Stay Awesome Hussein Nasser
Light video today discussing my interviewing skills for software engineering positions. I always ask this open ended question and allow the candidate to go free.
YAGNI stands for You aren’t gonna need it and its a pillar in extreme programming, in this video I discuss this philosophy within the context of Backend Engineering. https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it * Extreme Programming Rob Jefferies * You Aren’t Gonna Need it .. true but only if the design is well defined * But I am going to need it * Waterfall vs Agile
SNI or server name indication is a TLS Extention that indicate which server/host/domain the client want to communicate with. This is to allow for hosting of multiple websites on the same public static ip address. For the longest time all ISPs used SNI to block hosts and websites, China is now blocking the encrypted version SNI. 0:00 Intro 2:00 DNS and DOH 3:30 SNI 6:30 ESNI 11:00 The Block The ESNI and DOH stops this but China want https://www.zdnet.com/article/china-is-now-blocking-all-encrypte...
HSBC moving from 65 relational databases to a single Global MongoDB, that might be true but it's misleading as not all systems are moved. Resources https://diginomica.com/hsbc-moves-65-relational-databases-one-global-mongodb-database Why some devs don't use MongoDB https://news.ycombinator.com/item?id=23507197 https://news.ycombinator.com/item?id=19497817 https://news.ycombinator.com/item?id=18366385 https://news.ycombinator.com/item?id=23270429...
SameSite Cookie attribute has been introduced to secure the web and only send cookies within a trusted and safe context. SameSite Cookies Video https://www.youtube.com/watch?v=aUF2QCEudPo
A great change by Chrome team, downloading files on HTTP insecure channels is insecure. Let us discuss Resource https://www.zdnet.com/article/google-to-block-some-http-file-downloads-starting-with-chrome-83/
