MongoDB, Postgres, Microsoft SQL Server, or MySQL, or any other database manages concurrency control differently. There are two methods, pessimistic and optimistic, both have their pros and cons. Let explore how different databases implement this and what is the effect on performance/scalability. This is often known as Optimistic vs pessimistic locking. Although I don't really like to use locking with this because it confuses the story. 0:00 Intro 2:20 What is Concurrency Control 6:00 Pessimisti...
Jul 01, 2021•22 min
@MrRajputHacker @Th3Pr0xyB0y found critical universal XSS (an XSS that affects the entire browser, not just one page) on Microsoft Edge. They responsibly reported the bug and detailed it in their article. Let us discuss Resources https://cyberxplore.medium.com/how-we-are-able-to-hack-any-company-by-sending-message-including-facebook-google-microsoft-b7773626e447 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security https://msrc.microsoft.com/update-guide/vulnerability/CVE-...
Jun 28, 2021•9 min
In this episode of the backend engineering show I'll discuss the difference between b-tree and b+tree why they were invented, what problems do they solve, and the advantages and disadvantages of both. I'll also discuss the limitation of implementing b-tree over b+tree and how Discord ran into a memory limitation using b-tree Mongo. Check out my udemy Introduction to Database Engineering course https://husseinnasser.com/courses Learn the fundamentals of database systems to understand and build pe...
Jun 27, 2021•33 min
SSH Wormable, Written in Bash and VERY hard to detect. Let’s discuss the DarkRadiation ☢️ Ransomware. This new ransomware is cut from a different cloth. Let us discuss * SSH Wormable * Encrypts with AES (OpenSSL) * It mutates so anti-viruses can’t catch it * Bash * Still under development https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat--and-debian-based-linux-distributions.html Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTub...
Jun 24, 2021•16 min
The ALPACA attack stands for application layer protocol confusion attack and discovered by a group of German computer scientists. Let us spend some time analyzing how this attack really works and how dangerous this is. Resources https://alpaca-attack.com/ALPACA.pdf https://var.thejh.net/http_ftp_cross_protocol_mitm_attacks.pdf https://github.com/RUB-NDS/alpaca-code https://github.com/RUB-NDS/alpaca-code/blob/master/testlab/servers/files/nginx-attacker/html/upload/ftps.html https://twitter.com/la...
Jun 22, 2021•43 min
This Indian computer scientist uncovered a severe bug that allows anyone to view private content. Let’s see how he did it. https://link.medium.com/goNhkJgv9gb Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husseinnasser.com/courses
Jun 17, 2021•11 min
It is inevitable that a backend service will need to get restarted to pick up a new code change, configuration change, or get out of an invalid state. In this show, I'll discuss why do we need restart services and what alternative ways are there to get around it. And then I'll talk about how to achieve a zero-downtown restart and it is not straightforward as one might think. Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWK...
Jun 13, 2021•15 min
CAP stands for Consistency, Availability, and Partition tolerance. Understanding the CAP theorem can help engineers make better design choices when building distributed systems. In this show, I will explain the CAP theorem and how you can use it to make tradeoffs in your backend design. You probably already are using the CAP theorem without even knowing. Resources https://www.infoq.com/articles/cap-twelve-years-later-how-the-rules-have-changed/#:~:text=The%20CAP%20theorem%20states%20that,to%20ne...
Jun 12, 2021•18 min
Fastly, a very popular CDN went down and took down many services, let’s talk about what could have caused this. Resources https://status.fastly.com/incidents/vpk0ssybt3bj https://twitter.com/fastly/status/1402221348659814411?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1402221348659814411%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Ftwitter.com%2F https://apple.news/ASVV6TIepT8GPIEDjFbyNRg Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.you...
Jun 08, 2021•15 min
On May 27, 2021, Klarna, a popular fintech company has suffered a serious exposure of personal data which caused a planned outage. Resources https://twitter.com/KezStew/status/1397845638956605440 https://www.klarna.com/us/blog/detailed-incident-report-incorrect-cache-configuration-leading-to-klarna-app-exposing-personal-information/ https://en.wikipedia.org/wiki/Klarna#cite_note-22 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5x...
Jun 08, 2021•36 min
Dominos Pizza India hacked and 13TB of customers' data is now on the dark web. https://www.indiatoday.in/technology/news/story/leaked-data-of-dominos-india-users-now-available-on-search-engine-created-by-hacker-1805595-2021-05-22 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Jun 04, 2021•15 min
QUIC is officially an IETF standard after a very long time. Is this going to replace the TCP protocol? https://www.theregister.com/2021/05/31/quic_becomes_standard/ https://datatracker.ietf.org/doc/html/rfc9000 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husseinnasser.com/courses
Jun 03, 2021•16 min
In this episode of the backend engineering show, I go through the lifetime of an HTTP request and why it is extremely difficult to cancel an HTTP request in a real production environment. Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husseinnasser.com/courses
Jun 02, 2021•22 min
In this episode, I will discuss the different types of database replication and the pros and cons of each, streaming, binary, logical, synchronous, asynchronous, one-way and two-way replication. Stay tuned if you like databases and check out my database engineering course head to husseinnasser.com/courses for a discount code Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husse...
May 31, 2021•20 min
In this episode, I will discuss Tor’s circuit Establishment which is the core of the Tor protocol. https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf https://youtu.be/gIkzx7-s2RU Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husseinnasser.com/courses...
May 29, 2021•35 min
This is an honest video about burnout and what a content creator can do to avoid it creating content on YouTube. Support my work on PayPal https://bit.ly/33ENps4
May 27, 2021•15 min
In this episode of the backend engineering show, I'll discuss long polling technique of backend communication. I will also touch upon Polling and Pushing too and the pros and cons of each. * Intro 0:00 * Polling 2:45 * Pushing 6:30 * Long Polling 18:00 * SSE 23:00 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husseinnasser.com/courses
May 26, 2021•27 min
In this episode of the Backend Engineering show, we will go through the new features in Postgres 14. Here is a rundown of improvements made to the database platform with timestamps. 0:00 Intro 2:20 Performance 18:50 Data Types and SQL 23:00 Administration 32:30 Replication and Recovery 35:47 Security Postgres 14 Beta 1 https://www.postgresql.org/about/news/postgresql-14-beta-1-released-2213/ Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube 🧑🏫 Courses I Teach https:/...
May 23, 2021•40 min
In this episode of the Backend Engineering Show, I’ll explain the OSI Model with an example. I start with the physical layer which is often ignored moved up to the application layer, presentation layer, session layer, transport layer, IP layer, and data link layer. I believe every software engineer should understand the OSI Model as it helps cement the fundamental understanding of networking applications. Intro 0:00 Layer 1 Physical 4:00 Layer 7 Application 9:45 Layer 6 Presentation 11:30 Layer ...
May 20, 2021•32 min
In today's show, I discuss the nature of communications in database systems and how the pattern completely changed with 3-tier web architecture. I also discuss whether multiplexing protocols such as HTTP/2 and QUIC can help elevate some of the inefficiencies introduced. * Intro 0:00 * Communication Protocols 2:00 * 3 Web Tier Architecture 8:00 * Connection Pooling 14:50 * Database Connection Multiplexing 23:40 * Will Databases handle high concurrency 32:00 Support my work on PayPal https://bit.l...
May 18, 2021•41 min
DST Root CA X3 Expires on September 2021, a ROOT certificate that signs Let's Encrypt Certificate authority, a very popular CA. In this video, I will discuss the ramification of this change. Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husseinnasser.com/courses 🏭 Backend Engineering Videos in Order https://backend.husseinnasser.com...
May 17, 2021•15 min
Salesforce services went down as a result of a DNS update, let us discuss how can tiny DNS unavailability cause a severe outage of 5 hours. From salesforce "On May 11, 2021, at approximately 21:08 Universal Coordinated Time (UTC), the Salesforce Technology team became aware of a service disruption across Salesforce production instances. The disruption impacted the ability for users to log into their Salesforce environments within the core Salesforce services, Marketing Cloud, Commerce Cloud, Gov...
May 13, 2021•14 min
In this show, I go into detail on how HAProxy achieved 2 million HTTP requests per second. This is a very well-written article that discusses how the HAProxy team benchmarked the product on a 64 core ARM machine leading to over 2 million requests per second. There are many components and low-level points that I try to elaborate on, timestamps below. 0:00 Intro 2:40 Summary of the Article 11:55 Latency and Throughput in HAProxy 2.3 vs 2.4 21:00 How TCP Connections Affects Performance 28:00 Maximu...
May 10, 2021•48 min
In this show, I discuss why we have 3 data models in database systems, OLTP (Online Transactional Processing) OLAP (Online Analytical Processing), and HTAP (Hybrid Transactional Analytical Processing). I’ll also explain the difference between them, the use of ETL tools (extract transform load) to load data from transactional to analytical databases, and what is the future of HTAP. Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP...
May 09, 2021•43 min
Watch this if you are using IP Address validation in both NodeJS and Python, these two libraries strip leading zeros which can lead to server side request forgery. Let us discuss Resources https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/ https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube http...
May 04, 2021•16 min
In this video, I’ll discuss the Pingback attack, a new clever attack that uses both DLL files through Oracle Component Interface (OCI.dll) and ICMP protocol to deliver commands between the victim machines and the command center. Resources https://thehackernews.com/2021/05/new-pingback-malware-using-icmp.html https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol https://en.wikipedia.org/wiki/Oracle_Call_Interface Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTub...
May 04, 2021•19 min
In this podcast I’ll explain the message queues, the request response pattern and the publish subscribe pattern. I will also illustrate the main differences between them and when to use over another. 0:00 Intro 0:30 Message Queues in 60 Seconds 1:24 When to Use Message Queues? 14:33 Request Response Pattern 20:00 Request Response Pros & Cons 24:11 Publish Subscribe Pattern in 60 Seconds 25:13 Publish Subscribe Pattern 31:49 Publish Subscribe Pattern Pros and Cons Support my work on PayPal ht...
May 02, 2021•45 min
502 Bad Gateway is one of the most infamous errors on the backend, it usually means “hey something wrong with your backend server” but it doesn’t really give enough information. In this video, I’ll go through details on why proxies and gateways like NGINX and HAProxy should consider throwing more fine detailed HTTP error codes. 502 Bad Gateway The server was acting as a gateway or proxy and received an invalid response from the upstream server. 0:00 intro 3:45 What Causes a 502 Bad Gateway? 8:00...
Apr 30, 2021•17 min
In this episode I’ll talk about how VPN works, networking, IPSec and will also discuss the benefits of VPN and what happens when a VPN is hacked? * Intro 0:00 * How Networking Works? 2:20 * How VPN Works? 10:00 * VPN Benefits 17:50 * What happens when VPN is hacked 20:20 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑🏫 Courses I Teach https://husseinnasser.com/courses...
Apr 26, 2021•27 min
There is an ongoing situation with the Linux kernel community and the University of Minnesota Department of Computer Science & Engineering. We discuss this in this episode and I give my opinion
Apr 22, 2021•16 min
