Igeometry Podcast

In this video I go over the critical timeouts on a Proxy system such as reverse proxy or load balancer and how can you configure each one to protect against attacks or outages. Nginx and HAProxy just a few proxies that you can configure to be load balancers.     --- Support this podcast: https://anchor.fm/hnasr/support

Guys this is absolutely genius and nuts! I have never seen anything like this before. This guy got access to paypal json and saw some private packages.. created public ones with a similar name and then made them do bad things, then thing because firewalls will shut those down.. he used DNS DNS requests are practically safe so firewalls allow them 11:05 chrome root https://youtu.be/qpC1YH0FhuY https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 --- Support this podcast: https://anchor.fm/hnasr/support

Reads and Writes don’t have to live in the same database, data model or even the same service. Let us discuss CQRS no separation one service that does read/write partial separation You can keep one service but backend have multiple connections with different users same database full separation Read services / write services two databases OLAP / OLTP Pros scalability security Cons complex and very hard to follow, what we see with microservices.. resources https://martinfowler.com/bliki/CQRS.html http://codebetter.com/gregyoung/2010/02/16/cqrs-task-based-uis-event-sourcing-agh/ --- Support this podcast: https://anchor.fm/hnasr/support

In this video, I will discuss the new TLS extension Encrypted Client Hello which is a new mechanism to encrypt the entire client hello, very interesting and elegantly design but I have my few reservations and criticisms. Let us discuss. Intro 0:00 Classic TLS with SNI 7:00 ESNI 9:30 ECH 12:30 Limitations and Problems 21:00 Let's say the backend server hosts example.com with the cert of example.com and let us call this the “real” SNI. To support ECH, the same server should also host a client facing cert, lets call it server-ech.com with corresponding server-ech.com cert. So your server IP address is hosting two domains. example.com and ( server-ech.com just to support ech) So when you perform an oDoH/DoH query looking for example.com you will get back the IP address of example.com, (which is the same ip address as server-ech.com), you will also get the ephemeral public key of example.com from the HTTPSSVC DNS record. This will be used to encrypt the inner client hello, and finally, you will get a record of the

MySQL is clustered by default on the primary key which means inserts have to be ordered, let us discuss why UUID (random in nature) has bad performance in MySQL and whether postgres wins here. We will also explain why Sequential Writes are Faster than Random in MYSQL and     https://www.percona.com/blog/2019/11/22/uuids-are-popular-but-bad-for-performance-lets-discuss/ --- Support this podcast: https://anchor.fm/hnasr/support

This is a very interesting article that I encourage you to read it as it has lots of useful lessons in postgres. Using partial indexes, full vacuum, dropping unused indexes and much more helped this company save 70G worth of disk space.    https://hakibenita.com/postgresql-unused-index-size --- Support this podcast: https://anchor.fm/hnasr/support

In this video I discuss my approach of learning new technology and how I break it down so I understand it. Hope it helps --- Support this podcast: https://anchor.fm/hnasr/support

The InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses content-addressing to uniquely identify each file in a global namespace connecting all computing devices. Intro 0:00 Why IPFS? 2:00 Explain the original web model and the limitation * Content addressing instead of location addressing * decentralized content distributed among peers Content 3:30 * Content is hashed as CID * Content is immutable each update generates new CID * Content addressing Routing 4:30 * Distributed Hash Table (DHTs) maps CID / Peer IP address * DHT server hosts content and DHT Publishing Content 6:30 * New Content that you want to share on ipfs * hash the content creating new CID * Update your local DHT CID / your ip address * DHT will be updated to all the content peer (NOT the CONTENT) * People searching for your CID will be connected to you and only you. Consuming Content 8:48 * ipfs client (dht client) want to consume Ipfs://cid/ * ipfs clie

It looks like digital certificates and other certificate authorities issued by Spanish certificate authority Camerfirma will stop working in Chrome 90, in April.   https://www.zdnet.com/article/google-bans-another-misbehaving-ca-from-chrome/  https://wiki.mozilla.org/CA:Camerfirma_Issues --- Support this podcast: https://anchor.fm/hnasr/support

I explain why and when SELECT * can become expensive.  --- Support this podcast: https://anchor.fm/hnasr/support

David Schuts, a security researcher earned $5000 dollars in Google VRP by finding a Backend YouTube API that leaks Private Video Thumbnails. let us discuss how did he do that.   Resources https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/ Twitter @xdavidhu https://twitter.com/xdavidhu --- Support this podcast: https://anchor.fm/hnasr/support

A vulnerability in Google Feedback component in postMessage allowed this security researcher to find a way to hijack private screenshots   https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/ https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage --- Support this podcast: https://anchor.fm/hnasr/support

Brave supports IPFS (InterPlanetary File System) which is a protocol designed to replaced HTTP as a decentralized alternative. This allows users to host and consume   Resources https://brave.com/brave-integrates-ipfs/ https://ipfs.io/#how --- Support this podcast: https://anchor.fm/hnasr/support

The current FTP implementation in Google Chrome has no support for encrypted connections (FTPS), nor proxies. Usage of FTP in the browser is sufficiently low that it is no longer viable to invest in improving the existing FTP client. In addition more capable FTP clients are available on all affected platforms.  Google Chrome 72+ removed support for fetching document subresources over FTP and rendering of top level FTP resources. Currently navigating to FTP URLs result in showing a directory listing or a download depending on the type of resource. A bug in Google Chrome 74+ resulted in dropping support for accessing FTP URLs over HTTP proxies. Proxy support for FTP was removed entirely in Google Chrome 76.  Remaining capabilities of Google Chrome’s FTP implementation are restricted to either displaying a directory listing or downloading a resource over unencrypted connections. We would like to deprecate and remove this remaining functionality rather than maintain an insecure FTP implementation. Res

On Jan 4th 2021, Slack experienced a global outage that prevented customers from using the service for nearly 5 hours. Slack has released the Root cause analysis incident report which I’m going to summarize in the first part of this video. After that Ill provide a lengthy deep dive of the incident so make sure to stick around for that. If you are new here, I make backend engineering videos and also cover software news, so make sure to Like comment and subscribe if you would like to see more plus it really helps the channel, lets jump into it. So This is an approximation of Slack’s architecture based on what was the described in the reports. Clients connects to load balancers, load balancers distribute requests to backend servers and backend servers finally make requests to database servers which is powered by mysql through vitess sharding. All of those are connected by routers in cross boundary network. Around 6AM jan 4 , the cross network boundary routers setting between LB and backend and backend to DB star

In this video I go through the new most exciting features in HAProxy, one of my favorite proxies. HAProxy 2.3 adds exciting features such as forwarding, prioritizing, and translating of messages sent over the Syslog Protocol on both UDP and TCP, and OpenTracing SPOA, Stats Contexts, SSL/TLS enhancements, an improved cache, and changes in the connection layer that lay the foundation for support for HTTP/3 / QUIC. Resources https://www.haproxy.com/blog/announcing-haproxy-2-3/ 0:00 Intro 2:00 Connection Improvements 5:40 Load Balancing 11:36 Cache 15:00 TLS Enhancements --- Support this podcast: https://anchor.fm/hnasr/support

In this video I go through the new features in Apache Kafka 2.7, it is very interesting to see the amount of work Apache Kafka is doing to get closer to removing ZooKeeper   *  [KAFKA-9893] - Configurable TCP connection timeout and improve the initial metadata fetch * [KAFKA-9915] - Throttle Create Topic, Create Partition and Delete Topic Operations * [KAFKA-10054] - Add TRACE-level end-to-end latency metrics to Streams * [KAFKA-10259] - KIP-554: Add Broker-side SCRAM Config API * [KAFKA-10338] - Support PEM format for SSL certificates and private key   https://dist.apache.org/repos/dist/release/kafka/2.7.0/RELEASE_NOTES.html https://blogs.apache.org/kafka/entry/what-s-new-in-apache4 Confluence Mobile - Apache Software Foundation --- Support this podcast: https://anchor.fm/hnasr/support

I discussed this in many of my videos, the need for a database that natively supports a multiplexing protocol such as QUIC, gRPC or HTTP/2 in order to allow multiple isolated clients to make requests to the database without taking the overhead of establishing multiple connections.    Resources https://www.infoq.com/news/2021/01/eventstoredb/ https://developers.eventstore.com/clients/dotnet/5.0/streams/#writing-to-a-stream --- Support this podcast: https://anchor.fm/hnasr/support

A lot of you guys ask me this question. “I have experience but not sure how to show it, how do I build my backend portfolio such that I can get hired in my dream job. “ Building a backend portfolio takes time and effort and In this video I will be discussing 9 tools that you can add to your backend portfolio 0:00 Intro Live Projects 1:50 System Design Documents 3:45 Architectural/System Design Diagrams 5:45 UX/UI (in case of frontend) 7:13 Papers 8:30 Books 9:50 Blog articles 10:55 Videos 12:44 Podcast 14:45 Summary 15:45 --- Support this podcast: https://anchor.fm/hnasr/support

WhatApp has updated their terms of usage and privacy policy which caused many users to move to other platforms. This video will be a detailed report of their privacy policy, what they collect and what they can collect and see. https://www.whatsapp.com/legal/privacy-policy https://cdn.arstechnica.net/wp-content/uploads/2021/01/Image-from-iOS.png cards 1:30 end to end 16:30 Samesite cookie 0:00 WhatsApp New Privacy 4:00 Your Account Information 5:30 Your Messages 12:15 Your Connections 13:00 Automatically Collected Information 17:45 Summary --- Support this podcast: https://anchor.fm/hnasr/support