Igeometry Podcast

NodeJS Jan 2021 released its security update and its time to go through them!   Resources https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/use-after-free in TLSWrap (High) (CVE-2020-8265) HTTP Request Smuggling in nodejs (Low) (CVE-2020-8287) OpenSSL - EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) --- Support this podcast: https://anchor.fm/hnasr/support

On Jan 4th 2021 7:14 PST All Slack services went down. This video is an early report of the incident and speculation of what might have caused this outage. We still don’t know what caused the outage, we will wait for the full incident report from slack and I'll make a video once that's up.  https://status.slack.com/ --- Support this podcast: https://anchor.fm/hnasr/support

The SolarWinds hack is one of the largest highly coordinated and intelligent attempt to hit enterprise companies. In this video, I briefly explain how smart this is. --- Support this podcast: https://anchor.fm/hnasr/support

While working on a Postgres docker container executing some queries I noticed that my index-only scan query is hitting the heap which it shouldn't. After digging deep I found that it's the shared memory that docker allocates by default. Defaults are never enough, very interesting train of thought that I thought I’d share with you  The Blog I found that helped me find it https://blog.makandra.com/2018/11/investigating-slow-postgres-index-only-scans/ --- Support this podcast: https://anchor.fm/hnasr/support

Let us discuss what I'm excited for in Backend Tech in 2021 and answer your great questions --- Support this podcast: https://anchor.fm/hnasr/support

In this video, I go through my process of how I design and architect full software from A-Z. This is part of a Twitter thread that you guys seem to enjoy so I decided to make a video on the topic. Although the spec I generate is usually Backend oriented this is applicable for all software.  Twitter thread https://twitter.com/hnasr/status/1339021983195918337?s=20 --- Support this podcast: https://anchor.fm/hnasr/support

In this video, I go through how I overcome procrastination as a software engineer.  What is Procrastination? 0:00How to Defeat  * Reward based system - a reward after achieving  1:20* discipline, remembering why started this, your goal 3:16* Professional - I need to do the work and ship 6:10 --- Support this podcast: https://anchor.fm/hnasr/support

2020 retrospective Intro 0:00 Goals 0:50 Teaching vs Documenting 4:30 Channel Growth 7:40 2021 10:50 --- Support this podcast: https://anchor.fm/hnasr/support

0:00 Intro 1:00 Summary of the Outage 4:00 Detailed Analysis of the Incident Report On Dec 14 2020 Google across the globe suffered from an outage that lasted 45 minutes nobody could access most of Google services. Google has released a detailed incident report discussing the outage, what caused it, technical details on their internal service architecture and what did they do to mitigate and prevent this from happening in this in the future In this video, I want to take a few minutes to summarize the report and then go into a detailed analysis. You can find youtube chapters to jump to the interesting part of the video. pick your favorite drink, sit back relax, and enjoy. Let's get started. let's start with an overview of how the google id service works, the client connects to Google authentication service to get authenticated or retrieve account information The account information is stored in a distributed manner between the different service ids for redundancy. when an update is made to an account on the le

The Backend Engineering Show Live with Hussein Nasser episode 10 we discuss many great questions!! Indexing Woes, The Secret to Backend Interviews, What is on my Bookshelf? Backend Engineering Show --- Support this podcast: https://anchor.fm/hnasr/support

Exposed Postgres instances are being ssh into and used as a botnet to mine bitcoin, in this video we explain how does that happens.   the trick is the COPY FROM PROGRAM command --- Support this podcast: https://anchor.fm/hnasr/support

At 3:47 am PST almost all google services went down including, gmail, youtube, drive, docs, meet, nest , google maps and many more. It took close to an hour to bring them back up. We still don’t know what caused this outage, in this video we will try to make sense from what we have gathered so far. A detailed analysis video will follow once we get a response from google symptoms Could not sign in to google (account not found) Could not authenticate if you already have a token Services not require authentication also fails to retrieve certain account information (profile, YouTube comments) Guess -> Borg Service that provide authentication, authorization went down, a fix? Storage qouta issue? https://twitter.com/googlecloud/status/1338493015145504770 https://www.tomsguide.com/news/gmail-and-youtube-down-several-google-services-are-not-working-latest-updates Google down? Realtime status, issues and outages for the UK | Downdetector Google Workspace Status Dashboard --- Support this podcast: https://a

When the private key of a matching public key that belong to a certificate is leaked, an attacker can intercept server hello, use their own dh parameters sign it with the stolen private key and ship it to the client effectively doing MITM. This is extremely dangerous and we have no way in the client to know a MITM has happened. That is why a certificate sometimes has to be revoked, and in this video I’m going to discuss those revocation techniques. 0:00 How Certificate Works 3:00 Certificate Revocation List 4:10 OCSP 7:00 OCSP Stapling --- Support this podcast: https://anchor.fm/hnasr/support

In The Backend Engineering Show Live, we discuss Impostor syndrome and Staying Motivated in software engineering field. --- Support this podcast: https://anchor.fm/hnasr/support

Oblivious DoH is a technology that separates IP addresses from queries, so that no single entity can see both at the same time. Cloudflare, Apple & Fastly worked on this and did a good write-up of the tech, we discuss it in this video https://blog.cloudflare.com/oblivious-dns/ https://blog.cloudflare.com/oblivious-dns/ --- Support this podcast: https://anchor.fm/hnasr/support

Oracle introduces a Game Changer Feature in MySQL that allows for OLAP & OLTP workloads in a single database. This is huge let us discuss https://www.oracle.com/emea/news/announcement/oracle-announces-mysql-database-service-with-integrated-analytics-engine-2020-12-03.html https://dev.mysql.com/doc/mysql-analytics/en/mysql-analytics-introduction.html 0:00 Intro 1:40 History of ETL 7:00 How Kafka Helped Data Warehouse 8:20 How RAPID Solves this 11:14 MySQL Database Service Analytics Engine (RAPID) Architecture 14:00 Loading Data 18:00 Summary --- Support this podcast: https://anchor.fm/hnasr/support

In The Backend Engineering Show Live we will have a casual Q&A around QUIC Outline  HTTP/1.1 Trouble HTTP/2 Trouble QUIC Handshake QUIC 0RTT HPACK vs QPACK Why HTTP/3 --- Support this podcast: https://anchor.fm/hnasr/support

In AWS re-invent, Amazon announced open sourcing Babelfish for PostgreSQL, a SQL Server-compatible end-point for PostgreSQL to make PostgreSQL fluent in understanding communication from apps written for SQL Server. Let us discuss what is this technology and whether if its gonna really move developers away form Microsoft SQL Server to Postgres Resources https://aws.amazon.com/blogs/opensource/want-more-postgresql-you-just-might-like-babelfish/ Chapters 0:00 Intro 1:30 Postgres vs SQLServer 5:20 What is Babelfish? 9:40 Why Babelfish May not Work 10:06 Will Babelfish Includes everything? 11:46 BabelFish is an Extra Layer 13:35 What REALLY is Babelfish? 15:00 Performance --- Support this podcast: https://anchor.fm/hnasr/support

Attackers have been disguising trojans and other malicious codes in post-install NPM packages and developers have been targeted. This is another incident from NPM. NPM needs to step up and solve this problem https://www.zdnet.com/article/malicious-npm-packages-caught-installing-remote-access-trojans/ --- Support this podcast: https://anchor.fm/hnasr/support

AWS US east-1 experienced an outage Nov-25-2020. Amazon has updated us with summary detailing what exactly happened to amazon Kinesis that caused the outage let us discuss it 0:00 Intro 1:00 Tldr (diagram) 7:30 Detailed Analysis of What Happened 25:00 Why Cognito Went Down 31:20 Why CloudWatch Went Down 33:20 Why Lambda and AutoScaling Went Down 35:50 Why EventBridge, Elastic Kubernetes and Container Service Went Down 38:00 Why Service Status Went Down 40:00 Summary https://aws.amazon.com/message/11201/ --- Support this podcast: https://anchor.fm/hnasr/support