Igeometry Podcast

AWS US east-1 experienced an outage yesterday, let us discuss what could have been the problem and what amazon did to solve it — Latest Update (6:23 PM PST): We’d like to provide an update on the issue affecting the Kinesis Data Streams API, and other dependent services, within the US-EAST-1 Region. We have now fully mitigated the impact to the subsystem within Kinesis that is responsible for the processing of incoming requests and are no longer seeing increased error rates or latencies. However, we are not yet taking the full traffic load and are working to relax request throttles on the service. Over the next few hours we expect to relax these throttles to previous levels. We expect customers to begin seeing recovery as these throttles are relaxed over this timeframe. Resources https://www.datacenterdynamics.com/en/news/aws-us-east-1-region-suffers-errors-and-outages-impacting-its-status-page/ https://disqus.com/by/disqus_DZeJlmjjGx/ https://downdetector.com/status/amazon/ https://www.youtube.com/watch?v=I

In this video I go through the three type of caching and how it is kept in sync. 0:00 Intro 0:30 What is Caching? 1:20 Spatial Cache 3:30 Temporal Cache 5:00 Distributed cache 6:30 Write-Through Cache 8:00 Write-Back Cache --- Support this podcast: https://anchor.fm/hnasr/support

According to Sumo Logic's research, Redis is now officially the most popular database in 2020 on AWS cloud deployment. Let us discuss some of the reasons why the in-memory database became so popular   https://www.theregister.com/2020/11/23/redis_the_most_popular_db_on_aws/ --- Support this podcast: https://anchor.fm/hnasr/support

Felix Wilhelm of Google Project Zero found an injection Vulnerability affecting GitHub Actions and Workflow Commands specifically related to setting malicious environment variables by parsing STDOUT Resources https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids https://www.zdnet.com/article/google-to-github-times-up-this-unfixed-high-severity-security-bug-affects-developers/ --- Support this podcast: https://anchor.fm/hnasr/support

A botnot caught scanning the web for .ENV file and harvesting Credentials, API Keys and Passwords. Let us discuss   https://www.zdnet.com/article/botnets-have-been-silently-mass-scanning-the-internet-for-unsecured-env-files/ --- Support this podcast: https://anchor.fm/hnasr/support

The Envoy Proxy fixed two zero day vulnerabilities, from Envoy groups : We are announcing the fixes for two zero days that were identified today: Crash in UDP proxy when datagram size is > 1500. This can happen if either MTU > 1500 or if fragmented datagrams are forwarded and reassembled: https://github.com/envoyproxy/envoy/pull/14122. This issue was already under embargo and a new issue was opened in public GitHub. Proxy proto downstream address not restored correctly for non-HTTP connections: https://github.com/envoyproxy/envoy/pull/14131. This issue was opened publicly recently but the security implications were not clear at the time. This will affect logging and network level RBAC for non-HTTP network connections. Resources https://groups.google.com/g/envoy-security-announce/c/aqtBt5VUor0 0:00 0:20 UDP Proxy Crash 2:15 Incorrect Downstream Remote Address --- Support this podcast: https://anchor.fm/hnasr/support

In this live stream we have a Q&A about Communication Protocols in the Backend , enjoy. We Talk about Masque, WebTransport, WebSockets, TCP, UDP and more --- Support this podcast: https://anchor.fm/hnasr/support

A group of researchers from UC Riverside and Tsinghua University announced a new attack against the Domain Name System (DNS) called SAD DNS (Side channel AttackeD DNS). In this video I explain this attack 0:00 Intro 1:00 What is DNS? 3:10 Original DNS Poisoning 6:30 DNS Poisoning with Fragmentation Attack 9:30 ICMP Explained 13:00 DNS Poisoning with ICMP Error Messages   Resources https://blog.cloudflare.com/sad-dns-explained/ https://www.saddns.net/ https://bit.ly/3lHTn45 https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol --- Support this podcast: https://anchor.fm/hnasr/support

There is a new Protocol called WebTransport, it sets to solve some limitations in WebSockets, the question is will this completely replaces WebSockets? I’ll leave this question to you guys. Let us discuss Resources https://www.youtube.com/watch?v=jTBM9CDO_Wk&feature=youtu.be https://datatracker.ietf.org/doc/draft-kinnear-webtransport-http2/ https://datatracker.ietf.org/doc/draft-vvv-webtransport-http3/ https://datatracker.ietf.org/doc/draft-vvv-webtransport-quic/ --- Support this podcast: https://anchor.fm/hnasr/support

FireFox Enables HTTPS Only Mode, let us discuss  https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ What does it mean? Death of HSTS? No more plugins Will it ever become default? (Government sites unencrypted, backward compatible) --- Support this podcast: https://anchor.fm/hnasr/support

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses. (CVE-2020-8277)  I discuss this attack in this video and whether you should fix it.  Impacts: * Versions 12.16.3 and higher on the 12.x release line * Versions 14.13.0 and higher on the 14.x release line * All versions of the 15.x release line   Resources https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#:~:text=Denial%20of%20Service%20through%20DNS,a%20larger%20number%20of%20responses. Code Fix  https://github.com/nodejs/node/commit/022899e1d5 --- Support this podcast: https://anchor.fm/hnasr/support

In this Livestream we discuss the following topic  Facebook moving to QUIC https://engineering.fb.com/2020/10/21/networking-traffic/how-facebook-is-bringing-quic-to-billions/ Multiplexed Application Substrate over QUIC Encryption (masque) https://datatracker.ietf.org/wg/masque/about/ KIP500, Kafka removing ZooKeeper https://www.confluent.io/blog/how-to-prepare-for-kip-500-kafka-zookeeper-removal-guide/ DotNET 5 https://devblogs.microsoft.com/dotnet/announcing-net-5-0/ --- Support this podcast: https://anchor.fm/hnasr/support

HTTP CONNECT Method allows the client to create a tunnel through a proxy to forward any free-form content through it. Let us discuss why do the pros and cons of this 0:00 Intro 1:45 HTTP Proxy 5:50 HTTPS Proxy 9:40 HTTP CONNECT 14:15 HTTP CONNECT Chaining 16:10 Pros & Cons of CONNECT 23:20 MASQUE Resources https://tools.ietf.org/html/rfc7231#section-4.3.6 Multiplexed Application Substrate over QUIC Encryption (masque) https://datatracker.ietf.org/wg/masque/about/ What if you want to connect to the secure site? cards 18:40 http/2 clear smuggling https://www.youtube.com/watch?v=B2VEQ3jFq6Q 17:40 layer 4 proxy https://www.youtube.com/watch?v=aKMLgFVxZYk 16:50 WebSockets https://www.youtube.com/playlist?list=PLQnljOFTspQUGjfGdg8UvL3D_K9ACL6Qh 21:00 HTTP/2 https://www.youtube.com/watch?v=fVKPrDrEwTI --- Support this podcast: https://anchor.fm/hnasr/support

HTTP/2 Push is being removed since it is very difficult to implement and has no added value. Let us discuss  Resource https://groups.google.com/a/chromium.org/g/blink-dev/c/K3rYLvmQUBY/m/vOWBKZGoAQAJ Video https://www.youtube.com/watch?v=uAfNRJJ_BrA --- Support this podcast: https://anchor.fm/hnasr/support

An article from 2016 which caused lots of discussions in the software engineering community. We bring it back and open old wounds and discuss it again.  0:00 Intro 3:00 Problems with Architecture of Postgres 4:00 Postgres on-Disk Format 9:45 Replication 13:19 Write Amplification 16:44 Replication Bandwidth 21:16 Data Corruption 24:00 Replica MVCC 31:30 Postgres Upgrades 33:00 MySQL on-Disk Format 37:00 MySQL Replication 40:00 Connection Handling https://eng.uber.com/postgres-to-mysql-migration/ https://news.ycombinator.com/item?id=12166585 --- Support this podcast: https://anchor.fm/hnasr/support

WebRTC (Web Real-Time Communication) is a free, open-source project that provides web browsers and mobile applications with real-time communication (RTC) via simple application programming interfaces (APIs). In this video I go through webrt and discuss all the concepts of WebRTC in details. We will learn about NAT, STUN, TURN, ICE, SDP, Signaling and we will show a demo too! Finally we will talk about the pros & cons 0:00 Intro 3:44 WebRTC Overview 11:17 NAT 16:54 NAT Translation Methods 26:20 STUN 33:30 TURN 35:00 ICE 38:00 SDP 40:52 Signaling 43:30 WebRTC Demo 1:00:00 WebRTC Pros & Cons 1:04:00 Bonus WebRTC Content ! tags webrtc, Web Real-Time Communication, webrtc video, webrtc samples, webrtc tutorial, webrtc , interactive connectivity establishment ice , session description protocol, session initiation protocol, peer to peer, getUserMedia, RTCPeerConnection --- Support this podcast: https://anchor.fm/hnasr/support

Live Q&A discussion of different backend engineering topics --- Support this podcast: https://anchor.fm/hnasr/support

Facebook move to QUIC from TCP was not smooth but they did see some improvement in all their apps. Let us discuss this Article https://engineering.fb.com/networking-traffic/how-facebook-is-bringing-quic-to-billions/ 0:00 Intro 3:00 What is QUIC? 10:45 Facebook Backend 14:30 FaceBook Frontend 15:20 GraphQL 17:00 The Trouble with QUIC 23:00 Static & Video Content 25:15 Instagram App 26:00 QUIC Future --- Support this podcast: https://anchor.fm/hnasr/support

SonaType detected a Malware in NPM registry imitating to be Twilio package that opens a reverse connection to a remote server and allows attacker to access your local machine content. Let us discuss Since this command is unix specific it won’t work on Windows https://blog.sonatype.com/twilio-npm-is-brandjacking-malware-in-disguise Resources SSH Tunneling https://youtu.be/N8f5zv9UUMI Ngrok https://www.youtube.com/watch?v=pR2qNnVIuKE --- Support this podcast: https://anchor.fm/hnasr/support

According to ZDNET "Chrome will soon have its own dedicated certificate root store" Let us discuss what that might mean to privacy   https://www.zdnet.com/article/chrome-will-soon-have-its-own-dedicated-certificate-root-store/ --- Support this podcast: https://anchor.fm/hnasr/support