Igeometry Podcast

SameSite Cookie Lax is interesting and we are finding new exceptions everyday. Let us discuss this one where lax cookies will be sent on POST request as long as the cookies are fresh (2 minutes) Resources https://www.chromestatus.com/feature/5088147346030592 --- Support this podcast: https://anchor.fm/hnasr/support

This code was introduced for a user experience ending up taking 50% of the traffic on DNS Root server.   Sorry I was touching my hair a lot just took a shower lol. With regards to this article I want to ask you guys a question, Chrome put this feature in order to improve the user experience but it ended up having a huge cost. Did you ever make a choice between performance and user experience? which one usually wins for you? would love to know your opinion   Resources   https://arstechnica.com/gadgets/2020/08/a-chrome-feature-is-creating-enormous-load-on-global-root-dns-servers/ https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#dnsinterceptionchecksenabled https://news.ycombinator.com/item?id=24231857 https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/ --- Support this podcast: https://anchor.fm/hnasr/support

Windows 95 was a great operating system, wrote so many apps on top of it and played so many games too. Join me as I discuss this https://www.theverge.com/21398999/windows-95-anniversary-release-date-history --- Support this podcast: https://anchor.fm/hnasr/support

GraphQL was born to solve a major limitation in REST API, but the cost of GraphQL and barrier to entry is high. Vulcain addresses REST limitations by introducing HTTP/2 push.  Is a simpler alternative? let us discuss   Learn about Vulcain here https://github.com/dunglas/vulcain --- Support this podcast: https://anchor.fm/hnasr/support

Chrome is enabling Raw TCP and UDP from the Browser, this is big news! let us discuss the implication, security and benefit for us backend engineers. resources https://www.theregister.com/2020/08/22/chromium_devs_raw_sockets/ raw tcp spec https://github.com/WICG/raw-sockets --- Support this podcast: https://anchor.fm/hnasr/support

In this video, I discuss the different concurrency control at database transactions, specifically the pessimistic vs optimistic concurrency control. and the pros and cons of each.    0:00 Intro 3:00 concurrency Control 5:30 Pessimistic concurrency Control 9:20 Optimistic concurrency Control  Resources  https://en.wikipedia.org/wiki/Optimistic_concurrency_control https://www.baeldung.com/java-jpa-transaction-locks https://docs.oracle.com/javaee/7/api/javax/persistence/OptimisticLockException.html https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use https://www.2ndquadrant.com/en/blog/postgresql-anti-patterns-read-modify-write-cycles/ --- Support this podcast: https://anchor.fm/hnasr/support

Jenkins has just released a statement that there is a potential bug (CVE-2019-17638) where an attacker can steal content from other legitimate requests. In this video, I describe the bug and why being a web server is difficult.  2;00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs 7;50 multi-Threading https://www.youtube.com/watch?v=0vFgKr5bjWI&t=1s   Resources https://nvd.nist.gov/vuln/detail/CVE-2019-17638 https://en.wikipedia.org/wiki/Jetty_(web_server) https://www.jenkins.io/security/advisory/2020-08-17/ --- Support this podcast: https://anchor.fm/hnasr/support

Some of you asked me to talk about how I learned to speak good English on my YouTube videos. I wanted to make a video on the fact that It wasn't always that easy and I struggled a lot and still struggling with English.   I have immigrated to the United State in 2015 In this video, I want to explain my struggle with the English language as an Arabic native speaker and how I got better but still, I need lots of work.  Speaking Tech English is definitely easier than Social. --- Support this podcast: https://anchor.fm/hnasr/support

In this video I explain in details what are third party cookies and how do they work and explain the same site property that google changed  0;30 SameSite 6;00 CORS 6;22 Content Security Policy https://www.youtube.com/watch?v=nHOuakyHX1E  https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html --- Support this podcast: https://anchor.fm/hnasr/support

What if questions sometimes cripple the system design for backend application and complicate the end product. I discuss this in this video.    Stay Awesome Hussein Nasser --- Support this podcast: https://anchor.fm/hnasr/support

Light video today discussing my interviewing skills for software engineering positions. I always ask this open ended question and allow the candidate to go free. --- Support this podcast: https://anchor.fm/hnasr/support

YAGNI stands for You aren’t gonna need it and its a pillar in extreme programming, in this video I discuss this philosophy within the context of Backend Engineering.  https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it  * Extreme Programming Rob Jefferies * You Aren’t Gonna Need it  .. true but only if the design is well defined  * But I am going to need it * Waterfall vs Agile --- Support this podcast: https://anchor.fm/hnasr/support

SNI or server name indication is a TLS Extention that indicate which server/host/domain the client want to communicate with. This is to allow for hosting of multiple websites on the same public static ip address. For the longest time all ISPs used SNI to block hosts and websites, China is now blocking the encrypted version SNI. 0:00 Intro 2:00 DNS and DOH 3:30 SNI 6:30 ESNI 11:00 The Block The ESNI and DOH stops this but China want https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ https://tools.ietf.org/html/draft-ietf-tls-esni-07#section-3.2 --- Support this podcast: https://anchor.fm/hnasr/support

HSBC moving from 65 relational databases to a single Global MongoDB, that might be true but it's misleading as not all systems are moved. Resources https://diginomica.com/hsbc-moves-65-relational-databases-one-global-mongodb-database Why some devs don't use MongoDB https://news.ycombinator.com/item?id=23507197 https://news.ycombinator.com/item?id=19497817 https://news.ycombinator.com/item?id=18366385 https://news.ycombinator.com/item?id=23270429 --- Support this podcast: https://anchor.fm/hnasr/support

SameSite Cookie attribute has been introduced to secure the web and only send cookies within a trusted and safe context.  SameSite Cookies Video  https://www.youtube.com/watch?v=aUF2QCEudPo --- Support this podcast: https://anchor.fm/hnasr/support

A great change by Chrome team, downloading files on HTTP insecure channels is insecure. Let us discuss  Resource  https://www.zdnet.com/article/google-to-block-some-http-file-downloads-starting-with-chrome-83/ --- Support this podcast: https://anchor.fm/hnasr/support

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is on an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.  In this video I go through what homomorphic encryption is and how it will change software engineering forever. 0:00 Intro 2:25 What is Encryption? 3:55 Why we can’t always encrypt? TLS terminator proxies to looks Search and Analyse data Database indexing, functions 8:30 Meet Homomorphic encryption -Perform operations on encrypted data -We decrypt the data to process it.. -Imagine no more TLS termination! In proxies 13:20 IBM FHE toolkit code demo Country csv database, encrypted and then search 21:00 Pros & Cons of Homomorphic Encryption Resources https://github.com/IBM/fhe-toolkit-linux/blob/master/GettingStarted.md https://www.youtube.com/playlist?list=PL0VD16H1q5IOEQuRdgRVt1M8uQSbpVzTb https://arstechnica.co

Dropbox has fully migrated their proxying needs from nginx to envoy proxy. They wrote this detailed article about the reasons and motivations and problems faced during migration. It is an interesting read. Let us discuss https://dropbox.tech/infrastructure/how-we-migrated-dropbox-from-nginx-to-envoy Migrating Dropbox from Nginx to Envoy | Hacker News 0:00 Intro 4:20 What is this Article about? 6:10 Performance 11:15 Security 14:28 Missing Features in NginX 23:24 Migration was NOT Seamless 33:00 Summary --- Support this podcast: https://anchor.fm/hnasr/support

The twitter hackers got caught and the case is closed, what have we learned? what really happened? and how can we prevent such attacks in the future, can homomorphic encryption help? Resource https://www.theverge.com/2020/7/31/21349920/twitter-hack-arrest-florida-teen-fbi-irs-secret-service 0:00 Intro 2:00 Summary of July 15 3:30 How the attack really happened? 8:00 How the attackers got caught? 10:45 How could this be prevented? 12:15 Can homomorphic encryption help? --- Support this podcast: https://anchor.fm/hnasr/support

This is an analysis of the #percona benchmark article comparing MySQL & mariaDB performance with regards to SSD disks with NVMe vs SATA controllers. Pretty neat  0:00 Intro 1:00 MariaDB vs MySQL 2:15 SATA vs NVMe 4:30 SATA Benchmark 7:30 NVMe Benchmark 10:00 SSD & B-Trees 11:20 Best Practices mySQL for SSDs    Resources https://www.percona.com/blog/2020/07/29/checkpointing-in-mysql-and-mariadb/ https://www.percona.com/blog/2020/07/30/how-mysql-and-mariadb-perform-on-nvme-storage/?utm_campaign=2020%20Blog%20Q3&utm_content=135945936&utm_medium=social&utm_source=twitter&hss_channel=tw-35373186 https://www.samsung.com/semiconductor/global.semi.static/best-practices-for-mysql-with-ssds-0.pdf