Igeometry Podcast

FireFox DNS over HTTPS is a great step to a more secure web however it is absolutely useless without this ESNI. I also discuss doh in this video, esni and why this might not be a good idea https://blog.mozilla.org/blog/2020/02/25/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/ --- Support this podcast: https://anchor.fm/hnasr/support

In this video I want to talk over the active active active vs active passive cluster configuration for high availability. We will also explain the pros & cons of using an active-active cluster vs using an active-passive cluster. --- Support this podcast: https://anchor.fm/hnasr/support

A sidecar proxy is an application design pattern which abstracts certain networking features, such as inter-service communications, monitoring and security, timeouts, retries, communication protocols, away from the main architecture to ease the maintenance of the application as a whole. In this video I’d like to talk about how we classically do things: Library Pattern getComments HTTP1:1/JSON Add features retries/timeout /hardcode the server name what it changed/add new server to load balance between them/credentials Sidecar pattern getComments HTTP/2 Sidecar proxy/container Examples Microservices (Linkerd, Envoy, Istio) Pros Language agnostic (polyglot) Protocol upgrade Security Tracing and Monitoring Service Discovery Caching Cons Complexity Latency SideCar Proxy must be layer 7 Library 2:25 Sidecar: 7:40 Example: 13:00 (https://www.youtube.com/watch?v=cp3Ku1XeOn8) Pros & Cons : 16:15 Cards 6:22 HTTP/2 10;50 Reverse Proxy / proxy ex

MySQL 8.0 supports atomic Data Definition Language (DDL) statements. This feature is referred to as atomic DDL. An atomic DDL statement combines the data dictionary updates, storage engine operations, and binary log writes associated with a DDL operation into a single, atomic transaction. The transaction is either committed, with applicable changes persisted to the data dictionary, storage engine, and binary log, or is rolled back, even if the server halts during the operation. I discuss mySQL 8.0 atomic ddl compared to Postgres transactional ddl --- Support this podcast: https://anchor.fm/hnasr/support

gRPC (gRPC Remote Procedure Calls[1]) is an open source remote procedure call (RPC) system initially developed at Google in 2015[2]. It uses HTTP/2 for transport, Protocol Buffers as the message format. In this video I want to explore gRPC, go through examples, pros and cons of gRPC. Client/ Server communication SOAP HTTP (REST) WebSockets Client Libraries gRPC gRPC Demo todos gRPC Pros and Cons Pros Fast two/uni and request Unform One library to rule them all Progress feedback( long synchronous requests) drop pluggable wait...) cancel request All benefits of H2 and Protobuff Cons schema based (not everyone wants schema) Thick client - limited languages - Proxies still don’t understand it Still young Error handling No native browser support Timeouts, circuit breaker just like any RPC (pub/sub rules in this case) Can you create your own protocol? Spotify example with Hermes --- Support this podcast: https://anchor.fm/hnasr/support

Firefox version 73.1 fixes a bug that prevented users from signing into Royal Canadian Bank  (Firefox fixed a bug that prevented Canadians from signing in to their bank royal Canadian bank) what caused it? Lets get into it   * Users will sign in and will get blank page.  * Cause Beacon API and HTTP/2  * Bug has been there forever    Sources https://bugzilla.mozilla.org/show_bug.cgi?id=1613943#c16

Some cool new features are coming to the Javascript language namely Optional chaining and nullish coalescing how useful are they? lets discuss So Optional chaining and nullish coalescing are coming to the Javascript language. I think it is already in the Javascript Engines (V8, SpiderMonkey, JavascriptCore and Chakra) which will be picked up by other clients such as browsers, node js , dino other stuff .. Cool stuff lets get into it. Show them (chrome devtools) Where is it available? Node JS not yet (13.9 V7.9) (https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V13.md#13.9.0) Resources V8 release v8.0 · V8 Optional Chaining https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Optional_chaining Nullish coalescing https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Nullish_coalescing_operator --- Support this podcast: https://anchor.fm/hnasr/support

We are one step closer to a more secure web. Firefox disabled TLS 1.0 1.1 It’s a big change that I am very happy about but not everyone is. Let's discuss . Resources https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ https://www.openssl.org/~bodo/ssl-poodle.pdf Firefox disabled TLS 1.0 1.1 It’s a big change that I am very happy about but not everyone is. Lets discuss Resources https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ https://www.openssl.org/~bodo/ssl-poodle.pdf --- Support this podcast: https://anchor.fm/hnasr/support

Google engineer Alyssa Wilk discovers a critical security bug related to whitespaces in header values. Envoy and Node JS fix this by releasing a security patch. let us discuss it. tags: envoy, envoy proxy, envoy security, envoy proxy whitespace, Alyssa Wilk --- Support this podcast: https://anchor.fm/hnasr/support

Node JS Releases a Fix for an HTTP Request Smuggling Vulnerability, we discuss the attack and the fix in detail. --- Support this podcast: https://anchor.fm/hnasr/support

In April 2019 Google blocked sign-ins from Embedded Browsers to avoid man in the middle phishing attacks. In this video, we discuss why.    https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html?m=1 --- Support this podcast: https://anchor.fm/hnasr/support

PostgresSQL version 12 has been released, let's go through the features that I think are most interesting and cool. #softwarenews   Feature Matrix https://www.postgresql.org/about/featurematrix/   - Allow adding columns to Index (GIST) https://www.postgresql.org/about/featurematrix/detail/314/  - COPY FROM WHERE COPY FROM ... WHERE  - More native support of JSON objects https://www.postgresql.org/docs/12/functions-json.html#FUNCTIONS-SQLJSON-PATH  - Reindex concurrently (slow but allows writes) https://www.postgresql.org/docs/12/sql-reindex.html#SQL-REINDEX-CONCURRENTLY - Performance on large partitioned tables - Stored Generated Columns --- Support this podcast: https://anchor.fm/hnasr/support

Google just released the latest version of Chrome (80) and one of the interesting features making a big change to the default cookies that might actually prevent CSRF forever. Let’s discuss this.   #softwarenews  *  Same Site Attribute * Break some apps * Devs must explicitly set None;secure * Will this end CSRF    Resources  https://youtu.be/GPz7onXjP_4  https://www.chromestatus.com/feature/5088147346030592    News Theme 2 by Audionautix is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/by/4.0/) Artist: http://audionautix.com/ --- Support this podcast: https://anchor.fm/hnasr/support

Load balancing is process of balancing incoming requests to multiple machines, processes or services. In this video we will explain two types of load balancers, layer 4 and layer 7. Layer 4 - haproxy, NLB  Pros  - great for simple packet-level load balancing  - Fast and efficient doesn’t look at the data  - More secure as it cant really look at your packets. So if it was compromised no one can look  - Uses NAT  - One connection between client and server NATed  Cons  - Can't do smart load balancing based on the content, such as switch request based on the requested media type  - Cant do microservices with this type  - Has to be sticky as it is a stateful protocol (all segments) Layer 7 (Nginx , haproxy) This type of proxy actually looks at the content and have more context, it knows you are visiting the /users resources so it may forward it to a different server. Essential and Great for microservices , it knows the content is video:image etc.. --- Support

NginX is an open source web server written in C and can also be used as a reverse proxy and a load balancer. In this video, I want to go through the following topics in NginX What is NginX? 2:25 Current & Desired Architecture 4:58 Layer 4 and Layer 7 Proxying in Nginx 8:40 Example 10:25 Install Nginx (mac) 13:30 Nginx as a Web Server 15:00 (webserver.conf) Static context location root 20:00 regular expression 27:00 proxy pass 30:30 Nginx as a Layer 7 Proxy 33:30 Proxy to 4 backend NodeJS services (docker) 37:00 IP_Hash load balaning 43:00 Split load to multiple backends (app1/app2) 46:00 Block certain requests (/admin) 49:00 NGINX as a Layer 4 Proxy 51:30 Create DNS record 1:01:08 Enable HTTPS on Nginx (lets encrypt) 1:05:08 Enable TLS 1.3 on Nginx 1:14:00 Enable HTTP/2 on NGINX 1:17:10 Summary 1:20:10 Cards 3:40 prox

In this podcast I explain what database partitioning is and illustrate the difference between Horizontal vs Vertical Partitioning, benefits and much more.   Why Partitioning? --- Support this podcast: https://anchor.fm/hnasr/support

ARP Address Resolution Protocol is a protocol that maps IP address to a mac address so hosts can be addressed. I want to make a video explaining ARP because it is starting to surface a lot in different videos that I’m making such as man in the middle, load balancing, and security.   --- Support this podcast: https://anchor.fm/hnasr/support

In this video I want to go through what really happens under the hood when you type google.com and you hit enter in a browser. This is inspired by alex’s github page below, it is a great detailed description of what happens. I did however add more details to certain areas and I removed some stuff like keyboard events and low level operating system like that. So if you are interested stay tuned! https://github.com/alex/what-happens-when 5:30 HSTS https://youtu.be/kYhMnw4aJTw 19:30 tcp vs udp https://youtu.be/qqRYkcta6IE 24:42 tls https://youtu.be/AlE5X1NlHgg 40:56 mimesniffing https://youtu.be/eq6R6dxRuiU Initial typing - lookup for most visited sites or an actual search Google.com Enter - parse is it a url or search term? If search do a search if url visit website Which protocol? which port ? HSTS? HTTPS or HTTP? DNS cached? Hosts? DoH? Lookup ? TCP ip / port ? arp? NAT? proxy? HTTP 1.1 ? More than one connection TLS version? ciphers? Alpn? SNI ? H2 ? H3? Quic? GET / - ? Headers compress cookies? binary stre

Failover is the technique of switching to a redundant backup machine when a certain node goes down. This is a very common implementation for achieving high availability and it is often mixed with different load balancing techniques such as layer 4 and layer 7 balancing.  In this video i want to go through following  * What is Failover? 1:47
 * ARP - Address Resolution Protocol 3:00
 * VIP & VRRP 5:40
 * High-availability Example 12:12
  Cards 4:00 ARP 12:50 docker javascript 18:00 OSI Model      --- Send in a voice message: https://anchor.fm/hnasr/message

HAProxy is free, open source software written in C that provides a high availability  layer 4 and layer 7 load balancing and proxying . It has a reputation for being fast and efficient (in terms of processor and memory usage). In this video I want discuss the following Current & Desired Architecture 2:30 HAProxy Architecture  5:50 HAProxy as TCP Proxy & HTTP Proxy (Layer 4 vs Layer 7) 17:00 ACL (Access Control Lists) 19:20 TLS Termination vs TLS Pass Through 20:40 Example 24:23 Spin up the services 25:51 Install HAProxy - 28:00 HAProxy configuration 29:11 ACL Conditional 39:00 ACL Reject URL 48:00 Enable HTTPS HAProxy 53:00 Enable HTTP/2 on HAProxy 1:05:30 Summary Cards Docker Javascript node 4:00 Varnish 15:46 NAT 23:30 Docker Javascript node 26:00 Encryption 56:00 TLS 56:10 HTTP2 1:08:40 Source Code for Application HAProxy config https://github.com/hnasr/javascript_playground/tree/master/proxy Docker application ht