The Backend Engineering Show with Hussein Nasser
Episodes
What happens when your Web Server Private Key is Leaked?
28 Mar 2021
Contributed by Lukas
We have been told to take care of our private key that we use on backend servers without clear instructions as to what could happen when that key is l...
Researcher bypasses Azure, and Cloudflare Reverse Proxy Security - HTTP/2 Smuggling (h2c)
26 Mar 2021
Contributed by Lukas
6 months ago, Jake Miller released a blog article and python tool describing H2C smuggling, or http2 over cleartext smuggling. By using an obscure fea...
High severity flaw can crash your WebServer when using OpenSSL - Let us discuss
26 Mar 2021
Contributed by Lukas
On Thursday, OpenSSL maintainers released a fix for two high severity vulnerabilities, let us discuss the impact. OpenSSL two major vulnerabilities ...
When is NodeJS Single Threaded and when is it multi-Threaded?
24 Mar 2021
Contributed by Lukas
Node JS Is single-threaded asynchronous non-blocking javascript runtime, but it's not always single-threaded there are occasions where nodejs uses mul...
Slack's Migrating Millions of Websockets from HAProxy to Envoy, let's discuss
21 Mar 2021
Contributed by Lukas
Slack started migrating from HAProxy to Envoy for their backend architecture, in this video, I’ll discuss their recent article when they moved the W...
Why WebSockets over HTTP/2 (RFC8441) is Critical for Effective Load Balancing and Backend Scaling
21 Mar 2021
Contributed by Lukas
In this video, I'll discuss RFC8441 bootstrapping WebSockets with HTTP/2 which I believe a critical protocol to allow WebSockets tunneling to scale on...
How HTTP Compression Leaks Sessions and JWT - CRIME Explained and how HPACK in HTTP/2 fixes this
19 Mar 2021
Contributed by Lukas
In this video we will explore one of the most popular side attacks CRIME Compression Ratio Info-leak Made Easy) and the different ways to mitigate thi...
The Second Microsoft Global Outage in less than 6 months
16 Mar 2021
Contributed by Lukas
On March 15, 2021, users couldn’t sign in to Microsoft services the majority of the impact was with teams but other services were affected. A simila...
Is there a Limit to Number of Connections a Backend can handle?
16 Mar 2021
Contributed by Lukas
In today's show, I'll answer the question do backend connections max out? There are many aspects to this question and I want to try to tackle all of t...
Fire Destroys Datacenter in France, Let us discuss the OVHcloud Fire
11 Mar 2021
Contributed by Lukas
OVHcloud is Europe's largest cloud provider, with facilities across the region. They were hit with a big fire that completely destroyed an entire...
Firefox State Partitioning for Cookies Might End Evil Tracking forever
10 Mar 2021
Contributed by Lukas
Firefox is implementing a feature that might end website tracking, let's get into how it works. https://blog.mozilla.org/security/2021/02/...
Did you get logged out of GitHub? - Backend Race condition Bug discussion
10 Mar 2021
Contributed by Lukas
On the evening of March 8, GitHub invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of ca...
Chrome 90 will start communicating in HTTPS (port 443) by Default - Let us discuss
04 Mar 2021
Contributed by Lukas
For the longest time, all browsers will always use HTTP in schemeless URLs (when HTTP or HTTPS is not specified). Chrome is flipping this with version...
S3 compliant MinIO Suffers an Server Side Request Forgery vulnerability, lets discuss
01 Mar 2021
Contributed by Lukas
MinIO, an S3 Compliant object-store suffered from a Server Side Request Forgery Vulnerability in early Feb 2021 which has been fixed quickly and addre...
Which DBMS will Implement QUIC First? Can the QUIC Protocol improve Database Performance in Web Applications?
25 Feb 2021
Contributed by Lukas
In this video, I discuss why QUIC will make a great communication protocol for databases and how it solves a critical problem with stateless web appli...
3 New Ways to Crash your NodeJS Server, Update Node JS today! (Feb 2021 Security Update)
24 Feb 2021
Contributed by Lukas
Nodejs Updates are now available for v10.x, v12.x, v14.x and v15.x Node.js release lines for the following issues. 0:00 Intro 1:50 HTTP/2 Unknown Prot...
cURL creator Daniel Stenberg threatened - The entitlement towards OSS needs to STOP!
19 Feb 2021
Contributed by Lukas
This is unacceptable and the entitlement towards open-source maintains needs to STOP! Danial’s blog https://daniel.haxx.se/blog/2021/02/19/i...
SRE changes a single HAProxy config, Breaks the Backend and he troubleshoots it like a champ
19 Feb 2021
Contributed by Lukas
Let us go through an absolutely fantastic article and journey of how a single change in HAProxy config drove this SRE into a frenzy to find out what w...
A Bug in Stripe Caused by AWS Lambda Serverless Design (Container re-use)
17 Feb 2021
Contributed by Lukas
From time to time I like to loiter on people’s GitHub Repos look through issues submitted and see if there are interesting hidden gems and bugs that...
XMPP - Extensible Messaging and Presence Protocol (with Node JS and eJabberd)
15 Feb 2021
Contributed by Lukas
XMPP or the Extensible Messaging and Presence Protocol originally named Jabber[1]) is an open communication protocol designe...
How timeouts can make or break your Backend load balancers
15 Feb 2021
Contributed by Lukas
In this video I go over the critical timeouts on a Proxy system such as reverse proxy or load balancer and how can you configure each one to protect a...
He Hacked Into Apple and Microsoft with this genius trick
11 Feb 2021
Contributed by Lukas
Guys this is absolutely genius and nuts! I have never seen anything like this before. This guy got access to paypal json and saw some private packages...
CQRS is probably the cause of the Microservices madness
07 Feb 2021
Contributed by Lukas
Reads and Writes don’t have to live in the same database, data model or even the same service. Let us discuss CQRS no separation one service that do...
Can China Block the New Encrypted Client Hello TLS Extension? Let us Discuss
07 Feb 2021
Contributed by Lukas
In this video, I will discuss the new TLS extension Encrypted Client Hello which is a new mechanism to encrypt the entire client hello, very interesti...
UUIDs are Bad for Performance in MySQL - Does Postgres Win? Let us Discuss
04 Feb 2021
Contributed by Lukas
MySQL is clustered by default on the primary key which means inserts have to be ordered, let us discuss why UUID (random in nature) has bad performanc...
They Freed up 70GB of Unused Indexes Space on Postgres, How did they Do it?
02 Feb 2021
Contributed by Lukas
This is a very interesting article that I encourage you to read it as it has lots of useful lessons in postgres. Using partial indexes, full vacuum, d...
How do I learn new tech as a software engineer
01 Feb 2021
Contributed by Lukas
In this video I discuss my approach of learning new technology and how I break it down so I understand it. Hope it helps
Overview of InterPlanetary File System - IPFS with (Examples with Command line & Brave Browser)
31 Jan 2021
Contributed by Lukas
The InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses cont...
This Certificate Authority is being banned from Google
29 Jan 2021
Contributed by Lukas
It looks like digital certificates and other certificate authorities issued by Spanish certificate authority Camerfirma will stop working in Chrome 90...
Is SELECT * Expensive?
28 Jan 2021
Contributed by Lukas
I explain why and when SELECT * can become expensive.
This YouTube Backend API Leaks Private Videos - Research rewarded $5000
24 Jan 2021
Contributed by Lukas
David Schuts, a security researcher earned $5000 dollars in Google VRP by finding a Backend YouTube API that leaks Private Video Thumbnails. let us di...
He found a way to Hijack Private Google Docs Screenshots with a clever hack - Google paid him $4000
24 Jan 2021
Contributed by Lukas
A vulnerability in Google Feedback component in postMessage allowed this security researcher to find a way to hijack private screenshots h...
Brave is Decentralized - Users can Consume and HOST IPFS Decentralized Web Content through Brave
22 Jan 2021
Contributed by Lukas
Brave supports IPFS (InterPlanetary File System) which is a protocol designed to replaced HTTP as a decentralized alternative. This allows users to ho...
RIP FTP - Chrome depreciates FTP for good
19 Jan 2021
Contributed by Lukas
The current FTP implementation in Google Chrome has no support for encrypted connections (FTPS), nor proxies. Usage of FTP in the browser is sufficien...
The 2021 Slack Outage (Detailed analysis)
15 Jan 2021
Contributed by Lukas
On Jan 4th 2021, Slack experienced a global outage that prevented customers from using the service for nearly 5 hours. Slack has released the Root cau...
HAProxy is closer to QUIC and HTTP/3 Support - Let’s discuss HAProxy 2.3
14 Jan 2021
Contributed by Lukas
In this video I go through the new most exciting features in HAProxy, one of my favorite proxies. HAProxy 2.3 adds exciting features such as forwardin...
Apache Kafka 2.7 is One Step Closer to Killing ZooKeeper
13 Jan 2021
Contributed by Lukas
In this video I go through the new features in Apache Kafka 2.7, it is very interesting to see the amount of work Apache Kafka is doing to get closer ...
Is EventStoreDB the First Native gRPC Database?
12 Jan 2021
Contributed by Lukas
I discussed this in many of my videos, the need for a database that natively supports a multiplexing protocol such as QUIC, gRPC or HTTP/2 in order to...
Demonstrate your Skills as Backend Engineer To Recruiters - Building a Full Backend Portfolio
10 Jan 2021
Contributed by Lukas
A lot of you guys ask me this question. “I have experience but not sure how to show it, how do I build my backend portfolio such that I can get hire...
WhatsApp’s Ultimatum, What can They see and What are They Collecting (In Details)
09 Jan 2021
Contributed by Lukas
WhatApp has updated their terms of usage and privacy policy which caused many users to move to other platforms. This video will be a detailed report o...
Have a Node JS Server? Update it Now!
07 Jan 2021
Contributed by Lukas
NodeJS Jan 2021 released its security update and its time to go through them! Resources https://nodejs.org/en/blog/vulnerability/january-2...
The Slack Outage (Early Report & Speculations)
05 Jan 2021
Contributed by Lukas
On Jan 4th 2021 7:14 PST All Slack services went down. This video is an early report of the incident and speculation of what might have caused this ou...
My Thoughts on How Clever the SolarWinds Hack Really Is
04 Jan 2021
Contributed by Lukas
The SolarWinds hack is one of the largest highly coordinated and intelligent attempt to hit enterprise companies. In this video, I briefly explain how...
Got Bit by A Docker Default on my Postgres Container, Interesting Story, let us discuss!
03 Jan 2021
Contributed by Lukas
While working on a Postgres docker container executing some queries I noticed that my index-only scan query is hitting the heap which it shouldn't. Af...
2021's Exciting Backend Tech - Serverless, QUIC, Microservices, The Backend Engineering Show
02 Jan 2021
Contributed by Lukas
Let us discuss what I'm excited for in Backend Tech in 2021 and answer your great questions
My Process of Designing and Architecting Software
29 Dec 2020
Contributed by Lukas
In this video, I go through my process of how I design and architect full software from A-Z. This is part of a Twitter thread that you guys seem to en...
How to Overcome Procrastination
28 Dec 2020
Contributed by Lukas
In this video, I go through how I overcome procrastination as a software engineer. What is Procrastination? 0:00How to Defeat * Reward bas...
2020 Retrospective
24 Dec 2020
Contributed by Lukas
2020 retrospective Intro 0:00 Goals 0:50 Teaching vs Documenting 4:30 Channel Growth 7:40 2021 10:50
The 2020 Google Outage (Detailed Analysis)
20 Dec 2020
Contributed by Lukas
0:00 Intro 1:00 Summary of the Outage 4:00 Detailed Analysis of the Incident Report On Dec 14 2020 Google across the globe suffered from an outage tha...
Indexing Woes, The Secret to Backend Interviews, What is on my Bookshelf? The Backend Engineering Show
19 Dec 2020
Contributed by Lukas
The Backend Engineering Show Live with Hussein Nasser episode 10 we discuss many great questions!! Indexing Woes, The Secret to Backend Interviews, Wh...
Postgres Instances hacked and used to mine crypto - Let us discuss how is that possible
15 Dec 2020
Contributed by Lukas
Exposed Postgres instances are being ssh into and used as a botnet to mine bitcoin, in this video we explain how does that happens. the tr...
Did Google run out of disk space? - The Google Outage ( Early report )
14 Dec 2020
Contributed by Lukas
At 3:47 am PST almost all google services went down including, gmail, youtube, drive, docs, meet, nest , google maps and many more. It took close to a...
Certificates Gone Bad! Certificate Revocation Techniques Explained (CRL, OCSP, OCSP Stapling)
14 Dec 2020
Contributed by Lukas
When the private key of a matching public key that belong to a certificate is leaked, an attacker can intercept server hello, use their own dh paramet...
Impostor syndrome and Staying Motivated - The Backend Engineering Show with Hussein Nasser - Q&A
12 Dec 2020
Contributed by Lukas
In The Backend Engineering Show Live, we discuss Impostor syndrome and Staying Motivated in software engineering field.
Oblivious DoH (oDOH) Introduces a TLS Terminating Proxy with additional Layer of Encryption
09 Dec 2020
Contributed by Lukas
Oblivious DoH is a technology that separates IP addresses from queries, so that no single entity can see both at the same time. Cloudflare, Apple &...
Meet mySQL RAPID - distributed, in-memory, columnar, query processing engine by ORACLE
06 Dec 2020
Contributed by Lukas
Oracle introduces a Game Changer Feature in MySQL that allows for OLAP & OLTP workloads in a single database. This is huge let us discuss https://...
The Road to QUIC - what’s wrong w/ HTTP/1.1, HTTP/2, HTTP Pipelining, CRIME, HTTP/2 HOL, HPACK - The Backend Engineering Show Live with Hussein Nasser #8
05 Dec 2020
Contributed by Lukas
In The Backend Engineering Show Live we will have a casual Q&A around QUIC Outline HTTP/1.1 Trouble HTTP/2 Trouble QUIC Handshake QUIC 0RTT ...
Will AWS Babelfish Succeed Moving Developers Away from SQL Server to Postgres?
03 Dec 2020
Contributed by Lukas
In AWS re-invent, Amazon announced open sourcing Babelfish for PostgreSQL, a SQL Server-compatible end-point for PostgreSQL to make PostgreSQL fluent ...
We Need a Solution to NPM Trojans - post-install hell
03 Dec 2020
Contributed by Lukas
Attackers have been disguising trojans and other malicious codes in post-install NPM packages and developers have been targeted. This is another incid...
A Detailed Analysis of The Amazon Kinesis Outage on US East-1 Region
29 Nov 2020
Contributed by Lukas
AWS US east-1 experienced an outage Nov-25-2020. Amazon has updated us with summary detailing what exactly happened to amazon Kinesis that caused the ...
AWS US East-1 Region Experienced Outages, What was the Cause? let us discuss!
26 Nov 2020
Contributed by Lukas
AWS US east-1 experienced an outage yesterday, let us discuss what could have been the problem and what amazon did to solve it — Latest Update (6:23...
Basic Caching Techniques Explained - Spatial, Temporal, Distributed, Write-Through, Write-Back, Cache Aside
25 Nov 2020
Contributed by Lukas
In this video I go through the three type of caching and how it is kept in sync. 0:00 Intro 0:30 What is Caching? 1:20 Spatial Cache 3:30 Temporal Cac...
Why Redis Became the Most Popular Database on the Cloud in 2020
24 Nov 2020
Contributed by Lukas
According to Sumo Logic's research, Redis is now officially the most popular database in 2020 on AWS cloud deployment. Let us discuss some of the reas...
Using GitHub Actions ? Be Aware of this High-Severity Injection Bug Found in GitHub Actions
23 Nov 2020
Contributed by Lukas
Felix Wilhelm of Google Project Zero found an injection Vulnerability affecting GitHub Actions and Workflow Commands specifically related to setting m...
DO NOT COMMIT .ENV Files! BotNet Harvesting Credentials and API Keys from Public .ENV files
22 Nov 2020
Contributed by Lukas
A botnot caught scanning the web for .ENV file and harvesting Credentials, API Keys and Passwords. Let us discuss https://www.zdnet.com/ar...
Envoy Proxy Fixes Two Zero Day vulnerabilities (UDP Proxy, TCP Proxy)
22 Nov 2020
Contributed by Lukas
The Envoy Proxy fixed two zero day vulnerabilities, from Envoy groups : We are announcing the fixes for two zero days that were identified today: Cr...
Communication Protocols QA - The Backend Engineering Show Live with Hussein Nasser
21 Nov 2020
Contributed by Lukas
In this live stream we have a Q&A about Communication Protocols in the Backend , enjoy. We Talk about Masque, WebTransport, WebSockets, TCP, UDP ...
SAD DNS - A Clever DNS Cache Poisoning Attack
19 Nov 2020
Contributed by Lukas
A group of researchers from UC Riverside and Tsinghua University announced a new attack against the Domain Name System (DNS) called SAD DNS ...
Is this the end of WebSockets? - The New WebTransport Protocol
19 Nov 2020
Contributed by Lukas
There is a new Protocol called WebTransport, it sets to solve some limitations in WebSockets, the question is will this completely replaces WebSockets...
Is FireFox HTTPS only Mode The death of HSTS?
18 Nov 2020
Contributed by Lukas
FireFox Enables HTTPS Only Mode, let us discuss https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ What does i...
Denial of Service through DNS request Discovered in Node JS (CVE-2020-8277)
17 Nov 2020
Contributed by Lukas
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the app...
🔴 Facebook's is all about QUIC, MASQUE, RIP Kafka's Zookeeper, dotNET 5 and more! - Backend Engineering Show Live with Hussein Nasser
15 Nov 2020
Contributed by Lukas
In this Livestream we discuss the following topic Facebook moving to QUIC https://engineering.fb.com/2020/10/21/networking-traffic/how-facebook...
What is HTTP CONNECT? and Why MASQUE (Multiplexed Application Substrate over QUIC Encryption) is replacing it
15 Nov 2020
Contributed by Lukas
HTTP CONNECT Method allows the client to create a tunnel through a proxy to forward any free-form content through it. Let us discuss why do the pros a...
HTTP/2 Push is Being Removed, let us discuss
12 Nov 2020
Contributed by Lukas
HTTP/2 Push is being removed since it is very difficult to implement and has no added value. Let us discuss Resource https://groups.google....
Opening Old Wounds - Why Uber Engineering Switched from Postgres to MySQL
11 Nov 2020
Contributed by Lukas
An article from 2016 which caused lots of discussions in the software engineering community. We bring it back and open old wounds and discuss it again...
WebRTC (Web Real-Time Communication)
09 Nov 2020
Contributed by Lukas
WebRTC (Web Real-Time Communication) is a free, open-source project that provides web browsers and mobile applications&n...
GeoDNS, Active Active, MicroServices, Evil Garbage Collectors and More! Live with Hussein Nasser
07 Nov 2020
Contributed by Lukas
Live Q&A discussion of different backend engineering topics
Facebook Moves their Backend and Frontend to QUIC, it wasn’t smooth but they saw great results Let us discuss
05 Nov 2020
Contributed by Lukas
Facebook move to QUIC from TCP was not smooth but they did see some improvement in all their apps. Let us discuss this Article https://engineering.fb....
Installing This Twilio Malware NPM Package Opens a Backdoor on Your Developer Machine
03 Nov 2020
Contributed by Lukas
SonaType detected a Malware in NPM registry imitating to be Twilio package that opens a reverse connection to a remote server and allows attacker to a...
Chrome dedicated certificate root store is coming soon, what does that mean? let us discuss
02 Nov 2020
Contributed by Lukas
According to ZDNET "Chrome will soon have its own dedicated certificate root store" Let us discuss what that might mean to privacy https:/...
Remotely access any TCP/UDP service bound to a victim machine - Let us discuss NAT Slipstreaming
02 Nov 2020
Contributed by Lukas
Ever heard of HTTP Smuggling? will this is smuggling a TCP packet into an HTTP body so that it can be interpreted by the router to open internal ports...
TLS - Live Stream (by Hussein Nasser)
31 Oct 2020
Contributed by Lukas
Let us have a casual chat about TLS, Security, Certificates and more
All About Database ACID
24 Oct 2020
Contributed by Lukas
In this live stream I discuss all about Database ACID one by one and we also answer interesting questions! Enjoy! Watch stream here https...
Should You Become a Full stack Engineer?
23 Oct 2020
Contributed by Lukas
My Thoughts on Full Stack Engineering
Uber’s new Backend Architecture for Processing Payments
22 Oct 2020
Contributed by Lukas
In this video I discuss the new Uber Backend Architecture that they deployed to process payments and jobs and orders. https://youtu.be/mL0fzj7e6WU Rev...
Column vs Row Oriented Databases Explained
20 Oct 2020
Contributed by Lukas
In this video, I explain the differences between Column vs Row Oriented Database Storage how efficient each method is, and their pros & cons 0:00...
Moving from a Network Engineer to a Backend Engineer - Career Path Advice
19 Oct 2020
Contributed by Lukas
In this video I explain how Network Engineers can move to be a Backend Engineer by capitalizing on their skills in networking. Network Engineers can b...
Software Engineering is Overwhelming
18 Oct 2020
Contributed by Lukas
Software Engineering is overwhelming and hard, I discuss how to ease up that burden and make it fun here. 0:00 Intro 2:20 Learning Software Engineerin...
WebSockets - Live Stream (By Hussein Nasser)
17 Oct 2020
Contributed by Lukas
In this live stream we will keep the theme about WebSockets, scaling, layer 7 proxying vs layer 4 proxying in websockets , interesting problems ...
Database Partitioning Explained
15 Oct 2020
Contributed by Lukas
In this video, I will go through Database Partitioning and explain it in details, pros and cons with a demo using PostgreSQL.
Indexing in PostgreSQL vs MySQL
13 Oct 2020
Contributed by Lukas
In this video, I explain how both Postgres and MySQL store their indexes and their effect on reads vs writes. Let us discuss 0:00 Intro 1:00 Tables 2...
Discord Backend Architecture Discussion
12 Oct 2020
Contributed by Lukas
In this Video I discuss Discord WebRTC and Voice chat backend architecture, it is a very interesting article, let us discuss it https://blog.dis...
PostgreSQL 13 Has Some Performance Boosts! Let us discuss it!
11 Oct 2020
Contributed by Lukas
PostgreSQL 13 Has Some Performance Boosts! Let us discuss it! Postgres 13 has been released and it has some interesting features how about we discuss ...
HTTP - Live Stream
10 Oct 2020
Contributed by Lukas
In this Live stream, I discuss HTTP and answer interesting questions about HTTP, TLS, UDP, QUIC, WebSockets and more from the community watch t...
Why Discord Moved from MongoDB to Apache Cassandra, Let us Discuss
09 Oct 2020
Contributed by Lukas
In this Article Stanislav Vishnevskiy elegantly discusses why Discord moved from MongoDB to Apache Cassandra, the challenges they faced, limitations o...
We Need to Stop the Microservices Madness - Scaling with Common Sense
07 Oct 2020
Contributed by Lukas
I stumbled upon this interesting article titled Scaling with common sense, the author goes into different topics of the bad practices of pre-mature sc...
How did I get served an Instagram Ad by browsing a completely different website?
30 Sep 2020
Contributed by Lukas
In this video I explain how I was browsing a website (displate) and was served the exact same thing on my Instagram feed
HTTPS and HTTP/3 negotiation is now Faster thanks to Cloudflare, RIP HSTS, Let us Discuss
30 Sep 2020
Contributed by Lukas
Watch the Video here https://youtu.be/76sgBHUl7iI Alessandro Ghedini wrote an interesting article discussing how DNS queries can help speed up ...
Microsoft 365 Outage, What Happened and What Caused it? Let us discuss
29 Sep 2020
Contributed by Lukas
On September 28 2020 Microsoft 365 Service went down, what caused it? and what did Microsoft did to solve it. Resources https://twitter.com/msft365sta...
When to Build a Stateless vs Stateful Back-ends using the right protocols (UDP, TCP, HTTP, QUIC, WebSockets)
24 Sep 2020
Contributed by Lukas
In this video I explain how communication protocols are built on top of each other and how each protocol can be stateful or stateless. We need to unde...