Backend público
[search 0]
Mais

Download the App!

show episodes
 
Welcome to the Backend Engineering Show podcast with your host Hussein Nasser. If you like software engineering you’ve come to the right place. I discuss all sorts of software engineering technologies and news with specific focus on the backend. All opinions are my own. Most of my content in the podcast is an audio version of videos I post on my youtube channel here http://www.youtube.com/c/HusseinNasser-software-engineering
 
Welcome to the Building the Backend Podcast! We’re a data podcast focused on uncovering the data technologies, processes, and patterns that are driving today’s most successful companies. You will hear from data leaders sharing their knowledge and insights with what’s working and what’s not working for them. Our goal is to bring you valuable insights that will save you and your team time when building a modern data architecture in the cloud. Topics will span from big data, AI, ML, governance, ...
 
What does it take to run a small creative business? What even is a "back end"? It can be a bit of a mess; we know, because we run them. This podcast goes behind the scenes, providing in-depth conversations with other photographers and wedding creatives on how they approach things. Even during a global pandemic.
 
Hi there, Alex Nghiem here. Since 1989, I have been selling high-end products, ranging from $100K to $4 million [I sold my first business in 2000]. I am also an active real estate investor and have an information business coaching real estate investors [with products ranging from $1,000 to $15,000].
 
Loading …
show series
 
Watch this if you are using IP Address validation in both NodeJS and Python, these two libraries strip leading zeros which can lead to server side request forgery. Let us discuss Resources https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/ https://www.bleepingcomputer.com/news/security/…
 
In this episode, we speak with Matt Battifarano. Matt is a data scientist focusing on transportation modeling. He first started his career as a data scientist at a startup called Bridj where they created a smart micro-bus platform for urban transit similar to Uber Pool. Currently he’s working towards his PHD at Carnegie Mellon at their Mobility Dat…
 
In this podcast I’ll explain the message queues, the request response pattern and the publish subscribe pattern. I will also illustrate the main differences between them and when to use over another. 0:00 Intro 0:30 Message Queues in 60 Seconds 1:24 When to Use Message Queues? 14:33 Request Response Pattern 20:00 Request Response Pros & Cons 24:11 …
 
502 Bad Gateway is one of the most infamous errors on the backend, it usually means “hey something wrong with your backend server” but it doesn’t really give enough information. In this video, I’ll go through details on why proxies and gateways like NGINX and HAProxy should consider throwing more fine detailed HTTP error codes. 502 Bad Gateway The …
 
In this episode I’ll talk about how VPN works, networking, IPSec and will also discuss the benefits of VPN and what happens when a VPN is hacked? * Intro 0:00 * How Networking Works? 2:20 * How VPN Works? 10:00 * VPN Benefits 17:50 * What happens when VPN is hacked 20:20 --- Send in a voice message: https://anchor.fm/hnasr/message…
 
Auth0 went down on April/20/2021 and this is the early report. Let us discuss.This incident affects: Auth0 US (PROD) (User Authentication, Machine to Machine Authentication, Multi-factor Authentication, Management API), Auth0 US (PREVIEW) (User Authentication, Machine to Machine Authentication, Multi-factor Authentication, Management API), and Mana…
 
Let us discuss the complexity behind this trojan hack, the multi-layer approach of hiding the RAT (remote access trojan) is absolutely genius. https://en.wikipedia.org/wiki/HTML_Application https://en.wikipedia.org/wiki/Portable_Network_Graphics https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-f…
 
In this episode, we speak with Tarush Aggarwal. Tarush is the founder of 5xdata, where he helps companies build a strong data foundation with self-service BI to enable the business. Prior to starting 5xData he was one of the first data engineers on the analytics team Salesforce and helped scale the data team WeWork from 5 to 100+. Top 3 Value Bombs…
 
Few vulnerabilities in WhatsApp for Andriod discovered that allow an attacker to send an HTML file attachment full access to the user's media, voice notes, pictures, and eventually chat messages (through TLS session resumption keys). In this video, we will discuss the scope of this attack. The vulnerabilities have been patched by facebook.Full arti…
 
Leaky abstractions occur when the consumer of the abstraction started asking questions about certain behavior which ends up with the need to understand the details behind the abstraction. Joel Spolsky coined this term and in this video I’d like to discuss this concept and provide few examples of my own experience towards leaky abstractions. Let us …
 
In today’s episode, we will speak with Peter Voss and discuss the current landscape of AI, the next wave of AI called Artificial General Intelligence, and how organizations today can level up their chatbots to create satisfied customers. Peter Voss is a Serial Entrepreneur, and Pioneer in Artificial Intelligence. Who coined the term ‘AGI’ (Artifici…
 
In this episode, we will discuss NULLs in database systems. I’ll go through the following: What is Null? NULLs persistence Whether you store a 0 or 2 billion value in the field 32bit integer field it costs 32 bit when you store a NULL in 32 bit integer field we save 32 bit but add overheads When NULLs are naughty Semantics and inconsistent result S…
 
The open web application security project is a recognized entity that helps developers identify critical security vulnerabilities to build secure web applications. In this video I will go through the 10 vulnerabilities and explain each one and give examples and anecdotes from real life examples. 0:00 Building Secure Backends 2:30 Injection 4:50 Bro…
 
Caching is the hardest problem in building software, and having the browser cache is not any different. In this video, I'll discuss Jake Archibald's article https://jakearchibald.com/2016/caching-best-practices/ 0:00 Intro 2:00 Pattern 1: Immutable content + long max-age 5:40 Pattern 2: Mutable content, always server-revalidated 8:00 max-age on mut…
 
In today’s episode, we will speak with Kapil Surlaker, the vice president of engineering at LinkedIn. Kapil has been with LinkedIn for over 10 years and has played an instrumental role in shaping the data architecture that LinkedIn is built on top of. In this episode, we cover a wide range of topics surrounding data architecture from: How metadata …
 
Write Amplification Is a phenomenon where the actual writes that physically happen are multiples of the actual writes desired. In this episode, I'll discuss 3 types of write amplifications and their effects on performance and lifetime of storage mediums. 0:00 intro 2:00 Application write amplification 4:30 Database write amplification 9:30 SSD Disk…
 
Microsoft Had an Outage on April 1st that is caused by DNS surge, let us discuss this. Bonus I’ll also discuss the outage that happened on March 18th cpu 100% utilization RCA - DNS issue impacting multiple Microsoft services (Tracking ID GVY5-TZZ) Summary of Impact: Between 21:21 UTC and 22:00 UTC on 1 Apr 2021, Azure DNS experienced a service avai…
 
Hey Hussein I have a 2 million row table used in my CRUD python app, I’m worried that as the table grow my inserts will slow down, should I consider sharding my database or partition the table? thank you I’m avid of simplicity in design if I can do it in one machine I’ll do it. Sharding/Partitioning are all great inserts are fast, queries are slow …
 
Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. The…
 
Two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The commits were found and reverted two hours after it was committed. PHP is moving to github as a result. Article https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ --- Send…
 
In today’s episode, we will speak with Chris Bergh, a pioneer in the DataOps landscape and the CEO at DataKitchen, a DataOps Platform that Simplifies Complex Data Toolchains and Environments Top 3 Value Bombs: DataOps is not just DevOps for data Any organization can get started today and start implementing DataOps practices. Start small and priorit…
 
We have been told to take care of our private key that we use on backend servers without clear instructions as to what could happen when that key is leaked. In today’s backend engineering show I discuss exactly what could go wrong when your backend server private key is leaked. Let us discuss Intro 0:00 What is a Certificate? 1:10 Where is the Priv…
 
6 months ago, Jake Miller released a blog article and python tool describing H2C smuggling, or http2 over cleartext smuggling. By using an obscure feature of http2, an attacker could bypass authorization controls on reverse proxies. Sean managed to leverage Jack’s original research to bypass reverse proxy rules, lets discuss My original Video on Ja…
 
On Thursday, OpenSSL maintainers released a fix for two high severity vulnerabilities, let us discuss the impact. OpenSSL two major vulnerabilities 0:00 why OpenSSL 1:00 Bug 1 - Renegotiating TLS 1.2 (CVE-2021-3449) 3:50 Bug 2 - Cert verification bypass (CVE-2021-3450) 8:42 Update to OpenSSL 1.1.1k 12:30 Resources https://www.openssl.org/news/vulne…
 
Node JS Is single-threaded asynchronous non-blocking javascript runtime, but it's not always single-threaded there are occasions where nodejs uses multi-threading, so the questions we will try to answer in this video, when is nodejs single-threaded and when does it use multi-threading and how will that affect my app? Event Loop single thread, that …
 
In today’s episode, we will speak with Manny Bernabe and discuss the current landscape of AI, how to get started implementing AI solutions and what organizations should be doing today to set them up AI success in the future. Manny is the founder of BigPlasma.ai and has 10+ years of experience creating and deploying AI & Machine Learning solutions a…
 
Slack started migrating from HAProxy to Envoy for their backend architecture, in this video, I’ll discuss their recent article when they moved the WebSockets portions, why they moved from HAProxy to Envoy and their production plans. Resources Article https://slack.engineering/migrating-millions-of-concurrent-websockets-to-envoy/ RFC8441 https://too…
 
In this video, I'll discuss RFC8441 bootstrapping WebSockets with HTTP/2 which I believe a critical protocol to allow WebSockets tunneling to scale on the backend. We will also discuss the current state of the art of Proxy and Backend Supports for this tech. Let us have a discussion. 0:00 Intro 3:00 WebSockets over HTTP/2 7:40 Proxy Supports 13:15 …
 
In this video we will explore one of the most popular side attacks CRIME Compression Ratio Info-leak Made Easy) and the different ways to mitigate this. Intro 0:00 * HTTP/1.1 SPDY header compression 4:00* TLS compression * Response body attackers can’t inject 13:00 * Mitigations 14:10 * HPACK/QPACK * TLS Padding --- Send in a voice message: https:/…
 
In today’s episode, we will speak with Susan Walsh and learn why organizations struggle with creating and maintaining high-quality data and the steps she takes to resolve data issues. Susan Walsh has nearly a decade of experience fixing your data and founded the classification guru. Susan is a specialist in data classification and data cleansing. S…
 
On March 15, 2021, users couldn’t sign in to Microsoft services the majority of the impact was with teams but other services were affected. A similar outage happened back in Sep 2020 (I covered it here https://www.youtube.com/watch?v=0ozri9APCv0&t=68s) Microsoft 365 Service health status https://twitter.com/MSFT365Status/status/1371546946263916545 …
 
In today's show, I'll answer the question do backend connections max out? There are many aspects to this question and I want to try to tackle all of them. I'll also mention the efforts that the @Cloudflare and team are doing to improve the CONNECT with MASQUE protocol Tune in to the Backend engineering Show with Hussein Nasser on your fav podcast p…
 
OVHcloud is Europe's largest cloud provider, with facilities across the region. They were hit with a big fire that completely destroyed an entire datacenter. What happened? 0:00 What is the effect? 3:00 What OVH is going to do? 6:00 Resources https://www.ovh.ie/news/press/cpl1786.fire-our-strasbourg-site http://travaux.ovh.net/?do=details&id=49484 …
 
Firefox is implementing a feature that might end website tracking, let's get into how it works. https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ https://hacks.mozilla.org/2021/02/introducing-state-partitioning/ --- Send in a voice message: https://anchor.fm/hnasr/message
 
On the evening of March 8, GitHub invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution to protect users from an extremely rare, but potentially serious, security vulnerability affecting a very small number of GitHub.com sessions. Let us discuss https://github.blog/2021-03-08-githu…
 
In today’s episode, we will speak with Jesse Anderson and learn how to run successful big data projects and how to resource your teams. Jesse is a big data expert at Big Data Institute, who’s worked with startups to Fortune 100 companies. He has taught over 30,000 people the skills to become data engineers and is published in prestigious publicatio…
 
For the longest time, all browsers will always use HTTP in schemeless URLs (when HTTP or HTTPS is not specified). Chrome is flipping this with version 90 Chapters * HTTPS by Default 0:00 * What happens Today 1:00 * What will happen in Chrome 90 4:00 * HSTS? 6:20 * is HTTPS everywhere dead? 7:10 * How to Enable 8:20 Video https://youtu.be/XrlfX0duLK…
 
In today’s episode, you will hear from the co-founders of eXate Peter Lancos and Sonal Rattan. eXate streamlines, automates and simplifies the processes of storing, interpreting, and extracting value from data assets. It democratizes data privacy for organizations by providing a simple, embedded platform that automates the technical enforcement of …
 
MinIO, an S3 Compliant object-store suffered from a Server Side Request Forgery Vulnerability in early Feb 2021 which has been fixed quickly and addressed. In this video we go through the bug and what can we learn from it --- Send in a voice message: https://anchor.fm/hnasr/message
 
In this video, I discuss why QUIC will make a great communication protocol for databases and how it solves a critical problem with stateless web applications. Web applications use database connection pooling to establish database connections on the backend. But that creates other sorts of problems. --- Send in a voice message: https://anchor.fm/hna…
 
Nodejs Updates are now available for v10.x, v12.x, v14.x and v15.x Node.js release lines for the following issues. 0:00 Intro 1:50 HTTP/2 Unknown Protocol 4:24 Localhost6 DNS Rebinding 6:55 Integer overflow OpenSSL Resources https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ --- Send in a voice message: https://anchor.fm/hnas…
 
In today's episode you will hear from Doug Laney, a best-selling author and recognized authority on data and analytics strategy. Doug’s book, Infonomics: How to Monetize, Manage, and Measure Information for Competitive Advantage, was selected by CIO Magazine as the “Must-Read Book of the Year” and one of the “Top 5 Books for Business Leaders and Te…
 
In today’s episode, you will hear from Chris Testa-O'Neill, a thought leader in the Microsoft Data and AI space, currently, part of the World Wide Learning team at Microsoft scaling his knowledge to thousands of people through his official Microsoft Learn content and Microsoft courses. Top 3 Value Bombs: Why Microsoft is merging the DP-200 and DP-2…
 
In today’s episode, you will hear from Laura Madsen with 20+ years in data and analytics, authoring books on data governance and healthcare analytics, and co-founded Minneapolis-based consulting firm Via Gurus. Top 3 Value Bombs: Data governance should be democratized throughout the organization Data Governance is a journey, not a destination. Most…
 
This is unacceptable and the entitlement towards open-source maintains needs to STOP! Danial’s blog https://daniel.haxx.se/blog/2021/02/19/i-will-slaughter-you/ Support curl by becoming a backer https://opencollective.com/curl#backer --- Send in a voice message: https://anchor.fm/hnasr/message
 
Let us go through an absolutely fantastic article and journey of how a single change in HAProxy config drove this SRE into a frenzy to find out what went wrong. A fantastic read. https://about.gitlab.com/blog/2021/01/14/this-sre-attempted-to-roll-out-an-haproxy-change/?utm_medium=social&utm_source=linkedin&utm_campaign=blog --- Send in a voice mess…
 
From time to time I like to loiter on people’s GitHub Repos look through issues submitted and see if there are interesting hidden gems and bugs that would make a good lesson or learning experience and boy did I find one for you. This bug is caused in stripe-node code in AWS Lambda serverless environment where requests are failing intermittently. We…
 
Loading …

Guia rápido de referências

Google login Twitter login Classic login