The Backend Engineering Show with Hussein Nasser

This episode of the backend engineering show is sponsored by my friends at RedisLabs. I’m going to break this video into three sections, we will first define features that qualify a primary database? Then we will see if Redis actually check the boxes of a primary database and finally we explore the features of Redis that take it beyond a primary database. I was personally surprised by most of those. Chapters 0:00 Intro 1:00 What Qualifies a primary database 3:00 Does Redis Check the boxes? 7:40 beyond Redis Resources Try Free: https://bit.ly/3hWr1Uj Redis Advantages: https://bit.ly/3ztx2xw Martin Fowler talking about Impedance Mismatch: https://bit.ly/36ZEOD8 Transactions: https://bit.ly/3wTMKAw ACID 0.5 MM Ops/Seconds on AWS: https://bit.ly/3ruMB5s Consistency and Durability: https://bit.ly/3wYNLr8 Watch and Rollbacks: https://redislabs.com/blog/you-dont-need-transaction-rollbacks-in-redis/#:~:text=Redis%20has%20a%20main%2C%20single,is%20required%20to%20implement%20WATCH Redis Enterprise https://redislabs.com/redis-enterprise/advantages/ https://redis.io/topics/transactions#cas https://redislabs.com/blog/you-dont-need-transaction-rollbacks-in-redis/#:~:text=Redis%20has%20a%20main%2C%20single,is%20required%20to%20implement%20WATCH. https://docs.redislabs.com/latest/rs/concepts/data-access/consistency-durability/

There was a two hours DNS outage on a company called Akamai that broke several services today July 22, 2021, https://appleinsider.com/articles/21/07/22/akamai-dns-problem-causing-wide-internet-issues Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🔥 Members Only Content https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg Support my work on PayPal https://bit.ly/33ENps4 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses

IIS (Internet Information Services) is Microsoft's Windows web server. It is feature-rich and very easy to enable. I have been using it for a long time but I noticed I never actually make a video about it. In this video, I'll explore the IIS binding and explain all the options in that form. I might make more videos in the future to explore different aspects of this web server. Videos mentioned Leaky abstractions https://youtu.be/4a3bI7AYsy4 HTTP/2 Limitations https://youtu.be/CUiBVTcgvBU OCSP Stapling https://youtu.be/g08Omc1wi0s Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🔥 Members Only Content https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg Support my work on PayPal https://bit.ly/33ENps4 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses

In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss. 0:00 Intro 1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash 3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation 7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS) Resources https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ https://hackerone.com/reports/1211160 https://snyk.io/vuln/SNYK-JS-SSRI-1085630

🧑‍🏫 Courses I Teach https://husseinnasser.com/courses In this episode, I’d like to discuss the methods of scaling CPU-bound or intensive workloads on the backend. This show will discuss the scaling of the workload on a single machine taking full advantage effectively of all its resources, then we will discuss horizontal scalability to multiple machines. 0:00 Intro 1:00 What do I mean by Scaling 3:20 CPU-Intensive/Bound Workload 6:00 Effective Scaling CPU-Bound Backends in Single Machine 12:00 How Hyperthreading can be useful 15:00 Horizontally Scale to multiple Machines SO_REUSEPORT https://lwn.net/Articles/542629/ @Gary Explains Hyperthreading https://www.youtube.com/watch?v=mSZpDF-zUoI Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🔥 Members Only Content https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg Support my work on PayPal https://bit.ly/33ENps4 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses

MongoDB, Postgres, Microsoft SQL Server, or MySQL, or any other database manages concurrency control differently. There are two methods, pessimistic and optimistic, both have their pros and cons. Let explore how different databases implement this and what is the effect on performance/scalability. This is often known as Optimistic vs pessimistic locking. Although I don't really like to use locking with this because it confuses the story. 0:00 Intro 2:20 What is Concurrency Control 6:00 Pessimistic Concurrency Control 14:50 Optimistic Concurrency Control Resources https://www.postgresql.org/docs/13/mvcc.html http://source.wiredtiger.com/develop/architecture.html https://docs.microsoft.com/en-us/troubleshoot/sql/performance/resolve-blocking-problems-caused-lock-escalation Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🔥 Members Only Content https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg Support my work on PayPal https://bit.ly/33ENps4 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses 

@MrRajputHacker @Th3Pr0xyB0y found critical universal XSS (an XSS that affects the entire browser, not just one page) on Microsoft Edge. They responsibly reported the bug and detailed it in their article. Let us discuss Resources https://cyberxplore.medium.com/how-we-are-able-to-hack-any-company-by-sending-message-including-facebook-google-microsoft-b7773626e447 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses

In this episode of the backend engineering show I'll discuss the difference between b-tree and b+tree why they were invented, what problems do they solve, and the advantages and disadvantages of both. I'll also discuss the limitation of implementing b-tree over b+tree and how Discord ran into a memory limitation using b-tree Mongo. Check out my udemy Introduction to Database Engineering course https://husseinnasser.com/courses    Learn the fundamentals of database systems to understand and build performant backend apps 0:00 Data structure and algorithms 1:30 Working with large datasets 6:00 Binary Tree 8:30 B-tree 19:30 B+ tree 22:00 B-tree vs B+ tree benefits 25:00 MongoDB Btree Indexes Trouble 30:00 Summary working with a billion row table (Members only) https://youtu.be/wj7KEMEkMUE indexing video https://youtu.be/-qNSXK7s7_w Discord moving from MongoDB to Cassandra https://www.youtube.com/watch?v=86olupkuLlU https://blog.discord.com/how-discord-stores-billions-of-messages-7fa6ec7ee4c7 MongoDB Indexes https://docs.mongodb.com/manual/indexes/ Postgres Indexes https://www.postgresql.org/docs/13/btree-implementation.html btree code https://www.cs.usfca.edu/~galles/visualization/BPlusTree.html https://www.cs.usfca.edu/~galles/visualization/BTree.html Support my work on PayPal https://bit.ly/33ENps4   Become a Member on YouTube  https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑‍🏫  Courses I Teach https://husseinnasser.com/courses

SSH Wormable, Written in Bash and VERY hard to detect. Let’s discuss the DarkRadiation ☢️ Ransomware. This new ransomware is cut from a different cloth. Let us discuss * SSH Wormable * Encrypts with AES (OpenSSL) * It mutates so anti-viruses can’t catch it * Bash * Still under development https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat--and-debian-based-linux-distributions.html Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses

The ALPACA attack stands for application layer protocol confusion attack and discovered by a group of German computer scientists. Let us spend some time analyzing how this attack really works and how dangerous this is. Resources https://alpaca-attack.com/ALPACA.pdf https://var.thejh.net/http_ftp_cross_protocol_mitm_attacks.pdf https://github.com/RUB-NDS/alpaca-code https://github.com/RUB-NDS/alpaca-code/blob/master/testlab/servers/files/nginx-attacker/html/upload/ftps.html https://twitter.com/lambdafu/status/1404567396443164683 Support my work on PayPal https://bit.ly/33ENps4 Become a Member on YouTube https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join 🧑‍🏫 Courses I Teach https://husseinnasser.com/courses