The Backend Engineering Show with Hussein Nasser
Welcome to the Backend Engineering Show podcast with your host Hussein Nasser. If you like software engineering you’ve come to the right place. I discuss all sorts of software engineering technologies and news with specific focus on the backend. All opinions are my own.
Most of my content in the podcast is an audio version of videos I post on my youtube channel here http://www.youtube.com/c/HusseinNasser-software-engineering
Buy me a coffee
https://www.buymeacoffee.com/hnasr
🧑🏫 Courses I Teach
https://husseinnasser.com/courses
Latest episodes
Apr 20, 2021 • 11min
Auth0 Outage (Early report)
Auth0 went down on April/20/2021 and this is the early report. Let us discuss.
This incident affects: Auth0 US (PROD) (User Authentication, Machine to Machine Authentication, Multi-factor Authentication, Management API), Auth0 US (PREVIEW) (User Authentication, Machine to Machine Authentication, Multi-factor Authentication, Management API), and Management Dashboard (manage.auth0.com).
0:00 Update on Auth0 outage
6:00 Speculation of the outage
https://auth0.com/blog/how-we-store-data-in-the-cloud-at-auth0/#Redis
https://status.auth0.com/incidents/zvjzyc7912g5?u=v0zzz6jxvbv7
Apr 20, 2021 • 15min
North Korean Hackers Hide Malicious Code within BMP image, Goes Undetected by AntiVirus software
Let us discuss the complexity behind this trojan hack, the multi-layer approach of hiding the RAT (remote access trojan) is absolutely genius.
https://en.wikipedia.org/wiki/HTML_Application https://en.wikipedia.org/wiki/Portable_Network_Graphics https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/
Apr 18, 2021 • 22min
These New WhatsApp Vulnerabilities Can Leak Images, Voice Notes, and Chat by Opening an HTML message
Few vulnerabilities in WhatsApp for Andriod discovered that allow an attacker to send an HTML file attachment full access to the user's media, voice notes, pictures, and eventually chat messages (through TLS session resumption keys). In this video, we will discuss the scope of this attack. The vulnerabilities have been patched by facebook.
Full article from CENSUS labs discussing in detail how to carry POC attack. https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
Apr 17, 2021 • 38min
A Look into Modern Leaky Abstractions - Postgres, MySQL, HTTP/2, TCP, ORMs GraphQL, N+1, Axios, git
Leaky abstractions occur when the consumer of the abstraction started asking questions about certain behavior which ends up with the need to understand the details behind the abstraction. Joel Spolsky coined this term and in this video I’d like to discuss this concept and provide few examples of my own experience towards leaky abstractions. Let us get on with the show.
6:00 Postgres Dead Tuples
7:25 MySQL Clustering
9:23 Axios HTTP Library
11:30 ORMs (N+1)
13:30 Beyond Abstractions
15:30 TCP
19:30 HTTP/2
27:00 Microservices
28:40 Index Only Scans Postgres
33:35 git
34:50 Summary
Support my work on PayPal
https://bit.ly/33ENps4
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
🧑🏫 Courses I Teach
https://husseinnasser.com/courses
Apr 15, 2021 • 13min
Here is what caused the Hack to PHP Source Code git Server
Two weeks ago the PHP source code git server got hacked and two malicious commits were made to the source code. Since then the PHP maintainers identified the source of the hack, let us discuss
Apr 12, 2021 • 12min
If I wasn’t a Backend Engineer, I would pick this as my career - Q&A April 2021
Light episode today let's have some fun with Q&A, I collected some questions on Twitter and YouTube community and I'm going to attempt to answer them here.
Support my work on PayPal
https://bit.ly/33ENps4
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
🧑🏫 Courses I Teach
https://husseinnasser.com/courses
Apr 11, 2021 • 23min
Can NULLs Improve your Database Queries Performance? - The Backend Engineering Show
In this episode, we will discuss NULLs in database systems. I’ll go through the following:
What is Null?
NULLs persistence
Whether you store a 0 or 2 billion value in the field 32bit integer field it costs 32 bit
when you store a NULL in 32 bit integer field we save 32 bit but add overheads
When NULLs are naughty
Semantics and inconsistent result
Select count(*). Includes nulls
count(column) ignores nulls
T is NULL returns the null rows
T is NOT NULL returns not null rows
T In (NULL) returns nothing
T not in NULL returns nothing
Some database don’t index nulls
When NULLs are useful
I don’t have value , I don’t wish to provide a birthday
not applicable field for certain use cases but not others fat tables (denormlization)
Fat tables with many columns makes your rows longer which means fewer rows fit in your page (show pic).. NULLs help here .. that are NULL, it yields shorter rows, instead of storing a default 0 value
Support my work on PayPal
https://bit.ly/33ENps4
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
🧑🏫 Courses I Teach
https://husseinnasser.com/courses
Apr 7, 2021 • 29min
10 Vulnerabilities to watch for When building secure backend application (OWASP recommendations)
The open web application security project is a recognized entity that helps developers identify critical security vulnerabilities to build secure web applications. In this video I will go through the 10 vulnerabilities and explain each one and give examples and anecdotes from real life examples.
0:00 Building Secure Backends
2:30 Injection
4:50 Broken Authentication
6:43 Sensitive Data Exposure
11:00 XML External Entities (XXE)
13:45 Broken Access Control
17:00 Security Misconfiguration
19:00 XSS
22:45 Insecure Deserialization.
24:48 Using Components with Known Vulnerabilities.
26:00 Insufficient Logging & Monitoring.
Resources
https://owasp.org/www-project-top-ten/
Cards
2:50 SQL Injection https://www.youtube.com/watch?v=Azo9tDUtC9s
4:20 Best practices building REST https://www.youtube.com/watch?v=6zHWU7zBep0&list=PLQnljOFTspQUybacGRk1b_p13dgI-SmcZ&index=4
8:30 TLS playlist youtube.com/playlist?list=PLQnljOFTspQW4yHuqp_Opv853-G_wAiH-
15:00 HTTP Smuggling https://www.youtube.com/watch?v=PFllH0QccCs
19:22 XSS https://www.youtube.com/watch?v=pD6C1-zSxIM
25:10 OpenSSL Crash https://youtu.be/aDPQ0_MyRnc
Support my work on PayPal
https://bit.ly/33ENps4
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
🧑🏫 Courses I Teach
https://husseinnasser.com/courses
Apr 7, 2021 • 19min
Browser Caching best practices, when to use no-cache vs max-age without breaking your site
Caching is the hardest problem in building software, and having the browser cache is not any different. In this video, I'll discuss Jake Archibald's article
https://jakearchibald.com/2016/caching-best-practices/
0:00 Intro
2:00 Pattern 1: Immutable content + long max-age
5:40 Pattern 2: Mutable content, always server-revalidated
8:00 max-age on mutable content is often the wrong choice
12:20 CDN and Caching
Article
https://jakearchibald.com/2016/caching-best-practices/
https://twitter.com/jaffathecake
Apr 5, 2021 • 22min
Write Amplification Explained in Backend Apps, Database Systems and SSDs
Write Amplification Is a phenomenon where the actual writes that physically happen are multiples of the actual writes desired. In this episode, I'll discuss 3 types of write amplifications and their effects on performance and lifetime of storage mediums.
0:00 intro
2:00 Application write amplification
4:30 Database write amplification
9:30 SSD Disk write amplification
16:00 SSD hates BTrees
20:00 summary
Resources
https://en.wikipedia.org/wiki/Write_amplification
https://www.cybertec-postgresql.com/en/hot-updates-in-postgresql-for-better-performance/
https://youtu.be/5Mh3o886qpg
