The Backend Engineering Show with Hussein Nasser

In this live stream we have a Q&A about Communication Protocols in the Backend , enjoy. We Talk about Masque, WebTransport, WebSockets, TCP, UDP and more

A group of researchers from UC Riverside and Tsinghua University announced a new attack against the Domain Name System (DNS) called SAD DNS (Side channel AttackeD DNS). In this video I explain this attack 0:00 Intro 1:00 What is DNS? 3:10 Original DNS Poisoning 6:30 DNS Poisoning with Fragmentation Attack 9:30 ICMP Explained 13:00 DNS Poisoning with ICMP Error Messages   Resources https://blog.cloudflare.com/sad-dns-explained/ https://www.saddns.net/ https://bit.ly/3lHTn45 https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

There is a new Protocol called WebTransport, it sets to solve some limitations in WebSockets, the question is will this completely replaces WebSockets? I’ll leave this question to you guys. Let us discuss Resources https://www.youtube.com/watch?v=jTBM9CDO_Wk&feature=youtu.be https://datatracker.ietf.org/doc/draft-kinnear-webtransport-http2/ https://datatracker.ietf.org/doc/draft-vvv-webtransport-http3/ https://datatracker.ietf.org/doc/draft-vvv-webtransport-quic/

FireFox Enables HTTPS Only Mode, let us discuss  https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ What does it mean? Death of HSTS? No more plugins Will it ever become default? (Government sites unencrypted, backward compatible)

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses. (CVE-2020-8277)  I discuss this attack in this video and whether you should fix it.  Impacts: * Versions 12.16.3 and higher on the 12.x release line * Versions 14.13.0 and higher on the 14.x release line * All versions of the 15.x release line   Resources https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#:~:text=Denial%20of%20Service%20through%20DNS,a%20larger%20number%20of%20responses. Code Fix  https://github.com/nodejs/node/commit/022899e1d5

In this Livestream we discuss the following topic  Facebook moving to QUIC https://engineering.fb.com/2020/10/21/networking-traffic/how-facebook-is-bringing-quic-to-billions/ Multiplexed Application Substrate over QUIC Encryption (masque) https://datatracker.ietf.org/wg/masque/about/ KIP500, Kafka removing ZooKeeper https://www.confluent.io/blog/how-to-prepare-for-kip-500-kafka-zookeeper-removal-guide/ DotNET 5 https://devblogs.microsoft.com/dotnet/announcing-net-5-0/

HTTP CONNECT Method allows the client to create a tunnel through a proxy to forward any free-form content through it. Let us discuss why do the pros and cons of this 0:00 Intro 1:45 HTTP Proxy 5:50 HTTPS Proxy 9:40 HTTP CONNECT 14:15 HTTP CONNECT Chaining 16:10 Pros & Cons of CONNECT 23:20 MASQUE Resources https://tools.ietf.org/html/rfc7231#section-4.3.6 Multiplexed Application Substrate over QUIC Encryption (masque) https://datatracker.ietf.org/wg/masque/about/ What if you want to connect to the secure site? cards 18:40 http/2 clear smuggling https://www.youtube.com/watch?v=B2VEQ3jFq6Q 17:40 layer 4 proxy https://www.youtube.com/watch?v=aKMLgFVxZYk 16:50 WebSockets https://www.youtube.com/playlist?list=PLQnljOFTspQUGjfGdg8UvL3D_K9ACL6Qh 21:00 HTTP/2 https://www.youtube.com/watch?v=fVKPrDrEwTI

HTTP/2 Push is being removed since it is very difficult to implement and has no added value. Let us discuss  Resource https://groups.google.com/a/chromium.org/g/blink-dev/c/K3rYLvmQUBY/m/vOWBKZGoAQAJ Video https://www.youtube.com/watch?v=uAfNRJJ_BrA

An article from 2016 which caused lots of discussions in the software engineering community. We bring it back and open old wounds and discuss it again.  0:00 Intro 3:00 Problems with Architecture of Postgres 4:00 Postgres on-Disk Format 9:45 Replication 13:19 Write Amplification 16:44 Replication Bandwidth 21:16 Data Corruption 24:00 Replica MVCC 31:30 Postgres Upgrades 33:00 MySQL on-Disk Format 37:00 MySQL Replication 40:00 Connection Handling https://eng.uber.com/postgres-to-mysql-migration/ https://news.ycombinator.com/item?id=12166585

WebRTC (Web Real-Time Communication) is a free, open-source project that provides web browsers and mobile applications with real-time communication (RTC) via simple application programming interfaces (APIs). In this video I go through webrt and discuss all the concepts of WebRTC in details. We will learn about NAT, STUN, TURN, ICE, SDP, Signaling and we will show a demo too! Finally we will talk about the pros & cons 0:00 Intro 3:44 WebRTC Overview 11:17 NAT 16:54 NAT Translation Methods 26:20 STUN 33:30 TURN 35:00 ICE 38:00 SDP 40:52 Signaling 43:30 WebRTC Demo 1:00:00 WebRTC Pros & Cons 1:04:00 Bonus WebRTC Content ! tags webrtc, Web Real-Time Communication, webrtc video, webrtc samples, webrtc tutorial, webrtc , interactive connectivity establishment ice , session description protocol, session initiation protocol, peer to peer, getUserMedia, RTCPeerConnection