The Backend Engineering Show with Hussein Nasser

What scared me about this bug is how EASY it is to execute, no MITM, no special software.. its all exploiting of existing software.. Let us discuss   The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android intent URIs with zero user interaction.  This attack can be leveraged by attackers on the same WiFi network and manifests as applications on the target device suddenly launching, without the users' permission, and conducting activities allowed by the intent.   Resources https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020 https://twitter.com/init_string  https://twitter.com/LukasStefanko/status/1307013106615418883

Google Bot is now attempting to use HTTP/2 to crawl the web Ever since mainstream browsers started supporting the next major revision of HTTP, HTTP/2 or h2 for short, web professionals asked us whether Googlebot can crawl over the upgraded, more modern version of the protocol. Today we're announcing that starting mid November 2020, Googlebot will support crawling over HTTP/2 for select sites. Article https://webmasters.googleblog.com/2020/09/googlebot-will-soon-speak-http2.html * Intro 0:00 * What is a Crawler 1:06 * Current Crawler uses h1 2:00 * Crawler now uses h2 4:40 * Less connections, slightly high CPU usage 6:30 * Opting out of h2 crawling 9:00 * FAQ 11:40 Http/2 playlist 0;50 https://www.youtube.com/playlist?list=PLQnljOFTspQWbBegaU790WhH7gNKcMAl- http/2 not cheap 7;00 https://www.youtube.com/watch?v=GriONb4EfPY lucid chart 9;50 https://www.youtube.com/watch?v=gejfT1h6LBo h2c smuggling 18:30 https://www.youtube.com/watch?v=B2VEQ3jFq6Q

In this video, I explain how I got better at communicating my thoughts, opinions and ideas and how making content on YouTube Channel actually helped. I still have a long way but I found that making content and continuously trying to get better at delivering the core point helps.

There was a recent article titled Stop Using React which spawned lots of discussions. I want to give my thoughts on this article and React in general.   Resources https://dev.to/ender_minyard/why-you-should-stop-using-react-g7c  https://timkadlec.com/remembers/2020-04-21-the-cost-of-javascript-frameworks/   0:00 Intro 3:20 Its Slow 8:30 Its expensive 12:00 its inaccessible 14:00 React goes against the web 18:00 made by facebook 21:00 my thoughts

In this video, I discuss 3 methods to work with tables of billion rows. This discussion is inspired by a comment on my YouTube video on Twitter System Design right here https://www.youtube.com/watch?v=gfq-LG9ZJQA&lc=UgyYbm5889dW0XtKhsV4AaABAg Chapters Intro 0:00 1. Brute Force Distributed Processing 2:30 2. Working with a Subset of table 3:35 2.1 Indexing 3:55 2.2 Partitioning 5:30 2.3 Sharding 7:30 3. Avoid it all together (reshuffle the whole design) 9:10 Summary 11:30

It seems like these incidents are very common and not sure why ElasticSearch in particular. Let us discuss      https://www.zdnet.com/article/leaky-server-exposes-users-of-dating-site-network/

Some of you asked me how to deal with stress at my work and my content creation here on YouTube I share my thoughts with you Intro 0:00 Stress from Work 2:40 Feeling down with no clear reason 7:13 Feeling anxious overwhelmed with stuff to learn 14:55 Pandemic 21:14

Unimog is a layer 4 load balancer built for Cloudflare scale. Cloudflare has written a great blog about it so let us discuss this technology. Video: https://youtu.be/Q0irm6xzNNk Resources https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/ 0:00 Intro 3:33 Layer 4 vs Layer 7 Load Balancers 7:00 Anycast 13:45 Packet Forwarding 23:30 XDP and Network stack 26:45 Maintaining established connection 31:00 Edge Computing 32:00 UDP Routing 33:00 Unimog Summary 34:00 Open Source Software 36:00 K8 Rant 40:00 Conclusion Cards 6:30 L4 vs L7 proxying https://www.youtube.com/watch?v=aKMLgFVxZYk 12:30 vip https://www.youtube.com/watch?v=85XY7H2JPbs 13:30 tcp handshake https://www.youtube.com/watch?v=bW_BILl7n0Y&t=5s

Jake Miller a security researcher discovered a serious flaw in proxies that allow h2c clear text upgrade and bypass proxy rules. Let us discuss Thanks to @Textras for sending this article! https://twitter.com/thebumblesec/status/1303305853525725184?s=21 https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c?hs_amp=true

Apache Kafka is an interesting software, every design decision the team makes perfect sense. I decided to dive deep into the discussion of the consumer group concept which is underrated and talk more about it. 0:00 Intro 1:24 Messaging Systems Explained 3:30 Partitioning 4:30 Pub/Sub vs Queue 6:55 Consumer Group 10:00 Parallelism in Consumer Group 10:30 Partition awareness in Consumer Group 11:30 Achieving Pub/Sub with Consumer Group 14:00 Head of Line blocking in Kafka