The Backend Engineering Show with Hussein Nasser

Github security team has found a remote execution code in Node.JS library changelog. In this video I describe the bug and go through the code  Resources https://portswigger.net/daily-swig/github-security-team-finds-remote-code-execution-bug-in-popular-node-js-changelog-library https://github.com/conventional-changelog/standard-version/pull/351/files https://github.com/advisories/GHSA-7xcx-6wjh-7xp2

In this video I discuss the VPN Leak of 1.2 TB of user logs data, IP addresses, password and much more   Resources https://www.theregister.com/2020/07/17/ufo_vpn_database/ https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/

In July / 17 Cloud Flare had a 27 minutes outage, we discuss this outage what caused it and my thoughts on this ..  https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/

A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam. In this video I discuss this attack

Server-Sent Events or SSE is when the server sends events to the client in a unidirectional manner. In this video I explain Server-Sent Events and compare it to websockets and HTTP and Long Polling.   Source Code https://github.com/hnasr/javascript_playground/tree/master/server-sent-events  Resources https://developer.mozilla.org/en-US/docs/Web/API/EventSource   0:00 Intro 1:50 HTTP 1.0/1.1 3:40 WebSockets 5:00 Server Sent Events 7:30 SSE Use Cases 9:00 SSE Code Example 18:00 SSE Pros & Cons 25:20 Do You Need SSE? 28:30 Summary

In this video I go through all possible ways the US can use to block TikTok?  0:00 Intro 0:22 App Stores 1:30 DNS 2:20 ISP Level Block  3:30 DOH/ DOT 5:00 SNI  5:50 VPN

This is a question from one of you guys that I thought I'd answer in its own video since its loaded.  Q/A - Shark Beak I currently have the same setup for my side project. What do you think about having a 'create table if not exist' running on startup that creates this table? Good/bad?    It is always a good idea to have a specific database user for each route with specific permissions and use connection pooling as much as possible.

ZeroMQ is an Open Source Messaging Library designed for a high-performance asynchronous messaging library. In this video I discuss this tech and build a simple queue with this tech 0:00 Intro 1:48 What is ZeroMQ? 4:48 Messaging Patterns 6:42 Socket Types 8:55 Simple Queue 11:00 Code 23:20 ZeroMQ Pros & Cons 29:30 Summary Source Code https://github.com/hnasr/javascript_playground/tree/master/zeromq-simplequeue Resources https://github.com/booksbyus/zguide/tree/master/examples/Node.js https://en.wikipedia.org/wiki/ZeroMQ https://blog.scottlogic.com/2015/03/20/ZeroMQ-Quick-Intro.html http://zguide.zeromq.org/page:chapter3#advanced-request-reply Outline What is ZeroMQ? Message library Message Patterns Broker less Simple you build the components that you need Sockets Types REQ REP PUSH PULL ROUTER DEALER Message PatternS Synchronous Request/Response Asynchronous Request/Response Publish/Subscribe Push/Pull Exclusive Pair Example! (Simple Queue (Push Pull)) Pros & Cons Pros Simple (meh) Efficient lightweight Great for small use cases Cons You have to write customize If you are building a large distributed message queue then you need to implement all features Feels over-engineered Could be simpler.

Discussing Layer 7 Reverse Proxy D=DOS Mitigation (Security Now Video by Steve Gibson )

Google Chrome and Firefox to Join Apple’s Safari in One Year Certificate Validity (My opinion)