The Backend Engineering Show with Hussein Nasser

Tor or (The Onion Router) is a free and open source project for allowing anonymous communication. In this video I want to discuss this technology and explain how it works. What can sniffers really see? Why Tor? Why don’t we just use a VPN? How Tor Works? More about Tor So if you are interested stay tuned. Cards: 6:00 TLS 10:53 symmetric key encryption TimeCodes: Normal Request 1:30 What sniffers see 4:30 Why Tor and not VPN? 6:00 How Tor Works 8:50 More tor info 21:00 Tor Directory Relay node Exit node Guard node

Apache Kafka is a distributed stream processing software developed by LinkedIn and written in Scala and Java. In this video I want to focus on the basics on Kafka, talk about how it works give finally spin up a kafka cluster and write a producer and a consumer. Kafka Components _ producer _consumer _topic _partition How Kafka works Example ( Ride sharing ) Spin Kafka cluster Write a producer Write a consumer Kafka Applications Pros and Cons

Tom Scott Full Video https://youtu.be/WVDQEoe6ZWY Tom Scott is a YouTuber with around 2M subscribers who discusses and specialized in computer security. I always enjoy his videos specially those on computerphile. He recently made a very interesting video titled This video is sponsor by —- We all probably know this is a reaction video to NordVPN Hack. He is really smart and not just because of his accent I wanted to make a video to elaborate on some of the statements that Tom made in his video and how that actually work. Cards 5:30 TLS https://www.youtube.com/watch?v=AlE5X1NlHgg 12:24 TLS Termination https://www.youtube.com/watch?v=H0bkLsUe3no Forged certificate https://slate.com/technology/2016/12/how-the-2011-hack-of-diginotar-changed-the-internets-infrastructure.html

RabbitMQ RabbitMQ is an open source distributed message queue written in Erlang and supports many communication protocols. It was trying to solve the spaghetti 🍝 mesh architecture where every client is communicating with other client in System by introducing an extra layer in the middle. (slide) In this video we will explain basic components of RabbitMQ Such as AMQP, channel, queue, publisher, consumer and some stuff, we will also learn how to spin up a RabbitMQ server and we will finally write some code to develop a publisher client that post messages to RabbitMQ. We will also write the consumer piece which will be the code that reads rabbitMQ. Finally I will talk about my personal thoughts on this tech. RabbitMQ Components(slide) *Publisher *Consumer *Connection *Channel *Queue Spin RabbitMQ server with Docker Write a Publisher client NodeJs Write a Consumer client Nodejs My Thoughts about this tech Summary timecodes components 2:00 spin up docker rabbit 8:30 Write a Publisher client NodeJs 11:00 Write a consumer client NodeJs 20:30 my thoughts 33:50 Source Code: https://github.com/hnasr/javascript_playground/tree/master/rabbitmq Example Schedule async job Exchange Queues Publisher Consumer AMQP Channel Connection HTTP AMQP Uses Channels and Queues Multiples channels into one connections docker run --name rabbitmq -p 5672:5672 -d rabbitmq docker run --name rabbitmq -p 5672:5672 -p 15672:15672 -d rabbitmq:3-management HTTP fetch("http://localhost:15672/api/vhosts”, {headers: {"Authorization" : `Basic ${btoa('guest:guest')}`}}).then(a=>a.json()).then(console.log) fetch("http://localhost:15672/api/channels", {headers: {"Authorization" : `Basic ${btoa('guest:guest')}`}}).then(a=>a.json()).then(console.log) fetch("http://localhost:15672/api/queues", {headers: {"Authorization" : `Basic ${btoa('guest:guest')}`}}).then(a=>a.json()).then(console.log) https://www.squaremobius.net/amqp.node/channel_api.html#channel_bindExchange https://www.rabbitmq.com/tutorials/tutorial-three-javascript.html

Redis is a noSQL key-value store, in memory database first that exploded in popularity in the past few years. In this video slash course, we will explain what Redis is, talk about the in-memory model, the optional durability, replication, clustering publish subscribe and the protocol and finally we will go through examples. During the video I will add time codes to each topic so you guys can jump to the topic that interests you the most.    Table of Content and TimeCodes  Redis as a NoSQL In Memory Key-Value store 3:49Optional Durability 10:00Transport Protocol 15:10Pub/Sub 18:24Replication and Clustering 20:40Examples 23:41Spin Docker 26:10Command CLI 28:50Set key 30:30  get key 31:00Set key with expiry 31:10exists key 32:00del 32:30  append key 32:50  publish subscribe 33:30   Commands  Docker run --name redis -p 6379:6379 redis docker exec -it rdb redis-cli    Cards 4:25 ACID!     Support me on PayPal  https://bit.ly/33ENps4  Become A Patron https://www.patreon.com/join/hnasr?

GraphQL Pros and Cons, examples and when to use over REST GraphQL is an open source query language developed by facebook that allows clients to formulate queries to get different results. Its main goal is to combine multiple services into one endpoint. In this video we will discuss what is GraphQL, why facebook developed it, go through some examples using github GraphQL API, finally we will discuss the pros and cons and when you should use this technology. What is GraphQL? Examples Pros and Cons when to use REST vs GRAPHQL What is GraphQL Schema Query language Nesting Mutation and subscription Examples Schema intro Github API Rest api Pros Flexibility efficient response : payload back only get what you want of fields since you know the schema No round trips- Avoiding multiple round trips (HATEOS REST) Uniform single interface API endpoint Self documenting Cons Complexity Typed system - ( use it to know if a type is available or not and fork logic) slows down adoption.. same as soap No Caching etag since always POST Error management non-standard for HTTP. Over engineering can lead to Inefficiency of the joins can lead to performance and DOS

Consistency vs Eventual Consistency Consistency is the property of having expected result in view of the data or during reads while working with a database system. It is one of the ACID properties in relational databases. Eventual consistency is another term that was born recently specifcally as NOSQL databases got emerged. In this video we will talk discuss the difference the different kind of consistencies and we will explain what Eventual consistency and how both relational databases and NO SQL databases have this kind of consistency with some examples. Cache Leader Following Consistency in Data Your data broken into multiple normalized tables/collections is consistent. Consistency in Reads If you write a value new transactions will pick up that new value. If you do not have consistency in data you do not have eventual consistency, your data will not magically correct itself. If you have do not have consistency in reads you might have eventual consistency, you reads might eventually become consistent. Eventual Consistency means that your reads will become consistent as time pass time. This is true for both NOSQL and relational database system especially if you have leader/follower module. In this video we will talk about an example of eventual consistency and this is tolerable when it’s not. Eventually Consistency Benefits Twitter timeline (Eventual Consistency is good) Let’s say you tweeted something and you have a follower in Spain and a follower on New Zealand 🇳🇿 furthest two countries on Earth. Your Spain follower might see your tweet before your New Zealand one does. This depends on which datacenter your write goes to first. That eventual consistency is tolerable and its ok if New Zealand don’t see your tweets. Benefits Write scales much better, you can write to different locations and have them synced. Add more machine to scale to more and more users. Twitter privacy example (Eventual Consistency is bad) However take this scenario, you are Taylor Swift (Taylor swift wishes) a celebrity with 85 million followers. You tweeted something that you regretted later and decided to delete that tweet! That tweet better be deleted instantly to all your 85 million follows. Eventual consistency is not tolerable here otherwise people lose faith of the system. Well, you can always say well I’m gonna take a screenshot of Taylor Swift tweet. To which I would say I’ll give you another example, let’s say you changed your privacy setting to private and you tweeted something right after, that change should be immediately take effect and NO public user should see that tweet unless they are obviously in your followers. Problems: Users lose faith in the system. Cards 4:30 ACID https://www.youtube.com/watch?v=pomxJOFVcQs

ACID ACID are four properties of relational database, they Atomocity, consistency, isolation and durability, and I think any one working with a relational database like postgres, mysql, sqlserver oracle, should understand these properties. In this video we will go through the four properties and explain why each is critical to make a relational database we will also talk about why some people are moving to  NOSQL database Atomicity  All or none. if a failure happened during transaction, db failure, or one of the queries failed.  Example Isolation Concurrency, is transaction isolated from other inflight transactions? if a transaction is in flight does it see changes from other inflight transactions? Does is it see any changes? Does it only see committed changes. Does leading to inconsistent results.  Problems arising from isolation (read phenomenons)  dirty reads Non repeatable reads Phantom reads  Isolation levels Read uncommitted Read committed  Repeatable read  Serializable  Durability When I commit a transaction does my changes stay durable after the database restarts/crashes etc.  See if your data still there.  Consistency Consistency from referential integrity keys  Does the number of likes on a picture = the number of rows that the picture got on another table? If a delete a picture does all the likes of that pictures go away on the other table. Consistency in reads  If I committed something does everybody see it immediately or are they going to get an old value? Consistency in concurrency Is the view of a transaction in flight consistent? Are other inflight transactions making changes to the database affects that transaction view? Jump Codes 2:00 What is a Transaction? 4:30 Atomicity  7:00 Isolation * 9:30 Isolation - Read phenomena * 11:40 Dirty Reads 14:40 Non-repeatable Read 17:00 Phantom read 18:53 Isolation Levels*2 19:20 Read uncommitted 19:55 Read committed 21:05 Non-repeatable Read 23:40 Serializability  25:00 Isolation Levels vs Read phenomena Table 27:45 Consistency  28:30 Consistency in Data 33:50 Consistency in Reads 35:00 Eventual Consistency  40:30 Durability  Cards 27:40 Exclusive lock vs shared lock

  REST stands for Representational state transfer its is an architecture that became very popular in build web APIs. It was the dissertation of Roy Fielding. In this video we discuss what makes an API RESTFUL, the REST APIs constrains, ill the show you an example of a RESTFUL api in github.  Representation and State transfer  Representational  The resource is a representation or meta data, but the actual backend could be something else and stored differently. An  Example, could be a user resource could be represented as a JSON object but it is stored on the backend as relation DBMS tables such as postgres.  State transfer The application server is stateless, and when we want communicate we transfer the current state of with each request. Thus the state transfer.   Example, lets say you are uploading a 5MB file in 5 chunks each is 1 MB in size and assemble it on the backend. The REST api end point takes the content along with a upload sequence, then persist it on a storage backend such as S3. Each chunk request could hit a completely different stateless server and the transfer will work fine since we are transferring the state (upload sequence) with every request. The client maintains the state in this case.  Rest constraints Client/server architecture Is there separation of concern? Can you upgrade your server without upgrading client? Can you upgrade the server without upgrading the client?  Statelessness Is your api stateless? Can you restart your backend server and clients of your api resume working normally without failing? Can you add a non sticky load balancer and transfer the load between the servers without the client breaking? Cachablity  Can resources that can be cached be cached with your api? And is there a way to identify stale resources?  Layered systems Can I insert gateways and proxies and firewalls silently without this architecture breaking? Load balancers  Uniform interface Resource identification (uri)  Resource Representation (json)  HATEOAS Hypermedia as an engine to application state Initial link can link to the rest ( github)  Github  Emojis 

A proxy is a software that intercepts traffic and forward it to the destination on behave of the client. This extra layer provide several advantages such as caching, load balancing, content filtering and much more. Some implementations of proxy can be used by governments to spy on its citizens. We made a video about proxy vs reverse proxy check it out if you want to learn more about the difference. In this video we will explain the different types of HTTP proxies and the benefits and use cases of using each coming up.  Transparent proxy (gateway)  HTTP insecure proxy Service Mesh Proxy Transparent proxy It is mostly used by the ISPs, clients don’t know they are connected to transparent proxy. The way it works is it looks at TCP/IP layer 4/3 and forward it to the destination, it might do some content filtering based on the IP address or the port so it blocks certain sites. But thats pretty much it. transparent proxy cannot know which pages are you viewing or your what youtube videos are you watching. It can block you from watching youtube all together but it cannot block you from watching lets say a specific youtube channel that is critical of the government ISP is located at.  Transparent proxy doesn’t change the content.  HTTP Proxy (insecure)  This kind of proxy is used alot, especially in service meshes like linkerd. This kind of proxy have to be configured in the client to use it. Each request will always be targeted to the proxy IP address / port. So when want to make a GET request to husseinnasser.com, and you have a proxy configured, when you look at the TCP packet for that request the destination IP and port is those of the proxy. The proxy looks at the GET request and specifically the HOST header and establishes another TCP connection to the actual destination on husseinnasser.com. So this kind of proxy maintains two tcp connections. Client to proxy and proxy to destination. The proxy have access to the content, it can block the website. It can know what exact page you are viewing. It knows everything because HTTP is insecure. Assuming youtube uses just HTTP, if you have a proxy setup it can block a specific channel or even video from being viewed. 1:05 proxy vs reverse proxy https://www.youtube.com/watch?v=ozhe__GdWC8 2:50 TLS https://www.youtube.com/watch?v=AlE5X1NlHgg Kazakhstan government is now intercepting all HTTPS traffic https://www.zdnet.com/article/kazakhstan-government-is-now-intercepting-all-https-traffic/