The Backend Engineering Show with Hussein Nasser

  Bandwidth explained from software engineer point of view Bandwidth is measured by how many bits a device is allowed to send/receive in a second. It ranges from your internal network starting from network card all the way to your ISP Internet speed. In this video we will discuss the definition of bandwidth upload vs download speed, the different usage patterns for normal web browsing, streaming, gaming, media production and cloud web servers etc and finally we will show an example of the whole thing. When your ISP gives you 80Mbs download/1Mbs upload bandwidth, this means 80 mega bits download which means your router (and all your devices) can receive (download) a total of 80 mega bits in a second at a time, and it can send (upload) 1 mega bit in a second. With your ISP can you pick and choose your plan that fits your usage. Usage patterns Web Browsing Most people download far more than they upload. So the download bandwidth matter more than upload bandwidth. For simple web browsing the download incoming traffic is slightly larger than the outgoing one. You make a GET request to pull index.html, you get back the html content. Yeah there are some images but still not much of incoming.  Streaming Think about it when you watch a movie in Netflix you make a small request usually in few hundred bytes. But the data you receive (download) is huge. So streaming is constant large incoming data. While still outgoing traffic is minimum. Gaming The bandwidth for gamers is really interesting specially who play online and it really depends on the game. a game might use the server authoritative model, where all the online players send their inputs and receive the final game state changes from the server. In that case the there is a constant upload, still minor but the download bandwidth is larger since state is usually bigger. Games can also use the lock state model or the client authoritative model, where all the clients send their inputs the server and the server just send back all the input from all players back to everyone so everyone calculate the game state locally. So in this efficient model, both the upload and download is quite small and its good for countries with low bandwidth.  Some games require cloud saving which means upload speed is recommended.  In general latency is much better in gaming. Media production  Youtuber and you make 5 videos a day so you need to upload alot of data to the youtube server. So upload speed really matter, and download also matter because you will also consume alot. Web servers Netflix (which is hosted in amazon) they upload data far more than they download. So their upload bandwidth is more than their download bandwidth. All those movies and tv shows pushed to consumers. Example Assume you have bandwidth of 80mb/s download speed (which is 10 Mega bytes per second) and 1mb/s upload (which is 125 KB per second). You are connected to a web server which has 80Gb/s upload and 80Gb/s download bandwidth, which is 10Gigabyte per second. Lets say you want to download a 60GB file or movie (no streaming). It will take the server 6 seconds to upload that file however it will take you 1.7 hours to download it. Your ISP That is not entirely true though for TCP, which implement congestion control. UDP does not implement congestion control. 

  Denial of Service attacks Dos attacks (denial of service) are type of attack on a server to prevent users from consuming a particular service, usually this is an HTTP web server. This could happen by either saturating the bandwidth of the pipe going to the server or by bringing the server down to its knees so it stops taking requests all together. In this video we will learn about 3 different types of DOS attacks and explain each one by example.  Bandwidth based DOS 2:15 Dos Sending Huge amount of data to a server with lower bandwidth from a client with higher bandwidth which ends up saturating the server pipe and queue up future requests, new requests will have to wait or perhaps denied service. Example, the attacker have 100mb/s bandwidth (upload) the server has 10Mb/s download. If the attacker starts sending 100 mb worth of data to the server, it will take it 1 second to leave the pipe. However, The server can only download 10 mb each second for processing because thats its bandwidth, so it needs 10 seconds to completely download that 100mb and process. In this 10 seconds the server is fully busy serving just 1 client. Other requests will not be able to even reach the server, they might get queued and they may never be executed. Thus denied service. It is important to know that the server must have an end point that actually accept such large data. Like upload file with no limit. Another example, is UDP where there is no connection.  Ddos this previous scenario is less likely since servers usually has much more bandwidth than a single computer. A common attack is to do a DOS in distributed manner. Assume a server with 1 Gb and client with 10 mb/s no matter how much data the client can send it can only send 10mb per second, and the server can go through them real quick. Example, the client sends 1GB, it will leave the client’s pipe into 100 (10mb) means the client will take 100 seconds just to upload all the data because it can only sends 10 mb each seconds. And the server is processing it so fast it each second and it will still have enough bandwidth to process other requests(1000-10). But imagine 100 users with 10 mb connection each, all coordinate to send 1 Gb worth of data to the server at the same time (critical that its in the same time) 100x10 each second they can send 1 Gb in total to the server, the server can only process 1 GB per second so the server will not be able to process any other requests because its bandwidth is saturated processing this 1 GB from different place. Make it 200 users and you just clogged the pipe.    Max connections based DOS 10:13 Another type of denial of service attack is by somehow force the server to reach its max connections. The web server usually sets a maximum number of tcp connections so that it doesn’t run out of memory. an attacker can perform a DOS attack to force the server to reach its max connection. once it does, it wont accept any more connections thus deny service of future requests. However it is not easy, web servers have good preventive measures to minimize unnecessary tcp connections. So you cannot just establish a connection and ghost the server. This isn’t your ex boyfriend. Server has good timeouts for connections that are idle, terminated or potentially harmful. However one possible attack is to establish a connection but send the data slowly so when the server tries to timeout it immediately reset the timeout and keep the connection alive! Assuming the max tcp connection is 200, Run your script 200 times and you just created 200 connections to the server so no new connection can connect.    Vulnerability based DOS 16:30 

 TCP and UDP are communication protocols that allows us to send and receive data in a network. We have both for a reason since each has its advantages and disadvantages. In this video we will talk about two protocols, pros and cons of each one and will write tcp and udp server with nodejs showing you these in ACTION. coming up Code!  https://github.com/hnasr/javascript_playground/tree/master/tcp Jump Codes 🏷  tcp pros cons(4:12) Tcp demo (19:00) Udp pros cons (24:25) Udp demo (31:25) Summary (35:40) Explain TCP  Pros:  acknolwedgment,  garenteed delivery,  connection based congestion control ordered packets  Cons Larger packets More bandwidth since more headers.  Slower (because of retransmission)  stateful once connection is lost its lost, cannot resume it.   TCP Example (Code) telnet 127.0.0.1 8080 Explain UDP Pros Statless,  Less bandwidth  smaller packets Faster to transmit  Cons no ack,  no garenteed delivery,  no congestion control no ordered packets  UDP client echo "foo" | nc -w1 -u 127.0.0.1 41234 2:24 osi model tag  14:20 stateful. S stateless video 

  Get and POST are the most popular http methods used on the web. Each carries its own differences and properties. It can confusing to get to choose when to use POST over GET. In this podcast we will explain the differences, use cases and the benefits of using GET and POST. 

Microservices (Explained by Example) Microservices technology is a new pattern of software engineering that has been popularized recently. In this video we will explain what microservices are, their pros and cons by example.  A lot of companies have moved in the early 2010 such as twitter and netflex to the microservices architecture.  Microservices technology is a pattern where you can break down big application into smaller services and what previously is a function call is now a network call GET or POST through HTTP. In order to explain what microservices are, we need to explain how a traditional classical application looks like. Here is an example .. Instagram   View Picture, list comments, likes and Picture and Location.  Picture Likes Comments Picture API (Thumbnails)  Likes API  Comments API Most popular comments Pros: Polyglot architecture  Easy scaling for microservices that needs scaling.  Better Team management, each microservice is a team Easier to innovate certain areas. Each microservice can pick their own database  Scale busy services instead of entire system  Cons: Very complicated to implement, network call, service discovery  Very Difficult to debug Hard to find where the fault is  Network calls fails adds complexity. 5:00 6:50 proxy vs reverse

Attribute Rules are scripts that can be authored and placed in the geodatabase to ensure data integrity lets discuss them. 

In this episode we will talk about the difference between public ip and private ip address and casually talk about routers, modems, LAN,  WAN and port forwarding. 

Join me in the upcoming Esri dev summit! Ill be presenting attribute rules and the utility network.

It is a long weekend with the president day on Monday. Which means it is another good opportunity to create more art. Whether that is a new ArcGIS pro Add-in or a new map, a painting, a new piece of poetry or music. This also means more chances to get discovered, which means more chances to get criticized. I get criticized all the time now that I have bigger exposure and this is our topic for this podcast coming up,

This is originally a video that I converted into a podcast I think it is still useful  https://www.youtube.com/watch?v=8D1NAezC-Dk Notifications have become part of our daily life. We receive them almost every minute on our phones, tablets, and computers. As software engineers, it is good to understand how notifications work, and what different type of notifications there are (push and pull notifications), the advantages and disadvantages of each.    In this video I'll explain how the push notification and pull notification works and the stateful vs stateless nature of each and how it affects the architecture decision of our application that we are building.    Online diagram tool used in this video:  Http://www.gliffy.com   Become a better software engineer by joining IGeometry checkout the other software engineering content on this channel   -Hussein