Biography

Have been working as a software developer for more than 8 years in various roles, and many different businesses, and feels home with the web platform and service oriented environments.

Worked in Microsoft in multiple teams including Microsoft AdCenter, Windows Azure Active Directory.

Currently working as Sr. Software Engineer in Microsoft in Redmond, WA, USA

About The Broadcast

Weekly Podcast discussing the Egyptian IT industry, and various other technology related topics.

The show is a technical show that is talking about programming & software development, and how to adopt best practices and share experiences between the Egyptian developers community members

Latest Youtube Video

RSS

RSS Blog Feed

  • EP51 - Software Craftsmanship

    April 12, 2017

    من هو المبرمج الصنايعي من هو المبرمج المهندس الموضوع مش بالشهادات سؤال الفرق بين المبرمج والمهندس الألقاب تأثير الثانوية العامة علي ترتيب الوظائف في البرمجة المهندس الكويس مش شرط يكون حرفي كويس علاقة المهن في البرمجة بالوظائف الإدراية سؤال "أنا ما أعرفش أي حاجة، وعايز أدخل المجال" سواء أخدت شهادة أو ما أخدتش شهادة، إيه هي الحاجات اللي المفروض أتعلمها؟

  • AskDeveloper Podcast - 50 - Content Distribution

    April 06, 2017

    - Follow up on Encryption episode (Google blocking Symantec certs)○ Sep 2015 incident (Thawte issuing a goolge.com cert without authorization. Attributed to employee error and resolved by termination § Oct 2015 Symantec disclosed 23 test certs issued without owners knowledge, more certs uncovered by Certificate Transparency logs, symantec extended the audit and found additional 164 certs, and 2458 certs issued for domains never registered https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html § Jan 19 2017, Mozilla reported more misuse https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/fyJ3EK2YOP8/yvjS5leYCAAJ § Mar 23, 2017, google posts a report of 30,000 bad certs from symantec, proposing a gradual plan to distrust symantec till actions taken to ensure trust https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs%5B1-25%5D Extended validation vs. Domain validation certs (mostly technically identical -EV may use stronger enc- but different registration process with different UX presented by browsers -green bar-) • How the Television age reflected a scarcity of communication channels. • How the Internet created an abundance of communication channels. • Creators and audience choose platforms based on cost, ease of use and unified user experience, not because “that’s where everybody is”. • Once made a choice, users don’t switch to another similar platform even if it’s marginally better. • Vimeo vs YouTube. Google+ vs Facebook. • Control of personal data or openness isn’t a deciding factor for most users. • User data and attention is the main product for content distributors. • The software offered by content distributors is fairly simple. • Most of the engineering effort of these companies is going in scaling for a billion users and into mining the data provided by those users. • The main components of content distribution: • Producing content • Serving content • Consuming content • Rating • Comments and discussion • Reviewing • Discovery, subscription, and notification • Saving, bookmarking, and organizing Ads

  • AskDeveloper Podcast - 49 - Cryptography - Part 3 - Digital Signaures and Protocols

    March 18, 2017

    ○ Digital Signatures § Goal: verify Authenticity of a message. § Based on Asymmetric Cryptography. § Basic operations 1. Public / Private keys generation (using some algorithm like RSA) 2. Signing algorithm using the private key 3. Signature verification algorithm using the corresponding public key i. Extending previous Example • Steps (Order is very important, bold stuff is the difference added to authenticate sender) ® Party 1 (Alice) 1. Generates a random AES Session Key (32 bytes / 256 bits) 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits) 3. Encrypt the message to be sent using the AES Session Key & IV 4. Calculate an HMAC of the encrypted message using the AES Session key 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient. 6. Calculate Signature using the private signing key on the HMAC 7. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, HMAC, and Signature) to Bob® Party 2 (Bob) 1. Decrypts Session key using his Private Key 2. Recalculates the HMAC of the encrypted message (Validates message integrity) } If HMAC check pass – Verify digital signature using Alice Public Key w If signature verification pass w Decrypts the message using the decrypted AES Session Key and Initialization Vector w Otherwise, identity of the sender couldn't not be verified, reject message. } Otherwise, rejects the message because of integrity check failure. • Why Order matters? ® Timing Side-Channel Attacks ® Padding-Oracle Attack ○ Protocols § TLS/SSL • How TLS/SSL Works? • Mitigates against ® Man in the Middle Attacks ® Authentication, so the client can be sure it is talking to the correct destination. § Public Key Infrastructure (PKI) • Certificates aka X.509 Certificate (Sha-1 Signature Issues) ® A digitally signed file ® Identifies (Computer / User / Device) ® Has Public & Private Key, only the certificate owner has the Private Key.® Has Expiration date ® Information about the CA that issued the cert ® X.509 Extension Attributes (like Usage attribute) ® Revocation Information. • Certificate Authority (CA) (CNNIC, WoSign) ® Issues, signs and manages certificates. ® Famous certificate authorities (Verisign, GoDaddy, … etc). • Trust Chains ® CA's can delegate the signing job to subordinate CA's ◊ Root CA's signs an intermediate signing certificate to the subordinate CA ® The subordinate CA can then issue certificates ® To validate a certificate, the client validates the signatures of all the intermediate stages and make sure all of them are linked to a Trusted CA • Certificate Revocation Lists (CRL's) ® When a certificate is compromised (Private Key leaked) it will be published on the CRL, so each time the cert is validated, the CRL list is checked in case cert is revoked. 3. Takeaways 4. Books a. Understanding Cryptography: A Textbook for Students and Practitionershttps://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000 Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe