Ask Developer

- Quick history ○ Distance learning ○ Open educational resource movement ○ MOOC coined in 2008 by Dave Cormier ○ Khan Academy, P2PU, and Udemy ○ Udemy has tools for pros to create courses and publish (also attracting corporate trainers to create courses for enterprises) ○ Udacity growing out of Stanford CS courses by Sebastian Thrun ○ Coursera growing out of Stanford's Andrew Ng and Daphne Koller ○ MITx launched by MIT in response to commercialization of MOOC, then joined by Harvard and renamed edX - Cost ○ Content is free ○ edX offers certificate for 100$ for most courses ○ Coursera have some quizzes and grading exercises only for paying students ○ Udacity has nano-degrees with projects reviewed only for paying students - Interdisciplinary learning ○ Importance ○ Examples - For credit leaning ○ Georgia Tech masters 2013 with Udacity ○ edX have MicroMasters which offers for credit courses and earn 25% credit of on campus masters § RIT cybersecurity § University of Pennsylvania Robotics § British Columbia Software Development § Boston University Digital Leadership § MIT Supply Chain Management § University System of Maryland Cloud Computing § Columbia Business Analytics, AI § San Diego Data Science § Michigan UX Research and Design § Others ○ Coursera masters with § Illinois MBA, Accounting and CS (Data Science) HEC (innovation and entrepreneurship) بعض الروابط التي ذكرت في الحلقة كورسات كلية الحاسبات و المعلومات جامعة حلوان https://www.youtube.com/user/FCIHOCW Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

من هو المبرمج الصنايعي من هو المبرمج المهندس الموضوع مش بالشهادات سؤال الفرق بين المبرمج والمهندس الألقاب تأثير الثانوية العامة علي ترتيب الوظائف في البرمجة المهندس الكويس مش شرط يكون حرفي كويس علاقة المهن في البرمجة بالوظائف الإدراية سؤال "أنا ما أعرفش أي حاجة، وعايز أدخل المجال" سواء أخدت شهادة أو ما أخدتش شهادة، إيه هي الحاجات اللي المفروض أتعلمها؟

- Follow up on Encryption episode (Google blocking Symantec certs) ○ Sep 2015 incident (Thawte issuing a goolge.com cert without authorization. Attributed to employee error and resolved by termination § Oct 2015 Symantec disclosed 23 test certs issued without owners knowledge, more certs uncovered by Certificate Transparency logs, symantec extended the audit and found additional 164 certs, and 2458 certs issued for domains never registered https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html § Jan 19 2017, Mozilla reported more misuse https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/fyJ3EK2YOP8/yvjS5leYCAAJ § Mar 23, 2017, google posts a report of 30,000 bad certs from symantec, proposing a gradual plan to distrust symantec till actions taken to ensure trust https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs%5B1-25%5D Extended validation vs. Domain validation certs (mostly technically identical -EV may use stronger enc- but different registration process with different UX presented by browsers -green bar-) • How the Television age reflected a scarcity of communication channels. • How the Internet created an abundance of communication channels. • Creators and audience choose platforms based on cost, ease of use and unified user experience, not because “that’s where everybody is”. • Once made a choice, users don’t switch to another similar platform even if it’s marginally better. • Vimeo vs YouTube. Google+ vs Facebook. • Control of personal data or openness isn’t a deciding factor for most users. • User data and attention is the main product for content distributors. • The software offered by content distributors is fairly simple. • Most of the engineering effort of these companies is going in scaling for a billion users and into mining the data provided by those users. • The main components of content distribution: • Producing content • Serving content • Consuming content • Rating • Comments and discussion • Reviewing • Discovery, subscription, and notification • Saving, bookmarking, and organizing Ads

○ Digital Signatures § Goal: verify Authenticity of a message. § Based on Asymmetric Cryptography. § Basic operations 1. Public / Private keys generation (using some algorithm like RSA) 2. Signing algorithm using the private key 3. Signature verification algorithm using the corresponding public key i. Extending previous Example • Steps (Order is very important, bold stuff is the difference added to authenticate sender) ® Party 1 (Alice) 1. Generates a random AES Session Key (32 bytes / 256 bits) 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits) 3. Encrypt the message to be sent using the AES Session Key & IV 4. Calculate an HMAC of the encrypted message using the AES Session key 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient. 6. Calculate Signature using the private signing key on the HMAC 7. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, HMAC, and Signature) to Bob ® Party 2 (Bob) 1. Decrypts Session key using his Private Key 2. Recalculates the HMAC of the encrypted message (Validates message integrity) } If HMAC check pass – Verify digital signature using Alice Public Key w If signature verification pass w Decrypts the message using the decrypted AES Session Key and Initialization Vector w Otherwise, identity of the sender couldn't not be verified, reject message. } Otherwise, rejects the message because of integrity check failure. • Why Order matters? ® Timing Side-Channel Attacks ® Padding-Oracle Attack ○ Protocols § TLS/SSL • How TLS/SSL Works? • Mitigates against ® Man in the Middle Attacks ® Authentication, so the client can be sure it is talking to the correct destination. § Public Key Infrastructure (PKI) • Certificates aka X.509 Certificate (Sha-1 Signature Issues) ® A digitally signed file ® Identifies (Computer / User / Device) ® Has Public & Private Key, only the certificate owner has the Private Key. ® Has Expiration date ® Information about the CA that issued the cert ® X.509 Extension Attributes (like Usage attribute) ® Revocation Information. • Certificate Authority (CA) (CNNIC, WoSign) ® Issues, signs and manages certificates. ® Famous certificate authorities (Verisign, GoDaddy, … etc). • Trust Chains ® CA's can delegate the signing job to subordinate CA's ◊ Root CA's signs an intermediate signing certificate to the subordinate CA ® The subordinate CA can then issue certificates ® To validate a certificate, the client validates the signatures of all the intermediate stages and make sure all of them are linked to a Trusted CA • Certificate Revocation Lists (CRL's) ® When a certificate is compromised (Private Key leaked) it will be published on the CRL, so each time the cert is validated, the CRL list is checked in case cert is revoked. 3. Takeaways 4. Books a. Understanding Cryptography: A Textbook for Students and Practitionershttps://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000 Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

هل الطريقة الحالية لتقييم المطورين بالتركيز على أسئلة الخوارزميات هي الطريقة المثلى؟ روابط ذكرت في اللقاء DHH (The author of Ruby on Rails) https://twitter.com/dhh/status/834146806594433025?lang=en https://github.com/tmcw/presentations/blob/gh-pages/advice-to-the-graduate/index.md http://www.yegor256.com/2017/02/21/say-no-to-google-recruiters.html قائمة مجمعة بالشركات التي تعتمد طرق اخرى في تقييم المبرمجين https://github.com/poteto/hiring-without-whiteboards Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

الحلقة السابقة https://soundcloud.com/askdeveloper/ep46-askdeveloper-podcast-cryptography-part-1-introduction-and-hashing ○ Encryption (Two Ways) § Symmetric Encryption □ Same key both encrypts and decrypts the data. □ Very fast, yet exchanging key is tricky □ Very Algorithmic □ Examples ® DES Data Encryption Standard (BROKEN) ◊ Uses key of 56 bit length ® Triple DES (3DES) ◊ Uses three keys (or two unique keys) of 56 bit each ® AES Advanced Encryption Standard ◊ Uses keys of 128, 192 or 256 bits long □ Attacks ® Brute force ◊ Usually mitigated via increasing key length, as difficulty increases exponentially as key size increases, for example time to crack given a modern super computer. Key Size Time To Crack 56 bits 399 seconds 128 bits 1.02 * 1018 years 192 bits 1.87 * 1037 years 256 bits 3.31 * 1056 years ◊ Side-Channel Attacks § Asymmetric Encryption □ Key pairs have mathematical relationship □ Each one can decrypt messages encrypted by the other. □ Slow, but exchanging key is trivial □ Very Mathematical □ Anyone can know the Public Key ® The Public key can only be used to encrypt data □ The Private key is kept secret, and never leaves the recipient's side. ® The Private key can only be used to decrypt data □ Examples ® RSA (Rivest, Shamir and Adelman) ® The de-facto standard in the industry ® Public and Private keys are based on large Prime Numbers § Hybrid Encryption □ Uses both Symmetric and Asymmetric encryption at the same time. □ Goals: ® Use the performance of Symmetric Crypto ® Convenience of sharing keys using Asymmetric Crypto ® HMAC for authentication. □ Steps: (Order is very important) ® Party 1 (Alice) 1. Generates a random AES Session Key (32 bytes / 256 bits) 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits) 3. Encrypt the message to be sent using the AES Session Key & IV 4. Calculate an HMAC of the encrypted message using the AES Session key 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient. 6. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, and HMAC) to Bob ® Party 2 (Bob) 1. Decrypts Session key using his Private Key 2. Recalculates the HMAC of the encrypted message (Validates message integrity) } If HMAC check pass – Decrypts the message using the decrypted AES Session Key and Initialization Vector } Otherwise, rejects the message because of integrity check failure. Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

Information Security 1. Introduction ○ Security by obscurity § Steganography □ Hiding data inside another form of data, like using non-used bits in image to hide a message § Cool, but not practical. § Disadvantages ◊ Algorithm secrecy vs. key secrecy ○ Cryptography is everywhere and yet if done right, you can barely see it. ○ Goals: § Confidentiality □ Secrets stay secret. § Integrity □ Data is not tampered with. § Non-Repudiation □ No party can deny sending messages. § Authentication □ Each party can ensure that the sender is what they expect. ○ Cryptography § Hashing § Encryption § Signing § Protocols ○ Random Number Generators § Extremely important, almost all encryption/hashing strength is affected by how random the random number generator is. § Don't use simple random number, use a cryptographic random number generator with a sophisticated source of entropy. § Pseudorandom number generator § Dual_EC_DRBG random generator backdoor 2. Body ○ Hashing (one Way) § Properties □ Fixed length output no matter what size the input was □ Very easy to compute the hash of a given message, however very hard to compute from a hash the corresponding input. □ Mathematically infeasible to generate a message that has a given hash □ Any modification to a message produces a completely different hash that has no relationship to the original message's hash. □ It is mathematically infeasible to find two messages with the same hash. Hash Collision § Hashing Functions □ Provides data integrity, however lacks authentication □ Examples ® MD5 ◊ Considered Insecure ® Secure Hash Family SHA-X, Sha-1, Sha-2 [Sha256, Sha512], Sha-3 ◊ Sha-1 is considered insecure. ◊ Sha-1, Sha-2 designed by NSA ◊ Sha-3 is not designed by NSA, Competition winner. □ Attacks ® Brute force ◊ CPU's are getting faster and cheaper every day. ◊ GPU's are getting faster and cheaper every day. ◊ Special Hash calculating hardware is becoming more available especially with the BitCoin push. ® Rainbow table attacks ◊ Pre-Calculated tables where you can reverse lookup a hash to a value ◊ Try www.crackstation.net § Hash Message Authentication Codes (HMAC) □ Adds authentication to integrity □ Can be used with all previous algorithms, HMACMD5, HMACShA1, HMAC256 … etc. § Salted Hash □ Adds random salt to mitigate rainbow table □ Salts are unique per record, and not a secret. § Password Based Key Derivation Function (PBKDF2) □ RSA Public Key Cryptographic Standard PKCS #5 Version 2.0 □ Internet Engineering Task Force RFC 2898 Specification ® Adds a lot of iterations to slow it just enough to mitigate brute force (default 50,000 iterations) ® Adds random salt to mitigate rainbow table □ Disadvantage: It can be easily implemented with hardware which makes it vulnerable to bruteforce even with high number of iterations § Bcrypt □ Password Hashing function □ State of the art password hashing § Usages □ Integrity Check Password Storage Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

• What's wrong with the world as it is today? ○ Gatekeepers and Walled Gardens ○ The Master Switch by Tim Wu ▪ Tim Wu is the one who coined the Net Neutrality term. ▪ This book tells the story of how every communication medium starts a revolution that upsets the order, then eventually it gets controlled. The same thing could happen to the Internet. • Bitcoin ○ Is this about money, or about technology ○ Is this about the technology or bitcoin, or the technology of distributed money. ○ How Bitcoin works. Video. ○ Bitcoin mining in plain English. • Blockchain ○ permissionless distributed database based on the bitcoin protocol that maintains a continuously growing list of data records hardened against tampering and revision, even by its operators. The initial and most widely known application of block chain technology is the public ledger of transactions for bitcoin, which has been the inspiration for similar implementations often known as altchains ○ Trustless transactions ○ Simple explanation of how Blockchain works. • Distributed hash tables ○ class of a decentralized distributed system that provides a lookup service similar to a hash table • Git ○ Git GPG Signature • BitTorrent • IPFS: Inter-Planetary File System ○ Intro to IPFS ○ IPFS: Why We Must Distribute the Web (Video) ○ How to Use IPFS to fix NPM ○ HTTP is obsolete. It's time for the distributed permanent web ▪ This page is actually served via IPFS It covers important points: how IPFS does mutable data, how it does human-readable URLs.

AskDeveloper Podcast - 44 - Yasser walked on MARS, and can't wait to talk about it, and coverage of Build 2016 اشترك في قناتنا على يوتيوب و تابعنا على فيسبوك http://fb.com/askdeveloper http://soundcloud.com/askdeveloper http://www.askdeveloper.com http://youtube.com/bashmohandes

الحلقة 43 من راديو اسأل مطور, في هذه الحلقة نناقش مشاكل احتفاظ الشركات التقنية بالبيانات الشخصية و استهداف الحكومات و الأجهزة الأمنية لها و نناقش بعض الأخبار التقنية التي حدثت و المتعلقة مثل مطالبة ال FBI لشركة Apple لكسر تشفير أحد أجهزة iPhone و الذي تم اصدار حكم محكمة لالزام الشركة بهذا و على اثره قام Tim Cook المدير التنفيذي للشركة باصدار خطاب مفتوح لمستخدمين التكنولوجيا. http://www.apple.com/customer-letter/ أيضاً تحدثنا عن موضوع Where is The Fair Use #WTFU و الذي اثير مؤخراً على يوتيوب http://amreldib.com/linkblog/WhereIsTheFairUse و أيضاً صدر العدد الثانية من Ask Developer LinkSheet يمكنك الحصول عليها هنا http://amreldib.com/linkblog/AskDeveloperLinksheet2SelfParking3DPrintedBuildings العدد الأول http://amreldib.com/linkblog/AskDeveloperLinksheet1LateAsAlways اشترك في قناتنا على يوتيوب و تابعنا على فيسبوك http://fb.com/askdeveloper http://soundcloud.com/askdeveloper http://www.askdeveloper.com http://youtube.com/bashmohandes

في هذا اللقاء نناقش موضوع المشروع المقترح لنقابة مهندسي البرمجيات, و الذي تم اقتراحه عده مرات من قبل بنماذج متفاوتة. آخر نسخة مقترحة معلنة من القانون - و التي تم تقديمها لمجلس الشعب في 2012 -  http://issuu.com/esea_pr/docs/egswengs4 تسجيل اللقاء بالفيديو https://www.youtube.com/watch?v=aMs0qKMiiEI Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

في هذه الحلقة نناقش موضوع ال VR / AR أو الواقع المعزز و الواقع الافتراضي و نتعرض لبعض المنتجات التي ظهرت أو في طريقها للظهور و الطفرة التي حدثت مؤخراً في هذا المجال. Oculus Rift, Hulu Lens, Project Morpheus (PlayStation VR) - Immersive technologies - VR history ○ Entex Adventure Vision (1982)https://en.wikipedia.org/wiki/Entex_Adventure_Vision ○ Nintendo Virtual Boy (1995)https://en.wikipedia.org/wiki/Virtual_Boy - Oculus ○ Samsung Gear VR - Cardboard - Hololens experience Show Notes Yasser goes to Redmond to visit Microsoft and gets a surprise demo of the new Hololens. A channel9 video, a tour in Microsoft museum https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-145-Living-Computer-Museum Video about Microsoft and Apple staff in NY https://www.youtube.com/watch?v=TMATD2qk564 Glen Keane - Disney artist using Oculus Rift https://www.youtube.com/watch?v=GSbkn6mCfXE Hololens and Volvo https://www.youtube.com/watch?v=DilzwF90vec Unity 3D http://unity3d.com/ Entex Adventure Vision (1982)https://en.wikipedia.org/wiki/Entex_Adventure_Vision Nintendo Virtual Boy (1995)https://en.wikipedia.org/wiki/Virtual_Boy Black Mirror https://en.wikipedia.org/wiki/Black_Mirror_%28TV_series%29 Ask Mohamed any question https://ask.fm/bashmohandes/ Amr's blog post: How to Ask a Question http://www.amreldib.com/blog/HowToAskAQuestion/ Hitchhiker's guide answer of life is 42 https://en.wikipedia.org/wiki/42_%28number%29#The_Hitchhiker.27s_Guide_to_the_Galaxy

Mostafa Ashour an Egyptian entrepreneur who started at least two different startups in Egypt in different types of software business like Gaming with Khayal Entertainment, also worked for multinational companies such as IBM and Microsoft, and recently he decided to write a book التجربة الخيالية - قصة انتاج أول لعبة كمبوتر في مصر مصر مفيهاش مينتورزhttp://www.mostafaashour.com/%D9%85%D8%B5%D8%B1-%D9%85%D8%A7%D9%81%D9%8A%D9%87%D8%A7%D8%B4-%D9%85%D9%86%D8%AA%D9%88%D8%B1%D8%B2/ Deconstructor of Fun http://www.deconstructoroffun.com/ إشتري نسخة رقمية من كتاب التجربة الخيالية https://kotobi.com/shop/ar/%D8%A7%D9%84%D8%AA%D8%AC%D8%B1%D8%A8%D8%A9-%D8%A7%D9%84%D8%AE%D9%8A%D8%A7%D9%84%D9%8A%D8%A9 Tryvin http://www.tryvin.com/ Boxmize http://boximize.com/ Mostafa Ashour https://twitter.com/mostafaashour

الحلقة التاسعة و الثلاثون من راديو اسأل مطور, في هذه الحلقة نستضيف المهندس محمد تيسير المنضم حديثاً لفريق عمل جوجل في مدينة زيورخ في سويسرا, ليشارك معنا خبراته و نصائحه لمن يريدون التقدم في الوظائف المماثلة. Why do you want to join Google? Technical career path Innovative Move to another country You will not lose anything if you fail. There is no such thing as blacklist What they are looking for in a candidate? Smart & get things done Goes the extra mile (open-source, side projects, …) Measurable achievements College degree is not required Persistence: I failed the 1st interview but passed the 2nd How to pass the interview? Relax. It’s not the end of the world Always keep the communication line open. In other words, always think out loud. Don’t stand there silently while you are thinking Validate your assumptions with test cases & ask about edge cases to make sure you understand everything. The problem might be simpler than you think Apply for all suitable positions, not just one or two (follow @googlejobs on twitter) Prepare well (Project Euler, Top Coder, ACM, …) “Algorithm Design Manual” is a good book, but it’s heavy for some people. Go with it when you feel you have a good understanding of basic data structures See more references below Things to consider It takes time to pass the interviews, get visa & start working Google helps with relocation: papers, travel tickets, temp accommodation, but this doesn’t mean the visa is guaranteed. The imposter syndrome: I’m not good enough References Steve Yegge blog post is the best resource. http://steve-yegge.blogspot.ch/2008/03/get-that-job-at-google.html Event by Ahmad Aly https://www.facebook.com/events/252191538310698/?ref=22 Required courses http://uk.businessinsider.com/skills-for-google-engineering-jobs-2014-10?r=US Another reference http://www.businessinsider.com/qualities-google-looks-for-in-job-candidates-2014-4?IR=T There were some sessions in EgyptScholars group telling you how to prepare for Google interview https://www.facebook.com/EgyptScholars

Introduction What is a package? What is a Package Manager? Why Do we need Package Manager? Pros and Cons Pros Break your code into sharable components. Reduce build times. Easy to find well-made packages to speed up development. Resolving versioning in a clean way. Cons Sometimes packages don't play well together Too many package managers with very little differences Examples Ruby Gems (was that the first one?) Python Pip NuGet NPM apt-get OneGet Chocoloty Bower Yum pacman

Welcome to the 37th episode of AskDeveloper Podcast, in this episode we will discuss the big news that came from Microsoft last week regarding opening the source of the .net Framework as well as a new SKU of Visual Studio Community Edition for small and Open Source teams. أهلا بكم في الحلقة السابعة و الثلاثون من راديو اسأل مطور في هذه الحلقة نناقش الأخبار التي أعلنتها مايكروسوفت الأسبوع الماضي عن فتح مصدر اطار عمل دوت نت, بالاضافة الى اصدار نسخة جديدة من فيجوال ستوديو (نسخة المجتمع) و التي ستكون مجانية للفرق الصغيرة و المشاريع مفتوحة المصدر.

الحلقة السادسة و الثلاثون من راديو اسأل مطور, نناقش في هذا الأسبوع أهمية نظم حفظ و تنظيم الكود Source Control و نقارن بين أنواعها المختلفة و نتكلم باستفاضة عن Git What is source control Why do I need Source Control Source control absence from official CS curriculum is a disaster Source control can be as important as If Else statements Important for individuals. Vital for teams Types of Source Control Systems Centralized (Traditional) CVS SVN - Subversion. TFS Distributed Git Mercurial Awesome Git Features Stash Branching with no overhead Local Commits (never lose a thing) Rewriting History (rebasing) Git vs GitHub GitLab Bitbucket Using GitHub in non-programming projects

الحلقة 35 من راديو اسأل مطور, في هذه الحلقة نستعرض موضوع المنطق للمبرمجين. - Abstraction ○ 1+1 = 2 almost always not true ○ If 1 orange + another orange, what about the size of each, the taste ... etc ○ For this to be true some abstraction is required ○ Abstraction is removing some details to simplify reality modeling and perception ○ Programming is in huge part an art of abstraction ○ "Leaky abstraction" Spolsky's post.  - Perception ○ This table has four legs ○ This table is beautiful ○ The first statement the signifier and signified are adjacent while the second statement there is a space for interpretation ○ Some signifiers has wide meanings or narrow, and different people perceive it differently ○ Role of agile development in addressing perception issues - Deduction

ِAsk Developer Podcast الحلقة 34, في هذه الحلقة نناقش موضوع ال Freelancing و كيف تبدأ فيه و ما هو و مميزاته و عيوبه و بعض النصائح من التجارب الشخصية. What is freelancing?  Comparing freelancing to regular job How to find freelancing opportunity?  How to handle clients?  How to put your name out there?  Places To look for freelancing opportunities.  Rentacoder Guru Video version https://www.youtube.com/watch?v=k-562HWe1N4

هل محبين و متابعين التكنولوجيا في المنطقة العربية يجب عليهم التحدث و الكتابة بالعربية؟ هل من يود تعلم التكنولوجيا في المنطقة العربية عليه أن يجيد اللغة الانجليزية و يتجه للمصادر الأجنبية؟ Should Arabic technology enthusiasts and workers speak and write in Arabic? should people who wish to learn about IT go for Arabic or English resources?