Cassandra – An Introduction


  • Motivation
  • Architecture
  • Write and Read
  • Data Model
  • Best Combos!
  • How to get started

Software engineering of systems that learn in uncertain domains, Peter Norvig (Google)

Using Rowhammer bitflips to root Android phones is now a thing

Researchers have devised an attack that gains unfettered “root” access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.

The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.

Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren’t reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.

An app containing the researchers’ rooting exploit requires no user permissions and doesn’t rely on any vulnerability in Android to work. Instead, their attack exploits a hardware vulnerability, using a Rowhammer exploit that alters crucial bits of data in a way that completely roots name brand Android devices from LG, Motorola, Samsung, OnePlus, and possibly other manufacturers.

Hack The Kernel includes slides, hundreds of hours of videotaped lectures, and sample exams: everything you need to learn OS concepts online at your own pace.


Infrastructure discovery with etcd

Infrastructure discovery with consul is easy, mostly due to its known semantics of a server, a service and associated health checks. But using consul in production is a topic on its own – scale a running cluster is hard, ensuring all the zombie’s are gone need to be implemented on your own and the solution for initial cluster startup (atlas) is commercial. With etcd you can achieve easily the same infrastructure discovery concept as consul has, with just a couple of lines of code. This post will guide you through a good alternative of infrastructure discovery, if you don’t want to use consul in production.

Sam Harris: Can we build AI without losing control over it?

How BitTorrent Really Works

BitTorrent is both ambitious and simple. BitTorrent is a P2P protocol in which peers coordinate to distribute requested files. In order to resist downtime due to real-world seizure of computers, BitTorrent has had to progress to a fully distributed architecture, without any single point of failure. This is an impressive technical feat.

Even more impressive is that BitTorrent gets faster with additional content-fetchers, rather than slower. The classic economics of content distribution is suddenly inverted, rewarding high-desirability content.

It’s no surprise then that BitTorrent is used nowadays for everything from sharing Linux ISO files to live broadcast streaming of sports and politics. BitTorrent’s name is still controversial in many places because of its role as a subversive software. BitTorrent’s power made it the first choice for piracy, which lead to many concluding that BitTorrent is only useful for piracy. While many ISPs and externally-administered networks attempt to block and trace BitTorrent, the fight has largely been lost.

By not placing restrictions on peers, BitTorrent opens itself up to a universe of attacks. Like other architectures, a combination of limited observability and sound mathematics is the solution. As we will see, the architecture prevents an evil actor from serving a corrupted file or causing undue load on the BitTorrent network.

Lastly, BitTorrent is forward-thinking. It contains an extension protocol that allows clients to design protocols that alter the behavior of peers, and enables peers to intelligently fall back upon the extensions supported by each. At the bottom of this is the basic peer protocol; ensuring that clients can agree on enough to simply serve the file if they share no extensions.

Full(er) House: Exposing high-end poker cheating devices

This post exposes how real-world highly advanced poker cheating devices work.

In 2015, I stumbled upon a post in an underground forum, discussing how someone was ripped off at a poker table by a very advanced poker cheating device. From what I understood at that time, the post being in Chinese, the device was able to remotely read card markings to inform the cheater who will win the next hand.

Intrigued, I decided to follow the trail of this fabled device to see if people were indeed cheating at poker using devices that would fit naturally into a James Bond movie.

Without spoiling too much of the rest of this post, let’s just say that the high-end cheating device that I was able to get my hands on far exceeded my expectations and it really is an outstanding piece of technology.

As a matter of fact, it is so advanced and cool that with Celine and Jean-Michel, my co-conspirators, we decided to do a Defcon talk about how it works. You can watch the recording of our talk below and grab the slides here:

Quiet for Android – TCP over sound


org.quietmodem.Quiet allows you to pass data through the speakers on your Android device. This library can operate either as a raw frame layer or as a UDP/TCP stack.

This package contains prebuilt library files for libquiet and quiet-lwip as well as their dependencies. On top of that, it adds Java bindings which closely mimic the familiar interfaces from the* package.

This package is provided under the 3-clause BSD license. The licenses of its dependencies are also included and are licensed under a mix of BSD and MIT.

Quiet comes with support for armeabi-v7a, arm64-v8a, x86, and x86_64. It requires Android API 14 for 32-bit mode and API 21 for 64-bit mode. It requires only the RECORD_AUDIO permission.

For testing purposes, Genymotion is highly recommended over the default emulator. Genymotion provides access to the microphone while the default Android Studio one does not and will throw an exception when Quiet attempts to use the microphone.

Why sound? Isn’t that outdated?

If you are old enough, you may remember using dial-up modems to connect to the internet. In a sense, this package brings that back. While it’s true that this is somewhat of a retro approach, consider the advantages of using sound.

  • Highly cross-platform. Any device with speakers and a microphone and sufficient computational power can use this medium to communicate.
  • No pairing. Unlike Bluetooth, sound can be used instantly without the need to pair devices. This reduces the friction and improves the user experience.
  • Embeddable content. Similar to a QR code, short packets of data can be encoded into streaming or recorded audio and can then be later decoded by this package.

Blog at

Up ↑