Hack The Kernel

ops-class.org includes slides, hundreds of hours of videotaped lectures, and sample exams: everything you need to learn OS concepts online at your own pace.



Infrastructure discovery with etcd

Infrastructure discovery with consul is easy, mostly due to its known semantics of a server, a service and associated health checks. But using consul in production is a topic on its own – scale a running cluster is hard, ensuring all the zombie’s are gone need to be implemented on your own and the solution for initial cluster startup (atlas) is commercial. With etcd you can achieve easily the same infrastructure discovery concept as consul has, with just a couple of lines of code. This post will guide you through a good alternative of infrastructure discovery, if you don’t want to use consul in production.


How BitTorrent Really Works

BitTorrent is both ambitious and simple. BitTorrent is a P2P protocol in which peers coordinate to distribute requested files. In order to resist downtime due to real-world seizure of computers, BitTorrent has had to progress to a fully distributed architecture, without any single point of failure. This is an impressive technical feat.

Even more impressive is that BitTorrent gets faster with additional content-fetchers, rather than slower. The classic economics of content distribution is suddenly inverted, rewarding high-desirability content.

It’s no surprise then that BitTorrent is used nowadays for everything from sharing Linux ISO files to live broadcast streaming of sports and politics. BitTorrent’s name is still controversial in many places because of its role as a subversive software. BitTorrent’s power made it the first choice for piracy, which lead to many concluding that BitTorrent is only useful for piracy. While many ISPs and externally-administered networks attempt to block and trace BitTorrent, the fight has largely been lost.

By not placing restrictions on peers, BitTorrent opens itself up to a universe of attacks. Like other architectures, a combination of limited observability and sound mathematics is the solution. As we will see, the architecture prevents an evil actor from serving a corrupted file or causing undue load on the BitTorrent network.

Lastly, BitTorrent is forward-thinking. It contains an extension protocol that allows clients to design protocols that alter the behavior of peers, and enables peers to intelligently fall back upon the extensions supported by each. At the bottom of this is the basic peer protocol; ensuring that clients can agree on enough to simply serve the file if they share no extensions.


Full(er) House: Exposing high-end poker cheating devices

This post exposes how real-world highly advanced poker cheating devices work.

In 2015, I stumbled upon a post in an underground forum, discussing how someone was ripped off at a poker table by a very advanced poker cheating device. From what I understood at that time, the post being in Chinese, the device was able to remotely read card markings to inform the cheater who will win the next hand.

Intrigued, I decided to follow the trail of this fabled device to see if people were indeed cheating at poker using devices that would fit naturally into a James Bond movie.

Without spoiling too much of the rest of this post, let’s just say that the high-end cheating device that I was able to get my hands on far exceeded my expectations and it really is an outstanding piece of technology.

As a matter of fact, it is so advanced and cool that with Celine and Jean-Michel, my co-conspirators, we decided to do a Defcon talk about how it works. You can watch the recording of our talk below and grab the slides here:



Quiet for Android – TCP over sound


org.quietmodem.Quiet allows you to pass data through the speakers on your Android device. This library can operate either as a raw frame layer or as a UDP/TCP stack.

This package contains prebuilt library files for libquiet and quiet-lwip as well as their dependencies. On top of that, it adds Java bindings which closely mimic the familiar interfaces from the java.net.* package.

This package is provided under the 3-clause BSD license. The licenses of its dependencies are also included and are licensed under a mix of BSD and MIT.

Quiet comes with support for armeabi-v7a, arm64-v8a, x86, and x86_64. It requires Android API 14 for 32-bit mode and API 21 for 64-bit mode. It requires only the RECORD_AUDIO permission.

For testing purposes, Genymotion is highly recommended over the default emulator. Genymotion provides access to the microphone while the default Android Studio one does not and will throw an exception when Quiet attempts to use the microphone.

Why sound? Isn’t that outdated?

If you are old enough, you may remember using dial-up modems to connect to the internet. In a sense, this package brings that back. While it’s true that this is somewhat of a retro approach, consider the advantages of using sound.

  • Highly cross-platform. Any device with speakers and a microphone and sufficient computational power can use this medium to communicate.
  • No pairing. Unlike Bluetooth, sound can be used instantly without the need to pair devices. This reduces the friction and improves the user experience.
  • Embeddable content. Similar to a QR code, short packets of data can be encoded into streaming or recorded audio and can then be later decoded by this package.


Deep Learning papers reading roadmap

If you are a newcomer to the Deep Learning area, the first question you may have is “Which paper should I start reading from?”

Here is a reading roadmap of Deep Learning papers!

The roadmap is constructed in accordance with the following four guidelines:

  • From outline to detail
  • From old to state-of-the-art
  • from generic to specific areas
  • focus on state-of-the-art

You will find many papers that are quite new but really worth reading.