How BitTorrent Really Works

BitTorrent is both ambitious and simple. BitTorrent is a P2P protocol in which peers coordinate to distribute requested files. In order to resist downtime due to real-world seizure of computers, BitTorrent has had to progress to a fully distributed architecture, without any single point of failure. This is an impressive technical feat.

Even more impressive is that BitTorrent gets faster with additional content-fetchers, rather than slower. The classic economics of content distribution is suddenly inverted, rewarding high-desirability content.

It’s no surprise then that BitTorrent is used nowadays for everything from sharing Linux ISO files to live broadcast streaming of sports and politics. BitTorrent’s name is still controversial in many places because of its role as a subversive software. BitTorrent’s power made it the first choice for piracy, which lead to many concluding that BitTorrent is only useful for piracy. While many ISPs and externally-administered networks attempt to block and trace BitTorrent, the fight has largely been lost.

By not placing restrictions on peers, BitTorrent opens itself up to a universe of attacks. Like other architectures, a combination of limited observability and sound mathematics is the solution. As we will see, the architecture prevents an evil actor from serving a corrupted file or causing undue load on the BitTorrent network.

Lastly, BitTorrent is forward-thinking. It contains an extension protocol that allows clients to design protocols that alter the behavior of peers, and enables peers to intelligently fall back upon the extensions supported by each. At the bottom of this is the basic peer protocol; ensuring that clients can agree on enough to simply serve the file if they share no extensions.

Full(er) House: Exposing high-end poker cheating devices

This post exposes how real-world highly advanced poker cheating devices work.

In 2015, I stumbled upon a post in an underground forum, discussing how someone was ripped off at a poker table by a very advanced poker cheating device. From what I understood at that time, the post being in Chinese, the device was able to remotely read card markings to inform the cheater who will win the next hand.

Intrigued, I decided to follow the trail of this fabled device to see if people were indeed cheating at poker using devices that would fit naturally into a James Bond movie.

Without spoiling too much of the rest of this post, let’s just say that the high-end cheating device that I was able to get my hands on far exceeded my expectations and it really is an outstanding piece of technology.

As a matter of fact, it is so advanced and cool that with Celine and Jean-Michel, my co-conspirators, we decided to do a Defcon talk about how it works. You can watch the recording of our talk below and grab the slides here:

Quiet for Android – TCP over sound


org.quietmodem.Quiet allows you to pass data through the speakers on your Android device. This library can operate either as a raw frame layer or as a UDP/TCP stack.

This package contains prebuilt library files for libquiet and quiet-lwip as well as their dependencies. On top of that, it adds Java bindings which closely mimic the familiar interfaces from the* package.

This package is provided under the 3-clause BSD license. The licenses of its dependencies are also included and are licensed under a mix of BSD and MIT.

Quiet comes with support for armeabi-v7a, arm64-v8a, x86, and x86_64. It requires Android API 14 for 32-bit mode and API 21 for 64-bit mode. It requires only the RECORD_AUDIO permission.

For testing purposes, Genymotion is highly recommended over the default emulator. Genymotion provides access to the microphone while the default Android Studio one does not and will throw an exception when Quiet attempts to use the microphone.

Why sound? Isn’t that outdated?

If you are old enough, you may remember using dial-up modems to connect to the internet. In a sense, this package brings that back. While it’s true that this is somewhat of a retro approach, consider the advantages of using sound.

  • Highly cross-platform. Any device with speakers and a microphone and sufficient computational power can use this medium to communicate.
  • No pairing. Unlike Bluetooth, sound can be used instantly without the need to pair devices. This reduces the friction and improves the user experience.
  • Embeddable content. Similar to a QR code, short packets of data can be encoded into streaming or recorded audio and can then be later decoded by this package.

Deep Learning papers reading roadmap

If you are a newcomer to the Deep Learning area, the first question you may have is “Which paper should I start reading from?”

Here is a reading roadmap of Deep Learning papers!

The roadmap is constructed in accordance with the following four guidelines:

  • From outline to detail
  • From old to state-of-the-art
  • from generic to specific areas
  • focus on state-of-the-art

You will find many papers that are quite new but really worth reading.

Image Synthesis from Yahoo’s open_nsfw

Yahoo’s recently open sourced neural network, open_nsfw, is a fine tuned Residual Network which scores images on a scale of to on its suitability for use in the workplace. In the documentation, Yahoo notes

Defining NSFW material is subjective and the task of identifying these images is non-trivial. Moreover, what may be objectionable in one context can be suitable in another.

What makes an image NSFW, according to Yahoo? I explore this question with a clever new visualization technique by Nguyen et al.. Like Google’s Deep Dream, this visualization trick works by maximally activating certain neurons of the classifier. Unlike deep dream, we optimize these activations by performing descent on a parameterization of the manifold of natural images. This parametrization takes the form of a Generative Network, , trained adversarially on an unrelated dataset of natural images.

The “space of natural images”, according to , look mostly like abstract art. Unsurprisingly, these random pictures, lacking any kind of semantics, have low scores on the classifier.

MILAGRO – Distributed Cryptosystem for Cloud Computing

Apache Milagro (incubating) establishes a new internet security framework purpose-built for cloud-connected app-centric software and IoT devices that require Internet scale. Milagro’s purpose is to provide a secure, free, and positive open source alternative to centralised and proprietary monolithic trust providers such as commercial certificate authorities and the certificate backed cryptosystems that rely on them.

Milagro is an open source, pairing-based cryptographic platform that delivers solutions for device and end user authentication, secure communications and fintech / blockchain security; issues challenging Cloud Providers and their customers. It does this without the need for certificate authorities, putting into place a new category of service providers called Distributed Trust Authorities (D-TA®).

Milagro’s M-Pin® protocol, and its existing open-source MIRACL® implementation on which MILAGRO is built, is already in use by Experian, NTT, Ingram Micro, and Gov.UK and rolled out to perform at Internet scale for Zero Password® multi-factor authentication and certificate-less HTTPS / secure channel.

Read why it’s time to move beyond PKI and the Milagro Proposal for A Distributed Trust Ecosystem .

Programming books you might want to consider reading

There are a lot of “12 CS books every programmer must read” lists floating around out there. That’s nonsense. The field is too broad for almost any topic to be required reading for all programmers, and even if a topic is that important, people’s learning preferences differ too much for any book on that topic to be the best book on the topic for all people.

This is a list of topics and books where I’ve read the book, am familiar enough with the topic to say what you might get out of learning more about the topic, and have read other books and can say why you’d want to read one book over another.