Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In this talk titled 'How to Hijack', held at the wroc_love.rb 2019 conference, Dávid Halász discusses the complex concepts of smuggling, hijacking, and proxying in non-blocking disorder sockets using Ruby on Rails and Rack. Key points include: - **Introduction to Speaker and Context**: Dávid, from Hungary and now residing in Brno, Czech Republic, works for Red Hat and focuses on hybrid cloud infrastructure management with ManageIQ, emphasizing its Ruby on Rails architecture. - **Browser Remote Consoles**: Explained the implementation of remote desktop sessions via browsers using a VNC endpoint to access virtual machines, leveraging WebSockets for bidirectional data transfer. - **Sockets and Buffering**: Introduced programming sockets, the importance of buffering in I/O operations, and the challenges of blocking I/O, which can lead to endless loops in proxy implementations. - **Non-blocking I/O**: Discussed the benefits of non-blocking I/O methods and how they can be utilized to avoid complications when handling multiple sockets, including the concept of 'bouncing select'. - **Epoll and socket handling**: Covered improvements in socket handling in Linux with epoll and how to manage readiness of sockets effectively, as well as the creation of Ruby wrappers for this mechanism. - **WebSocket Management and Hijacking**: Explored how WebSockets facilitate persistent connections and the technique of socket hijacking to manage interactions with underlying VNC connections while maintaining server efficiency. - **TCP Smuggling**: Proposed generating TCP connections that could efficiently handle data and emphasized the necessity of a browser plugin due to limitations imposed by browser sandboxes. - **Demonstration of Architecture**: Dávid showcased a live demo of a VNC session running in a containerized environment, illustrating how connections to VMs can be established and managed effectively, utilizing simple server structures similar to Rack. The conclusion highlighted that although the architecture utilizes a server, browser plugin, and client app, further refinements are necessary before it can be considered production-ready. The audience was engaged through a Q&A session, clarifying technical queries about the socket translations and operational efficiencies. Overall, the talk provided an insightful examination of using Ruby for advanced network operations, making a case for innovative solutions in hybrid cloud environments.
Suggest modifications
Cancel
