wroclove.rb 2019 talk by David Halasz titled 'Smuggling, hijacking and proxying in-browser remote console sockets with Rack and Ruby'. Walks through how ManageIQ implements in-browser VNC remote consoles: the architecture (VM → hypervisor VNC endpoint → Ruby proxy → browser WebSocket), the computer-science foundations (sockets as files, buffered blocking read/write, non-blocking I/O via IO.select, why naive threaded and spin-locking proxies fail), and the author's 'bouncing select' technique with dynamic socket arrays. Covers alternatives considered (EventMachine, Celluloid, async, auto-yielding fibers promised for Ruby 3), moves to epoll with EPOLLONESHOT (hand-written C extension because no existing Ruby wrapper supported it), and falls back to kqueue/IO.select on macOS. Second half introduces WebSockets as HTTP upgraded for bi-directional traffic, then Rack socket hijacking to escape the request/response loop and run a persistent proxy thread. Finally presents 'PURR' (Protocol Upgrade Raw Request): instead of upgrading to WebSocket, downgrade to TCP to tunnel VNC/SSH from a hypervisor to a native desktop client, passing through a browser plug-in that invokes a binary (the W3C draft for browser-initiated TCP connections would remove this workaround). Demo shows connecting a native VNC viewer and an SSH client through a ManageIQ-style Puma server to containers running in VirtualBox. Q&A covers role-based access control and temporary VM access as a motivation, Red Hat new-hire hats, VNC↔WebSocket frame translation, and an audience recommendation to use kernel splice to move bytes between sockets without copying to userspace.