DEV Community

Cover image for From KRON to KLS: Evolution, Technical Failures, and the Art of Reinventing the Wheel in Linux
Jeremy Nobel
Jeremy Nobel

Posted on

From KRON to KLS: Evolution, Technical Failures, and the Art of Reinventing the Wheel in Linux

#cpp #linux #cli #programming

On March 23rd, I updated KRON for the last time. Today, the project not only has a new name, but a completely refined vision.

Initially, KRON was conceived as a toolkit of basic Linux utilities modified with a strict focus on security and auditing. While I have kept that security core, the idea of building a massive toolkit is gone. I chose instead to embrace the old Unix philosophy: Do one thing, and do it well.

That is how KRON transformed into KLS, a listener (in the style of the ls command) focused exclusively on directory auditing.
The Current Focus and the Performance Headache

Currently, KLS is responsible for scanning directories to detect file alerts with SUID/SGID permissions and Linux Capabilities. It is 100% designed for Linux (I am not ruling out a Windows adaptation in the future, but it is not the priority right now).

My current plan splits into two fronts: improving the tool's professional viability and optimizing its performance. The latter has been, without a doubt, the most expensive and difficult part. Making the tool useful in terms of information is one thing; making it fast is a whole different beast.

In my quest for optimal performance, I went through several stages and experiments:

  • Classic Single-Threaded Model: Way too slow for massive file systems.

  • Direct getdents64: I tried gathering entries directly into a buffer using the native syscall to bypass the overhead of higher-level C/C++ standard library functions.

  • A Failed Attempt with io_uring: This was a catastrophic failure. I was exploring advanced asynchronous concepts in a way I had never programmed before. I made the mistake of copying code and trying to guess what the AI was doing without truly understanding it. I broke my own rule of understanding every single line.

After the stumble with io_uring, I decided to step back into a territory I actually master: a multithreaded Producer-Consumer model. Performance improved significantly, though I admit it is still far from where I want it to be.

Next Step: Viability and Clean Code

Before I continue obsessing over micro-optimization, I have decided to shift my strategy. My immediate goal is to make KLS an attractive, observable option for the real world—so that a security auditor looks at it and thinks: "This is actually useful for my day-to-day work." To achieve this, I am focusing on cleaning, refactoring, and documenting the codebase, ensuring it is clear enough for the community to understand and contribute to.

A Reflection on University and Curiosity

Building this project has taught me more than I have learned in three years of university. I am not discounting academia, but university only gives you the general foundation; it is personal curiosity and the hunger to tackle genuinely challenging projects that actually make you an engineer.

Developing KLS has been a mental catalyst. In fact, while I fight with threads and Linux capabilities, my mind keeps racing with new ideas...

The Tech Corner: Squeezing Performance out of Linux (And seeking advice)

Since I know there are true systems experts on dev.to, I want to open up a discussion and ask for advice in two areas I am currently focusing on to take KLS to the next level:

1. Tips for Optimizing Directory Entry Retrieval (I/O)

Right now, the bottleneck is the file system traversal. While the Producer-Consumer model helped, disk contention or syscall overhead when calling stat / getxattr for capabilities is still costing me dearly.

Is it worth structuring a thread pool where a master thread only lists directories and worker threads process the metadata, or is it better for each thread to autonomously own specific subtrees?

2. Looking for Literature: What books do you recommend to master real async and low-level programming?

My failure with io_uring made it clear that I don't want to use abstractions I don't understand. I want to build the proper theoretical foundations. What books do you recommend for mastering async programming, advanced concurrency, and Linux Kernel internals?

I currently have my eyes on classics like:

  • The Linux Programming Interface (Michael Kerrisk)

  • Linux System Programming (Robert Love).

What other books do you consider indispensable for truly understanding concurrency patterns, the Linux I/O subsystem, or modern low-level async frameworks?

I'd love to read your thoughts in the comments! If you want to take a look at the code (and constructively tear it apart), here is the repository: https://github.com/NobelC/kls

Top comments (0)