My Inter Planetary File System

I’ve long found peer-to-peer networking interesting. Some time ago, I realized that in the context of peer-to-peer networks, libre licensed content has a compelling advantage over proprietary content. Sharing libre licensed works on a peer-to-peer network is clearly legal, while the situation for proprietary content is murky at best.

So, to experiment with a new (at least to me) peer-to-peer network, IPFS, I’ve set up node on my recently rented Scaleway (ARM-based) private server. You can find a few libre licensed songs I like at the link below. If it works out, I’ll add more down the road.

Update: The server is crashing. I’m not sure if the IPFS code, libraries, ARM Go port or what is to blame. Until further notice, the following URL is probably unreachable.

http://gateway.ipfs.io/ipns/QmaFrTsJm6fs2JQnb34e52AdzCA9C2Kxn6gjZEx3RXBNzk

I also wonder how difficult it would be to resurrect or build upon the DebTorrent effort, this time using IPFS. While I must admit ignorance on the details of how IPFS compares to BitTorrent, from what little I’ve read, IPFS uses many of the good ideas from BitTorrent while providing better backwards compatibility with the ubiquitously supported HTTP.

The Future of Programming

I have read that children are far more capable than adults at learning languages. I value being able to communicate with machines pretty highly, so I’ve set an arbitrary goal of teaching my children to program by age three. It seems like the most popular way to teach children to code is with Scratch or a derivative. While searching and reading about that, I stumbled across Catrobat Pocket Code. I think this is the future of programming. For many people, smartphones are either the only general purpose computer available or the most available general purpose computer.
image

I just wrote a simple glide-and-change-the-picture-on-touch application as a hello world and am excited. I how that hitherto successful libre projects such as Mozilla and GNU start to take mobile more seriously. I hear view source is in the works for Fennec and that’s a great move in the right direction. Now to just suggest to F-Droid that they include Catrobat Pocket Code and Pocket Paint, although it looks like an Iceweasel style renaming may be required.

Scripting Kolab Calendar Interactions

As mentioned previously, I would like to be able to do spreadsheet like calculations on my Kolab groupware calendar. Here is how I’m currently attempting that. There were a couple challenges that made this take longer than I had hoped. The first was making sure that, given two processes communicating via a pipe, closing the upstream process didn’t prematurely end the downstream process. This is what the funny redirection is for. The second issue that caused me grief was the carriage return character echo -en '\x0d', present in IMAP results. It caused bash -x output to be really confusing. An extra operation while sed’ing took care of it.

#!/bin/bash -x

username="me@mykolab.com"
password="secret-code"
lastsunday="22-Mar-2015"

rm -f out result
mkfifo out result

(
  echo "1 login ${username} ${password}"
  echo '2 select Cashflow'
  echo "3 search sentsince ${lastsunday}"
  echo '4 logout'
  sed -nr '/^\* search.*/I {
             s/^\* search +//I
             s/ *\r$//
             s/ /,/g
             p
           }' out > result
) | openssl s_client -starttls imap -connect imap.kolabnow.com:143 &> out &

msgs="$(cat result)"

(
  echo "1 login ${username} ${password}"
  echo '2 select Cashflow'
  echo "3 fetch ${msgs} body[2]"
  echo '4 logout'
  cat out > result
) | openssl s_client -starttls imap -connect imap.kolabnow.com:143 &> out &

cat result

#do math
#use imap append command to create new (or what else to modify?) entry

Next steps are to use string processing (probably sed) utilities to extract the icalendar XML and xmlstarlet to parse it (beware the namespace).

Cashflow Calendar

My wife and I recently regained sufficient interest in tracking and projecting our personal finances. One of the questions we wanted to be able to answer was how much money would we have each day for the next month or so. We receive direct deposited salaries every week or two, but we also have some irregular income like the employee stock purchase plan that my company offers and I participate in. So we made a cashflow calendar. Using a Google Docs spreadsheet, we put days of the week as column headers, allowed seven rows for transactions, and calculated a daily total and a running sum at the bottom. I used conditional formatting to highlight when the checking account would dip below a threshold.

Screenshot from 2015-02-14 08:09:22

I like this because at least within the time period you’re writing up, you can track cashflow that has happened and project cashflow you expect to happen at the natural frequencies. You don’t have to divide a once-a-month bill in half to fit into a 2 week budget or in fourths to fit in a weekly budget. The cashflow calendar seems like an obvious tool, and indeed it is a slight evolution of what I was taught in Engineering Economy at Virginia Tech, but it wasn’t how the Financial Peace University budget template was formatted, and we had been coasting off of that class and its methods for some time.

At the moment we’re only really tracking out checking account and doing it all manually. I hope that with some clever scripting I may be able to have my computer handle the data entry automatically, and all I have to do is predict the future.

Watching the GETs, POSTs, and OKs

Having put in place a simple man-in-the-middle SSL/TLS stripping setup using socat, I used Wireshark to view the HTTP traffic to my bank, so I could replicate it in a more programmatic manner than manually using a web browser. I set Wireshark to capture on any device using the following filter.

tcp port 1337

Using a custom port (1337) slightly hindered automatic decoding so I right clicked on the data section of TCP packets with a data section and selected “Decode As…”, and selected transport tab for port 1337 to be decoded as HTTP. With this in place I put “http” in the filter box and removed a bunch of TCP noise. Now there was still a bunch of javascript fetches that I hopefully won’t have to deal with, but it was easy to locate the POST method that I was particularly interested in.

Taking the S out of HTTPS for Reverse Engineering

I’d like to be able to automatically query my checking account balance (and all my other accounts to, but checking is a good place to start). To my knowledge, my credit union does not provide an API like The Open Bank Project. So I must resort to screen scraping. To start, I’d like to observe my browser logging in. To do so, I’ll use socat.

socat \
  tcp4-listen:1337,fork \
  openssl:subdomain.domain.tld:443,cafile=/etc/ssl/certs/Appropriate_CA.pem

You may need to look closely at the URLs you’re dealing with. I found that my credit union used a different certificate for the account login subdomain than for the home page at the regular domain. With that in place I can navigate to http://127.0.0.1:1337/path/to/login in Firefox and observe the traffic unencrypted in Wireshark. (Apparently I could give Wireshark my private key as well, if it was built against GNU TLS, but I’ve yet to try that approach.)

Circuit Stickers on Blocks

image

So I’ve been disappointed for a while at the lack of technical toys for toddlers and wanted to do something about it. Yesterday I finally put together a very initial prototype using Circuit Stickers and blocks. Here are a couple pictures.

image

I’d love to see my introduction to computer engineer project, designing and building a 4 bit arithmetic logic unit with a few basic 7400 chips, possible with something like this.