My ISP, Skynet Belgacom Proximus, has been rolling out IPv6 since 2013. However, you need a B-Box 3 in order to get it. Recently, my B-Box 2 decided to stop working, so I got a (free) upgrade to a B-Box 3 (but see below).
I wanted to do some light measurements (illuminance, to be exact), but didn’t want to spend hundreds of euro’s on a light meter. I realized that I actually have a quite good light meter in my pocket: my smartphone’s camera. It doesn’t measure illuminance, but luminance, but that can be worked around.
As you may know, HTTP/2.0, as implemented by most browsers, only runs over TLS (which is a good thing). Unfortunately, it makes debugging the protocol a bit harder, since protocol analyzers can’t look inside the TLS layer anymore. And while the in-browser debugging tools have become very good, I find myself in need of a Wireshark session to figure things out: In particular: which resources were pushed by the server?
So I found myself Men-In-The-Middle-ing myself with ZAP regularly. Today I learned that I can simply ask my browser to tell me the missing pieces: the master secret and the client random value (used to look up the correct master secret from the raw packet), or, if you are still not using PFS, part of the encrypted pre-master secret (for look-up), and the full (plaintext) pre-master secret.
Just set the SSLKEYLOGFILE
environment-variable to the path of a writable text file (appended to). Works in both Chrome and Firefox! And make sure you unset the environment for safe surfing afterwards!
Wireshark can be configured to read in this file in the Preferences → Protocols → SSL → (Pre)-Master-Secret log filename.
I frequently found myself doing relative simple calculations over and over again, such as the future value of an investment. A spreadsheet works fine if you always calculate in the same direction (i.e. calculate the future value based on present value, interest and duration), but I usually want to jump around a bit, calculating back and forth between parameters (e.g. what interest rate would be needed to get this future value).
Simple JavaScript based time-delta calculator.
I’ve been struggling a bit with IPv6 source address selection. Normally, when you initiate a new connection, you only specify the destination address (or have DNS resolve the name to an address). The choice of the source address is usually left to the OS by setting it to ::
(IPv6’s version of 0.0.0.0
).
RFC 6724 specifies how this selection should happen. Karl Auer explains it in a bit less painful way on his blog. But sometimes I want to influence the chosen address: how can I twist these rules to match my wishes? Karl also has an interesting post on this. In summary, use any combination of:
- Deprecate the addresses that you don’t want to use:
ip addr change 2001:db8::1:1/128 dev tun preferred_lft 0
- Make your own label to group addresses:
ip addrlabel
family - Use privacy extension addresses
After some searching, I’ve found a Polish website that is hosted on an IDN domain name, which makes it a useful test vector.
- http://ąćęłńóśźż.pl/
- ascii punycode equivalent: http://xn--kda9ag6e8jma6nxjsa.pl/
I’ve been struggling with my dd-wrt setup lately. So I started looking around for potential alternatives. One thought was to use a Raspberry Pi as router, but I was worried about its performance. So I did a few tests.
I’ve started using tmux, but found out that the standard keyboard bindings to resize panes (C-b C-
Continue reading ‘Fixing Terminal.app to enable tmux resizing’ »
All of my data is stored on my NAS, from where it is automatically backed up daily. But doing photo-editing on a remote file was slow, especially over WiFi and/or VPN. So I decided to store all photo’s locally, but without loosing the automatic backups. I solved this problem with a Launchd agent to watch the directory for changes (and run every hour anyway), and rsync for the actual transfer.
Additional challanges were that user permissions needed to be synced across as well. (Usernames did match on both machines, but UIDs did not)