API This search result can also be retrieved as XML. Click the API icon to see this page as XML.
re-crawl url

Finn.io | Finn.io

id
ct8W7shcPgo8
host_id_s
hcPgo8
sku
https://[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/
host_s
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]
url_chars_i
50
url_protocol_s
https
url_paths_count_i
0
content_type
text/html
crawldepth_i
3
collection_sxt
CJDNS
title
Finn.io | Finn.io
last_modified
2016-10-04T01:25:46Z
dates_in_content_count_i
0
http_unique_b
false
www_unique_b
false
exact_signature_l
-3749675165607420405
exact_signature_unique_b
true
fuzzy_signature_l
-2248071076820219774
fuzzy_signature_unique_b
true
h1_txt_0
Finn.io
h1_txt_1
Let's Encrypt and Nginx
h1_txt_2
Issuance
h1_txt_3
Installation
h1_txt_4
Proxying
h1_txt_5
32C3 Torrent Feeds
h1_txt_6
Silly Things With Home Automation
h1_txt_7
A Domain Availability Finder
h1_txt_8
SIP calls over cjdns
h1_txt_9
Building a "Secure" Android App
h1_txt_10
Powerline, Minature Octo Batman, and more
h1_txt_11
Scraping the UW course listings
h1_txt_12
Keybase, a site for matching handles to keys
h1_txt_13
New domain, New website
h2_txt_0
Authenticating the Server
h2_txt_1
Authenticating the Client
h2_txt_2
Other Thoughts
bold_txt_0
Direct connection to the internet
bold_txt_1
NAT and Firewall
bold_txt_2
Use IPv6 instead of IPv4
bold_txt_3
Transport
bold_txt_4
Preferences
bold_txt_5
Options
bold_txt_6
every
bold_txt_7
download
bold_txt_8
description
bold_txt_9
If you’re nginx is configured to proxy everything to somewhere else, skip down to the section labeled Proxying
imagescount_i
5
images_protocol_sxt_0
000-https
images_protocol_sxt_1
001-https
images_protocol_sxt_2
002-https
images_protocol_sxt_3
003-https
images_protocol_sxt_4
004-https
images_urlstub_sxt_0
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/assets/posts/2015-07-21/x10module-44e437639a1e7a373ca73bf80d7d720a.jpg
images_urlstub_sxt_1
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/assets/posts/2015-07-21/x10web-a66e038a5002f31cfce61f7d0ebf0115.png
images_urlstub_sxt_2
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/assets/posts/2015-07-20/domain-finder-screenshot-55006b63d35b5eb1a8247e9494dfe20c.png
images_urlstub_sxt_3
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/assets/posts/2015-06-02/linphone-firstrun-b31b4e5674bcaaccad9e7ea76d63997a.png
images_urlstub_sxt_4
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/assets/posts/2015-06-02/linphone-settings-ede984d335ec37fd260fa32a92824e15.png
images_alt_sxt_0
X10 Module Example
images_alt_sxt_1
x10web Screenshot
images_alt_sxt_2
Domain Finder Screenshot
images_alt_sxt_3
Linphone Startup Screen
images_alt_sxt_4
Linphone Settings Screen
images_height_val_0
-1
images_height_val_1
-1
images_height_val_2
-1
images_height_val_3
-1
images_height_val_4
-1
images_width_val_0
-1
images_width_val_1
-1
images_width_val_2
-1
images_width_val_3
-1
images_width_val_4
-1
images_text_t
fcef 96c2 7226 a4b1 97ea 59bf cb2e 51f0 assets posts 2015 07 21 x10module 44e437639a1e7a373ca73bf80d7d720a jpg 96c 2 a 4b 1 cb 2e 51f 0 x 10module 44e 437639a 1e 7a 373ca 73bf 80d 7d 720a X10 Module Example x10web a66e038a5002f31cfce61f7d0ebf0115 png 10web 66e 038a 5002f 31cfce 61f 0ebf 0115 x10web Screenshot 20 domain finder screenshot 55006b63d35b5eb1a8247e9494dfe20c 55006b 63d 35b 5eb 1a 8247e 9494dfe 20c Domain Finder Screenshot 06 02 linphone firstrun b31b4e5674bcaaccad9e7ea76d63997a b 31b 4e 5674bcaaccad 9e 7ea 76d 63997a Linphone Startup Screen settings ede984d335ec37fd260fa32a92824e15 ede 984d 335ec 37fd 260fa 32a 92824e 15 Linphone Settings Screen
responsetime_i
1236
wordcount_i
3438
linkscount_i
56
linksnofollowcount_i
0
inboundlinkscount_i
14
outboundlinkscount_i
42
inboundlinks_protocol_sxt_0
000-https
inboundlinks_protocol_sxt_1
001-https
inboundlinks_protocol_sxt_2
002-https
inboundlinks_protocol_sxt_3
003-https
inboundlinks_protocol_sxt_4
004-https
inboundlinks_protocol_sxt_5
005-https
inboundlinks_protocol_sxt_6
006-https
inboundlinks_protocol_sxt_7
007-https
inboundlinks_protocol_sxt_8
008-https
inboundlinks_protocol_sxt_9
009-https
inboundlinks_protocol_sxt_10
010-https
inboundlinks_protocol_sxt_11
011-https
inboundlinks_protocol_sxt_12
012-https
inboundlinks_protocol_sxt_13
013-https
inboundlinks_urlstub_sxt_0
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/
inboundlinks_urlstub_sxt_1
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/archives/
inboundlinks_urlstub_sxt_2
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/about/
inboundlinks_urlstub_sxt_3
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/feed.xml
inboundlinks_urlstub_sxt_4
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2016/02/08/Lets-Encrypt-with-nginx/
inboundlinks_urlstub_sxt_5
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2015/12/29/32C3-Torrent-Feeds/
inboundlinks_urlstub_sxt_6
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2015/07/21/Silly-Things-With-Home-Automation/
inboundlinks_urlstub_sxt_7
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2015/07/20/A-Domain-Availability-Finder/
inboundlinks_urlstub_sxt_8
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2015/06/02/SIP-calls-over-cjdns/
inboundlinks_urlstub_sxt_9
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2015/05/24/building-a-secure-android-app/
inboundlinks_urlstub_sxt_10
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2014/04/03/Powerline/
inboundlinks_urlstub_sxt_11
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2014/03/04/Scraping-the-UW-course-listing/
inboundlinks_urlstub_sxt_12
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2014/03/01/Keybase,-a-site-for-matching-handles-to-keys/
inboundlinks_urlstub_sxt_13
[fcef:96c2:7226:a4b1:97ea:59bf:cb2e:51f0]/2014/02/03/New-domain,-new-website/
inboundlinks_anchortext_txt_0
Finn.io
inboundlinks_anchortext_txt_1
Archive
inboundlinks_anchortext_txt_2
About
inboundlinks_anchortext_txt_3
RSS Feed
inboundlinks_anchortext_txt_4
Let's Encrypt and Nginx
inboundlinks_anchortext_txt_5
32C3 Torrent Feeds
inboundlinks_anchortext_txt_6
Silly Things With Home Automation
inboundlinks_anchortext_txt_7
A Domain Availability Finder
inboundlinks_anchortext_txt_8
SIP calls over cjdns
inboundlinks_anchortext_txt_9
Building a "Secure" Android App
inboundlinks_anchortext_txt_10
Powerline, Minature Octo Batman, and more
inboundlinks_anchortext_txt_11
Scraping the UW course listings
inboundlinks_anchortext_txt_12
Keybase, a site for matching handles to keys
inboundlinks_anchortext_txt_13
New domain, New website
outboundlinks_protocol_sxt_0
000-https
outboundlinks_protocol_sxt_1
001-https
outboundlinks_protocol_sxt_2
002-https
outboundlinks_protocol_sxt_3
003-https
outboundlinks_protocol_sxt_4
004-https
outboundlinks_protocol_sxt_5
005-https
outboundlinks_protocol_sxt_6
006-https
outboundlinks_protocol_sxt_7
007-https
outboundlinks_protocol_sxt_8
008-https
outboundlinks_protocol_sxt_9
009-https
outboundlinks_protocol_sxt_10
011-https
outboundlinks_protocol_sxt_11
012-https
outboundlinks_protocol_sxt_12
013-https
outboundlinks_protocol_sxt_13
014-https
outboundlinks_protocol_sxt_14
015-https
outboundlinks_protocol_sxt_15
016-https
outboundlinks_protocol_sxt_16
017-https
outboundlinks_protocol_sxt_17
018-https
outboundlinks_protocol_sxt_18
019-https
outboundlinks_protocol_sxt_19
020-https
outboundlinks_protocol_sxt_20
021-https
outboundlinks_protocol_sxt_21
022-https
outboundlinks_protocol_sxt_22
023-https
outboundlinks_protocol_sxt_23
024-https
outboundlinks_protocol_sxt_24
025-https
outboundlinks_protocol_sxt_25
026-https
outboundlinks_protocol_sxt_26
027-https
outboundlinks_protocol_sxt_27
028-https
outboundlinks_protocol_sxt_28
029-https
outboundlinks_protocol_sxt_29
030-https
outboundlinks_protocol_sxt_30
031-https
outboundlinks_protocol_sxt_31
032-https
outboundlinks_protocol_sxt_32
033-https
outboundlinks_protocol_sxt_33
034-https
outboundlinks_protocol_sxt_34
035-https
outboundlinks_protocol_sxt_35
036-https
outboundlinks_protocol_sxt_36
037-https
outboundlinks_protocol_sxt_37
038-https
outboundlinks_protocol_sxt_38
039-https
outboundlinks_urlstub_sxt_0
twitter.com/thefinn93
outboundlinks_urlstub_sxt_1
github.com/thefinn93
outboundlinks_urlstub_sxt_2
letsencrypt.org/
outboundlinks_urlstub_sxt_3
github.com/letsencrypt/letsencrypt
outboundlinks_urlstub_sxt_4
mozilla.github.io/server-side-tls/ssl-config-generator/
outboundlinks_urlstub_sxt_5
media.ccc.de/b/congress/2015
outboundlinks_urlstub_sxt_6
cccfeeds.finn.io/
outboundlinks_urlstub_sxt_7
github.com/thefinn93/CCC-torrent-feed
outboundlinks_urlstub_sxt_8
cdn.media.ccc.de/$%7B1%7D
outboundlinks_urlstub_sxt_9
en.wikipedia.org/wiki/X10_(industry_standard)
outboundlinks_urlstub_sxt_10
heyu.tanj.com/
outboundlinks_urlstub_sxt_11
github.com/thefinn93/x10web
outboundlinks_urlstub_sxt_12
domainfinder.finn.io/
outboundlinks_urlstub_sxt_13
domainfinder.finn.io/stats
outboundlinks_urlstub_sxt_14
github.com/thefinn93/domain-availability
outboundlinks_urlstub_sxt_15
hyperboria.net/
outboundlinks_urlstub_sxt_16
github.com/cjdelisle/cjdns/blob/master/README.md
outboundlinks_urlstub_sxt_17
github.com/thefinn93/justchat
outboundlinks_urlstub_sxt_18
github.com/thefinn93/justchat-web
outboundlinks_urlstub_sxt_19
github.com/thefinn93/JustChat/blob/master/app/src/main/java/ninja/justchat/PublicKeyManager.java
outboundlinks_urlstub_sxt_20
www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
outboundlinks_urlstub_sxt_21
github.com/thefinn93/JustChat-web/blob/master/nginx.conf
outboundlinks_urlstub_sxt_22
github.com/thefinn93/JustChat/blob/master/app/src/main/java/ninja/justchat/SecureConnection.java
outboundlinks_urlstub_sxt_23
github.com/thefinn93/JustChat/blob/master/app/src/main/java/ninja/justchat/GenerateKeyPair.java
outboundlinks_urlstub_sxt_24
bouncycastle.org/
outboundlinks_urlstub_sxt_25
play.google.com/store/apps/details?id=org.thoughtcrime.securesms
outboundlinks_urlstub_sxt_26
github.com/Lokaltog/powerline
outboundlinks_urlstub_sxt_27
github.com/cjdelisle/cjdns
outboundlinks_urlstub_sxt_28
github.com/omega
outboundlinks_urlstub_sxt_29
github.com/Lokaltog/powerline/issues/409
outboundlinks_urlstub_sxt_30
github.com/omega/powerlinex-segment-plenv
outboundlinks_urlstub_sxt_31
github.com/thefinn93/minature-octo-batman
outboundlinks_urlstub_sxt_32
pypi.python.org/pypi/miniatureOctoBatman
outboundlinks_urlstub_sxt_33
github.com/prurigro/darkcloud-vimconfig
outboundlinks_urlstub_sxt_34
www.washington.edu/students/timeschd/B/SPR2014/css.html
outboundlinks_urlstub_sxt_35
sdb.admin.washington.edu/timeschd/uwnetid/sln.asp?QTRYR=SPR%202014&SLN=12766
outboundlinks_urlstub_sxt_36
github.com/thefinn93/UWCourseScraper
outboundlinks_urlstub_sxt_37
keybase.io/
outboundlinks_urlstub_sxt_38
gist.github.com/thefinn93/9278956
outboundlinks_urlstub_sxt_39
finn.io/
outboundlinks_urlstub_sxt_40
jekyllrb.com/
outboundlinks_urlstub_sxt_41
www.webmaster-source.com/
outboundlinks_anchortext_txt_0
Twitter
outboundlinks_anchortext_txt_1
Github
outboundlinks_anchortext_txt_2
Let’s Encrypt
outboundlinks_anchortext_txt_3
outboundlinks_anchortext_txt_4
Mozilla’s SSL Configuration Generator
outboundlinks_anchortext_txt_5
media server
outboundlinks_anchortext_txt_6
32C3 Torrent Feeds
outboundlinks_anchortext_txt_7
here
outboundlinks_anchortext_txt_8
outboundlinks_anchortext_txt_9
this page might help if you want to try
outboundlinks_anchortext_txt_10
HEYU
outboundlinks_anchortext_txt_11
x10web’s source code is on GitHub
outboundlinks_anchortext_txt_12
Domain Finder
outboundlinks_anchortext_txt_13
record stats
outboundlinks_anchortext_txt_14
Source on Github
outboundlinks_anchortext_txt_15
Hyperboria
outboundlinks_anchortext_txt_16
README
outboundlinks_anchortext_txt_17
client
outboundlinks_anchortext_txt_18
server
outboundlinks_anchortext_txt_19
our specific certificate
outboundlinks_anchortext_txt_20
OWASP wiki
outboundlinks_anchortext_txt_21
nginx.conf
outboundlinks_anchortext_txt_22
SecureConnection.java
outboundlinks_anchortext_txt_23
GenerateKeyPair.java
outboundlinks_anchortext_txt_24
Bouncy Castle
outboundlinks_anchortext_txt_25
TextSecure
outboundlinks_anchortext_txt_26
Powerline
outboundlinks_anchortext_txt_27
cjdns
outboundlinks_anchortext_txt_28
Omega
outboundlinks_anchortext_txt_29
#409
outboundlinks_anchortext_txt_30
his powerline module
outboundlinks_anchortext_txt_31
minature-octo-batman
outboundlinks_anchortext_txt_32
pypi
outboundlinks_anchortext_txt_33
prurigro’s vimrc
outboundlinks_anchortext_txt_34
here’s one of the pages
outboundlinks_anchortext_txt_35
outboundlinks_anchortext_txt_36
on my github
outboundlinks_anchortext_txt_37
Keybase
outboundlinks_anchortext_txt_38
my Github verification
outboundlinks_anchortext_txt_39
finn.io
outboundlinks_anchortext_txt_40
Jekyll
outboundlinks_anchortext_txt_41
Matt Harzewski
charset_s
UTF-8
httpstatus_i
200
load_date_dt
2018-10-10T05:09:53.536Z
fresh_date_dt
2019-10-13T07:01:57.304Z
referrer_id_s
I_bQh7n85Nvc
language_s
en
size_i
27652
audiolinkscount_i
0
videolinkscount_i
0
applinkscount_i
3
references_i
3
references_internal_i
1
references_external_i
2
references_exthosts_i
1
host_extent_i
-1
_version_
1613913856188350464
text_t
Finn.io | Finn.io. Finn.io The personal website of Finn Herzfeld Home Archive About Twitter Github RSS Feed Let's Encrypt and Nginx Let’s Encrypt started handing out free TLS certificates signed by a certificate authority that almost every browser trusts. Their client currently doesn’t work well with nginx, and I’ve found myself explaining how to use it with nginx on IRC a number of times, so I decide to just write it up here. Issuance. Let’s Encrypt has a number of ways to verify you are the owner of the domain, but the easiest one for servers that already have a web server running it called “webroot”, in which you place a file at a pre-defined path on your site and they check it. The Let’s Encrypt client will generate the file for you and do most of the hard stuff, you just need to give it a place on to put the file that nginx will serve it from. If you’re nginx is configured to proxy everything to somewhere else, skip down to the section labeled Proxying. . Otherwise, determine the location that it serves out of (usually. /var/www/html. or similar). Then, clone the repo and run Let’s Encrypt with the webroot. In the following code snippet, replace. /var/www/html. with wherever your root directory is:. git clone https://github.com/letsencrypt/letsencrypt. cd. letsencrypt ./letsencrypt-auto -a webroot --webroot-path /var/www/html --email your@email.tld -d your.domain -d www.your.domain certonly. you can specify up to 100 domains via multiple. -d. , they must all be valid from the same webroot though. You should give them a good email to contact you at, they only use for important things (problems with your certs, expiry notices…). Installation. Once you have the certs, you need to install them. Mozilla’s SSL Configuration Generator provides some good resources for what your nginx config should look like. ssl_certificate. should point to. /etc/letsencrypt/live/ /fullchain.pem. , and. ssl_certificate_key. should be. privkey.pem. in the same directory. ssl_trusted_certificate. from their config is. chain.pem. and you have to generate the dhparam yourself (. openssl dhparam -out /etc/ssl/dhparam.pem 2048. ). Proxying. If you proxy everything back (eg. location / { proxy_pass ... }. ) to a different program, that’s fine, you just need to make a special rule for path it’s looking for to be read off the disk. I put something like this in my server block:. location /.well-known/acme-challenge { root /var/www/html; }. Then (after reloading nginx, of course) continue above with your. webroot-path. set to. /var/www/html. . This can obviously be any location you want, as long as you feed the same path to letsencrypt as nginx. 32C3 Torrent Feeds The 32nd Chaos Computer Congress is going on right now, and they have all of the talks available in a variety of audio and video formats, and RSS feeds of these things, all on their. media server . Unfortunately, there’s no feeds for the torrent files they provide, so I wrote up a quick web service to gather their feeds and convert them into torrent feeds. You can see it live here:. 32C3 Torrent Feeds and read/fork the source. here . For reasons surpassing my understanding, ruTorrent’s RSS feed feature prepends the feed URL to the URL of the torrent, but it also has a handy “Rule Manager” to rewrite the torrent URLs. My rule looks like this:. If the URL for the torrent. description. matches pattern:. |.*cdn.media.ccc.de/(.*)|i. then replace the URL of the torrent. download. with:. https://cdn.media.ccc.de/${1}. Silly Things With Home Automation For a long time I’ve owned some X10 home automation stuff. The idea is pretty simple: there are some modules that you plug your lamps and whatnot into:. Then they have a controller that allows you to switch the various units on and off. All of the signals go over the power lines in ways I don’t understand (. this page might help if you want to try ). They also make computer controller units, which obviously require some Windows app that probably works on Windows 95 and Windows 98 only. It connects via a serial port. Fortunately, as usual, there’s some 3rd party Linux software to control it, called. HEYU . I had got this setup before, but never gone as far as actually doing anything with the computer controls. Then this weekend I decided to sit down and write up a nice web interface. There are other Heyu web interfaces, but they are all difficult to get running and seem way too complex for my liking. Mine has a clean UI, is written in Python using Flask and has a nice phone UI:. The configuration file allows you to define housecode and unit compinations and give them a name, then displays sets of buttons for each one. It also lets you do HTTP basic auth. This was mostly just something I wanted to play with, I doubt it will be that useful to me as there are few situations where it’s easier to unlock my phone, open my browser, load this page, sign in, then click the off button than just getting up and hitting the switch. x10web’s source code is on GitHub A Domain Availability Finder First, demo:. Domain Finder . I have been frustrated a many times by Namecheap’s search interface, trying to suggest other domains to me and being clunky to search for one different TLDs. So I built a simple site to do what I wanted: Check one name against every TLD. The code is pretty simple, it just downloads a list of TLDs from Namecheap and caches them (currently forever, something i’ve been meaning to change). Then the client gets a list of TLDs from the server (currently does not cache them, something that might be nice), and when it the user requests a domain name it checks it against every TLD it knows, in batches. Namecheap’s API docs don’t specify any maximum size of the request, but in testing requesting. every. TLD didn’t seem to work. I’ve been trying to determine the optimal batch size, so I’ve set it to randomize between 1 and 50 (for now) and. record stats on the time it takes namecheap to respond. Once I’ve collected sufficient data I may change the range that the batch size can be or make it static. The results are displayed in a simple list, with green boxes indicating availability. The links on the green boxes point to a NameCheap page to buy the domain, the links on the red boxes point to the domain on http. Source on Github SIP calls over cjdns Following a recent discussion on IRC, I’m writing up a brief tutorial on how to make secure VoIP calls over a cjdns network (such as. Hyperboria ). Since cjdns encrypts everything end to end, there is no need to worry about ZRTP or other sorts of connection security. My computer is currently running Ubuntu 14.04 (Trusty), but this should work with most distros (obviously the install commands may vary by distro). I assume you’ve already got cjdns installed and you’re able to use it to communicate with others. If not, take a look at the cjdns. README , then come back. The first step is pretty straight forward: Install linphone. On Ubuntu/Debian, this is as simple as. sudo apt-get install linphone. When that’s done, start it up. It’ll present you with this screen:. Go ahead and hit cancel on that dialog. You will, unfortunately, need to do this every time. Linphone does not seem to offer an option to simply not annoy the user with the crappy account creation wizard, and since we’re doing direct peer-to-peer calls, you won’t have and account. The next step is to go into the. Options. menu and select. Preferences. at the top. The only change you should need to make is to check the checkbox under. Transport. labeled. Use IPv6 instead of IPv4. . You’ll also want to make sure that under. NAT and Firewall. on that same screen,. Direct connection to the internet. is selected so it doesn’t attempt to do any NAT hole punching or anything. My settings dialog looked like this when I was done:. Now close settings and shut down Linphone (Options-Quit - mearly closing the window will cause it to hide itself in the notification area but still run) and reopen it. This is needed to make it bind to IPv6 instead of IPv4. To test, you can call my PBX. There are a few different addresses:. sip:milliwatt@[fc28:ab92:6b6e:d624:ec1a:c336:d28a:fd69]. Will play a milliwatt tone, so you can judge the quality of the link. Note that my PBX is running on a shitty home network connection so link issues may be my end as well. sip:conference@[fc28:ab92:6b6e:d624:ec1a:c336:d28a:fd69]. Is a conference room. Maybe others will be in there! sip:ivr@[fc28:ab92:6b6e:d624:ec1a:c336:d28a:fd69]. Is a silly, mostly non-functional IVR menu I made. Most of the options don’t work. sip:finn@[fc28:ab92:6b6e:d624:ec1a:c336:d28a:fd69]. Will call the IP phone on my desk. I can’t promise I’ll answer it. And someone else might decide to. To call these, you simple place the address in the text box at the top of Linphone and hit the big green icon to the right of it. Your identity is displayed at the bottom of linphone, and to call you one must simply enter that into their SIP client. Jitsi and other SIP clients should be able to interconnect with Linphone no problem, but I haven’t got a nice tutorial for setting all of those up. Building a "Secure" Android App This quarter I’m taking a class about security stuff. I figured it’d be somewhat interesting, but found, much to my dismay, that the instructor very lacking in any practical knowledge related to information security. The main assignment for the entire quarter is building a secure mobile payement system for on Android. After various discussion with the instructor, my group was able to talk him out of making us do payment related stuff, and instead just are designing a “secure” chat app. After discussion with my group, we decided to worry mostly about the connection security and authenticating the server and client to each other securely. I had seen one site use TLS certificates to authenticate the client, and I was vaguely aware that it could be done. On top of that, we used certificate pinning on the client to ensure that CA-related hax can’t be used to trick the client into trusting the wrong server in a MITM-style attack. All of our source code is released on Github:. client ,. server . Authenticating the Server. The server has a TLS X.509 certificate that it presents to clients trying to communicate with it. This certificate happens to be signed by CA in most trusted CA lists (StartCom), mostly for ease of testing in a normal browser, but our app ignores this and looks for. our specific certificate , mostly using examples from the. OWASP wiki . This means that to attack our connection, an attacker would either need to steal our certificate, make a cert with the exact same public key, or find a vulnerability in the Android TLS 1.2 implimentation or the underlying crypto. These things seem pretty unlikely, but an actually good secure messaging app would use end-to-end encryption, so that even our server couldn’t read it, however I consider this practice for more “traditional” apps where the server actually does have to read the data. The internet-facing webserver is an nginx instance configured with the. Mozilla SSL Configuration Generator , and setup to expect, but not require, client side certificates. It terminates the SSL session and proxies back to our Java-based server, adding HTTP headers to indicate the status of the client’s certificate (non-existant, valid, invalid, etc). See:. nginx.conf , added to git by request of some of our classmates. Authenticating the Client. The client authentication thing is a bit more tricky. We wanted to get away from the password-based authentication model where the client proves they know/have access to a secret by handing the secret over to the server, so certificates were the way to go. Client side SSL certificates on Android ended up being easier than I was expecting. When you go to make an HTTPS request, you create and object to represent the SSL context, then you call one of it’s methods with 3 arguments: The KeyManager object used for client-side certificates, the TrustManager object to be used to validate the remote server, and the SecureRandom object used for entropy. In most examples online, all three of these are null, and the examples that actually show a non-null one only do one (usually client-side certs or a TrustManager), however it’s pretty easy to combine the two, as we did in. SecureConnection.java . The key pair creation proved a bit trickeir, unfortunately. When the main activity is launched, we check if we have a key stored, and if we don’t we prompt the user for a usenrame. The app (specifically,. GenerateKeyPair.java ) then generates a public/private key pair, stores the private key in the local keystore, and uploads the public key to the server for signing in the form of a standard CSR. At the time of this writing, the actual cert-signing part of the server doesn’t work. We had been using a hacked-together python server that spawned openssl, piped the CSR in to stdin, read the certificate out of stdout and returned it to the client, but are in the process of moving to a. Bouncy Castle based CSR signing routine in the Java server. Once this is complete, the server can authenticate the client by their having a certificate that has been signed by our internal CA, and determine the speific one by either their certificate’s common name field, and/or their certificate fingerprint. Other Thoughts. The server-side stuff is still pretty lacking, but the basics are there. We’re hoping to get something useful running by the end of the quarter to show to the teacher and class. If you’re looking for a good secure messaging app, try. TextSecure . It actually impliments secure end-to-end crypto and is developed by respected security researchers such as Moxie Marlinspike. Our app is just for fun and shouldn’t be treated as more secure than, say, SMS. Powerline, Minature Octo Batman, and more Last week, after replacing my failing hard drive with an SSD and reinstalling my OS, I was playing with tmux and vim configs when I rediscovered. Powerline . It’s a script to provide extensible statusline elements to a variety of things (including vim, tmux, i3, zsh, etc). I installed it into my tmux, and loved it so much that I ended up putting it on several of my servers as well. Many of the default modules are nice to have in the tmux stausline, athough I changed it a bit from the default. But I wanted more. For example, one of the things I had in my previous tmux’s config was the number of currently connected. cjdns peers. So I got to work learning how to write my own modules for it. Turns out there is approximately zero documentation for doing this. Github user. Omega expressed similar issue in. #409 on the official powerline repo, and was kind enough to link to. his powerline module , which proved simple enough to read and understand. From there, I was able to create a series of modules to check everything from cjdns peers to the current price of bitcoins. I’ve wanted to publish them, but failed to find a good name. Fortunately, Github has a feature that randomly generates repo names. Thus,. minature-octo-batman was born. I even put it in. pypi (my first package there!), so you can install it easily with pip or easy_install. The README file contains a full list of the avalable modules and how to install them. While I used powerline in tmux I decided to go with a powerline-esq but not actually powerline vim config. Mostly because I liked. prurigro’s vimrc and did’t really feel comfortable mucking about with vimrc files myself. It’s an excellent vimrc, with syntax highlighting for every language I’ve thrown at it, suggestions, a powerline-esq status line, and all sorts of things I haven’t even discovered. Scraping the UW course listings I was boredly sitting in class earlier this evening when someone mentioned that he had been trying to scrape and parse UW’s course listings with python. I suggested BeautifulSoup, which he said he’d used, but it was still incredibly dfficult. I had to give it a shot myself. If you want to follow along,. here’s one of the pages . Without looking at the source, it’s clearly a table or possibly a few of them, but still relatively easy to parse. However, looking at the source reveals that each timeslot of each course is in fact its own table, with one row and cell, which contains a. tag, which has the “table” made by using the proper number of spaces to make everything line up. Like this:. width=. "100%". tr td pre. HREF=. https://sdb.admin.washington.edu/timeschd/uwnetid/sln.asp?QTRYR=SPR+2014&SLN=12766. 12766. B 5 MW 545-745P UW1 221 NASH,ROB D Open 26/ 48 MUST ENROLL IN CSSSKL 162 B. After some brief spectulation with my fellow classmates about what they could be doing on the backend, I got down to parsing it. I first tried. split. ing it by the space character, then selecting each non-empty element and assuming it was what belonged in that place, but I quickly discovered that different courses have different numbers of values. For example, if a course is pass/no pass, it gets a little thing saying that. Otherwise, it gets a blank space in that “column”. So I went with selectig the specific range of the value I wanted. It’s horrible, will probably break, but is the most reliable I could come up with. So, for example, characters 0 through 6 represent the enrollment restrictions column. Characters 7 through 13 are the SLN, etc. I put this all into a python script, which I tested on a number of different course listings, although not as extensively as I would have liked. The code can be found. on my github . Feel free to file pull requests or issues if you find a problem/see a possible improvement. I’m stil not sure what to do with the data, but it has a lot of possibilities. I’d love to see a collected set of utilities for accessing and parsing UW’s data. They have a lot of useful information like this that could be used to build great things. Maybe UW will sanction an official API or something…. Keybase, a site for matching handles to keys I recently found out about. Keybase . From what I gather, it’s a way to allow one to associate their PGP public key with their Twitter, Github, etc (only Twitter and Github are supported at this time, it seems). At first I thought it required you to trust Keybase, but after playing with it a little I realized that the keybase client actually does the verification. Basically, you post a signed message to your Github and Twitter which says what your username on that service is, your username on Keybase is, and that this is your key. Have a look at. my Github verification for an example. I filed two issues on Github which were promptly dealt with. I filed one late at night and it got resolved the next morning, filed another later that day which got resolved within the hour. Additionally, invites seemed to flow in as I filed issues, although that may have been concidence. At the time of this writing I have a few invites, might be willing to give some out. The concept seems pretty interesting, I’ll be interested to watch how it develops. Some people on IRC were talking about building a fully-decentralized version of it with a blockchain, which might be cool if it ever materializes (so far no actual code as been written as far as I know). I’ve also gotten into PGP use and stuff, as in harassing my friends to use it finally and using a desktop mail client instead of the Gmail web interface. New domain, New website I’ve just picked up. finn.io , and I decided it was time to redo my website. The old one looks hideous, and was all in PHP. This is a static site, generated with Jekyll (still playing with it, I think I like it though) then managed through git. I’m not sure where I want this site (and this domain) to be for yet, but I’m finding out. Starting with this blog post. Copyright © 2016 Finn.io. Powered by Jekyll , theme by Matt Harzewski