I wanted to do some light measurements (illuminance, to be exact), but didn’t want to spend hundreds of euro’s on a light meter. I realized that I actually have a quite good light meter in my pocket: my smartphone’s camera. It doesn’t measure illuminance, but luminance, but that can be worked around.

Continue reading ‘iOS light meter’ »

As you may know, HTTP/2.0, as implemented by most browsers, only runs over TLS (which is a good thing). Unfortunately, it makes debugging the protocol a bit harder, since protocol analyzers can’t look inside the TLS layer anymore. And while the in-browser debugging tools have become very good, I find myself in need of a Wireshark session to figure things out: In particular: which resources were pushed by the server?

So I found myself Men-In-The-Middle-ing myself with ZAP regularly. Today I learned that I can simply ask my browser to tell me the missing pieces: the master secret and the client random value (used to look up the correct master secret from the raw packet), or, if you are still not using PFS, part of the encrypted pre-master secret (for look-up), and the full (plaintext) pre-master secret.

Just set the SSLKEYLOGFILE environment-variable to the path of a writable text file (appended to). Works in both Chrome and Firefox! And make sure you unset the environment for safe surfing afterwards!

Wireshark can be configured to read in this file in the Preferences → Protocols → SSL → (Pre)-Master-Secret log filename.

I frequently found myself doing relative simple calculations over and over again, such as the future value of an investment. A spreadsheet works fine if you always calculate in the same direction (i.e. calculate the future value based on present value, interest and duration), but I usually want to jump around a bit, calculating back and forth between parameters (e.g. what interest rate would be needed to get this future value).

Continue reading ‘Generic calculator’ »

Simple JavaScript based time-delta calculator.

Continue reading ‘Datetime delta calculator’ »

I’ve been struggling a bit with IPv6 source address selection. Normally, when you initiate a new connection, you only specify the destination address (or have DNS resolve the name to an address). The choice of the source address is usually left to the OS by setting it to :: (IPv6’s version of 0.0.0.0).

RFC 6724 specifies how this selection should happen. Karl Auer explains it in a bit less painful way on his blog. But sometimes I want to influence the chosen address: how can I twist these rules to match my wishes? Karl also has an interesting post on this. In summary, use any combination of:

  • Deprecate the addresses that you don’t want to use: ip addr change 2001:db8::1:1/128 dev tun preferred_lft 0
  • Make your own label to group addresses: ip addrlabel family
  • Use privacy extension addresses

After some searching, I’ve found a Polish website that is hosted on an IDN domain name, which makes it a useful test vector.

I’ve been struggling with my dd-wrt setup lately. So I started looking around for potential alternatives. One thought was to use a Raspberry Pi as router, but I was worried about its performance. So I did a few tests.

Continue reading ‘Raspberry pi as broadband router’ »

I’ve started using tmux, but found out that the standard keyboard bindings to resize panes (C-b C-<cursor>) doesn’t work in Mac OS X’s Terminal.app. I found this post very helpful.

Continue reading ‘Fixing Terminal.app to enable tmux resizing’ »

All of my data is stored on my NAS, from where it is automatically backed up daily. But doing photo-editing on a remote file was slow, especially over WiFi and/or VPN. So I decided to store all photo’s locally, but without loosing the automatic backups. I solved this problem with a Launchd agent to watch the directory for changes (and run every hour anyway), and rsync for the actual transfer.

Additional challanges were that user permissions needed to be synced across as well. (Usernames did match on both machines, but UIDs did not)

Continue reading ‘Automatically rsync from OS X to linux’ »

Facebook, Twitter and Google have the nasty habit of tracking your every move on the internet. This ABE-script prevents this:

# Allow Facebook scripts and objects to be included only
# from Facebook pages
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

# also stop google+ widget
Site plus.google.com
Accept from plus.google.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

# and twitter
Site platform.twitter.com
Accept from twitter.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)