Tuesday, March 14, 2017

Advanced OpenVPN on ChromeOS

I recently picked up a Samsung Chromebook Plus. One of the first things I did was try to set up an OpenVPN connection to my pfSense server. There's a very, very basic GUI for managing VPN connections under settings, but if you do anything the GUI doesn't support (i.e. TLS authentication) you're out of luck.

It turns out, however, that under the hood, ChromeOS has a standard OpenVPN install. The only way to configured it, however, is via importing an ONC file. ONC is a standard that Google (I think) created to manage all aspects of network configuration in ChromeOS from wifi to vpn to cell networks.

ONC documentation: https://docs.google.com/viewer?a=v&pid=sites&srcid=Y2hyb21pdW0ub3JnfGRldnxneDo2MzVhNTRlZTZmZTc4MGRj
OpenVPN ONC tutorial: https://docs.google.com/document/u/1/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub

Unfortunately there's nothing out there that will let you generate an advanced onc file for OpenVPN. I stumbled across a git project that made a very limited attempt at this: https://github.com/CharlesErickT/oncgenerator

The downside to this is that it doesn't support any of the additional options the standard supports and in my situation in particular it doesn't support client certificates. So, I forked it and implemented most, if not all, of the OpenVPN section of the onc format: https://github.com/R3vXX/oncgenerator

If you download the git repo, open the page in your browser of choice and generate an onc file, you can import it via the methods described in the above Google OpenVPN tutorial.

Saturday, February 14, 2015

Waterpik Waterflosser Cordless Port Fix

A few weeks ago I decided to buy a waterflosser, it was on sale at woot so I figured why not. Everything is about what I expected, but there's a pretty serious design flaw, the charging port is at the front base of the flosser and it's wide open. Why is this a problem? Because water can and will get into it, and per numerous reviews I've seen on Amazon this will result in the port corroding and diminish the current it can carry. This will result in progressively lower battery power per charge.

So what's the solution? Some people have reported success in cleaning the port out regularly. Others have replaced the port entirely. I even saw one review where someone soldered on a new power connector to the flosser's board. These all seem like the wrong approach in that they're reactive. Instead why not prevent the problem instead of bandaging the damage? The problem is that the port is open and exposed to water. We can't move the port location on the device, but we can cover it.

To make a port cover I decided to go with a radians moldable earplug kit, I've used them before so I know they're pretty versatile. All you need to do is take a bit of the colored and white putty, mix them, and stick them in the port (make sure to jam it in there so you've got a decent seal). It takes ~10-15 minutes to set. After that you can pull your newly formed cover off. (You may need to cut off excess material with a knife to get the cover to fit snuggly.)

After you're all done you should have something that looks like this. Hopefully this will prevent water exposure.


Thursday, October 16, 2014

Belkin WiFi Netcam and IP Camera Viewer (Lite or Pro)

I picked up a couple of cheap WiFi Netcams because they were, well, cheap. That and they had infrared view. My go to solution prior to this has been an aging Evo 4G running IP Camera. It works fine, with sufficient light, but the battery has begun to bloat and I'd like to retire the setup.

Imagine my surprise when I setup the cameras only to find that not only is the included app only slightly more useful than a fart soundboard, but it's not even compatible with popular IP Camera viewers for Android! Well, that sucks.

However! Belkin cameras have well documented (in some circles), if unadvertised, feature -- a built in web server:
ModelsConnection TypeExample URLAudioTalk ModelCookiesFlags

DCS-5222L

JPEGhttp://IPADDRESS:554/image/jpeg.cgiNoNone

DCS-933L

JPEGhttp://IPADDRESS/image.jpgNoNone

HD NetCam

FFMPEGhttp://IPADDRESS//goform/videoPossibleNone

Other

JPEGhttp://IPADDRESS/shot.jpgNoNone

Other

JPEGhttp://IPADDRESS/image.jpgNoNone

Other

MJPEGhttp://IPADDRESS/videofeedNoNone

WiFi NetCam

FFMPEGhttp://IPADDRESS//goform/videoYesNone

WiFi NetCam

JPEGhttp://IPADDRESS/image.jpgNoNone

WiFi NetCam

MJPEGhttp://IPADDRESS//goform/videoNoNone
(Credit: http://www.ispyconnect.com/man.aspx?n=Belkin)

User: admin
Pass: admin

Unsurprisingly if you add this generic URL (http://IPADDRESS//goform/video) and credentials to IP Camera Viewer it works. Sounds great... unless you want to access it from outside your home network. Sure you could forward the port from your router, but what about those unfortunate credentials? As far as I can tell these are hard coded. Lovely. There's a telnet server running on the NetCam (if you're on a sufficiently old version of firmware) you can probably change credentials here, though I don't know if that'll have... other repercussions.

But, let's say you're hell bent on making this work externally, with your own credentials, and you have a linux server at your disposal. Now you're starting to sound like me, get a life.

This all assumes, of course, that your linux server is on the same network as the NetCam. If so, this is a great opportunity to use mod_proxy in apache. (These directions are written from a Debian centric viewpoint, but should work on any other platform with slight variations.)

Here's what I did:
  • a2enmod proxy
  • a2enmod headers
  • a2enmod proxy_http
  • httpasswd -cb /etc/apache2/campass <user> <pass>
  • vim /etc/apache/conf.d/cam.conf

    ProxyPass /cam1 http://IPADDRESS//goform/video
    ProxyPassReverse /cam1 http://IPADDRESS//goform/video

    <Location /cam1>
    RequestHeader set Authorization "Basic YWRtaW46YWRtaW4="
    AuthType Basic AuthUserFile "/etc/apache2/campass"
    AuthName Limited! require valid-user
    </Location>
  • The RequestHeader line is passing a hash of "admin:admin" to the NetCam's webserver to pass basic auth, the htpasswd file makes your proxy URL honor your own new credentials
  • Restart your apache server!
Now just add http://yourserver:port/cam1 to IP Camera Viewer and voila, it works.

UPDATE: Be aware that this undocumented feature appears to be removed in newer versions of the firmware for NetCam. For instance 2.4.1.4 works, 2.4.4.7 does not. One of my cameras came with the former and the other the latter. I see no way to downgrade the firmware yet so I can only use this method for one of them. Sad faces all around.

UPDATE 2: If you leave the camera in setup mode, the undocumented feature is active. I'm wondering if the sole original reason for this service was so that during setup you can get a camera preview. Regardless this will work.

UPDATE 3: Be aware that if you're following my tip in update 2, this does leave a backdoor into your wifi, that is, someone can join the open setup wifi that the netcam broadcasts, open up the netcam app, find your wifi SSID + pass, and then log on to your actual wifi. So I would not recommend using this as long term solution. Basically I hate Belkin.

Saturday, July 20, 2013

Peer to Peer Lending - 1.5 Years Later

So I obviously did not keep up with the monthly peer to peer lending entries. Life, work, lack or interest, etc.  But I never stopped the investments. Well, that's not entirely true, I decided to wind down my Prosper account and stick with Lending Club as my primary source. Primarily just because I seem to understand LC better.

So where do things stand these days? Let's review!

Propser


Please note that the status chart above looks worse than it actually is since I've been withdrawing all payments from the platform rather than reinvesting. If you kept the charge off in proportion it should be ~1/2 the size it appears.


Payments received: $3,783.33
Principal paid off: - $2,661.69
Payments in excess of principal: = $1,121.64
Principal charge-offs: - $793.16
Gain/loss to date: = $328.48

Principal value of active notes: $2,245.15
Total active notes: 130
Current: 120
Past due (1-30 days): 6
Past due (31+ days): 3
Payoff in progress: 1
Total charged-off notes: 37
Total notes paid in full: 48
Total notes sold: 0

Yes, you read that correctly, 37 charged off notes. Generally speaking Prosper's default rate tends to trend higher than LC's. This isn't terribly surprising since Prosper accepts higher risk (and higher interest) loans. (For comparison of default rates, check out Nickel Steamroller's chart.) But even then this rate is more than twice as high as my LC account, so I should, perhaps, chalk this up to less sound portfolio filtering and strategy on my part.

That said, my return is ~5.65% and I've still made a vastly greater return than if I'd left this sitting in my ING (Well... now it's Capital One 360 -- really? Man that's a... name.) account. I'm fully aware that I tried Propser first and that it was a learning experience. If I'd try LC first this whole write up may have looked very different and maybe I'd be winding down LC instead. Even so, I plan on continuing to wind down the Prosper account and focusing solely on LC.

Lending Club

LC has been very good to me these last many months.


My return is ~11.35% as of writing this. I've had 16 notes charged off total. I've also taken common P2P investing advice and begun selling late notes on FolioFN for appropriate discounts to par. Selling late notes is critical, it has already improved my return by 1%, and considering that's often better than the entire yield of a 'high-interest' savings account these days, that's nothing to sneeze at. 

Analysis

A number of websites have come and gone for analyzing the P2P loan base. Lend Stats is perhaps one of the most well known that comes to mind. The fact that both Prosper and Lending Club transparently offer information on their entire loan base means that anyone can try their hands at data analysis. The new space that's popping up, however, are "premium" (read: paid) analysis shops. There's Interest Radar and Nickel Steamroller Premium. I've been using IR for the last month or so. The site leaves much to be desired in terms of eye candy and web 2.0 functionality, but I do like the solid filtering and in-house scoring systems.  I have not used NSP yet, but I plan on it. From the descriptions they put forward it seems that the scope of what they're trying to achieve probably exceeds that of IR and will do so at a lower price point.

By the above I mean that NSP sounds like they are going to aim for fully automated investing, active management (perhaps automatically selling notes? that'd be nice), etc. IR is more about giving you the analysis tools that LC refuses to. Such as very specific filters (sometimes you don't want 20-25, sometimes you want 23.5, try telling LC that) and custom filtering options.

Investments

I'm coming up on two years in the peer to peer space, I'll hit that mile stone come December. At this point, I'm thoroughly sold. I plan on funneling my small savings account into LC and getting fully invested. (I should note that this is not my primary savings account, I do have a well-rounded emergency fund, and I'm not committing fiscal lunacy.) The risk to reward factor here is too compelling to ignore. Yes, the default rates could get considerably worse should we hit another economic downturn (just look at the default rates for LC during the 2007-2008 period) and so, in that respect, it is not at all comparable to a classic idea of savings. But I am young and can afford to take on more risk, and this is not my only venue of investment. My stock returns often beat my P2P returns, but I think from a risk and diversification perspective P2P lending has a solid place in anyone's portfolio.

Saturday, May 11, 2013

AnyBackup 1.0.0 Released

It's been about a year since I last did anything with AnyBackup -- that's not because I lost interest, but rather because it'd simply been working and did everything I wanted it to.

I finally mustered up some motivation to make some improvements, though. I spent the last week straight overhauling the codebase. I unit tested all the major non-UI modules and while I was at it I refactored all the code for sanity and for PEP styling issues. This took way, way longer than adding new features (not surprising).

Since it's been a year I figured why not do this in style and make this a milestone 1.0.0 release.

Changes:

  • Unit tests (hopefully less bugs and less breaks in the future)
  • Display transfer rates and total copy progress
    • It's a little rough, and transfer rates are calculated in a very naive way, but it's better than nothing
  • Warn users when a backup is going to delete old files from any backup drives
  • Proper threading model
    • Previously threads were killed on demand via a nasty kill/hack and it did not ensure consistent data, etc
    • New model nicely requests thread death and long running thread processes have been refactored to comply
  • Code clean up, PEP style conventions
  • Migrate from Pyro3 -> Pyro4
    • Pyro4 has async calls which is needed for the proper threading model mentioned above

Wednesday, May 1, 2013

Metro 2034 - English Fan Translation

Word on the street (or rather the Last Light forums) is that there's going to be an official Metro 2034 English translation released. Well... the rumor has it that the translation was already supposed to be released. Obviously that hasn't happened yet. This rumor began circling unbeknownst to me, otherwise I probably wouldn't have bothered finishing what I'm about to post here.

But without further adieu, I give you a cleaned up version of Metro2033Artjom's fan translation of Metro 2034!

There are some pretty big caveats:

  • It's no more accurate than the original fan translation (probably a good deal less so)
  • There were a few sentences I couldn't make heads or tails of so I scrapped them
  • I may have butchered a passage here and there thatI thought I understood
  • It's probably been colored/influenced/altered significantly by my style and humor
With that warning out of the way (and if you're still reading) I'll get to the good bits. I cut out a staggering amount of awkward phrasing and confused verbiage. (And probably introduced a few of my own, but shhhh... were't not talking about that!) I tried to throw in common (American) English idioms where I could and rearranged sentence structures that tweaked my brain. I may have had a little too much fun with Leonid's dialog in places, but what can I say? I like the character.

If you think my copy is crap (hey it's a free internet... or not, depending on your country) feel free to peruse the original fan translation here. I take no credit for this original translation, just the subsequent editing and interpretation I provide here. It was translated to English from the official German translation. If you're wondering what that can do to literature... I'll let this video do the talking:



Anyway, as I'm sure you've skipped everything above, here are the download links:


Let's all hope they actually do release an official English translation. I've got my fingers crossed!

P.S. To any lawyery-types. If there are copyright concerns here, please contact me, it was not my intention.

Friday, June 8, 2012

AnyBackup 0.9.6 Released

Hot on the heels of 0.9.5, I've released 0.9.6 to address some immediate deficiencies resulting from the major overhaul of the underlying application.
  • File cache layer between SQLite and AnyBackup
    • This addresses the lag the can occur when browsing an indexed drive, especially when you have > 100k files across all indexed drives
  • Improved search dialog making use of the new SQLite backend
    • Search by drive
    • Specify search type: Contains, Ends with, Starts With, or pass in a SQL string (i.e. %.mp3)
    • Specify file type (directory or file)
    • Search dialog is persisted so your input is saved (unless a drive is added or removed -- then the dialog is destroyed and recreated)
  • Clicking on a result file no longer automatically displays it in the content pane, instead this has been moved to a popup menu option
  • Changed remote indexing port to not conflict with standard XVNC port
AnyBackup 0.9.6 -- As always please note that these are all items I own or have bought in one form or another -- don't sue me. :)
The new search dialog in 0.9.6

The new 'Show In Content Panel' option

Followers