Re: Problems downloading stock quotes [RESOLVED] possible security issue
Derek, I finally resolved my problem... took a little head scratching. I forgot I modified my hosts file as specified by: ad blocker http://everythingisnt.com/hosts.html this modifies the hosts file so that all known advertising sources are aliased to 127.0.0.1 I was trying to pinpoint exactly which advertising source Finance::Quotes modules requires to get the stock quotes, but it seems like it changes... seems like the authors of Finance::Quotes are involved in some advertising scheme... hope they are not sending other info, in particular, my financial information to these advertisers. You're a security guy... what do you make of this? Richard Derek Atkins wrote: What happens when you try gnc-fq-dump ? Maybe your quote source changed their website? -derek Richard Geddes [EMAIL PROTECTED] writes: I was using GNUCash 2.0.5 on Ubuntu 7.04 for the last several months. Set up some stock investments and downloaded stock prices with Tools - Price Editor - Get Quotes. This worked ok until about 3 weeks ago. Now I get a message There was an unknown error while retrieving the price quotes. I did install a firewall management program called Firestarter between the time gnucash was working and when it stopped working... I've since uninstalled Firestarter. I tried getting stock quotes after stopping my firewall using /etc/init.d/iptables stop. No difference. I also upgraded to gnucash 2.2.1. No dice. I uninstalled gnucash altogether and reinstalled it, but still getting the same message. I even thought of uninstalling perl as the module gnucash uses to get the quotes is in perl... but, it seems that many apps on my system depend on perl... on my ubuntu system, if I try to uninstall perl, it also includes (to uninstall) pretty much all the apps I've installed.. does that sound correct...? Anyway, my beef isn't really with perl, although it seems that if there was something goes wrong with perl, alot of things depending on it would also go down I just want to get my stock quotes so I can see my current asset values to make decisions without pulling out the calculator. Can someone help me troubleshoot this problem? Thanks. Richard ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
Re: Problems downloading stock quotes [RESOLVED] possible security issue
What quote source do you use? I know that F::Q reads the html from your quote source and parses the html to find the quote. Perhaps it is downloading the advertising from that site as well. Phil Richard Geddes wrote: Derek, I finally resolved my problem... took a little head scratching. I forgot I modified my hosts file as specified by: ad blocker [1]http://everythingisnt.com/hosts.html this modifies the hosts file so that all known advertising sources are aliased to 127.0.0.1 I was trying to pinpoint exactly which advertising source Finance::Quotes modules requires to get the stock quotes, but it seems like it changes... seems like the authors of Finance::Quotes are involved in some advertising scheme... hope they are not sending other info, in particular, my financial information to these advertisers. You're a security guy... what do you make of this? Richard Derek Atkins wrote: What happens when you try gnc-fq-dump ? Maybe your quote source changed their website? -derek Richard Geddes [2][EMAIL PROTECTED] writes: I was using GNUCash 2.0.5 on Ubuntu 7.04 for the last several months. Set up s ome stock investments and downloaded stock prices with Tools - Price Editor - Get Quotes. This worked ok until about 3 weeks ago. Now I get a message The re was an unknown error while retrieving the price quotes. I did install a firewall management program called Firestarter between the ti me gnucash was working and when it stopped working... I've since uninstalled F irestarter. I tried getting stock quotes after stopping my firewall using /et c/init.d/iptables stop. No difference. I also upgraded to gnucash 2.2.1. No dice. I uninstalled gnucash altogether and reinstalled it, but still getting the same message. I even thought of uninstalling perl as the module gnucash uses to get the quote s is in perl... but, it seems that many apps on my system depend on perl... on my ubuntu system, if I try to uninstall perl, it also includes (to uninstall) p retty much all the apps I've installed.. does that sound correct...? Anyway, my beef isn't really with perl, although it seems that if there was som ething goes wrong with perl, alot of things depending on it would also go down. ... I just want to get my stock quotes so I can see my current asset values to make decisions without pulling out the calculator. Can someone help me troubleshoot this problem? Thanks. Richard ___ gnucash-devel mailing list [EMAIL PROTECTED] [4]https://lists.gnucash.org/mailman/listinfo/gnucash-devel ___ gnucash-devel mailing list [EMAIL PROTECTED] [6]https://lists.gnucash.org/mailman/listinfo/gnucash-devel References 1. http://everythingisnt.com/hosts.html 2. mailto:[EMAIL PROTECTED] 3. mailto:gnucash-devel@gnucash.org 4. https://lists.gnucash.org/mailman/listinfo/gnucash-devel 5. mailto:gnucash-devel@gnucash.org 6. https://lists.gnucash.org/mailman/listinfo/gnucash-devel ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
Re: Problems downloading stock quotes [RESOLVED] possible security issue
Phil, Do you mean that F::Q works like the browser? When you ask the browser to get a quote, you get all the advertising with it, and so when F::Q gets a a stock quote, F::Q also gets the advertising... and can't complete the transaction without making a connection to the advertising website? I re-applied the ad blocker, and with my browser, was able to get a quote for RHAT AMD from the yahoo website successfully. When I tried gnc-fq-dump yahoo RHT AMD from the command line and it failed. This leads me to think that F::Q does not work like the browser... it looks like F::Q needs to have name resolution for a set of advertisers on that ad block list. My web browser also responds the ad blocking aliases in the hosts file. I used yahoo, usa, nasdaq as sources and got consistent results. Richard Phil Longstaff wrote: What quote source do you use? I know that F::Q reads the html from your quote source and parses the html to find the quote. Perhaps it is downloading the advertising from that site as well. Phil Richard Geddes wrote: Derek, I finally resolved my problem... took a little head scratching. I forgot I modified my hosts file as specified by: ad blocker [1]http://everythingisnt.com/hosts.html this modifies the hosts file so that all known advertising sources are aliased to 127.0.0.1 I was trying to pinpoint exactly which advertising source Finance::Quotes modules requires to get the stock quotes, but it seems like it changes... seems like the authors of Finance::Quotes are involved in some advertising scheme... hope they are not sending other info, in particular, my financial information to these advertisers. You're a security guy... what do you make of this? Richard Derek Atkins wrote: What happens when you try gnc-fq-dump ? Maybe your quote source changed their website? -derek Richard Geddes [2][EMAIL PROTECTED] writes: I was using GNUCash 2.0.5 on Ubuntu 7.04 for the last several months. Set up s ome stock investments and downloaded stock prices with Tools - Price Editor - Get Quotes. This worked ok until about 3 weeks ago. Now I get a message The re was an unknown error while retrieving the price quotes. I did install a firewall management program called Firestarter between the ti me gnucash was working and when it stopped working... I've since uninstalled F irestarter. I tried getting stock quotes after stopping my firewall using /et c/init.d/iptables stop. No difference. I also upgraded to gnucash 2.2.1. No dice. I uninstalled gnucash altogether and reinstalled it, but still getting the same message. I even thought of uninstalling perl as the module gnucash uses to get the quote s is in perl... but, it seems that many apps on my system depend on perl... on my ubuntu system, if I try to uninstall perl, it also includes (to uninstall) p retty much all the apps I've installed.. does that sound correct...? Anyway, my beef isn't really with perl, although it seems that if there was som ething goes wrong with perl, alot of things depending on it would also go down. ... I just want to get my stock quotes so I can see my current asset values to make decisions without pulling out the calculator. Can someone help me troubleshoot this problem? Thanks. Richard ___ gnucash-devel mailing list [EMAIL PROTECTED] [4]https://lists.gnucash.org/mailman/listinfo/gnucash-devel ___ gnucash-devel mailing list [EMAIL PROTECTED] [6]https://lists.gnucash.org/mailman/listinfo/gnucash-devel References 1. http://everythingisnt.com/hosts.html 2. mailto:[EMAIL PROTECTED] 3. mailto:gnucash-devel@gnucash.org 4. https://lists.gnucash.org/mailman/listinfo/gnucash-devel 5. mailto:gnucash-devel@gnucash.org 6. https://lists.gnucash.org/mailman/listinfo/gnucash-devel ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
Re: Problems downloading stock quotes [RESOLVED] possible security issue
Richard Geddes [EMAIL PROTECTED] writes: I re-applied the ad blocker, and with my browser, was able to get a quote for RHAT AMD from the yahoo website successfully. When I tried gnc-fq-dump yahoo RHT AMD from the command line and it failed. This leads me to think that F::Q does not work like the browser... it looks like F::Q needs to have name resolution for a set of advertisers on that ad block list. My web browser also responds the ad blocking aliases in the hosts file. F::Q does do web-page scraping to get some quotes. My guess is that there's some coincidental overlap in the hosts used to obtain some quotes as well as serve ads. Some front-end Yahoo load-balanced server, most likely. If you care enough, you could binary-search within that host list to figure out exactly which host causes the problem. I've seen a bit of F::Q sources and know how it interacts with gnucash. The dataflow is specific and uni-directional. AFAIK, F::Q isn't provided with any of your financial data apart from the quote source and symbol itself. Thus, it can't re-provide that data to any other entity. -- ...jsled http://asynchronous.org/ - a=jsled; b=asynchronous.org; echo [EMAIL PROTECTED] pgpKHCbUW0UMp.pgp Description: PGP signature ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
Re: Problems downloading stock quotes [RESOLVED] possible security issue
Josh, Seems a little odd that F::Q would fail when advertiser domain names are unresolvable... I would figure, if an F::Q encounters an ad domain while scraping, it would ignore it and look for the goodies. I guess I could tcpdump the F:Q connection to see what's going on at the packet level... it's been a while since I've tcpdump'ed, so it'll take me some time to get the output correct. I did try to pinpoint a particular advertiser domain... I started deleting domain names from the top of the list until gnc-fq-dump worked... funny thing is that, I retest the suspect ad domain again(add it back in, then take it out), and gnc-fq-dump stops working... the one thing that consistently works is, if I remove all the aliases from my host file, gnc-fq-dump works, and when I add all the aliases to my hosts file, gnc-fq-dump stops working... if F::Q does depend on an ad domain to complete it's task, that dependency seems to change. It's good to know that F::Q isn't leaking any of my data. F::Q is a perl module, as I understand it is it's source on my computer? If it is, what is it called or where can I find it? I'd like to look at the source to get a bearing on this issue. Richard Josh Sled wrote: Richard Geddes [EMAIL PROTECTED] writes: I re-applied the ad blocker, and with my browser, was able to get a quote for RHAT AMD from the yahoo website successfully. When I tried gnc-fq-dump yahoo RHT AMD from the command line and it failed. This leads me to think that F::Q does not work like the browser... it looks like F::Q needs to have name resolution for a set of advertisers on that ad block list. My web browser also responds the ad blocking aliases in the hosts file. F::Q does do web-page scraping to get some quotes. My guess is that there's some coincidental overlap in the hosts used to obtain some quotes as well as serve ads. Some front-end Yahoo load-balanced server, most likely. If you care enough, you could binary-search within that host list to figure out exactly which host causes the problem. I've seen a bit of F::Q sources and know how it interacts with gnucash. The dataflow is specific and uni-directional. AFAIK, F::Q isn't provided with any of your financial data apart from the quote source and symbol itself. Thus, it can't re-provide that data to any other entity. ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
Re: Problems downloading stock quotes [RESOLVED] possible security issue
Richard Geddes [EMAIL PROTECTED] writes: Seems a little odd that F::Q would fail when advertiser domain names are unresolvable... I would figure, if an F::Q encounters an ad domain while scraping, it would ignore it and look for the goodies. I guess I could tcpdump the F:Q connection to see what's going on at the packet level... it's been a while since I've tcpdump'ed, so it'll take me some time to get the output correct. You're assuming that your advertiser host list is both precise and accurate. It may well be neither. Also, as per the mechanism used (changing the resolution for ad hosts to localhost)... when a process encounters a domain, it doesn't know if it's an ad domain or not, it just tries to make the connection to localhost, instead, and fails. For HTTP, this will either be a connection failure, or perhaps a 404 or 500 failure (if you happen to be running an http server on your local machine). It just so happens that for the case of an ad image/flash/javascript in common web browsers, these failures result in the desired effect: no advertisement. Other applications might not fail in the same way. -- ...jsled http://asynchronous.org/ - a=jsled; b=asynchronous.org; echo [EMAIL PROTECTED] pgpUJuOtfna0e.pgp Description: PGP signature ___ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
