- <title>En enklere Osloskolehverdag med automatisk sjekk av Fronter</title>
- <link>http://people.skolelinux.org/pere/blog/En_enklere_Osloskolehverdag_med_automatisk_sjekk_av_Fronter.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/En_enklere_Osloskolehverdag_med_automatisk_sjekk_av_Fronter.html</guid>
- <pubDate>Thu, 12 Feb 2015 10:30:00 +0100</pubDate>
- <description><p>En stund nå har jeg vært nødt til å forholde meg til
-<a href="https://fronter.com/osloskoler/">Fronter</a>, en nettløsning
-Osloskolen bruker for kontakt mellom hjem og skole. Løsningen
-imponerer ikke, og det er lagt opp til at vi foreldre skal logge inn
-regelmessig for å se om noe har endret seg. Idéen om å la folk stikke
-innom nettsider for å se om det har skjedd endringer er så idiotisk at
-jeg har lett etter et alternativ. Fronterløsningen har en innebygget
-løsning der en kan abonnere på forsiden (som viser en oppsummering av
-det en har tilgang til), og få tilsendt en kopi hver natt, men det
-fjerner jo bare behovet for å stikke innom, ikke den idiotiske ideen
-om at folk skal huske hvordan nettsiden så ut sist og oppdage hva som
-er endret.</p>
-
-<p>For å gjøre livet enklere har jeg derfor brukt litt tid på å lage
-et program som kobler seg opp og sjekker etter endringer automatisk,
-slik at jeg kan få beskjed fra datamaskinen når noe endrer seg i
-stedet for å forsøke å finne ut av det selv. I går ble scriptet
-brukbart, og jeg er dermed klar til å dele det med deg.</p>
-
-<p>Jeg startet med å skrive programmet i Python, og hadde en versjon
-som logget inn og hentet ned enkeltsider fra Fronter. Men
-Fronter-websidene suger golfballer gjennom en hageslange, med
-uleselig HTML, flere nivåer av iframes og en struktur på innholdet som
-er svært vanskelig å finne ut av, så jeg ga til slutt opp lxml-parsing
-med Python og forsøkte meg med WWW::Mechanize for Perl som jeg kjente
-fra før. I ettertid har jeg oppdaget at WWW:Mechanize også finnes for
-Python, så jeg kunne antagelig droppet språkbyttet. Men da jeg
-oppdaget det hadde jeg kommet så langt med Perl-utgaven, så jeg hoppet
-ikke tilbake.</p>
-
-<p>For å logge inn i Fronter besøker en enten skolens websider eller
-den sentrale innloggingsiden <tt>https://fronter.com/osloskoler/</tt>.
-Perl-koden for å logge inn ser slik ut:</p>
-
-<pre>
-my $mech = WWW::Mechanize->new();
-$mech->get('https://fronter.com/osloskoler/');
-$mech->submit_form(fields => {
- username => $username,
- password => $password,
-} );
-</pre>
-
-<p>Neste steg er å få oversikt over hvilke «rom» en har tilgang til.
-På vår skole er det rom for skolen, biblioteket, elevrådet,
-aktivitetsskolen og klasser der en har unger, og dette vil være
-forskjellig fra person til person. Etter å ha romstert rundt i
-Fronter-grensesnittet endel kom jeg over en grei HTML-side med
-oversikt over rommene,
-<tt>https://fronter.com/osloskoler/adm/projects.phtml?mode=displayRoomchooser</tt>,
-så jeg bruker denne til å hente ut romoversikt med rom-ID.</p>
-
-<pre>
-my %room;
-$mech->get('https://fronter.com/osloskoler/adm/projects.phtml?mode=displayRoomchooser');
-for my $link ($mech->links()) {
- my $url = $link->url();
- if ($url =~ m%/links/list_files.phtml\?edit=(\d+)$%) {
- $room{$link->text()} = $1;
- }
-}
-</pre>
-
-<p>Når en har rom-ID kan en slå opp websiden for rommet, som starter
-på
-<tt>https://fronter.com/osloskoler/contentframeset.phtml?goto_prjid=$ROMID</tt>
-(der $ROMID byttes ut med rom-ID-tallet). Det gir en side med
-iframes, og en må tre nivåer ned i iframes før en får tak i
-HTML-informasjonen som vises frem når en ser på det aktuelle rommet.
-Her ga jeg opp den robuste parsingen og hardkodet endel URL-er som i
-stedet bør spores opp maskinelt. HTML-informasjonen som vises lagres
-i en fil etter at økt- og innloggings-nøkkel er fjernet og deretter
-bruker jeg <tt>lynx --dump --nolist</tt> for å hente ut en tekstlig
-utgave av websiden. Denne tekstlige utgaven sammenlignes med forrige
-versjon og oversikt over endringer kan så sendes ut på egnet vis.</p>
-
-<p>Jeg valgte å bruke git til å holde rede på endringer, så jeg
-sjekker inn HTML og tekst-utgaver i git og bruker git til å vise frem
-endringene i tekstutgavene. Programvaren for å gjøre dette er testet
-på Debian GNU/Linux og kan
-<a href="https://github.com/petterreinholdtsen/fronter-scraper-oslo">lastes
-ned fra github</a>.</p>
-
-<p>For å bruke dette selv, kjør følgende kommandoer på din
-Debian-maskin (forutsetter sudo-tilgang for installasjon av
-programvare):</p>
-
-<pre>
-sudo apt-get install git lynx-cur libio-prompter-perl libwww-mechanize-perl \
- libconfig-inifiles-perl
-git clone https://github.com/petterreinholdtsen/fronter-scraper-oslo
-cd fronter-scraper-oslo
-./update-git
-</pre>
-
-<p>Det gjenstår endel, men systemet er allerede nyttig for meg. Jeg
-ønsker at systemet også skal laste ned PDF-er og slikt som er lagt ut
-for nedlasting på sidene, slik at f.eks. ukeplaner kommer inn i
-git-arkivet mitt automatisk og jeg får automatisk beskjed når ny
-ukeplan er lagt ut. Kanskje du kan bidra med å få det på plass, eller
-kanskje du har andre ting du vil fikse? Jeg tar gjerne imot endringer
-og forbedringer. Det er mye som kan gjøres bedre, og scriptet er ikke
-veldig robust mot endringer hos nettsidene til Fronter. Jeg regner
-dermed med at det vil trengs oppdateringer jevnlig etter hvert som
-Fronter-løsningen endrer seg.</p>
+ <title>Where did that package go? &mdash; geolocated IP traceroute</title>
+ <link>http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html</guid>
+ <pubDate>Mon, 9 Jan 2017 12:20:00 +0100</pubDate>
+ <description><p>Did you ever wonder where the web trafic really flow to reach the
+web servers, and who own the network equipment it is flowing through?
+It is possible to get a glimpse of this from using traceroute, but it
+is hard to find all the details. Many years ago, I wrote a system to
+map the Norwegian Internet (trying to figure out if our plans for a
+network game service would get low enough latency, and who we needed
+to talk to about setting up game servers close to the users. Back
+then I used traceroute output from many locations (I asked my friends
+to run a script and send me their traceroute output) to create the
+graph and the map. The output from traceroute typically look like
+this:
+
+<p><pre>
+traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets
+ 1 uio-gw10.uio.no (129.240.202.1) 0.447 ms 0.486 ms 0.621 ms
+ 2 uio-gw8.uio.no (129.240.24.229) 0.467 ms 0.578 ms 0.675 ms
+ 3 oslo-gw1.uninett.no (128.39.65.17) 0.385 ms 0.373 ms 0.358 ms
+ 4 te3-1-2.br1.fn3.as2116.net (193.156.90.3) 1.174 ms 1.172 ms 1.153 ms
+ 5 he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48) 3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.857 ms
+ 6 ae1.ar8.oslosda310.as2116.net (195.0.242.39) 0.662 ms 0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23) 0.622 ms
+ 7 89.191.10.146 (89.191.10.146) 0.931 ms 0.917 ms 0.955 ms
+ 8 * * *
+ 9 * * *
+[...]
+</pre></p>
+
+<p>This show the DNS names and IP addresses of (at least some of the)
+network equipment involved in getting the data traffic from me to the
+www.stortinget.no server, and how long it took in milliseconds for a
+package to reach the equipment and return to me. Three packages are
+sent, and some times the packages do not follow the same path. This
+is shown for hop 5, where three different IP addresses replied to the
+traceroute request.</p>
+
+<p>There are many ways to measure trace routes. Other good traceroute
+implementations I use are traceroute (using ICMP packages) mtr (can do
+both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP
+traceroute and a lot of other capabilities). All of them are easily
+available in <a href="https://www.debian.org/">Debian</a>.</p>
+
+<p>This time around, I wanted to know the geographic location of
+different route points, to visualize how visiting a web page spread
+information about the visit to a lot of servers around the globe. The
+background is that a web site today often will ask the browser to get
+from many servers the parts (for example HTML, JSON, fonts,
+JavaScript, CSS, video) required to display the content. This will
+leak information about the visit to those controlling these servers
+and anyone able to peek at the data traffic passing by (like your ISP,
+the ISPs backbone provider, FRA, GCHQ, NSA and others).</p>
+
+<p>Lets pick an example, the Norwegian parliament web site
+www.stortinget.no. It is read daily by all members of parliament and
+their staff, as well as political journalists, activits and many other
+citizens of Norway. A visit to the www.stortinget.no web site will
+ask your browser to contact 8 other servers: ajax.googleapis.com,
+insights.hotjar.com, script.hotjar.com, static.hotjar.com,
+stats.g.doubleclick.net, www.google-analytics.com,
+www.googletagmanager.com and www.netigate.se. I extracted this by
+asking <a href="http://phantomjs.org/">PhantomJS</a> to visit the
+Stortinget web page and tell me all the URLs PhantomJS downloaded to
+render the page (in HAR format using
+<a href="https://github.com/ariya/phantomjs/blob/master/examples/netsniff.js">their
+netsniff example</a>. I am very grateful to Gorm for showing me how
+to do this). My goal is to visualize network traces to all IP
+addresses behind these DNS names, do show where visitors personal
+information is spread when visiting the page.</p>
+
+<p align="center"><a href="www.stortinget.no-geoip.kml"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geoip-small.png" alt="map of combined traces for URLs used by www.stortinget.no using GeoIP"/></a></p>
+
+<p>When I had a look around for options, I could not find any good
+free software tools to do this, and decided I needed my own traceroute
+wrapper outputting KML based on locations looked up using GeoIP. KML
+is easy to work with and easy to generate, and understood by several
+of the GIS tools I have available. I got good help from by NUUG
+colleague Anders Einar with this, and the result can be seen in
+<a href="https://github.com/petterreinholdtsen/kmltraceroute">my
+kmltraceroute git repository</a>. Unfortunately, the quality of the
+free GeoIP databases I could find (and the for-pay databases my
+friends had access to) is not up to the task. The IP addresses of
+central Internet infrastructure would typically be placed near the
+controlling companies main office, and not where the router is really
+located, as you can see from <a href="www.stortinget.no-geoip.kml">the
+KML file I created</a> using the GeoLite City dataset from MaxMind.
+
+<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy-small.png" alt="scapy traceroute graph for URLs used by www.stortinget.no"/></a></p>
+
+<p>I also had a look at the visual traceroute graph created by
+<a href="http://www.secdev.org/projects/scapy/">the scrapy project</a>,
+showing IP network ownership (aka AS owner) for the IP address in
+question.
+<a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg">The
+graph display a lot of useful information about the traceroute in SVG
+format</a>, and give a good indication on who control the network
+equipment involved, but it do not include geolocation. This graph
+make it possible to see the information is made available at least for
+UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level
+3 Communications and NetDNA.</p>
+
+<p align="center"><a href="https://geotraceroute.com/index.php?node=4&host=www.stortinget.no"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-small.png" alt="example geotraceroute view for www.stortinget.no"/></a></p>
+
+<p>In the process, I came across the
+<a href="https://geotraceroute.com/">web service GeoTraceroute</a> by
+Salim Gasmi. Its methology of combining guesses based on DNS names,
+various location databases and finally use latecy times to rule out
+candidate locations seemed to do a very good job of guessing correct
+geolocation. But it could only do one trace at the time, did not have
+a sensor in Norway and did not make the geolocations easily available
+for postprocessing. So I contacted the developer and asked if he
+would be willing to share the code (he refused until he had time to
+clean it up), but he was interested in providing the geolocations in a
+machine readable format, and willing to set up a sensor in Norway. So
+since yesterday, it is possible to run traces from Norway in this
+service thanks to a sensor node set up by
+<a href="https://www.nuug.no/">the NUUG assosiation</a>, and get the
+trace in KML format for further processing.</p>
+
+<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.kml"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.png" alt="map of combined traces for URLs used by www.stortinget.no using geotraceroute"/></a></p>
+
+<p>Here we can see a lot of trafic passes Sweden on its way to
+Denmark, Germany, Holland and Ireland. Plenty of places where the
+Snowden confirmations verified the traffic is read by various actors
+without your best interest as their top priority.</p>
+
+<p>Combining KML files is trivial using a text editor, so I could loop
+over all the hosts behind the urls imported by www.stortinget.no and
+ask for the KML file from GeoTraceroute, and create a combined KML
+file with all the traces (unfortunately only one of the IP addresses
+behind the DNS name is traced this time. To get them all, one would
+have to request traces using IP number instead of DNS names from
+GeoTraceroute). That might be the next step in this project.</p>
+
+<p>Armed with these tools, I find it a lot easier to figure out where
+the IP traffic moves and who control the boxes involved in moving it.
+And every time the link crosses for example the Swedish border, we can
+be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in
+Britain and NSA in USA and cables around the globe. (Hm, what should
+we tell them? :) Keep that in mind if you ever send anything
+unencrypted over the Internet.</p>
+
+<p>PS: KML files are drawn using
+<a href="http://ivanrublev.me/kml/">the KML viewer from Ivan
+Rublev<a/>, as it was less cluttered than the local Linux application
+Marble. There are heaps of other options too.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
projects / homepage.git / blobdiff