Problems downloading stock quotes [RESOLVED] possible security issue

Richard Geddes rich.geddes at verizon.net
Wed Oct 17 18:16:14 EDT 2007


Josh,

Seems a little odd that F::Q would fail when advertiser domain names are
unresolvable... I would figure, if an F::Q encounters an ad domain while
scraping, it would ignore it and look for the goodies.   I guess I could
tcpdump the F:Q connection to see what's going on at the packet level...
it's been a while since I've tcpdump'ed, so it'll take me some time to
get the output correct. 

I did try to pinpoint a particular advertiser domain... I started
deleting domain names from the top of the list until gnc-fq-dump
worked...  funny thing is that, I retest the suspect ad domain again(add
it back in, then take it out), and gnc-fq-dump stops working... the one
thing that consistently works is, if I remove all the aliases from my
host file, gnc-fq-dump works, and when I add all the aliases to my hosts
file, gnc-fq-dump stops working... if F::Q does depend on an ad domain
to complete it's task, that dependency seems to change.

It's good to know that F::Q isn't leaking any of my data.  F::Q is a
perl module, as I understand it.... is it's source on my computer?  If
it is, what is it called or where can I find it?  I'd like to look at
the source to get a bearing on this issue.

Richard

Josh Sled wrote:
> Richard Geddes <rich.geddes at verizon.net> writes:
>   
>> I re-applied the ad blocker, and with my browser, was able to get a
>> quote for RHAT AMD from the yahoo website successfully.  When I tried "
>> gnc-fq-dump yahoo RHT AMD" from the command line and it failed.  This
>> leads me to think that F::Q does not work like the browser... it looks
>> like F::Q needs to have name resolution for a set of advertisers on that
>> ad block list.  My web browser also responds the ad blocking aliases in
>> the hosts file.
>>     
>
> F::Q does do web-page scraping to get some quotes.
>
> My guess is that there's some coincidental overlap in the hosts used to
> obtain some quotes as well as serve ads.  Some front-end Yahoo load-balanced
> server, most likely.
>
> If you care enough, you could binary-search within that host list to figure
> out exactly which host causes the problem.
>
>
> I've seen a bit of F::Q sources and know how it interacts with gnucash.  The
> dataflow is specific and uni-directional.  AFAIK, F::Q isn't provided with
> any of your financial data apart from the quote source and symbol itself.
> Thus, it can't re-provide that data to any other entity.
>
>   


More information about the gnucash-devel mailing list