Exporting Robinhood investments to CSV

I recently discovered Robinhood. It’s a mobile trading platform that let’s you invest in the stock market without paying any trading fees. I can’t shake the feeling that 0-fee trading is going to be one of those game-changes that creates a whole range of new applications that weren’t possible before. Quantopian is an early example, but I bet there will be more.

Robinhood is currently only available on mobile and it doesn’t have any of the charts and graphs you would find on any other trading platform. Here’s a little python script I cooked up that will let you export your Robinhood trades to a .csv file you can import into Google Finance or whatever tool you use to track your investments.

View the code on Github or if you trust me, open your terminal and run:

git clone git@github.com:joshfraser/robinhood-to-csv.git
cd robinhood-to-csv
pip install -r requirements.txt
python csv-export.py

The script will request your credentials then prompt you for a filename like this:

Robinhood username:
1 queued trade and 11 executed trades found in your account.
Choose a filename or press enter to save to `robinhood.csv`:

Can’t remember which social login method you used?

Once upon a time we used usernames and passwords to sign into websites. Unless you used multiple email addresses, your password was the single piece of information you had to remember. With password services like LastPass and 1Password, you didn’t have to remember anything.

But then sites started offering social login via Facebook, Twitter, Google, LinkedIn, Amazon, Github, Yahoo, Instagram and a whole host of other authentication options. Oops, you have accounts on all of those services. You can’t remember which one you used to sign up. Maybe you guess wrong and end up with two separate accounts that you can’t figure out how to merge. Ever been there? You’re not alone.

I dug into some real data from a company I worked with that offers multiple login options. For each 1,000 legitimate login attempts, there were 531 successful logins and 112 password resets. In other words, people were having a far harder time signing in than I would have imagined. If you run your own site, I recommend you look at your own data. My guess is you’ll be as surprised as I was at how few login attempts are successful.

If your site offers multiple login options, there’s an easy way you can remove this pain and increase your site usage. Set a cookie that remembers which authentication method was used to create their account along with any services that have been linked. Then use that data to highlight the options that can actually be used to sign in and hide everything else.


Fresh paint

I just pushed a new design for this site. Despite my infrequent posting, I’m still getting decent traffic every day from Google. The makeover was long overdue as the previous design from 2007 was starting to feel quite dated.

My goal was to design something that felt more modern and works better on mobile. Clean and simple. Focus on the content. I’m still running on WordPress, but I hacked up a new theme that uses Twitter Bootstrap to make it responsive and the Lato font to make it pretty.

I’ve switched the comments over to Facebook. Requiring commenters to use their real identity is the best way I know to deal with spam. I can’t import old comments into Facebook, so I’ll be using Disqus for historical posts.



Want to be more disciplined?

I love this quote from the founder of Dropbox, Drew Houston:

The hardest-working people don’t work hard because they’re disciplined. They work hard because working on an exciting problem is fun.

Want to be more disciplined? How about finding something you truly care about instead?



I’ve written before about the injustice of our prison system in the United States. I continue to be horrified by the racism and unfairness shown in the enforcement of our laws. The deprivation of anyone’s liberty is not something that should be taken lightly, and certainly never for the sake of financial gain. It should go without saying, but neither should rape ever be the punchline of a joke.

I’ve been really impressed with John Oliver’s Last Week Tonight. He’s hilarious, but more importantly, he’s not scared to tackle hard but important issues head on. This episode about prison is no exception.


Introducing my latest startup, Forage

I’ve always hated going to the grocery store. It’s such a pain to figure out what to make, how to get to the store and then find everything I need. I’m sick of throwing away food that I don’t eat in time. And why do I need to buy a $8 container of cumin when I only need 1 tsp!?!

I’m stoked to finally share what I’ve been working on for the last few months. Today we’re launching Forage — delicious meals that you can cook at home in 20 mins or less. All the ingredients are pre-measured so you can explore new types of dishes without all the waste.

I’d love to have you check it out. If nothing else, sign up to take advantage of some free food!


Inalienable rights

When I visited Hiroshima and the Peace museum there, I was blown away by the forgiveness exhibited by the Japanese people. Walking around that museum was one of the most moving experiences of my life. We called it the “cry museum”. There’s something wrong with you if you can walk through that museum without shedding a tear. The museum is a memorial for the atomic bomb victims and it shows the price of war in a very up-close and uncomfortable way.

Today I stumbled on this TED talk by George Takei on Why I love a country that once betrayed me:

Once again, I found myself blown away by the unbelievable amount of forgiveness by the Japanese people.

I was also reminded of how much I appreciate the ideals on which the United States was founded — the idea that all people are created equal. The idea that all people have an inalienable right to life, liberty and the pursuit of happiness.

Today there are countless examples of inequality in our country. It’s so easy to be discouraged. Takei’s story is certainly a solemn reminder of how easily we can slip away from these founding principles. Bono likes to talk about the “blind spots of our age”. We look back on the injustice we displayed to Japanese Americans with horror and disgrace. What are the things we’re accepting today that history will judge us for?

Those inalienable right are still worth defending.


The security hole I found on Amazon.com

I found a security hole on Amazon last August. While looking at their HTTP headers, I happened to notice that the entire amazon.com domain was susceptible to clickjacking attacks. If I could trick you into clicking anywhere on a webpage I controlled, I could get you to buy any product that’s available for sale on Amazon. By the way, that includes any fake products that I added to Amazon myself. For the hack to work, you needed to be signed into your Amazon account and have one-click purchasing turned on. I created a working proof-of-concept that looked like this:


Clicking either button caused an instant purchase of the movie Click (get it?). I resisted the temptation to use the exploit to send myself a million dollars worth of free Amazon gift cards, and instead responsibly disclosed it to the Amazon security team. It took them months to fix it, but the security hole has finally been closed using the x-frame-options header that I recommended.

This hack is classic clickjacking. I created a transparent iframe containing a product page on amazon.com that had been carefully positioned so when you think you’re clicking on my page, you’re actually clicking the “Buy now” button on their site instead. Here’s the code for the no longer working proof of concept.


Habits > Willpower

In the book The Willpower Instinct, Kelly McGonigal explains how your willpower is just like any other muscle. It gets tired. If you’re relying on your willpower to make the changes you want in your life, you’re likely going to fail. In the book Foodist, Darya Rose talks about the secret to eating better and the answer is not to go on another diet. It’s to build positive eating habits into your life. Positive habits beat willpower every time.

They say it takes 21 days to build a new habit.

It’s never to late to start building new habits into your life. I’m ashamed to say this, but it wasn’t until last year that I started flossing daily. Now it’s a daily routine for me. This month, I started doing the 7-min workout every morning. Now I roll out of bed and start doing jumping jacks. 7 minutes isn’t much, but that’s kinda the point. Overcoming inertia is the hard part. If you can’t find 7 minutes a day, it’s time you loosen up your schedule.

And there are plenty of tricks to help you get started. I found I was happiest when I biked to work instead of sitting in traffic and dealing with parking tickets. So I sold my car and treated my bike to a tune-up from the Bike Doctor (highly recommended service by the way).

I’m happier than I’ve been in a long time. For me the secret has been as simple as being intentional about finding what makes me happy and then turning those things into daily habits.

 1 comment

Taking a peek inside __VIEWSTATE

If you’ve ever viewed-source on a website that uses Microsoft technology like ASP or .NET, you may have noticed a massive blob of unintelligible text stored in a input field called __VIEWSTATE. What you’re seeing is actually a bunch of Base64 encoded data that gets passed back and forth between the server and the client. I don’t understand how anyone ever thought this was a good idea, but there are a ton of sites that still use this technique. Just check out some old enterprise applications or any Microsoft website and you’ll see what I mean. The United and US Airways websites are a couple other good examples. Unless the __VIEWSTATE is encrypted, you’ll be able to take a look inside using this simple bookmarklet:


Drag this link to your toolbar to try it: Decode ViewState