I read a Lifehacker post a week or so ago about online financial planners. Such as Quicken Online (now free, which was the topic of the post), Mint.com, and Wesabe.

I went to Mint first, and started to setup an account. What stopped me in my tracks, is when the account creation process asked for my online bank account details. The reason for this, is to automatically gather your latest transactions nightly, and then auto categorize and sort your data. Obviously this is a cool feature, and does away with having to manually enter this data or even manually import the data from a dump file such as OFX.

Yet, this is a scary idea. To understand why you need to know how data in stored and encrypted on websites. Lets use a simplified example. If I create a site that has a login, username and password for instance, this data must be stored in a database. To do this in a secure way, I would store it through a method that is unidirectional. Meaning that I cannot see what the password is, nor can I decrypt it. In fact even as the administrator of the site, all I can do is reset the password, not obtain what it is. When the user enters this password, it is “hashed” with an algorithm. If the result matches the stored value, it is good. If not, it isn’t.

Now, lets say I needed to know what the password was, or needed a bidirectional storage system. Why? Well, as in the case of Mint.com, they would need to know the real password to use it to log in. Having a hash only value wouldn’t do any good when they needed to log into your bank for you. To do this, the password is encrypted. Yet there is a key somewhere within the system to decrypt this password value, and then use it to gather your data.

It should be obvious why this is scary. We have all heard the stories of credit card companies getting broken into through the net, etc. And these are not entities that do not think of security. Break ins happen. Its reality. And the thought of someone storing my information in a form that can theoretically be broken is to much for me to handle. There are already multiple forms of my identity that I have no control over how they are stored, at least this one I can chose to not participate in. Stories of company employees gaining unauthorized access also exist, so its not just break ins and hackers I fear.

Now, Mint.com does not store the information themselves. They use a company called Yodlee. And this company claims to be very secure. And I do not doubt that they take this very seriously, as a company like this would not survive long after a loss of data. Yet, any computer expert can tell you… nothing is unhackable. Any time a system is connected to a network or physically accessible, odds are it can be broken.

Wesabe (and supposedly Quicken Online, although when I tried to setup an account they would not let me bypass the step to enter my credentials just as Mint) has an option to upload manually your bank data files (OFX, etc). So while you can enter your credentials, you do not need to. I wish Mint would do the same as they seem to have a better system. In this case, if someone did gain access to the sites system (or Yodlee’s), they would only have data that would do nothing for them in stealing your identity or bank information. This I can sleep at night knowing.

A true geek loves their data and stats. With this in mind I set out a while back to display more of the information about my computer that I like to see. Enter Samurize…

This is a great desktop info program for Windows, that allows for tons of info to be displayed, along with plugins for things such as music controls, mini web browsers, etc.

My current config is all data oriented, as the mini-browser I had with my RTM task list was too distracting for me.

This… is… amazing…

Palin as President

InfoWorld had a piece today about scripting languages, and the future they may hold. While not offering any solid indication on which will have the biggest future in store, it does mention how they may all in fact be worthwhile to learn and program with.

Most programmers who’ve been around long enough to survive the rise and fall of programming languages such as Cobol and Fortran recognize that the problem isn’t a life-or-death matter. There won’t be one winner, and backing the wrong horse won’t be fatal. These stable old hands point out that Cobol continues to run strong. At this writing, more than 1 percent of the listings on Dice.com include Cobol. By comparison, JavaScript draws a bit more than 7 percent!

Yet learning and investing time into a language that may lack support over the years is certainly a concern. Not only to make yourself marketable for a job, but future proofing as much as you can your knowledge.

The Tiobe Index gives some insight into current popularity, and some trend info for the same month a year ago. Yet that still does not offer the crystal ball…

For October, the scripting languages cited in the article rank as:

1. PHP – #5 – 8.612%
2. Python – #6 – 4.565%
3. Perl – #7 – 4.419%
4. Ruby – #10 – 2.869%
5. Javascript – #11 – 2.670%

So OOo 3.0 was officially released today. Yet the website is straining under the load…

I guess this is a good thing, seeing as a lot of users want the new application. Hopefully the OOo web team can get things running smoothly again.

So it appears that OpenOffice has released the stable 3.0 to its mirrors. Although the announcement isnt official yet, and the download link on the main page still goes to 2.4.1. I hear it will go official on Monday, yet go to a mirror and grab it early.

Via Lifehacker… this is a pretty cool Windows XP theme. Its official so no mods to get it to work.

Download

I have gone through quite a few SoHo type routers (small office/home office) over the years. Almost all of these were systems such as Netgear, Linksys, etc. That is till I discovered the Linux based firewall/router. If I remember correctly, the first I tried was IPCop. The distro I currently use, is Smoothwall.

I switched the work router over to new hardware today, and figured I would talk about it. The new hardware, while overkill for a router, was added due to the old system failing. It was old when I began using it for Smoothwall, and finally gave out. Now I am running on a 2GHz Celeron, with 640MB RAM, 4 NICs, and a 60GB Hard Drive. The old system was a Duron based, with 3 NICs, 256MB RAM, and a 10GB HD.

I have long wanted to add to my network, as I wanted to run a purple zone (more explanation soon) for WiFi. Yet the old system did not have room for another PCI NIC. Since the new system had 3 PCI slots, it worked perfectly. Below is a very simple diagram of what I am running now.

The four NICs are as follows:

1. Red – Connects to Static DSL line
2. Green – LAN network. Safe zone with about 20 stations, 2 switches.
3. Orange – DMZ Zone. LAMP server and Mail server sit here. No DHCP, incoming “pinholes” only allow for HTTP and SMTP/POP access.
4. Purple – WiFi subnet. DHCP is active. No ethernet NICs.

The purple zone is separated physically from the green zone. This enables me to protect the sensitive computers on the green interface from crackers, unauthorized entry via WiFi, and users who may not be very careful. The orange zone is also physically separate from the other zones. If my LAMP server gets compromised, nothing else is harmed.

This system has many advantages over the simple units purchased from stores. For one, the subnets are really separate. And in the case of the purple network, this option is simply not available. I have never tried to use the “DMZ Port” that some routers have, yet I have heard they are not true DMZ zones.

In addition to the benefits of the subnets, Smoothwall has extra features that would normally cost you quite a bit to get in a store bought solution. Such as:

• IDS (via Snort)
• Web Proxy that can be set to transparent, so that you can log all outgoing HTTP traffic without notice/distraction to users. This can also be setup to use a central proxy. Cache size is adjustable.
• IM Proxy, logs all IM traffic (AIM, ICQ, IRC, MSN, Yahoo) and can filter swear words.
• POP Proxy that scans and filters virus (via Clam AV)

In addition to the more standard router functions. There is also some I did not mention. Over all, Smoothwall gives me the ability to control very precisely how my traffic is handled, and I can even get more detailed with addons like Dans Guardian.

So I saw a post about Soshiku today. Figured I would check it out…

Its the standard web 2.0 app, nothing special. Has a pretty simple interface, seems to have the basics. Add new courses, share events, notifications on assignments, a calendar, and keeps a grade tally.

First, some missing features (granted this is very new it appears from their blog), or things I don’t like.

• Grade for courses do not allow for methods such as curves and weights on assignments.
• Default new assignment is Public viewable. That bothers me. No way to change the default.
• Google ads. Now everyone needs to make money, and there is no reason why this should not be ok. Yet it bothers me, even while its not that obtrusive. A lot of new web apps do not use ads, and this comes across as a get rich method for the author. Again, just the feeling it gives.

I will be sticking with my current methods of school management, such as calendar, and task lists. Not a bad idea, but lacking in features for my taste, and the ads put me over the edge. But I will be watching to see where it goes. Maybe the future will bring some features that a simple task list and calendar cannot (such as RTM and Google Calendar).