Pie Palace

I’ve put together a Gnome applet that checks the balance of an online bank account at predetermined times and emails the balances to a selected email address. It’s unimaginatively titled “balancer“.

It’s (1) useful, and (2) scares the crap out of me.

The useful part is pretty self evident. I want to know my current balance so I can reign in my spending if I’m going overboard.

The scary part is equally self evident. balancer keeps bank credentials on the user’s computer. That’s a terrible idea. An attacker who wants to make some cash just has to trawl the secrets stored in the GnomeKeyring to get access to the user’s life savings. In theory, GnomeKeyring could be secure-ish, if it kept all of its secrets on a portion of the disk hidden from users and blocked access on too many failed access attempts. But it doesn’t seem to. It looks like it keeps secrets in ~/.gnome2/keyrings. If an attacker can subvert an app owned by the user, then they can read ~/.gnome2/keyrings/balancer.credentials.keyring and pass the file offsite for an offline dictionary attack. Eep!

On top of that, GnomeKeyring differentiates between apps based on the path to the app binary. I guess this works for native applications, but it breaks when the app runs in a virtual machine. My app, balancer, is written in Python. After I run it, other Python apps are able to dig into the GnomeKeyring without the user being prompted for a password. Noes!

It’s funny. I tried Wesabe, and had no problem putting myself at the same risk balancer would inflict on me. Even though the Wesabe client has the same security problems, I put them out of my head because someone else wrote the code. But I’m having a hard time doing that with something I wrote.

A couple of years back I wrote a javascript version of a quasi-diagnostic test used to help diagnose Asperger syndrome. I wrote it for a lark: I was working with peeps that were socially awkward (like me), and I wanted to play with javascript. I stuck it on this blog and forgot about it.

Today I noticed a link from Common Sense Atheism pissing on some god-botherer’s ebook. It turns out that my AQ test has been tramping around the intertubes and is now moonlighting in theist/freethinker debates.

The apple falls close to the tree.

I occasionally get emails regarding the Asperger test hosted here on PiePalace. Some of them are heartbreaking:

I am trying to find information on how to test my son for Asperger’s. [... he has a hard time socializing... has difficulties with kids his own age...] Our insurance does not provide for testing and I can not afford to have him tested.

I know Canada’s health care system has problems, but at least anyone can get their kid in front of a doctor.

Blogawa welcomes TheatreGirl to its fold. TheatreGirl is writing reviews of Ottawa’s theatre shows. She promises to be keeping an eye on the Fringe – which I’m looking forward to. I refuse to have any experience unless I’m told beforehand that it will be good.

Observent readers of Blogawa will notice that I’ve added El Maks (of swapbox fame) to Blogawa. El Maks, (no relation to the awesomeness of Maki), is, well, awesome.

As always, suggestions for new blogs can be made to erigami@piepalace.ca.

I’m back. My wrists aren’t 100%, but they’re much better than they were. To prove it, I’ve squeezed another feature into Blogawa: events. Our friendly events robot reads OttawaEvents.org daily, randomly picks some upcoming events, and posts them to Blogawa.

The events are currently jumbled together, regardless of category, but that may change with time.

I’ve always liked the idea of open source bounties. I want open source coders to be able to make money on what they do, so I like the idea of users banding together to pay for a feature. The only drawback is that I’ve never actually seen a bounty collected. As an experiment, I’ve picked a worthy project, and I’ll be matching donations to it that (a) link back to this post, and (b) total no more than €60, (c) comment here. So hit Cofundos and take my money! (Yes, I’m avoiding typing. But this is a minipost, so it doesn’t count.) UPDATE: I’d like to make clear that I’m only offering €60 in total, and that’s matching on any single donation made after the original date of this post (April 14, 9:00am-ish, EST). I also added (c) above, so that I don’t have to check the cofundos site.

The Slaughter Daughters (née Bytowne Blackhearts) have joined Blogawa. Welcome aboard ladies.

And what do you mean there isn’t a league game until May 30? Awww…

Phew. The upgrade worked. I’ve redirected the old feed URL to the new URL, and everything should be smurfy on Blogawa itself.

Of note:

• Comment links should now work (thanks MG).
• We’re now displaying 25 posts/page (thanks RG).
• Updates should occur much more often now. If I’m hitting your blog too often, let me know.
• If you’re an author, and you want your gravatar to show up, email erigami@piepalace.ca and let me know.

As far as I know, all of the feeds imported properly. Let me know if there’s anything amiss.

Blogawa will be down briefly for the reskinning. Stay tuned… (I have the power. But do I have the grace?)