Pie Palace

I’ve put together a Gnome applet that checks the balance of an online bank account at predetermined times and emails the balances to a selected email address. It’s unimaginatively titled “balancer“.

It’s (1) useful, and (2) scares the crap out of me.

The useful part is pretty self evident. I want to know my current balance so I can reign in my spending if I’m going overboard.

The scary part is equally self evident. balancer keeps bank credentials on the user’s computer. That’s a terrible idea. An attacker who wants to make some cash just has to trawl the secrets stored in the GnomeKeyring to get access to the user’s life savings. In theory, GnomeKeyring could be secure-ish, if it kept all of its secrets on a portion of the disk hidden from users and blocked access on too many failed access attempts. But it doesn’t seem to. It looks like it keeps secrets in ~/.gnome2/keyrings. If an attacker can subvert an app owned by the user, then they can read ~/.gnome2/keyrings/balancer.credentials.keyring and pass the file offsite for an offline dictionary attack. Eep!

On top of that, GnomeKeyring differentiates between apps based on the path to the app binary. I guess this works for native applications, but it breaks when the app runs in a virtual machine. My app, balancer, is written in Python. After I run it, other Python apps are able to dig into the GnomeKeyring without the user being prompted for a password. Noes!

It’s funny. I tried Wesabe, and had no problem putting myself at the same risk balancer would inflict on me. Even though the Wesabe client has the same security problems, I put them out of my head because someone else wrote the code. But I’m having a hard time doing that with something I wrote.

I’d like to switch blogawa.ca to use more standard aggregation software (a) so that I don’t have to maintain the codebase, and (b) so that I can add microformat parsing to the aggregator so that other planet sites will be able to detect microformatted postings.

There only seem to be two popular planet implementations: Planet Planet which is written in python, features 9,503 loc and output generated by a templating engine; the other implementation is planet-php which is written in PHP, with 608 loc (plus 1202 lines of XSL, ugh), and features output generated by XSL.

Given my aversion to templating engines, my dislike of XSL, I seem to be stuck. I either bite a bullet, or I keep up the opensource tradition of forking, splitting, and generally reinventing the wheel. =(