Bank websites

Leave a reply

It boggles my mind that the banks haven’t figured out how to make their websites more useful than they are. Why are these sites limited to online versions of bank tellers?

Here’s what I want my bank’s site to provide:

  • Allow me to categorize or tag every transaction. I want to mark that Subway is “Eating out”.
  • Learn from previous transactions and automatically suggest classifications for me. If I marked “89328374 Ontario Inc.” as car repairs two months ago there is a good chance it goes into the same category this month.
  • Summarize the totals for each category and show trends. Am I spending more on eating out every month?
  • Allow me to set targets or thresholds for each category and send me notifications if I cross them. If my budget is $300/month for eating out I want to know when I’m beyond that.

The banks already have access to all of my account activity and I don’t want to provide a third party, especially one outside of Canada, with my online banking credentials to get this functionality.

Why would a bank build this?

  1. It provides an incentive to move all of your accounts to one bank.
  2. I’d switch banks to get these features so I’m sure others would too.

Books

Leave a reply

I recently finished reading a couple books that are worth mentioning.

The first is Cory Doctorow’s Little Brother. Don’t let the teen categorization discourage you, this is a book any technology geek will love. The best one line summary I can think of is that this book is a modern version of Nineteen eighty-four with the addition of a little teen rebellion. The story and characters are very well written and interwoven are decent introductions to important security techniques such as public key encryption and onion routing. Targetting this book at teen readers was a brilliant idea. I can’t think of a better way to help them understand what a security state would feel like.

The second book is Who Controls the Internet?: Illusions of a Borderless World by Jack Goldsmith and Tim Wu. No, this isn’t some kind of conspiracy theory book. The answer put forward by the authors is basically that territorial governments control the Internet despite the Utopian non-governmental ideal that many technologists associate with the Internet. The source of this control comes from the fact that governments are alone (mostly) in their ability to use physical coersion. While this in of itself isn’t that earth shattering I found the suggestion that online businesses such as eBay are reliant on the excercise of this coersive power very interesting. Even if the Internet isn’t that interesting to you this book is worth reading for the discussion of the role of government in commerce.

I’ve also recently read Switch and Linchpin which both deserve short reviews but that will have to be some other time.

Django/mod_wsgi on Fedora 12

2 Replies

I recently deployed a Django application with mod_wsgi on my server which runs Fedora 12. Since this required a bit more configuration than a standard Apache virtual host I thought it might be useful to document the configuration for others.

SELinux

While SELinux can be a little annoying if you don’t understand how it works it is a very powerful security layer that should not be disabled. In order to get the Django/mod_wsgi application working I had to modify a couple of SELinux booleans which give Apache extra permissions.

setsebool httpd_tmp_exec on
setsebool httpd_can_network_connect on

mod_wsgi configuration

The default configuration tries to create the mod_wsgi sockets in a directory that SELinux does not allow Apache access to. You can change this by adding the following line to /etc/httpd/conf.d/wsgi.conf.

WSGISocketPrefix run/mod_wsgi

Apache virtual host configuration

Below is the Apache virtual host configuration. Note that I have chosen to use mod_wsgi’s daemon mode and processes instead of threads because some of the libraries I’m using are not thread safe.

<VirtualHost *:80>
 ServerAdmin dan@example.com
 DocumentRoot /home/vhosts/example.com/
 ServerName www.example.com

 Alias /robots.txt /home/vhosts/example.com/example/web/static/robots.txt
 Alias /favicon.ico /home/vhosts/example.com/example/web/static/favicon.ico

 # Static files.
 Alias /static /home/vhosts/example.com/example/web/static

 # Admin static files.
 Alias /media /home/vhosts/example.com/dependencies/Django-1.2.1/django/contrib/admin/media

 WSGIScriptAlias / /home/vhosts/example.com/example/web/example/django.wsgi
 WSGIDaemonProcess example.com processes=15 threads=1 display-name=%{GROUP}
 WSGIProcessGroup example.com

 ErrorLog logs/example.com-error_log
 LogFormat "%a %l \"%u\" %t %m \"%U\" \"%q\" %p %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" custom_log
 CustomLog logs/example.com-access_log combinedio
</VirtualHost>

New OpenPGP key

Leave a reply

For the two people that care I’m migrating to a new OpenPGP key. I created the old key way back in 2001 so it is time to move to a longer RSA key instead of DSA. The new key also uses the stronger SHA-256 hash.

You can find the signed (with both the old and new key) transition note at:

http://www.coverfire.com/files/key-transition.txt

Here are a few useful links for anyone else making this transition.

http://www.debian-administration.org/users/dkg/weblog/48

http://keyring.debian.org/creating-key.html

Python tutorial and advice

Leave a reply

A friend at work recently pointed me to a Python tutorial called Learn Python the Hard Way. It’s very basic but the later part has a little opinion chapter titled Advice from an old programmer which is worth taking the time to read. Below is one quote from this chapter.

Programming as an intellectual activity is the only art form that allows you to create interactive art. You can create projects that other people can play with and you can talk to them indirectly. No other art form is quite this interactive. Movies go out to the audience. Paintings don’t move. Code goes both ways.

Programming as a profession is only moderately interesting. It can be a good job, but if you want to make about the same money and be happier you could actually just go run a fast food joint. You are much better off using code as your secret weapon in another profession.

Canada 3.0 Twitter graph

1 Reply

The other day I found Gephi which was used to create these amazing graphs based on GitHub data. So I thought it might be fun to pull some data into Gephi and play with it. I decided on using the Twitter API to obtain all of the Tweets related to the upcoming Canada 3.0 conference in Stratford, ON, CA. I used the ‘can30’ hash tag as the search term but since the Twitter search only returns Tweets less than seven days old the history is limited.

I used Python and igraph to create the graph and exported it to GraphML which Gephi can import. Here’s the resulting GraphML file if you are interested.

I also used igraph to export PNG and SVG versions.

The nodes in the graph are Twitter users. The size of the node is relative to the number of new Tweets with the #can30 hashtag. By ‘new’ tweets I mean not re-Tweets. The edges represent re-Tweets and the width of the edges are relative to how many times the source user re-Tweeted the destination.

Based on the graph, Canada3Forum is the largest source of new Tweets followed by tobidh and there are lots of users re-Tweeting Canada3Forum’s messages.

Canada 3.0 on Twitter

Linux x86_64 and Javascript

1 Reply

The competition between browsers in the area of Javascript performance has led to some pretty dramatic performance increases in the last couple of years. A lot of this has been accomplished through Javascript just in time (JIT) compilers. What JITs do is convert the Javascript into native instructions which execute a lot faster than more abstract forms. The one downside to this approach is that each native architecture must be supported to get the speed boost.

If you follow Javascript performance you know that recent versions of Firefox have a JIT. What you may not know is that there is no JIT in Firefox for x86_64. This isn’t that big of a problem for Windows since there are so few 64-bit windows users but Linux distributions have been native 64-bit for quite some time. So if you’ve installed a 64-bit version of your faviourite Linux distribution you are getting far slower Javascript performance in Firefox than if you had installed the i686 version. How much slower?

The following benchmarks were executed on an i7-930 running Fedora 12, Firefox 3.5.8 and Epiphany 2.28.2. The benchmarks I used are the SunSpider and V8 Javascript benchmarks.

Browser/arch V8 (higher is better) SunSpider (lower is better)
Firefox i686 PAE 402 1002.6ms
Firefox x86_64 277 2131.2ms
Epiphany x86_64 887 1261.0ms

These results show that the Javascript performance of i686 Firefox is a lot better than x86_64. The Epiphany web browser is based on Webkit which, based on these results, I’m guessing does have a x86_64 JIT.

AMQP and Twisted

9 Replies

In one of my pet projects I’ve been using Twisted and txamqp. I use Twisted’s twistd to launch the service but unfortunately txamqp doesn’t come with any examples of how to use it with twistd. So I wrote a factory and protocol which makes it trivial to use txamqp with twistd. I haven’t tested it extensively but it appears to survive losing the connection to the AMQP server and reconnecting. I’m far from a Twisted expert though so please let me know if this isn’t the way it supposed to be done.

You can find the code in my Git repository.

ejabberd default permissions

2 Replies

I upgraded my ejabberd to 2.1.0-rc1 today and while doing so decided to start with a fresh ejabberd.cfg. This reminded me of something I noticed when I first switched to ejabberd but forgot to blog about. The default permissions in ejabberd are a bit surprising.

Before I go into details, I’m not arguing any of these problems are the end of the world but I think it would make lot of sense for ejabberd to ship with a safer configuration and allow administrators to open things up if desired.

MUC permissions

The default MUC (XEP-0045) access list is:

{access, muc, [{allow, all}]}.

This access list allows all JIDs, even those on remote servers. The default MUC configuration uses this access list for all operations.

{mod_muc [
    %%{host, "conference.@HOST@"},
    {access, muc},
    {access_create, muc},
    {access_persistent, muc},
    {access_admin, muc_admin}
]},

As a result, the default configuration allows users on other XMPP servers to create rooms on the local MUC server. Probably not that big of a deal but I don’t see a good reason why my server should be hosting channels for external users. Worse, would I be responsible if the channel was used for some nefarious purpose?

I created a new access list which only allows local JIDs and used this access list for access_create and access_persistent.

{access, muc_create, [{allow, local}]}.
{mod_muc [
    %%{host, "conference.@HOST@"},
    {access, muc},
    {access_create, muc_create},
    {access_persistent, muc_create},
    {access_admin, muc_admin}
]},

Pubsub permissions

The default Pubsub (XEP-0060) permissions are:

{access, pubsub_createnode, [{allow, all}]}.

Again, this allows all JIDs, even remote ones to create nodes on the Pubsub server. I changed this to the following.

{access, pubsub_createnode, [{allow, local}]}.

In-band registration

This really amazes me. In-band registrations (XEP-0077) allows users to connect to an XMPP server and create new accounts. This is enabled in the default configuration that ships with ejabberd.

{access, register, [{allow, all}]}.

I wonder how many ejabberd servers there are with unexpected users?

The solution is documented immediately above the register access list definition.

{access, register, [{deny, all}]}.