-
Much better than your mother's maiden name.
-
A tiny design quirk in BMWs that you would probably never notice, being copied in a number of top-end cars.
Monthly Archive for February, 2009
I’ve been trying out a few of the online services for managing money. I have a couple of pretty simple use cases for this:
- Am I being robbed? Look through credit card and bank statements for activity I don’t remember, subscriptions I thought I’d cancelled or Direct Debits that shouldn’t be taking money.
- Cashflow projections based on different debt mechanisms (i.e. if I pay x off a credit card, what does my cashflow look like)
- Slicing, dicing and browsing to see where money is really going.
Pretty typical usage for most people I think. I have a few credit cards, and I use my debit card a lot, so tracking all of this manually is quite a pain. Ideally I’d use a service that fetches all this data automagically from the various institutions, and provides me with a decent interface. I’d settle for uploading my statements manually. I’m happy to pay for this service.
I’ve found four options:
Mint.com
Mint has had rave reviews, and sounds excellent. Unfortunately it’s US only for now. They plan to roll out in the UK “late 2008, early 2009″. But not right now.
First Direct
I use First Direct, the HSBC online bank, for my current account. Their web interface isn’t the greatest, but it works reliably. I can do all the things I want to, even if sometimes it’s a bit tortuous. They provide an additional pay-for service called Internet Banking Plus that integrates with other banks and shows your statements for every account. I don’t know what else it does, but it sounds worth a try.
Unfortunately it requires Windows and Internet Explorer, so it’s complete FAIL.
Kublax
This is a beta service that’s aiming to do the same sorts of things as Mint.com. I registered for this and went through the various options for telling it your transactions. It has an automagic integration (using Yodlee) with every bank I need - you provide your access details for the bank, and it connects and pulls down your transaction details.
Unfortunately, the security for this is a complete disaster. If you go to http://www.kublax.com and log in, you remain on an unencrypted connection. When they pop up a form asking for your banking details, this submits the details over an unencrypted connection. You can see a screenshot from firebug below (click on the image to get the full-size view).
That last GET request is the one that contains all your lovely super secure banking details - going over the public internet in the clear. Thankfully I was paying attention and saw everything was in the clear, and entered only “foo”s. I suspect most people don’t notice.
The impact of this might not be obvious. For those who don’t know, lots of internet equipment has been hacked by bad guys, and you have to assume that anything that isn’t strongly encrypted is being snooped successfully. In addition of course, if you are on a wireless connection that isn’t using WPA, your data is easily snooped locally too, using any old laptop. Not so much of a problem at home perhaps, but try not to do your online banking in airports, ok?
I’ve informed Kublax about this breach incidentally.
You can navigate manually to https://www.kublax.com and then do the same thing, but this time over an encrypted connection. All they need do is switch to an encrypted connection early enough. It is quite upsetting that they provide any service over unencrypted http to be honest - just bouncing every http request directly to an https URL would be the best solution.
Once I’d convinced myself my details were going over a secure link, I tried automatically downloading my statements from a bank account and a credit card, but neither actually worked, and I got a non-specific error at the end of the process. So after all that, it didn’t work. sigh.
Perservering perhaps more than was sane, I uploaded some bank statements that I had manually downloaded from my bank. This functionality works pretty well, although to get to the point of adding a manual account you have to go through a whole bunch of hoops that are difficult to repeat. It supports QIF and OFX formats, which all of my banks provide, so that’s ok.
Once the statements are uploaded, you are presented with some basic analytics on your data, and you have the option to categorise your transactions. Categorisation is klunky and difficult to apply, with an interface that requires quite a few clicks and mouse movements to execute. When you’re doing this for dozens of transactions it gets painful quickly. Seriously guys, this is 2009, do some bloody usability work before coding ok?
Also, changes didn’t always stick - I’d categorise an item, it would claim to be categorised, but if i paged off and back it would go back to being “Uncategorised”.
Finally, when I’d got a bunch of data categorised I couldn’t really do any of the things I wanted with it. It shows a flash pie chart, and you can slice and dice, which is kind of interesting. But I couldn’t find any functionality for doing much more than that. This was better than the competition though, depressingly.
In conclusion for Kublax: security fail, usability fail and coding fail.
If I were a VC who had funded this I would be quite upset. if you are a VC who funded this, then give my company, Isotoma, a call - we build web apps that are secure, a joy to use and that actually function, unlike your current lot.
Wesabe
Wesabe looks promising - the site design is much better than that of Kublax, and it shows some smarts. It has two options for providing your transaction data - for banks that they support automatic access, you can enter your credentials for your bank and it will fetch the data. Alternatively, they have a Firefox plugin, which is would be a good idea if it actually worked.
The browser plugin works by recording your activity - you tell the plugin the starting url for your banking site, and then it records what you enter to download a statement. It can then replay this to get your statement. Thing is, banks have instituted specific measures to defeat replay attacks - most sites now ask you for specific letters from a longer password. This specifically stops this kind of automation from working. In addition my current account site uses a popup for the banking interface, which is obviously a bit crap of them, but it defeated the Wesabe plugin completely. It could replay as far as clicking the button to open the popup, and then stopped.
So, stopped at the first hurdle - I never managed to get any data into this site. If there is a manual upload facility, so I can put my statements in, I failed to find it. I’d be happy doing this too, to be honest - uploading six statements once a month isn’t that onerous.
Conclusion
None of these sites satisfied me. Kublax came closest, since I actually managed to get some data into them and view it, but it’s interface was klunky enough, and their security feeble enough, to stop me wanting to go back. There is a real opportunity for someone to clean up here, and it could well be Mint.com, if they do a competent release in the UK.
-
Getting an existing windows partition, for example on your dual boot laptop, working in Linux. Hopefully will stop me from having to reboot my laptop everytime i want to use web meeting software.
Excellent post from PZ Meyers: Effectively non-existent. He quotes Roger Ebert (who needs news when we can all just link to each other) who says:
Science has no opinion on religion. It cannot. Science deals with that which can be studied or inferred by observation, measurement, and experiment. Religious belief is outside its purview, except in such social sciences as sociology, anthropology, and psychology, where even then not the validity of the beliefs but their effects are studied.
This particular claim seriously winds me up, and it winds PZ up too. PZ however is better at explaining why:
In the United States today, we have tens of thousands of priests, rabbis, mullahs, pastors, and preachers who are paid professionals, who claim to be active and functioning mediators between people and omnipotent invisible masters of the universe. They make specific claims about their god’s nature, what he’s made of and what he isn’t, how he thinks and acts, what you should do to propitiate it…they somehow seem to have amazingly detailed information about this being. Yet, when a scientist approaches with a critical eye, suddenly it is a creature that not only has never been observed, but cannot observed, and its actions invisible, impalpible, and immaterial.
So where did these confident promoters of god-business get their information? Shouldn’t they be admitting that their knowledge of this elusive cosmic beast is nonexistent? It seems to me that if you’re going to declare scientists helpless before the absence and irrelevance of the gods, you ought to declare likewise for all of god’s translators and interpreters. Be consistent when you announce who has purview over all religious belief, because making god unobservable and immeasurable makes everyone incapable of saying anything at all about it.
Anyhow, read the whole thing, he makes the point far better than I ever could.
-
Synchronising Thunderbird with Google Calendar
-
Focusing on the crucial years of childhood between the ages of 5 and 11 – from the start of statutory schooling to the onset of adolescence – No Fear examines some of the key issues with regard to children’s safety: playground design and legislation, antisocial behaviour, bullying, child protection, the fear of strangers and online risks. It offers insights into the roles of parents, teachers, carers, the media, safety agencies and the Government and exposes the contradictions inherent in current attitudes and policies, revealing how risk averse behaviour ironically can damage and endanger children’s lives. In conclusion, No Fear advocates a philosophy of resilience that will help counter risk aversion and strike a better balance between protecting children from genuine threats and giving them rich, challenging opportunities through which to learn and grow.
-
remarkable creationist rant. full of amusing lies.
-
Pure python search engine
-
Pipe viewer lets you see progress of parts of a unix pipeline
-
Excellent writeup of YQL
Something my father once told me came back to me this morning as I read the newspaper reports of the commons hearing yesterday where various top bankers were gently grilled by MPs.
My dad used to work in the fruit and vegetable trade and at one point he was managing a depot for a wholesaler in Alice Springs, right in the middle of the Central Australian desert.
Alice Springs only exists because it sits on top of some large natural fresh water springs, so although it’s in the middle of the desert it’s possible to irrigate farmland and grow fruit and vegetables. This was before the widespread use of refrigerated road transport and Alice Springs is thousands of miles from anywhere, so although a certain amount of fruit and veg could come in by rail, it was largely a closed market.
My dad said that every year the same thing would happen. The previous year a certain product, maybe cabbages, had been in short supply, so they’d been very expensive. This year all the local farmers would grow loads of cabbages, hoping to make lots of money. Instead of course there would be a huge glut and cabbages would be worthless. Instead something else, perhaps watermelons, would be in short supply. So then everyone would grow watermelons the next year and once more they would be worthless, and everyone would be sick of them and would wonder why on earth everyone could have been so dumb as to have grown watermelons.
Even in a small quite predictable economy where you would hope the free market would lead everyone to diversify and find an appropriate niche, instead everyone did the same thing, to the detriment of the entire economy.
It struck me that this is, in the small, what really seems to have gone so horribly wrong with our economy. The problem was not individual people buying houses, or individual people taking out lots of loans - the problem was everyone doing it together.
The tendency of the herd instinct to engender a sense of safety was very much in evidence yesterday, where the heads of various bankers gave evidence in front of a commons committee. One after the other they basically said that “yes we have made some bad decisions but everyone else did it too so I’m not responsible”. The idea that somehow because the whole bloody lot of them ran off a cliff all at once like a load of lemmings means that none of them are individually responsible shows just how crap they were psychologically when they were supposed to be making rational decisions.
It is perhaps acceptable for the man on the Clapham omnibus to use this excuse, but these guys are supposedly at the top of their game. The fact that everyone else was doing it should not have made them feel safe if should have scared the hell out of them.
It’s a bit like that asinine argument against doing anything “but what if everyone did that?”, as if somehow one’s actions were being closely observed by all six billion inhabitants of earth merely so they can copy you. The correct answer is obviously to not bloody do it, since if everyone is doing it, it’s bound to go horribly, horribly wrong.
Recent Comments