Computers

In grepping my feeds, I noticed something interesting about Diaspora finally hitting some recent publicity since my last check in. For those not in the know, Diaspora is meant to be a replacement for Facebook. The idea is good, basically take everything you could bitch about privacy issues on FB, fix it and roll it out with a distributed system that gives you as much control as possible over your stuff. I agree with Mark Zuckerberg (the FB guy) that Diaspora is a cool idea, really it is because of the decentralisation.

From what I’ve been reading about their first code drop however, I must say that it does not seem to be off to a very good start. A system that, to my knowledge touts privacy and security (compared to Facebook) as one of it’s strong points, obviously should not premier with more leaky holes than a Windows 98 demonstration. As much as I would like to crack a joke at that old relic, I can’t help but think how well Bill Gates took that incident in public. Old farts and fellow history lovers might see the inner-humour in that comparison. (Yes I used ’98.)

Being able to get a lot more eyes on target and the freedom in which fixes may flow, is one virtue of open source development, especially if you have enough people with a vested “Interest” in the projects outcome. There are many people who would like to see something like Diaspora succeed, and among them surely, more than a couple people willing to contribute aid towards that end. In a closed source environment, problems like that found in Diaspora would have only been findable by playing around with the release, and consequentially only fixed by the original developers a long time after attacks went wild. Like wise investors would be a different sort. Yes, even power users do glance at how their software works, let along crackers. Of those who really are looking closely, most are probably the dregs of the Internet or paid for the job, and either way it would be bad to bank business on the kindness of others. To my knowledge the only profit in finding exploits, is what you can slurp out of saps before it gets patched.

In the first article I checked out, some of the (now fixed) defects highlighted from Disporas code base were just blaringly, “WHAT THE FUCK WERE YOU THINKING!?” kind of problems. In the least, several of them are on my heads internal list of “No, No” to check before wrapping up. It makes me think the masterminds behind implementing the thing, were woefully unprepared for the task: web development is no easy task—and it is best if you take an anal approach to security early on, in my honest opinion.

The thing that irks me however, is who should be fixing those kind of things? Most of what I’ve seen highlighted should have been fixed before the code even left the developers workstation, if you go by my coding ethic. That gives my mind a moment to think about student-programmers, but this isn’t a rant; yet. Any way you slice it however, it is no the whole wide world of Open Sources job to be fixing everybody else’s code! Before you put your name on it, geeze, make sure it smells like a roll before you get rolled. I don’t mean to say anything against the developers… but this is looking like the start of an epic failure. Sadly.

Since opening a chequeing account, I’ve maintained a simple text file in my home directory, that takes the format:

YYYY-MM-DD +nn.nn // comment about this credit
YYYY-MM-DD -n.nn // comment about this debit

where the entries track the actual flow of money, not what’s in the chequeing account and what’s on my person at any given time. That’s the banks and my job ;p. Basically from this file, I know when I’ve spent or received money, how much, and approximately why. A quick compile of that against my bank balance and petty cash results in an error check: if the sums don’t match, something didn’t make it into my records! Since the file provides an obvious backtrace, it’s trivial to check things against memory/receipts for anything that’s been missed.

Now being a lazy S.O.B. why should I manually write out the entries in vim and do the math in CL? Well, arguably I could just implement a program to do all this for me :-).

Some people utilise spreadsheets, which is more work than it needs to be, until they become more advanced or more thoroughly programmable, not to mention. Namely I’m to lazy to use things like =DATE() and argue locales when I could use something else. There is also a ton of financial software in the world, but reading the manual tends to take longer than writing it, and many are overkill.

My thoughts? Either a small local program or web app would be perfecto. Finding one of the latter should be as easy as using Google or taking 20 minutes to write one. Decisions, decisions :-).

The thing I have against “Canned webapps” that some business runs, is the lack of control: it’s impossible to hack the code quite the way as something home brewed.

“When Defraggler reads or writes a file, it uses the exact same techniques that Windows uses. Using Defraggler is just as safe for your files as using Windows.” — source

I was just updating the CCleaner program I use, and thought I would take a look at the other programs they’ve posted on the new site. When I saw what I’ve just quoted above, on their defrag tools features page… I could not help but think “THAT IS THE WORST DAMN PITCH EVER!”, as safe for your files as using Windows!? Seriously folks!