[Kmymoney-devel] Feature request

TIm Dawson tadawson at tpcsvc.com
Sun Apr 14 16:44:22 UTC 2013


Folks -

With any luck, this will reach everyone . . .

First, for Thomas, I found your reject in my logs.  Not sure why it is 
catching you - your address doesn't match anything in the filter file, 
but at any rate, I have disabled that set of mail filters in order to 
allow your mail to (hopefully) come through cleanly.

First, regarding kmymoney4 (and kde4), I will have to do a full 
destructive update to my system to get that loaded, and unless there is 
a desperately needed feature, so far it has not seemed to be worth the 
work . . . what I have works (at this point) and frankly, I prefer the 
kde3 UI - I have not really been able to get the same look and feel in 
4, and I'm a stubborn bastard who does not want to change!

Having said that, I am a firm believer in security at the system level, 
and having this info in an obscure compressed file (as it is now) does 
not bother me.  I have only ever entered the passwords once - when they 
change, or on new account setup.  Having said that, my system for work 
had kde4 on it, so I am playing with kmymoney4 on it . . . and hence my 
"reinvestment" of time on the software. That, and since OFX requires 
that the password go out on the network in open text, it would appear to 
be a security hole basically by design . . . so not sure how much worse 
it gets having a security token on a secure system, vs on a public 
network that might get snooped . . . .

So, my thoughts to what Thomas has suggested . . .

1) Yes, kmymoney is currently a gui application.  *IF* the functions 
needed here are functionally separated therein, (IE, OFX update is a 
function, XXX.kmm file update is a function, etc.) it would appear that 
a data path in the code that never inits the GUI might be possible . . . 
and on this one, I can only speculate, since I am not familiar with the 
internals thereof.  Or, as mentioned earlier, perhaps easier to simply 
create a new wrapper program to call the functions accordingly.

As far as file access, it would appear that a simple flock (or similar) 
to block concurrent access would solve that issue with minimal effort . . .

I have just spent a few hours working with the "ofxconnect" program from 
libofx . . . and after patching it to understand more than three account 
types, I am able to pull my data to flat files with that tool.  Far from 
idea (it's an ugly little bastard, that's for sure), but I can at least 
have the current data preserved, which is a step ahead.

The down side is that even a couple of weeks of data takes a fair amount 
of time to import, times several accounts . . . now take that out 4 or 5 
months, with perhaps a couple of files a week.  Even if you modify to 
process the files on startup, that's a painfully slow process, and while 
better than nothing, still does nothing to achieve my goal of having the 
data set current *at program start*.

I'm not trying to be a pain to anyone here, and I most certainly 
appreciate that your folks are willing to bat the ideas around with me 
at all - yet another reinforcement for why I use open source!  And if my 
thoughts here are too far from most folks, then I can figure out how to 
run my batches and tolerate the delays.

- Tim

On 04/14/2013 07:02 PM, Brendan Coupe wrote:
> I download 12 accounts every day or two with one click from KMM. In my
> case going to each website would be significantly more painful. Not sure
> if either of us is a "normal" KMM user but I am much more efficient with
> KMM. You are missing many new features running the old KDE 3 version.
>
> I worked with Thomas for a while to get the OFX import to work better
> and to be less intrusive. For example, there is no dialog box at the end
> if there are no new transactions. I did not write any code, I compiled
> with his patches and tested the changes out. Thomas is in Europe and did
> not have access to an bank with OFX downloading available so he could
> only do so much without someone to help test and debug the changes. No
> need to code in order to help although I'm sure they would welcome
> coding help if you offered.
>
> If you have not received a response from Thomas please look for it
> below. He said his emails to you were bouncing back.
>
> *
> ----
> Brendan*
>
>
> On Sat, Apr 13, 2013 at 11:48 PM, Thomas Baumgart <thb at net-bembel.de
> <mailto:thb at net-bembel.de>> wrote:
>
>     Hi guys (and if present) girls,
>
>
>     lets tackle this from the technical perspective to give Tim an idea
>     what would
>     be involved, leaving the security issues aside. Or maybe, I should
>     touch this
>     first, because a few requirements must be met for this to work:
>
>     * KMyMoney data must not be stored encrypted (using GPG)
>     * The OFX password (and I am sure you must have entered it at least
>     once) must
>     be stored in the unprotected KMM file. It will be stored in clear-text.
>
>     Now the technical issues:
>
>     * KMyMoney is a single user / single process application. Running it
>     in the
>     background must make sure that the file is not opened otherwise.
>     * KMyMoney is a GUI application. In its current setup it won't work
>     w/o a
>     graphical environment (so you would not be able to run it in the
>     background).
>     * The process of importing any data (whether OFX, QIF, HBCI, CSV,
>     ...) is tied
>     with some user interaction during the process of recording the
>     transactions
>     into the engine. This user interaction must be somehow eliminated if
>     running
>     in the background is required.
>
>
>     Proposal: do it the old UNIX way - one program for each task
>
>     * Setup external (to KMyMoney) means to download the OFX files from
>     the bank
>     (wget, curl, perl, php are some options) and start them via cron to
>     drop the
>     information into a directory
>     * add a cli option to KMyMoney that passes the name of the directory
>     to the
>     application
>     * add a feature that this directory is scanned for files at startup
>     and start
>     importing them automatically after opening the KMyMoney data file
>     * Remove processed files to a another directory to let the user
>     decide what to
>     do with them after processing
>
>     I think that this will cover Tims requirements and also keeps
>     modifications to
>     KMyMoney at a low level. All interactive code can remain as it is.
>
>     Another idea just crossing my mind:
>
>     * Download files as explained above
>     * Use KMyMoneys 'web-connect' feature to import the files one at a time
>
>     Web-Connect works as follows:
>
>     * Start KMyMoney and open your data file.
>     * Start a second KMyMoney instance with the file to be imported as
>     argument
>     * If the file is importable (and OFX should be) it will trigger the
>     first
>     instance to do the import.
>
>     Maybe we have to tweak this mechanism for the second instance to
>     wait until
>     the import is finished. Don't know what happens if you use this too
>     fast in a
>     consecutive manner as it quits right after triggering the first
>     instance.
>
>
>     Have a nice weekend.
>
>     Thomas
>
>
>     On Sunday 14 April 2013 09:05:06 TIm Dawson wrote:
>
>      > As I said - I guess I use the thing differently than a lot of
>     folks. I
>      > have not been prompted for (or entered) an account password since the
>      > day the online account was defined - it's just load up kmymoney, hit
>      > "update" and it goes . . . and I pretty much use the program
>     standalone
>      > - kwallet is something that, despite being a kde user since the 2.x
>      > (maybe older, I forget) I have never bothered with . . .
>      >
>      > A large part of this is simply that this bank does not allow any
>      > transactions via OFX that can cost you anything . . . . it's
>     pretty mucn
>      > inquire only, and the OFX password has nothing to do with the main
>      > account, so I regard this as quite low risk.  (If they ever
>     change that,
>      > then I may need to rethink . . . ).
>      >
>      > Anyhoo, were I a PC user, I might also regard doing this manually as
>      > "pretty much the way of life" but being a Linux (Unix) user, it's
>     pretty
>      > much alien to me . . . technology is there so that we *DON'T*
>     have to do
>      > things manually, right?
>      >
>      > I too have been a kmymoney user from well before the days when
>     OFX was
>      > supported at all, and frankly, that was the one thing that pretty
>     much
>      > made it a non-starter for me.  And yes, I remember the pain of
>     the first
>      > deployments, when the OFX stuff was only partially integrated, and
>      > hacking code to get it to work . . . .
>      >
>      > So, based on my use of the OFX tools, yes, I could schedule to
>     bring up
>      > an OFX dump on an interval, but that is only marginally better .
>     . . I
>      > still need to take the time to process all the files, and only
>     *then* is
>      > the data in kmymoney of value to me - again, kind of defeating what I
>      > see as a primary purpose for a financial tool - current data on
>     demand.
>      >
>      > As far as checking for fraud and such, at this point, I do that
>     through
>      > the banks web page view - since it is current, it's much less
>     painful.
>      > What I mainly use kmymoney for is end of year tax
>     reconcilliation, and
>      > long term financial reporting (again, since the bank does not
>     have that
>      > much data online at any given time), since the US allows (well,
>     at least
>      > used to - don't get me started on *THAT*) us to deduct sales tax, and
>      > proper categorization of all transactions over a year in kmymoney
>     gives
>      > me a very good handle on that.
>      >
>      > The main reason that this came back up to me, is that I happened to
>      > (finally) take a look at the kde 4 variants of kmymoney (my personal
>      > system is still on kde3 . . . so running the old stuff) and wanted to
>      > see what all had evolved, since what I personally run is pretty much
>      > "stuck in time" and while there is a lot of good new stuff, this was
>      > still absent.
>      >
>      > So, I figured I'd ask . . . .
>      >
>      > To me, the security issues are pretty much a non-reason for doing
>     or not
>      > doing this . . . if the feature is there (and assuming the
>     workload is
>      > not large) then it's up to the user to decide what is secure or
>     not, no?
>      >   And I admit - I had not looked at the other means of password
>      > management - I've been doing it this way so long that frankly,
>     was not
>      > aware there was any other way.  Which is why the assumption that
>     running
>      > the already present account update features decoupled from the
>     GUI was
>      > the way to go . . . that would be the "golden ticket" at least
>     for me,
>      > and as I said, would not appear to require too much coding,
>     although I
>      > have not looked at the kmymoney source in a while.
>      >
>      > And yes, I have no issue helping on this, testing, whatever . . . .
>      > although my largest liability in that area is that while I am a
>     fair C
>      > programmer, I have never touched C++, which is why I chose to
>     basically
>      > beg for this first!
>      >
>      > Heck, if the code is structured such that the account file open and
>      > update functions are reasonably standalone (and in separate libs,
>     which
>      > appears to be the case) then putting together something like a cli
>      > command "kmymoney_update" would appear possible as well, and
>     frankly if
>      > I knew the code better (as well as C++) I probably would have taken a
>      > stab at it by now.
>      >
>      > Thanks for listening - working on making a formal request as well
>     . . .
>      >
>      > - Tim
>      >
>      > On 04/14/2013 05:06 AM, Brendan Coupe wrote:
>      > > I
>      > > n addition to the kwallet limitation I also have my KMM file
>     encrypted
>      > > so it can't be opened without the password. I guess options
>     could be
>      > > added to the command line to supply both the KMM password and the
>      > > kwallet password but that's not a very secure way to go. Kind
>     of defeats
>      > > the purpose of encrypting the file and storing the password
>     safely. Or
>      > > maybe this feature would only work if you left KMM running (not
>     a simple
>      > > cron job).
>      > >
>      > > Given the amount of effort required to manually enter the
>     transactions
>      > > that are more than 30 days old it seems like it would be much
>     easier to
>      > > have a reminder emailed to you every 2 or 3 weeks and do it
>     manually
>      > > until this feature is added. You don;t have to reconcile your
>     accounts
>      > > every time you download.
>      > >
>      > > Another option you may explore is finding a way to run a cron
>     job to
>      > > download the OFX file from Chase every couple of weeks and
>     storing them
>      > > so that you can import them when you get around to using KMM every
>      > > quarter. Not sure if there is a command line interface
>     available to do
>      > > this in the OFX tools. Or you could look for a bank that lets your
>      > > access YOUR data for more than 30 days:-)
>      > >
>      > > I have been using KMM since before you could download OFX files
>     from the
>      > > bank from within the program. I use to download them manually
>     from each
>      > > bank and import them into KMM. I was so happy when I could
>     finally do
>      > > this from within thee program, I did not see the need to have the
>      > > automated. I prefer to download them frequently so I know if
>     there is
>      > > any fraud going on in any of my accounts. I use to think I
>     wanted to
>      > > have KMM update in the background (probably because MS Money
>     could) but
>      > > haven't felt that way in years - mostly because of the security
>     issues
>      > > it would cause..
>      > >
>      > > In the future I would suggest avoiding comments like "which is
>     an absurd
>      > > requirement...". The developers work for free and they are
>     usually very
>      > > accommodating if you ask nicely and are patient. You should
>     also plan to
>      > > help debug these changes when they are made if you want to make
>     sure
>      > > they work as you hope. I was compiling KMM  with patches a few
>     months
>      > > ago and got exactly the features I had asked for and more (the Not
>      > > Marked, Not Reconciled counts on the home screen). The process
>     usually
>      > > works great but not always as quickly as we'd like. The again
>     Microsoft
>      > > never added any features that I requested in MS Money:-)
>      > >
>      > > I have been reading the user and developer groups since I
>     started using
>      > > KMM. I don't think automatic bank downloads have been requested
>     very
>      > > often (maybe once or twice) and I assume that's a factor in
>     determining
>      > > which features are added next (along with degree of difficulty
>     and ...).
>      > >
>      > > *
>      > > ----
>      > > Brendan*
>      > >
>      > >
>      > > On Sat, Apr 13, 2013 at 3:12 PM, Jack <ostroffjh at sbcglobal.net
>     <mailto:ostroffjh at sbcglobal.net>
>      > >
>      > > <mailto:ostroffjh at sbcglobal.net
>     <mailto:ostroffjh at sbcglobal.net>>> wrote:
>      > >     On 2013.04.13 13 <tel:2013.04.13%2013>
>     <tel:2013.04.13%2013>:20, TIm Dawson wrote:
>      > >         One of the most basic features that I would have
>     assumed would
>      > >         have been a "gimme" in any financial management package
>     that can
>      > >         be utilized in conjunction with a financial
>     organization (IE,
>      > >         can upload transactions from a bank) would be the
>     ability to
>      > >         actually schedule those uploads to happen *WITHOUT* any
>     user
>      > >         intervention.  Either I am totally blind, or in the 5+
>     years
>      > >         that I have been using KMymoney, this feature has been
>     painfully
>      > >         and notably absent.
>      > >
>      > >         Perhaps it's just my patterns as a user, in that I don't
>      > >         necessarily reconcile my accounts monthly (more like
>     quarterly,
>      > >         unless there is an issue) and what happens is that
>     Chase only
>      > >         keeps 30 days of online transactions uploadable, so
>     inevitably,
>      > >         I spend way too much time hand entering stuff that
>     should have
>      > >         been uploaded.  Barring my remembering to do this on a
>     periodic
>      > >         basis (which is an absurd requirement . .  .) a
>     mechanism to
>      > >         schedule this via cron (or other process scheduler) to run
>      > >         *WITHOUT* user intervention would appear to be an
>     obvious need -
>      > >         and need not be anything more sophisicated than a
>     command line
>      > >         option such that kmymoney can be run such as "kmymoney
>      > >         --update-all" and have an OFX update occur, the same as if
>      > >         update-all was selected from the gui, but with no
>     intervention,
>      > >         and no need to load the gui to a desktop.
>      > >
>      > >         Seems like all the parts are there . . . again, I can't
>     fathom
>      > >         why this isn't available (or have managed to miss it
>     for years .
>      > >         . . ).
>      > >
>      > >     Tim,
>      > >
>      > >     I don't think you have missed anything, although I don't
>     see the
>      > >     absense of this feature to be either painful or notable.
>       However,
>      > >     to make sure it does not get forgotten, you can open a
>     ticket at
>      > > bugs.kde.org <http://bugs.kde.org> <http://bugs.kde.org>, using
>     the severity of "wishlist."
>      > >
>      > >     As for whether it's simple and essential or not - that's up for
>      > >     debate.  Personally, I prefer to download transactions more
>      > >     frequently, and interactively, so I can assure correct
>     matching of
>      > >     payees and categories.  Also, if there were a command line
>     option
>      > >     that could be scheduled with cron, it would mean that the
>     password
>      > >
>      > >       to the OFX account would need to be available.  That may
>     or may
>      > >
>      > >     not be an issue for you - but it likely is for some people.
>       I have
>      > >     my passwords stored in kwallet, and the first time it is
>     accessed in
>      > >     any session, it requires me to enter my password to open
>     the wallet.
>      > >
>      > >       If you remove the requirement for a password to the
>     wallet, some
>      > >
>      > >     people would consider that a security issue.  I know KMM
>     can store
>      > >     the password itself, but some don't consider that sufficiently
>      > >     secure.  Yes - KMM could have the feature, and the paranoid
>     among us
>      > >     could keep the password on kwallet and just not use the
>     feature, but
>      > >     this leads to a second point (as has been pointed out on
>     this list)
>      > >     developer time is somewhat limited, and all the developers are
>      > >     volunteers.  They add features and fix bugs because they
>     want to,
>      > >     not because someone says it is essential.
>      > >
>      > >     As a short term workaround - you could have cron send you a
>     message
>      > >     reminding you to download your transaction.
>      > >
>      > >
>      > >     Jack
>      > >
>      > >     _________________________________________________
>      > >     KMyMoney-devel mailing list
>      > > KMyMoney-devel at kde.org <mailto:KMyMoney-devel at kde.org>
>     <mailto:KMyMoney-devel at kde.org <mailto:KMyMoney-devel at kde.org>>
>      > > https://mail.kde.org/mailman/__listinfo/kmymoney-devel
>      > >     <https://mail.kde.org/mailman/listinfo/kmymoney-devel>
>      >
>      > _______________________________________________
>      > KMyMoney-devel mailing list
>      > KMyMoney-devel at kde.org <mailto:KMyMoney-devel at kde.org>
>      > https://mail.kde.org/mailman/listinfo/kmymoney-devel
>     --
>
>     Regards
>
>     Thomas Baumgart
>
>     GPG-FP: E55E D592 F45F 116B 8429   4F99 9C59 DB40 B75D D3BA
>     -------------------------------------------------------------
>     Of all the computing resources available, the most valuable one is
>     programmers' time. Especially in open source where most of us have to
>     sneak in time to write and debug code. (Ace Jones)
>     -------------------------------------------------------------
>
>     _______________________________________________
>     KMyMoney-devel mailing list
>     KMyMoney-devel at kde.org <mailto:KMyMoney-devel at kde.org>
>     https://mail.kde.org/mailman/listinfo/kmymoney-devel
>
>


More information about the KMyMoney-devel mailing list