It's been rumoured that [EMAIL PROTECTED] said: > > On 21 Jun, [EMAIL PROTECTED] wrote: > > > Yes; you could use something like e.g. libXML to parse the ofx (I'm thinking > > SP is too big or too complex, dunno???), and jam the resulting data into the >existing > > structures in the gnucash engine (you are welcome to suggest/discuss/implwement > > extensions/enhancements to the current gnucash engine structures). > > SP seemed to be a bit much. I don't want to duplicate effort, it's > really not the "Free Software" way. ;) > > I'm not familiar enough with the code yet to think up improvements in > the engine, but when I do get there I'll be sure to let everyone know > if I find anything. > > > Well, the origianl idea was that for each and every request & respnse > > in the DTD, there would be an *identical* C++ class. The C++ class would > > Very cool idea. > > > compile-time versioning nightmare. This is why I think my inital approach > > is inappropriate at least for ofx; I just don't trust microsoft & intuit enough > > not to screw it around. > > I agree, M$ and Intuit are not really the type of company you can trust > not to mess up an open spec. > > > My impression is that these are well-kept secrets so that hackers like us > > are discouraged from screwing around. I did find one for e*trade, and > > some other one, I think they're in the ofx dir which btw has been moved > > to raw/ofx from src/ofx. They worked; I was able to log on (see the sample > > traces included.) > > That's what I'm beginning to find too. When are people going to learn > that "security through obscurity" doesn't work? *sigh*. Maybe if I > pester the bank I can talk them into giving me the URL. If not I guess > I could run tcpdump on my firewall and catch a trace of the session. bzzt; you'll get the ip address but not the url. the first thing quicken & msmoney do is open an ssl socet so you won't see the traffic. So I created a man-in-the-middle ssl spoofer. still no luck, since at least msmoney refused to work with a certificate that wasn't signed by a bonafide certificate authority. We'd need to shell out the $50-$100 or whatever to get one or borrow one somewhere. I did discover that intuit does the following little nasty: when one starts up & it asks about diagnostic information, and you click ok, it opens a connect to intuit and sends some very nice XML ... -- your quicken registration/serial number ... wait theres more -- cpu speed cpu type installed ram MBytes ... wait theres more -- cdrom speed, make & manufacture, ditto modem, ehternet card, etc. info ... wait theres more -- the last time you used quicken -- the bankid of the last bank you did you transaction with -- the time of day you did it at, -- whther that transaction was successful or had an error in it (ofx error code) -- loop until n most recent transactions summarized. I was appalled. It did everything except send back the actual dollar amount, and the actual bank account number you used. This is seriously serious BS; and I am waiting for the lid to blow; for the major dailies to pick this up. btw this *was* a beta/developmet version of quicken, I don't know if the general-issue products do this. I went home dizzy. You cannot trust these guys. --linas > > >> I'm getting a handle on this slowly, 600 pages of docs was a bit more > >> then I expected. ;) > > > > No kidding. I think it was meant to be a pre-emptive strike against > > IBM and the banks, they wanted to prove they were better at banking > > than the banks ... microsoft is after world domination, remember? > > Sure seems like it. But it also seems to be the only well-supported > protocol at the bank level. So we're kind of stuck with it. > > I thought WE were after world domination! ;) > > Travis > ----- %< -------------------------------------------- >% ------ The GnuCash / X-Accountant Mailing List To unsubscribe, send mail to [EMAIL PROTECTED] and put "unsubscribe gnucash-devel [EMAIL PROTECTED]" in the body
