Reading Archival CDs from the PayMyBills Service? 31
renehollan asks:
"PayMyBills produces Windows-only year-end archive CDs, without warning. Has anyone tried
to read these under Linux, Solaris or other non-MS operating systems?
My experience to date is
here."
I can emphasize with renehollan, here: apparently PayMyBills sends out scanned images of the checks used to pay your bills, however they go
to great lengths to make sure the information is only usable on
Windows without mentioning it as a requirement for their archive CDs.
I assume this is done so that the data on the disk can be "encrypted" (or just password protected) when the disk is published. Has anyone else using this service been able to get at the pertinent data?
JAD (Score:3, Insightful)
String astring = new StringBuffer("..").append(File.separator).append(
Re:JAD (Score:2)
http://kpdus.tripod.com/jad.html
Re:JAD (Thanks) (Score:2)
Re:JAD (Score:2)
What you'll want to do to get the runtime-system-dependent path separator is System.getProperty("file.separator").
jad is pretty rad, though.
Re:JAD (Score:1)
Re:English lesson (Score:1)
In real companies they employ secretaries to do this stuff. Any documentation I write that goes to clients has someone better at writing than me look over it. It's called professionalism. I guess typing through tear stained eyes from looking at the stock gets a bit much!
Re:English lesson (Score:2, Informative)
Already solved... (Score:3, Informative)
Re:Already solved... (Score:2)
Re:Already solved... (Score:1)
Re:Already solved... (Score:2)
Re:Already solved... (Score:1)
GCJ's library is missing some packages (Score:2)
There's always gcj, and gcj is Free
GCJ is just a compiler for the Java language, and it needs a class library to run programs, and if the software relies on a class that your JRE's class library doesn't have, you're screwed. From the GCJ home page [gnu.org]: "Most of the APIs specified by 'The Java Class Libraries' Second Edition and the 'Java 2 Platform supplement' are supported ... AWT is currently unsupported" (my bold), which means it can't run GUI apps or applets.
Re:GCJ's library is missing some packages (Score:2)
Re:Stopped reading (Score:3, Interesting)
The ironic thing is they could at least provide a Linux JRE to permit Linux users to decrypt the CD and browse it normally. (Browsing the encrypted CD would require running Apache properly integrated with Tomcat, I imagine).
Re:Stopped reading (Score:1)
CDs without warning... (Score:4, Funny)
What fun (Score:1)
However......
Since they assume that everyone using their service runs Windows, you should make the point with them that this is not the case. Maybe do them the favor of pointing out their flaws but don't fix them for free.
What you are doing might have some value to their business. If so you should get a cut of that value.
Otherwise let them figure out how to make their product secure yet available to all their customers.
Re:What fun (Score:2)
I have already spoken to one of their customer service reps at length about some of the flaws in their "encryption" approach: 1) it's rather pointless since they send the key in plain text; 2) it disenfranchises non-Windows and non-Mac users; 3) it increases support costs; 4) Linux users are a growing crowd. He seamed willing to listen at least and acknowledged my points.
I mentioned that, with a bit of effort and luck, I might be able to read the disk under [GNU/]Linux. So far, I have managed to decrypt the CD contents, and more importantly, gotten their local http server to run under Linux to read the CD directly (using J2SDK 1.4.0 and more file name folding hackery -- their java presumes upon Windows (well DOS) filename case folding in a couple of places and has other less avoidable Windowsisms). I had asked for any tech support they could send my way, with a promise to share my findings. To date, I have received no support. (In fairness, they made it clear that they "do not support" Linux).
As to negotiating reimbursement from them for sharing my efforts, I'm afraid that would be a violation of my H1B visa. Even doing it for them for free might be (I'd have to show that I volounteered something that was not ordinarily a paid service).
Re:What fun (Score:2, Funny)
you do like mankind don't you? If you don't, then the terrorists have already won.
TANSTAAFL (Score:1)
Like a kid with a toy they've been given vs. one they earned, the company will value and respect the work more if they pay for it. If he gives them the tweak to make the CD work then it's more like "oh look what the nice kid who plays with Linux gave us" rather than giving his work the credit that is due.
Second, if you give it to them you set a precident. They will come to expect that they can pay to hire programmers to write Windows apps then have Linux compatability follow for free.
I came to understand this recently working as a mechanic. The agency that hired me does not have money in this years budget to pay me overtime. Sometimes I get involved in a job and don't want to quit and am willing to stay late a few more minutes without pay to finish up.
Sounds fine right?
Not when there are other mechanics who are budgeted. By working for free I have taken the opportunity for them to work. I've taken money away from them. So not only am I not playing nicely with the other mechanics, now my employeer thinks "it's no big deal to budget for this guy for overtime next year, he'll work for free".
The same thing would apply here.
I'm not saying he should ask a fortune, but at the very least he should seek a token for his work.
Tough thing tho about the H1B restrictions. Not sure about how to work around that and even giving it away could cause problems.
Re:TANSTAAFL (Score:2)
1) The whole H1B visa thing: it can be so bad that you can get kicked out of the country for cleaning your own gutters -- "depriving an American of the job"! Yes, that was an extreme case, and it involved a TN1 instead of an H1B visa (basically, someone pissed off their neighbor who found an INS asshole and turned the gutter-cleaner in), but the fact is INS people have increadible discretionary powers.
2) It's not like PayMyBills needs the patch. I'm sure they have plenty of Windows customers.
3) If I don't give it to them, or they refuse to pay me for it, or I can't make it available to them for INS reasons, the Linux community is left poorer. I don't care as much about PayMyBills getting a freebie, or getting paid for it, as I do the community getting a useful tool.
4) DMCA. One could argue that PayMyBills has a compilation copyright on the compilation of my bills. They've protected access to that compilation with an encryption scheme (a good one, I might add, as far as I can tell). My disclosure of how to circumvent that could run me afoul of the DMCA (though I already described the basic steps in my journal). I suppose I could argue an "interoperability defense" but it is questionable if that would work. Since one still requires the key, I could argue that nothing was circumvented, but the counter would be "use of Windows was circumvented".
This should really be simple: I should just give the damn fix away to anyone BUT PayMyBills unless they pay for the right to use it. But the legalities are surprisingly complex.
Re:TANSTAAFL (Score:1)
You're right that it really should be a simple thing. With all these complications and restrictions we're lucky we can even breath without a permit and a dozen lawyers involved. I would love it if we could get back to where business deals were conducted over a drink and sealed with a handshake that was binding. Then again, in this day and age, I'm sure I could be sued for suggesting that.
Sigh.
Oh well. Smile. And good luck with that CD.
Re:TANSTAAFL (Score:2)
I found out a bit more about the CD. It contains cryptix32.jar: an open source JCE 1.2 implementation. The interesting thing is that this includes RSA (no longer patented), and IDEA algorithms. IDEA is free to use for noncommercial purposes. Since I paid for the CD, I'd think PayMyBills is using cryptix32 for "a commercial purpose". It is a bit more complex since the IDEA code appears not to be executed in PayMyBills' application (they use Blowfish), so I suppose it's up to the lawyers to argue whether IDEA is "used" or not. Still, I'm finding this fun... I'm tempted to rework my own version of the CD with none of PayMyBills' code. I figure I'll rework the embedded http server (which does the encryption), and then tackle the HTML UI and add a few features (like exporting the data).
Re:What fun -DMCA? (Score:1)
Sorry, man. Just raising the question.
Re:What fun -DMCA? (Score:2)
As for the DMCA... the encrypted data are mine and PayMyBills acknowledges that. In fact I give them limited power of attorney to use that only to facilitate it's collection and presentation to me. They go to some pains to express that the data is not theirs.
Bills? (Score:2)
The hard part was convincing my landlord to release my apartment under the GPL.