Categories
Programming Taiwan

A personal finance data pipeline project

I had received a (family) project brief recently. In Taiwan many credit/debit cards have various promotions and deal, and many of them depend on one’s monthly spending, for example “below X NTD spending each month, get Y% cashback”. People also have a lot of different cards, so playing these off each other can be nice pocket change, but have to keep an eye on whether where one is compared to the max limit (X). So the project comes from here: easy/easier tracking of where one specific card’s spending is within the monthly period. That doesn’t sound too difficult, right? Except the options for these are:

  1. A banking website with CAPTCHAs and no programmatic access
  2. An email received each day with an password-protected PDF containing the last day’s transactions in a table

Neither of these are fully appetizing to tackle, but both are similar to bits that I do at #dayjob, but 2. was a bit closer to what I’ve been doing recently, so that’s where I landed. That is:

  • Forward the received email (the email provider does it)
  • Receive it in some compute environment
  • Decrypt the PDF
  • Extract the transaction data table
  • Clean and process the tabular data
  • Put raw in some data warehouse
  • Transform data to get the right aggregation
  • Literally profit?

I was surprised how quick this actually worked out in the end (if “half a weekend” is quick), and indeed this can be a first piece of a “personal finance data warehouse”.

Categories
Computers Life Taiwan

Taiwan Citizen Digital Certificate

Taiwan has a very interesting attitude towards technology (for better or worse), and it is fun to try out anything new that comes up here (for a certain definition of “fun”). When the news hit late last month, that the National Immigration Agency opens Internet ID application to foreign residents, I was there to get mine as soon as it was available. The “Internet ID” refers to a “Citizen Digital Certificate”, also called MOICA, a smart card that supposed to make a lot of services available through a web browser or other government-produced software (e.g. filing taxes online). For Taiwanese citizens MOICA seems to be available at least since 2003 (according to the news report I’ve managed to dig up), but this is the first time it available for us foreigners living here.

In this rather graphic post I try to summarize the process of getting a MOICA card as a foreigner in Taiwan, setting it up, and some (opinionated) lessons to learn from it.

The Process

The process of getting and setting up the card is outlined in this leaflet that I’ve picked up.

MOICA Application English
Click to see large scan. Wow.

Though – not surprisingly – in practice everything is a lot more complicated than these 8 bulletpoints.

Categories
Programming Taiwan

Taiwan WWII Map Overlays

A while ago I came across the Formosa (Taiwan) City Plans, U.S. Army Map Service, 1944-1945 collection, in the Perry-Castañeda Library Map Collection of the University of Texas in Austin. I’m a sucker for maps, enjoy learning about history a lot, and I have a lot of interest in my current home, Taiwan – so you can call this a magic mix of cool stuff.

There are 26 maps in the collection, made by the US Army by flying over different parts of the island, and mostly I guess stitching together aerial photographs. The maps themselves were not that easy check in an image viewer, since there’s no context, zoom is clumsy, and have no idea where about half the places should be located. Instead, I thought it would be great to have them as an overlay on top of current maps and satellite imagery on Google Maps.

The result is Taiwan City Maps overlays, which does exactly that. Feel free to click the link and explore right now! In the rest of this post, I try to first show how that page was made, and also some history lessons I gained by making it.

Categories
Programming Taiwan

Taiwan Bank SSL Continuous Monitoring

My previous post, titled SSL status of Taiwanese banks: a sad affair sparked a lot of visits and lot of discussion, clearly touching on something important. It was great to bring to light how well (or badly, in this case) these organizations are doing, as internet security should be one of their key focus.

Many of the organizations improved their setup since then, and it became quite troublesome to manually check each bank and each change, update the table and so on. It’s also good to have not just a snapshot in time, but a continuous record of how they were doing.

Thus I’ve hacked together some monitoring scripts, put the results online, and here’s the Taiwan Financial Institute SSL Status page.

TaiwanBankSSL
Click to check the current results

Page features include:

This is quite a bit more than “minimal features”, but wanted to make something that is actually useful.

Categories
Computers Taiwan

SSL status of Taiwanese banks: a sad affair

Today there was a story on Hacker News, how someone tweeting a screenshot of a bank’s SSL certificate got harassed by the bank in Greece. This got me thinking about the status of the banks here in Taiwan, especially how this place is so wired and online now. So I took a list of taiwanese banks and run each of their sites through the SSL Test. From past experiences I haven’t had my hopes up, but boy is the result ugly…

SSLTest_F
The usual result of this exercise

SSL Test Overview

I had a list of 43 banks, and for a quick overview I took into account a few key features only. The first is whether there are any active vulnerabilities against the site according to the test (these were mostly CRIME, FREAK, and POODLE attacks). The second is whether RC4 encryption was enabled, as it is now prohibited, and having it on is an automatic Payment Card Industry Data Security (PCI) compliance failure, according to one of the commenters. Other various warnings are mentioned when something really stands out, they are not crucial but more nice to have (though I’d contend that Forward Secrecy and HTTP Strict Transport Security is more than “nice” for anything financial).

Edit: Since publishing this post, there’s a brand new password recovery attack against RC4, so it’s even more urgent to switch it off.