Login to participate
Register   Lost ID/password?

Louis Kessler’s Behold Blog

How Safe Are Your Credit Cards? - Fri, 26 Dec 2014

I, like anyone, am concerned when I type in credit card information online. We’ve all heard of a rash of hacks into online databases such as Target a year ago and Home Depot in September. So it didn’t surprise me to hear about a crackdown on security measures to ensure that your credit data is made safe.

When people purchase Behold, they have to do it through my BuyNow page. Even though the page looks like its part of the rest of my site, if you look at the address bar in your browser, you’ll actually see it is a secure page (https, rather than http) and it is not on my site beholdgenealogy.com, but it is on bluesnap.com. BlueSnap is the payment processing company I use to handle purchases of Behold.

BlueSnap is not a small company. They process purchases for tens of thousands of vendors, some smaller and some larger. They take security seriously. The crackdown on security has led to stronger standards for storage of credit card information. BlueSnap informed all their clients a couple of months ago that we are now required to become PCI DSS compliant. That stands for the Payment Card Industry Data Security Standard, and ensures that the way credit card information is stored and accessed is safe, right down to shredding any paper printouts of the numbers.


Fortunately for me, since I use a third party for processing, I don’t have or even have access to any of the credit card information used to purchase Behold. BlueSnap maintains that data with a staff to ensure security on their servers following the standards.

Even so, there were a number of non-trivial steps necessary for me to become PCI DSS compliant. BlueSnap uses Security Metrics to help them. In the past week, I had two phone calls with Security Metrics, several emails, filled in an online questionnaire, and was called back by them today, Boxing Day, to finish the assessment. They have a toll free number from Canada available 24 hours (except not Christmas Day).


So going through this makes me feel more confident about how BlueSnap treats security. In addition to the Secure BlueSnap, BBB Online, Norton Secured and McAfee Secure icons I show at the bottom of my Buy Now page, I have now added the PCI DSS compliant logo shown earlier in this post, and it links to BlueSnap’s page about security on their website.

So, how safe are your credit cards when you give them to other genealogy vendors. The big ones like Ancestry have a secure payment page, that shows off Thawte, BBB and TRUSTe logos. The BBB logo links not to the BBB assessment of their company as it should, but just to the BBB home page. I don’t know why they don’t include the link since they are rated A+. Maybe its because of the complaints on that page, for instance those about attempting to cancel online. But that’s another matter, not dealing with the safety of your credit card data.

You have to search for it, and if you do you can find that Ancestry is in fact PCI DSS compliant as they state so in Section 3.16 (b) of their Form 8-K from Oct 22, 2012. And that’s good! It does not guarantee that they will never be broken into, but it at least does indicate that they take security seriously and have put in place the standardized measures that are designed to protect you.

With a company as big as Ancestry, they should be cognisant of security, and they are. But as I have found out over the years, security is not a simple thing for smaller companies to manage. I’ve written before about how I code-sign the Behold program and get it Windows certified for the user’s safety. I can vouch for what I do. But I can’t vouch for what everyone else does.

So be careful when supplying your credit card on the Internet. Ensure that you are dealing with a reputable company that shows that it is working to ensure the security of your transaction. Always check before you purchase something online and see if the vendor displays trust logos. Then click on the logos and see if they take you to somewhere official that confirms that the logos are valid. And never provide your credit card on anything other than a secure (https) web page. Non-secure transaction pages are the most obvious indication that safety measures at that particular site are lacking.

Decisions, Decisions, Decisions - Fri, 19 Dec 2014

We approach the end of December. I look back to the beginning of the year when I said, in fact I even made a new year’s resolution on this blog, that this year I’d get the next few versions of Behold out. Well, that didn’t happen. There were a few personal issues that I had to attend to, especially my father’s passing in the Spring, that left me less than 100% committed to after-hour work on Behold.

But the Gaenovium genealogy technology conference in Leiden, Netherlands in early October rejuvenated me, and put me back on the right track. I pledged when I came back to attempt to do some programming every day, and pushed myself with #amprogramming tweets from my Twitter account. Although I couldn’t quite achieve “every day” status, I have done between “some” and “lots of” programming Behold on 60 of the last 67 days since I started my every-day goal. I’ve made huge progress, and I’m still working hard to get a 1.1 version out before the end of the year.

During the past 67 days, as part of my improvements to Behold, I spun off a unique and useful freeware program I called GEDCOM File Finder. I know I’ll have fun using that in the future to harmlessly experiment with download sites and see what potential use they might have.

The last version of Behold I released was on 26 May 2013 – that’s over a year and a half ago. That’s way too long as far as I’m concerned. But there was a reason for the delay. I had decided that my concept of Life Events was just too important not to include in Behold. Behold’s unique method of including the source details in the report right with the data would allow a full detailed analysis of a person’s life in context.

You’ll notice that one of my first blog posts about Life Events is from two and a half years ago. This was entirely new and I was trying to come up with just the right concept and the needed implementation. It wasn’t easy. Core data structures needed to be rewritten and optimizations needed to be made so that it wouldn’t significantly affect the program’s performance.

While doing so, I realized there was yet another important concept that would be necessary. A year and a half ago, I posted my ideas about displaying “Who’s Alive” at a given event.

So I experimented and attempted to implement these. Each time I did something significant, I created a new Behold development directory on my computer. Each step made some progress, but I often had to backtrack. This wasn’t easy. Decisions had to be made all along the way. After 2 and a half years, I ended up with 21 different development directories of Behold – each of which contains some successful steps forward, but there always seemed to be a stumbling block.


It almost all worked, but it was very complicated. An example of what I puzzled over is how to figure out the proper ordering of events when all the dates are not given. Another is how to determine who might be alive at a given date when ages are not known. If a person had 12 uncles, how to best identify them, maybe by numbering them some way. Would a direct uncle be treated differently than one through marriage? How to deal with half-family, step-family, and adopted family. How to allow user-defined naming of all the relationships, so that they can be translated to other languages. There were lots of decisions to be made.

I do have an almost-working version of the complete system. It has a lot of loose ends to it, but it still might take up to six months to get this all working well enough for release. My efforts during the past 67 days have led to another decision – an important one:

I was working with the output of my prototype and I realized there was a problem. There was just too much there. I was providing all the family events for each person’s parents, children, siblings, grandparents, grandchildren, uncles, aunts, nephews, nieces, all their spouses, father/mother-in-laws, son/daughter-in-laws, second marriages, step-children, step-parents and the like. In addition I was providing a listing of all of these relatives who were alive at the birth, each marriage, and death of the individual in a smart fashion, so relatives of the first wife would not be included at the 2nd marriage. What do you think I got? I got way too much information. Each person became a timeline of enough events to take up many pages. Yes, it’s very interesting and relevant, but it is simply too overbearing and that makes it heavy baggage and untenable. The context of the person in the tree gets lost. It is more like a book about the person. Yes, I did add a toolbar button to show it and hide it, but even so it is one step removed from being primary data, and it makes the primary data more difficult to analyze.


So, the decision for now is to implement just the simple and most useful parts of the prototype and to show Life Events for only the closest relatives (parents, children, spouses, and maybe birth of grandchildren and death of grandparents), and not include the “Who’s Alive” feature.

Even cutting this down, the resulting version 1.1 will still be amazing. There are a lot of improvements already added and I’m itching to get it out as soon as possible, still with the attempt to do so before the end of the year.

Over the past few weeks, I’ve been adjusting my plan. If you’ve been following my future plans page which I use as my roadmap for Behold, you’ll have seen significant movements of items to and from Version 1.1. I enjoy checking off each item as I complete it. Watch me get closer as I check off the remaining items one by one.

Genealogy Software is Transforming - Thu, 27 Nov 2014

You likely might not have caught the relevance of the two announcements made on Monday and Tuesday that rocked the genealogy software world.


On November 24, MyHeritage announced: Family Historian Genealogy Software Integrates MyHeritage Matching Technologies for Automated Discoveries. And the next day, MyHeritage announced: RootsMagic Adds MyHeritage Matching Technologies for Powerful Automatic Research Capabilities.

These are actually the 2nd and 3rd announcements. Previously on November 13: MyHeritage Bolsters Leadership in the Netherlands with Strategic Partnerships  where it first made agreements with the Dutch program Aldfaer, and Coret Genealogie to integrate MyHeritage’s matching technologies.

These three announcements together are a blockbuster. Not one, but three major programs and one online system (Coret Genealogie’s Genealogie Online) are now providing within-the-program ability to access the MyHeritage collection of family trees and historical records using the matching technologies developed by MyHeritage.

Finally it has begun. Desktop genealogy software (still very necessary as the powerful and private way to assemble one’s own genealogy) is now able to take on some of the functionality (matching data) that was previously only possible online. I see the current announcements as just the first step. I expect many more announcements to come, and not necessarily just by MyHeritage.

This is all possible because of MyHeritage’s foresight in its development of a powerful yet simple API that they have made available. An API is an Application Programming Interface that allows programs like Aldfaer, Family Historian, RootsMagic and Behold to access and perform actions against MyHeritage’s data. FamilySearch and Ancestry have APIs as well, and I’ll talk about them in a minute.

I listened to Uri Gonen’s talk at RootsTech 2014 about the MyHeritage API and came away very impressed. More-so, the one thing that differentiates MyHeritage from Ancestry and FamilySearch is their forthright effort to get software developers to work with them.

When I was at RootsTech 2012, I talked to Mark Olsen of MyHeritage and finding out I was a developer, he immediately wanted to work with me and give me access to MyHeritage and their API. But Behold wasn’t ready for that at that time. At RootsTech 2014, Mark Olsen saw me and even remembered me. He asked how Behold was coming along and said as soon as I’m ready for them to give him a call. Last month at Gaenovium, MyHeritage who was the main sponsor and had two representatives at the event, further expressed their interest in getting me to work with them.

By comparison, with FamilySearch, I talked to many of their people. I discussed software ideas and expressed interest in becoming a FamilySearch partner and accessing their data through their API. Basically they had a ho-hum attitude about this. I had to go after them to get in. If I did, fine. If not, then that was probably fine also. They weren’t out pounding on doors actively seeking new products. But they did have people I could talk to if I wanted and information online on how to get started.

Ancestry, meanwhile, was completely invisible and did not seem to take any interest in me whatsoever. Ancestry gives you this friendly page if you are a developer interested in linking to them. Note that the link on the page doesn’t work. Compare that to say, what 23andMe provides to developers who want to access their API. And not incidentally, MyHeritage announced a strategic collaboration with 23andMe on October 21.

So Ancestry has their TreeSync between their desktop program Family Tree Maker and their online family tree databases. Their just released 2014 Service Pack will hopefully fix that often crashing and poorly working feature. They exclusively use their API in Family Tree Maker and are not making that functionality available to third parties. So they think they can do it alone, exactly the opposite view that MyHeritage takes.

What MyHeritage has done with their recent announcement is that they’ve laid down their gloves, and the battle of the APIs has begun. Who will win?

Company A: Who goes out of their way to find and partner with developers.

Company B: Who lets the developers come to them on their own.

Company C: Who tries to do it all on their own.

If there was someone who may benefit, it may be the FHISO people who are trying to come up with a new genealogy data transfer standard to replace GEDCOM. While they are embraced in an intense discussion on the minutiae making up all the data we might ever want to transfer, these companies are doing relevant data transfer right now through their APIs. One or more of these APIs may take over and become the new “standard”, and FHISO would be saved a lot of work.

Okay, so what about Behold. Is Behold being left behind? Well, as soon as I can get my act together and get the next few releases out, I’ll be able to program Behold to take advantage of these APIs and make this within-the-program access to MyHeritage and FamilySearch possible. Ancestry too, if one day under the pressure of the success of MH and FS, they decide to make their API open.

Behold will be able to do a better job in the presentation of this information. Programs like Aldfaer, Family Historian and RootsMagic provide forms-based input with generated reports. They need to display the MyHeritage match information on their input screens, and must be relegated to using little icons or summarized lines. Behold with it’s report-based Everything Report for both input (coming in 2.0) and output will be able to present this data complete and in-place where you need it and where you can do your editing directly and immediately see your results. I’m so excited that I’m now mad I spent this time writing this blog post when I could have been working on Behold to get it there.

I really commend this move by MyHeritage with Aldfaer, Coret Genealogie, Family Historian and RootsMagic. We’ve been waiting for years for something big to happen in the battle between the big three online databases. This is the big one. FamilySearch and Ancestry will take notice and the genealogy community will benefit from the result of this.