Louis Kessler’s Behold Blog

My wife and I are leaving for Nashville Tennessee for the weekend. My wife’s first cousin’s youngest daughter is getting married. We’re really looking forward to this little getaway, and a bit of a break from our -20 C temperatures.

Of course, family events are always great for adding a bit more to the family tree. What I like to do is take all the relevent family information with me. Being old fashioned, I still like a printed copy.

I haven’t updated my genealogy data in about 10 years. It’s waiting version 2.0 of Behold before I do that. But that still doesn’t stop me from using what I’ve got. I want the data printed, and for me Behold is the perfect tool to do that.

I open up my GEDCOM with Behold and quickly find my wife’s cousin. (Using Find and their name is the easiest way.) Then I right click and select Instant Organize on my wife’s cousin. The resulting view is exactly what I want for this. It generates families in sequence, starting with my wife’s cousin, then with her parents, then with her grandparents, etc, and anyone not related to her is by default, not included. Each level gives people one level more removed. That is perfect for this, because she’s likely to invite the people in the nearest groupings. I can concentrate on her most immediate relatives and still have everyone else related to them listed further down where they’re out of the way.

Behold then prints its nice Index of Names, Places and Sources following all the data which makes it easy to find anything in the printed copy. In this case, the whole report came into a nice 20 page listing. I printed it on both sides of the paper and that was 10 sheets, which I stapled together into a nice compact package.

I’ll keep this in my coat pocket and be able to write everything new I find out directly onto the sheets. That at least is my technique. It works very well for me. Try it next time you go to a family event. And be sure to also note who told you what to document your source with it.

So I’ll write again when I get back.

Article warning: If you are paranoid about everything, you should avoid reading this article or it may ruin the Internet for you.

I started converting the Behold Forum over to bbPress. The first thing I had to do was convert all the registered users. To my horror, I discovered that my old Forum stored the passwords as plain text.

That actually was terrible for three reasons. First, if I was a dishonest guy, I could take your password, assume you used the same one at other sites you use, and login as you and do malicious things. Second, since I’m honest and don’t even want to know what your password is, if there was someone working for me who had access to the database, they might be dishonest and use your password. Third, since I don’t have anyone working for me, if there was a hacker out there who could get into my database, they could use your password.

So I’m not talking here about the “quality” of your password. It doesn’t matter if you use a simple 3 letter password, or a complex 29 character password with lower and uppercase and numbers and special characters. If someone can find it out, it doesn’t matter how well crafted it is.

WordPress and bbPress are different. They do not store the password in the database. Instead they “hash” the password using the MD5 algorithm and store that hashed value. This is not encryption which makes the password retrievable again. This is a hash which hides the password from everyone, including the owners of the database.

Now I know there have been vulnerabilities found to MD5 and WordPress and others are working to block them, but even so, hashing the password is infinitely safer than leaving it in plain text for the three reasons above.

So that got me wondering. I have about a dozen different passwords at several hundred different sites I use. I wonder how many of them are not hashed but are insecure in plain text in the databases.

In most cases, there actually is an easy way of finding out. Go to a site you’ve registered with and click on the “lost my password” link. If they email you back your actual password, then they are storing it in text or in some accessible way. If they instead send you a message with a new random password and say your password is reset, then they probably don’t have access to it, and all they can do is give you a new one.

Unfortunately, you can’t find this out until you’ve already registered for the site. For people paranoid about this, I guess the trick would be to use a dummy e-mail address and dummy password and register with that, do a lost password request and see what they send back. Then you can decide whether to trust them and register for real.

Credit card information could have the same problem. You can’t do the same thing here, since I’ve never seen a “lost my credit card information” link on a site. You can follow the policy of only giving your credit card to companies you totally trust. That’s why PayPal is so popular. You can buy from thousands of companies, but PayPal will be the only one with your number. But do you trust PayPal? I’d trust them more than the various kids working at the corner gas station who get my card number all the time. This is not really a worry though, because credit cards have lots of levels of security and are actually very safe. The credit card companies will protect you from credit card fraud.

But giving out passwords you use can be much worse. What if your userid and password were the same for your PayPal account? That could be very bad.

For those of you who signed up to my Behold Forum, I apologise. I didn’t know about this before. I’m transferring your account and an MD5 hash of your current password to the new bbPress forum I am creating, and they’ll now be safe.

Last night I managed to install Vanilla and using about a dozen different articles from the web, integrated it correctly with WordPress. I was very pleased.

Then this morning, I found that I had missed that fact that the Open Source groups using Wordpress have been working on their own light Vanilla-like Forum software called bbPress. Researching it, and looking at some implementations of bbPress, I saw no advantages anymore to stay with Vanilla. It’s implementation was different than WordPress, and I’d have to learn and maintain 2 diffenent methods of adding themes, inserting plugins and setting up the pages. With bbPress, I’d be talking basically the same language as WordPress. Even though bbPress is only at Version 0.8.3.1 (even Behold is further!), right now it seems to have everything I want.

It only took me an hour to get rid of Vanilla and integrate bbPress instead. Next I’ll customize it to my style and making it exactly what I want. This part’s actually a lot of fun.