"correcting" transactions

John Sowden jsowden at americansentry.net
Sat Feb 22 04:35:13 EST 2014 

On 02/21/2014 04:49 AM, Mike or Penny Novack wrote:
>
>>
>> Open source/free is not a license to providing a bad product. If 
>> nothing else, the documentation should  indicate that "there is no 
>> audit trail.  The transactions can be edited.  If you are not 
>> comfortable with this, THEN this is not the accounting program for you".
>>
>> Signed,
>>
>> The Messenger
>
> Messenger, perhaps an explanation is in order? In addition to not 
> being a accountant I take it that you are also not a programmer. On 
> the other hand, I spent a few decades in the cypher mines.
>
> Precisely because this is OPEN SOURCE the safeguard you envision for a 
> "good product" is impossible. Any of us who were good at programming 
> would be able to create our own SLIGHTLY different version of gnucash 
> <<change  a couple instructions>> that would bypass the check and use 
> that special version to make the unauthorized change. It would not 
> require more skill than any ordinarily competent programmer would have.
>
> << theoretically true even for non-open source. But while you couldn't 
> expect anybody intending to cook the books for illegal purposes to 
> respect licensing laws the difficulties would be MUCH greater and this 
> is true even though not a case of reverse engineering an entire 
> product but just finding a very isolated bit of code which you can 
> control whether or not entered by whether or not you attempt to change 
> a transaction. There are those of of who have the skills and the tools 
> to do that sort of thing but I should point out that I'd charge say 
> $100/hr for my "consulting time" <<and I mean for legal projects like 
> replacing lost source code which I've done in my day>>
>
> Michael
>
>
>
>
Actually, I said that I am not a CPA (Certified Public Accountant). I 
have been doing my company's accounting for about 45 years.  This 
includes designing accounting systems, designing the chart of accounts, 
deciding to use cash or accrual, oh and yeah, I've dabbled in 
programming also.  I write all of vertical market packages for our 
company, I have designed and use our payroll spreadsheet system, which 
performs the majority of our payroll accounting, including automatically 
calculating the IRS and CA payroll taxes and tax report data.  I only 
started this in 1992, but I have been using it, including its many 
improvements over the years, and it has withstood the test of time.  I 
also file all of our income taxes returns, again including spreadsheets 
to automate the approximately 8 page returns.

I am not a CPA, but if I had to go out into the world as an employee 
looking for an accounting job, bringing samples of my work, I don't 
think I would go hungry.  Am I an "accountant", you do the math.

Re: your comment about open source, inferring that it is insecure 
because it is open source, bear in mind that the arguably most security 
encryption algorithm, the 'idea' algorithm is open source, and has been 
accepted by one of the largest organizations in the world that wants 
keep its secret hidden, the U.S. Government. Oh yeah, and there's PGP, 
or in the open source world, GPG.

A comment re: good and bad.  gc is not 'bad' software, in my opinion.  
software creation is an evolutionary process.  My point was that instead 
of attempting to halt any dialog about the issue, the solution was to 
'attack the messenger'.  This method of communications, in my opinion is 
a sign of weakness.  I didn't just make the comment and drop it, I 
suggested a short term solution, that of disclosure, especially for 
those who would not consider the exposure.

Oh yeah, and, in case I didn't mention it above, I have been programming 
since 1981 when I started using dBASE II under CP/M.  I won't count the 
work I did from August, 1977 when I bought my first computer, a Radio 
Shack Model I, until I bought dBASE II, running it under several RS 
Model II computers running CP/M instead of TRS-DOS (kinda like my 
running Linux since about the mid 90's instead of MS Windows.

Re: modifying software to defeat processes, there is a relationship 
between the amount of effort one would put out vs. the 'reward' for 
those efforts.  One with little time and little knowledge would not be 
able to pull off the Target event, for instance.  From my perspective as 
an alarm company owner, if you have a Cezanne hanging in your living 
room, your alarm system should consist of more than a contact on the 
front door and a local bell outside.

Oh yes, and please don't confuse your attempt to demean my accounting 
and programming skills  with your need to discuss yours. I have not and 
will not denigrate anyone's programming/accounting skills re: this 
project, or these comments.

Again,

The Messenger

More information about the gnucash-user mailing list