Results 1 to 8 of 8

Thread: Proof positive LoTW is overengineered

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Orca Whisperer
    Join Date
    Oct 2009
    Location
    Buffalo, NY
    Posts
    22,593

    Proof positive LoTW is overengineered

    I did get a small chuckle from this:
    http://forums.qrz.com/showthread.php...d-LoTW-Support

    Everyone over there is willing to hand over their private keys to another individual, thereby breaking down any semblance of identification guarantee the signing key might have granted.

    But, IMO, it's not even needed for amateur logs. It's downright silly, as I don't need a private key to upload transactions to my bank. I'm glad QRZ stepped in, and fixed the LoTW interface. I might actually start using LoTW now.
    Big Giant Meteor 2020 - We need to make Earth Great Again

    http://www.coreyreichle.com

  2. #2
    Conch Master KJ3N's Avatar
    Join Date
    Jul 2009
    Location
    A secret cave in northern Delaware.
    Posts
    9,125
    This is why I've been on eQSL, almost from the start. Easy process, not much fuss.

    This much security for ham radio logs? They take themselves too seriously.

    "People Who Don't Want Their Beliefs Laughed at Shouldn't Have Such Funny Beliefs" -AD5MB

    "If someone tells you he believes in and talks to an invisible bunny named Harvey, you put him on medication and a regimen of therapy. If someone tells you he believes in and talks to God, well, that's perfectly acceptable. Why that's the case is impossible for me to fathom." - WP2XX



    Latest ClubLog entries.

  3. #3
    Orca Whisperer W3WN's Avatar
    Join Date
    Dec 2007
    Location
    Castle Shannon, PA
    Posts
    19,504
    Ok. You've proved once again that security is only good as the individuals using it. If an induhvidual does something stupid, security... well, isn't.

    Big deal. So what else is new?

    Hey, if you don't want to use LotW, don't. No one is forcing you to. Simple solution to a simple problem. Done.
    “Nobody is going to feel sorry for us. 90% of the people don’t care, the other 10% are glad it happened.” — Clint Hurdle, 2019

    BAN THE DH!

    Fudd's First Law of Opposition: If you push something hard enough, it WILL fall down.
    Teslacle's Deviant to Fudd's Law: It goes in, it must go out.

    Just remember: Abraham Lincoln didn't die in vain. He died in Washington, DC

    Cutch 300!!!!!

    “Nero fiddled while Rome burned. Trump golfed.” — Bernie Sanders

    Quando Omni Flunkus Moritati


  4. #4
    Orca Whisperer
    Join Date
    Oct 2009
    Location
    Buffalo, NY
    Posts
    22,593
    Quote Originally Posted by W3WN View Post
    Ok. You've proved once again that security is only good as the individuals using it. If an induhvidual does something stupid, security... well, isn't.

    Big deal. So what else is new?

    Hey, if you don't want to use LotW, don't. No one is forcing you to. Simple solution to a simple problem. Done.
    I might actually start since the main pain in the ass is taken care of by a third party. I never have to worry about losing a cert again.

    The cert process added nothing of value to LoTW, and was merely a detriment to uptake. And, certs did nothing to add to the "security" of LoTW, only added a signer for logs which was superfluous.
    Last edited by KC2UGV; 05-18-2014 at 02:53 PM.
    Big Giant Meteor 2020 - We need to make Earth Great Again

    http://www.coreyreichle.com

  5. #5
    Orca Whisperer W3WN's Avatar
    Join Date
    Dec 2007
    Location
    Castle Shannon, PA
    Posts
    19,504
    Quote Originally Posted by KC2UGV View Post
    < snip >
    The cert process added nothing of value to LoTW, and was merely a detriment to uptake. And, certs did nothing to add to the "security" of LoTW, only added a signer for logs which was superfluous.
    The cert process is why the ARRL DXCC desk signed off on LotW. So I'd hardly call it superfluous.

    It is what it is. Is it tedious to set up? Yes. Is the security more that what is most likely needed? Yes. Is it more secure than most banking, credit card, and related financial sites? Yes, which makes me worry more about the security of those sites -- and over the last 15 years, the "gap" has been closing as the financial institutions catch up.

    Is it going away? No. Is the security going to be made less restrictive? Unlikely.

    That's the way it is. Kvetching about it won't change anything.
    “Nobody is going to feel sorry for us. 90% of the people don’t care, the other 10% are glad it happened.” — Clint Hurdle, 2019

    BAN THE DH!

    Fudd's First Law of Opposition: If you push something hard enough, it WILL fall down.
    Teslacle's Deviant to Fudd's Law: It goes in, it must go out.

    Just remember: Abraham Lincoln didn't die in vain. He died in Washington, DC

    Cutch 300!!!!!

    “Nero fiddled while Rome burned. Trump golfed.” — Bernie Sanders

    Quando Omni Flunkus Moritati


  6. #6
    Orca Whisperer
    Join Date
    Oct 2009
    Location
    Buffalo, NY
    Posts
    22,593
    Quote Originally Posted by W3WN View Post
    The cert process is why the ARRL DXCC desk signed off on LotW. So I'd hardly call it superfluous.
    They signed off b/c it's the ARRL approved method lol, not because of perceived security.

    It is what it is. Is it tedious to set up? Yes. Is the security more that what is most likely needed? Yes. Is it more secure than most banking, credit card, and related financial sites? Yes, which makes me worry more about the security of those sites -- and over the last 15 years, the "gap" has been closing as the financial institutions catch up.

    Is it going away? No. Is the security going to be made less restrictive? Unlikely.

    That's the way it is. Kvetching about it won't change anything.
    It's already gone away. I upload my cert to QRZ, and then QRZ keeps it nice and safe forever. I never worry about it again. I don't bother dealing with the shite that TQSL is. I just upload, and VOILA! It's done.

    And, it's exactly how the ARRL needs to (Well, doesn't need to anymore, since someone else fixed it) fix their system to do.
    Big Giant Meteor 2020 - We need to make Earth Great Again

    http://www.coreyreichle.com

  7. #7
    Witch Doctor
    Join Date
    Apr 2010
    Posts
    387
    The certificates are just for show. The real security as far as QSO integrity is concerned is the double-blind QSO matching. Don't need certificates for that.

  8. #8
    Orca Whisperer
    Join Date
    Oct 2009
    Location
    Buffalo, NY
    Posts
    22,593
    Quote Originally Posted by WN9HJW View Post
    The certificates are just for show. The real security as far as QSO integrity is concerned is the double-blind QSO matching. Don't need certificates for that.
    Eggzactly.
    Big Giant Meteor 2020 - We need to make Earth Great Again

    http://www.coreyreichle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •