[CQ-Contest] LOTW secuity--hams as a microcosm
W. Wright, W5XD
w5xd at writelog.com
Wed Oct 1 14:02:00 EDT 2003
I read with interest the complaints about the barriers in the way of
obtaining LOTW certs. It is my opinion that this is the way "its going to
be" in the digital world and, on the negative side, we had better get used
to it, and, on the positive side, I get a small ego boost from being part of
a community--amateur radio operators--that are at the technical forefront of
this change that's taking place.
I remember noticing with great surprise nearly a decade ago that Microsoft
had embedded Visual Basic into its Word documents, and that such VB code
embedded in a document was completely unlimited in what it could do to my
machine when I received it, and that I had no control at all over whether it
ran. To see if I could protect myself, I attempted to set up my Windows NT
machine at the time to mimic the administrative settings I was used to on
the mainframes I had used for the previous decade. That is, I attempted to
use my PC as a non privileged user with access to only necessary features
and reserve the use of the privileges of the administrator account. This
experiment totally failed. It wasn't because I didn't try hard enough. It
was because essentially zero software applications that I needed to run had
separated their administrative features from their user-only features so it
was impossible to use a PC as a non-privileged user--none of the apps I had
at the time would run. (Maybe this situation has changed, I don't know).
What does VB have to do with LOTW? The software industry--lead by Microsoft
for better or for worse--has developed an exisite sensitivity to "what the
user wants", and they can measure it, they reward their people for doing
better at it, and, historically, they make more money when they get it
right.
The problem is that the result of this attitude is that they have built,and,
by implication, we customers that have been telling them what we want have
helped them build, a computing world that essentially fails to have the
logical equivalent of a driver's license. And its because I already know how
to drive, and I drive safely. I don't need the government to tell me whether
I am qualified to drive. What I need is for the government to tell YOU
whether YOU can drive, but I am in no way interested in paying that price.
Until I get hit by someone.
There is no easy solution. The "PayPal is easy" comment is interesting, but
if you think it through, you can't live with it. I agree that I found it
much easier to sign up with PayPal than I did with LOTW. I gave them my bank
account number and a few other crucial pieces of information (like my SSN)
and they deposited a few pennies in my bank account. I logged back in, typed
in the amounts of those deposits into PayPal's website and I was ready to
roll. Do I want to do that with the ARRL? No way! Why? Not because I don't
love the folks at ARRL. Its because--far and away--the biggest risk to a
secure system is an insider that uses my personal information for his own
gain. Would you really be willing to give access to your bank account to an
organization that pays its people like the ARRL? And that has essentially no
resources for you to file suit against if their management is criminally
negligent and cleans out your account?
So I want to see LOTW succeed. And I want to see it succeed in a big way.
But I want lots more than that. I want to see digital signature technology
widely adopted. I want to quit getting 50 email solicitations per day from
people that can remain completely annonymous because the internet has no
"drivers license". And now I am willing to pay to get that technology in
place because I have become aware that I am the one that's footing the bill
for the larger and larger servers and fibers that carry all the crap that
the criminals originate.
Wayne, W5XD
More information about the CQ-Contest
mailing list