The Localizer Monthly Newsletter !!

[Dave Catalani]

Well done Mr Mathew Magera! Very nicely done for the first issue! Our community is fortunate to have people like youself that dedicate precious time and effort to make Vatsim even better.

 

Your article regarding event structure hit the nail on the head in my opinion.

 

For those that have not signed up, I encourage you to do so via the VATUSA site.

[John Cierpial 1008209]

I'm also particularly fond of the announcement of the return of the ACE team

[Ian Elchitz 810151]

I'm interested in reading this as I'm sure the content is great.

 

However, upon signing up it appears that you have to supply your Vatsim p[Mod - Happy Thoughts]word - any particular reason for that?

 

I only ask because I'm not very keen on supplying my Vatsim p[Mod - Happy Thoughts]word to any site other than Vatsim.net, regardless of the validity of vatusa.net.

[Harold Rutila 974112]

I was also puzzled as to why we need to do that. VATUSA is hosting the newsletter, and we have no idea as to where that form is actually going, although I'm guessing it's just an automated e-mail list. Why not request our VATUSA p[Mod - Happy Thoughts]words? It's right in the local site's (VATUSA's) database.

[Luke Kolin]

Why not just make it a web page that we can view? You'd think they'd actually make it EASY to read it.

 

Cheers!

 

Luke

[Keith Smith]

I very nearly posted the same thing here but figured there'd be a better place to ask. Evidently I wasn't alone in my question. I'm not sure why a p[Mod - Happy Thoughts]wd is required at all, a match against the email and CID seems like it would be sufficient for this purpose. Failing that, I agree the vatusa p[Mod - Happy Thoughts]wd would be more appropriate. I would love to subscribe to this newsletter, but not enough to go and dig up my p[Mod - Happy Thoughts]wd.

[Brian Sperduto 856560]

I was also puzzled as to why we need to do that. VATUSA is hosting the newsletter, and we have no idea as to where that form is actually going, although I'm guessing it's just an automated e-mail list. Why not request our VATUSA p[Mod - Happy Thoughts]words? It's right in the local site's (VATUSA's) database.

Not just VATUSA Members subscribe to the list... We have to provide some measure of security against malicious registrations this is the best method we have found. If you have serious concerns with providing your VATSIM P[Mod - Happy Thoughts]word then you may have serious issues with quite a few of the division websites on VATSIM as its not uncommon to use this method, as a matter of fact its being suggested now.

[Dave Catalani]

Unbelievable........a p[Mod - Happy Thoughts]word rant! The world has become a jungle of userids and p[Mod - Happy Thoughts]words and I doubt seriously that anyone,if they got it, would care about a VATSIM p[Mod - Happy Thoughts]word!

 

 

Hey Mat....did I say WELL DONE and thanks....Oh, yes I did, that was the point this thread!

[Mathew Magera 931028]

Well, for those of you who do receive the newsletter, thank you for being readers. I'm glad to know its not just being deleted upon receipt.

[Benton Wilmes]

Any chance of this being added to the website somewhere?

[Brian Sperduto 856560]

Any chance of this being added to the website somewhere?

Left hand column under Pilot Tools

[Ian Elchitz 810151]

Unbelievable........a p[Mod - Happy Thoughts]word rant! The world has become a jungle of userids and p[Mod - Happy Thoughts]words and I doubt seriously that anyone,if they got it, would care about a VATSIM p[Mod - Happy Thoughts]word!

 

Dave - I hardly see where the rant is. It was a simple and honest question asking why I needed to supply my Vatsim p[Mod - Happy Thoughts]word.

 

I will go into further detail in order to defuse any misunderstandings you or anyone else might have.

 

I only enter it into Squawkbox, VRC, and the Vatsim.net website when entering the forums, viewing statistics, or accessing the Certificate server.

 

No one is making any accusations that vatusa isn't legitimate nor that Brian isn't concerned in security. I don't know if the p[Mod - Happy Thoughts]word is being verified, where it is being verified, or if it is stored somewhere in a database or log file.

 

We've had security breaches in the past and all Supervisors were told by Vatsim to ensure their login information is as secure as possible. As a result of this, unless I'm told by someone at Vatsim.net like Ross Carlson or Michael Zazula that I'm OK to supply my p[Mod - Happy Thoughts]word at ABC.NET, I won't be doing it.

 

My only interest was in reading the newsletter that people were talking about. I have no doubt that someone spent a considerable amount of effort putting it together nor that I would appreciate it. However I'm unable to do so with the p[Mod - Happy Thoughts]word restriction.

[Kyle Ramsey 810181]

You need Ross to tell you that the VATUSA site is OK? I'm not Ross but I'll tell you it is.

 

I suspect that going forward your VATSIM ID and PW will become even more ubiquitous across the various VATSIM related web sites. In the VA world we talk about having comms between the VA web sites and the VATSIM web sites, which might also need the secure integration of the VATSIM CID/PW.

 

Someday you should be able to log into a single VATSIM site and cookies carry your log in into any VATSIM supported location after that; ARTCC/FIR web sites, vroute, vataware, etc, etc.

 

I have a dedice4ate folder in the email for all the dang pw's I have to remember. How good is security if you can't get into your own web sites? An old friend in the nuke biz once told me the best security was invisible to the good guys and impenetrable to the bad guys; that's what we need.

[Benton Wilmes]

Any chance of this being added to the website somewhere?

Left hand column under Pilot Tools

 

I'm talking about the newsletter itself...I'm signed up on the email list but never got it in my email. I was wondering why it can't just be added to the VATUSA website itself.

[Brian Sperduto 856560]

Any chance of this being added to the website somewhere?

Left hand column under Pilot Tools

 

I'm talking about the newsletter itself...I'm signed up on the email list but never got it in my email. I was wondering why it can't just be added to the VATUSA website itself.

You should get a copy in a few hours

[Mark Polston 810032]

You need Ross to tell you that the VATUSA site is OK? I'm not Ross but I'll tell you it is.

 

I suspect that going forward your VATSIM ID and PW will become even more ubiquitous across the various VATSIM related web sites. In the VA world we talk about having comms between the VA web sites and the VATSIM web sites, which might also need the secure integration of the VATSIM CID/PW.

 

Someday you should be able to log into a single VATSIM site and cookies carry your log in into any VATSIM supported location after that; ARTCC/FIR web sites, vroute, vataware, etc, etc.

 

I have a dedice4ate folder in the email for all the dang pw's I have to remember. How good is security if you can't get into your own web sites? An old friend in the nuke biz once told me the best security was invisible to the good guys and impenetrable to the bad guys; that's what we need.

 

Kyle,

 

I understand your point and wouldn't argue against it. However, from your position, I'm sure you see the point Ian is making. I felt the exact same way which is why I did not sign up for the newsletter. I wanted to, but I couldn't do it. I wouldn't be doing the members of VATSIM any favors if I didn't stop to think twice about entering in my p[Mod - Happy Thoughts]word to a VATUSA web form.

[Fred Clausen]

Any reason why the newsletter isn't posted on the website as well as email?

[Keith Smith]

Brian,

 

I'm not sure why a p[Mod - Happy Thoughts]wd is required at all, a match against the email and CID seems like it would be sufficient for this purpose.

 

Your point was that you were trying to avoid malicious registrations. Wouldn't email and CID suffice?

[Brian Sperduto 856560]

Brian,

 

I'm not sure why a p[Mod - Happy Thoughts]wd is required at all, a match against the email and CID seems like it would be sufficient for this purpose.

 

Your point was that you were trying to avoid malicious registrations. Wouldn't email and CID suffice?

For VATUSA Members that would work but for non VATUSA Members there is no way to verify that information.

[Bryan Wollenberg 810243]

How about just putting it up on the website then, as Fred and a few others suggested? Surely there isn't anything secretive in there that the general public shouldn't be reading.

[Jim Johnson 814050]

Not that it matters much to me either way, but I agree with Bryan, Fred, and the others. Why not just link it on the VATUSA website? Since I have admin access to most of the Certificate Server, I prefer to not have my VATSIM p[Mod - Happy Thoughts]word on file anywhere other than places directly linked to the VATSIM servers. Division websites have been hacked a number of times in the past, and I don't need my p[Mod - Happy Thoughts]word getting out because it was stored in a file somewhere.

[Alex Bailey 969331]

VATUSA's site is hosted by VATSIM, so if it gets hacked then we're in trouble

[Kyle Ramsey 810181]

Not that it matters much to me either way, but I agree with Bryan, Fred, and the others. Why not just link it on the VATUSA website? Since I have admin access to most of the Certificate Server, I prefer to not have my VATSIM p[Mod - Happy Thoughts]word on file anywhere other than places directly linked to the VATSIM servers. Division websites have been hacked a number of times in the past, and I don't need my p[Mod - Happy Thoughts]word getting out because it was stored in a file somewhere.

 

Your PW is only stored in a single place. Just like mine.

[David Klain 874106]

Ok folks, I'll take this one for action. There is specific guidance on use of the VATSIM p[Mod - Happy Thoughts]words and in some cases other sites do verify this back to VATSIM's own servers...your p[Mod - Happy Thoughts]word is not captured by the local place. Coordination with the BoG (Ross specifically) and approval was obtained to do this.

 

In the case described in this thread, I am not sure exactly how this is being done. In the past, the VATUSA website had different p[Mod - Happy Thoughts]words [Mod - Happy Thoughts]igned to VATUSA controllers and the VATSIM p[Mod - Happy Thoughts]word was NOT used for just this reason. Same issue in several other divisions.

 

Rather than a public debate on an issue that does have network security implications, I'll run this to ground and will get back to this thread with one of two thngs:

 

(1) the system as set up is secure and requesting the p[Mod - Happy Thoughts]word on this page is acceptable (in which case I'll probably ask the VATUSA webmaster to post a note explaining this on the site)

 

or

 

(2) it is not accepbable and VATUSA has been tasked to change their system.

 

Should have an answer on this pretty quickly.

 

Dave

[David Klain 874106]

OK, folks have confirmed how this is working.

 

The form is a single session-only event process. The CID, PW and Email are captured from the form and verified against the VATSIM DB to authenticate the user. When authenticated, the CID and email are entered into a DB table from whence a verification email is sent to the user for confirmation of their intent to signup for receipt of the newsletter.

Once confirmation is received, the email address is “activatedâ€