SSA OLC Region for Flight Claim

They weren't so much "solutions" as they were examples to help Doug
understand that he was being given a line. I agree that they have an
agenda which they aren't revealing. But it isn't gaining them users, at
least at my club. Most pilots there believe that the interface and
upload procedures are just too clunky and confusing to be worth their
time.

-John


Marc Ramsey wrote:
The brush-off might have something to do with the fact that all of these
"solutions" are specific to IIS/ASP running on Windows servers, when I
believe OLC runs Apache on Linux servers. That said, binary file upload
is pretty trivial to implement using the standard mechanisms provided in
HTML/HTTP, which suggests they have other reasons for not doing so...

Marc

Although FTP is a reasonable method of file transfer, it isn't likely
the appropriate method of uploading OLC data. FTP has also had a
pattern of security cracks in the past few years, so SCP/SFTP tunneling
via SSH is much preferred. A file transfered via FTP would require an
additional server process, additional server ports, real server load,
and additional scripts and support issues. If would also complicate
the edit function.

Claim submissions are undoubtedly parsed to one, and likely more, data
table(s) from which the several results pages are queried. PHP is the
method of choice. Likely MySQL, PostgreSQL, or maybe even DB2, would
be likely database engines due to cost and speed.

Obvious agendas for an OLC type setup would be badge leg and record
submissions with OO/NAC endorsements. However, since most NAC's have
their own system of validations and qualifications (and in some cases,
fees), that may require some real re-work between the FAI/IGC and NAC's
to accomplish. Technically, it looks very close. Bureaucratically,
it's a ways off for some of use, closer for others. Nevertheless,
legacy support would seem to remain important, as would bug fixes in
software and firmware.

My $.02

Frank Whiteley

jcarlyle wrote:
They weren't so much "solutions" as they were examples to help Doug
understand that he was being given a line. I agree that they have an
agenda which they aren't revealing. But it isn't gaining them users, at
least at my club. Most pilots there believe that the interface and
upload procedures are just too clunky and confusing to be worth their
time.

-John


Marc Ramsey wrote:
The brush-off might have something to do with the fact that all of these
"solutions" are specific to IIS/ASP running on Windows servers, when I
believe OLC runs Apache on Linux servers. That said, binary file upload
is pretty trivial to implement using the standard mechanisms provided in
HTML/HTTP, which suggests they have other reasons for not doing so...

Marc

Frank Whiteley wrote:
Although FTP is a reasonable method of file transfer, it isn't likely
the appropriate method of uploading OLC data. FTP has also had a
pattern of security cracks in the past few years, so SCP/SFTP tunneling
via SSH is much preferred. A file transfered via FTP would require an
additional server process, additional server ports, real server load,
and additional scripts and support issues. If would also complicate
the edit function.

Huh?

The security issues in FTP are largely twofold:

(1) it's a cleartext protocol
(2) specific FTP servers have had problems

It's a bit broad to paint ALL of "FTP" as having "security cracks."

The additional server process and associated "real server load" are
trivial in modern terms. I doubt the OLC is run on an old 486.

And it would complicate the edit function only if implemented in a
complicated way. A custom FTP server could take you file, issue you a
"ticket number" or something similar, and you'd use that to tell the
edit form what it needs to know to find your file.

This stuff is not rocket surgery.

Jeremy

Jeremy Zawodny wrote:
Frank Whiteley wrote:
Although FTP is a reasonable method of file transfer, it isn't likely
the appropriate method of uploading OLC data. FTP has also had a
pattern of security cracks in the past few years, so SCP/SFTP tunneling
via SSH is much preferred. A file transfered via FTP would require an
additional server process, additional server ports, real server load,
and additional scripts and support issues. If would also complicate
the edit function.

Huh?

The security issues in FTP are largely twofold:

(1) it's a cleartext protocol
(2) specific FTP servers have had problems

It's a bit broad to paint ALL of "FTP" as having "security cracks."

The additional server process and associated "real server load" are
trivial in modern terms. I doubt the OLC is run on an old 486.

And it would complicate the edit function only if implemented in a
complicated way. A custom FTP server could take you file, issue you a
"ticket number" or something similar, and you'd use that to tell the
edit form what it needs to know to find your file.

This stuff is not rocket surgery.

Jeremy
I have also seen entire companies impacted by administrative oversights
in FTP, up to including public disclosure of thousands of CC cards,
user accounts, and other personal information. I think effort is
better spent debugging current issues and leaving other security
concerns out of the picture. PHP also has it's own set of security
issues, but it also allows better control over the persistency of
connections. FTP is a persistent connection and depending on timeouts,
leaving too many connections available can lead to DDOS mischief. Most
ISP's allowing FTP allow very few FTP connections relative to the
number of customers on the service. OLC is currently in use by a very
small percentage of the potential pilot base, especially if the
movement is to more important services. It would be nice to know if
the incremental cost per pilot will increase or decrease with growth
and can be supported by advertising. There is likely a point at which
a substantial upscaling of the servers and bandwideth would be needed.
It's one of the better things to happen to soaring in some time.

Frank

Frank Whiteley wrote:
Jeremy Zawodny wrote:
Frank Whiteley wrote:
Although FTP is a reasonable method of file transfer, it isn't likely
the appropriate method of uploading OLC data. FTP has also had a
pattern of security cracks in the past few years, so SCP/SFTP tunneling
via SSH is much preferred. A file transfered via FTP would require an
additional server process, additional server ports, real server load,
and additional scripts and support issues. If would also complicate
the edit function.

Huh?

The security issues in FTP are largely twofold:

(1) it's a cleartext protocol
(2) specific FTP servers have had problems

It's a bit broad to paint ALL of "FTP" as having "security cracks."

The additional server process and associated "real server load" are
trivial in modern terms. I doubt the OLC is run on an old 486.

And it would complicate the edit function only if implemented in a
complicated way. A custom FTP server could take you file, issue you a
"ticket number" or something similar, and you'd use that to tell the
edit form what it needs to know to find your file.

This stuff is not rocket surgery.

Jeremy
I have also seen entire companies impacted by administrative oversights
in FTP, up to including public disclosure of thousands of CC cards,
user accounts, and other personal information. I think effort is
better spent debugging current issues and leaving other security
concerns out of the picture. PHP also has it's own set of security
issues, but it also allows better control over the persistency of
connections. FTP is a persistent connection and depending on timeouts,
leaving too many connections available can lead to DDOS mischief. Most
ISP's allowing FTP allow very few FTP connections relative to the
number of customers on the service. OLC is currently in use by a very
small percentage of the potential pilot base, especially if the
movement is to more important services. It would be nice to know if
the incremental cost per pilot will increase or decrease with growth
and can be supported by advertising. There is likely a point at which
a substantial upscaling of the servers and bandwideth would be needed.
It's one of the better things to happen to soaring in some time.

Frank

Interestingly, I was showing the global view of OLC to a former B-17
pilot today as the bulk of the European flights were showing up and I
got a short period of server unavailability, that is, an OLC page
advising this, not a failure to connect. I suspect the database server
was humming.

Frank

Frank

The OLC web interface can be a challenge, but claiming with commercial
software (SeeYou or StrePla) is usually trivial. We can download
several loggers and claim in 10-15 min where I fly. It's part of the
post-flight festivities.

jcarlyle wrote:
They weren't so much "solutions" as they were examples to help Doug
understand that he was being given a line. I agree that they have an
agenda which they aren't revealing. But it isn't gaining them users, at
least at my club. Most pilots there believe that the interface and
upload procedures are just too clunky and confusing to be worth their
time.

-John


Marc Ramsey wrote:
The brush-off might have something to do with the fact that all of these
"solutions" are specific to IIS/ASP running on Windows servers, when I
believe OLC runs Apache on Linux servers. That said, binary file upload
is pretty trivial to implement using the standard mechanisms provided in
HTML/HTTP, which suggests they have other reasons for not doing so...

Marc