[Cluster-tech] PC 2.0 - some considerations.

Cristiano iz0ien at gmail.com
Wed Jul 14 12:51:56 BST 2010


Hello ML,

first, compliments for the work. I enjoyed reading part of the
archives, and for sure i'll continue reading it today.

Let's introduce me. I'm Cristiano IZ0IEN, a very traditional-style op
radioamateur, i like and practice CW in the 80% of my radio activity,
i'm focused on antenna desing and QRM/QRN killing :). Like to practice
and find solutions for HF mobile & manpack. In "work life", i'm a
network designer and mantainer on a small WISP company in my town.

On the forum where i ragchew with other hams,
(http://www.hamradioweb.it) , recently was opened a thread that
complain about the misuse and abuse of PC network. Sadly the problem
is also italian-related, but let's focus on the "why" and not on
"who".

As i read far on the message archive, PC is a very old protocol, with
many add-ins in the years, with pro and cons. The pro is, for sure,
lightness and stability also on relatively old platforms. Cons is, as
i read also on ML, that it can be subject to mass attacks/DoS in easy
ways. The thread (in italian) on the forum where i wrote, is focused
on the callsign abuse (or better: morphing like usenet) that generate
1)backtraffic in reply to offensive messages 2) conflict on the air
between hams 3) in the case of a couple of hams world-famous, when
they are on the air, is like throw gasoline over the fire 4) personal
offense.

Why this post on this ML ? Well, i want to know what you subscribers
think about a PC "2.0".

Not to fast to judge me fool or, like we say in italian, "inventor of
cool water". Consider that:

1) IMHO, the 60% of the PC traffic is web-based. Some DxCluster sites
like www.dxwatch.com implement a mandatory registration before post.
Yes, fake registration can be also there, but if you register my call
and spoof me, and i know from where is originated the spot and
complain with the admin sending a scanned copy of my license, i re-own
my call and the spoofer go out.

2) The rest 40%, 35% is originating from Logger programs with telnet
sessions, and 5% are people that for many reason, including nostalgic
reasons, use telnet (like me) or pratical reason (smartphone in
portable ops, like me). For clients integrated in All-in-one software
(Mixw, EasyLog, Logger32, QARtest...) is an easy game, on a hypotetic
deadline, implement in a future release of the SW a mandatory password
with the call for dxcluster purposes. A motd (message of the day) fo
the rest 5% at the telnet login on the preferred node that invite to
register before proceeding to login is one of the ways to do.

Well, now the hard work. We have 2 ways to login and track a user. On
a peer bases or on a spot bases.

The easy way , for what i know of PC protocol, is on peer basis. Users
are in some way logged in a database on local node
(call/IP/timestamplogin/timestamplogout), in the raw spot we need to
include the originating node and a flag that carry the status of the
spotter (registered/unregistered) for retrocompatibility until the
deadline. User that after the deadline send a spot flagged as "non
registered" is simply ignored. Is own charge of every node admin to
update PC software to latest version before deadline.

This way reduce also the overhead in the spots, instead to carry on
the IPv4/IPv6 info every time, we need to carry only originating node
and flag.
A complain for a spot is just a mail to sysop, and only if for legal
purposes soemone need the IP. In normal life, the only complain that a
sysop would receive is for the possible morph of a callsign. A mail
with a scan of the original license, and the complain is solved.

On a spot base, someone do have a big DB with all the spots generated
all over the word. Not so easy. And expensive. A giant DB, with enough
bandwidth to support rates of 100 spots/second, redundant and
backupped every X time... hmm is not what i call a simple solution.

Maybe is not a simple solution also what i call "the easy way" :)


****Caveat: *i'm not a coder* !!***** I understand simple snippets of
code in C, php, perl, but *i'm not a coder*. I can, e.g. , limit a DoS
attack over a node with a script based on RouterOS platform that limit
the rate of send data from the offensive IP to 100 bytes/sec, or block
him, but i'm unable to "code" what i proposed above. My everyday work
is on IP networks, with some knowledge about MySQL, php, perl, bash
and a bit of common flaws on networks today.

This caveat is to clarify the sense of this post to the readers... *i
am not criticize* the work until now.. *i am not saying* that all the
effort until now are useless... i am only asking and proposing, with
the permission of the author (Dirk G1TLH:lot of thanks, because i also
am a free user of the DxSpiderCluster), if the ham community really
need a PC 2.0, and collect inputs from the community, in respect to
the real necessity of our global era and the security & privacy
concerns.

Waiting opinions (apoligizing for my bad english...)

My 2 cents and vy 73,

Cristiano IZ0IEN







at is to make readers understand the sense of this post: is not a
criticism to all the work



More information about the Cluster-tech mailing list