Loading ...
Sorry, an error occurred while loading the content.

Re: Need help with certificate

Expand Messages
  • Dave Bernstein
    Sorry, I didn t mean that you should re-architect and re-implement the entire system. As your earlier note seemed to focus on the user interface, I thought you
    Message 1 of 16 , Feb 29, 2004
    • 0 Attachment
      Sorry, I didn't mean that you should re-architect and re-implement
      the entire system. As your earlier note seemed to focus on the user
      interface, I thought you might be interested in re-implementing TQSL
      and/or TQSLCert to address their acknowledged shortcomings in this
      area.

      I am of the opinion that LotW's useability can be incrementally
      improved to the point where most users will find it "natural".
      Whether or not the current complexity -- generated by the security
      requirements, the centralized architecture, and other design
      decisions -- was justified is moot, unless one is writing a case
      study.

      73,

      Dave, AA6YQ


      LOTW@yahoogroups.com, "Martin Fouts" <lists@f...> wrote:
      > We're talking about two different things. You're talking about
      methods,
      > (about which, we could have an interesting discussion, but it would
      range
      > far afield of this topic) and I'm talking about mindsets, (about
      which, of
      > course, the classic reference is Brook's comments on second system
      > syndrome.) And because of NIH, and the ornate mindset that had to
      be behind
      > the LOTW design, I doubt very much that the LOTW team would be
      interested in
      > a solution, as they've already pretty clearly dismissed the obvious
      one:
      > reduce the supposed 'security' to a level appropriate for the
      nature of the
      > application. public-key crypto systems, especially those developed
      without
      > any infrastructure support are massive overkill for the level of
      security
      > required for this application.
      >
      >
      > -----Original Message-----
      > From: Dave Bernstein [mailto:aa6yq@a...]
      > Sent: Saturday, February 28, 2004 9:36 PM
      > To: ARRL-LOTW@yahoogroups.com
      > Subject: [ARRL-LOTW] Re: Need help with certificate
      >
      >
      > I disagree. The largest factor in the failure of large-scale
      software
      > systems is the use waterfall-like development processes that impede
      > the discovery of high-risk issues until late in the project. Most of
      > these failures occur before real users ever see the system.
    • Martin Fouts
      The user interface is merely a symptom of the design failure of the underlying architecture. If the security requirements led to the arcane security
      Message 2 of 16 , Mar 1, 2004
      • 0 Attachment
        The user interface is merely a symptom of the design failure of the
        underlying architecture.

        If the "security requirements" led to the arcane "security" approach, then
        the underlying failure goes back as far as understanding the actual
        requirements of the system.

        Any system can be incrementally modified into some other system. The
        question isn't "can we", the question is "should we"; and unless you're
        interests run to wallowing in the Turing tar pit, for the "security"
        architecture of LotW, the answer is a resounding no.

        Sometimes, especially when it's still early days, it's better to fix the
        mistake than to paper over it with a UI kludge
        -----Original Message-----
        From: Dave Bernstein [mailto:aa6yq@...]
        Sent: Sunday, February 29, 2004 10:24 PM
        To: ARRL-LOTW@yahoogroups.com
        Subject: [ARRL-LOTW] Re: Need help with certificate


        Sorry, I didn't mean that you should re-architect and re-implement
        the entire system. As your earlier note seemed to focus on the user
        interface, I thought you might be interested in re-implementing TQSL
        and/or TQSLCert to address their acknowledged shortcomings in this
        area.

        I am of the opinion that LotW's useability can be incrementally
        improved to the point where most users will find it "natural".
        Whether or not the current complexity -- generated by the security
        requirements, the centralized architecture, and other design
        decisions -- was justified is moot, unless one is writing a case
        study.
      • Dave Bernstein
        I agree that architecturally flawed systems in general can t be papered over with better UIs. I don t believe that LotW s security requirements were
        Message 3 of 16 , Mar 1, 2004
        • 0 Attachment
          I agree that architecturally flawed systems in general can't be
          papered over with better UIs. I don't believe that LotW's security
          requirements were inappropriate. I do think that users are
          unnecessarily exposed to complexity and error-prone manual
          procedures, but believe that this can be rectified with by adding the
          appropriate functionality.

          It would have been entertaining to see your description of how a disk
          drive's head positioning system can be incrementally modified into an
          air traffic control system, but I think we're better off agreeing to
          disagree.

          73,

          Dave, AA6YQ

          --- In ARRL-LOTW@yahoogroups.com, "Martin Fouts" <lists@f...> wrote:
          > The user interface is merely a symptom of the design failure of the
          > underlying architecture.
          >
          > If the "security requirements" led to the arcane "security"
          approach, then
          > the underlying failure goes back as far as understanding the actual
          > requirements of the system.
          >
          > Any system can be incrementally modified into some other system.
          The
          > question isn't "can we", the question is "should we"; and unless
          you're
          > interests run to wallowing in the Turing tar pit, for the "security"
          > architecture of LotW, the answer is a resounding no.
          >
          > Sometimes, especially when it's still early days, it's better to
          fix the
          > mistake than to paper over it with a UI kludge
          > -----Original Message-----
          > From: Dave Bernstein [mailto:aa6yq@a...]
          > Sent: Sunday, February 29, 2004 10:24 PM
          > To: ARRL-LOTW@yahoogroups.com
          > Subject: [ARRL-LOTW] Re: Need help with certificate
          >
          >
          > Sorry, I didn't mean that you should re-architect and re-implement
          > the entire system. As your earlier note seemed to focus on the user
          > interface, I thought you might be interested in re-implementing TQSL
          > and/or TQSLCert to address their acknowledged shortcomings in this
          > area.
          >
          > I am of the opinion that LotW's useability can be incrementally
          > improved to the point where most users will find it "natural".
          > Whether or not the current complexity -- generated by the security
          > requirements, the centralized architecture, and other design
          > decisions -- was justified is moot, unless one is writing a case
          > study.
        Your message has been successfully submitted and would be delivered to recipients shortly.