The news, opinions and events of VE3OIJ / VE3EEE
VE3OIJ

Why I’ll probably never use Logbook of the World

Digital Modes, DX, General, Operating, Security, Technology

The title topic comes up here and there, and I’m often asked about it on the air, so I thought I’d take the opportunity to detail, once and for all, why I have zero interest in ARRL’s Logbook of the World.

To be fair, it does what it does and based on the number of users, it does it reasonably well – you install their software, jump through their hoops, and you can submit your logs in a way that ARRL will accept for award credit. At that level, I have no complaint with the system.
However, Logbook of the World has a number of shortcomings that are sufficiently off-putting that cause me to lose all interest in the system.

1. It’s great for one or two callsigns, but becomes an ever increasing gluteal pain if you operate lots of special event and other callsigns.

Yes, if you have multiple callsigns, you need a separate cryptographic certificate for each additional callsign. That’s extra files you have to keep track of, extra things to check that you have properly configured before you submit logs, extra things to get deleted/munged if you have a computer failure. It’s also wholly unnecessary – with a database that’s even half-decently designed, one should be able to register once with a primary call and use that cryptographic signature with other calls associated with that particular user. In fact, that’s pretty much the way public key cryptography was DESIGNED to be used, but the ARRL chose not to do it that way.

2. It’s “pretend” security, making a proverbial mountain out of a molehill. What security it provides is unnecessary.

Public Key cryptography – the driving engine behind LotW security is intended to provide two levels of security. First, the radio amateur identifies himself to the certificate issuer satisfactorily. A digital certificate is issued and through the magic of mathematics, whenever the amateur uses the certificate to sign a message, it can be verified that that specific certificate was used. In order to say that an identity is verified, however, one must have assurance that the certificate has not been shared. So although I might jump through ARRL’s identity hoops, I could share my certificate around deliberately… or because it sits as a file on my computer, a malicious person could steal it from my hard drive. Unless the certificate is protected at some level, it offers little or no assurance that it is being used by the intended person. That is why serious systems that use public key cryptography store the certificate in a smart card or similar device – something the proper owner can carry with them and can’t be easily hacked. Yes, the owner could share it around, still but when it’s used he can’t say “well someone hacked it.”

Additionally, it is important that the issuance of certificates cannot be subverted in some way. In particular, for non-US operators, you need only send a real-looking copy of a licence, and a copy of some other official-looking document to verify your identiy. If we assume that ARRL awards are something important enough to try and get by undeserving individuals, it’s probably fair to assume that faking these two simple documents would require only a few minutes of time on the internet and with a program like MSPaint of Photoshop. Therefore, the identity value of the cryptographic certificate is precisely zero by any measure. In fact, ARRL’s identification system is no better than eQSL, and arguably worse (eQSL can at least verify you have access to the mailing address you provide).

But… the certificate is also used to protect the submission in transit. Yes, the traffic is encrypted, but all that does is prevent it from being read by an interceptor (no value, not sensitive info), or modified by an interceptor (theoretically possible, but there would be MUCH easier ways to generate fake QSO records). I might accept this as a valid security measure if the ARRL could produce documentation indicating that they have done a Threat and Risk Assessment and determined that log information is at risk from this kind of attack. These are amateur radio QSO records, not government secrets.

In short, encrypting the records with public key cryptography is like swatting a mosquito by exploding an atomic bomb.

Looking at it another way: why don’t you put a 10 meter fence, a moat and a minefield around your house? You’d probably almost never get broken into, that would be certain. Odds are you don’t go to this extreme because the level of security isn’t justified by the level of risk. And even if you did put a 10 meter fence with a moat and minefield, you wouldn’t put a bridge over the whole thing right to your door. Public key cryptography is that fence/moat/minefield, and the slack authentication and identification process to get a certificate is that bridge.

Use of certificates also costs money. The certificates have to be maintained, they expire, people lose their passwords, they get compromised, they get lost, and all these problems are dumped on the certificate issuer to sort out. That costs time, and time is money. Having considerable experience in the specific field of PKI management, it would not be unreasonable for about 15-25% of certificates to be turned over in any given year just due to lost passwords and compromised certificates – not counting expired certificates and new issues. ARRL pays for that, which means that somewhere, users pay for it.

3. I have to install software on my machine.

Ok, this one is nit-picky, but there is no reason that anyone should have to install software to do these submissions. Even the certificates could be used through a java applet. The whole system is so old-tech. I’m not interested in installing and maintaining a piece of software so I can use pretend security to submit my logs when they can already be submitted automatically from my logging software to eQSL, HRDLog and other places.

4. ARRL charges LotW users for using LotW contacts in award applications.

Users of LotW are charged 25 cents (US) per LotW contact submitted for an award. This is probably related to the costs I mentioned in point 2. And even though that’s not much, it does add $25.00 to the cost of a DXCC if you do it all through LotW. Think about it – you’re paying ARRL for the privilege of saving THEM from sorting through your cards and proof. YOU ARE PAYING TO MAKE THEIR JOB EASIER – not yours, theirs. If anything, they should be reducing the charges for the award, but as noted above, operating a public key infrastructure costs money and they have to get it back somewhere.

More to the point, I like paper cards anyway, and I use paper cards, so why would I want to sink effort into a system that only matters for ARRL awards when I meet their award requirements for free with no extra work on my part?

I think I have laid out, in sufficient detail, why I don’t have interest in participating in the Logbook of the World. I hope it’s clear enough for everyone to understand. Please understand that I harbour no ill-will toward the ARRL or LotW users… If LotW works for you, that’s awesome – enjoy it.

However, since I am regularly asked why I am not interested in LotW, I felt it would be worthwhile to post the reasons here and then refer to them later so I don’t have to type the same thing over and over.

[edit 2014:  I did finally sign up for LotW on my primary callsign late last year.  I upload about twice a month.  My return rate appears to be less than eQSL or paper, so despite all the bleating about how awesome LotW is, it’s actually not as good as eQSL or paper, at least for me.  I’ll guess that maybe CW or phone people get more hits through this method.]

[edit 2017: In 2017, an interesting technology is arising – Quantum Computing.  If the purpose of certificates in LotW is security, then be warned… in a decade, give or take, maybe less, quantum computers will destroy public key cryptography, and the “security” of LotW will be truly non-existent.]

VE3OIJ

Searching for the balloon

Astrophysical and Geophysical, Technology

As you’ve read in a previous post, or perhaps on VE3XGD’s blog, I assisted in a balloon chase recently. VE3XGD and I were the chase team that recovered the first balloon. We are experienced geocachers, and that experience really helped when we were looking for the balloon on the ground.

What I learned on this chase is that there is a bit of wisdom and experience that can be passed on to other people who may wish to chase balloons in the future.

GPS isn’t as accurate as you might think

First off, it’s important to know what GPS accuracy actually means. There are a number of factors that can affect how close the position calculated by the GPS receiver actually is to the true location on the Earth’s surface. Among these factors are:

  • Radio propagation effects between the receiver and the satellite – refraction delays and reflections in particular… every three nanosecond (3×10-9 seconds, 0.000000003s) of delay means 1 m of error
  • The number of satellites seen
  • Signal quality
  • The relative positions of the satellites – you might see 12 satellites, but if they’re all bunched up, they don’t give as good a position.
  • Whether or not you have Wide Area Augmentation System (WAAS) turned on and can hear the WAAS “satellites” plus all the factors above as they apply to WAAS.
  • The weather, tree cover, terrain, etc. This is usually the biggest factor. In trees or urban terrain, GPS accuracy is typically 10-15m

Indeed, if you have a high-end GPS receiver, with a clear sky, a view to the horizon, and good coverage of the WAAS system, you can get 2m accuracy out of your GPSr. The number displayed on your GPSr for accuracy is an estimate of the “Circular Error Probable” or CEP. That number means that there is a 50% chance you are within that distance of the position displayed on the GPSr. If you multiply that number by 2.5, you come up with an approximation of the second diamater Root Mean Square error. Basically that means there’s a 95% chance that you are within that distance of the position displayed on the GPSr.

Thus, if you are showing a position of N 45° 0.00″ and W 75° 0.00″ with an estimated error of 5m, there is a 50% chance you are, in fact, within 5m of that position, and a 95% chance that you are within 12.5m of that position.

Now consider the display itself. At best, you can expect +/- 1 in the last digit for accuracy (that’s probably being kind). If you are using dd mm.mmm (degrees and decimal minutes to 3 places), that’s accuracy of 0.001 minutes added to the CEP error. That works out to 1.8m of latitude, and at my latitude, it’s 1.3m of longitude. If you are using only 2 digits of decimal minutes (like APRS from this balloon was), the accuracy is at least 10x worse (18m and 13m respectively).

So what?

Well, if you’re looking for coordinates set by someone else, when they measured the position, they have all those accumulated errors. Then you go look for their point, and you get all YOUR accumulated errors too. Your errors add to the position errors from the person who set the waypoint you’re looking for.

What does that mean for the balloon?

The balloon we were chasing was sending position updates to 2 decimal places on the minutes. That’s 18m of accuracy, plus whatever other errors. It was a rainy, miserable day when we went out, and the balloon had landed in a field, but in a generally forested area near a big reflective building. My own GPS was reporting estimated errors of 15m or more, depending on whether I was under the trees or not. It’s fair to estimate, then, that the balloon on the ground would be in a similar situation.

Therefore the balloon position is a CEP of 15m (for the GPSr) plus 18m (accuracy of the numbers transmitted), for 33m. The 2dRMS circle is 2.5x that or 82m. And that’s just the balloon position.

When I show up, I have a 15m accuracy from the GPSr, and I can work in 3 decimal places, so there’s an extra 1.8m I have to take into account. That all gets added to the error for the balloon. So I am searching with an error of 33m (balloon) + 17m (my GPSr) or 50m. There is a 50% chance that the balloon is within 50m of what I see as “Ground Zero” on my GPSr, and a 95% chance the balloon is within 125m.

You thought geocaching was easy because you can look up the coordinates, eh?

As you can see, it’s not necessarily so. In the geocaching game, you get the coordinates to 3 decimal places, but that can still leave you a huge search circle. For this balloon, we only had 2 decimal places and an effective search circle that was bigger than two football fields and mostly tree-covered. Suddenly you wish the balloon could signal with a flare or an air horn…

After searching the 50m circle quite extensively for nearly an hour, we did not find the balloon – even though there were at least three teams of searchers. In this case, our 50% chance failed… the balloon was likely in the wider, 95% circle.

I went back and talked with one of the other searchers (VE3JGL) who had seen the balloon come down. He had a direction for the balloon, so I used a geocaching technique: walk the line. I knew roughly how far, and approximately what direction. There’s a note here about estimating the distance of a falling object: If you see something fall from the sky, unless you see it actually hit the ground, it’s probably a lot farther away than you think. With no reference for size of a falling object in the sky, it is REALLY hard for a human to estimate how far away an object in the air actually is. The important thing is to accurately guage the DIRECTION in which the object fell.

VE3XGD and I determined there was a good chance that the balloon had landed on the roof of a nearby building based on this. In the process of looking for a good vantage point to see on the roof, we discovered the balloon near the building in a little field.

How far off was the balloon?

Here is an aerial view (click to embiggen):

[image lost to the ravages of time and database failure]

As you can see, ground zero was 107m from the APRS transmitted location… inside the estimated 95% circle, but well outside the CEP circle. I guess it wasn’t a good day to buy lottery tickets since we failed our 50% chance. Oddly enough, there was sufficient tall grass around that little spot of field that even though I personally had walked around the building once already, I did not see the balloon package.

I marked the wall and glass from VE3XGD’s blog post. The pile of broken glass was about 3 m tall. This goes to illustrate another important point:

When someone has a sign up that says “Danger, do not tresspass here” they probably mean it. The company that owns this land did have such warnings up. That’s something else to think about, especially if you’re doing this sort of thing with kids.

You can read about the Lanark Space Agency’s balloon chases on their site.

You can track the travels of this balloon here.

VE3OIJ

Yaesu VX-8R, the good, the bad, the ugly

Digital Modes, Equipment, Operating, Voice Modes

As noted in the previous post, I have a Yaesu VX-8R now and I thought I’d post some of my impressions in my standard review format…

The Good

This radio is top-notch in a number of areas:

  • The audio quality on send and receive seems to be excellent.  Although nobody buys an HT for its awesome sound quality on receive, it’s nice to have a radio that puts out clear audio right up to max volume.
  • The radio only has 1 knob and setting the volume involves pushing a function button and turning the knob.  My initial reaction to this was not good, but as I played with the radio it occurred to me that something was different… unlike when handling my Kenwood TH-F6A, handling the VX-8R never resulted in the volume being bumped to a weird setting.  I have to give props to this, because it really annoys me when the volume knob on my Kenwood gets bumped off the preferred setting.
  • The radio is light, even compared to the tiny Kenwood that I have.  This means that it can clip on clothing a little easier.  The radio is also quite thin, thinner than my wallet – you could carry it in a pocket if you had to.  Perhaps that says more about the junk I carry in my wallet than the radio, but you get the idea.
  • The radio is submersible.  The primary purpose of an HT is outdoor use for me, and that means exposure to rain and a non-zero chance of being dropped in a puddle or pond.  Submersible is a major bonus in my opinion.
  • APRS is built in.  This is also a great feature for outdoor use.  I hike and geocache, and it’s nice to know that I can carry a beacon with me in the event that I get into trouble.  I use my Kenwood D-700 as a repeater when I am in the woods, and now I can use it to digipeat my location when I’m on a trail or seeking Tupperware by GPS 🙂
  • The radio seems to have good performance on 50 and 220 MHz.  I haven’t really played with it on the other two bands.  There is no problem getting into the 6m repeater that is in my grid square (VE3RVI: 53.030, minus, 1 MHz), and no problem making the 220 MHz repeater even on the reduced power that this radio puts out in that band (VE2REH: 224.760, minus, 110.9 Hz tone).

The GPS unit works well, even from inside my house.  It has a nice little display that gives all your position info.

The Bad

These are really snivels.  There’s only one real issue with this radio as noted in the next section.

  • The lithium-ion battery that comes with the radio is, at 1100 mAH, a bit light for a radio of this power.  I wish the radio was delivered with a pack that accepted AA cells as well, but that is a separately purchased option.  There is, however, a higher capacity battery available separately.  I’ll have to look into that I guess.
  • I don’t understand why this radio is so low powered on the 1.25 m band.  It’s definitely better than nothing, but it would be nice if it had full power like the Kenwood TH-F6A.  I’m sure there’s some design reason, but my gut tells me it should have been easy enough to overcome.
  • The radio only has AM, Narrow FM and Wide FM modes.  This really reduces the functionality of receive in the other amateur bands.  The radio has wide frequency coverage, but within the amateur bands, you can’t listen to the SSB traffic.  Considering that competing radios (like the Kenwood TH-F6A) have SSB and CW reception, it surprises me that this radio does not.  That said, I don’t spend a lot of time listening to that stuff with the Kenwood, so it’s not a major issue with this radio for me.
  • Sending and receiving APRS messages is a bit of a PITA.  If you’re used to the Kenwood D-700 system, you’ll be disappointed.  Per the previous paragraph, the APRS messaging is buried a couple levels down in menus, and my first impression is that the whole interface is not especially intuitive.

The Ugly

I have only one major complaint about this radio, and that it uses a complicated menu system.  The main menu has something like 100 items.  So many of the features of this radio are accessed from the menu, that there is a very steep learning curve.  Sure, the basic functionality is straightforward, but if all you wanted was a couple of VFOs for talking, you would buy a much less expensive radio.  I am certain that another row of front-panel keys could have reduced the menu complexity a bit and not added significantly to the size and weight of the radio.  Even simple features like squelch are in the menu system, making them hard to use.

Whatever you do… DO NOT LOSE THE MANUAL!  I guarantee you’ll need the manual often.

Summary

I am very pleased so far.  I have some accessories on order (speaker-mic, GPS antenna).  I may explore the Bluetooth board, although I am not convinced I want to use a bluetooth headset – mostly because I usually have such a headset for my telephone and don’t think I need two headsets on at the same time.  I will be seeking that AA cell battery pack.  That’s a must-have in my book.

The stock battery seems to have a lifetime of about 3 hours while using high power to talk on a repeater AND transmit an APRS beacon every two minutes.  I haven’t decided if that is good, bad, or ugly.  For most of my use, I don’t expect to use high power, so I would expect to get more battery life.

VE3OIJ

Slow Scan TV and drooling gits…

General, Operating

It’s not something I’d normally do, but this is an event worthy, I think, of being put here as well as my amateur radio blog…

Of late I’ve been playing a bit with slow scan TV. This mode, for the non-amateur reading this, is used by amateur radio enthusiasts to send single pictures to each other, usually via HF radio.

In the olde days, you’d need a camera at your end and a display of some sort at the other end, and some electronics to decode it. In theory, one could still do SSTV that way, but the more usual way is to use a computer and software hooked up to your radio. The still images are now JPG files.

It’s an interesting mode to demonstrate amateur radio to others as well because the picture slowly filling the screen is a real attention grabber.

As stated previously, I also volunteer at the Canada Museum of Science and Technology and operate the radio station there: VE3JW. I had noticed that there was software for SSTV so I decided this weekend to put up a new demo – instead of the digital modes that I normally use, I’d run up some SSTV. By coincidence, there was also a contest on, so there were a LOT of nice images coming in nearly constantly and it made for a really interesting display on the big screen for visitors to watch and ask questions about.

Interesting, that is, until some American yahoo had to transmit a scantily clad woman.

Now don’t get me wrong – at the most basic level, I have no problem with scantily clad women. I encourage less clothing wherever feasible. However, amateur radio SSTV is NOT an appropriate place for it. It was fortunate that I noticed it quickly enough to get it off the screen before anyone complained.

I’d like to thank the operator who sent that picture for personally embarrassing me in front of the public, for embarrassing the national science museum, and for making amateur radio operators look like immature asses. I hope it was worth it in your quest for that important contest QSO. I’m going to be polite and not publish the callsign… this time. You know who you are.

I can’t believe it’s actually necessary to screen for this kind of material in amateur radio. There are so many other venues to pass those kinds of pictures around, do amateur radio hobbyists really need to do it there too? I’d expect better of a high school student, let alone an adult. I was talking to another operator of the museum station and he, too, mentioned that he stopped showing SSTV because of these kinds of pictures. Thanks to the drooler population of amateur radio, we can’t demonstrate something really cool for fear that some softcore porn image will come up. Just what I need to show mom, dad, and their two grade-school kids who stop by the display. Nothing like some half-dressed tart on the screen to leave a good impression about amateur radio.

So, SSTV operators, grow up and leave your nudie pics on your hard drive. Send that crap via email if you must move the pics around. You never know who might be watching.

Search the Blog

Solar Conditions

VE3OIJ on Twitter

Darin Cowan - VE3OIJ
@VE3OIJ

HRDLogNet