[aprssig] Universal APRS messaging
Steve Dimse steve at dimse.comThu Oct 23 20:43:56 UTC 2008
- Previous message: [aprssig] APRS/CE?
- Next message: [aprssig] Universal APRS messaging
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Oct 23, 2008, at 3:17 PM, Phillip wrote: > > If you want to be able to do this Universal APRS Web based messaging > and you > put in position the means to do it then you as the site owner could > be held > responsible. Can you cite a single country's amateur radio rules that would suggest this? If you can I'll look at it, otherwise I consider this a hypothetical, fictional, and unrealistic scenario. In the US, providers of Internet Services are specifically immunized against the actions of their users that violate terms of service. You have to agree that you are a ham using your own callsign to send a message through findU, that is more than adequate for this country. Even if a country could hold someone else responsible, which server would you blame? findU? The APRS hubs the message traveled through? The ISP that connected the IGate to the internet? All have the same "vulnerability", passing messages without authentication of sender. How can you prove any server owner was actually involved? ANYONE can send ANYTHING on the APRS IS. I can make it seem like YOU sent the message. And in fact, if I were trying to do something nefarious, I would certainly make sure the evidence pointed somewhere other than where I actually did my evil deed. > > There should be a secure way of checking who places the message and > the > content of the message... It is not possible without a complete revamping of the APRS Internet System. This would be the best possible outcome. It would be difficult and painful, like the APRS QSY was, but the end result would also be as worthwhile. > > Here in NZ we had the very same question arrive some years back when > Packet > BBS's and the Internet arrived in force our Regulation Body was > asked some > questions and the out come was that the originator would be > responsible .. That is the law in the US as well, but the law is specifically for the originating STATION, and station is specifically defined in the rules as the equipment to transmit. The person on the internet is not responsible under the communications rules of the US. > > I would say that authenticating a message on APRS would fall on the > server > owner who allows these messages to be passed on > to the APRS community That is absolutely not the case with US rules, our FCC specifically addresses this situation in Part 97. If it is different in your country, or any other that you know of, I'd love to see a link to those rules! And agin, which server owner? > > As an Igate sysop if the Universal APRS messaging gets out of > control and is > abused then the easiest way would be to exclude > messaging from the Igate every Igate Sysop is in control of his / > her own > station. Absolutely, that is where the responsibility rightfully, and (at least in the US) legally belongs. I turned off the internet to RF direction of my IGate on the day many years ago when the APRS Internet System became insecure. The thing I fear I have still not adequately conveyed is there is NO new insecurity in the APRS IS. From the day aprsd published the source code to do APRS IS validation, ANYONE could send ANYTHING on the APRS IS completely without detection or traceability. Anyone who thinks there has been any security on the APRS IS for the last ~8 years, and that internet messaging makes it worse, either does not understand the situation or is burying their head in the sand. > > Bob, you want Universal APRS messaging and software writers to produce > software how about getting on to those that have > these programs and get them to either update them or release them to > others > that can carry on improving them > APRS/CE would be a go start ... That's a whole separate argument, but I firmly believe that everyone has the right to do whatever they like with their own intellectual property. For example, I can't begin to understand why Roger chose to end UI-View when he became terminally ill, instead of handing it off. I want what I've created to outlive me, but I absolutely respect his right to choose how to handle the situation, and I'll fight viciously anyone who claims they have the right to force someone to act against their wishes. Once APRS development was closed. Anyone that was on the sig in early 1999 will tell you I fought (yes, viciously) to get it opened up to all developers. I did that so you could write your own version. If you want a CE version, write it! Steve K4HG
- Previous message: [aprssig] APRS/CE?
- Next message: [aprssig] Universal APRS messaging
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the aprssig mailing list