New Website

G4MD · 25 April 2016 20:15

Hi Jon,

Yes, like Glyn says… and going down a level to individual summits, for my activations G summits have an “activated by you” date shown but not any of the other associations :-s

Thanks for all your work on our behalf

73 de Paul G4MD

G0LGS · 25 April 2016 20:40

That’s OK as long as your password on the old site meets the requirements for the new site (mine didn’t).

I presume that the new site refers to our account as ‘SOTAwatch Account’ as that is what it will become ?

G4ZFZ · 26 April 2016 05:32

Ah yes, this is missing some logic which I had on SOTAwatch that needs to make it’s way across. Sorry about that, I’ll try and get this sorted as soon as I can.

73, Jon

G4ZFZ · 26 April 2016 05:43

Perhaps eventually we will be able to have single sign on for a number of the online resources. And yes, it is not unlikley that this would be based on the SOTA Website account. The first step in this direction will be the gradual move of SOTAwatch into the new website which will mean one less set of creds.

73, Jon

G0VWP · 26 April 2016 05:53

Hi Jon,
I cannot get into the new website even using the same username (call sign) and the same password as on the old site with no joy so I must be doing something wrong ???

DD5LP · 26 April 2016 06:06

Hi Terry,

You need to create a new ID for the new website - you can make it the same as what you have used before, but the security database for the new website is a different one to sotawatch or the sota database.

Click this link to register on the new SOTA website Summits on the Air

Ed

PS Jon, you might want to change the title on the register page not to say “Create New SOTAwatch Account” to something like “Create New SOTA.org.uk website Account” .

G0VWP · 26 April 2016 06:14

No joy Ed tried three different pass words just comes up with password provided is invalid.

tel

DD5LP · 26 April 2016 06:17

Jon, another one to put on the “to do” list I fear.
On the associations page ( Summits on the Air ) there is an option to search for summits within a certain distance and it states:

This searches for summits within a defined radius of the specified coordinates.
Coordinates default to Home QTH if these details are available.

I have set my HomeQTH lat & long but these are not picked up in this feature and I am asked to enter data in the fields.

73 Ed.

M0HGY · 26 April 2016 06:52

Hi Jon,

I have tried to create an account on the new SOTA Website, but all I get is an error message saying password invalid. How do I resolve this?

Jimmy M0HGY

G4ZFZ · 26 April 2016 07:03

If anyone is having problems with passwords, etc. Please don’t post to this thread but send me a PM, send me an email, or send me a message via the Contact form on the website and I will try and help you out. Generally, the solution to these problems involve:

Realising that the website is different from SOTAwatch and the Database
Locking your account by trying too many times to log in with a wrong password. (I can unlock you)
Not including a non-alphanumeric character (i.e. a ‘&’, ‘!’, etc.)

73, Jon

G4ZFZ · 26 April 2016 07:04

Thanks Ed, this won’t have helped. I completely missed this. I have now changed the text to make more sense.

73, Jon

G4ZFZ · 26 April 2016 07:09

Ed, this seems to work for me. Can you please check your user page (on the website, not SOTAwatch) to ensure the long/lat are there and then perhaps do a force refresh of the Associations page.

DD5LP · 26 April 2016 07:22

Already checked that Lat and Long are set and re-saved the details - I just logged out and in and the lat and long figures are now there in the distance search boxes, so not sure what the issue was but looks fine now.

By the way when I log on, I always get taken to the page to change my account details (password etc.) - is this normal? I would have expected to return to the page from where I pressed the logon button, or at least the home page.
Ed.

M1EYP · 26 April 2016 07:33

Not noticing the small print about the requirement for a non-alphanumeric character in the password is my bet for most of the problems in creating a new account.

G0VWP · 26 April 2016 07:46

Hi Tom,
That worked fine, must stop getting up at 0500hrs in a morning, thanks Tom.

Terry

M1EYP · 26 April 2016 08:17

No problem Terry, glad it worked. I only know this after eventually realising this was what was repeatedly preventing me from registering and logging on. HTH.

K6WRU · 26 April 2016 15:06

Locking an account after multiple missed attempts is a denial of service vulnerability. As long as the attacker can guess a login name, they can lock out anyone. Assuming that your login name is your call sign, I could lock you out right now.

We figured this out back in 1977, when IBM added the feature to OS/MVS. Within 24 hours, the head sysadmin had been locked out of his own account.

The US Department of Defense guidelines used to recommend notifying the security officer after 1000 failed attempts, but only for high-security systems. Not sure what they recommend today.

wunder

M1MAJ · 27 April 2016 09:03

Absolutely. Lockout on repeated failures is something that security auditors often recommend but is almost always a bad idea. In its least obtrusive form it automatically resets after a reasonably short delay but even that is a nuisance. Most password compromises are not the result of repeated guessing through the normal login mechanism.

There is a lot of academic research in this area, in my own department and elsewhere. Evidence-based research discredits a great deal of the standard advice typically given by security auditors. They often fail to look at the big picture or accurately analyse the threat model.

We often find that recreational web sites, where compromise carries little real risk, end up with more obtrusive security than sites where compromise could end up costing you serious money. The security precautions tend to be driven by what the end users will tolerate rather than what is actually an appropriate response to the risk.

Martyn

G4ZFZ · 27 April 2016 10:34

Really helpful comments about the lock out mechanism … thanks. I might just do away with that and perhaps also the non-alphanumeric requirement which just means that some folk are unable to use the password they use on SOTAwatch. As you point out, the risk and impact is quite limited here.

There is now the facility to enter Alternative Callsigns in your user screen. This addresses the issue of activating in different UK associations and also the issue posed by operators who change their callsign for other reasons like license upgrades, moving, etc. So your My Chases and My Activations figures should now be able to be integrated across your different activating callsigns.

It does currently allow you to put in a callsign of a top chaser/activator and suddenly feel epic. Not sure this is really a problem as such. I suppose we could prevent callsigns of existing users being entered as Alternative Callsigns.

73, Jon

VK1DA · 27 April 2016 12:25

May I offer another comment about passwords.

In my opinion many password errors by users are due to masking of password fields. This is the process of displaying asterisks or hash characters as the user keys in their password. The theory is that this avoids onlookers readily viewing your password.

I think this is an unnecessary feature for many passwords. For keyboard users with limited confidence it just means they don’t know they typed the wrong password. Such situations lead to frustration and the user abandoning the site or service in disgust. I know of several such users. As many or most users are in their shack or on a hilltop when entering the password, visual security is not necessary and for fat fingers on a small screen, highly likely to obscure errors.

In this situation, unless the user is likely to have onlookers keen to learn their sotawatch password, I would display the password in the clear. That would avoid many problems.

73 Andrew VK1DA/VK2UH