[arrl-odv:29994] Week 1 of ARRL - Remote
Good morning ODV: We're now four days into remote operations based on Connecticut Governor Ned Lamont's "Stay Safe, Stay Home" policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy. Since there's been some confusion, I'd like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By "business location" the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for "receiving mail and packages". There was also an exception which allowed that a business didn't have to file for an "essential" determination if there was only one person at a location (e.g. an attendant). Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working. Given all that, here's a status of what's been going on this week: * We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. * That leaves only 12 people who cannot work remotely beginning April 2nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. * All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. * We are running the warehouse in two shifts with one person on each shift to comply with the Governor's order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. * We have one full time staff position in the Controller's department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. * As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. * I've already reported on the ARRL VEC which I sent the other day. * All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. * We're handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. * The ARRL DX contest is being adjudicated on schedule. * Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline. Overall, it's been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise. If you have specific questions, please let me know and I'll try to get them answered. 73, Barry, N1VXY
Barry and Diane, This effort has been absolutely extraordinary. Thank you for accomplishing this transition so successfully and in such a short time. Our membership has been fully supportive and understanding during the change, so I see our efforts to keep everyone informed has been successful. For me, please extend these congratulations to the entire staff, with the hope and wishes that everyone will be back to normal in a few short weeks. 73, Dale Williams WA8EFK On 3/28/2020 7:48 AM, Shelley, Barry, N1VXY (CEO) wrote:
Good morning ODV:
We’re now four days into remote operations based on Connecticut Governor Ned Lamont’s “Stay Safe, Stay Home” policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy.
Since there’s been some confusion, I’d like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By “business location” the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for “receiving mail and packages”. There was also an exception which allowed that a business didn’t have to file for an “essential” determination if there was only one person at a location (e.g. an attendant).
Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working.
Given all that, here’s a status of what’s been going on this week:
* We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. * That leaves only 12 people who cannot work remotely beginning April 2^nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. * All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. * We are running the warehouse in two shifts with one person on each shift to comply with the Governor’s order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. * We have one full time staff position in the Controller’s department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. * As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. * I’ve already reported on the ARRL VEC which I sent the other day. * All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. * We’re handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. * The ARRL DX contest is being adjudicated on schedule. * Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline.
Overall, it’s been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise.
If you have specific questions, please let me know and I’ll try to get them answered.
73,
Barry, N1VXY
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Thank you Barry. I appreciate the update and I truly appreciate that you and Diane are doing everything you can for the well-being of our staff. It is wonderful news that most can stay working during this time and we can keep serving our members. Regarding the LoTW certificates - Firstly, I hope that the delays in issuance are communicated to members. Yesterday a friend reached out to me for tech help with his LoTW account. It turned out that he submitted about 8 duplicate certificate requests because he was waiting and thought the others got lost. I told him to cease fire and wait on HQ since there will be delays. But I would imagine he’s not the only one. Secondly, is there a reason that this is a manual process on our end? I deal with cryptography and digital signatures all the time and largely this process is automated. Occasionally there may be manual review or approval required but for the most part the system is automated. I would eventually like us to be able to issue LoTW certificates in minutes, especially for those that we have an existing relationship with and whose data can be verified in our database and trusted sources (eg. FCC database). Ria N2RJ On Sat, Mar 28, 2020 at 7:48 AM Shelley, Barry, N1VXY (CEO) < bshelley@arrl.org> wrote:
Good morning ODV:
We’re now four days into remote operations based on Connecticut Governor Ned Lamont’s “Stay Safe, Stay Home” policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy.
Since there’s been some confusion, I’d like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By “business location” the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for “receiving mail and packages”. There was also an exception which allowed that a business didn’t have to file for an “essential” determination if there was only one person at a location (e.g. an attendant).
Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working.
Given all that, here’s a status of what’s been going on this week:
- We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. - That leaves only 12 people who cannot work remotely beginning April 2 nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. - All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. - We are running the warehouse in two shifts with one person on each shift to comply with the Governor’s order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. - We have one full time staff position in the Controller’s department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. - As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. - I’ve already reported on the ARRL VEC which I sent the other day. - All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. - We’re handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. - The ARRL DX contest is being adjudicated on schedule. - Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline.
Overall, it’s been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise.
If you have specific questions, please let me know and I’ll try to get them answered.
73,
Barry, N1VXY
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Ria: Let me try and answer your question to the best of my non-techy knowledge. When it was first being designed, the concept of “Security” for the system was considered paramount. And it was considered that the signing machine used for Certificate Authority which holds the private keys for the root certificate used to sign certificates should be as secure as possible. To make certain that was the case, the decision was made to make the signing machine an air-gapped computer from our network and the rest of the universe. I’m told it would be possible to employ a secure device -- a hardware security module (HSM) -- on a networked computer to do the certificate signing. Best practices for use of a HSM require a button press or similar operator action in order to prevent certificates from being signed by intruders or malware. So, in the end it still remains at least in part a manual operation (as in the physical presence of an operator is required) even with a networked signing machine. Again, all in the name of absolute security. Further, I inquired about how a completely automated networked HSM (one which did not require any manual interaction) would be implemented. If we were to be employ an HSM on a network system, it would seem that we might be creating a valued target on whatever network that system resided. Our fiduciary duty would require us to evaluate the level of security and monitoring that would be appropriate for safeguarding such an asset. Logbook of the World has never had a robust budget compared to how a comparable system at a profitable, commercial enterprise would be operated. In terms of its cost and complexity, air-gapping provides the simplest and least expensive solution for a service that has always been operated at a financial loss to the membership. To the specific example you sited: As I understand it, the current version of TQSL prevents someone from submitting a 2nd (and subsequent) request while a previous request is pending. TQSL clearly instructs the user to just sit tight and wait for a response from HQ or to contact lotw-help. Or, if necessary, delete the previous request. So, in order to have sent 8 sequential requests either the user: (1) was possibly using an out of date version of TQSL (which takes some effort as TQSL auto-updates itself to prevent users from using an out of data version); or (2) didn’t read the on-screen messages and plowed right through the stop sign. I know everyone is looking for ways to improve processes. In this case, because there’s more than just a technological component (system, LoTW information and asset security), I would suggest that this be eventually referred to the LoTW Working Group and the PSC for study and decisions. Just my 2 cents. 73, Barry, N1VXY From: rjairam@gmail.com <rjairam@gmail.com> Sent: Saturday, March 28, 2020 8:42 AM To: Shelley, Barry, N1VXY (CEO) <bshelley@arrl.org> Cc: arrl-odv <arrl-odv@arrl.org> Subject: Re: [arrl-odv:29994] Week 1 of ARRL - Remote Thank you Barry. I appreciate the update and I truly appreciate that you and Diane are doing everything you can for the well-being of our staff. It is wonderful news that most can stay working during this time and we can keep serving our members. Regarding the LoTW certificates - Firstly, I hope that the delays in issuance are communicated to members. Yesterday a friend reached out to me for tech help with his LoTW account. It turned out that he submitted about 8 duplicate certificate requests because he was waiting and thought the others got lost. I told him to cease fire and wait on HQ since there will be delays. But I would imagine he’s not the only one. Secondly, is there a reason that this is a manual process on our end? I deal with cryptography and digital signatures all the time and largely this process is automated. Occasionally there may be manual review or approval required but for the most part the system is automated. I would eventually like us to be able to issue LoTW certificates in minutes, especially for those that we have an existing relationship with and whose data can be verified in our database and trusted sources (eg. FCC database). Ria N2RJ On Sat, Mar 28, 2020 at 7:48 AM Shelley, Barry, N1VXY (CEO) <bshelley@arrl.org<mailto:bshelley@arrl.org>> wrote: Good morning ODV: We’re now four days into remote operations based on Connecticut Governor Ned Lamont’s “Stay Safe, Stay Home” policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy. Since there’s been some confusion, I’d like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By “business location” the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for “receiving mail and packages”. There was also an exception which allowed that a business didn’t have to file for an “essential” determination if there was only one person at a location (e.g. an attendant). Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working. Given all that, here’s a status of what’s been going on this week: * We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. * That leaves only 12 people who cannot work remotely beginning April 2nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. * All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. * We are running the warehouse in two shifts with one person on each shift to comply with the Governor’s order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. * We have one full time staff position in the Controller’s department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. * As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. * I’ve already reported on the ARRL VEC which I sent the other day. * All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. * We’re handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. * The ARRL DX contest is being adjudicated on schedule. * Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline. Overall, it’s been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise. If you have specific questions, please let me know and I’ll try to get them answered. 73, Barry, N1VXY _______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org<mailto:arrl-odv@reflector.arrl.org> https://reflector.arrl.org/mailman/listinfo/arrl-odv
the decision was made to make the signing machine an air-gapped computer OpenSSL has been around for 22 years.
The only air gapped certificate servers I've seen in the last 10 years are in the federal government and inter-bank transactions. Even the servers that claim to be "air gapped" in some of these situations are actually running on virtualized servers on a host with many others, but a single Ethernet port attached to the virtual machine. I wrote a white paper for SPAWAR under contract a few years ago (2013) that argued which classified systems need or don't need air-gap networks. Encrypted systems and networks practically eliminate the need for air gap. When I worked at the Pentagon in 2006-2007, I had two PCs on my desk connected to two different networks that we air gapped, but the work I was doing clearly needed it. QSLs clearly don't. I'd think we could get a volunteer to make key generation a self-service web application with a turnaround time of a month or so. This is another point of dissatisfaction I've heard a number of times, and we could take this off someone's plate easily. Think about this for a moment. You don't need to apply for a key to access your financial data from your bank - your identity is verified and these keys are handled unseen by you by SSL... and increasingly by blockchain. BTW, LoTW is a natural for a blockchain development project and security is inherent. Maybe LoTW 2.0... Mickey Baker, N4MB Palm Beach Gardens, FL *“The servant-leader is servant first… It begins with the natural feeling that one wants to serve, to serve first. Then conscious choice brings one to aspire to lead." Robert K. Greenleaf* On Mon, Mar 30, 2020 at 2:45 PM Shelley, Barry, N1VXY (CEO) < bshelley@arrl.org> wrote:
Ria:
Let me try and answer your question to the best of my non-techy knowledge.
When it was first being designed, the concept of “Security” for the system was considered paramount. And it was considered that the signing machine used for Certificate Authority which holds the private keys for the root certificate used to sign certificates should be as secure as possible. To make certain that was the case, the decision was made to make the signing machine an air-gapped computer from our network and the rest of the universe.
I’m told it would be possible to employ a secure device -- a hardware security module (HSM) -- on a networked computer to do the certificate signing. Best practices for use of a HSM require a button press or similar operator action in order to prevent certificates from being signed by intruders or malware. So, in the end it still remains at least in part a manual operation (as in the physical presence of an operator is required) even with a networked signing machine. Again, all in the name of absolute security.
Further, I inquired about how a completely automated networked HSM (one which did not require any manual interaction) would be implemented. If we were to be employ an HSM on a network system, it would seem that we might be creating a valued target on whatever network that system resided. Our fiduciary duty would require us to evaluate the level of security and monitoring that would be appropriate for safeguarding such an asset. Logbook of the World has never had a robust budget compared to how a comparable system at a profitable, commercial enterprise would be operated. In terms of its cost and complexity, air-gapping provides the simplest and least expensive solution for a service that has always been operated at a financial loss to the membership.
To the specific example you sited:
As I understand it, the current version of TQSL prevents someone from submitting a 2nd (and subsequent) request while a previous request is pending. TQSL clearly instructs the user to just sit tight and wait for a response from HQ or to contact lotw-help. Or, if necessary, delete the previous request. So, in order to have sent 8 sequential requests either the user:
(1) was possibly using an out of date version of TQSL (which takes some effort as TQSL auto-updates itself to prevent users from using an out of data version); or
(2) didn’t read the on-screen messages and plowed right through the stop sign.
I know everyone is looking for ways to improve processes. In this case, because there’s more than just a technological component (system, LoTW information and asset security), I would suggest that this be eventually referred to the LoTW Working Group and the PSC for study and decisions.
Just my 2 cents.
73,
Barry, N1VXY
*From:* rjairam@gmail.com <rjairam@gmail.com> *Sent:* Saturday, March 28, 2020 8:42 AM *To:* Shelley, Barry, N1VXY (CEO) <bshelley@arrl.org> *Cc:* arrl-odv <arrl-odv@arrl.org> *Subject:* Re: [arrl-odv:29994] Week 1 of ARRL - Remote
Thank you Barry. I appreciate the update and I truly appreciate that you and Diane are doing everything you can for the well-being of our staff. It is wonderful news that most can stay working during this time and we can keep serving our members.
Regarding the LoTW certificates -
Firstly, I hope that the delays in issuance are communicated to members. Yesterday a friend reached out to me for tech help with his LoTW account. It turned out that he submitted about 8 duplicate certificate requests because he was waiting and thought the others got lost. I told him to cease fire and wait on HQ since there will be delays. But I would imagine he’s not the only one.
Secondly, is there a reason that this is a manual process on our end? I deal with cryptography and digital signatures all the time and largely this process is automated. Occasionally there may be manual review or approval required but for the most part the system is automated. I would eventually like us to be able to issue LoTW certificates in minutes, especially for those that we have an existing relationship with and whose data can be verified in our database and trusted sources (eg. FCC database).
Ria
N2RJ
On Sat, Mar 28, 2020 at 7:48 AM Shelley, Barry, N1VXY (CEO) < bshelley@arrl.org> wrote:
Good morning ODV:
We’re now four days into remote operations based on Connecticut Governor Ned Lamont’s “Stay Safe, Stay Home” policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy.
Since there’s been some confusion, I’d like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By “business location” the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for “receiving mail and packages”. There was also an exception which allowed that a business didn’t have to file for an “essential” determination if there was only one person at a location (e.g. an attendant).
Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working.
Given all that, here’s a status of what’s been going on this week:
- We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. - That leaves only 12 people who cannot work remotely beginning April 2 nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. - All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. - We are running the warehouse in two shifts with one person on each shift to comply with the Governor’s order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. - We have one full time staff position in the Controller’s department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. - As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. - I’ve already reported on the ARRL VEC which I sent the other day. - All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. - We’re handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. - The ARRL DX contest is being adjudicated on schedule. - Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline.
Overall, it’s been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise.
If you have specific questions, please let me know and I’ll try to get them answered.
73,
Barry, N1VXY
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Hi Barry, While I'm all for security, there is no reason that a previously authenticated user can't receive a renewal or replacement certificate via an automated process. One of the more popular certificate authorities today is Let's Encrypt. The system works on the principle that it automatically renews the certificate every 4 months without human intervention. This is a simplistic example but it is a well-known, publicly documented system. I would even go as far as to say that it is a waste of staff time to have them manually issuing certificates for something that can and should be automated. But as you said - it would be best for the LoTW committee to tackle this. Ria N2RJ On Mon, 30 Mar 2020 at 14:45, Shelley, Barry, N1VXY (CEO) <bshelley@arrl.org> wrote:
Ria:
Let me try and answer your question to the best of my non-techy knowledge.
When it was first being designed, the concept of “Security” for the system was considered paramount. And it was considered that the signing machine used for Certificate Authority which holds the private keys for the root certificate used to sign certificates should be as secure as possible. To make certain that was the case, the decision was made to make the signing machine an air-gapped computer from our network and the rest of the universe.
I’m told it would be possible to employ a secure device -- a hardware security module (HSM) -- on a networked computer to do the certificate signing. Best practices for use of a HSM require a button press or similar operator action in order to prevent certificates from being signed by intruders or malware. So, in the end it still remains at least in part a manual operation (as in the physical presence of an operator is required) even with a networked signing machine. Again, all in the name of absolute security.
Further, I inquired about how a completely automated networked HSM (one which did not require any manual interaction) would be implemented. If we were to be employ an HSM on a network system, it would seem that we might be creating a valued target on whatever network that system resided. Our fiduciary duty would require us to evaluate the level of security and monitoring that would be appropriate for safeguarding such an asset. Logbook of the World has never had a robust budget compared to how a comparable system at a profitable, commercial enterprise would be operated. In terms of its cost and complexity, air-gapping provides the simplest and least expensive solution for a service that has always been operated at a financial loss to the membership.
To the specific example you sited:
As I understand it, the current version of TQSL prevents someone from submitting a 2nd (and subsequent) request while a previous request is pending. TQSL clearly instructs the user to just sit tight and wait for a response from HQ or to contact lotw-help. Or, if necessary, delete the previous request. So, in order to have sent 8 sequential requests either the user:
(1) was possibly using an out of date version of TQSL (which takes some effort as TQSL auto-updates itself to prevent users from using an out of data version); or
(2) didn’t read the on-screen messages and plowed right through the stop sign.
I know everyone is looking for ways to improve processes. In this case, because there’s more than just a technological component (system, LoTW information and asset security), I would suggest that this be eventually referred to the LoTW Working Group and the PSC for study and decisions.
Just my 2 cents.
73,
Barry, N1VXY
From: rjairam@gmail.com <rjairam@gmail.com> Sent: Saturday, March 28, 2020 8:42 AM To: Shelley, Barry, N1VXY (CEO) <bshelley@arrl.org> Cc: arrl-odv <arrl-odv@arrl.org> Subject: Re: [arrl-odv:29994] Week 1 of ARRL - Remote
Thank you Barry. I appreciate the update and I truly appreciate that you and Diane are doing everything you can for the well-being of our staff. It is wonderful news that most can stay working during this time and we can keep serving our members.
Regarding the LoTW certificates -
Firstly, I hope that the delays in issuance are communicated to members. Yesterday a friend reached out to me for tech help with his LoTW account. It turned out that he submitted about 8 duplicate certificate requests because he was waiting and thought the others got lost. I told him to cease fire and wait on HQ since there will be delays. But I would imagine he’s not the only one.
Secondly, is there a reason that this is a manual process on our end? I deal with cryptography and digital signatures all the time and largely this process is automated. Occasionally there may be manual review or approval required but for the most part the system is automated. I would eventually like us to be able to issue LoTW certificates in minutes, especially for those that we have an existing relationship with and whose data can be verified in our database and trusted sources (eg. FCC database).
Ria
N2RJ
On Sat, Mar 28, 2020 at 7:48 AM Shelley, Barry, N1VXY (CEO) <bshelley@arrl.org> wrote:
Good morning ODV:
We’re now four days into remote operations based on Connecticut Governor Ned Lamont’s “Stay Safe, Stay Home” policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy.
Since there’s been some confusion, I’d like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By “business location” the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for “receiving mail and packages”. There was also an exception which allowed that a business didn’t have to file for an “essential” determination if there was only one person at a location (e.g. an attendant).
Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working.
Given all that, here’s a status of what’s been going on this week:
We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. That leaves only 12 people who cannot work remotely beginning April 2nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. We are running the warehouse in two shifts with one person on each shift to comply with the Governor’s order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. We have one full time staff position in the Controller’s department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. I’ve already reported on the ARRL VEC which I sent the other day. All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. We’re handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. The ARRL DX contest is being adjudicated on schedule. Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline.
Overall, it’s been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise.
If you have specific questions, please let me know and I’ll try to get them answered.
73,
Barry, N1VXY
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Barry: Thanks for update. Great job in a very difficult and trying time. I'll drop a note to Staff through you in the next day or so thanking them. 73Rick - K5UR -----Original Message----- From: Shelley, Barry, N1VXY (CEO) <bshelley@arrl.org> To: arrl-odv <arrl-odv@arrl.org> Sent: Sat, Mar 28, 2020 6:48 am Subject: [arrl-odv:29994] Week 1 of ARRL - Remote <!-- #yiv9138202240 _filtered {} _filtered {} _filtered {} #yiv9138202240 #yiv9138202240 p.yiv9138202240MsoNormal, #yiv9138202240 li.yiv9138202240MsoNormal, #yiv9138202240 div.yiv9138202240MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"Calibri", sans-serif;} #yiv9138202240 a:link, #yiv9138202240 span.yiv9138202240MsoHyperlink {color:#0563C1;text-decoration:underline;} #yiv9138202240 a:visited, #yiv9138202240 span.yiv9138202240MsoHyperlinkFollowed {color:#954F72;text-decoration:underline;} #yiv9138202240 p.yiv9138202240MsoNoSpacing, #yiv9138202240 li.yiv9138202240MsoNoSpacing, #yiv9138202240 div.yiv9138202240MsoNoSpacing {margin:0in;margin-bottom:.0001pt;font-size:12.0pt;font-family:"Times New Roman", serif;} #yiv9138202240 span.yiv9138202240EmailStyle17 {font-family:"Arial", sans-serif;color:windowtext;font-weight:normal;font-style:normal;} #yiv9138202240 .yiv9138202240MsoChpDefault {font-family:"Calibri", sans-serif;} _filtered {} #yiv9138202240 div.yiv9138202240WordSection1 {} #yiv9138202240 _filtered {} _filtered {} _filtered {} _filtered {} _filtered {} _filtered {} _filtered {} _filtered {} _filtered {} _filtered {} #yiv9138202240 ol {margin-bottom:0in;} #yiv9138202240 ul {margin-bottom:0in;} -->Good morning ODV: We’re now four days into remote operations based on Connecticut Governor Ned Lamont’s “Stay Safe, Stay Home” policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy. Since there’s been some confusion, I’d like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By “business location” the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for “receiving mail and packages”. There was also an exception which allowed that a business didn’t have to file for an “essential” determination if there was only one person at a location (e.g. an attendant). Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working. Given all that, here’s a status of what’s been going on this week: - We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. - That leaves only 12 people who cannot work remotely beginning April 2 nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. - All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. - We are running the warehouse in two shifts with one person on each shift to comply with the Governor’s order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. - We have one full time staff position in the Controller’s department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. - As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. - I’ve already reported on the ARRL VEC which I sent the other day. - All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. - We’re handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. - The ARRL DX contest is being adjudicated on schedule. - Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline. Overall, it’s been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise. If you have specific questions, please let me know and I’ll try to get them answered. 73, Barry, N1VXY _______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Shelly, Thanks for keeping it working. Please pass on my congratulations and my appreciation to the management and staff for their hard work. It is times like this that underscore how fortunate we are to have great people at HQ. Stay well. 73, Art K0AIZ On 3/28/2020 6:48 AM, Shelley, Barry, N1VXY (CEO) wrote:
Good morning ODV:
We’re now four days into remote operations based on Connecticut Governor Ned Lamont’s “Stay Safe, Stay Home” policy edict. Just to clarify, the statement basically ordered all non-essential and non-profit businesses to reduce their in-person workforce at each business location by 100%. Subsequent regulations issued by the Connecticut Department of Economic and Community Development (CDECD) provided some, by certainly not specifically clear, guidance on what was essential vs non-essential and approved functional exceptions to the policy.
Since there’s been some confusion, I’d like to take a moment to clarify some of the provisions which are allowing us to keep a very few functions operating at 225 Main St. By “business location” the edict meant each physical location for each business. For us, that meant that the main HQ building, W1AW and the warehouse were all separate locations. The guidelines also allowed an exception for “receiving mail and packages”. There was also an exception which allowed that a business didn’t have to file for an “essential” determination if there was only one person at a location (e.g. an attendant).
Based on the guidelines and after review with CT counsel, we have a couple of functions still operating at HQ, but very limited. Diane and I are trying to respond to the spirit as well as the letter of the law while still trying to keep a couple of critical functions working.
Given all that, here’s a status of what’s been going on this week:
* We currently have 67 people working remotely full-time and 3 working part-time remotely. There are another 5 working part or full-time on site, including the W1AW operator and building maintenance. All are based on exceptions provided in the guidelines. * That leaves only 12 people who cannot work remotely beginning April 2^nd and who have the option to continue full pay through a combination of federal benefits and our expanded PTO policy. All in all, I believe that is an excellent result of which Diane and I are particularly proud. * All our Customer Service Reps are connected and working remotely answering questions, taking and processing orders and memberships that come in over the phone. Transactions that come through the web are being processed as usual. We are changing our renewal campaign strategy somewhat to use more e-mail communications and to encourage renewals online rather than through the mail. * We are running the warehouse in two shifts with one person on each shift to comply with the Governor’s order. There will be a delay in that two people are doing the work of four, but that will also depend on the volume of orders. * We have one full time staff position in the Controller’s department to receive and process mail (in accordance with State guidelines) and deposit checks. They are also batching membership transactions to be delivered to CSRs for processing. As a result of this move and web transactions, we believe that we can effectively process all membership transactions. Any individual issues will be handled by the CSRs on a case-by-case basis. * As already reported, the Publications Group is up and running remotely and our magazines are going to be distributed on schedule. The printer is an essential business in the states in which they operate and is reporting normal operations. News items are continuing to flow and are being posted to the web site and other social media accounts. * I’ve already reported on the ARRL VEC which I sent the other day. * All awards submitted through LoTW are being processed but certificates and plaques are not being processed and mailed as that is an HQ process. * We’re handling LoTW questions remotely and we set up a process for the periodic signing of LoTW certificates so, while happening, these will be delayed slightly. * The ARRL DX contest is being adjudicated on schedule. * Field Organization communications are on-going and being handled remotely. The next round of SM election ballots will be mailed from the mailing house ahead of the deadline.
Overall, it’s been an interesting and challenging week for the entire staff particularly since the Governor gave no indication of his actions prior to the moment he announced the order last Friday. Everyone has accepted the challenge, no group more so than the IT infrastructure team who did yeoman duty to ensure that anyone who could, was set up to work remotely. And they did it in a very short period of time and continue to resolve issues as they arise.
If you have specific questions, please let me know and I’ll try to get them answered.
73,
Barry, N1VXY
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
participants (6)
-
Arthur I. Zygielbaum -
Dale Williams -
k5ur@aol.com -
Mickey Baker -
rjairam@gmail.com -
Shelley, Barry, N1VXY (CEO)