Date   
Re: Some Error all of a Sudden

W0MU
 

How dare the ARRL!

On 10/15/2018 11:08 AM, Charles Gallo wrote:
On Mon, October 15, 2018 12:51 pm, Frank T Brady wrote:
Well, Rick - that sounds like a very user-unfriendly policy for ARRL to
make a change that requires everyone to get updated software. User friendly
implementation would be to accommodate existing user software interface
methods - not force everyone to change or fail. 73, Frank W0ECS
So you mean that you'd prefer that the ARRL should leave a security
vulnerability open for more than a DECADE after the patch has been put out
there? Maybe you vendor should have updated your software in that time?
(Framework 3.5 sp1 came out in August 2008)



Re: Some Error all of a Sudden

Frank T Brady
 

What I mean is that I don't believe that the security vulnerability had anything to do with a web query for a qsl download and a little effort could have solved the real problem without causing all this disruption.
Frank W0ECS

On 10/15/2018 1:08 PM, Charles Gallo wrote:
On Mon, October 15, 2018 12:51 pm, Frank T Brady wrote:
Well, Rick - that sounds like a very user-unfriendly policy for ARRL to
make a change that requires everyone to get updated software. User friendly
implementation would be to accommodate existing user software interface
methods - not force everyone to change or fail. 73, Frank W0ECS
So you mean that you'd prefer that the ARRL should leave a security
vulnerability open for more than a DECADE after the patch has been put out
there? Maybe you vendor should have updated your software in that time?
(Framework 3.5 sp1 came out in August 2008)




Re: Some Error all of a Sudden

Rick Murphy
 

Frank,
Read http://www.arrl.org/news/arrl-updating-its-website-security-software - the reason for this is to meet financial industry standards.
Apparently it's not SHA-256, it's actually disabling TLS 1.0, which makes a bit more sense to me now that I've re-read the article.

There's some possible configuration changes you can make to force TLS 1.1 or later:

73,
    -Rick


On Mon, Oct 15, 2018 at 12:51 PM Frank T Brady <franktbrady@...> wrote:
Well, Rick - that sounds like a very user-unfriendly policy for ARRL to make a change that requires everyone to get updated software.
User friendly implementation would be to accommodate existing user software interface methods - not force everyone to change or fail.
73, Frank W0ECS

On 10/15/2018 12:35 PM, Rick Murphy wrote:
If you're using a old VB.net control that doesn't support current encryption standards, yes, it's likely to need updating.
The fact that you can't establish a secure connection now that ARRL has enabled SHA-256 means you'll need an update.

For example, .NET 3.5 doesn't have support, but 3.5 SP1 does:
73,
    -Rick


On Mon, Oct 15, 2018 at 12:28 PM Frank T Brady <franktbrady@...> wrote:
Rick
Are you saying that VB.NET software must be updated in order to remain compatible with the Oct 1th security changes made by ARRL?
That doesn't make any sense (to me).
Frank


On 10/15/2018 12:21 PM, Rick Murphy wrote:
As in the other thread - your VB.net control is probably out of date.
73,
    -Rick

On Mon, Oct 15, 2018 at 12:04 PM Frank T Brady <franktbrady@...> wrote:
Bill
I started getting the same error today when trying to download latest lotw qsls.
This code has been working for years and I have not made any changes.
The URL works in a browser but not in my VB.NET Logger Application.
I'm running on windows 10.
73, Frank W0ECS


On 10/15/2018 11:35 AM, Bill wrote:
In trying to download from LOTW, I get this error message.

I rebooted the computer and get the same thing.  First time I have seen this.

The error says: The request was aborted.  Could not create SSL/TLS secure channel.

Bill
K2WH




--
Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA




--
Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA




--
Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA

Re: Some Error all of a Sudden

Bill Mader
 

Security holes are like advertising for IT folks. They provide income streams
that never end. Users complain about updates and again, after not doing them, when the security holes allow infections. I do not miss those days!

73, Bill, K8TE
Sent from My Secret Decoder Ring (please excuse typos)


On Mon, Oct 15, 2018, 13:15 W0MU <w0mu@...> wrote:
How dare the ARRL!


On 10/15/2018 11:08 AM, Charles Gallo wrote:
> On Mon, October 15, 2018 12:51 pm, Frank T Brady wrote:
>> Well, Rick - that sounds like a very user-unfriendly policy for ARRL to
>> make a change that requires everyone to get updated software. User friendly
>> implementation would be to accommodate existing user software interface
>> methods - not force everyone to change or fail. 73, Frank W0ECS
>>
> So you mean that you'd prefer that the ARRL should leave a security
> vulnerability open for more than a DECADE after the patch has been put out
> there?  Maybe you vendor should have updated your software in that time?
> (Framework 3.5 sp1 came out in August 2008)
>
>
>
>
>




Re: Some Error all of a Sudden

Bill
 

I don't use Microsoft IE, I have Firefox and win7 is no longer supported.

I understand my entries into LOTW are safe and what I have done to work around the issue is to log onto ARRL LOTW site and searching manually for calls and updating my Logic9 log, tedious.

Logging program is up to date.

Rebooted twice.

Since this LOTW change went into effect today, I may be the first to raise the red flag on this issue.

K2WH

Look, I'm not a computer guru, know very little about how it is supposed to work, just looking for help instead of confrontations !



K2WH

Re: Some Error all of a Sudden

W0MU
 

First I have heard that Firefox no longer works with Windows 7.  Are you running Firefox in Administrator mode?   Logic9 uses a web browser to download your data?  That seems odd.

Why don't you just wait until the issue is fixed before doing the manual work?  Is there a rush?  Heck you don't even need a logging program to apply for awards if they are all on LOTW. 

Are you having a browser issue or a logic9 issue? 

W0MU




On 10/15/2018 11:55 AM, Bill wrote:
I don't use Microsoft IE, I have Firefox and win7 is no longer supported.

I understand my entries into LOTW are safe and what I have done to work around the issue is to log onto ARRL LOTW site and searching manually for calls and updating my Logic9 log, tedious.

Logging program is up to date.

Rebooted twice.

Since this LOTW change went into effect today, I may be the first to raise the red flag on this issue.

K2WH

Look, I'm not a computer guru, know very little about how it is supposed to work, just looking for help instead of confrontations !



K2WH

Re: Some Error all of a Sudden

Vic Goncharsky
 

FireFox 62.0.3 (32-bit) works OK on October 15-th with ARRL site, DXCC Online and LoTW pages.
I am always uploading ADIF and Cabrillo contest files created by the logging software manually from inside TQSL.
Just uploaded a few QSOs and got some confirmed including ZD9CW.

73, Victor Goncharsky US5WE/K1WE (UW5W in VHF contests), P.E.
UARL Technical and VHF Committies
DXCC Honor Roll #1 (Mixed, Phone)
DXCC card checker (160 meters).

--------------------------------------------

On Mon, 10/15/18, Bill <k2wh@...> wrote:

Subject: Re: [ARRL-LoTW] Some Error all of a Sudden
To: ARRL-LoTW@groups.io
Date: Monday, October 15, 2018, 8:55 PM

I don't use Microsoft
IE, I have Firefox and win7 is no longer supported.

I understand my entries into
LOTW are safe and what I have done to work around the issue
is to log onto ARRL LOTW site and searching manually for
calls and updating my Logic9 log, tedious.

Logging program is up to
date.

Rebooted twice.

Since this LOTW change went
into effect today, I may be the first to raise the red flag
on this issue.

K2WH

Look, I'm not a computer
guru, know very little about how it is supposed to work,
just looking for help instead of confrontations !



K2WH

Re: Some Error all of a Sudden

Frank T Brady
 

Thanks Rick
Unfortunately, I know almost nothing about the .NET Framework relationship with my Enterprise (free) version of Microsoft VB compiler.
It took me an hour just to find out what version of framework I'm using (turns out it is 3.5).  The 2nd link you provided seems to say I should "target version 4.7"
I'm very nervous about making configuration changes in my Enterprise compiler - it took a long time to get it to work.
When I've been through things like this before, one thing led to another with software compatibility issues when I incorporated new versions of pieces of software in the compiler.
I think I'm forced into a new learning curve that will leave my lotw interface code off the air for who knows how long.
I do appreciate your pointing me in the right direction to find the information I need - it's just that I don't understand the jargon yet.
73
Frank W0ECS


On 10/15/2018 1:40 PM, Rick Murphy wrote:
Frank,
Read http://www.arrl.org/news/arrl-updating-its-website-security-software - the reason for this is to meet financial industry standards.
Apparently it's not SHA-256, it's actually disabling TLS 1.0, which makes a bit more sense to me now that I've re-read the article.

There's some possible configuration changes you can make to force TLS 1.1 or later:

73,
    -Rick


On Mon, Oct 15, 2018 at 12:51 PM Frank T Brady <franktbrady@...> wrote:
Well, Rick - that sounds like a very user-unfriendly policy for ARRL to make a change that requires everyone to get updated software.
User friendly implementation would be to accommodate existing user software interface methods - not force everyone to change or fail.
73, Frank W0ECS

On 10/15/2018 12:35 PM, Rick Murphy wrote:
If you're using a old VB.net control that doesn't support current encryption standards, yes, it's likely to need updating.
The fact that you can't establish a secure connection now that ARRL has enabled SHA-256 means you'll need an update.

For example, .NET 3.5 doesn't have support, but 3.5 SP1 does:
73,
    -Rick


On Mon, Oct 15, 2018 at 12:28 PM Frank T Brady <franktbrady@...> wrote:
Rick
Are you saying that VB.NET software must be updated in order to remain compatible with the Oct 1th security changes made by ARRL?
That doesn't make any sense (to me).
Frank


On 10/15/2018 12:21 PM, Rick Murphy wrote:
As in the other thread - your VB.net control is probably out of date.
73,
    -Rick

On Mon, Oct 15, 2018 at 12:04 PM Frank T Brady <franktbrady@...> wrote:
Bill
I started getting the same error today when trying to download latest lotw qsls.
This code has been working for years and I have not made any changes.
The URL works in a browser but not in my VB.NET Logger Application.
I'm running on windows 10.
73, Frank W0ECS


On 10/15/2018 11:35 AM, Bill wrote:
In trying to download from LOTW, I get this error message.

I rebooted the computer and get the same thing.  First time I have seen this.

The error says: The request was aborted.  Could not create SSL/TLS secure channel.

Bill
K2WH




--
Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA




--
Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA




--
Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA


Re: TQSL v2.4.1 error

Mike
 

On Sun, Oct 14, 2018 at 11:59 PM, Rick Murphy wrote:
That's a bug in TQSL 2.4.1
Thank you.
Mike

Re: Some Error all of a Sudden

 

No Error so far here. Running Firefox and windows 7

Re: Some Error all of a Sudden

 

No problems here. Uploaded and downloaded both. I use Firefox and Windows seven. I also use IE but not for ham radio.
KC0FUE

Re: Some Error all of a Sudden

Bill
 

I was just informed by Hosenose, (Logic9) they do not use VB.NET.

 

K2WH

 

From: ARRL-LoTW@groups.io [mailto:ARRL-LoTW@groups.io] On Behalf Of W0MU
Sent: Monday, October 15, 2018 2:11 PM
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

First I have heard that Firefox no longer works with Windows 7.  Are you running Firefox in Administrator mode?   Logic9 uses a web browser to download your data?  That seems odd.

Why don't you just wait until the issue is fixed before doing the manual work?  Is there a rush?  Heck you don't even need a logging program to apply for awards if they are all on LOTW. 

Are you having a browser issue or a logic9 issue? 

W0MU

 

 

 

On 10/15/2018 11:55 AM, Bill wrote:

I don't use Microsoft IE, I have Firefox and win7 is no longer supported.

I understand my entries into LOTW are safe and what I have done to work around the issue is to log onto ARRL LOTW site and searching manually for calls and updating my Logic9 log, tedious.

Logging program is up to date.

Rebooted twice.

Since this LOTW change went into effect today, I may be the first to raise the red flag on this issue.

K2WH

Look, I'm not a computer guru, know very little about how it is supposed to work, just looking for help instead of confrontations !



K2WH

 

Re: Some Error all of a Sudden

Bill
 

They do not use VB.NET.

The code in question is in "C#".

K2WH

Re: Some Error all of a Sudden

Charles Gallo
 

It is not just VB.NET, but anything that uses the .net framework, so C# has the same issue

73 de KG2V

On Oct 15, 2018, at 3:51 PM, Bill <k2wh@...> wrote:

I was just informed by Hosenose, (Logic9) they do not use VB.NET.

 

K2WH

 

From: ARRL-LoTW@groups.io [mailto:ARRL-LoTW@groups.io] On Behalf Of W0MU
Sent: Monday, October 15, 2018 2:11 PM
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

First I have heard that Firefox no longer works with Windows 7.  Are you running Firefox in Administrator mode?   Logic9 uses a web browser to download your data?  That seems odd.

Why don't you just wait until the issue is fixed before doing the manual work?  Is there a rush?  Heck you don't even need a logging program to apply for awards if they are all on LOTW. 

Are you having a browser issue or a logic9 issue? 

W0MU

 

 

 

On 10/15/2018 11:55 AM, Bill wrote:

I don't use Microsoft IE, I have Firefox and win7 is no longer supported.

I understand my entries into LOTW are safe and what I have done to work around the issue is to log onto ARRL LOTW site and searching manually for calls and updating my Logic9 log, tedious.

Logging program is up to date.

Rebooted twice.

Since this LOTW change went into effect today, I may be the first to raise the red flag on this issue.

K2WH

Look, I'm not a computer guru, know very little about how it is supposed to work, just looking for help instead of confrontations !



K2WH

 

Re: Some Error all of a Sudden

Charles Gallo
 

Which also uses the same framework 

73 de KG2V

On Oct 15, 2018, at 3:53 PM, Bill <k2wh@...> wrote:

They do not use VB.NET.

The code in question is in "C#".

K2WH

Re: Some Error all of a Sudden

Bill
 

I was just informed, HoseNose (Logic) is aware of the situation and is working on a fix.

Bill
K2WH

Re: Some Error all of a Sudden

Dave AA6YQ
 

+ AA6YQ comments below

On Mon, October 15, 2018 12:51 pm, Frank T Brady wrote:
Well, Rick - that sounds like a very user-unfriendly policy for ARRL
to make a change that requires everyone to get updated software. User
friendly implementation would be to accommodate existing user software
interface methods - not force everyone to change or fail. 73, Frank
W0ECS
So you mean that you'd prefer that the ARRL should leave a security vulnerability open for more than a DECADE after the patch has been put out there? Maybe you vendor should have updated your software in that time?
(Framework 3.5 sp1 came out in August 2008)

+ Several weeks ago, the ARRL announced that this change was coming:

< http://www.arrl.org/news/arrl-updating-its-website-security-software>

+ and

<https://groups.io/g/ARRL-LoTW/message/29458>

+ This announcement was also posted to the email list provided for developers whose applications interact with LoTW.

+ Applications that employ the internet must stay current with security standards.

73,

Dave, AA6YQ

Re: Some Error all of a Sudden

Frank T Brady
 

Dave
I wasn't supposing that ARRL would do anything different to accommodate me.
I was just voicing my displeasure.
I repeat - I don't believe that the security vulnerability had anything to do with a web query for a qsl download and a little effort could have solved the real problem without causing all this disruption.
This "security" BS can be a never ending pain for users to keep up with.
Thanks for taking the time to comment.
Frank

On 10/15/2018 5:10 PM, Dave AA6YQ wrote:
+ AA6YQ comments below

On Mon, October 15, 2018 12:51 pm, Frank T Brady wrote:
Well, Rick - that sounds like a very user-unfriendly policy for ARRL
to make a change that requires everyone to get updated software. User
friendly implementation would be to accommodate existing user software
interface methods - not force everyone to change or fail. 73, Frank
W0ECS
So you mean that you'd prefer that the ARRL should leave a security vulnerability open for more than a DECADE after the patch has been put out there? Maybe you vendor should have updated your software in that time?
(Framework 3.5 sp1 came out in August 2008)

+ Several weeks ago, the ARRL announced that this change was coming:

< http://www.arrl.org/news/arrl-updating-its-website-security-software>

+ and

<https://groups.io/g/ARRL-LoTW/message/29458>

+ This announcement was also posted to the email list provided for developers whose applications interact with LoTW.

+ Applications that employ the internet must stay current with security standards.

73,

Dave, AA6YQ



Re: Some Error all of a Sudden

Chuck Milam
 

On Mon, Oct 15, 2018 at 4:10 PM Dave AA6YQ <aa6yq@...> wrote:
+ Applications that employ the internet must stay current with security standards.

 Corollary:  People who use the Internet must stay current with security standards.

---
Chuck Milam, N9KY

Re: Some Error all of a Sudden

Gilbert Baron
 

But are they really needed for Amateur Radio. How many years we lived without them.

 

Outlook Desktop Gil W0MN

Hierro Candente Batir de Repente

44.08226 N 92.51265 W EN34rb

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Chuck Milam
Sent: Monday, October 15, 2018 16:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

On Mon, Oct 15, 2018 at 4:10 PM Dave AA6YQ <aa6yq@...> wrote:

+ Applications that employ the internet must stay current with security standards.

 

 Corollary:  People who use the Internet must stay current with security standards.

 

---

Chuck Milam, N9KY