0
Mr17Hz

An introduction to Skydive Secure - data unity for skydivers.

Recommended Posts

To any of those who didn't like the previous sign on; I've changed it around so that only the following feilds are now required: First Name, Last Name, Email, Username, Password - everything else is optional. if you're interested in checking it out but already have an account - create a new username that starts with 'testuser' so that I know to delete that user after a few days.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
Quote

I am posting this today to introduce Skydive Secure to the community on dropzone.com.



Some thoughts after reading the thread...

When people object to having credit card (or similar) information stored in yet another proprietary "trust us, it's really secure" database, a common response is "yeah, but your waiter can steal your credit card information too." I agree that the waiter can do that, but he's working at retail...on a really good night he might get 20 cards. When somebody steals the developer's laptop (that contains a totally unsecure copy of the database for development purposes), he gets access to thousands or millions of cards.

Have you ever read the RISKS Digest? If not, run, don't walk, to that site and start reading.

I also wonder how many jumpers you can get to use this. It's true that jumping attracts a lot of younger people who are completely used to using computers for everything. This may be even more so at the big DZs like Chicago, Eloy, Perris, etc. Out in 182-land, though, I think there are a lot of jumpers that have a more tenuous relationship with technology. At a lot of small DZs, you could go into the video room, unplug _one_ of the A/V cables on the editing rig, and basically shut down video production until the one guy that understands how to hook up a VCR can come in and fix it.

The product names have CamelCase so the product _must_ be cool. :)

This is kind of a religious issue, but I gather that the software runs on Windows. This does set you up for having to pay whatever license fees Microsoft dreams up. There is also a security problem there; I figure sites running on Linux or BSD might not be secure, but sites running on Windows are _definitely_ not secure. I realize the odds of you suddenly deciding to port the software are about the same as the Golden Knights calling me to fill a slot on their team, though. :)

As much as I support free (as in beer) software, businesses can be shy of it. I can see a DZO wondering what there is to stop you from giving him free access at first, then when he's used the service enough to know he likes it, you suddenly start charging $1000 a month. I wonder if it might not help to charge participating businesses $20 a year or some similar low fee, maybe with an agreement that this rate is fixed for three years.

This might be more of a RealDropzone thing than a SkydiveSecure thing, but a fair bit of business at DZs is done in cash. Now I'm sure that everyone is careful to file all the forms and report all their income, but one or two people might figure that having all this financial data online might make an easy target for a bored IRS man.

Eule
PLF does not stand for Please Land on Face.

Share this post


Link to post
Share on other sites
Quote


When people object to having credit card (or similar) information stored in yet another proprietary "trust us, it's really secure" database, a common response is "yeah, but your waiter can steal your credit card information too." I agree that the waiter can do that, but he's working at retail...on a really good night he might get 20 cards. When somebody steals the developer's laptop (that contains a totally unsecure copy of the database for development purposes), he gets access to thousands or millions of cards.



No developer’s laptop has a copy of the live database. Furthermore, no unsecured copy of the database exists. Fields are encrypted before data even hits the database engine. Even if somebody did steal the database off of the live server, it would be useless without the appropriate keys.

No credit cards are being encrypted anyway – SkydiveSecure does not and will not ever have the need to remember a credit card, as it does not sell services and remembering credit card information in a global database just isn’t worth the risk. RealDropzone is a different story, which isn’t being discussed here, but financial information does not and will not hit the SkydiveSecure servers.

Quote


Have you ever read the RISKS Digest? If not, run, don't walk, to that site and start reading.



I’m not a new kid on the block, but thank you for your concern.

Quote


This is kind of a religious issue, but I gather that the software runs on Windows. This does set you up for having to pay whatever license fees Microsoft dreams up. There is also a security problem there; I figure sites running on Linux or BSD might not be secure, but sites running on Windows are _definitely_ not secure. I realize the odds of you suddenly deciding to port the software are about the same as the Golden Knights calling me to fill a slot on their team, though. :)



Don’t be ignorant. Website and database security have very little to do with the platform their running on. Security has 100% to do with the particular implementation. Windows gets a bad wrap because they make it easy for a non-professional to do things without understanding the technologies – but when it comes down to it a professional who understands the technologies can lock a windows system down to be no less secure than any other platform out there. What are your credentials to be making such claims?

Just because the SkydiveSecure servers run windows software doesn’t mean that consumers of the service are required to pay any kind of licensing. You’re clearly not educated in this area or you wouldn’t be making such claims. SkydiveSecure services are exposed through the SOAP protocol which is a platform independent standard used to expose XML based web services using secure http as its transport protocol. I’m working with two different well known industry websites right now who are both interested in using SkydiveSecure and running completely open source software.

I pay Microsoft license fees because the value of their product saves me a considerable amount of time. If I were to operate my business using open source software my operating costs would be hundreds of thousands of dollars a year more than I see now. Just because I use the Microsoft platform doesn’t mean you have to. There are many situations when using other solutions makes more sense, however rapid application development is not what I would consider to be one of them.

Quote


As much as I support free (as in beer) software, businesses can be shy of it. I can see a DZO wondering what there is to stop you from giving him free access at first, then when he's used the service enough to know he likes it, you suddenly start charging $1000 a month. I wonder if it might not help to charge participating businesses $20 a year or some similar low fee, maybe with an agreement that this rate is fixed for three years.



This is the entire reason why the service will become a not-for-profit consortium. In the event that fees would ever need to be charged, it would be consumers of the service themselves who would have to make that happen. SkydiveSecure will never charge any service fees for as long as it is operated by RealSkydiving.

Quote


This might be more of a RealDropzone thing than a SkydiveSecure thing, but a fair bit of business at DZs is done in cash. Now I'm sure that everyone is careful to file all the forms and report all their income, but one or two people might figure that having all this financial data online might make an easy target for a bored IRS man.



I’ve got news for you. Businesses running software with nice easy records have a much easier time when the tax man comes by. Cheating on taxes is never worth it, you can write a whole lot of things off when you’ve got the records to support it. This isn’t an issue anyway, because I don’t waste my time doing business with companies that do unscrupulous things like cheat on their taxes, or accept skyride gift certificates. I do what I do because I love it, if I did it for the money I would be in a different industry.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
Quote

No credit cards are being encrypted anyway – SkydiveSecure does not and will not ever have the need to remember a credit card, as it does not sell services and remembering credit card information in a global database just isn’t worth the risk.



I understand this. But the debate of "I don't want my personal info stored in a database/on a computer because it can get stolen" vs "There are lots of other ways for somebody to steal your personal info other than from the database/computer" came up earlier in this thread and that's what I was responding to.

Quote

Quote

Have you ever read the RISKS Digest?



I’m not a new kid on the block, but thank you for your concern.



I'll take that as a "no", then. Software is nice in that if you don't want to learn from past mistakes, then usually all you will end up doing is wasting a lot of money and/or time. If you take the same approach to jumping, you can save money... you can get a full-page ad in Parachutist that you don't even have to pay for.

Caution: religious debate follows. If you're not a computer geek, you might want to skip this part.

Quote

Quote

There is also a security problem there; I figure sites running on Linux or BSD might not be secure, but sites running on Windows are _definitely_ not secure. I realize the odds of you suddenly deciding to port the software are about the same as the Golden Knights calling me to fill a slot on their team, though. :)



Don’t be ignorant.



What!? The Golden Knights really do want me on the team? Cool! Where do I go to get measured for my jumpsuit and rig?

Quote

Website and database security have very little to do with the platform their running on. Security has 100% to do with the particular implementation.



Right. That's why lots of Web sites are still running on IIS 1 on NT 4.0, or Apache 1.0 on a Linux 1.2.x kernel.

Quote

Windows gets a bad wrap because they make it easy for a non-professional to do things without understanding the technologies – but when it comes down to it a professional who understands the technologies can lock a windows system down to be no less secure than any other platform out there. What are your credentials to be making such claims?



MCSE, CCNP, A+, LS/MFT. Apparently Microsoft has changed the "playbook" a little since I took the exams; the version I had took had a slightly different set of guidelines on how to discredit anyone who suggests a non-Microsoft product.

Quote

Just because the SkydiveSecure servers run windows software doesn’t mean that consumers of the service are required to pay any kind of licensing. You’re clearly not educated in this area or you wouldn’t be making such claims.



I didn't say that consumers would have to pay the licensing. What I did say was
Quote

This does set you up for having to pay whatever license fees Microsoft dreams up.

(emphasis added). By you I meant you, the developer of the software. I understand how this system works and I understand that a dropzone or a gear manufacturer who wants to use SkydiveSecure doesn't have to pay for any licenses. But somewhere there is a server with the "master" database containing all the personal data and you, as the developer, have to have licenses for that server - either ones you pay for directly on a co-located server, or ones that are included in the price of the service on a server managed by a hosting provider. You are counting on those licenses to either be a one-time cost or a recurring cost that doesn't increase too much over time.

Quote

I pay Microsoft license fees because the value of their product saves me a considerable amount of time. If I were to operate my business using open source software my operating costs would be hundreds of thousands of dollars a year more than I see now.



Now this part of the playbook hasn't changed at all.

End of religious debate. Non-geeks start reading again.

Quote

Quote

As much as I support free (as in beer) software, businesses can be shy of it. I can see a DZO wondering what there is to stop you from giving him free access at first, then when he's used the service enough to know he likes it, you suddenly start charging $1000 a month.



This is the entire reason why the service will become a not-for-profit consortium. In the event that fees would ever need to be charged, it would be consumers of the service themselves who would have to make that happen. SkydiveSecure will never charge any service fees for as long as it is operated by RealSkydiving.



That's easy, then. Sign up "enough" clients (DZs, manufacturers, gear stores, whatever) and then spin off SkydiveSecure into its own company that is free to implement new policies. I'm not saying that you WILL do this - I am talking about things that COULD happen and that potential customers might object to.

Quote

Cheating on taxes is never worth it, you can write a whole lot of things off when you’ve got the records to support it.



Go to any DZ that's big enough to have a formal "accounting" system where both jumpers and the people that work there can put money on account to pay for jumps and services. Walk up to the packers and tell them, "Look, I'm getting ready for a meet and I'm going to do lots of jumps this weekend, so I'm gonna need lots of really quick turns on my rig, and I want to take care of you guys." This should get their interest. Then compare the reaction you get when you say "I'll pay cash" vs "I'll put the money on your account at manifest". This is one of the objections you will have to "putting everything on the computer". Again, this may be more of a RealDropzone thing than a SkydiveSecure thing.

Quote

This isn’t an issue anyway, because I don’t waste my time doing business with companies that do unscrupulous things like cheat on their taxes,



Granted, never going out to eat or to a bar _would_ save you a lot of money.

Quote

or accept skyride gift certificates.



Perhaps you could provide updates and corrections to this list.

Eule
PLF does not stand for Please Land on Face.

Share this post


Link to post
Share on other sites
Quote

Why not use (or build on) OpenID for this?

or am i missing something?



Good question. I had a good reason for this (something was missing from OpenID) - but I forget what, give me a day or two and I'll get back to you on this. If I can find a standardized provider that allows for an easy user experience and allows for profile portability it would make sense to use it.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
Wow. I am surprised how many people are so against this. You can count me as one who is looking foward to it. Just like Matt said, there are so many things I could do on a dz's web site if they had the capability. Forums, fund jump acct, see jump log, update gear info, etc. The way I see it, if I can fund my acct in a bored moment at work on a Wednesday afternoon, that is time saved when I get to the dz on Saturday, which means I get my ass on the plane faster. I also agree that it should benefit the dz as well because the manifest girl can spend more time manifesting because she doesn't have to process that update to my acct.

I realize these benefits are more for the realDropzone software than the skydivesecure. But I do see the value in having one registration that works for multiple sites. It's kinda like when you set up a profile on Avis.com with your personal info, credit card, car preference, etc. Then when you get to the airport, you can just go right thru and pick up your car. If all your info is in your skydivesecure profile, you should see equal time savings at the dz like at Avis.

I guess I'm one of those people that loves the instant access to information that the web provides. The security and privacy issues are far outweighed by the convenience for me. Out of all the web sites my info is on, it hasn't "gotten out" yet.

My two cents.

Beth :)
"At 13,000 feet nothing else matters."
PFRX!!!!!
Team Funnel #174, Sunshine kisspass #109
My Jump Site

Share this post


Link to post
Share on other sites
Quote

Quote

Why not use (or build on) OpenID for this?

or am i missing something?



Good question. I had a good reason for this (something was missing from OpenID) - but I forget what, give me a day or two and I'll get back to you on this. If I can find a standardized provider that allows for an easy user experience and allows for profile portability it would make sense to use it.



To answer this question after re-educating myself on OpenID: The OpenId standard does not have anything in it that allows for users to allow member sites to subscribe to profile information; which is the largest advantage of Skydive Secure. I could possibly replace the authentication/authorization on Skydive Secure with OpenID - but one other thing that the service does not support is the ability to move from one site to another without re-authenticating. Also, it would cost addiitional resources to integrate with OpenId without much of an advantage, because Skydive Secure would still need to handle the profile subscription system.

I am completely open to future enhancements, which would include using OpenId for authentication/authorization, however as I am currently the only consumer of the service: I can't justify the extra cost. If other organizations got involved with Skydive Secure, and the demand was present - we could go from there. Remember that the entire idea of making this a public not-for-profit system is to ad value, not spend unnecessary resources.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
I'm with you on this one. I sometimes forget that we all are nor computer savvy, and we all don't comprehend how information is passed along.

If you work for any company that uses a computer, you can bet that your personal information is on some type of "database" otherwise you wouldn't be receiving a paycheck. Granted, there are exceptions to everything. Your personal information is probably "out there" on more unsecured hard drives" then what Matt is proposing. I'll admit I understand the concept because I'm a self taught computer geek that likes to look at the big picture.
Sure, nothing in the world is 100% secure. If that was the case, there would be a lot of people out of business, to include law enforcement agencies. People are worried about putting their info out there on the web or on a database. Yet how many of you every single night of your life, ensure that all your personal information in your home is secure, your windows and doors are locked, you have an alarm installed that is actually worth something and oh, you actually arm the damn thing? How many of you make sure that when you leave your car, that you don't have any information, or anything of value laying out in plane site. How many people in their homes have secure-to-secure phone lines with encryption to prevent "big brother" from listening into your conversation. How many of you have "bug detecting devices that you use every time you got o work, leave your home, get out of your car? I can go on and on and I'm sure the percentage is very very small.
If you've every used a phone book in your life, or on-line access in your life, you've already used what Matt is proposing. Sure there are concerns, if you don't have any, you wouldn't be human. We take a bigger risk jumping out of the plane than we do with worrying about the database and security.
Matt, one of the things I would like to see from DZ's is the ability to see their service dates on aircraft and equipment. Most people may not care, but I care about knowing that the AAD in the gear I'm renting (I have my own gear, sometimes rent at other dz's) has it's service when it's suppose to. Yeah someone will say check the card. How about I whipped one out for you that says it's brand new. So maybe a feature that allows DZ's to enter their service dates that cannot be manipulated.
Another thing I would like to see on DZ websites is what kind of gear do they have. When I get back from this deployment I'm on, if I'm in the neighborhood of a DZ, that isn't my home DZ, it would be cool to see what size rigs and canopies they have for me to make my transition into before jumping my 135 after a few months break.
I like the authentication for all DZ's. I agree with what is already posted. When I get to a DZ, I want to jump, not fill out paperwork. I fill it out with a smile on my face because I understand the necessity. But to be able to walk up, flash my ID, maybe even a "quick pass" type gadget, gear up and get on the plane would kick ass.
With change always come those who resist change, even if it's for the good. Oh, hey one last thing. Ever bought a car? Ever seen how "un-secure" their system is, and they want every piece of information on you to buy one.

Good concept, I like it, and if Big to small DZ’s cannot see the benefit, there’s a reason why they aren’t making more money. Sooner or later, they might figure it out.;)
Brad

Share this post


Link to post
Share on other sites
Quote

So what is Skydive Secure?

Skydive secure is a single sign-on service for Skydivers, at its surface it is a service that provides a single username and password for skydivers to use to sign on to industry websites, but it’s value to the community goes considerably deeper than what is on the surface.



Sounds much like Microsoft's Passport services from years ago. Online retailers can hook in with their authentication infrastructure to allow for single-sign on and allow data to be entered once and usable at all the retailers...such as ship to address, for example. The initiative didn't pan out like they hoped, tho they are still using it for their own sites and services.

I applaud your efforts in making skydiving software of whatever kind. Keep at it, but remember that most people pay for nothing if they can get it for free, and most people won't trust any one online entity with their data. It doens't matter that we all do this many times over with our free email services, online banking, online investing, and on and on and on.

Share this post


Link to post
Share on other sites
UPDATE:

Due to lack of enough industry support and all of the extra time it's been taking me to keep up with Skydive Secure's integration with RealDropzone, I am strongly considering dropping the Skydive Secure project all together to focus more on the support and deployment of RealDropzone itself. If anybody was waiting for a later time to jump in on the Skydive Secure concept - this would be a great time to speak up.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
Quote

UPDATE:

Due to lack of enough industry support and all of the extra time it's been taking me to keep up with Skydive Secure's integration with RealDropzone, I am strongly considering dropping the Skydive Secure project all together to focus more on the support and deployment of RealDropzone itself. If anybody was waiting for a later time to jump in on the Skydive Secure concept - this would be a great time to speak up.



Hi Matt

I never understood the reason why this idea was required.

As long as there are descent sites for people to get together on I think this is all that's really required.

We already have:

dropzone.com - internationally established forum
ukskydiver.co.uk - UK established forum
skydivingmovies.com - internationally established video upload site
love2skydive.co.uk - upcoming UK/US forum and video upload site

These are just the ones I use. There are plenty of others besides.

Nick
New forum with unlimited uploads for all:
www.Love2SkyDive.co.uk

Share this post


Link to post
Share on other sites
Quote


I never understood the reason why this idea was required.

As long as there are descent sites for people to get together on I think this is all that's really required.

We already have:

dropzone.com - internationally established forum
ukskydiver.co.uk - UK established forum
skydivingmovies.com - internationally established video upload site
love2skydive.co.uk - upcoming UK/US forum and video upload site

These are just the ones I use. There are plenty of others besides.

Nick




Your reply makes it very clear that you never understood... .

I would venture to suggest that in a few years' time a system such as the one proposed by Matt will be the industry standard.



Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

0