Tuesday, September 29, 2009

USNG/MGRS grid and static map improvements

aprs.fi now has US National Grid support, it's selectable from Preferences -> Units and time -> Locator type. It took a surprisingly high amount of work to get this working somewhat right, and it still doesn't work in the polar areas. Each country has it's own national grid system, and many countries have more than one. I don't think I will be implementing any more of these, it would take a LOT of effort to support all of them.

I've improved the static map view a bit. From now on, the map will always be centered on the current location of the tracking target. The 'fit as many points as possible' centering algorithm of Google left a moving target outside the map view way too often, especially in the higher zoom settings. I also reduced the amount of zoom selections to make it quicker to navigate on mobile devices, and made the zoom selector show the currently selected value.

The user account password storage was improved, too. It now uses the RFC 2898 PBKDF2 algorithm to better protect the passwords against an offline dictionary attack. The computationally intensive hash algorithm intentionally makes it slower to perform the cryptographic operations required to check whether the given password is correct for the user. In case someone manages to break in the aprs.fi servers and steal the password database, it'll take a very long time for him to try all the dictionary words against the password hashes. This is basically a safeguard to protect those users who are stupid enough to use the same password on aprs.fi and other services (like their email accounts).


Unknown said...

Ive notice that the packets counts are now gone. This was a very useful feature for us pilot types doing searches on our busy flying days. Can you bring that back please?

Hessu said...

Michael: Sorry, it went away last month because it simply took a lot of processing power, sometimes a couple of seconds per callsign lookup.

I might reconsider and try to do it at the day level, but it's too slow at the year or month level.