I've always liked that paragraph from W. Gibson's `Virtual Light`
> The offices the girl rode between were electronically conterminous—in effect, a single desktop, the map of distances obliterated by the seamless and instantaneous nature of communication. Yet this very seamlessness, which had rendered physical mail an expensive novelty, might as easily be viewed as porosity, and as such created the need for the service the girl provided. Physically transporting bits of information about a grid that consisted of little else, she provided a degree of absolute security in the fluid universe of data. With your memo in the girl’s bag, you knew precisely where it was; otherwise, your memo was nowhere, perhaps everywhere, in that instant of transit.
"Earlier this year, German politician Patrick Sensburg announced that Germany’s government officials might start using typewriters, as they are seen as being an “unhackable” technology."
Typewriters are subject to attack, but it's a much more laborious and non-scalable process. It requires social engineering, infiltration, or else planting bugs, intercepting shipments, etc. It can be done, and certainly was done, back in the age of typewriters. But it requires some old-fashioned, boots-on-the-ground fieldwork. It's a lot tougher to place bugs in embassies today than it was in the 1970s. And in some respects, it's logistically tougher than hacking into computers, which can be done from any location on Earth. (Which is not to say that computer hacking doesn't benefit from social engineering strategies, of course).
"Unhackable" is a poor choice of words -- more like "practically speaking, tougher to hack." This is a speed bump, not a roadblock.
Of course, if the US were to adopt this sort of strategy, we'd have to make sure we're manufacturing the typewriters domestically. Which probably means setting up a puppet company somewhere in the States, purely for the sake of making typewriters for government contracts. And then you'd have to make sure that company isn't socially engineered, infiltrated, or hacked. And so on, and so forth.
> Typewriters are subject to attack, but it's a much more laborious and non-scalable process.
I definitely subscribe to the idea that security is not about making unauthorized access impossible (no such thing), but rather about making it prohibitively expensive (both in terms of resources and risk).
In that light, it should surprise no one that government agencies have always had the ability to spy on citizens when sufficiently motivated. What is truly concerning is that per-capita, it is becoming more and more affordable for agencies to spy on every single person everywhere, all the time.
"I definitely subscribe to the idea that security is not about making unauthorized access impossible (no such thing), but rather about making it prohibitively expensive (both in terms of resources and risk)."
Exactly. There is no such thing as a foolproof security strategy. Anyone who tells you his plan is foolproof has already proven himself a fool.
Security is about protection, mitigation, and contingencies. It is not about full-stop prevention. Build a 100-foot wall, and I'll build a 101-foot ladder. (Proverbially speaking, of course).
"What is truly concerning is that per-capita, it is becoming more and more affordable for agencies to spy on every single person everywhere, all the time."
This is probably 50% of what concerns me. The other 50% is the coming revolution in analysis. I use that word so strongly as to place it in <em>sterisks. Advances in machine learning will allow us to find needles in the mountains and mountains of haystacks that we're collecting now. It is truly marvelous (and also scary, depending upon your point of view) to consider what one could make of the most seemingly mundane of patterns and breadcrumbs.
Very good point. Though I am writing from the assumption that any organization sufficiently paranoid/sensitive enough to revert to the inconvenience of typewriters is also sensible enough to keep them in secure, externally-controlled locations, with sufficient air gaps, both electronically and accoustically. Basically, a "stone age saferoom." :)
I've been going back to cash instead of using credit cards because I've been exposed twice now via Target and Home Depot. I want to even avoid using ATMs and go into the bank to get cash because you can't really even tell when an ATM has a malicious card scanner installed.
Once we have automated cars maybe we'll go be back to walking and riding bikes to avoid being victimized by remote car jacking.
Imagine the mess hijacked delivery drones might cause.
Your phone can be cloned remotely. You can't easily clone a rotary phone that plugs into the wall.
I'm definitely not looking to automate my home, especially after reading how Chinese hacker had installed back doors on wall mounted AC devices or whatever which had access to the internal network at the New York Times building to keep infiltrating and reinfecting all the machines on the network.
Maybe we jumped into the digital world a little bit too quickly.
Serious question - why do you very concerned if your credit card number is stolen? By law, credit cards have > 30 days (I forget the exact amount) of fraud protection as long as you report it. The only downside I can see is the pain of getting a new card. Your money really isn't at risk.
That said, I do agree that security is becoming a major issue in our world.
Yeah there are laws, but you have to catch it, and you have to report it and sometimes you don't realize you've been defrauded until months later. Hackers in my experience don't empty your account out, they charge $30 here, $19.99 here, sign up for this thing for a monthly charge of $9 you didn't realize. My time and stress costs me. And you can lose money.
It's best to just not have to deal with it. My credit card number has been put up for sale twice now, twice. Because I used it at a Target and a Home Depot. Ok, I just don't want to go through that again. I don't care if there are laws, if I use cash, I'll be fine. It's no problem, cash is accepted everywhere. I'm not likely to be mugged where I live and I don't carry a lot of money.
The aggregate pain and aggregate loss of using cash for transactions in a credit-card dominated world is much larger than the concentrated pain of replacing a credit card once a year. I make significantly more than $30 here and $20 there on rewards - on the order of $500+/year
Sign up for Mint, and quickly scan all of your transactions on a monthly or bi-monthly basis. It's a good idea anyway, so that you can easily account and keep track of how well you're doing at saving.
> The aggregate pain and aggregate loss of using cash for transactions in a credit-card dominated world is much larger
I have not found this to be the case.
> Sign up for Mint
I don't intend to increase the available surface area for attacks by giving my credit information to a third party. Nor do I need this kind of a monthly or bi-monthly hassle.
Eh, I don't view it as a hassle - I view it as a progress check. My savings is important to my future, and checking the budgets, etc. helps keep me on track.
Point taken on the attack surface area, that's definitely something I've always been worried about, and I have no counter.
It's a nightmare sometimes to cancel credit cards, especially if you're travelling.
There are some banks that simply won't cancel the card until you visit your local branch. A tricky maneuver when it's 2000 miles away (I don't know if they've changed this now). Likewise, there are things that are hard to find if you use your cards a lot and don't keep detailed receipts on everything you buy. This happened to me when I discovered someone's been deducting a small sum from my card for several months without me noticing as I was overseas. Of course they could only take care of the last charge before cancelling my card.
I have never heard of a credit card that couldn't be cancelled immediately by calling the number on the back of it. That's the whole point -- when a card is stolen, it has to be deactivated on the spot.
What bank would ever require a visit in person to deactivate your current card? That would be insane, since the bank would simply be opening itself up to more losses, since it (and not you) are responsible for fraudulent expenses.
It was actually a credit union. And yes it is crazy, but then so are a lot of their other practices. Also, I was calling them internationally so even though the private questions they asked me verified my identity, it was still an arduous process. The number of times I called to finally get the card cancelled actually made my long distance charges greater than the stolen value ($25).
(Nonmechanical) computer keyboards, relatively quiet in the world of text input technology, have been found to be extremely vulnerable to acoustic attack:
If your using a mechanical typewriter, your likely not in a public (and/or pre-deterined place). This forces an attacker into a cumbersome, intrusive, and maybe-evidence-left-behind espionage scenario (B&E). That in and of itself is quite useful.
you'd have to have either a permanent installation or exquisite timing. again, the greatly narrows down attack surface. you might be able to surveil small lots of targets this way, but it would be harder than you think. Again, if your a stuxtnet-level target, you're not going to be safe...but that's not really most people...is it?
Your normal-ish executive will have the ability to work in places without LOS from non-credentialed personell (eg, high rise apartment, gated community, interior conference rooms, etc). The NSA or MI6 could of course rent the flat across the street, or have a sub-contractor con his way into employment, but this type of stuff is outside the remit of your basic opportunistic threat. And it leaves evidence and paper trails unless you are the mossad or cia whomever and can fake identities like passports, bank accounts, etc.
Even for mechanical ones, isn't it possible to read off the ribbons to see what someone has typed? Granted, there are no spaces but we can still get the gist I imagine.
It will look like every other book... intended to hold private information so they'll never suspect anything! ;)
I once had the bright idea to put passwords written on a small piece of paper and place it inside a 3.5" floppy. If it's in a pack of other unlabeled disks, that's going to be a nice fishing trip.
> Vinyl is one of the most notable technologies to have achieved a noticeable revival, not only for its retro value but also for its superior sound quality.
After this, I have trouble taking the rest of the article seriously...
I've worked in audio engineering before. Generally speaking, I think the reason vinyl ends up sounding better isn't because it's necessarily a better medium. I mean, it's certainly resilient, but it inherently has some limitations that make the mastering process a little different. Let me explain:
Digital audio has a very clearly defined limit as to how loud it can go. With magnetic tape, you have to consider the saturation point, or for vinyl, what the lathe cutting the master can physically cut, but depending on the conditions, how loud the actual medium can go changes.
With digital formats, it simply goes to 0 dBFS. Period. That's a spot that's clearly marked on most meters. If you exceed it, you'll hear a very nasty sounding audible clipping, and a red light on your meter will turn on to let you know whatever you're recording is too loud.
Anyway, in 1989, Sony came out with a digital "brickwall" limiting device that used a technique called lookahead to anticipate changes in loudness. Compared to conventional compression and limiting, it's very transparent, and produces drastically less artifacts - desirable or otherwise when it works.
So when that happened, a shitton of developers came out with their own versions, and started accelerating what's called the loudness war. Fast forward twenty five years, it's very common for someone - whether it be a band member or a record label or somebody to use this tool very aggressively on their releases. You can push a brickwall limiter to quite literally absolute amplitude if you want - as in, the loudness level doesn't change at all for the entire song. Much to the chagrin of some of the engineers who have to actually work the brickwall limiter, people will occasionally want that.
Anyway, back to the world of analog mediums. Without that clearly defined volume limit, it doesn't make much sense to be using a tool like that. That's the biggest difference in how vinyl and CD/mp3 releases are made. Some people don't like it ridiculously loud, others don't like the distortion aggressive brickwall limiting introduces, but I think the physical inability to use brickwall limiting is what's giving vinyl a comeback. Compare a vinyl/CD release of a Foo Fighters song for yourself if you want;
tl;dr, digital releases can sound just as good as vinyl, but the people producing them don't want it that way. People disagree. Therefore, vinyl ends up with better sound quality.
When you double-blind test you have people preferring better quality[1], which normally means carefully created MP3 is preferred to vinyl.
When you just ask them what they prefer they say whatever they want to say, which often means things like "vinyl is warmer".
There are some confounding factors. "Dynamic compression" (As ganzuul mentions, "loudness wars") does make a difference and MP3s (as created today) tend to have less variation between quiet and loud.
[1] the benefits of "better quality" stop at quite a low point. Most people can't hear any difference between 256k or 350k MP3 file. Very few people can hear a difference between 350k CBR and FLAC.
These seems completely unfounded. Even without the research to which other commenters have linked, it just seems plainly obvious that typewriters are vulnerable to all sorts of attack.
Is open source software and reasonably security practice really that bad? I mean I know it's bad, but is it abandon-common-sense-and-just-grasp-at-straws bad?
If you're willing to use a typewriter you're willing to use a computer with no network connection, so all you need to do is block radio transmissions. A faraday cage can't cost that much compared to the other costs involved in espionage.
I had a discussion with a friend about The Thing[1], an invention by Léon Theremin and how ingenious it was that it required no external power source and can be turned on/off at will by transmitting at a certain frequency. The trouble with this is that it's still possible to identify the retransmission. In fact, this was how it was discovered.
What if the room had a length of surgical or other type of long tubing embedded into the wall so that the detector was a fair distance away? Essentially, a very crude stethoscope originating in a wall outlet or other place in the room that already has an orifice(s) and terminating at another location with a passive resonator.
By decoupling the transmitter from the audio source by using a non-electronic medium, it's possible to still eavesdrop on keystrokes even in an em-shielded room.
Reminds me of how Neal Stephenson in The Diamond Age taught us that a culture might control the copying of information by utilizing mechanical type to print newspapers, where each printing shows the grain of the type and is hard to simulate.
Okay, you can get the "sound" of typewriters, for a larger part by switching to physical switch keyboards... I actually really like my unicomp.
As for the security aspect, a network or even workstations not connected to the internet goes a long way... you don't have to revert all the way back for security.
> The offices the girl rode between were electronically conterminous—in effect, a single desktop, the map of distances obliterated by the seamless and instantaneous nature of communication. Yet this very seamlessness, which had rendered physical mail an expensive novelty, might as easily be viewed as porosity, and as such created the need for the service the girl provided. Physically transporting bits of information about a grid that consisted of little else, she provided a degree of absolute security in the fluid universe of data. With your memo in the girl’s bag, you knew precisely where it was; otherwise, your memo was nowhere, perhaps everywhere, in that instant of transit.