Most of you probably saw the “60 Minutes” report Leslie Stahl filed about all of the really old stuff our nuclear missile systems rely on. There have been other reports decrying the state of obsolescence existing in many of our defense and government systems. Our current brain dead administration has been hollering in 140 characters or less about the need to modernize. Some elected officials have been giving interviews saying kids come out of college knowing how to program for the 2020s and we have to spend the first 6 months of their employment teaching them to program like the 1970s.
Well elected sound bite hounds, those “cost effective modern systems” are completely insecure. There is absolutely no way to make them secure if they have _any_ non-sealed connection to the outside world. In short, if they are connected to any network which somehow connects to the Internet, you’re f*^%ed. Even the most non-technical people in the world have heard about Meltdown and Spectre. While the shouting match will go on about whether the vulnerabilities existed for a decade or more, the fact is they were in the wild for more than 5 minutes.
Someone exploited them and kept quiet about the it. The intelligence community is good about that. Don’t forget, the little geeks at the NSA came up with a hard drive firmware virus for all of those cheap commodity hard drives. Good luck getting rid of that baby! I don’t remember the story completely, but, I seem to recall it got discovered not by any form of existing security scan, but, via network activity. Trying to transmit too much at once it drew attention to itself. Nobody has fessed up to just how long that has been in the wild. Just be aware that if you’ve ever downloaded any kind of porn or worked on writing your own virus the NSA knows about it if your system has a cheap commodity hard drive. You know, the kind most people have . . . because they are cheap.
The 8 inch floppy was obsolete when I started out in computing, but some systems still had them. The rest of the world had moved on to 5 1/4 floppies which held more. I suspect the DOD or a related government agency has people perusing eBay and Craig’s List snapping up any functional media and drives to keep them out of nefarious hands. I would also suspect that some diskette manufacturer somewhere has a contract to keep a functioning assembly line mothballed and a few gray hairs around to both operate it and train a few young ones how to do the same. Once every few years they spin up the line and make a limited run of new media. Heck, even film manufacturers get enough people willing to pay a premium for media to create a limited run at a massively inflated price so imagining one or more old diskette makers could come up with a number to make it worth their while isn’t such a stretch.
People decry the old world analog communications, but, you can’t hack analog. You can eavesdrop but you cannot insert something like a packet sniffer because those are digital. If you try splicing into the line you tend to create noise which causes transmission errors. Make no mistake, that’s a closed loop system. There is no Internet. You would have to find a cable deep underground and cut into it. Not something you can do from your little North Korean hackers den.
If they ever were to “modernize” that part of the system I would say they should upgrade no farther than the LS-120. There is still plenty of media and working drives out there. Probably not after the DOD sucks it all off the open market, but, it wouldn’t be a major leap to get more storage and the security of using media few could still read. Personally I hope they continue with the 8 inch floppies for the same reason I love my LS-120s. The media fits in my shirt pocket so it is easy to transport for off-site backup. You can’t just slip an 8 inch floppy into your coat pocket at the end of a shift.
Readers of this and my other blog have heard lots about the LS-120, especially when I’m working on new books. Most people long ago forgot about that funky drive which was in their multi-pound laptop. When they see the media they think it is an ordinary floppy and stick it in an ordinary floppy drive. After a time or two of that, depending on the quality of the floppy drive, the media tends to be ruined.
Obsolete things provide a unique layer of security. Scientists use Latin when creating the names of things because it is a dead, unchanging language. If you haven’t seen it you should rent “Windtalkers.” It is the story of how we used Navajo Indians as radio operators because theirs was never a written language. Using that as the base language for a code enabled them to speak very fast and securely over open radio waves.
Some people in the language world believe French will be the next large scale dead language. Yes, there are hundreds of small use tribal type languages in places global warming will soon wipe out, but those aren’t large scale languages. While the French speaking peoples may be upset about such an utterance, it is setting up their language to be the base for the next situation requiring a teachable dead language. Not a spoken code base because French was a written language far too widely known, but certainly a dead base language for something in the scientific or technical world.
If they want to move up in storage capacity and still have security via obsolescence and have something which wouldn’t fit in a person’s pocket they could always move to 2400 foot 9-track tapes at 1600bpi. All of the later 9-track tape drives defaulted to 6250bpi. Some could still read/write 1600bpi in a manner readable by a 1600bpi only drive, but others could not. For those of you who grew up during the era of 5 1/4 floppies, this is akin to those early 1.2 Meg floppy drives which couldn’t reliably format a 360K floppy. It would work in the drive which formatted it, but not a true 360K floppy drive. Functioning 1600bpi tape drives are few and far between. There are truck loads of mag-reel tape in off-site storage though.
I cannot tell you how many hundreds of those I handled working my way through school as a midnight computer operator. What most of you don’t know is that you had to peel those stickers (not the number sticker, but the “what is this tape” sticker) off each time you re-used a tape, replacing it with a new one. It was the only reliable method of knowing what was on a tape.
While it is true most colleges don’t teach the indexed files and programming languages of the 1970s-1980s, it is also true that systems using such technology become more secure every day. Every day one of us gray hairs hits the end of their personal actuarial table. The books which taught this stuff were _never_ complete. Most of this early tech had national security sales restrictions. There were numerous countries it could not be sold in because various government agencies used those systems. As a result, the script kiddies colleges are cranking out, you know, the ones they are teaching AGILE to instead of legitimate software development methodologies, couldn’t hack into these systems if you set them down at the system console. They don’t even know what a systems console is.
[…] I talk a lot about this history in my Agile book. I’ve even blogged about Security Via Obsolescence. […]