An article in this week’s New York Times decries the end of the floppy disk. Its use as a medium of data transfer for Japanese government reports has finally been replaced with online data transfer. I read the piece with a mixture of sadness and amusement. The floppy was a big deal — originating from IBM’s big iron. It became the basic fuel of the PC revolution.

Before we had PCs, in the late 1970s, we had the first dedicated word processor machines coming into offices. I came of professional age  when these huge beasts, often built-in to office furniture. They were the domain of the typing pool of secretaries that would transform hand-written drafts into typed documents. These word processors had printers and ran off 8″ floppies that held mere kilobytes of text files. Those larger disks were a part of America’s nuclear control bunkers up until 2019 or so.

But back to the 1980s. Then IBM (and to some extent Apple) changed all that with the introduction of 5″ versions that were attached to their PCs. Actually, they measured five and a quarter inches. Within a few years, they became “double-sided” disks, holding a huge 360 KB of files. To give you an idea of this vast quantity of storage, you could save dozens of files on a single disk. But things were moving fast in those early days of the PC — soon we had hard-shell 3.5 inch floppies — the label remained, even though the construction changed — that could hold more than a megabyte of data. Just imagine: today’s smart watches, let alone just about any other smart home device — can hold gigabytes of data.

You would be hard-pressed to find a computing device that has less capacity these days. And that is a good thing, because today’s files — especially video and audio — occupy those gigabytes. But I just checked: a 5,000 MS Word file — just text — is only 35 KB, so things haven’t changed all that much in the text department.

The double-sided label sticks in my mind with this anecdote. The scene was a downtown office in LA, where I worked for the IT department of a large insurance company in the mid-1980s. We occupied three office towers that spanned several blocks, and part of the challenge of being in IT was that you spent a lot of time going around the complex — or at least for the times — debugging user’s problems. We would often tell users to send us a copy of their disk via interoffice mail and we would take a look at it if it wasn’t urgent. Soon after I got this call I got the envelope. Inside were two sheets of paper: the user had placed his floppy disk on the glass bed of their Xerox copier, and sent me the printouts. But this was a user who was paying attention: he noticed the “double-sided” designation on the disk, so flipped it over and made a copy of the back of the disk too.

The dual-floppy drive PC was a staple for many years: one was used to run your software, the other to store your data. The software disks were also copy-protected, which made it hard for IT folks to backup. I remember going over to our head of IT’s home one weekend to try to fix a problem he had with the copy-protected version of Lotus 1-2-3, the defining spreadsheet of the day.

Those were fun times to be in the world of PCs. The scene shifts to downtown Boston, at the offices of PC Week, back in early 1987. I had left the insurance company and taken a job with the publication. A few months into the job, I had gotten a question from a colleague who was having trouble with his PC, the original dual floppy-drive IBM model. I went over to his desk and tried to access his files, only to hear the disk drive grind away — not a sound that you want to hear. I flipped open the drive door and removed the offending disk. My colleague looked on with curiosity. “Those come out?” he exclaimed. No one at the publication had bothered to tell him that was the case, and he had been using the same physical disk for months, erasing and creating files until the plastic was so worn out that you could almost see through it. I showed him our supply cabinet where he could stock up on spare floppies.

Apple was the first company to sell computers sans floppies in 1998, and other PC makers soon eliminated them. Storage on USBs and networks made them obsolete.Sony would stop selling the blank disks in 2011, but they lived on in Japan until now.

Floppies were trouble, to be sure. But they were secure: we didn’t have to worry about our data being transmitted across the world for everyone to see. And while their storage capacity was minuscule — especially by today’s standards —  it was sufficient to launch a thousand different companies.

Self-promotions dep’t

Speaking of other things that have lived on in Japan, I recently wrote about the Interop show network and its storied history. I interviewed many of the folks who created and maintained these networks over the years, and why Interop was an innovative show, both then and now.

While lots of focus is on TikTok, I would argue that many of us are missing the influence and role played by the messaging network of Telegram. In this post, I explain why that could be a bigger threat to the online world.

Last fall, I wrote a post for SiliconAngle about how social media accounts are being used by pro-Russia misinformation groups. This was based on a report by Reset sponsored by the EU. One of the results from this report is that Telegram is very permissive in allowing hateful content and propaganda. A new report from  the Atlantic Council’s Digital Forensic Research Lab last week takes a deeper dive into how Telegram has been a communications kingpin for Russia’s war, and how effective and pervasive it is. The social network is not only being used for misinformation purposes, but also to recruit mercenaries, fund their purchases of tactical equipment and medical supplies, and serve as primary sources for Russian TV war coverage. The council calls it a digital front and another battlefield in the Ukraine conflict.

What surprised me was the huge audience that Russian Telegram has: with an estimated 30M monthly active users, billions of views and its cozy relationship with various Russian state-sponsored traditional TV channels. There are even channels run by the NY Times and Washington Post that were created to get around website and other internet content blocks.

By now, most of us are familiar with the term “catch and kill” as it applies to media buying stories that are never intended to run. Pro-Russia Telegram channels are paid not to mention specific persons or companies.

My analysis for Avast’s blog about data privacy of various messaging networks from early 2021 shows that Telegram isn’t as anonymous as many people first thought. The council’s report confirms this, finding government crackdowns on supposedly anonymous Telegram channels that have real-world consequences of arrest and prison terms for those channels that take these anti-government positions. Even so, there are many Telegram channels that continue to be critical of government policies and operations, such as those supporting last summer’s failed Wagner mutiny.  “While Telegram positions itself as a censorship-free platform, the available evidence demonstrates how the service is not a completely safe place for critics of the war,” they wrote. Wagner’s head Yevgeny Prigozhin discovered this first hand and died after declaring his mutinous intentions initially on Telegram.

Some of Russia’s military bloggers offer occasional criticism of the war, which adds to their credibility and popularity. “Users see their efforts as trustworthy and balanced, especially when compared to state media resources,” the council’s report wrote. That is not only insidious but dangerous, especially as many posts are widely shared and get millions of views.

As I mentioned earlier, many of the Telegram accounts openly ask for donations, providing bank account numbers and crypto wallet addresses, mostly in Bitcoin and Tether (ironically, one that is tied to the US dollar). The funds collected have been significant, in the equivalent of millions of dollars. They are also used for recruiting fighters and coordinating hacktivism efforts such as DDoS’ing Ukrainian targets such as civilian infrastructure, government data centers and banks. Ironically, Telegram is also used to help Russians avoid the draft with all sorts of tips and strategies on how to emigrate out of the country.

The final irony is that Telegram was created by two Russian brothers to get around government censorship, and was blocked by the government for several years. The brothers now live in Dubai and the Russian government has decided to leverage the network to amplify its propaganda and complement its communications.

1. Much of the digitine can be traced to the division over two controversial wars and ratcheted up the hyper-politica volume. Either you are for Hammas (as incredible as that sounds) or for Israel. Pro-Russia or Ukraine. There is no middle ground. 
2. It is religious. Jew vs Arab. Or more accurately, pro-Jew vs. anti-Jew. Bring out those dusty anti-semite tropes and re-quote the protocols of Zion. They aren’t so dusty after all. This has created all sorts of secondary corporate spillover effects. Say your company announces support for one or the other side. That triggers all sorts of boycotts and protests (as an example, what is happening in Malaysia — a Muslim-majority country — with complaints about Starbucks’ support of Israel). It takes apart our global village.
3. It is directed at celebs/influencers, not the digital platforms themselves as the 2020 Facebook ad boycott. Makes it easier to digest, to put on placards, to gather media coverage. The viral nature of these clips, gassed up with social networks, feed into the outrage machinery which  brings these campaigns quickly to millions.
4. Speaking of which — the dis/misinformation tooling has gotten better. Thanks AI. Who needs Russian human-based troll factories when you can generate the memes faster with GPU-laden computers? This is aided and abetted by easy manufacture of deep fake celebs that are “captured” espousing one thing or another. (Scarlett will appear before the House cybersecurity committee later this year, oh boy!)

Sure you can silence the folks on your feed that are caught up in these campaigns. Or leave the worst offending platforms (such as one that uses a single letter). But these are like using a band aid to stop an arterial bleeding.

If you want to ship illegal goods into the US, you might think sending them via air freight as probably the worst way to get them into the country. You would be wrong. Tens of thousands of tons of shipments enter our air freight ports every day, and the vast majority of them receive no inspection whatsoever.

In the past, the US Customs and Border Protection (CBP) agency has made it easier particularly for smaller volume shippers to send their stuff here without having to pay any duties or tariffs, under what is called an Entry Type 86 exception. This means if the value of the item is less than $800 per buyer and per day that the shipment arrives, nothing is owed. Last year a billion such packages came into the US, with many coming from two Chinese shippers, Temu and Shein.

But criminals are clever, at least initially. Many of them have taken advantage of Type 86 exemptions to ship drug precursor chemicals and raw textiles and other things, knowing that their cargo won’t be touched as it moved through the ports. Well, that situation has changed and now CBP is checking things more carefully. As you might imagine, given the tonnage that goes through our ports, this is slowing things down considerably. The stricter scrutiny has had results: CBP has suspended customs brokers from the Type 86 program and seized many illegal shipments.

There are several downstream problems that could happen. First, expect delays on your favorite Amazon package that isn’t in their own warehouse and has to come from overseas. Cargo flights will be delayed or cancelled when the warehouse ports fill up with yet-to-be-inspected merchandise. Second, criminals will undoubtedly migrate to maritime shipments, which don’t get much in the way of inspection either. Third, major shippers will probably shift to consolidating orders and shipping to their own warehouses. All this means longer shipping times and these delays could result in higher prices to the ultimate consumer. All of this turmoil could spell trouble for legit ecommerce businesses that rely on predictable shipments of their goods, which is ironic when you think about it.

This week I saw two stories that sent a chill up my spine. They indicate that cybersecurity is an ever-evolving universe where exploits continue to find new ground, and defenders have to look carefully and remain ever-vigilant. Let’s take a look.

The first one sounds almost comical: two UC Santa Cruz students figured out how to get their clothes cleaned at their dorms’ laundry room for free. But behind the stick-it-to-the-man college prank lies a more sobering tale. The students were able to analyze the data security posture of the laundry vendor and find a combination of weak programs to run endless wash-and-dry cycles almost surgically. The vendor wasn’t some small-time operator either: they run a network of a million machines at hotels and campuses installed around the world. But despite this footprint, they have miserable application security. To wit, there is no way for anyone to report any vulnerabilities, either online or via phone.  The company’s mobile app, used to pay to activate a specific machine, has no authentication mechanisms and so the students were able to top off their accounts without spending any actual money. The APIs used by their apps don’t verify the users, so the students could issue commands to the washers and dryers, commands that were easily discovered with the company’s own documentation.

The students were responsible, although they did “top off” their accounts to the tune of a million dollars, just to make a point. The only thing the laundry vendor did do was zero these accounts out but didn’t fix any of the other flaws. Nor did the company reach out to them or work with them (or any actual security researcher, at least according to what I read), again showing a complete cluelessness.

I will let you spin up the various morals from this story. I was impressed with the level of professionalism that the students demonstrated, and would imagine that they will have no problem getting infosec jobs and will do well once they have to leave the halls of academia and have to start paying for their own laundry operations.

Let’s move on to the second story, about how your Wifi router can be used as another means of surveillance. Brian Krebs broke this one, based on research from two University of Maryland computer scientists. They discovered a way to de-anonymize the locations of Wifi routers based on the network communications of Apple and Google products that connect to them. The problem lies in the design of Wifi positioning systems that are seeking more precise geo-locations: think Apple AirTags and other GPS applications that are tracking your movements. Attackers could leverage these processes to figure out specific movements of people, even people that haven’t given any permission to be tracked and are just moving about the world. Someone with a portable travel router, for example, is ripe for this exploit. The research paper posits three situations that demonstrate what you can learn from this analysis, such as tracking the movements of Gazans after 10/7, the victims of the Maui wildfires last summer, or people involved on both sides of the war in Ukraine.

As they wrote in their paper, “This work identifies the potential for harm to befall owners of Wifi routers. The threat applies even to users that do not own devices for which the Wifi positioning systems are designed — individuals who own no Apple products, for instance, can have their router listed merely by having their Apple devices come within Wifi transmission range.”

For privacy-concerned folks, one solution is to append “_nomap” to the SSID name of your Wifi router, which will prevent Apple and Google from using its location data.

I have long been a fan of quirky museums and collections, and heard last week about the Museum of Play, based in Rochester NY. They recently awarded their latest round of “hall of fame” computer video games, and on this year’s list is Myst. This 30+ year old game was a significant moment in its day and a big hit back as I wrote on a blog from 2012. It sold more than six million copies and raised the bar from crude graphics and beeping computer generated noises that were found in many of the early games from that era. After hearing about the news, I wanted to dust off my software and try to take it for another spin (which is what I did back in 2012), but alas, I didn’t have the right vintage of OS and drivers to make it work.

As I wrote back then in my blog, I observed that Myst’s graphics were not anything like more modern games. Its genius was giving equal weight to both graphics and audio, and while I was clicking about its landscape, I left the sounds of the ocean lapping up against the rocky island playing while I was working, and it was very soothing. The museum says it was slow paced and contemplative but inspired wonder. I concur.

Myst was not a first-person-shooter, but a game that involved solving puzzles, puzzles that had very inscrutable clues that were easy to miss at first glance. It easily got frustrating, and I often found myself going back over ground that I thought I had covered, only to find another hidden puzzle that unlocked a new landscape. Eventually, I bough a cheater book to get to the end of the game, thereby sealing my fate as a forever-novice gamer.

Myst came along at a time when PCs were just getting CD-ROMs installed: I remember buying this add-on package from Soundblaster because those early computers didn’t have any audio support either. And figuring out that puzzle of drivers, OS updates, and rooting around inside my computer to connect everything up was my first foray into building the kind of computer that we now take for granted where sound and optical media (and writable multi-speed ones at that) are part of the package.

Well, at least we can take the sound features for granted —  we seem to be moving away from having DVD drives as standard equipment in the name of streaming and having ultra-thin laptops and tablets. It also came at a time when color monitors were very new to the Mac world and graphics cards came with very little additional memory. This meant that the ability to do full-motion high-resolution video was still far off. Now we have graphic processors that have more horsepower than the CPUs in the same machine, and companies like Nvidia and AMD are finding new markets in providing the GPUs for doing machine learning and AI processing.

And software such as Photoshop and QuickTime were very much v1.0, barely able to keep up with the demands by the game’s two brothers who created it. Creating the three-dimensional images wasn’t easy: rendering took hours per image, because of software and hardware limitations.

And it especially wasn’t easy because the internet hadn’t yet taken off: the Myst dev team had to resort to “tire net” — meaning driving around the latest builds on removable media that were probably all of a 100MB in capacity and delivering them to various team members.

The Miller brothers would also star as actors in the video segments that a player would uncover in the game itself.

Myst was also ahead of its time when it came to non-linear storytelling: we have since had various feature films that are so constructed, such as Sin City in 2005 and Pulp Fiction, just to name a few of them. Rand Miller in a long interview with Ars done a few years ago speaks about how real life is all about embedding stories, and Myst was the first time that a game used this technique to make it more realistic and compelling. It was as if the made-up world was talking back to you, the gamer, directly. Again, now we take this situation very much for granted in modern games.

So I am glad after all these years that Myst is receiving some recognition, even if it is in a quirky Rochester museum, and even if all of my aging PCs can’t run it because they are n’t old enough. But if this essay has piqued your interest and you want to run Myst for yourself, act now and offer to pay the Fedex delivery and it could be yours. I will pick one reader to get the 3-CD package of Myst and its successor games — if you have a vintage machine that is old enough to run it.

Thaddeus Grugq’s latest newsletter opines on the role of the smartphone in how warfare is reported on by the media, calling it a revolution in military media relations. Things have certainly changed since battlefield reporters began reporting on wars: events are posted in near-real-time, with streaming color video transmitted via social media networks, shrinking the distance from the war zone to the reporter and viewed around the world. “The information environment is truly beyond the control of the military,” he writes.

This is perhaps the ultimate in media disintermediation. There are no gatekeepers, everyone with a smartphone and a You Tube channel is now a “citizen journalist” with a ready-made audience.

It isn’t just for the reporters: there are benefits for smartphone-toting warfighters as well. There have been plenty of articles that have documented how soldiers have exploited smartphones over the past several years, including this one that documents what is going on in Israel. It enables the troops to better communicate with their families, something that I am personally familiar with my Israeli son-in-law, who has been deployed several times since the war began. When he was deployed in Gaza, his regular phone didn’t work, so it was always stressful. But when he was deployed in Israel, he was in touch with us, which seemed surreal. Even foxholes now have Wifi.

And of course smartphones and citizen journalists aren’t restricted to the war zone either, such as coverage of the riots during the Ferguson summer of 2014 and this spring’s college encampments. Some of that reporting was better than the mainstream media, to be sure. That link explores the concept of citizen journalists that I wrote during that summer.

But we have crossed a Rubicon of sorts with the Israeli government literally shuttering Al Jazeera’s Jerusalem studios this week. My daughter, who has been living there for many years, and I disagree on this action (she is in favor of the shutdown, I think the network should be allowed to continue to broadcast). Imagine if Biden were to shutter Newsmax. Or if police raided a newspaper in Kansas. (Wait, that did happen last year.)  For many years, I watched the early morning news coverage from Al Jazeera English’s programming. It was mostly fair. I haven’t seen much since the war began last October, and I am not sure how I would react to hearing misinformation being broadcast now.

The record of independent journalism in the Israel-Hamas war is a difficult one, because no one can really do research. But imagine if nearly 100 journalists were killed by the US in one of our recently wars — that is the current tally of who has been killed in Gaza and the West Bank, according to the CPJ. None of these people were engaged in any military capacity, at least according to their documentation. And Israel has also blocked any journalists from entering Gaza, making matters more difficult.

Let’s look at the coverage of the college protests. We saw the furniture barricades at Hamilton Hall on Columbia’s campus: is that a peaceful protest? Did the police act responsibly? With all the live streams, including some from the police bodycams, it is hard to say. Now imagine having very limited access to what is going on (which some colleges are trying to do). For all the real-time streaming, the fog of war becomes very thick indeed.

I wrote after the Ferguson riots, that if we are going to be a shining example of a working democracy, we need a strong and independent press that can document police abuses. Otherwise, we are no better than the countries we criticize for trumped up charges and wrongly arresting people. The same is true for wartime journalism.