log inhelp

 | 

  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Dokkio Sidebar (from the makers of PBworks) is a Chrome extension that eliminates the need for endless browser tabs. You can search all your online stuff without any extra effort. And Sidebar was #1 on Product Hunt! Check out what people are saying by clicking here.

View
 

WORM drives

Page history last edited by Andrew Alder 10 months, 2 weeks ago

a page of technology, maybe one of my good ideas  but in that case one of my professional failures

 

    1. Preamble
    2. Business use
    3. Private and general use
    4. Why they don't want you to have it
    5. How it could work now
    6. It's still a business opportunity IMO
      1. 2021 Update

     

    Preamble

    Years ago, before CD-R, there were optical drives known as WORM ('Write Once Read Multiple') drives. They were expensive and I looked at them briefly and longingly as a means of offline storage of images, this in the days when 80MB was a large HDD, USB thumbdrives weren't even on the horizon, image compression was not so well-developed and image storage was a real problem despite small file sizes necessitated by relatively small memory (my 16MB of RAM was in those days greeted by friends with a 'wow').

     

    AFAIK they are no longer available, made redundant by CD-R, CD-RW and the various DVD formats. Were I dictator-for-life, that would change. This isn't quite what the Wikipedia article said last time I checked. There's more to WORM than you might think.

     

    The beauty of the original WORM drives as opposed to CD-R is that on a true WORM you can't easily change the data once it is written. The firmware in the drive prevents it. This was not a deliberate feature, and nobody seems to have valued it. Again, were I d-f-l I'd not only bring back this feature, I'd strengthen it.

     

    Business use

    The WORM drive is the right medium for any data that has the following characteristics:

     

    • It needs to be stored for more than a few days.
    • It shouldn't ever be changed once it's written.

     

    These are of course the characteristics of nearly all financial data. Errors in a ledger aren't corrected by changing them. They are corrected by reversing them with balancing entries. Or that's what my audit training told me, anyway. A hard disk drive, on the other hand, is about the worst possible storage mechanism for such data.

     

    The rejection of my proposal to the EDP Auditor's Association (published in Australia in EDPACS newsletter, I don't have the date to hand) that we should promote the use of WORM drives was, in hindsight, the beginning of my disillusionment with auditing as a profession. WORM drives stood to empower the people, and reduce the overheads of financial auditing.

     

    I thought at the time that nobody cared. I'm now a bit more cynical. I now think that at least some of the senior people in the big accounting firms quite correctly saw that use of WORM devices stood to reduce both their corporate and individual incomes!  

     

    Again, if I were d-f-l, every ATM, every POS terminal, every place that is capable of offline processing of financial data would have a cheap, mass-produced WORM drive, using cheap mass-produced media not mountable on a CD-R but using similar technology, and with a "printable" top surface which could not only be printed, but also signed with a felt pen. Large corporates would similarly keep records of auditable information in this form. Some court and government proceedings would be similarly recorded.  

     

    These disks would be kept for a period as archives of the transactions. Some of the more important ones would be lodged in a national archive, some of them indefinitely.

     

    Possession of machinery capable of tampering with these records would be a criminal offence similar to counterfeiting. There is no reason for anybody to have such gear unless they are committing fraud.

     

    Food for thought? Maybe it's not too late. If we are serious about empowering the little guys, and protecting them from Enron and the like, WORM drives still make a lot of sense to me.

     

    Private and general use

    Imagine that you could save a file knowing that no virus, ransomware, or error could ever corrupt or delete it.

     

    That's what saving a version to a WORM drive does.

     

    Attractive? It should be. Files include not just documents and images. They even include programs. Still more attractive? It should be.

     

    Why they don't want you to have it

    There are obviously issues if you live in a state or territory where you have reason to fear the authorities. These authorities might for example compel all users of computers to keep logs of their emails, and reveal any passwords protecting them. But that's already happening even without WORM drives. Where I live, if the police impound my computer, or even a hard drive or thumb drive etc, and find it's password protected and ask me for the password, I am obliged to give it. If I've honestly forgotten it, I'm a criminal.

     

    And that's in a country that calls itself part of the free world.  As Arlo Guthrie said, they'll get anybody.

     

    But there are far more sinister reasons for opposing WORM technology. I said above, programs are themselves files. If I had for example saved a complete image of Windows XP Service Pack 3 (oh how I wish I had!) with Office 97 installed (all of which I bought and quite legally installed), I'd be much happier running that than forced to use Windows 10 and go to an online-only version of Office. And that does not fit the business plan of Microsoft one bit!

     

    How it could work now

    Obviously the previous technology could be rolled out again. But that's not the only way, or even the best way.

     

    I'd suggest instead that what is needed now is a WORM thumbdrive. There are several possible hardware implementations. The piledriver approach is for it to be intelligent, but for its own programming to be strictly non-upgradable. Burned into ROM preferably. Its storage can then be RAM or ROM, it doesn't matter.

     

    Because for the data storage itself, ROM has neither advantages nor disadvantages over RAM. The data needs to be protected against any form of corruption.

     

    And if the programming ever really needs an upgrade, you simply transfer the date to a new thumbdrive and (securely) throw the old one away. Any other approach is a compromise and the security can be breached. But that approach is secure, and easy.

     

     

    It's still a business opportunity IMO

    So watch this space! I disclosed it back in the 1980s so I cannot patent it. But I'd love someone to run with it like any of my other good ideas.

     

    2021 Update

    Ransomware is in the news. See Colonial_Pipeline_cyber_attack and tell me, wouldn't it have been good had this been physically impossible?

     

    So why isn't it possible, even trivial, to prevent such things?

     

    I have several friends who have suffered ransomware attacks. Some have paid quite a lot of money, but none of them have got their files back. Others have just accepted the loss. 

    Comments (0)

    You don't have permission to comment on this page.

    Printable version