Security - Digital Meets Analogue

Like many people as I read about more and more data breaches I become progressively more paranoid about important information being hacked and the security of important systems being compromised. At the same time it is obviously important to have records of logins to important accounts etc. and for these logins to be available to a trusted individual should the worst happen and you become unable to access things yourself.

I was pondering over this kind of thing and how I might come up with a simple convenient solution which was also secure and I decided I needed a system that combined a digital element for convenience with an analogue element for security. I wanted the system to be COMPLETELY IMMUNE from being hacked or the data stolen which is always possible if something is stored wholly digitally. One only has to consider the 2017 Equifax hack where the personal information of 145 million Americans was stolen.

Not long ago I’d read about some Russian and German authorities (there may well be others) using "old-fashioned" methods to protect extremely sensitive data by reverting back to technology long forgotten by many, the humble typewriter.

If something is typed out using analogue technology there is then NO digital record or footprint of it to be stolen by a hacker, I had also been unable to find a method of typing something on a computer and be CERTAIN that no digital trace or footprint remained.

My "solution" is simple. Firstly, on a computer, I designed a simple template including some explanatory text which included a table format list of all the systems I was going to record information about. This included computer systems (email account etc.), bank accounts, telephone passcodes, tablet passcodes, laptop passcodes, you get the idea. The actual login and password information was NOT typed into this computer document, blank spaces were left for this information. This template, containing no confidential information whatsoever, can of course be updated and reprinted at will.

Once printed out it is a simple matter using a typewriter, to enter the sensitive data. The end result is a document which can be used in the event of emergency access being required by a family member or similar. The final and complete document does not exist anywhere in a digital format, it cannot therefore be hacked, forwarded, shared, altered or similarly abused. This was why the Russians and the German authorities reverted in part to analogue devices. If it’s not digital it cannot be hacked, the paper record does not need to be shared and can simply be vaulted in the old-fashioned way.

Where special characters are used in any passwords they are typed out in full and within parentheses, this is because not all currently used password characters are available on a manual typewriter keyboard. For example, the password 1Ab76c*v#2 is shown as shown below, note that the parentheses are NOT themselves password characters.


Of course the document has to be stored properly but that’s easy and it’s a small price to pay for having an unhackable record of very important information that could be invaluable in the event of the unexpected happening. This arrangement seems to be a reasonable compromise, when things change you don’t have to retype the whole thing, just print out the template with all the systems etc. listed on it and then fill in the new private stuff and don’t forget to shred the old one properly!

Using password managers (eg. LastPass) is a convenient and excellent way to store passwords. However, I would NEVER store ultra sensitive information such as online banking login information in an online system, for me it’s just a step too far. However, the system suggested here I would use to store such information. I would also store the login details for my password manager in this system so that in the event of a disaster my online life could be accessed. The printed/typed document is sealed in a tamper proof pouch to be accessed only in extremis.

Hive Security System

I recently started to add some Hive products to my home and so far I've been happy with how things are going. There does however, to me at least, seem to be a yawning gap in the system in that there is no available internal siren. I liken this to having a smoke or carbon monoxide alarm in the house which doesn't actually make any noise but silently detects a problem.

If I'm in the house and I have motion sensors and door sensors installed if anyone gets into the house I want a siren to go off so that I know they are there. In the middle of the night having a (probably muted) notification delivered to my phone is simply not a reliable way of:

a). Letting me do something about the problem or

b). Letting the intruder know that they have been detected and therefore hopefully being deterred.

I don't see the Hive system as being a system that just lets me know something is wrong when I'm 100 miles away, I want it to also let me know when something is wrong in the middle of the night when I'm at home. To not do so completely misses a potentially invaluable opportunity for the system to help a home owner.

I would buy a plug-in siren which could be configured to sound when a motion sensor or door/window sensor was triggered in a heartbeat, come on Hive.

Fritillaries in Belford

Fritillaries (Fritillaria meleagris) are one of my very favourite flowers and it was great to spot some growing in the Belford Community Woodland, well done Belford!

Belford Church - Motorhome Trip

Been spending a few nights in the Hymer up near Belford and stopped at Belford church just to check it out, lovely little place.

A Comma on Every Line?

Occasionally it is necessary to add a comma to every line of text, I have found this necessary when I have a list of items which I want to turn into a large number of tags for use in Evernote. I looked around for a way to do this and worked out a very easy way of doing it using the BBEdit text editor which I use on my Mac, the process is very simple.

Starting with the text document (probably an exported list from a spreadsheet) opened in BBEdit, you have your list of items which might look something like:

Fred Bloggs
Bill Smith
Sadie Stern
Jack Jones
Archie Enemy

Simply selet all the text using either your mouse, trackpad or the cmd-a keyboard shortcut. Then in the BBEdit menu select "Text" then "Prefix/Suffix Lines" and in the pop-up that opens select the "Insert" radio button and put a comma in the suffix box and click "OK".

Hey presto it's done, a comma appears at the end of every line.

Fred Bloggs,
Bill Smith,
Sadie Stern,
Jack Jones,
Archie Enemy,

At this point I often want to convert this list into a string of text with each name, or whatever the text is, separated by a comma, I also do this using BBEdit. Simply select the text you want to convert and then select from the BBEdit menu "Text" and then "Remove Line Breaks" and you will then have a comma separated list as below.

Fred Bloggs, Bill Smith, Sadie Stern, Jack Jones, Archie Enemy,

With long lists the above simple process can save hours! When pasted into the Tags field of an Evernote note you can create any number of tags at one time, avoiding a lot of typing, and these can then be selected to be applied to other notes.

From iPhone Contacts to Google Contacts

Transferring a number of contact records from an iPhone into Google Contacts can be a bit of a pain as the iPhone does not offer a way of easily extracting a batch of contact details in one fell swoop. I needed to get quite a few contacts from an iPhone into Google Contacts and to do this I ended up doing the following using my Mac:

  1. Export individual contacts from the iPhone by "sharing" them one at a time, this generated a series of vCard (.vcf) files.
  2. Save all the .vcf files into a single folder.
  3. Open a Terminal window and navigate to the folder where the .vcf files are stored.
  4. Enter the following Terminal command: cat *.vcf > combined.vcf
  5. This generates a single .vcf file called "combined.vcf" - or whatever name you choose to give your file.
  6. Using the Import feature in Google Contacts import the "combined.vcf" file.
  7. This process will generate all the individual contacts as individual Google Contact records which can then be edited.

Whilst having to export the contacts from the iPhone individually was a bit of a nuisance the approach above saved me a lot of time in terms of the import process and gave me control of the new contacts as they were initially auto-tagged with a label "Imported On ddmmyyyy" which made the group very easy to work on.

Evernote and Tresorit

I've been using Evernote for years now and have many thousands of notes stored in the Evernote ecosystem. Evernote is my go-to application for storing all sorts of things from short notes to scanned documents and images and pretty much everything that comes in a digital format or that can be converted into one. Basically my life has been scanned and much of the paper I previously had has made it's final journey to the shredder.

I've always felt that Evernote was pretty secure but from time to time I have had niggling concerns that even though my Evernote data is stored encrypted on Google's servers I am not actually in control of my own encryption keys, Google is. In theory at least it is therefore possible for my material to be accessed by someone other than myself. In fact the plain text versions of my data MUST be accessible at least at some point in order for the data in my Evernote account to be indexed to allow word searching of my Evernote account to take place.

All this got me thinking and I decided that I would feel happier if I did not depend completely on Evernote to retain my privacy but took some additional steps myself. These thoughts coincided with my selecting Tresorit as my preferred cloud storage provider, my primary reason for selecting Tresorit is that it offers true end-to-end zero knowledge encryption. I, and I alone, am in control of the encryption of my data and the passwords used to perform that encryption. The price I pay for this is that if I lose the keys that's my problem and my data is lost and I am fine with this.

Thinking through the contents of my Evernote account it really falls into two categories:

Category 1 - Data that I would be extremely unhappy if it found it's way into the public domain but which needs to be stored securely and safe from natural disasters. This might include some financial information, health information, scans of important legal documents, personal letters, these kinds of things.

Category 2 - Pretty much everything else. This might include lots of file notes, non-critical records of events, information relating to hobbies, old receipts, newspaper clips and sundry other items retained in digital form where the original papers have long since been shredded. These are items I have kept that I don't want to lose but if they appeared on a website somewhere I could live with it!

It seems to me that the number of items that would be identified as Category 1 items are pretty few and far between and they can easily be identified. More importantly the items falling into Category 1 are actually very infrequently accessed and when they are required the need is never urgent. I have therefore decided upon the following strategy.

All Category 1 items are gathered together and using the export feature built into Evernote these notes are exported to create a single *.enex archive file which preserves all the notes, attachments, links and tags relating to each individual note. All the Category 1 notes are then deleted from my Evernote account, this removes any possibility of these notes being accessed.

Having obtained this single *.enex archive file containing all the sensitive information Tresorit comes into it's own. This file is then uploaded to the Tresorit cloud storage system, it is encrypted before leaving my own system and remains encrypted on the Tresorit servers (AES-256 Encryption) where it cannot be accessed by anyone, only I have the keys. If I need the information within these Category 1 notes it is simplicity itself to download the *.enex file from Tresorit and import the notes into Evernote where they then appear in their original format.

Using this approach I retain the convenience of the Evernote system but have the security of knowing that my truly important documentation is protected by the advanced security arrangements offered by the Tresorit service. It is of course also very convenient to export ALL the notes from my Evernote account into a single *.enex archive file and upload that to Tresorit simply as a backup for the whole Evernote system.

This approach also does away with the local storage of any sensitive information on either my local machine or in any local backups, the ONLY records are those residing on the Tresorit servers, which are fully encrypted.

Tresorit - Working With The 10GB File Size Limit

I recently started using Tresorit as my chosen cloud storage system. I chose it not because of it's price (it is a relatively expensive option) but because my most important selection criterion was security and secondly I wanted a system with a clean, modern, understandable interface. Above all else the system had to offer Zero Knowledge End To End Encryption as well as Two Factor Authentication at the login stage. Tresorit delivers what I wanted.

That said there are always issues to be dealt with when adapting one's workflow to a new system and this short posting covers just one of them, that is how I have decided to deal with the 10GB file size limit, for a single file, imposed by the Tresorit system. It is necessary for me, and I suspect others, to work with this limitation because I frequently have to deal with blocks of data which are larger than this limit, or aggregated chunks of data - in particular large video files. The solution I am using relates only to Mac users because that is the platform I use myself, Windows users will I am sure have their own solutions.

To store a file or a collection of data larger that 10GB on the Tresorit system I first create a disc image of a single folder which contains all the files to be stored and then split that file into segments for uploading, each segment being below the 10GB upload limit. Normally in my case this would be a folder containing files called something like "20120823TripToTheLakes" which will contain all the photos and video files from a trip, the folder may well be tens of GB in size.

To produce a disc image, or .dmg file, it is easiest to use the Disk Utility programme provided as part of the Apple suite of programmes, the programme is found under "Applications", "Utilities", "Disk". With that running the easiest thing to do is select "File", "New", then "Disc Image From Folder" from the drop-down menu. Then navigate to the folder containing your files and click "Image". Then give the new file a name and select where you want it to be saved. Because we want to subsequently split this file you should select "Read Only" as the image format. I do not bother in this context encrypting the disc image because the Tresorit system will in any event encrypt the files locally before uploading to the Tresorit servers.

Once those options have been selected click "Save" and the process of generating the .dmg file will commence and when finished you will be able to navigate to the file and mount it as a "drive" should you wish to do so.

This single .dmg file will be a large file which then needs to be split into upload-friendly chunks, I make each "chunk" about 4GB and this is done using a Mac utility called "hdiutil" which is run using the "terminal" application which is found alongside the disk utility application. The Terminal command below, obviously with the names and locations changed accordingly, should be run and this will generate files with the extension .dmgpart with each file being about the size specified as well as a single file with the .dmg extension, all these files will have the same name apart from the file extension.

Sample Command:

hdiutil segment -o /Users/Username/Desktop/"Destination Folder"/Destination File Name -segmentSize 4000M /Volumes/DriveName/"Source Folder Name"/"SourceFileName.dmg"

I have used 4000MB in this example which is convenient for many situations and ensures that each file is not too large, if need be one could even write each one of these files to a DVD at some point. If I ever were to want to write DVD versions I tend to change this setting so that data is distributed evenly over the minimum number of disks I can use. Setting a segment size of 4000M(B) will yield a file size slightly larger than 4GB, normally 4.19GB, which is as large a single file as I tend to write to a DVD. A segment size setting of 4500M(B) will yield a single file size of around 4.72GB which is too large a file to reliably write to a single DVD and I like to leave some space as this tends to reduce read.write errors.

Once all the files have been generated by the Terminal command they can all be uploaded to the Tresorit servers without encountering any issues with the 10GB file size limit. If the files ever need to be retrieved from the Tresorit archive it is a simple matter to download them in the usual way and this is where I think it gets really clever. You simply download the "set" of files you require that made up the original file and save these into a folder on your local machine. You then just open (double click) on the first "master" file of the set, the one in the set with the .dmg extension, you can then view all the files as if you were looking at a single file or drive, there is no need to open the other files, they are all just treated as a single file, as if by magic.

If for some reason you did want to re-generate a single .dmg file from the set of .dmgpart files do this: After mounting the disk image using the multipart set, select the disk using the disk utility programme and then select "New Image", provide a name and location etc. and this will create a new single image file from the multipart image.

I hope that's been helpful, it certainly allows me to upload files of folders well in excess of the 10GB file size in a very convenient and above all secure way.

Evernote vs Apple Notes

I've been using Evernote for a number of years and probably have about 8000 notes in there now. Having pretty much now ditched paper I've always been rather concerned when I've considered the possibility of Evernote going under, as has been talked about in some circles at various points.

With this thought in mind I reckoned it might be safer to have an alternative up and running and it seems reasonable, as a user of Apple products, to try the Apple Notes application to see whether it really is a viable alternative for me.

Without too much trouble I managed to get all my notes exported from Evernote and then imported the notes into the Apple Notes application. At the present time I'm running both systems in parallel which to be honest has been surprisingly simple and takes up very little additional time, I like knowing that everything is sitting safely in an alternative system.

This is obviously not an in depth review but I thought it might be helpful to list a few points as they crop up, where Apple Notes falls short of the dedicated Evernote service. Evernote was always going to be more feature rich (some would say bloated!), and in the end it comes down to whether you can live without those extra features and whether Apple Notes will be adequate for your needs.

Here are the points I've noted so far where I've found things "missing" when using Apple Notes.
  • Apple Notes cannot publish individual notes to The Web, I find the ability to create a public URL to share a note online quite handy.
  • Cannot change dates of notes in Apple Notes, this is a useful feature to have when storing dated material as attachments where you want to retain the original date.
  • Cannot share whole notebooks with another user, or share groups of notes when using Apple Notes.
  • I like the Evernote Web Clipper, nothing comes close in Apple Notes.
  • Apple Notes does not allow you to "tag" notes to allow notes to be grouped in this way.
  • Apple Notes does not support searching within the contents of attached files such as PDFs, I find this very useful.
  • Apple Notes does not allow you to share a note as "read only" - if a note is shared the share recipient can edit the note.
  • Apple Notes does not have the "AI" sensation offered when Evernote "surfaces" similar material with it's "Context" feature.
  • I like the ability to link an Evernote notebook to the Postachio service which allows me to use Evernote as a blogging platform, that is how this weblog posting was written.
Those are just some of my initial observations. I like these features in Evernote but I "could" live without them and if Evernote crashes and burns it's good to have an alternative ready to go with the data all fully loaded.