Sunday, March 3, 2019

Coming soon...

New posts, new blog, new stuff!!

Information Entropy as applied to Securing Information

Entropy seems to be a pretty difficult concept to grasp.  And it can be slippery, but the basic idea is that a certain energy is associated with certain conformations, more for some, less for others.  Entropy says that moving from a lower energy conformation to a higher energy always requires an excess of energy.

The classic example is a teacup on a table.   The maker of the teacup invested considerable energy to gather materials,  form the cup, and bake it into its final form.   And finally , someone lifted it against the pull of gravity onto the table.  This energy is partially stored in the conformation, but some fraction of it is lost, essentially forever.

If the teacup is dropped, the stored energy of the gravitational pull immediately begins to be released, culminating in a final release of energy when the cup hits the floor, shattering and releasing much of its stored conformational energy. Entropy says you can't ever get the cup back the way it was without, that is, expending a tremendous amount of energy.

Now applying that principle to information security, consider a database containing sensitive information, such as a credit database.   That information has been gathered over years of people entering it, using credit cards, data feeds sending it to its ultimate home in the database where still more energy is expended to tabulate and collate it.  Finally, energy is expended to "secure" the information.  Physical security is energy expensive.   Logical security is as well, requiring devices, programs, and people to implement and , hopefully, maintain.

We are not surprised that a teacup falling from the table shatters and is lost, so it shouldn't surprise us that information systems are just as easily shattered.   What's the difference?  The big difference when applied to information security is that when a security system shatters, the spilled data, unlike tea, is now available for anyone to slurp up.  Moreover, the information itself isn't consumed, it is available for any number of slurps.  And is still available, even to the system whose security was shattered.

Unfortunately, if it is your information that is "spilled" that means you can't put it back in the cup.  As Rep. Debbie Dingle of Michigan said of the recent Experian breach, "You can't change your Social Security number and I can't change my mother's maiden name. This data is out there forever."

Monday, March 16, 2015


Ok, really just a sprint triathlon.

Let me tell you - a full olympic or Ironman tri is no joke.

This was the "Hub City Hustle" triathlon in October 2014.

I'll probably do it again

Friday, April 8, 2011

Three Months with The Cr48 Notebook

I got a Cr48 notebook in late December and have been messing with it ever since.  More or less.

I was initially rather excited about the notebook, it was fast, secure, light.  It has insane battery life, it is Linux based, it's more or less open to developers and reverse-engineering.  I took the time.  I tweaked.  I updated.  I joined a number of Cr48 discussion groups.

After three months, I still use it.  Some.

The overall design just doesn't work.

So, the parts, and what makes them great:

The hardware is robust and fast enough for what it does.  Really, the CPU is a little slow by today's standards, but everything else is well matched to it giving an overall experience that feels lightning fast.

The browser is Chrome, of course and it is awesome.  I really feel that the Chrome browser is the best browser you can get today.  It does an unbelievably good job of keeping the state of your browser sync'ed over multiple machines with usually being obtrusive about it.  Almost everything "just works."

The OS is just the browser,  basically.  This is where the trouble starts.  The Cr48 is basically useless without a network connection.  I'm not always well connected.  Thus, when I want to write a paper, a lesson plan, a blog entry, even a simple note to self, I do NOT pull out the Cr48.  I use my clunky (but reliable) old Toshiba, or increasingly I find that I use my Android phone.

In fact, I am becoming more and more solidly of the opinion that the Cr48 needs to be dumped in favor of fully integrating the Chrome browser into Android.

Sorry, Cr48 team, I tried.  I'm still trying.  But I think the Cr48 is going to be remembered as a false step on the path to better things.

Wednesday, December 29, 2010

Bluetooth on Cr48

copied pand
copied hcitool,etc.
bluetooth-agent nnnn &

Adding your own (Ubuntu's anyway) Binaries to Cr48

The firs thing you'll need to do is get into dev mode.

The do this:
sudo su -
/usr/share/vboot/bin/ --remove_rootfs_verification

 That makes writing to the executable partition possible. When you get back up, go back to crosh and do:

shellsudo su - mount -o remount,rw /mount -o remount,exec /mnt/stateful_partitionmount -i -o remount,exec /home/chronos/user

Cr48 Latest Fun Stuff

After some disappointments attempting to connect the Cr48 to an ad-hoc WiFi network (android-wifi-tether) I came across some useful info.  Entering about:flags into the browser window lets you enable some features that weren't on by default, including media player, AFS, Side Tabs, and more.

The AFS (Advanced File Browser) is an improvement over the default in several ways, including automatically unmounting USB drives, and a working, refreshing, "back" button.