Steven J. Murdoch

Well, in the end I did go to Arundel for Christmas Day and Boxing Day, and the nights before and after. It wasn't ideal, but it kept the family happy and I had a reasonable time of it.

Given the weather earlier in the week, the journey down from Cambridgeshire was astonishingly uneventful. There was a bit of rain, a bit of misty fog… but almost no traffic. I chose to go clockwise around the M25 and things were free running through the Olympic widening works. The less major roads down near Arundel itself were also fine, apart from five miles where I got stuck behind a clapped-out Land Rover. Any other day, I'd have overtaken, but after a week of ice-shod doom, with the temperature low enough for black ice, I decided to put up with it. I got to Arundel refreshed, having almost forgotten what it's like to drive when traction can be relied upon!

Immediately on arriving at the place, I noticed something. The (only) photo supplied by the proprietors online is this one:



…which looks fairly sensible and respectable. Unfortunately, what I found was this:



In fact, the situation was twice as serious as the photo shows: it was all stroboscopically flashing, so half of it is extinguished in the photo. I boggle.

Inside, the place wasn't too bad. The decor was pleasant enough, though tended towards giving the impression that no expense had been spared to give the impression that no expense had been spared: brass light switches, a job lot of passably oriental rugs strewn everywhere, flagstone floors using that curious stone only B&Q can slice so thinly, etc. There was secondary double glazing, the locks didn't work on either toilet door, the over-bath shower had no curtain, the dishwasher's timer was broken so would never stop washing and the only table large enough to play board games was in an underheated conservatory. My bedroom, against all reason, had a leopard-print duvet cover. The pillows were much too soft: one wasn't supportive enough, and two would plump up enough to press against my nose when I lay on my side. Everything had been laundered in something that seared the flesh; I'm going to have a rash for a few days. The bedstead had very free-running wheels but was on a wooden floor: it rolled around whenever I turned over in bed, and getting in and out of bed was an interesting challenge. As a final clincher, the curtains served merely to funnel dawn's rays straight onto the head of the bed.

Oh, and the headroom at the bottom of the staircase was restricted. This wasn't a problem if you could see what you were doing, but I did bang my head once when going to the loo in the night.

And the largest glasses in the place were a pair of half-pinters. But one broke the very first time we put it through the dishwasher. And none of the other glasses were anything approaching cylindrical. Suddenly, diluting Ribena became a very inexact science.

I'm very glad I didn't agree to stay a week there, and very glad I didn't agree to pay a third of the £900 for a week. But for a couple of days of playing boardgames, it sufficed.


We played Settlers, Carcassonne, Trivial Pursuit (there was a set there, with questions we didn't already know), Ticket To Ride, Careers and Mine a Million — a reasonable mixture of traditional games and more modern ones with greater sophistication to their gameplay.


Food-wise, I made myself a cheesy loaf. I also noticed I had a jar of Tiptree Cranberry Jelly that I bought in Harrod's a few months ago, so took that along as suitably festive. We ate various other assorted nibbles, including some Morrison's own-brand cocktail snacks that were impressively bland: my mum preferred those; she doesn't seem to appreciate any kind of strong flavour any more.


On Boxing Day, we drove out to Bosham and had lunch at the Anchor Bleu. I winced at the Franglais, but the pub was cosy, nicely-presented and bustling with friendly locals. The pub grub was passable, though far from brilliant. On the way back to the car I was pleased to find a shop selling Loseley ice cream. We then went to Chichester, where we spent 45 minutes looking around the fine cathedral followed by ninety looking around the same shops you'd find on any high street anywhere — which struck me as very much the wrong way round. The cathedral is very fine, and contained surprise Gustav Holst tomb, which was nicely seasonal given my favourite Christmas carol. There was also a fine old Dominican hymnal, a Roman mosaic and some fascinating portraiture on old wood panelling. The pipe organ left me indifferent; then I realised I'd only seen the nave organ and the main instrument was a far more splendid affair. They also had the Hurdis organ: a small pipe organ from 1780 that has been carefully restored and fitted with an electric blower and is still used today. Wikipedia says there are even a couple more lesser pipe organs hidden elsewhere.

What I didn't do was visit Arundel Castle, and it does look worth visiting.


On the journey home, the M25 was messed up, so I took a meandering route via Hindhead, the Devil's Punchbowl, Chertsey, Virginia Water, Egham, Old Windsor and Denham before finally joining the motorway at Rickmansworth — I added an hour to my journey time but I was in no hurry and the time spent following the meanders of the Thames easily beat mingling with all the poor deluded fools queueing to be cavity-searched on their way to the USA via Heathrow.

And now I'm back in Cambridgeshire, which for the time being is feeling uncannily empty of people I know…

Today's XKCD (the large version) set me thinking.

So the Earth's gravity well is only 6,379km. A tiny amount of maths indicates this is 17.4 kWh per kilogram. British Gas will sell me 17.4 kWh of gas for about sixty pence. So enough gas to launch a 100kg person out of Earth orbit costs £60.

There are, of course, some problems:

• After a while, you run out of oxygen in which to burn the gas.
  
• Natural gas has a typical energy density of 17.1 kWh/kg.
  
• Even extremely efficient vehicles needs 0.28 kWh/kg to travel 6,379km on the level.

Even so, we're now almost 1% of the way through the third millennium; where's my flying car, dammit?

Via Jeff Atwood at Coding Horror, The C Programming Language by Brian W Kernighan and Dennis M Ritchie and HP Lovecraft. My favourite part:

I had heard tales of the... thing that C.A.R. Hoare had summoned up in '62– dark hints of choosing one element from an array, and partitioning the rest into lesser and greater sets, and hellishly recursing until the data were twisted into a sorted list– but nothing I could have imagined would be in any way comparable to the daemoniac, blasphemous reality that I saw.

I think any second-semester sophomore encountering quicksort for the first time knows exactly how the narrator feels.

Unrelatedly, was woken by the postman this morning from a dream in which I was giving a talk about error-correcting codes, failures in spoken communication, and formality of register, at a feminist conference (!), using the OSI network stack as an analogy (!!). I had just got through the obvious parts about how explicit, simple protocols and robust error-correction at the application layer reduce misinterpretation (for some reason, my example for that was a bingo game), but when the protocol has no built-in error correction and can be fragmented, the rate of confusion rises (I think where I was going with that was some kind of analogy between natural language and fragmented IP datagrams), but then the doorbell woke me up.

I have a theremin: http://www.flickr.com/photos/tef/4214134340/

The nice people from the Jordanian chapter of the IEEE gave me this award after my two hour marathon talk. They were really nice and I suggest visiting the IEEE chapter in Amman.

What? It can't be Christmas eve. Christmas isn't for at least a few weeks!

I never thought I'd have anything in common with Myleene Klass, but I seriously love the OU. As much as I bitch about the essays as I'm doing them, goddamn is it a lot of fun.

I am in love with Jennie Lee.

I subscribe to Cambridge e-cops and this was in our weekly e-newsletter today:

( Teams of 2 + 3 distracting people as they take money out... )

Happy Winter Solstice, folks. The nights are as long as they get and we're now heading back towards Summer.

Or, at least, we would be if it weren't for seasonal lag. Drat!

Just to follow up on what I was saying to people yesterday:

Salem suffered brain damage and fractures, including a skull fracture, during the attack.

[...]

Judge John Reddihough said it was “ironic” that the attack had left their victim unfit to plead for his knife attack, sparing him a “very long” period in jail. Salem was given a two-year supervision order.

[...]

A neighbour urged them to stop and said Salem would be killed, he said. But they continued “like a pack of animals” and it was “fortuitous” he did not die, Judge Reddihough said.

He said: “You involved yourselves in a terribly violent and unnecessary assault on Waled Salem which amounted to a revenge attack.”

--Munir Hussain and brother Tokeer convicted over Desborough Park Road, High Wycombe GBH attack, Bucks Free Press, 2009-12-15

As far as I can tell, it was strictly speaking illegal for them to arm themselves, give chase and attack the guy when they caught him, but it's hard to imagine anyone pursuing them for that. It was the continued vicious assault after they'd already brought the guy to a halt that led to jail sentences.

Update: Thanks to autopope for linking to this below. What sort of society praises vigilantes with cricket bats?, Catherine Bennett, Observer, Sunday 20 December 2009

(Postscript re another conversation: Blu-Ray 3D will require special displays and there's a list of suitable displays here)

Sunset in the necropolis.

We're standing on the edge of Qatar and the land in the distance is the Kingdom of Saudi Arabia. That's probably as close as I will ever get to Saudi.

I went for a horseback ride through the necropolis of Giza today. This is the pyramid Khafre behind me. My horse's name is Lucky.

Last weekend we went up to Leeds for early Christmas with Mum, Mick and my 4-year-old step-niece S. S and Charles renewed their friendship at once which was lovely to see. We took them out on a walk (just to the local supermarket for beer) and the local fire station was raising funds by selling plastic fireman's helmets. So I bought two: S declined the pink that would match her outfit and went for yellow; Charles hesitated enough over colour to make one of the men say "don't tell me he wants pink", which got a firm reply from me of "he can have whatever colour he likes". He chose yellow anyway, to match S.

Before dinner, S helped me decorate the tree and Charles "helped" us both. We exchanged gifts which all seemed to go down well, and enjoyed a delicious meal and then I think we stayed up too late talking. There was more talking the next day too, and a shorter walk with the children before it was time to go.

Travel was trying: we had opted to drive in order to get there Friday night, except freezing fog and my ongoing post-viral fatigue shot that plan down. The car journey Saturday morning was particularly trying, including witnessing an accident at rather closer range than comfortable; the one home on Sunday evening was merely tedious.

Charles got his second pandemic flu jab on Monday afternoon: he objected quite a lot, but accepted a chocolate bribe/reward and got over it very quickly. We tried Tesco again to see if they had his lost bendy-bus, but they did not. I indulged his request for a small cuddly Pipling to make up for it. There was a lot of standing around in the cold waiting for buses running late, and 20 minutes in Subway persuading him to eat a cheese toastie and warm up, and in general he behaved better at the bus stops than the average adult.

On Wednesday we had Tony's office Christmas meal, so my second half-day of the week. I enjoyed it but rather felt the effects of lunchtime drinking afterward and was glad to be able to go home. Our cleaner was there so I had a rare chance to talk to her (normally we communicate via Jonny and/or Tony).

J had flu for several days, so Charles was looked after by Jonny when Tony and I needed to work. Charles went back to J's on Thursday, but we kept him at home again on Friday because of the enormous difficulty moving a buggy through new-fallen snow. Now it's all packed down into ice, we will probably go back to normal tomorrow.

The snow is not melting. Charles had a huge tantrum yesterday when we wanted to go out to the local shops and buy food. By the time we got to the first shop he had admitted that maybe snow wasn't terrible; on the way home he was cheerily crunching his way on the snow and saying it was fun. However, none of us has gone out today, and we have had a lovely restful weekend again. I have read 2.5 books and should probably wrap presents before the weekend is completely gone.

I'm at work Monday-Thursday this coming week, but feeling very ready for Christmas. We aren't too booked up, so I hope for a nice restful break.

• C
• Lua

Ten Years of A.T.P. was, predictably, brilliant last weekend.
Unfortunately I didn't see all the bands I had wanted to due to feeling crappy on Friday night and two drinks-related mishaps on Saturday and Sunday.

The festival kicked off for us with a decidedly mediocre J. Mascis and The Fog who were suffering from terrible sound and mundane music with a distinct lack of melody. We gave them a few songs before leaving. My head was absolutely bursting so we missed the Yeah Yeah Yeahs in favour of a bath, painkillers and bed. I had been looking forward to them but was not as gutted as I would have been had we not seen them at a previous A.T.P..

Saturday's brilliance kicked off with the always brilliant Shellac giving their all and delighting the assembled masses with their unhinged lo-fi approach and fun crowd interactions (a Q&A session).
Next up, in the Pavillion were Battles whose performance of Atlas had me out of my wheelchair and bouncing about like a mad thing, and was the musical highlight of my year. We were treated to some new material as well as all the best tracks from Mirrored with great energy. The sound quality was excellent, and although I preferred seeing them in a small club to a huge marquee, the atmosphere was electric.
After that I was done and headed back to the chalet for a nap while Mike caught some more bands. I missed Modest Mouse, The Drones and The Breeders as I'd seen them all before and really wanted to catch Sunn O))) at 2am and could see no other way of being awake. Sunn O)))'s guitars caused my drink on the table in front of me to jump into my lap and soak me so I missed them as well.

Sunday was a relatively early start of 1.30pm for Shellac's second set of the weekend which was different enough from the previous day's to please those seeing both but with certain highlights repeated (the mind-blowing "End of Radio" springs to mind). Nothing much to add here as they were, again, flawless, with Todd Traijer taking his snare drum for a wander round the club during the aforementioned "End of Radio".
The Magic Band were anything but so we stepped out for food a few minutes into their set and I went back for a rest while Mike caught Deerhoof.
I managed to drag myself out of bed to see Explosions in the Sky who were a real revelation: filling the Pavillion with beautiful, epic soundscapes and one of the most gorgeous guitar sounds it has been my pleasure to experience.
Next up was Sunn O)))'s second performance of the weekend, in which we discovered we had not missed much the night before. While their sound is remarkable, we decided that, after holding the same note for a good five minutes they were going nowhere and slipped off to catch The Mars Volta who represent my biggest regret of the weekend. Part way through their second song I dropped hot coffee onto my thigh and had to return to the chalet to run it under cold water. I felt too shaken to go back out and we had a very early start on Monday so I crawled into bed while Mike went back out.

All in all an amazing weekend and I just wish my health had permitted me to enjoy more of it. Roll on May.

Recently, I read The Secret Life of Words. I enjoyed it. It wasn't a fantastic book that changed my life, but it was a pleasant enough bimble for the most part.

Henry Hitchings said on a few occasions something along the lines of "it is often said that ABC, whereas in fact XYZ". Either there was an outrageous fluke at play or this was code in every case for "Bill Bryson got this wrong in Mother Tongue".

Bill Bryson seems to get quite a lot of stuff wrong; he's especially good at apocryphal anecdotes. On the other hand, Mother Tongue is a much better read. Henry Hitchings seems to have written a history of England from the perspective of its language more than a book about the language, and in that respect it's no match for The Isles, to pick one example. However, even with all of the historical context, it still in places comes across as one dry list of words after another. I wish he'd told a deeper and more involving story about the sources of a smaller selection of words.

One thing I thought curious was that Hitchings claimed "ohrwurm" is a common loan word from German, without acknowledging that its calque, "earworm" is found much more frequently. Personally, I saw and heard "earworm" off and on for many years before I even knew its Germanic origin.

But all of this is a digression.

There is good news and there is bad.

The bad news is that I have an earworm: the Spice Girls cover of Christmas Wrapping. The good news is that it's actually of them singing West End Girls to the same tune, which is altogether more surreal and gratifying.

... so we made a snow dalek instead.



( More pics )

Last night Charles and I got in the pub as the first flakes of snow were falling. Something over an hour later, Tony arrived, completely white on his front, and clear of snow on his back. Later, I had to go and get emergency nappies from the shop next door and Charles insisted he was coming with me right up until we opened the door and he got a good look at the snow.

By the time we left the pub, the snow was several inches deep and pushing the buggy was nearly impossible. We went on the road where traffic was very light, stepping off the nice packed ice into snow drifts whenever cars came past. Where traffic was too heavy for that, Tony pulled the buggy backwards tipped up on 2 wheels, which was just about manageable. Charles told us we were Doing It Wrong the whole way home.

This morning, Indi shot out the front door when I opened it. Then stopped dead in the snow. Then looked at me holding the door open for him to go back in and nonchalantly walked away with an attitude of "of course I don't need to go back inside, silly human". So I shut the door and faffed with the bins. Moments later he shot past me, scrabbled inelegantly over the snowcovered and icy gate and ran round to the catflap. I popped back inside for something and he was sitting in the corridor, in slightly damp dignity.

http://www.lightbluetouchpaper.org/2009/12/17/relay-attack-featured-on-dutch-tv/

http://www.lightbluetouchpaper.org/?p=1460

Yesterday, the Dutch TV programme “Goudzoekers” featured Saar Drimer and me demonstrating a relay attack against the recently introduced Chip and PIN system in The Netherlands. The video can be found online, in both Windows Media or Silverlight formats as well as Flash below. The production team have published a synopsis (translated version) on their blog, and today there have been some follow-ups in the press, for example De Telegraaf (translated version).

The Dutch card we used in the demonstration had a number of extra security features, compared to UK cards:

• Dynamic data authentication (DDA): Static data authentication (SDA) cards common in the UK, can have their chip cloned and used in offline transactions. DDA resists this vulnerability, at the cost of making cards slightly more expensive.
• Encrypted PIN: With UK cards, the PIN entered by the customer is unencrypted as it is sent to the card, leaving it open to being eavesdropped by a tampered terminal. The encrypted PIN feature prevents some types of terminal tampering attacks.
• iCVV: Until recently, UK cards contained a full copy of the magnetic strip on the chip, which meant that someone eavesdropping on communications could create a cloned magnetic strip card. The Dutch card contained some of the magnetic strip details on the chip, but not all of it (a feature known as iCVV).

However, despite these enhancements the relay attack still works, just as it did in our previous demonstration for BBC Watchdog in 2007. This demonstrates that one of the common misconceptions about the relay attack — that DDA cards will prevent it — is not true. The only feasible defence is distance bounding, which we described in our academic paper, but which no smart cards currently support. The relay attack also does not depend on magnetic strip transactions still being supported, nor does encrypted PIN prevent the attack.

For these reasons we were fairly confident that we could perform the demonstration, and left for The Netherlands last week with our equipment in tow. However, things did not go as smoothly as we hoped because the terminal behaved slightly differently to the UK ones we experimented with, and some of our hardware also developed problems during the testing process. The hardest to fix was that the terminal was very sensitive to latency introduced by interference on the wireless link. We couldn’t get our demonstration working by the end of the first day, but thought we could resolve the problem in software, and the production team decided to go ahead with the filming as planned the following day, and hope that our fix worked.

One change we were considering making was to allow the “criminal” using the fake card to enter in the wrong PIN. This would avoid the inconvenience of having to send the PIN entered by the “victim” to the earpiece. It is possible to do this because the genuine terminal sends the PIN to the card, not to the bank, so the fake terminal can just substitute in the correct PIN as entered by the victim. We implemented this, but only for unencrypted PIN, because we didn’t realise encrypted PIN was in use (the UK is still considering it). Implementing it for encrypted PIN is more complicated, because it requires replacing the incorrect PIN with the correct one encrypted to the card’s public key which we capture (along with the random challenge) during the beginning of the transaction.

In the end we decided not to do this, because the other problems had meant we spent the whole day trying to debug the problems we encountered, and had to spend the evening designing the work-around for the timing issue. Having been awake since 5am, by the time we were finished the the fixes, we didn’t feel confident enough to correctly deal with the subtleties of proprietary RSA padding modes necessary to perform encrypted PIN. We were also conscious of the fact that if we got it wrong three times in a row, we’d lock the only card we had available for testing.

Fortunately, the work-around for the timing issue fixed the problem, so we could go along with the filming, but we still had to send the PIN via the earpiece. This might have been one of the reasons that the Dutch Banking Association (NVB) said the attack was “complex and cumbersome”, in their press release (translated version). It should be noted however that criminals who aren’t working on such a tight schedule could take the time to implement the PIN-substitution feature for Dutch cards too, making the attack more feasible.

Update: (2009-12-19): Jeremy Kirk from IDG News Service has published an article “Upgraded Dutch Payment Card Still Vulnerable to Relay Attack” related to our demonstration.