## Wednesday, 29 February 2012

### Ordinal Numbers and Leap Years

Linda's always been mad about Scotland's rugby squad, and just recently she's been busily accumulating points for badges on their Six Nations website to prove herself a superfan! As you can see from the above graphic, she's notching up some success in the endeavour, having collected 2,000 points and been ranked eleventy second (112nd) overall at that point.

Looks like their web dev could use a refresher on English ordinal numbers? This little exercise in natural language expression always reminds me of today's leap day calculation. It has just enough of an exceptional clause to ensure frequent failures of implementation. For every code monkey who ever forgot that last rule about years divisible by 400, another has forgotten the "teens" exception to the suffix rule,
• 1 takes "st" (so 1st, 21st, 101st, etc),
• 2 takes "nd",
• 3 takes "rd",
• everything else takes "th".
The exception is of course that any number ending in 11, 12 or 13 takes "th", instead of the corresponding suffix for 1, 2 or 3. The close analogy with leap year rules is striking, as its etymology has nothing in common with the scientific basis of the latter (which itself does have direct analogies to things like modular arithmetic, games of Monopoly, and drawing smooth inclined straight lines on a pixel raster).

Update (1st March): Since the time of writing, Linda has climbed to rank 75th nationally with 2,600 points, and been promoted from "National Squad" to "1st Cap". Problem solved!
Update (3rd March): 66th nationally, 3,100 points, promoted to "Starting XV". Girl takes her rugby seriously.
Update (17th March): 57th nationally, 4,700 points, promoted to "Captain". Meanwhile, the team collected yet another wooden spoon today.

## Monday, 27 February 2012

### Everything is a Remix

New York-based film writer, director and editor Kirby Ferguson's brilliant little set of four 10-minute videos, Everything is a Remix, produced over the course of two years, reminds us of the original motivation behind copyright and patent law. Namely, to create a short period of controlled monopoly, allowing inventors and creators to recoup their development costs. And emphatically not to allow those rights holders to continue to profit almost indefinitely from their creations, while preventing others from doing anything similar or related.

Hat tip: Neurobonkers.

## Sunday, 26 February 2012

### Scotland 17-23 France

Match Report

On second thoughts, make that a photo essay. With a final score like that, I don't really feel like talking about it very much.

This year we sprang the extra £25+ to park within Murrayfield. A couple of practice fields behind the West Stand were provided for the purpose, a great improvement on the usual Edinburgh parking experience.

A couple of random supporters. With refreshments.

It all seemed to be going so well at first.

But in the end, this:

Och.

## Tuesday, 21 February 2012

### Help Find Ulf's Murderers

In January Adam Shostack, famous hereabouts for the SDL card game Elevation of Privilege, wrote about the murder of his Zero-Knowledge Systems colleague (pictured right) Ulf MÃ¶ller (link to original Bild.de report, in German).

Yesterday, Adam wrote again about the case, pointing to a website created by Ulf's family containing several good quality surveillance camera photographs of his murderers (pictured below), explaining the background to the case (in English, German, Polish and Lithuanian), and asking everyone to help find the killers, and spread the word:
The two men are described as slim, both about 1.75 m to 1.80 m tall, between 20 and 30 years old. One of them was wearing a dark jacket with a fur-like hood. The surveillance cameras took clear pictures of his face. The other killer was wearing a noticeable light blue quilted Nike-brand jacket.

We are grateful for any help in finding the murderers. Clues can be reported to the German police (Polizeidirektion Sachsen-Anhalt Ost, who are leading the investigation) by calling +49 340 6000 293, by sending e-mail to lfz.pd-ost@polizei.sachsen-anhalt.de, or by visiting any German police station. If you prefer, you can email us directly at mail.ulfm@googlemail.com.

## Friday, 10 February 2012

### How to Steal a Google Wallet

Just Press Reset

This "quite significant security flaw" isn't new, but it is news, having received a bit of a boost in various blogs in recent days - oddly enough, because of the emergence of yesterday's much harder (and so less urgent) brute-force attack on the same PIN. Last December Evangelion01, posting on the xda-developers forum, drew attention to the following weakness in Google Wallet:
1. Go into application settings.
2. Clear data for Google wallet.
3. Open wallet and set it back up.
4. Everything remaining on your Google prepaid card can now be used.

This succeeds because Google Wallet stores your card details not in the phone's file system, but safely on the Secure Element. They are therefore unaffected by resetting the application data. However, your PIN is just stored in a file, so it does get wiped. Next time you run it, Google Wallet looks for the missing data, and concludes that it's being run for the very first time. Since Google Wallet is tied to the device itself, rather than to your Google account, it simply asks you to set a new PIN. All you have to do now is think of a number, and...

Bingo! When it next needs a prepaid card, it will find one already present on the Secure Element, and start using it.

There are a few obvious mitigations. First you have to steal an un-screenlocked phone. And not just any phone: it has to be a Samsung Henstooth, with wallet installed, activated, and using prepaid credit. So in that sense, Google Wallet is no more insecure than any other wallet - a little better in fact. Still, it's quite surprising that such a vulnerability should be allowed to get this far.

Update: they've finally fixed it.