Aractus

Blog of Daniel Baxter, now secure! :)

Free SSL from Let's Encrypt!

Archive for May, 2017

Atheists often deny they have a specific world-view. I would contend that any strongly held world-view is prone to fundamentalist style beliefs. Whether it’s in history, science, religion, paranormal, health, or society. One prominent feature of fundamentalists is that they evaluate information under their own set of rules that are in conflict with best practise methods. I’m not trying to insult people by using the term fundamentalism, I just think it’s important we recognise dogmatic views for what they are. I’m also not an anti-religious atheist, I believe people should be free to practise their religions, but obviously not to impose their beliefs on others.

Defining fundamentalism

Fundamentalism is sometimes easy to identify, but difficult to define. Believing in creationism over evolution, and denying the holocaust are two prominent examples of fundamentalist beliefs. But I suspect that most of us have some fundamentalist beliefs, just not as obvious as those. Holocaust denial is very well supported (believe it or not) in the Islamic world – they have thousands of scholars who put forward this view. I was actually shocked to learn that, and I do think it raises legitimate questions over how much we can trust historians in general to determine facts about the past in an unbiased way. Although I would strongly caution my readers to believe a systemic problem amongst Islamic scholars in the Middle East would affect scholars in the Western world.

The key characteristic of any fundamentalist belief is that it is based on rules or knowledge that are not set or agreed upon by the experts in the relevant fields of study, and when confronted with this the belief is generally not affected. It’s a closed system that is not interested in information provided by the outside world. It’s often based on people’s instincts or on flawed logic. I can even give an example, I met a very nice and intelligent gentleman a while ago with a very fundamentalist belief that we are over-educating the population. I cited facts and evidence, and his response was “well my instincts disagree”. His belief is almost certainly tied to a strongly-held world view, and he’s not interested in what the evidence says.

The definition that I put forward therefore is one where there is a strongly held belief system tied to some kind of world-view that is resistant to change even when presented with overwhelming evidence that disproves the belief.

Denialism

Fundamentalist beliefs can be associated with denialist beliefs. A denialist belief is usually associated with an opposite fundamentalist belief – denying the theory of Evolution or science altogether in favour of creationism. Denying the validity of psychiatry as a science in favour of fundamentalist Scientologist beliefs. Denying the holocaust in favour of fringe outlier theories. Denying that HIV causes AIDS in favour of a fringe outlier theory. Denialism is most commonly associated with history and with science. With both fundamentalism and denialism, people will often not make use of the set of methods developed by the experts to test their theory, and instead use their own methods. Because of this, the historical data or the scientific data does not end up affecting fundamentalist and denialist beliefs.

Honourable example

I’ll start with an example well supported in the literature, which does not have any religious ties. I’m talking of course about the chiropractic theory of disease. This “theory” of disease puts forward the view that misalignments of the vertebra is the cause of all human ailments. It totally rejects germ theory and the associated modern biomedical theories of disease. This is called a fundamentalist belief in the peer review literature. Now it is true that many chiropractors have a “soft” view of the chiropractic theory of disease, where they believe that misaligned vertebra are one of many causes of disease along with bacteria, viruses, and other causes. That’s less denialist, but it’s still fundamentalist as every other modern practitioner rejects the chiropractic theory of disease. I should point out that believe it or not, there are even chiropractors that call themselves chiropractors but don’t believe the chiropractic theory of disease at all! I think that’s hugely unethical and is akin to psychics that know they aren’t psychic (which is all of them) but tell you they are anyway.

Now, does this mean that everyone that goes to a chiropractor is stupid? Well no, so long as they’re not using chiropractic medicine to replace best practise medicine, it’s not going to do any harm and you might get a placebo effect. Although I should say that I have an ethical problem with parents that gets this kind of treatment for a child.

Why is mythicism a fundamentalist belief?

Mythicism, the theory that Jesus didn’t exist as a historical person, is unquestionably a fundamentalist belief. It’s tied to the denialist view that historians are not competent in their assessments of history. Now this is a denialist view that I used to have as a Christian, and that view softened over time, and as atheist I now have the utmost respect for historians as professionals. They are no longer a threat to my world-view – but if your world-view is that Jesus did not exist as a historical person, then it is tied to a denialist view of associated academic professions. “Part of the problem may be an insufficient acquaintance with how historians work with the limited data available” (Larry Hurtado, 2012) … perhaps Larry, and that might be true of some mythicists, however for fundamentalists the historical data does not end up affecting their belief.

Let’s quickly remind ourselves of a few characteristics of fundamentalist and denialist beliefs. 1. They are internally logical when you’re in that bubble. 2. They are often socially constructed and linked to in-group beliefs. 3. Often linked to strongly held world-views including religious or political views. 4. They do not make use of set of methods that experts use to test their theories and determine truth. 5. There may be cognitive dissonance and epistemological leaps involved to reconcile facts about reality to fit within a person’s world-view. 6. Often based on instinct or logic. 7. There can be an overestimation or an underestimation of the quality and level of evidence that exists to support or disprove their belief. Put together this gives us a picture of why perfectly intelligent  people can believe seemingly irrational things.

Mythicism meets most of the criteria set in the previous paragraph. Most notably, mythicists refuse to use the set of tools that historians would ordinarily use to determine historicity of an ancient person or event – and this is true even of Richard Carrier which we will get to shortly. It also ignores the overwhelming academic consensus – just as there is scientific consensus that HIV is the cause of AIDS (despite the persistent outliers), there is academic consensus that Jesus was a historical person amongst scholars of the ancient world. And finally, they refuse to present credible evidence for their theory, and insist that the evidence used by historians isn’t valid.

Mythicists can be every bit as dogmatic as fundamentalist Christians, knowing with absolute certainty that they are “right”. They decide what they want to believe, and then ignore everything that disagrees with their belief, and chastise everyone who believes differently. That makes them fundamentalists.

Who are the mythicists scholars?

Mythicism is such an extreme example of a fundamentalist belief that it doesn’t enjoy the support of even a few hundred scholars: it enjoys the “support” (if you can call it that) of only about six, and that’s stretching it. Three of the mythicist scholars are Christians! Mythicists often mistakenly put forward the view that mythicist scholars are atheists as justification for their view, well I’ve got news for you guys: Thomas L Brodie and Thomas L Thompson are Roman Catholic theologians, scholars, and mythicists! What on earth are you guys going to say next – that I’m dishonest and made this up? No – read their bios, they both identify themselves as Christians, and Brodie is a priest. Tom Harpur who passed away this year was an ordained Anglican priest, journalist, theologian and scholar. He’s no longer living, so the third scholar I’m counting is of course Robert M Price.

Brodie is a well qualified and respected New Testament scholar. However, he has held his mythicist belief since before he studied to be a theologian and scholar. He puts forward the view that the gospels are patched together from existing Old Testament stories to create a new narrative, and his evidence are parallels that he identifies from the Old Testament. The methods that he used have been highly criticised by his peers including other mythicists as being wrong. Which isn’t surprising since those are the methods that convinced him before he studied to be a scholar, and goes right to the very hart of fundamentalism: that fundamentalists insist upon using their own questionable methods. He also flat-out denies all historical evidence for Jesus outside of the New Testament, and denies there was an oral tradition before the gospels. He believes Acts of the Apostles is a literary creation as well. His peers have pointed out that he lacks evidence to support his theory, and after 40 years you would think he could have come up with some decent evidence if it existed.

The late Tom Harpur put forward the view that the gospels were patched together from ancient pagan mythologies. I know, this is a direct contradiction of Brodie’s theory – contradicting each other’s theories is actually a common trait amongst mythicist scholars! Harpur was a fully qualified New Testament scholar, also well qualified in classics, and yes he held a teaching position. Harper claimed that the second or third century church forged all the scriptures, and then covered up all the evidence. The methods used in his investigation have been highly criticised by his peers. And like most other mythicists, other mythicists criticised his theory as well. Also, Egyptologists rejected his assertions that parts of the gospels were based on Egyptian etymology.

Thompson is a Old Testament scholar, and puts forward the view that Jesus is so enriched in mythology that he can’t be shown to have existed, at least not from the canonical gospels. Ehrman has criticised him for lacking expertise in New Testament studies. Thompson has not put forward a case regarding the remaining evidence outside of the gospels, which include the letters of Paul, Acts of the Apostles, the other New Testament writings, Annals by Tacitus, and Antiquities of the Jews by Josephus. Furthermore he denies that he believes Jesus not to have existed, his belief is what some people call “soft mythicism”.

The late Dorothy Milne Murdock was a questionably qualified classicist who put forward the view that Jesus and the gospels were based on Roman, Greek, Egyptian, and other mythologies. Her website is still up if you wish to check. Her methods have been highly criticised by her peers, including Robert Price and Richard Carrier (two fellow mythicists). Ehrman found numerous factual errors and assertions made in her book and said “Mythicists of this ilk should not be surprised that their views are not taken seriously by real scholars, mentioned by experts in the field, or even read by them.” (Ehrman, 2012). She was also a conspiracy theorist. I say she was questionably qualified because while she had a bachelors degree in classics, she did not work as a professional historian or hold a teaching position. I only use her as an example of the questionably qualified “scholars”, I’m not going into greater detail of others such as Earl Doherty, as I don’t think they should be counted when discussing the number of active mythicist scholars.

The late George Albert Wells who died in January of this year was a professor of German and not a bible scholar. Wells has certainly been the single most influential mythicist of our generation, having written several books putting forward his position that Jesus did not exist. He is also the only mythicist worth taking seriously, given that he accrued support from other mythicist scholars. Wells was not a New Testament scholar, and (as is becoming the overarching theme) his peers criticised the methods that he used to obtain his conclusions. But in the 1990’s he rightly became convinced of the Q document hypothesis, and from then until the day he died he believed Jesus to be a historical person shifting to a being a “soft mythicist”. He changed his view when new information was brought to light that disproved his theory, which is what any good investigator should do.

Robert M Price describes himself as a Christian atheist. He’s a New Testament scholar, a former Baptist minister, a professor of textual criticism, and a theologian – he’s very well qualified. He is agnostic on the historicity of Jesus, claiming that the evidence is insufficient. A claim as already pointed out, rejected by all non-mythicist scholars of antiquity. Furthermore he rejects the authenticity of the Pauline epistles and is agnostic on the historicity of Paul of Tarsus, which even other mythicists like Carrier think is absurd. In arriving at his position Price either refuses to use or ignores whole methods commonly used in ancient studies. Price’s view that the “evidence is insufficient” is the one most often put forward by atheists who think that Jesus was not a real historical figure, despite the fact that he lacks the support of other mythicist scholars, and despite the fact mythicists usually go way further than his agnosticism when attempting to prosecute their fundamentalist argument.

Hector Avalos is “agnostic” on the historicity of Jesus. He’s a New Testament scholar, former Pentecostal preacher, and currently a professor of religious studies. Going on that article he wrote, he doesn’t seem to believe in textual criticism which is a textbook fundamentalist trait!! Textual criticism is how we know which books Paul really wrote, and whether or not there have been edits, such as 2 Corinthians which is believed to be a composite of Pauline letters rather than a single letter. His views are actually very similar to Robert Price, and like Price he says he’s agnostic on the historicity of Jesus. Which is surprising since in his actually published academic books he doesn’t challenge the historicity of Jesus. Unlike Price, he’s never denied that Paul of Tarsus was a historical first-century Apostle who wrote several letters including Romans, Corinthians, and Galatians. Unlike Price he’s quite anti-religious.

Finally, there is Richard Carrier and Raphael Lataster. I know I said I wouldn’t discuss any further questionably qualified scholars, but given that Carrier is by far the loudest mythicist on the planet we can’t leave him out. Lataster is currently a PhD candidate and does hold a teaching position at the University of Sydney, making him somewhat qualified. Carrier is qualified in ancient history and classics, he’s an atheist, a Taoist, and has never held a teaching position. All Lataster’s books including the one he co-wrote with Carrier are self-published, and Carrier’s books are published with populist non-academic publishers a fact that has been widely pointed out by his critics. So I really don’t want to give the impression that they’re qualified on this – because they aren’t – but nevertheless Carrier is cited more than any other mythicist scholar by atheists who are on the mythicist bandwagon. I really don’t know why people take him seriously.

Anyway, I do want to be very specific here. Carrier uses something called the Bayes’ theorem to test the hypothesis that Jesus was historical, and then claims that it proves that the historicity of Jesus is improbable. No other historian of the ancient world uses the Bayes’ theorem, and every scholar who has bothered to comment on it has said the same thing: it’s not the right tool to test the historicity of ancient people! Let me repeat it, the Bayes’ theorem is not a valid historical method to test questions pertaining to historical people or events. Carrier also emphatically rejects the contemporary methods use by historians! Carrier has shown no interest in studying the mythicist theories put forward by others claiming that all other mythicist theories are wrong (source), and his theory has been strongly criticised by other mythicists who state that his “methods are terrible” (source). As pointed out in that link, not even considering the evidence and opinions put forward by others would be akin to a biologist coming up with his own theory of Evolution, all the while refusing to read or even acknowledge the work by Darwin and Mendel. Many of the “facts” he cites in support of his theory have been shown to be wrong, or based on a reading of ancient literature that is rejected by his peers in ancient history and classics.

So there you have it. All the major mythicists scholars. I would question whether we should count Avalos and Lataster in particular, so really there are just three or four qualified mythicist scholars depending on whether we count Carrier or not. As pointed out by Ehrman below, they are not seen as credible by the “real scholars”. It’s important to note that not all mythicist scholars are fundamentalists, although Carrier definitely is. And that Price, Brodie, and Thompson are all respected scholars. The mythicist argument commonly seen across the internet is purely a denialist and fundamentalist one: they won’t look at evidence, they aren’t interested in what the experts say, and they don’t care what are the right methods to use to solve these questions. Sure you can come up with a new method to assess evidence, and professionals do that, but what they don’t do is come up with a new method and simultaneously claim that all existing historical methods are wrong and that only their way of thinking can be trusted.

Are we done? I think we’re done.


Final word

Credits to Bart Ehrman, Larry Hurtado, and Michael Shermer, I used quite a lot of their original thoughts when researching this topic, as well as a lot of my own. This post took an unbelievable amount of time and research to write what is essentially on a topic not even worth discussing. I have undoubtedly made some errors in this post, so please fact check it for me and let me know if you notice anything that needs improvement.

And on that note I’ll quote Ehrman:

Transcript:

Q. “I can’t see evidence archaeology or history for historicity”.

A. “Yeah, well I do. That’s why I wrote the book. There is a lot of evidence. There is so much evidence that – I know in the crowds you all run with it’s commonly thought that Jesus did not exist. Let me tell you once you get outside of your conclave there is nobody who – this is not even an issue for scholars of antiquity. It is not an issue. There is no scholar in any College, or University, in the Western World who teaches classics, ancient history, new testament, early Christianity, any related field who doubts that Jesus existed.

“Now, that is not evidence. That is not evidence. Just because everybody thinks so doesn’t make it evidence. But if you want to know about the theory of evolution versus the theory of creationism and every scholar in every reputable institution in the world thinks & believes in evolution, it may not be evidence but if you have a different opinion you better have a pretty good piece of evidence yourself.

“The reason for thinking that Jesus existed is because he is abundantly attested in early sources. That’s why. And I give the details in my book. Early and independent sources indicate certainly that Jesus existed. One author that we know about knew Jesus’s brother, and knew Jesus’s closest disciple Peter. He’s an eyewitness to both Jesus’s closest disciple and his brother.

“So, I’m sorry, I respect your disbelief but if you want to go where the evidence goes I think that atheists have done themselves a disservice by jumping on the bandwagon of mythicism because frankly it makes you look foolish to the outside world. If that’s what you’re going to believe you just look foolish. You are much better off going with historical evidence and arguing historically rather than coming up with the theory that Jesus didn’t exist.” – Bart Ehrman.


“The mythicist position is not seen as intellectually credible in my field (I’m using euphemisms here; you should see what most of my friends *actually* say about it….) – no one that I know personally (I know a *lot* of scholars of New Testament, early Christianity, and so on) takes it at *all* seriously as a viable historical perspective (this includes not just Christians but also Jews, agnostics, atheists – you name it), and my colleagues sometimes tell me that I’m simply providing the mythicists with precisely the credibility they’re looking for even by engaging them. It’s a good point, and I take it seriously.

“In that connection I should say that I can understand how someone who hasn’t spent years being trained in the history of early Christianity might have difficulty distinguishing between serious scholarship that is accepted by experts as being plausible (even when judged wrong) and the writings of others that, well, is not. But experts obviously don’t have that problem, and the mythicists simply are not seen as credible. They don’t like that, and they don’t like it when it someone points it out, but there it is.

“The other reason for staying out of the fray is that some of the mythicists are simply unpleasant human beings – mean-spirited, arrogant, ungenerous, and vicious. I just don’t enjoy having a back and forth with someone who wants to rip out my jugular. So, well, I don’t. (They also seem — to a person – to have endless time and boundless energy to argue point after point after point after point after point. I, alas, do not.)”Bart Ehrman.

What you weren’t told about WannaCry

I pride myself on providing you, the humble visitor, with good information. Not always perfect because, well, I’m not a security expert. You can think of this post as an afterthought if you like to my previous post, what I am aiming to do here is complete the picture.

Is Microsoft to blame?

The US Government and their spy agency the NSA are the main guilty parties in this instance. The ShadowBrokers who hacked the NSA and then publicly released the weaponised exploit are also to blame. And yes, Microsoft absolutely shares some of the culpability. Here is the thing you haven’t been told anywhere on the internet… some systems don’t update even when configured to do so. You want evidence? Here are screenshots I took earlier this week on a friend’s PC:

update-1

update-2

When I manually checked for updates it just spent hours on this screen:

update-3

And no, that system is not patched. I was unable to fix the problem. WHAT THE FUCK MICROSOFT?! My solution for that system will be to re-install Windows. Nothing worked – and I did try. This page contains most of the fixes I tried. The owner of that PC had no idea the system wasn’t up to date. How many other Windows installations have this same problem?

And probably the most misreported fact on the internet “windows doesn’t support XP anymore”… WRONG! They do. They only provide support to those who pay for it though, and according to some the latest pricing for this privilege is about USD 1000 per year per desktop Windows XP installation. For the ordinary home user, you can still get Windows XP updates until 2019, and possibly longer. To achieve this you simply tweak a registry setting that tells Microsoft that it’s an Embedded system. XP was embedded into all kinds of hardware that is impossible to upgrade – speciality hospital equipment like MRI scanners, ATMs, etc. And they still receive security updates to this day.

People were surprised when Windows released a patch for this vulnerability for Windows XP. But they shouldn’t be – the patch would have been rolled out for XP Embedded at the same time as Windows 7/8/8.1. The only difference is that they waited until after the worm appeared before pushing the patch to non-embedded XP systems.

Why was there a kill switch?

The original version of WannaCry attempted to connect to iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com and then terminated if successful. Other variants then emerged with hex edited domains, or with that section hex-edited out entirely. But why was it there? It could just be a bit of unfinished code. It might be intended as an anti-detection measure, but it’s been pointed out that it doesn’t just do a DNS lookup it expects to create a TCP connection to the domain too. If there’s no TCP connection then WannaCry will execute the payload anyway. It could just be the hacker’s way of “having fun” with their malware – let people think it’s stopped and then push out the variants. Who knows?

How much has been paid out in ransom?

Not very much. So far over 200,000 people have been infected, and only 292 (or less?) have paid the ransom. That’s 0.1%. The three wallets are: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw, 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94, and 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn. About $109,000 or USD 81,000 has been paid in total so far. At 292 people though that averages at significantly less than USD 300 per ransom – going by the actual dollar figure only 270 people or less have paid up at the time of writing.

Is it a State actor?

Possibly. You will have heard that North Korea has been identified as a possible culprit. The problem though is that any competent hacker can make their code look like it came from North Korea, China, Russia, the USA, whomever they want.

So what’s their motivation?

You might think that the crypto-ransomware developers are simply highly motivated to be paid hefty ransoms. Well, most professionals don’t believe that to be a huge motivation. Just look at the program for a start: it encrypts types of documents that are important and valuable to their owners. They could steal sensitive documents actually if they had wanted to, but they didn’t. So you heard about the NHS in the UK having patient information encrypted – that’s a huge problem for them – but can you imagine how much worse it would have been if the malware developers had stolen millions of confidential medical files, and then ran a real extortion racket like was run against Ashley Madison?

Then, they provide you with all the information you’ll need to get your files back, assuming you pay up. They give detailed instructions on how to use Bitcoin, they helpfully put the decryption program everywhere on your system so you can always find it, and they give you a wall-paper in case your antivirus removes the decryption program. And the program is translated into 28 languages as well to ensure that you can read it:

wana-decrypt0r-2

Their set-up is not particularly well designed to receive payments, which is why they’ve received so little. Plus they have to manually verify payments on their end because they didn’t put in an automated system (ie unique bitcoin identifiers) to make it easy for them to verify. And it’s not exactly going to be easy for them to get their bitcoins. But here’s the thing, malware has been around for a very long time before the concept of ransomware. So they are unlikely to care much about actually getting paid, in fact they tell you explicitly if you’re so poor you can’t afford the ransom there will be a chance to get your in six months.

Whatever their motivations are, it’s not money. At least not primarily. It’s been pointed out that leaked NSA cyberweapons have been used to turn computers into large botnets to mine bitcoins, and that was far more lucrative strategy for cybercriminals than this method. But what we can say is that they have put a lot of effort into their program – they want to get their name out, I don’t think they care whether people pay the ransom or not, they will probably give out the master key after a few months.

Did people click malicious links in emails?

This is the most misreported aspect of WannaCry. It is able to spread itself directly though the internet to any vulnerable computer that it finds. We don’t know how the NHS in the UK got infected, but it is possible that the worm spread across the internet by connecting to just one vulnerable PC or internet server across port 445, and then once it got on the network it can infect all the vulnerable PCs it finds on the ethernet. And that’s actually a larger problem for organisations than it is for home users, because it will be trying to connect through your IP address which is assigned to your router, but organisations often assign public IPs to computers. And they have to for servers. So yeah, we don’t know, but we do know that the this crypto-malware spreads directly across the internet without people needing to click any links if their system is vulnerable. That’s how bad this exploit is! Again though, if you’re behind a home router you’re probably safe.

Is it really the worst ransomware attack yet?

Yes. I chose my words carefully, it’s not necessarily the worst cyber attack, but it is the worst ransomware attack. What has made it so bad is that people on vulnerable networks do not have to click any links, as the malware spreads laterally as a worm. If you have this on your computer it will eventually try connecting directly to every single public IP in the internet – starting at 0.0.0.0 and ending at 255.255.255.255. Obviously that’s a simplified explanation, it randomises its IP selection, but yes every computer with the worm – all 200-300,000 of them – will eventually try to connect to every single IP on the internet. And it wouldn’t take that long either, as there’s only 4 billion IPs to try.

So it’s not an understatement at all to put the blame squarely on the US Government/NSA. And this is just the beginning – the ShadowBrokers (the hackers that hacked the NSA and released their cyber weapons) said they have yet more cyber weapons to release.

World’s worst ransomware attack yet

The recent WannaCry ransomware attack has been described as being the worst attack yet. The cybercriminals who created it have quickly become the world’s most wanted cyber criminals… but let’s talk about who’s responsible here, because the cyber criminals were armed whether intentionally or not by the NSA.

fbi-most-wanted-hannibal

By the way, I have been working on a little project that is nearing completion, here’s a little preview of it that I made very quickly using Microsoft GIF Animator:

ubobanpreview

I highly recommend installing uBlock Origin, that will provide you with some protection again an infection through malvertising.

The NSA developed an arsenal of cyber weapons. One of these weaponisd exploits is called EternalBlue. The NSA’s entire arsenal of cyber weapons was both leaked and sold to third parties, including to hacking groups. Recently, a different arsenal of cyberweapons developed separately by the CIA was leaked to Wikileaks (known as Vault 7) who proceeded with responsible disclosure. Responsible disclosure means giving broad information to the public, while giving specific information to affected software and hardware vendors so that vulnerabilities can be patched, and then later full disclosure. In the case of the NSA’s arsenal of cyber weapons, it fell into the hands of a hacking group called The Shadow Brokers, and they do not believe in responsible disclosure so they promptly dumped the cyber weapons directly into the hands of the masses. The Shadow Brokers claim they hacked the NSA and stole the weapons, but however they came to obtain them is irrelevant.

The reason this is the worst ever malware attack is that it has crippled critical infrastructure. This is what every security expert has been worried about. It leverages EternalBlue (and EsteemAudit for older OS’s) to spread across computing networks. How ordinary users becomes infected though has not yet come to light, but I suspect Malvertising may be one culprit.

wana-decrypt0r

Ransomware works by encrypting your data using RSA encryption. What you need to know about RSA is that it’s the same principle behind SSL/TLS internet security. It is an asymmetric encryption – there are two keys, let’s call them Key A and Key B. If data is encrypted with Key A, then it can only be decrypted with Key B. If it’s encrypted with Key B, it can only be decrypted with Key A. Ransomware generally generates a unique key pair for each and every infection, and it can be remotely generated on a server far away. What that means is that an infected user has no way of obtaining their decryption key – it can’t be brute-forced, it can’t be extracted from the program, the only way to get it is from the cybercriminals who have it.

If you’re infected- should you pay up? Well, if your data is worth more to you than $400 – yes you should. Some reports have suggested you have no guarantee or receiving a decryption key… well that’s true, but generally speaking operators of ransomware do provide the decryption keys when payments are made. The situation where that might not be true is if you manage to get infected with an older malware by a group that’s no longer active, then I would agree you would be chancing it if you pay up.

So who should foot the bill for this? I believe the US government should be held to account, and made to pay out the ransoms. They’re the assholes that developed this cyberweapon. This is exactly the reason why the security industry hates the so-called intelligence industry. The correct thing to do when you find a security vulnerability is to do exactly what Wikileaks did with Vault 7: engage in responsible disclosure so that the vulnerabilities can be patched. Think about it this way, the NSA is a foreign intelligence agency that we would classify the same way as any other cyber criminal organisation. If they develop a weapon, then you can bet that someone else – whether in China, in Russia, in India, or elsewhere has also developed it. And even if they haven’t, as we’ve seen time and time again these inevitably get leaked/stolen.

And WannaCry has crippled critical infrastructure – that’s one of the worst possible outcomes of a cyber attack. Hospitals, schools, and telecommunications were taken out with this purely as a side-effect of its original intention. Had the cyber criminals wanted to though they could have specifically launched a far more vicious attack specifically aimed to take out critical infrastructure, and if that was done there could have been thousands of deaths as a consequence: rioting could have happened in cities across the world if power grids were taken off-line for example.

You may have heard that a security researcher that calls himself MalwareTech “accidentally” stopped WannaCry from spreading further. Well, that’s a half-truth. He did a write up on his blog about it actually. In a nutshell, the malware checks for the existence of a “random” domain that doesn’t exit. If an IP address is returned then it assumes it’s being run in a sandbox and shuts down its operations – this is a tactic it uses to try and evade malware detection by anti-malware software executing the program in a sandbox. It effectively is a kill-switch, but not intentionally so. But to say that it was accidental is not true, as stated clearly on the blog it’s standard practise to register domains found within malware as it gives researchers a way to track malware as much as anything else.

Alien: Covenant review (spoiler free)

Alien (1979) is a seminal film. It is one of the rare horror films of its time to be made by a film director who was later welcome to produce films outside of the horror genre. This can not be understated – working in the horror genre at that time was literally the kiss of death for your career as an actor, or as a director. The prejudice against the horror genre permeated so deeply that many great movie ideas were simply never made. And many great directors like the late Wes Craven were never welcome to make movies outside of the horror genre. The late David Hess talked about the prejudice against him for playing villains in horror films. So making Alien was a huge risk for Ridley Scott’s career and for Sigorney Weaver and the rest of the cast.

Now you might think that’s where the story ends – no. We move to Aliens, and I can’t say why, but Aliens is a pure action film with no horror elements to it. Some people use the word “thriller”, but I think thriller can be split into two genres – there are action thrillers, which is what Aliens is, and there are drama thrillers which is what Silence of the Lambs, and Alien 3 are for example. So with Aliens we had a director that basically didn’t take chances. He didn’t want to advance the story, he just wanted to make a generic action based story in the Alien universe. Aliens works very well as an action film, and is actually quite a fine sequel.

Alien 3 brought the series back to its drama-thriller roots. It’s a good film, but it failed to live up to quality of the original. And many people were expecting another action film to follow Aliens, and didn’t want the film back in the horror genre. But it did have a strong cast, and a coherent story.  Alien Resurrection is a generic action film with few redeeming qualities. Disappointingly, Resurrection tries to re-make specific scenes from the first two Alien films with varying degrees of success. Winona Ryder as Resurrection’s android Annalee Call was bland, unconvincing, and uninteresting.

Finally we came to Prometheus. Prometheus restructured the narrative of the Alien universe. It brought the revelation that life on Earth was created by Engineers. Many critics scoffed at this, which I think is a mistake because these films are science fiction and need to have room to define their own rules. Many also didn’t like its unanswered questions, but I think those were fine. Prometheus brought the series full circle back to its roots. It’s true roots that is – including the exploration of unknown outer space. The film is not perfect and could have been improved by showing a bit more constraint and spreading the narrative elements so it unfolds more organically. Guy Pearce was completely miscast as Peter Weyland, and the make-up was unconvincing. However Michael Fassbender is absolutely amazing as the film’s android David, and Noomi Rapace was a very strong lead.

Alien: Covenant was fucking great! I am struggling to find some negative points to make about this film. The only negative I can say is it’s a bit formulaic, but I won’t hold that against it as it’s easier to see that in retrospect. Michael Fassbender is amazing, this time playing two androids – the original David, and Walter. Some incorrect reports have said they’re the same model, that’s not true – Walter is a newer model but looks the same. The very real problem in AI development of how do we realistically implement safeguards into AI so that we remain in control has not been solved to this day. This is the same premise behind Terminator, and the Matrix, and of course the original Alien where Ash was willing to obey orders above the safety, welfare, or interests of the crew. Remember though, even though Walter and David are very different, they are not as advanced as Ash – and Ash was happy to follow his orders and let the entire crew die to the Xenomorph.

This movie stayed on track from the first act to the final scene. It didn’t deviate or present unnecessary hyperbole to advance the plot and get its point across. It does still rely on people making stupid decisions though. David’s evolution from the curious android in Prometheus who distrusts humans to his new home where he has used the Engineers to continue his agenda progresses his character flawlessly. Walter rightly does not trust David, but perhaps perplexity he fails to alert his crew to his suspicions – he is after all only synthetic. The interesting reverence David has for Elizabeth is also worth an honourable mention, he holds nothing but love and admiration for her and it’s very clear why this is so, yet it’s a selfish love that he holds and he does not reciprocate it. I only wish that these nuances could have been teased out a bit further. Great films leaves you wanting a bit more in places, and these cognitive limitations that androids in the Alien universe are fascinating, and attest to the film’s ability to draw us into its world so deeply we want to find out more!

The film was not afraid to continue developing the new ideas presented in Prometheus. It would have been a great shame to see these ideas abandoned in favour of only pursuing the original Xenomorph and face-hugger. Even though there were some issues with Prometheus, expanding the Alien universe to include the Engineers and goo was genius. A very well made film and a fine addition to the Alien filmography.

5 Stars

Trump and Turnbull

Watch this:


Video: White House

I love this video. This video sums up everything that’s wrong with Turnbull. Here he is sitting across from one of the most ridiculous first-world State leaders in our generation, and he’s listening to him spew his bullshit. To bring my international readers up-to-speed, Turnbull is well educated, highly intelligent, and knows a lot about history. All the things Trump knows nothing about.

The expression on his face says everything. It says “I can’t believe I have to sit here and listen to this man’s bullshit… I’ll just smile and nod”. You can see he just wants to shake his head, roll his eyes and walk out. Grow some fucking balls Turnbull. The only reason that people aren’t going to lampoon you for being as blissfully uninformed as Trump is because we know you’re smarter than that – why not fucking tell Trump to his face when he spews out bullshit?

Trump: “We’ve been allies for 99 years”

Turnbull: “Yep”

Trump: “Can you imagine that? 99 years”

What the fuck Turnbull? Perhaps he was stunned by Trump’s blatant stupidity? We’ve been formal allies, counting the ANZUS Treaty as the start, for 65 years. And it’s an archaic outdated alliance anyway. More Australians have a negative view of the US than have a positive view. Because the US is a fucking inhumane disgrace of a country that practices the death penalty, criminalises prostitution, and has worse gun violence than any other first world country.

Trump: “Right now we have a failing healthcare … you have better healthcare than we do”

Well – maybe. I think it’s funny that people seem to claim to know whether one country’s healthcare system is “better” than another, and it’s really difficult to objectively measure. The World Health Organization last ranked countries in 2000 – that’s 17 years ago. What is true however, is that the US healthcare  system is grossly overpriced – the US spends greater than 18% of GDP on healthcare services, whereas the rest of the industrialised world spends 9-12%. I don’t see how you can possibly implement a universal healthcare system in the US in a single term of government and not expect to see a huge recession. Reducing healthcare spending from 18% to 12% would result in a lot of job losses, and also many doctors, surgeons, and nurses would have to face pay cuts and/or stagnant wages. That’s a reality because governments and insurers pay less for health services than private citizens do – and you can check that fact if you want. It’s similar in Australia with GPs that bulk-bill vs those that charge a consultation fee, except that in the US there are just many more health services. For example if you need heart surgery and you are covered by an insurance policy in the US, then the insurer will pay out a set amount to the hospital for the service. A private citizen however might be charged much more because he’ll be dealing with a surgeon that charges whatever he wants and doesn’t perform surgeries for insurance companies.

The issue in the US isn’t the quality per se of the healthcare, it’s the accessibility for essential health services, affordability, and the fact that people have to rely on insurance policies. The failure of the US health system is that it doesn’t cover everyone, and (prior to Obamacare) insurance companies didn’t have to cover “high risk patients” (those that had pre-existing health conditions), or could charge people with pre-existing health conditions more than people without. Obama of course lied when he claimed premiums wouldn’t go up – you can’t cover all the high-risk patents and expect premiums to stay the same!! Now, don’t get me wrong, the US absolutely should bring in universal healthcare. But it won’t be a purely straightforward process.

Anyway, Turnbull grow some fucking balls and tell the man that his healthcare plan is fucking atrocious.