Aractus

Blog of Daniel Baxter, now secure! :)

Free SSL from Let's Encrypt!

RIP John Clarke!

I just heard that political satirist John Clarke has died. RIP you wonderful man!

John was 68 years young.

 

Youtube Adpocalypse: Advertiser speaks out

What started out as an ad boycott by several large corporations and governments, has quickly grown into something else entirely. Full disclosure: I encourage all my readers to install uBlock Origin immediately, if you don’t already have it installed, all all devices. It is a featured extension in Firefox. Adblockers are one of the best defences against internet malware, and works hand-in-hand with antivirus software and other technological safeguards to keep you safe. It’s not worth the risk to you not to be using it.

Now that’s out of the way, have a look at this video:

Interestingly, Dave has actually understated the severity of his channel’s situation! By that I mean that given my interest in the Trump fiasco, his videos typically appear in my recommended videos. Yet today, they were nowhere to be seen.

It has been revealed that in his case, he has an advertiser who specifically chooses his channel because she likes it to advertise on, but Youtube is blocking her ads from appearing on it. If you’re still under the delusion that Google operates under a manta of “do no evil”, hopefully this has broken that illusion for you. Here is a screenshot of the email she sent to Dave:

david-packman-email

Looks to me like Google is purposefully doing this to appease competitors. For all I know, big publishers have paid to have ads removed from these channels. You know, kind of like how Uber pays big sums to drive out taxi operators by subsidising rides. Maybe Trump himself paid to silence the channel? I absolutely abhor anticompetitive behaviour like this. But this goes to show why Youtube is actually a terrible thing for the internet. Do you know, for example, that they apply foreign guidelines (i.e. US guidelines) to determine what is considered “mature content”?

This brings me I think back to the start of all this. Dave, if he so wanted to, could partner directly with advertisers and read out their ads instead. Of course that would be impracticable for his backlog of videos, but it is an option available to him if he wanted to diversify his revenue steam from the beginning. Now I doubt that he could make the same amount of money doing it that way as opposed to letting Youtube run pre/post-roll ads in the video (they’re not going to keep paying for old videos the way youtube advertisers do), but it’s something he could have done in a proportion of his videos… or something he could start doing immediately if he so wanted while there’s a Youtube blackout of ads on his videos. He could do it with the above advertiser instead of simply reading her email to him.

Youtube though is a fundamentally broken content delivery system, and I’m surprised that it hasn’t collapsed under its own weight.

Prison Break is back – review

If the early reviews are to be believed then Prison Break is in trouble, and its return is lacklustre and offensively islamophobic on a 24 scale. Before proceeding do note that some spoilers will be given towards the end of this review, after the two images of Michael’s tombstone.

pbs05

Let’s start with the criticisms of the original run. Yes, much of it was terrible. Most of the show’s charm was in the first series, and quickly descended into chaos from the start of Season 2. Season 4 was not worth watching, frankly. Prison Break is a serialised drama/action show like 24. And like it or hate it (I actually love 24), the genre has its fans and of course those who would prefer to watch a different type of show. So in essence, the show’s viewership base is not found in Neighbours fans, nor is it found in Star Trek fans, nor is it found in Ice Road Trucker’s fans. It’s found within the people who like this specific genre.

Prison Break Season 1 was a great series. Not a “good” series, a great one! What made it great was its bold new style, its ongoing mysteries, Michael’s plan for escape slowly and meticulously unfolding, and a brilliantly executed prison escape. And not just that, but an amazing cast as well – Wentworth Miller went from an unknown actor into stardom.

This is what all other seasons so far have lacked. Season 2 started well, but descended into chaos when it became clear that there wasn’t a path for Michael to follow. And without that the series felt well too drawn out. Not to mention the silliness of bringing back the brother’s dead parents, etc. Series 3 was OK, at least due to the writers strike it was short and snappy weighing in at just 13 episodes. Also, Series 3 had a truly brilliantly executed escape that upstaged the first series’ escape. It was lacking in other ways, but it’s a more re-watchable series than Season 2. Season 4 was an unmitigated disaster. It really had little at all going for it, and listing out all the problems that series had would take up an entire blog post. So let’s jump forward to Season 5.

Season 5 has started well… in fact, very well. I was very pleased to see that in the new title sequence, Miller and Purcell have equal billing. The series begins with a montage of the first 4 series, culminating with Michael’s tombstone mysteriously changing location, and date (as below). Then there is a rather improbable start to the series, such as that Michael has apparently sent dozens of origami  swans all now stuck in the drain right outside Sara’s house (from Yemen?), followed by T-Bag being release after just 7 years following the end of Season 4. That is even more improbable that his unexplained escape from Penitenciaría Federal de Sona at the start of Season 4. I thought escape attempts resulted in an automatic 10 year extension to the prison sentence? I thought that the fact he killed a guard in Fox River State Penitentiary would keep him locked up indefinitely? And since when is he a “model citizen”?

Let’s get to the criticism of the show – offensively islamophobic. Well, no I don’t think so. Jesus, in the first season the only openly gay or bisexual character was a sexual predator – and we’ve since learned that the series star Wentworth Miller is a gay man. He was in the closet at the time, but he did the series despite the negative stereotype of homosexuals that the series perpetuated. I think it’s a great shame that the left always complain about negative stereotypes – yes I will agree that it’s a problem, but the way to solve it is not by criticising people that hold them: stereotypes develop subconsciously and are largely a social construct. Given that Miller is now an openly gay man I personally would hope that the series has a more balanced perspective on homosexuality.

Sarah Wayne Callies is still terrific. Don’t get me wrong, I wish to death that they had left her character dead in Season 4 and hated the fact they retconned her death, but Sara is such a great character,  next to Linc and Mike I would say she’s the most important. Perhaps they shouldn’t have killed her off in Season 3?

SPOILERS follow these images…

Michael’s Toombstone as it appears at the end of Season 4:

prisonbreak-toombstone-s4

And as it appears in Season 5:

prisonbreak-toombstone-s5

Okay, so right away they’ve retconned the series continuity. Originally Seasons 1-4 all take place over a few months in 2005 (unbelievably), it’s specifically mentioned that Michael is 30 years old, and his toombstone is on a beach in either central America (Panama) or Mexico near Linc’s surf shop. Actually, that scene in Season 4 almost made me vomit – are you really going to hug love and kiss Mahone? I did say didn’t I that taking about everything wrong with Season 4 would take forever, but just to reiterate – everything is wrong with that season. For a start, all of Season 3 was building to some great revelation about Whistler, and a the end of the series he and Mahone are plotting something … and that never eventuates. Anyway, in Season 5 the grave is now mysteriously not on a beach, and it’s in America so that Linc can dig it up. Also the tombstones are different! Also, as mentioned, now Michael dies in 2010 creating numerous continuity errors, not the least of which being that are no smart phone in the original series because they didn’t exist in 2005! Why not just set it 12 years later… problem solved.

Okay, so in a rather improbable turn of events T-Bag is released early – just 7 years after being returned to Fox River. I thought that prisoners were given an automatic 10 year extension on their sentences? Also… what is Linc even doing back in the US … why did he abandon the surf shop? And what’s Sara doing back in the US … she’s a fugitive on the run! That’s the reason why Season 4 ends with her in Panama! So there are some serious continuity issues here … Linc has fallen back into the criminal underworld (no surprise there), and T-Bag delivers him the news that Mike is alive somewhere.

Linc’s car gets hacked by that cross-eyed freak Steve Mouzakis, and despite not wearing his seatbelt and being ejected through the windshield … survives completely unharmed. That’s even more improbable than T-Bag’s release from prison. I’m just waiting for Wade Williams to reappear from the dead… any time now. This is after he exhumes Michael’s grave … you know the one that mysteriously moved from a beach in Panama to a lawn cemetery in USA … which is unrealistically shallow … and finds that it’s empty!

Next we go to Sara who just happens to keep unsecured guns around the house. Oh my fucking god, maybe the show really is morphing into 24’s little brother after all. Do you have any idea how dangerous that is … especially with a 7 year old in the house?? Jesus H Christ! At least put it inside a wall or floor safe. An assassin comes in with a gun fitted with a suppressor… and wouldn’t you know it, when the bitch fires it it unrealistically doesn’t make a gunshot sound! Not to worry though, she only shot Sara’s husband in the leg, and luckily Sara is a doctor.

Eventually they go to Yemen, and find Michael. He denies his identity, claims he doesn’t know Linc, and asks to be taken back to his cell. All in all, a brilliant start to the series even if they made a gut-wrenching number of “creative liberties”. With a 9-episode format this series promises to be short and snappy – something that Season 2 certainly could have benefited from.

The Great Youtube Ad Boycott of 2017

Well by now you should know exactly what I think about internet advertising. Youtube represents everything wrong with the internet. And I must admit that I spend way too much of my time on it.

UBlock Origin is now the recommended/featured ad blocker in FireFox. When you click on Get Add-Ons (about:addons in the address bar), it is one of only seven extensions featured and the only adblocker. Install it today! Use the Youtube Ad Boycott to spread awareness. Third party internet ads are a security vulnerability, and one that affects the most popular websites. In 2014 for example, Youtube was serving malware through their ads. If you blocked their ads you were safe from this threat, even if your antivirus program was not installed or not working.

What is the Youtube Ad Boycott?

In a nutshell, the ad boycott refers to the mass withdrawal of advertising on the Youtube platform by major advertisers. It’s not really a boycott, and it’s a bit silly of people to use that term. It began with the UK government withdrawing advertising from Youtube, and that action has trigged many other large companies both corporate and otherwise to follow. Australian companies (note some are subsidiaries of international companies) that have withdrawn ads completely during this period include: The Federal Government itself, Bunnings, Foxtel, Caltex, Telstra, Ford, Hyundai, Holden, Kia, Toyota, and many others.

What is the problem?

Well there isn’t really one. This can be seen in some ways as a large “market correction”. Advertisers have realised that many of their ads appear on trashy, junk videos and aren’t happy – or worse still, on videos that support violence and terror. The reason why there’s a shitstorm about all this is because many Youtubers produce content for a living, and they’ve just realised that their market and platform is more volatile than they realised. Welcome to the real fucking world you knuckleheads! How do you think print media in particular Newspapers have felt for the past 15-20 years as the internet has slowly eroded their ad profitability?

When Youtube was launched it was intended as a platform for people to express themselves, not as a way for people to make a living. Now I’m not saying that making a living through the platform is wrong: but I am saying that third-party internet ads are fundamentally bad. Advertisers claim the internet would suck without ads. Well wake the fuck up, there are plenty of websites – my blog included, Wikipedia to name another – that don’t run any ads… if you ask me the internet would be better without them. Or will less sophisticated first-party advertising.

Do people have a right to complain?

People have a right to complain. However it’s no one’s god-given right to profit from creating internet content. And it’s certainly not their right to expect third party platforms like Youtube to have their interests at heart. We saw a similar thing 5 or so years ago when certain popular youtubers like Hank Green claimed that AdBlock was destroying their revenue and that it wasn’t fair, blah blah blah. Hank even claimed that they don’t run pre-roll ads on their channels because they know how outright intrusive they are, for proof view his video:

I’ve got news for you, Hank. If I disable uBlock Origin and the MVPS hosts file and view your popular youtube channels they do play pre-roll ads you lying sack of shit. Seriously dude, maybe this was true at the time you made that video in 2012 – I don’t have a Time Travel Capsule so I can’t go back and be absolutely certain – but how do you get off claiming that you recognise those ads are intrusive and shouldn’t be played, and then change your mind and put them on anyway? Does that really show that you care about your users?

The Symantec SSL shitstorm!

UPDATE 1: A few of the facts outlined below are wrong. I will update this post in a few hours to make it both more balanced, and more accurate. Until then I refer to a response from Symantec here, and you can make your own minds up about it.

Okay, so in my last post I was not abreast of the full facts. Now that I am I will start by quoting the guy that discovered the security vulnerability, Chris Bryne:

My STRONG recommendation, is that anyone who purchased a Symantec certificate from a third party, between early 2013 and late 2016, revoke that cert and have it re-issued… either directly by Symantec, or simply revoking and having another trusted CA issue a different cert… as soon as they are able to do so.

As to first party certificates… I don’t know and have not been able to validate how extensive the exposure was, through which interfaces, etc… I do know that they fixed the specific issues that I found in the specific interfacecs I was able to validate, within six months as they agreed to. That said… It would be safer to revoke and re-issue, given the problems that Google themselves identified.

As to end users… I would be extremely wary of any site with a symantec cert issued before late 2016, and take some extra caution regarding any symantec cert period.

You can read all about it on his Facebook post. Chris is a fucking legend. In early 2015 he discovered a severe security vulnerability. The vulnerability is simple enough, and easy to describe and understand. When a customer purchased a security certificate from Symantec (all kinds of certs, not just SSL certs) they would be sent an email with links to retrieve/revoke/renew their certificate. There was no authentication performed besides a simple URI in the links. This could be easily modified to retrieve, revoke, or renew certificate for other customers. At the moment, this isn’t too horrible – after all every time you visit my site it sends you the TLS certificate so you can establish a secure connection, it’s not a secret. So at worst people could get up to mischief by revoking certificates other people had paid for, or issue fresh ones they have to pay for. However it’s still a very serious security breach because it means that an unauthorised person managed to get certificates issued – and it’s the CA’s job (CA = Certificate Authority, i.e. Symantec) to properly verify requests before issuing certificates.

But to make matters worse, and this is why you should NOT sign in to CBA’s Netbank or any other bank that uses a Symantec security certificate effective immediately, some resellers generated the private keys for their customers. Chris found that when this was the case it was also possible to steal customer’s private keys covertly using the same method to get the certificate. Symantec never told their customers that their private keys could have been stolen! Most websites never change their key pair, they will keep the same keys for year or even decades. That means if an attacker stole your private key using this method, they can use it any time they want so long as you keep getting new certificates generated from CSRs generated from the private key. It doesn’t matter if you change CAs and switch to say Let’s Encrypt or something, unless you change the private key all an attacker needs to do to decrypt your visitor’s traffic is perform a MITM attack a la PRISIM.

Symantec claims they don’t believe any attackers stole private keys. However, they outright lied when they issued this statement to several media outlets that ran the story (one such source for it is BleepingComputer):

We have looked into Chris Byrne’s research claim and could not recreate the problem.  We would welcome the proof of concept from the original research in 2015 as well as the most recent research.  In addition, we are unaware of any real-world scenario of harm or evidence of the problem.  However, we can confirm that no private keys were accessed, as that is not technically feasible. We welcome any feedback that helps improve security for the community.  Anyone who would like to share further details about real-world scenarios or proof of concept should contact us at https://www.symantec.com/contact/authentication/ssl-certificate-complaint.jsp.

Symantec has completely mismanaged this whole shitstorm. Chris Bryne now regrets not going public in the first place, and I can’t blame him. He states specifically on his Facebook post (in a comment) that Symantec failed to live up to their end of the agreement. They didn’t take any proactive or remedial action whatsoever to ensure everyone who was exposed to potentially having their private keys comprised generated new ones. They didn’t do shit. Since when do you need to confirm a malicious security breach first before you take action to protect your customers? You don’t – that’s not how security is done!! You assume that EVERYONE who had a private key generated by a reseller that could have been compromised was compromised, then you get all of your affected customers to generate new private keys, and then you tell them why. Symantec never even publicly disclosed the full details of this vulnerability, even after they believe they had finished fixing the problem.

So… if you have a Symantec certificate, and you bought it from a reseller like your host, and the reseller generated the private key and CSR, then revoke your certificate now, generate a new private key, and a new CSR, and use that to get a fresh certificate. Oh and, obviously do not trust any website with Symantec SSL certificate older than November 2016, especially including banks. Fuck Symantec! Chris… you’re a fucking legend.

Whirlpool Topic

The Commonwealth Bank loses its green bar!

UPDATE: Corrections made (01/04/2017).

Here’s a look at Australia’s “big four”… first in Firefox:

banks-ff

And then in Chrome:

banks-chrome

Notice anything? Where’s the green EV Bar? Should you be concerned. Well if you’re a CommBank customer – absolutely you should.

I have just sent a short email to Commbank informing them their website appears to be hacked. Appears to be – it isn’t, but with the green EV Bar that’s exactly what customers should assume has happened. This is what separates a genuine banking website from a fraudulent one. Anyone can get a domain-verified certificate, even me! Furthermore – they’re free! But there’s a big difference, I’m not asking you to enter your credit card number or other sensitive information in to my site – at most you might enter a comment with your name/pseudonym and email address in it.

So what has happened? Well to put it delicately – Symantec has made a huge fuck-up. They were found to have miss-issued over thirty thousand SSL certificates, and as a result punitive action has been taken by Google. The first phase of that action is to no longer recognise EV signed by Symantec. Google will then move to distrust all Symantec issued certificates older than nine months.

Update: It turns that previous paragraph was incorrect. It was an entirely unrelated bug in Chrome. It’s easy for us laypeople to confuse security issues, especially as this happened at the same time as Google announces their policy to revoke EV status. Anyway, this makes the remainder of this post no longer relevant.

The thing that makes me unhappy is that I don’t think they have gone far enough. This is the same shit that happened with WoSign (see here), and yet their rubbish certificates from their corrupt CA are still trusted!! Can you believe it? One third of https websites use Symantec SSL certificates. Given the impact and implication of this, I cannot understand why Google and Mozilla don’t distrust the authority outright effective from 2013 when the problem was first discovered? I mean, call me fucking cynical, but why are they now only taking punitive action FOUR goddamned years in the future? I mean in 2015 they made a goddamned counterfeit EV SSL certificate for GOOGLE.COM – that act alone should have got them booted from ever issuing another trusted certificate again. Who the fuck knows what they could have done in the one day they had that certificate – was it operated by the CIA for a covert operation perhaps?

Symantec and WoSign both need to be distrusted permanently. If this were any other security industry there would be no second chances. And by the way, shame on Google for not making it easy for users to see who the certificate issuer is when we click on the green padlock. And Mozilla – step up your fucking game and tear these rogue CA’s a new one.

Marriage equality now?

No, I don’t think so. And to be honest, I don’t at all feel bad for gays and lesbians who are demanding we enact it through this term of Parliament. But before you leave in disgust and label me a bigot let me explain: I do agree we should work towards legislating same-sex marriage, but I do not agree with doing it the way that activists are demanding.

Sky News began advertising Equality Campaign in the news feed a few weeks ago. I have an ethical issue with what that – I believe they were being paid to advertise in the feed (they also show TV ads for the campaign), yet it is not clearly marked as advertising and appears to be a part of the news feed. So I think that’s very misleading.

What we have at the moment is a situation in Australia where the incumbent government took a policy of a national plebiscite to the election, however the plebiscite legislation was blocked in the Senate by the opposition and the minor parties. The government has stuck by their election promise. But it doesn’t change activists demanding they push through changes anyway – which I think is wholly unfair to Australians who want to have their say in this matter.

Labor and Greens claim that a plebiscite is “just a national poll”. That is not true – with compulsory voting in Australia you will get a solid mandate, just like the republic referendum in 1999. That’s not an opinion poll, that’s participatory democracy. Brexit in Britain was done by plebiscite too, and for an important social change like this it is important to get the public behind it. I’ve said it before, and I’ll say it again, there is no greater affront to democracy than the impact of interest/lobby groups.

To their arguments that this is not the best way to go about it: Who cares? We have a democracy. Democratic decision is imperfect by design. If it was perfect it wouldn’t be a democracy. We sacrifice perfection for the ability of all to have an equal say.

And finally, to their argument that this should be done by an act of Parliament not through a public vote: The Australian Parliament is a little over 100 years old. It’s a pretty recent institution. The institution of Marriage pre-dates the institution of Parliament, it pre-dates democracy, and it pre-dates almost every religion on Earth too. Further to that is the fact that the institution was created in parallel across a multitude of different ancient societies: it did not come from one place at one time, and it has had vastly varying rules throughout the ages. Prior to the modern British era it was overseen by the Christian Church in areas where it had influence – governments of the time did not have jurisdiction over it. In modern societies today, here in Australia, in Europe, and North America it is overseen by the governments of sovereign States. In other places though like Saudi Arabia, it is still controlled by religious organisations.

So the government should not claim to have authority over the institution of marriage. Rather, they are the rightful custodians of an ancient institution that still holds much value today. And that’s why the people, not the government, should be the ones to make decisions that involve changing its meaning. I believe if it was put to a plebiscite it would get at least 70% support of the public. So to all the activists out there – stop playing fucking games, let people have their say, and move on. You will get exactly what you want if you put it to a public vote, and you’ll be reforming marriage the right way.

Is OJ Innocent? A Review

Conclusion

So let me start this off by doing one of the shortest film reviews in history, and laying my cards on the table. I’m going to give the docu-series 3/10. It’s not completely terrible, but most of it is unnecessary padding, and there was no reason to make it seem like Jason is the centre of their investigation just because that’s Dear’s belief. In my view, OJ was certainly at the scene of the murder, the evidence overwhelmingly supports the view of his culpability, and he most likely acted alone.

History

So let’s backtrack to another docu-series that was much better: OJ Made in America. Made in America is a really great multi-award winning docu-series. It gave us a whole biography of OJ’s life. It talked about facts of the case I never knew about, and wouldn’t have known about from Is OJ Innocent such as that most whites in America in 1995 believed OJ was guilty while most African Americans believed he was innocent. It explained quite well how OJ was acquitted – and that was through a very rigorous defence that exemplified all the flaws to be found in the prosecution’s case, and the police investigation. As a result of this case of course, new policies and procedures were put in place by the police to better protect their investigations and the collection of evidence. Made in America also exposes the problem with guilt or innocence being determined by juries. You can learn all of this in Made in America, but in Is OJ Innocent none of this is ever discussed.

Let’s recap. On 12 June 1994, around 2215 Nicole Brown Simpson and Ron Goldman were brutally murdered. Ron was 25 years old and a 3rd degree black belt in Karate – he had put up a valiant fight. Nicole was OJ’s ex-wife, and 35 years old. The police did a thorough investigation and the forensic evidence proved that the murder was committed by OJ. OJ was acquitted, and William C Dear believes that it was OJ’s son Jason who perpetrated the murders.

Evidence

Dear’s evidence, at least as presented in this docu-series, never stacked up. For that reason it was just marketing to make this about Jason Simpson, and I think it was terrible to do that. On the positive side though, the other “investigators” in the show Kris Mohandie and Derrick Levasseur did a good job of examining the evidence that Dear provided, instead of slavishly bringing Bill’s book OJ Is Innocent and I can Prove It to the screen. Based on the positive reviews for his book I honestly thought his case would have been stronger. It was a shame that the opinions of Kris and Derrick were intentionally obfuscated until the end of the series, instead of allowing for a natural flow of investigation to take place. If this were done then they could have provided more information to viewers of the hard evidence of the case, such as the shoes which barely got a mention.

Let’s go over some of Bill’s stupid claims. According to Dr Henry Lee who was a Forensic Expert for the defence in the OJ trial, there were two sets of footprints at the scene of the murder. Okay that’s his valid professional opinion, but the opinion of William J Bodziak the Forensic Expert who testified for the prosecution was that there was only one set of footprints, and they came from size-12 Bruno Magli shoes. OJ claimed he didn’t own a pair, yet his civil conviction was secured because a photograph of him wearing the shoes at a Buffalo Bills American Football game was found (later still they unearthed dozens more). Had this photograph been presented at the time of the criminal trial it’s very likely that OJ would have been convicted: According to the company only 299 pairs of that particular shoe had been sold in the US, and Simpson wore size-12 shoes of which only 9% of American men wore. In total there would have been about 27 pairs of those particular shoes in the right size in all of the USA.

This is not at all the only time the docu-series leaves us with only partial information. At one point in the series they talk to Andrea Scott, a friend of Ron’s. She says that she lent her car to Ron and that the police returned her keys caked in blood still sealed in an evidence bag. They then talk about how keys can be used as a stabbing weapon in self defence. They talk to Bill Pavelic (lead defence investigator in the criminal case) who claims that they keys were found in Ron’s hands and that the police would have tested them, and if the blood didn’t match either of the victims or OJ they would have destroyed the evidence! The big problem here though is we’re not given any hard evidence of any of this. How does Pavelic know they were found in Rons hands and not his pocket? Where are the trial notes that would demonstrate this or a photograph of them in his hands? If you have the stomach for it you can google the photos of Ron’s deceased body, and I can tell you – there are no keys visible. If they were in his pocket then it disproves the hypothesis that they were used as a self-defence weapon. Also, if they were used in that way they would have been damaged/broken, and not just caked in blood.

Bill also claims the time card evidence is dubious and wrongly identifies the first entry as Sunday 12 June 1994 when it clearly runs Monday to Sunday, not Sunday to Sunday as Bill kept claiming. You just have to look at it to know that – otherwise there’s no space for Monday on the card (the machine automatically prints each day of the week at a different level on the card). The knife Bill believes is the murder weapon is another lunacy, the experts clearly believe the primary murder weapon was a single-edged knife, and it makes no sense that the killer would use more than one knife in the attack. Especially when no murder weapon was left behind.

Bill claims that the watch Nicole was wearing at the time had stopped working. This, however, contradicts the evidence. In the series they talk to Tom Lange who was a police detective in the original investigation, and he tells them that it was operational – and this does appear in the official records/police notes that were taken. In favour of this hypothesis is that Tanya Brown (Nicole’s Sister) received the watch back “damaged”, something they learn from Bill Pavelic and later confirm by talking to Nicole. Now I’m not sure why this makes a huge difference to the case anyway, the watch displays 9:59, and the police believe the murders happened at 10:15. And again, they never actually test their hypothesis – all they had to do is buy an identical watch, put it on a dummy and let the dummy fall to the ground and see if it stops or not. I suspect it would keep working. And I suspect the reason it “didn’t work” when given to Tanya is because it had been in police evidence for months and the battery had worn out. Or that oxidisation had occurred due to moisture from the blood.

To be fair, the production company did a really good job of getting interviews with people connected to the case. Interviews that could have made for a really great series had they let these people tell their stories openly and produced and presented that instead. Don’t get me wrong, it appears they were at least mostly respectful with how they treated their guests, but they didn’t let them tell their stories! Unfortunately, Kato Kaelin (a friend of OJ and Nicole) and Fred Goldman (Ron’s father) don’t add very much to this docu-series, and that’s because their stories are not directly relevant to “examining Bill’s theory”.

Eyewitness nonsense

Possibly the lowest moment in the series, is when Dear announces he has discovered a new eyewitness who can put Jason at the scene on the night of the murders. Interestingly this isn’t just some whack-job that the producers hired, he actually spoke to Dear as early as 2014 well before this docu-series was produced as evidenced by this facebook post. ‘My name is Michael Martin and I am the witness in this video. It has been a long journey in finding the courage to come forward to the world with all that I witnessed that night. I will now not stop until justice is given to Nicole Brown Simpson and Ronald Goldman. I wrote this quote during one of my many dark moments while dealing with my depression and guilt over this long held secret. “Times spent in memory of the violent acts from the past will leave a scar that is carried on by all those who were forced to endure what they should never have witnessed.” M M’ But there are problems with eyewitness statements, that this docu-series never mentions. They’re highly unreliable – they’re the least reliable form of primary evidence in a courtroom! They’re unreliable because we misremember things that have happened in the past, and we can be made to do so by events in the future. He might be remembering an entirely different night. Sunday a week earlier. If he was there the night of the murder how come he didn’t know a murder had occurred? Wouldn’t he have heard the blood-curdling screams of the murder victims? Another example of why we can’t trust eyewitness testimony is when they talk to the silent owner of Jackson’s (the restaurant where Jason worked), he identifies the top entry as Sunday 12 June 1994 (leaving nowhere for Monday’s entry). But notice that they ask him a leading question, they don’t ask where is Sunday, they tell him that line is Sunday in their question! Yet on the very same time card we see Sunday at the bottom, and clear blank lines for the days not worked (Thursday and Friday). Yet another witness is Carlos Ramos, a former worker at Jackson’s, emphatically claimed the chefs would have finished work and left by 9PM at the latest on a Sunday night, yet this claim is also clearly disproved by the time card itself as it has Sunday’s entry clearly stamped out at 10:20 PM.

Jason Simpson

Actually, strike that, the lowest moment of the entire series is when they decide to psycho-evaluate Jason Simpson based purely on his diaries that Bill has. Diaries that any decent person would return to Jason. They don’t take into account what the people who know him have to say about him (even though they talked to them in the series), it’s just one-sided and largely speculative. That was absolute trash, and I don’t think it tells us anything valuable about his character, it just unfairly defames and slanders an innocent third party for no valid reason other than to make the viewer think they really are interested in “investigating” Bill’s farcical conspiracy theory. We actually see Tanya Brown get really upset about the fact that Jason faces allegations by Bill; and they’ve clearly been less than truthful with her by not revealing the true nature of their documentary or the fact that they are working with Bill Dear. Look in the end they do exonerate Jason (well Bill doesn’t but that’s because nothing will deter his belief in his hypothesis), but not before spending five of the six episodes treating him as their prime suspect.

Where is the evidence?

I must say I was expecting Dear to present much better evidence. All of Dear’s evidence was highly speculative. For example, Dear claims that the beanie belonged to Jason because he is photographed with a similar one. The “investigators” go and ask Tom Lange why the hair in the beanie wasn’t tested for DNA and he tells them what they should already know – you can’t get DNA from hair. That was true at the time of the investigations, although you could do so now. The handwriting analysis was absolutely farcical – they looked nothing alike. And finally, the docu-series ignored most of the trial evidence, including the shoes which are really a smoking gun in this case, in my opinion.

The other thing never talked about in the entire docu-series is the issues of means, motive, and opportunity. The killer had to have all three, and with OJ as a suspect we do have all three. He was in the prime of his life – 46 years old, physically fit, well trained and strong. He was possessive and violent, and had been stalking Nicole. His whereabouts on that night provided him the opportunity to commit the crime. On the other hand while we do know Jason had an arrest or conviction for violence, we don’t have evidence brought to us by Bill that he was well trained and could have successfully won a fight against a Karate black-belt. So his means are at best plausible. He didn’t have a motive, from what we hear he loved Nicole very much and she loved him like a son. And he has a solid alibi for the whole duration of the time of the attack, so he didn’t have the opportunity. We can never say anything in life with absolute certainty, but I have to say that even if the police planted evidence (which is unlikely), the evidence of OJ’s guilt is overwhelming.

Trump V. Turnbull

Turnbull on Sunday: Tells Australians that Trump has agreed to honour the deal made under the Obama administration.

Tuesday-Wednesday: White House spokesman say that no decision has been made yet whether to progress with the deal, and that any refuges would need to face “extreme vetting”. Note that we’re talking about people who have already been assessed as having g refugee status!

Meanwhile Turnbull insists the deal is good.

Washington Post today: Trump hung up on Turnbull more than half an hour early, was angry, and said it was the worst call from a world leader. Furthermore he called the refugee-swap deal “the worst deal ever”, saying “I don’t want these people” and telling Turnbull it was “his intention” to honour the pre-existing agreement – a phrase used to allow him plenty of wiggle room later so he can (presumably) say “despite my best intentions we cannot honour Obama’s arrangement”.

Meanwhile Turnbull still insists the deal is good!

The Presidential Twitter account today:

Dead, buried, and cremated. Enough said!

HTTP is officially deprecated. SSL is DEAD.

Just in case anyone’s confused by the title – SSL is dead, its successor is TLS and that’s what people really mean when they say SSL now (we still call security certificates SSL certificates).

In the latest Firefox update Mozilla quietly put into action the first step in their plan to phase out HTTP. What am I talking about?

Well this is how my blog is displayed in Firefox:

Notice the Green HTTPS Padlock to the left of the URL. This is how an insecure website looked before the 51.0 update was installed:

Notice that “Connection Not Secure” appears in red. Well that’s how it still looks, but on any page that has a user-name and password input you will see this:

This is the first time the insecure padlock has been used to mark HTTP pages. You can see this in action on just about any insecure forum on the internet.

Google is implementing the policy as well, this is how a secure page now looks as of earlier this month:

Notice that to the right of the padlock is the word “Secure”, whereas until earlier this month there was just the padlock. At the moment insecure sites in Chrome look like this:

The icon is a “neutral” information icon at present. However it does already display a direct warning in the information panel. This is how it will look soon:

And still later on the “neutral” information icon will be changed to a warning icon:

As mentioned though, Firofox already displays the warning icon. Mozilla and Google are intentionally staggering their implementation of this policy in order to ensure webmasters and hosts alike have a transition period, and also I imagine so they don’t put Let’s Encrypt under impossible pressure. On that note it’s worth saying that Let’s Encrypt over the past one year has become the largest CA by far, and their continued success will be very important to ensure that people have access to free security certificates.

As you can see, phasing out the HTTP protocol is the policy of Google and Mozilla, so I highly suggest all webmasters start securing their websites. At the moment they are targeting insecure pages with logins, however the eventual treatment will be to mark all HTTP pages on the internet as insecure. Further information on these policies can be found here:

  1. https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
  2. https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
  3. https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

Honourable mention: When I discovered this policy earlier this month, I happened to see completely by chance that the EST Hosting site’s SSL cert had expired (by about 4 hours at the time). I had a giggle about that and put it into the Whirlpool thread I made. As a courtesy I sent EST an email, and got a response back from the director Eddie who said their main concern was their clients websites, but they were actually working on enabling automated Let’s Encrypt certs for their clients. Eddie sent me another email today letting me know the implementation was complete (he also made a comment on the Whirlpool thread). It’s really great to see proactive webhosts like that who are enabling TLS, SNI, and free automated certificates from Let’s Encrypt for their client’s websites.