I loved email. It's dead.


I loved email. It's dead.

We should start thinking of email addresses only as attack vectors.

An email address a piece of information which, once disclosed, allows someone or something to communicate with you forever. The consequence of this communication is that you may get interrupted by a notification, and bear the cost of storing, reading, and/or deleting the message; the message also increases the cost of searching through all your other messages.

These costs are small. The number of emails you receive, however, is very large. I have received well over a hundred thousand emails so far. Over time it adds up.

There are many-to-many communication systems which are indexed on other kinds of addresses (such as your phone number, postal address, your Facebook identity, your cryptographic public key, and so on). Email is like a phone number or a postal address: it has the property that "knowledge-is-permission", i.e., if you know the address, you can send data to it. Unlike other knowledge-is-permission addressing systems, or "capabilities" to abuse the computer science lingo, sending an email is almost costless, much less than the smallest unit of any normal currency.

The problem is that sharing your email address is a transitive operation: you are granting the recipient the capability to share the address with whomever he/she/it chooses. It is of course much worse than that: the address might be obtained accidentally or maliciously by a third party with whom you have no relationship, due to error, or the recipient going bankrupt, or a data breach, or being sold. There are some laws against sharing "personal data" without permission, but they're not remotely sufficient and probably not the right tool for the job anyway.

There is a commercial incentive to obtain email addresses from customers. They improve price discrimination, which means that customers collectively have to pay more (though some may pay less). Therefore companies try to force customers to hand over email addresses. You are required to divulge an email address to obtain the product; this is useful because it helps keep you informed as the product is delivered. But then a few weeks or months later, you start getting adverts from the company.

In the time it took me to write the previous paragraph, an advert arrived by email from a company from which I bought some blinds for my flat in December.

But in the time it took me to write that paragraph, I blocked all future emails from them.

What I have done is established a system of individual addresses for each company I and organisation I deal with. When I signed up with Blinds2Go, they got given my email address as mk270-blinds@no.ucant.org. But all I had to type was:

address-tool --retire mk270-blinds

and all future email from them is prevented with a curt "bounce" message, and I never receive a notification or store the message.

Effectively, this amounts to having one email address per interlocutor, with revocation indexed on sender email address.

What we actually need is a distributed store-and-forward messaging system where addresses are not transitive: instead, one would receive an invitation to communicate which could only be used by the recipient and not by third parties. This is vaguely similar to the PGP web of trust, Facebook messages between friends, and so on, but is probably most closely represented by the Scuttlebutt system.

To be continued ...

The EU Withdrawal Agreement


The recently published EU Withdrawal Agreement goes some way, but not far enough, towards implementing the result of the 2016 EU membership referendum. It remains to be seen whether Parliament will accept the agreement; it may yet be modified substantially by the government or others, in a way that addresses my concerns, which include the following:

  • it is still going to be the case that, in practice, the EU's legislation will be able to change the legal relationships between private individuals across the broad generality of the affairs of day-to-day life, on pain of severe disruptions to trade
  • the UK will not have discretion over customs and trade policy, and may have to pay a proportion of customs revenue to the EU
  • to some extent, the arrangement retains preferential treatment in migration, residency and voting rights for EU citizens as such
  • there are to be novel and untested arrangements for resolving disputes betweek the UK and the rump-EU
  • some of the measures contemplated would in effect likely be permanent, not even subject to the sort of orderly withdrawal provided for by Article 50; this likely entails that the agreement cannot be used as a stepping stone to further withdrawal from the EU's structures
  • different parts of the UK such as Northern Ireland should not be required to remain within EU arrangements such as the Internal Market and Customs Union

I have always accepted that even without the EU's Internal Market, a hard border of some kind would need to be re-established in Ireland, and that frictionless trade with the EU would become impossible upon leaving the Customs Union. The adoption by the UK government of frictionless trade and an absent hard border as negotiating objectives are effectively incompatible with the referendum result, and, to some extent, the Belfast Agreement 1998. By analogy, we appear to be saying to Scotland and Northern Ireland that their right to secede from the UK is now conditional on their remaining in close economic union with it, which is certainly not in the spirit of the 1998 agreement about Ireland, which was adopted by broad popular majorities in both jurisdictions.

This is my own view and I don't mean to represent it as the view of any other individual or organisation with which I'm associated.

Blog restoration


I have restored this blog; it was disabled by a software update in 2015, and one or two posts were lost. I shall retrieve them from backups and repost them.

Should there be a second In-Out referendum?


Should there be a second In-Out referendum?

Mike Taylor asks, via the world’s premier in-depth discussion medium Twitter,

“Genuinely interested to hear from Leavers: what is the argument AGAINST a referendum on whether to proceed when we know the exit terms?”

It is welcome that Remainers are generally interested in the views of Leavers; there has been far too little engagement and discussion, and too much talking past each other. For my part, I am genuinely interested in what Remainers say to the claim that supranationalism is inherently undemocratic.

To Mike’s question: having a second In-Out referendum is effectively rejecting the result of the first one.

As someone who is a citizen of Australia, the UK and Ireland, most of the countries of which I am a citizen have mandatory, binding, referendums on constitutional questions like Brexit, in which the terms of the measure being voted on are known: effectively, the public is being asked to ratify a statute already enacted but not yet in force.

The UK however, never quick to learn from the example of other countries, put the question whether to Leave or Remain in the EU to a referendum in 2016, but employed a non-binding referendum in which the terms were not known: if you wanted the status quo, that wasn’t really on the ballot, or the outcome of Cameron’s renegotiation, you had to vote Remain, and if you wanted to leave but stay in the European Economic Area, or leave and have a free trade deal with the EU, or leave and attempt to join EFTA, or leave and trade on WTO terms, or leave and have across-the-board tarriff cuts, you would choose the Leave option.

Various UK parties had promised In-In referendums, as contemplated now in the European Union Act 2011; the 2016 UK EU membership referendum was nevertheless an In-Out referendum, albeit without clarity as to which particular version of In or Out would occur. Alex Salmond demonstrated in the 2014 Scottish independence referendum that one could get 45% of the vote in an In-Out referendum without being too explicit even as to the currency one would be using in three years’ time, and had he won, no-one would be saying the result was illegitimate on grounds of the uncertainty about what leaving the UK would mean.

In both cases, the options on the ballot paper, but not the wording of the ballot paper were chosen by David Cameron, who favoured the In/Remain option in both cases. It was open to him to put a specific Scottish independence or Brexit model on the ballot paper. When John Howard was faced with the republic issue in Australia in the 1990s, he faced a republican movement divided on what republican model to adopt, and could have wedged his opponents by putting the “direct election” or “indirect appointment” republican model on the ballot paper (constitutionally mandated referendums in Australia require that the status quo be one of the two options, and that the other option be spelt out in legislation). Instead, he convened a constitutional convention, half elected, half appointed, to deliberate on what republican model, if any, should go on the ballot paper. No-one could reasonably claim that the minority republican cause didn’t get a fair go.

The Remainers chose to put the renegotiated settlement on the ballot paper as the Remain option, against all the possible Leave models. They could have convened a constitutional convention, John Howard-style, and sat down with the Leavers to deliberate on the appropriate Leave model to put on the ballot paper, but they chose not to do that. Some of the Leave models such as Norway or Switzerland were non-starters for various legal, realpolitik, game theory or economic reasons; other Leave models such as the supposed “Turkey model” of remaining in the EU Customs Union(!) only gained currency due to promotion by Remainers and the Irish press after the referendum. Choosing Leave’s model for them, and making it synonymous with the Leave option on the ballot paper, was something Remain chose not to do.

The country voted by a small majority to leave the EU on the understanding that there was some uncertainty about what voting Remain or Leave would mean: for Remain, there was the unknown of how Cameron’s renegotiation would play out in practice, and for Leave the unknown of what the WTO/FTA models might ultimately entail. A little thought would reveal that remaining members of the EEA (the “Single Market”), EU Customs Union, or rejoining EFTA would de facto require the active consent of around thirty other countries’ governments, some of whom would be ill-disposed to the UK, e.g., over Gibraltar, Northern Ireland or Akrotiri. Remain failed to exert, or knowingly chose not to exert, the message discipline to rule out the Leave options that required this kind of consent. It was an open goal and they never lined up the shot.

If staying in the EEA was ever really an option, it was demolished by too many Remainers’ inability after their defeat to shut up and stop smearing 52% of the voters as racist. The polling done by Lord Ashcroft suggests that 40% of Leavers cited immigration as a reason for their vote. Leaving aside the obvious points that most opposition to uncontrolled immigration is not motivated by racism, that people lie about this kind of thing to opinion pollsters, and that some people who said “democracy/sovereignty” rather than immigration was their reason for voting Leave tacitly meant “so we can democratically limit immigration by people we don’t much like the look of”, this meant that a vast body of voters wanted the UK to take back control of the borders, which meant no EU Court of Justice jurisdiction over migration, which is logically incompatible with the free movement of workers or of people which are supposedly integral to the EEA’s Single Market. By refusing utterly to compromise on this point, the EU hung Remainers out to dry. If they hadn’t, every politically unpalatable sacrifice made for EU integration would have been put at risk and the whole thing would have unravelled. The EU’s attitude was completely predictable and predicted, and thus Remainers went on to score an own goal: EEA membership was incompatible with respecting the supposed opinions of Leavers on immigration.

So, the only real Leave models were WTO and a free trade agreement. It’s no good saying that because the losing Remain side failed to make this clear that they should get a second In-Out referendum between a particular FTA and full membership of the EU. They could have made it clear on the ballot paper itself, or forced the Leavers to debate the relative virtues of their Leave models during the campaign.

A second In-Out referendum will be not be able to be held on the substantive issue, but will turn on the procedural issue of why the previous result should be overthrown, on the aspects of Project Fear that turned out to be spin and lies, hardly helped by Niall Ferguson’s admissions, and on Remain’s failure to answer why certain policies claimed to have redistributive effects (e.g., monetary policy in the 1990s and immigration in the 2010s) should be outside the scope of democratic control.

The public will wonder what if anything can be done to prevent a third referendum and rightly ask what it would take to change Remainers’ minds. During the campaign, including the formal debates, I was always prepared to say what would make me change my mind: the existence of a European people, consenting to be governed in common by majority rule. I never found any Remainer prepared to say what would change theirs.

The Horns of a Trilemma


Many years ago I read J H H Weiler's work on the constitution of the European Union, and I concluded that you could not simultaneously have all three of democracy, national sovereignty, and deep economic integration; this trade-off is sometimes known as "Rodrik's Trilemma" after the Turkish economist who popularised the same idea, in relation to finance markets.

Apparently unconcerned by distributional effects, most people cannot be persuaded to forgo the benefits of transnational economic integration, and similarly place their feelings of belonging and tradition before self-government and democratic norms. I'm forced to conclude that the only solution is the adoption, bypassing democracy, of a uniform set of economic rules across a broad swathe of the developed world. In effect, this is what we have been acquiescing in for several decades, as treaty after treaty irons out the differences between national laws.

As the technological complexity of society has increased, democratic legislatures and executive agencies have completely abdicated any role they might play enforcing the public interest; the quality of regulation in areas such as copyright and surveillance is so poor as to be beneath one's dignity to take intellectually seriously. Supranational anti-trust regulators have proven to be the only actors capable of reining in transnational corporations like Microsoft. A post-democratic world (as Jon Worth believes us already to inhabit) would allow much more scope for this proven success of regulation in the public interest.

This of course is not going to be a remotely equal or fair world, but it is one which appears to attract the acquiescence of the governed, without which there can be no lasting order or peace.

Accordingly, I shall no longer be supporting the campaign for British withdrawal from the European Union, and abstain, as I have at recent elections.

Experimenting with CompCert


A few weeks ago I experimented with CompCert, a C compiler from INRIA, written largely in Coq, with chunks in OCaml; this allows the Coq parts of CompCert to be formally verified (see below for more on this).

Now I have no need of a guarantee that my compiler is bug-free, but to the extent that translation my code into the subset of C supported by CompCert reduces the bugcount rather than increases it, it's a win. I'm basically using compcert as a lint tool, but it's fun and instructive anyway. The real-world scenario which makes any of this interesting is therefore if you have a C codebase and suspect a bug in your compiler and want to know how hard it would be to maintain that codebase such that it compiled with a compiler believed to be bug free.

For many years I have maintained a codebase of 40K lines of fairly odd C, that implements a computer game I used to run in the 1990s, and which predates modern conveniences that might have been used, such as sqlite, pcre, libevent, reliable IP stacks on NeXTSTEP, ANSI C, free C++ compilers, free Erlang, etc, etc. The code is also unusual in shunning the use of struct, malloc and pointer arithmetic. For almost the last twenty years I've kept it up-to-date with the C toolchains on a number of OSes, as a way of keeping an eye on what the cool kids are breaking.


Firstly, the codebase needs to be able to cope with multiple compilers; gcc and LLVM's clang are close to drop-in replacements for each other from the perspective of the Makefile. Not so, CompCert: -Wall -Werror are not accepted as options by CompCert, as they're effectively on by default. CompCert isn't going to want to know about any code that doesn't pass gcc -Wall -Werror, but there are a few things LLVM thinks it's Ok to warn you about that CompCert is cool with, which feels like LLVM is wasting my time. Getting the build system and revision control happy about parameterisable compiler options has to happen first.

I was forced to do change all the remaining instances of conflation of integer widths. Anyone who's done arithmetic in OCaml will recognised this as one of the house microfascisms of INRIA, but it's a deep issue: a lot of corner cases depend on your installation of the header files and libraries and so on. In my case, function prototypes are culled into a .h file automatically with cproto, which by default changes the width of integers in K&R-style C functions:

void my_function(i)
short i

is output as

void my_function(int i);

which gcc and LLVM tolerate, but CompCert doesn't. There were a couple of other legitimate "Well Don't Do That Then" moments that I won't tax you with. Effectively one's forced to get all the prototypes and headers and includes exactly right. This showed up a bug: a variable which was supposed to be declared extern wasn't, and was separately allocated from the global it was supposed to represent.

The more formal treatment of integer widths also meant fixing a lot of sprintf format strings.

The next thing I had to fix was the idiom

char *messages[] = { "...", "...", "...", NULL };
int x = sizeof(messages) / ...;

CompCert insists on the length of messsages[] being explicitly specified, which means this technique isn't allowed.

The harder stuff was signal() and stdarg; basically, CompCert supports an anaemic subset of C, and doesn't allow stdargs, though it provides the sprintf() clique of functions. Since wrapping sprintf() is about the only thing varargs is used for in C, this turns out not to be a problem, but I originally bet that parts of the codebase were outside the CompCert C dialect and would need to be shunted into libraries.

My own adventure in CompCert land basically amounted to learning new stylistic restrictions in C. Reading around what people have been doing with CompCert I came across a few interesting articles and from this chap I learnt about concolic testing which is another technique I have no use for but am glad to have spent time learning about.

An independent Scotland will be outside the European Union


If the people of Scotland vote to leave the United Kingdom this week, customs checks along the new border are practically unavoidable. Alex Salmond claims that Scotland will continue to be part of the EU. He's bluffing, and without membership of Europe's Customs Union, his newly independent country will no longer be able to export goods to England tariff-free: anything crossing the border must be examined and taxed, and a cut sent off to Brussels.

It's perfectly possible for Scotland to rejoin the EU after 2016, and the difficulty of doing so is being exaggerated by unionists, but automatic membership is legally impossible. The members of the European Union are states, not peoples or territories, and to gain membership a state must be approved by the governments of all the other EU member states.

Except in France.

Under Article 88-5 of the French constitution, the French Government no longer has the power to approve new EU member states by itself. The political elite there is so distrusted that new states must be approved by the people in a referendum, or by a supermajority in Parliament. Has Mr Salmond made a secret deal with the French people, or perhaps with the rightwingers and nationalists of the French opposition, or is he just winging it again? The French are not going to ignore their own constitution to help the SNP, as letting the French political class admit new countries to the EU means letting Turkey into the EU, and that is about as popular in France as cutting agricultural subsidies, so somehow the politicians or the people need to be bargained with.

Even if Salmond said he hadn't made a secret deal with any foreign rightwinger other than Rupert Murdoch, we should not believe him: his administration spent thousands of pounds of taxpayer's money trying to prevent the disclosure of legal advice on Scotland's EU membership when in fact this advice didn't exist in the first place. Would you believe non-existent advice from this man?

For an indpendent Scotland to rejoin the EU, it needs to conclude a treaty with the existing member states, including the rump UK. This can't be done while Scotland is still part of the UK (particularly from the perspective of the French constitutional requirements). This means months or years of disrupted cross-border trade and customs checks along the Tweed, at Euston Station and so on while the other countries sign up.

Much has been made of the potential attitude of governments in Spain, Cyprus, Greece and other places with sensitivities about secessionism. Particularly troublesome are countries such as Spain and Cyprus which have territorial claims against the UK in Gibraltar and Akrotiri. Foreign politicians can demand that the UK abandon naval and military bases in the Mediterranean as the price for restoring customs-free trade in Great Britain. This is not a situation David Cameron should have allowed to come into existence. The Scottish Government has spent taxpayer's money brushing off Freedom of Information requests asking what discussions they have had with Spain and Cyprus over this issue. Maybe those discussions didn't happen either!

Scotland may well be better off outside the EU; after all, small non-EU states like Norway and New Zealand do fine, but pretending that the country won't spend a day outside the EU is insulting to Scottish voters and the nation as a whole.

Istos custodes


Ofsted is now in a dispute with the Department for Education about no-notice inspections. Puzzled readers may wonder why any school inspection involves notice, for to give notice transforms the inspection regime from an enforcement mechanism to a protection racket: you can run schools however you want, but only if you're organised enough to cover it up between notification of an inspection and clipboard hitting the desk two days later.

Instrumentalising the criminal law, part 94


Sometimes the public sector unions ask for the criminal law to be changed to make it a more serious offence to assault public servants; there was an apparently unsuccessful attempt a decade ago.

I wonder whether they think these laws should apply to union members who assault scabs and strike breakers during industrial disputes.

Not muddying the waters about Euroscepticism


The author of this Kosmopolit article makes the claim that it's silly to label people or arguments using the terms "Europhile" and "Eurosceptic".

That's just wrong; the terms work perfectly fine, they describe whether someone favours the EU vis-a-vis the member states (or similar actors). If you want your country to leave the EU, you're a Eurosceptic. If you want to repatriate powers, you're a Eurosceptic. If you oppose the transfer or arrogation of new powers to the EU, you're a Eurosceptic. The converse positions make you a Europhile.

Where it gets interesting (and in the Kosmopolit article, this is where the straw-man style argumentation and rhetorical questions all start to appear) is in two areas: internal conflicts between EU institutions, and situations where the EU does things that particular Eurosceptics support.

Eurosceptics are just not going to agree with each otherabout intra-institutional conflicts between Council, Court, Commission and Parliament. Why should they? It's like asking people who favour labour against capital which side they back in a dispute between shareholders, board and management: their ideology just doesn't discriminate at that level of detail, though individuals might have opinions on a general or case by case basis. It's a matter of strategy and tactics, not an issue of principle.

Similarly, there will be cases where Eurosceptics are divided about particular EU policies, such as the Euro, surveillance, IP laws, etc. Ignoring the people who tactically support bad policies in the hope of hastening the EU's demise, there's no reason that people who want less EU power are going to agree on any other issue: Tony Benn, Margaret Thatcher, Enoch Powell, Michael Foot, Bob Crow, Nigel Farage, Dan Hannan, Dennis Healey, David Owen, and Kate Hoey are all over the political "spectrum". It's inevitable that the EU will often do things that some of them support. One principled view is to say that one opposes all exercises of competences that the EU should not have, and this is completely normal in the United States: Republican opponents of gay marriage nevertheless oppose federal bans on gay marriage on states rights' grounds.

Once one has taken into account such positions, the Kosmopolit argument isn't very convincing. He/she says "So just because I think the policy outcome is positive I am considered a “europhile”?". A Question To Which The Answer Is No.