I loved email. It's dead.

2019-02-24

I loved email. It's dead.

We should start thinking of email addresses only as attack vectors.

An email address a piece of information which, once disclosed, allows someone or something to communicate with you forever. The consequence of this communication is that you may get interrupted by a notification, and bear the cost of storing, reading, and/or deleting the message; the message also increases the cost of searching through all your other messages.

These costs are small. The number of emails you receive, however, is very large. I have received well over a hundred thousand emails so far. Over time it adds up.

There are many-to-many communication systems which are indexed on other kinds of addresses (such as your phone number, postal address, your Facebook identity, your cryptographic public key, and so on). Email is like a phone number or a postal address: it has the property that "knowledge-is-permission", i.e., if you know the address, you can send data to it. Unlike other knowledge-is-permission addressing systems, or "capabilities" to abuse the computer science lingo, sending an email is almost costless, much less than the smallest unit of any normal currency.

The problem is that sharing your email address is a transitive operation: you are granting the recipient the capability to share the address with whomever he/she/it chooses. It is of course much worse than that: the address might be obtained accidentally or maliciously by a third party with whom you have no relationship, due to error, or the recipient going bankrupt, or a data breach, or being sold. There are some laws against sharing "personal data" without permission, but they're not remotely sufficient and probably not the right tool for the job anyway.

There is a commercial incentive to obtain email addresses from customers. They improve price discrimination, which means that customers collectively have to pay more (though some may pay less). Therefore companies try to force customers to hand over email addresses. You are required to divulge an email address to obtain the product; this is useful because it helps keep you informed as the product is delivered. But then a few weeks or months later, you start getting adverts from the company.

In the time it took me to write the previous paragraph, an advert arrived by email from a company from which I bought some blinds for my flat in December.

But in the time it took me to write that paragraph, I blocked all future emails from them.

What I have done is established a system of individual addresses for each company I and organisation I deal with. When I signed up with Blinds2Go, they got given my email address as mk270-blinds@no.ucant.org. But all I had to type was:

address-tool --retire mk270-blinds

and all future email from them is prevented with a curt "bounce" message, and I never receive a notification or store the message.

Effectively, this amounts to having one email address per interlocutor, with revocation indexed on sender email address.

What we actually need is a distributed store-and-forward messaging system where addresses are not transitive: instead, one would receive an invitation to communicate which could only be used by the recipient and not by third parties. This is vaguely similar to the PGP web of trust, Facebook messages between friends, and so on, but is probably most closely represented by the Scuttlebutt system.

To be continued ...

Blog restoration

2017-12-19

I have restored this blog; it was disabled by a software update in 2015, and one or two posts were lost. I shall retrieve them from backups and repost them.

The Horns of a Trilemma

2016-04-01

Many years ago I read J H H Weiler's work on the constitution of the European Union, and I concluded that you could not simultaneously have all three of democracy, national sovereignty, and deep economic integration; this trade-off is sometimes known as "Rodrik's Trilemma" after the Turkish economist who popularised the same idea, in relation to finance markets.

Apparently unconcerned by distributional effects, most people cannot be persuaded to forgo the benefits of transnational economic integration, and similarly place their feelings of belonging and tradition before self-government and democratic norms. I'm forced to conclude that the only solution is the adoption, bypassing democracy, of a uniform set of economic rules across a broad swathe of the developed world. In effect, this is what we have been acquiescing in for several decades, as treaty after treaty irons out the differences between national laws.

As the technological complexity of society has increased, democratic legislatures and executive agencies have completely abdicated any role they might play enforcing the public interest; the quality of regulation in areas such as copyright and surveillance is so poor as to be beneath one's dignity to take intellectually seriously. Supranational anti-trust regulators have proven to be the only actors capable of reining in transnational corporations like Microsoft. A post-democratic world (as Jon Worth believes us already to inhabit) would allow much more scope for this proven success of regulation in the public interest.

This of course is not going to be a remotely equal or fair world, but it is one which appears to attract the acquiescence of the governed, without which there can be no lasting order or peace.

Accordingly, I shall no longer be supporting the campaign for British withdrawal from the European Union, and abstain, as I have at recent elections.

Experimenting with CompCert

2014-12-02

A few weeks ago I experimented with CompCert, a C compiler from INRIA, written largely in Coq, with chunks in OCaml; this allows the Coq parts of CompCert to be formally verified (see below for more on this).

Now I have no need of a guarantee that my compiler is bug-free, but to the extent that translation my code into the subset of C supported by CompCert reduces the bugcount rather than increases it, it's a win. I'm basically using compcert as a lint tool, but it's fun and instructive anyway. The real-world scenario which makes any of this interesting is therefore if you have a C codebase and suspect a bug in your compiler and want to know how hard it would be to maintain that codebase such that it compiled with a compiler believed to be bug free.

For many years I have maintained a codebase of 40K lines of fairly odd C, that implements a computer game I used to run in the 1990s, and which predates modern conveniences that might have been used, such as sqlite, pcre, libevent, reliable IP stacks on NeXTSTEP, ANSI C, free C++ compilers, free Erlang, etc, etc. The code is also unusual in shunning the use of struct, malloc and pointer arithmetic. For almost the last twenty years I've kept it up-to-date with the C toolchains on a number of OSes, as a way of keeping an eye on what the cool kids are breaking.

So:

Firstly, the codebase needs to be able to cope with multiple compilers; gcc and LLVM's clang are close to drop-in replacements for each other from the perspective of the Makefile. Not so, CompCert: -Wall -Werror are not accepted as options by CompCert, as they're effectively on by default. CompCert isn't going to want to know about any code that doesn't pass gcc -Wall -Werror, but there are a few things LLVM thinks it's Ok to warn you about that CompCert is cool with, which feels like LLVM is wasting my time. Getting the build system and revision control happy about parameterisable compiler options has to happen first.

I was forced to do change all the remaining instances of conflation of integer widths. Anyone who's done arithmetic in OCaml will recognised this as one of the house microfascisms of INRIA, but it's a deep issue: a lot of corner cases depend on your installation of the header files and libraries and so on. In my case, function prototypes are culled into a .h file automatically with cproto, which by default changes the width of integers in K&R-style C functions:

void my_function(i)
short i
{
...
}

is output as

void my_function(int i);

which gcc and LLVM tolerate, but CompCert doesn't. There were a couple of other legitimate "Well Don't Do That Then" moments that I won't tax you with. Effectively one's forced to get all the prototypes and headers and includes exactly right. This showed up a bug: a variable which was supposed to be declared extern wasn't, and was separately allocated from the global it was supposed to represent.

The more formal treatment of integer widths also meant fixing a lot of sprintf format strings.

The next thing I had to fix was the idiom

char *messages[] = { "...", "...", "...", NULL };
int x = sizeof(messages) / ...;

CompCert insists on the length of messsages[] being explicitly specified, which means this technique isn't allowed.

The harder stuff was signal() and stdarg; basically, CompCert supports an anaemic subset of C, and doesn't allow stdargs, though it provides the sprintf() clique of functions. Since wrapping sprintf() is about the only thing varargs is used for in C, this turns out not to be a problem, but I originally bet that parts of the codebase were outside the CompCert C dialect and would need to be shunted into libraries.

My own adventure in CompCert land basically amounted to learning new stylistic restrictions in C. Reading around what people have been doing with CompCert I came across a few interesting articles and from this chap I learnt about concolic testing which is another technique I have no use for but am glad to have spent time learning about.

An independent Scotland will be outside the European Union

2014-09-17

If the people of Scotland vote to leave the United Kingdom this week, customs checks along the new border are practically unavoidable. Alex Salmond claims that Scotland will continue to be part of the EU. He's bluffing, and without membership of Europe's Customs Union, his newly independent country will no longer be able to export goods to England tariff-free: anything crossing the border must be examined and taxed, and a cut sent off to Brussels.

It's perfectly possible for Scotland to rejoin the EU after 2016, and the difficulty of doing so is being exaggerated by unionists, but automatic membership is legally impossible. The members of the European Union are states, not peoples or territories, and to gain membership a state must be approved by the governments of all the other EU member states.

Except in France.

Under Article 88-5 of the French constitution, the French Government no longer has the power to approve new EU member states by itself. The political elite there is so distrusted that new states must be approved by the people in a referendum, or by a supermajority in Parliament. Has Mr Salmond made a secret deal with the French people, or perhaps with the rightwingers and nationalists of the French opposition, or is he just winging it again? The French are not going to ignore their own constitution to help the SNP, as letting the French political class admit new countries to the EU means letting Turkey into the EU, and that is about as popular in France as cutting agricultural subsidies, so somehow the politicians or the people need to be bargained with.

Even if Salmond said he hadn't made a secret deal with any foreign rightwinger other than Rupert Murdoch, we should not believe him: his administration spent thousands of pounds of taxpayer's money trying to prevent the disclosure of legal advice on Scotland's EU membership when in fact this advice didn't exist in the first place. Would you believe non-existent advice from this man?

For an indpendent Scotland to rejoin the EU, it needs to conclude a treaty with the existing member states, including the rump UK. This can't be done while Scotland is still part of the UK (particularly from the perspective of the French constitutional requirements). This means months or years of disrupted cross-border trade and customs checks along the Tweed, at Euston Station and so on while the other countries sign up.

Much has been made of the potential attitude of governments in Spain, Cyprus, Greece and other places with sensitivities about secessionism. Particularly troublesome are countries such as Spain and Cyprus which have territorial claims against the UK in Gibraltar and Akrotiri. Foreign politicians can demand that the UK abandon naval and military bases in the Mediterranean as the price for restoring customs-free trade in Great Britain. This is not a situation David Cameron should have allowed to come into existence. The Scottish Government has spent taxpayer's money brushing off Freedom of Information requests asking what discussions they have had with Spain and Cyprus over this issue. Maybe those discussions didn't happen either!

Scotland may well be better off outside the EU; after all, small non-EU states like Norway and New Zealand do fine, but pretending that the country won't spend a day outside the EU is insulting to Scottish voters and the nation as a whole.

Istos custodes

2014-06-10

Ofsted is now in a dispute with the Department for Education about no-notice inspections. Puzzled readers may wonder why any school inspection involves notice, for to give notice transforms the inspection regime from an enforcement mechanism to a protection racket: you can run schools however you want, but only if you're organised enough to cover it up between notification of an inspection and clipboard hitting the desk two days later.

Not muddying the waters about Euroscepticism

2014-04-09

The author of this Kosmopolit article makes the claim that it's silly to label people or arguments using the terms "Europhile" and "Eurosceptic".

That's just wrong; the terms work perfectly fine, they describe whether someone favours the EU vis-a-vis the member states (or similar actors). If you want your country to leave the EU, you're a Eurosceptic. If you want to repatriate powers, you're a Eurosceptic. If you oppose the transfer or arrogation of new powers to the EU, you're a Eurosceptic. The converse positions make you a Europhile.

Where it gets interesting (and in the Kosmopolit article, this is where the straw-man style argumentation and rhetorical questions all start to appear) is in two areas: internal conflicts between EU institutions, and situations where the EU does things that particular Eurosceptics support.

Eurosceptics are just not going to agree with each otherabout intra-institutional conflicts between Council, Court, Commission and Parliament. Why should they? It's like asking people who favour labour against capital which side they back in a dispute between shareholders, board and management: their ideology just doesn't discriminate at that level of detail, though individuals might have opinions on a general or case by case basis. It's a matter of strategy and tactics, not an issue of principle.

Similarly, there will be cases where Eurosceptics are divided about particular EU policies, such as the Euro, surveillance, IP laws, etc. Ignoring the people who tactically support bad policies in the hope of hastening the EU's demise, there's no reason that people who want less EU power are going to agree on any other issue: Tony Benn, Margaret Thatcher, Enoch Powell, Michael Foot, Bob Crow, Nigel Farage, Dan Hannan, Dennis Healey, David Owen, and Kate Hoey are all over the political "spectrum". It's inevitable that the EU will often do things that some of them support. One principled view is to say that one opposes all exercises of competences that the EU should not have, and this is completely normal in the United States: Republican opponents of gay marriage nevertheless oppose federal bans on gay marriage on states rights' grounds.

Once one has taken into account such positions, the Kosmopolit argument isn't very convincing. He/she says "So just because I think the policy outcome is positive I am considered a “europhile”?". A Question To Which The Answer Is No.

Other things Churchill supported

2014-03-06

We're often reminded that Churchill supported the ECHR or European integration more broadly, as though there were no better argument in favour or against these things.

For a bit of perspective, here's a broader list of stuff Churchill liked:

  • "using poisoned gas against uncivilised tribes"
  • the Gold Standard
  • denying India's right to be independent
  • using the army against strikers
  • politicians issuing orders to the police
  • the European Convention on Human Rights
  • European integration
  • imperialism

These people need some better arguments, or at least to explain why their cause gets to be associated with Churchill's admirable qualities rather than his flaws.

The Day We Fight What Exactly?

2014-02-11

It's no longer safe in the UK to talk to your GP about depression and mental illness - the government will force them to hand over this information, whereupon it may be leaked, hacked, sold, etc.

Aliens don't crash land

2013-07-08

Today is the anniversary of the Roswell Incident, which is the subject of various conspiracy theories. I don't like conspiracy theories; that way of thinking always tends to involve being selective about whether particular things are plausible.

There's no reason to suppose that life necessarily exists outside our solar system, or that it is impossible for life to exist elsewhere, but that is not the point: we are invited to believe that intelligent creatures from outside our solar system crash landed in Roswell this day sixty-six years ago.

Is plausible that aliens could master interstellar travel, but not the ability to land without crashing?