2013-03-30

Sergey Brin writes an article on journalism in the Guardian

The übergeek co-founder of Google uses Comment is Free to call out the frequent misuse of hyperbole, bathos and litotes in modern journalism:

While the infrastructure of the internet might not be easy for reporters to understand, simply juxtaposing quotes from opposing sides isn't all there is to journalism. Yes, this was a big attack in terms of traffic directed against one website (approx 300Gbps), but the internet seemed to cope just fine.
Oh, I am sorry; that was actually professor of journalism Heather Brooke writing about distributed denial of service attacks. Easy mistake to make.

Was this actually a problem?

To be fair, Brooke relied substantially on Sam Biddle at Gizmodo for the scepticism. So let's tackle Biddle's questions, shall we?

Why wasn't my internet slow?
If you weren't looking at a CloudFlare-hosted site, you wouldn't have noticed. This attack was very focused in its target. Where it caused congestion was at one exchange, and even then the interruption was very limited.
Why didn't anyone notice this over the course of the past week, when it began?
What makes you think no-one noticed, Sam? Whom, exactly, were you asking? A sudden spike in DNS traffic like this (UDP port 53 packets) is very noticeable to anyone who cares about their networks. It's also not easy to filter until you've identified the IP(s) under attack.
Why isn't anyone without a financial stake in the attack saying the attack was this much of a disaster?
See above; whom are you asking? And your idea of "disaster" is immediate, whereas people acquainted with the daily DDoS attacks of the Net have a very different perspective that involves the potential for a well-resourced attacker to DDoS sites.
Why haven't there been any reports of Netflix outages, as the New York Times and BBC reported?
Probably because the level of any Netflix traffic degradation fell into the usual noise of ISP / Netflix unreliability. If the attacker had been targeting Netflix, it may have been a very different story.
Why do firms that do nothing but monitor the health of the web, like Internet Traffic Report, show zero evidence of this Dutch conflict spilling over into our online backyards?
The botnet controlled by whoever mounted this attack was relatively small. The frightening aspect of the attack was the effective amplification of the relatively small botnet outbound traffic capacity. A more substantial attack with a botnet an order of magnitude greater in membership is quite capable of causing an order of magnitude more of a problem. As more and more of India, Brazil and China come online, sourcing botnet members is only going to get easier.

The technical nitty-gritty

The Spamhaus/CloudFlare DDoS was not notable for the effect of its attack - CloudFlare successfully blocked the attack, mostly because it was relatively easy to identify the malicious traffic. If you're wondering "how so?" here's the detail.

If you imagine the Internet as a virtual version of the Post Office, every data packet on the Internet can be thought of as an envelope with a destination address and (usually) a return address. Envelopes are coloured according to what kind of information they carry. Regular web traffic (HTTP) could be white, email (SMTP) could be yellow, DNS queries could be red. The way that Internet traffic works is that at every sorting office (point in the network) there are rules ("routing tables") that determine how to move any envelope closer to its destination address. Normally these rules don't take account of the envelope's colour, but when sorting offices get very busy they have the ability to control what colour of envelopes they accept; they can for instance hold up deliver of non-time critical yellow envelopes in order to process time-critical white envelopes promptly.

Some bad guys (spammers) have the ability to generate vast quantities of yellow envelopes, threatening to drown the sorting offices in mail, but the sorting offices are given a list of return addresses by firms like Spamhaus which are known to be spam sources; they can choose to throw all mail from those addresses into the trash. Unfortunately, the spammers are wise to this and forge their return addresses to appear to be legitimate, regular folks. They don't care if their messages are returned to the wrong people.

Regular people under the threat of spam can change address to a magic PO Box number, provided by companies like CloudFlare. These PO Boxes are special because the same address exists in many places across the world (an "anycast" address); in the USA, in Europe, in Japan etc. Mail to PO Box 1 sent from the USA or Canada will go to a CloudFlare office in the USA as it's closest; mail to the same address sent from Germany will go to a CloudFlare office in France, and so on. That way, even if lots of spammers send mail to the PO Box 1 address, the mail will be less likely to be concentrated in one place.

CloudFlare's PO Box establishments have dedicated security systems that can be told to throw away certain kinds of envelope as they arrive. In this case, because they are aware that a DNS-based attack on Spamhaus is happening, any red (DNS) envelope sent to PO Box 555 (Spamhaus) which comes from certain sources (the open DNS resolvers) can safely be thrown away before it goes to the company mailboy. Note that this is only possible because CloudFlare knows that Spamhaus does not expect DNS traffic from those resolvers. CloudFlare can't throw away all red envelopes because one of the ways Spamhaus works relies on its clients sending red envelopes to Spamhaus asking for information about a domain ("DNSBL" - DNS Block list).

The threat

If I wanted to cause widespread disruption with an attack like this, my botnets would be targeting tens if not hundreds of IPs; say, the public IPs of UK online banking sites. Even if the open DNS resolvers had rate limiting implemented, they would have significant problems identifying legitimate traffic from botnet traffic since they would appear to be getting requests from many IPs, not just a single IP. I would switch targets frequently, making it harder to build a blacklist of source IPs. I would rent many bot computers on low-speed connections rather than fewer bots on high-speed connections, and aim for geographic diversity to make it harder to identify traffic spikes until the traffic was very close to its targets.

Spamhaus was able to avoid the attack by moving to CloudFlare, taking advantage of their much more robust and distributed hosting system, but this costs money - and even CloudFlare is not invulnerable, if the attack is sufficiently large, distributed and/or difficult to filter. Most online firms will be hosted on the cheapest hosting provider possible, and so will be ridiculously vulnerable to an attack like this. Anyone intent on large scale malice - and I'm thinking of state-level actors - could cause havoc by using a much larger target list selected for public impact.

The open DNS resolver issue is a worry for the Net, but it's a relatively manageable problem - we know where the high-capacity resolvers are, and have some way of being able to squash their traffic in an emergency by blacklisting their IPs, which will annoy a lot of users but at least save the Internet. The real worry is when more households get high-capacity outbound pipes to the Internet (BT Openreach Fibre to the premises, Google Fiber, Verizon FiOS etc.) and black-hat hackers are able to target these households to compromise their computers and turn them into a high-capacity DDoS attack machine. With the current rate of zero-day exploits discovery, and the relatively slow uptake of security patches on home computers, this is a very real and frightening problem. The Spamhaus DDoS is just a taste of what's coming down the pipe.

Stick to writing articles about journalism, Ms. Brooke.

Update: Ars Technica addresses these questions in more detail with similar conclusions - there was some hype, but this is a real problem and could have done serious damage.

2013-03-28

Be careful whom you shoot

Last year, a 15 year old schoolgirl from Swat in Pakistan was shot in the head while returning home from school on the school bus. It seems that certain people objected to the subversive messages she was spreading:

In early 2009, at the age of 11/12, Yousafzai wrote a blog under a pseudonym for the BBC detailing her life under Taliban rule, their attempts to take control of the valley, and her views on promoting education for girls.
Dear Lord, we can't have girls being educated. Who knows what thoughts might enter their heads? So a gentleman from the local Taliban franchise put a pistol to her head and pulled the trigger.

This is the story of Malala Yousafzai (the top Google hit for "malala") and if the Taliban spent any time educating their followers on human biology, the bullet would have killed her right there in October 2012. Unfortunately for their cause, the hitman was chosen more for his pseudo-Islamic zeal than actual shooting talent. Malala was hit in the head but survived, thanks (by my reading between the lines) to a combination of Heaven-sent fortune, personal will to survive, and some top-notch emergency care by the local and national medics. Flown to Britain for surgery to repair her skull, she recovered and is now attending school in Birmingham. I rather suspect that the school has surreptitiously taken additional security measures since unfortunately the UK is still home to too many misogynistic and violent gentlemen from South Asia who might take exception to Malala's very public survival.

Now, Malala has signed a $3M book deal to write about her life and her cause. Given the international outcry over the attack, and support for her cause, I fully expect it to hit the top of the autobiography bestseller charts. As a result, millions of people who would only have heard of Malala in a cursory news story about another fatal shooting in Pakistan will be reading about her life and the state of female education in Pakistan's Taliban-controlled areas. We can only expect more international support and money for such education as a result.

I'm somewhat hoping that the Taliban hitman avoided capture and will spend the next few months being slowly tortured to death by his compatriots for failing spectacularly in his assassination attempt.

2013-03-27

Public goods can also be public bads

Imagine a village in the middle of the woods. The villagers use wood for many of their needs - building houses, firewood etc. - but it's rather tedious carrying axes into the wood to find a suitable tree, and then axing down a tree is slow and error-prone. The village elders, mindful of this, buy a job lot of high-spec chainsaws and distribute them around the wood marked by big red flags. A villager can wander into the wood, spot a handy-looking tree, find the nearest chainsaw, drop the tree in no time and then leave the chainsaw by the flag before pulling his tree back home.

Unfortunately, some of the village youth have a nihilistic bent. One evening they go into the woods, get a chainsaw each, bring them back to the village and chop down the structural pillars of a number of houses before they can be caught and stopped. The village elders are embarrassed that their good intentions in improving village life have been turned on them to wreak industrial havoc. Perhaps leaving high-powered machinery around the woods for anyone to use has its downsides?

This is roughly the situation that the Internet finds itself in currently, as described in CloudFlare's account of the ongoing DDoS that nearly broke the Internet. Anyone with a technical bent should go read the original, for it is a very good (if frightening) piece. For those less technical or with less time, here's the short version.

Spamhaus is a long-existing Internet establishment that does its best to identify email spammers and the machines they use to spam, and feeds data to major Internet Service Providers and other entities enabling them to identify that spam and cut it off early before it overwhelms users' inboxes. They have been very successful at this; the email spam problem today is still substantial but much, much better than it used to be even a couple of years ago. Recently they identified a fairly "liberal" Dutch hosting company "Cyberbunker" as spammers and started including them in their blacklist. It would be safe to say that Cyberbunker did not appreciate this.

Last week Spamhaus was on the receiving end of a big Distributed Denial of Service (DDoS) attack, thousands of compromised computers being used to drown Spamhaus's website in a flood of requests. This was initially very successful. Spamhaus asked for help, and distributed hosting provider CloudFlare stepped in to host Spamhaus. Their defences and capacity could cope with the attack. But this did not stop the attackers, who have raised their game in recent days:

An engineer at one of the largest Internet communications firms said the attacks in recent days have been as many as five times larger than what was seen recently in attacks against major American banks. [my emphasis] He said the attacks were not large enough to saturate the company's largest routers, but they had overwhelmed important equipment.
The attacks have been so big (up to 300 gigabits per second - enough data every second to represent the text of 100,000 novels) that they have started to saturate some of the networking hardware of the Internet exchanges, the entities which "glue" the major parts of the Internet together. If you've been seeing slower-than-usual Internet speeds over the past few days, this may have been part of the problem.

What does this have to do with chainsaws in the woods? Well, the attackers have a lot of computers under their control, but those computers are mostly on regular home Internet connections and can't get near the upload rate they'd need to each 300Gbps. Instead they are sending forged requests to open DNS recursor hosts. These computers, which are the chainsaws in our example, are part of the Internet's naming system - "DNS", the Domain Name System - which translates human-readable names into the numeric addresses used by the Internet. As an example, www.dailymail.co.uk translates into the Internet (version 4) address 23.59.191.33.

Normally these computers are provided by ISPs and serve only that ISP's customers. However a number of them, either by misconfiguration or by design, accept requests from anyone. Worse, a) there are certain queries where a very small request can result in the DNS host returning a large amount of data (the "amplification" problem) and b) it is possible for the requesting computer to forge its sending address to pretend that it's a different computer. The result of this is that a single computer with a very slow link to the rest of the Net can command an open DNS host to send a much larger stream of data to any Internet address it chooses. This is a big problem, allowing distributed denial of service attacks of much more traffic than the compromised computers can send.

I expect that as a result of the Spamhaus attack more work will be done to lock down open DNS hosts, or at least get them to react much more slowly to unknown users. Still, this situation is a reminder that providing public goods can come with unexpected public costs.

Update: a sysadmin with an open DNS server confesses. Well, that's 0.0005 Gbit/s down, only 299.9995 Gbit/s to go.

Do not meddle in the affairs of cats

Technical kudos to Dave Evans for developing a GPS tracker device for his cat's collar:

Mr Evans, 41, said the weatherproof tracker, weighing just 15g, will cost £50 and can be used for cats and dogs. He said: 'My cat was getting fat even though I was feeding him less and I needed to know what was going on.
Now I know he travels a couple of miles each day, exactly where he goes every night and who's feeding him.'
Allowing owners to track where their cats go and from which houses they get additional food? I can't imagine the feline population standing for that kind of interference. I foresee Mr. Evans coming to a sticky end, mysteriously breaking his neck while walking down the stairs. Mr. Evans - move into a bungalow post-haste, and may I advise you to trade in your cat for one of the larger varieties of canine?

2013-03-26

If you wanted RAF SAR you should have bought better choppers

Much wailing in The Guardian today over the news that the RAF and Royal Navy will be handing over UK search and rescue to a private firm:

Bristow, a leading provider of helicopter services to the offshore energy industry, has won a £1.6bn contract to provide SAR (search and rescue) from 2016.
Everyone currently involved in the SAR industry promptly objects to the change. It's not surprising, the change is a very significant one since the RAF and RN have been providing SAR around the UK for 70 years. So why does the Government want to fix what (apparently) ain't broken?

Money is, of course, a primary driver for this - the contract is £1.6bn, for a duration apparently unspecified in the Government press release on the SAR handover. If private cover costs this much, you can bet that RAF/RN cover costs more. The real reason for this change though, and believe me it's a good reason, is buried down in the article:

However, the government has argued that it needs to act because the famous and much-loved Sea King helicopter fleet is approaching the end of its useful life.
The Sea Kings are ancient hardware. The licence-built UK design first flew in 1969 with updates such as the dedicated SAR variant HAR3 delivered in the late 1970s / early 1980s. It's being retired everywhere else in the world, and even in the UK the troop-carrying variant has bitten the dust. There's no way that the current Sea Kings can or should keep going much longer, getting increasingly expensive and difficult to maintain.

But the RAF and Navy have a much more modern medium- and heavy-lift helicopter - the EH101 aka Merlin in UK service. Why not use these for SAR? Well, where the 14,000lb empty-weight Sea King has a regular range of 764 miles and sea level cruise speed of 129mph, the Merlin is nearly 10,000lb heavier, with a 500 mile range albeit a faster cruise speed of 167mph. Cargo carrying capacity is not generally a big concern for SAR roles - as long as it can accommodate crew + around ten passengers this will cover the vast majority of rescue situations. The Merlin is too big compared to the Sea King, and it's really expensive - the RAF bought 44 aircraft for £4.65bn and even though a lot of that cost was set-up and infrastructure you're still looking at the thick end of £30M per bird.

But let's compare it against the replacements that Bristow will use: ten Sikorsky S92s and ten AW189s. The former is an up-rated civilian version of the tremendously successful and widely used UH-70 Blackhawk, weighs 15,500lb empty with a range of 600 miles and cruise speed of 174mph - a lot faster than Sea King or Merlin, slightly less range than the former but a comparable weight, and will set you back about £20M. Spares should be easy to find and running costs low. Specs on the latter are harder to find, but it looks to have a comparable speed and be slightly lighter; presumably there's something about the cost/range/speed tradeoff that makes it a more attractive option than the S92 for certain locations.

Bristow aren't exactly newcomers to the SAR role - they've been operating helicopters to the North Sea oil platforms for decades, which is a sufficiently challenging environment to prepare them well for UK SAR. It's still going to be an interesting hand-over, but there's no reason to think that Bristow will just let random yachting folks drown because of a clause in their contract.

The other nice thing about contracting out this service is that the contract should be very easy to spec out - the variables (weather, range, accidents) are very well known and well-established, and so unless the MoD Procurement idiots have been allowed to write the contract it's not unreasonable to think that they should cover all the major issues. This is not like tendering for a future fighter or helicopter where the requirements are hazy. We know exactly what SAR involves and what's reasonable to expect. If anything, I expect the contract to be too conservative and prevent Bristow from implementing innovations in kit or procedures that would let them reduce operational cost while preserving the same effective service.

2013-03-25

The USA doesn't have a spending problem

We can tell (pace the Democratic Party) that the USA doesn't have a spending problem because county supervisors get a salary of $410,000 and an identical pension:

[County Supervisor] Muranishi has been with the county for 38 years, and she’s 63. When retirement day comes, she’ll be getting a lot more than a gold watch.
That’s because, according to the county auditor's office, Muranishi's annual pension will be equal to the dollar total of her entire yearly package — $413,000. She also has a separate executive private pension plan, for which the county chips in $46,500 a year.
I particularly like that she gets $54,000 a year solely because she's been with the county more than 30 years. So this salary isn't paid to her as part of an active market in talent - it's a classic (if outrageous in scale) time-served formula. For reference, the Governor of the entire state of California is only paid $170,000 per year.

For a sense of scale, Alameda County in California has a population of about 1.5M people, which is a little larger than Birmingham or Bristol in the UK. Its major city is Oakland which is one of the most dangerous cities in the USA, having seen crime rise consistently for about 40 years. You'll note in the quote above that Muranishi has been with the county for nearly all that time, so at this point I'm assuming that Susan Muranishi is one of the primary contributors to a violent crime rate of 1682 per 100,000 residents. I don't know who's keeping her in her job, unless it's the supervisors of the other major US cities whose crime rates look much better when you compare them to Oakland.

I enjoyed reading a 2007 interview with Muranishi where she defined "success" as "making a positive difference." One can only imagine what salary she would have demanded had Oakland actually improved during her time in Alameda County. Her BA in Social Sciences from UC Berkeley led to a presumably unsuccessful retail executive position at Macy's department store before she burrowed into county administration and stayed there.

Muranishi's outrageous salary-for-failure tells us all we need to know about how money is spent in local government. When you're spending other people's money on your friends, it's not much different from spending it on yourself - you spend as much as you can get away with, and hang the value for money.

Cyprus evolves a solution - or revolution?

So Cyprus has decided to shaft the rich Russians in preference to the poor Cypriots, preserving deposits under €100K while completely screwing deposits in excess of that amount by setting up a "bad bank" which is going to return cents in the Euro to the large depositors. Apparently this will disproportionately affect rich Russians who bank in Cyprus, and one can only speculate about how well these gentlemen will take the asset confiscation. Belgian poet Herman van Rompuy brokered the deal on behalf of the EU, and so I assume that he doesn't plan to travel to Russia on vacation any time soon.

The Streetwise Professor points to Germany as the ultimate determinant of the direction of the Cyprus settlement and wonders:

So why is Germany so insistent on doing something that inflicts large losses on Russia-and elite Russians? Can the impending German election explain it? Or does Germany think that the fate of the Euro is on the line, and if saving the Euro p*sses off the Russians, so be it. Or is it something else? I wonder.
Now that spring has started in Europe, presumably the Germans aren't too worried about Russia cutting back on gas supplies in retaliation for taking a few €bn from Russian depositors in Cyprus. I do wonder, however, how wise it is for Germany to try playing a long-term strategy game against a country who a) control a significant proportion of the reliable fuel source for Germany and b) play international-level chess when they're in kindergarten. If Russia arranges for an unfortunate drop in gas supply to German in, say, late December, who's going to cover the power deficit?

2013-03-21

What needs fixing in UK education, in one tweet

THIS.

I hate the trend towards "creativity" in schools. It seemed to start with the introduction of the National Curriculum, which presaged a greater influence by the Department of Education and its favoured academics on what was taught in schools and exactly how it was taught. I'm all for children embracing their creativity, but it should be made very plain to them that there is a standard for grammar and spelling in written communication which they are expected to exceed before they can expect their creativity to be respected by readers.

I can do no better than quote Emily Postnews on the subject:

Q: I cant spell worth a dam. I hope your going too tell me what to do?
A: Don't worry about how your articles look. Remember it's the message that counts, not the way it's presented. Ignore the fact that sloppy spelling in a purely written forum sends out the same silent messages that soiled clothing would when addressing an audience.

CEO in favor of government penalising his competitors

Howard Schultz, CEO of Starbucks, is in favour of raising the Federal minimum wage. Quoted in the Huffington Post:

"On balance, I am a supporter of the minimum wage going up," he said. "We've got to be very careful what we wish for because some employers -- and there could be a lot of them -- will be scared away from hiring new people or creating incremental hours for part-time people as a result of that wage going up."
The Federal minimum wage is $7.25/hr and Obama is proposing to raise it to $9/hr. Since Starbucks baristas generally earn close to $9/hr, this change is unlikely to hurt Starbucks much. But smaller coffee chains that rely on minimum wage employees to undercut Starbucks and prevent their customers going next door for a banana latte and gluten-free cookie are going to be squeezed and forced to raise their prices, thus migrating more customers to Starbucks. I have to admire Schultz's business sense, but let's not fool ourself that his support for the minimum wage is anything but self-serving.

One point that's being lost among all the minimum wage discussion is that this pertains to the minimum wage set by the US Federal Government, not the states. Minimum wages can also be set in states and even cities. New York state is planning to raise the minimum wage from $7.25 to $8.75 for instance. The Federal minimum wage doesn't apply to small firms whose commerce doesn't cross state lines, but it looks like Burger King etc. are all exposed to this. So in a poor state where wages are low (often Republican-leaning states), the federal minimum wage hike is likely to leapfrog any state or city minimum wage setting. It's likely to have less of an effect in Democrat states like California and New York where wages and minimum wage levels are already high.

Interestingly, it's really going to hit employers of tipped workers (waitresses etc.) Since they are often employed on $2-$4/hr and rely on tips to hit $7.25, and the employer is responsible for paying the gap if tips fall short, and given that prices and hence tips are unlikely to rise, the employer may have to find another $1.75/hr - 50% or more of his current wage payments.

The Huff Post article has a slideshow of "People who hate the minimum wage", and first up is ex-Republican presidential candidate contender Herman Cain:

Though Republican presidential candidate Herman Cain never outright advocated abolishing the minimum wage, he did argue that minimum wage laws prevent workers at the margins from getting their first jobs. Cain was an executive in the restaurant industry, which is one of the largest employers of low-wage workers.
Sounds to me as if Herman Cain was ideally positioned to see the effect of minimum wage laws on low-wage workers. Why aren't we listening to what he has to say?

2013-03-20

A tale of two unlocks

Bypassing phone lock screens seems to be the story of the day: first, access to the phone book and photos of an up-to-date iPhone:

By locking the device and enabling the Voice Control feature, it is possible to circumvent the lock screen by ejecting the SIM card from its tray at the moment the device starts dialing.
From here, the phone application remains open, allowing access to recent call logs, contacts, and voicemail (if it isn't protected by a separate PIN code). But also from here, photos and video can also be accessed by creating a new contact. When a new contact is created, it opens up access to the photos application — including Camera Roll and Photo Stream.
Note that the iOS version tested (6.1.3) is the release which fixes the previous unlock screen exploit. One wonders how many more of these exploits are going to come around.

The impact of this bug is limited in frequency but severe in impact. Although all modern iOS devices appear to be vulnerable, the actual exploit does not (in general) give a thief much to work with. He can't apparently make calls or send texts with the device, which are the two potentially most expensive acts. Where it does have an impact is situations where the address book or photos data are regarded as valuable - generally, when the thief knows the iPhone owner or knows they are a friend of someone whose address, phone number or data he wishes to steal. Imagine, for instance, if someone got access to Pippa Middleton's iPhone and used this exploit to read contact information and photos of her family and friends.

But let's not just pile on Apple - Samsung is similarly vulnerable:

From the lock screen, an attacker can enter a fake emergency number to call which momentarily bypasses the lock screen, as before. But if these steps are repeated, the attacker has enough time to go into the Google Play application store and voice search for "no locking" apps, which then disables the lock screen altogether.
From there, the device is left wide open.
The interesting point here is that the vulnerability doesn't appear to be present on "stock" (Google-released) Android 4.1.2 phones - it appears to be peculiar to Samsung devices. That implies to me that in Samsung's effort to pile on their customisations to differentiate themselves from J. Random Other Android device provider, they may have sacrificed something in quality and security testing. Unlike Apple, however, I suspect Samsung don't particularly care. They will certainly care about this flaw (since it makes Samsung leading-edge phones even more attractive to tea leafs who wish to burn up their victims' phone bills) but I don't see them slowing down their development velocity. That's their primary differentiator over Apple - new features and innovation - and there's no way they're going to trade that for slightly improved security. Only if the flaws being discovered have substantial negative impact for the average user (phone crashing all the time, corruption of storage, inability to view videos of cats) will they impact sufficiently on Samsung to change their development direction.

2013-03-19

What is it about tobacco taxes and the Laffer Curve?

Whenever the Laffer Curve figures prominently in the wild, in my experience tobacco taxes seem to be disproportionately involved. Latest venue: Eire:

Finance figures showing that tobacco excise tax receipts are falling dramatically short of targets, even though [my italics] taxes have increased and the number of people smoking has remained constant at 29 per cent of the population.
It seems that journalist Ms. O'Shea doesn't understand Laffer Curves either. That "even though" would be better as "probably because".

A couple of months ago I wrote of a similar Laffer Curve in tobacco taxation across US states. It seems that tobacco is an almost irresistable target for state and national governments to tax (everyone hates smokers, they're a minority of voters but sufficiently numerous to feel like taxing them brings detectable revenue) but it just doesn't seem to turn out the way that the politicians expect:

Counterfeit cigarettes can be brought to the Irish market at a cost of just 20 cents a pack and sold on the black market at €4.50. The average selling price of legitimate cigarettes is €9.20 a pack.
Absent a massively increased risk for tobacco smugglers, I can't see how this situation is going to change for the benefit of the Eire government. If that cost figure is right, and a back-of-the-fag-packet calculation suggests it's at least plausible - though probably more like €0.4-0.5 - you're talking about 90%+ profit. No wonder 15%-20% of cigarettes in Eire are tax-free; I'm surprised it's not more.

While we're on the rule of unintended consequences, the article finishes with a warning from a former PSNI chief constable that the planned "plain packaging" rule for cigarettes could make life an awful lot easier for smugglers, and criminal gangs like the various IRA offshoots would significant beneficiaries. Something that a lot of people forget is that much of the IRA's funding came (and still comes) from criminal enterprises: protection, drugs, miscellaneous smuggling. Never mind drunken Americans in Irish bars in Boston, it seems that a fair amount of IRA funding is the result of government Puritanism.

2013-03-17

Computer networking - expensive to get right, more so to get wrong

I must confess, my right eyebrow twitched a little when I saw the Daily Mail headline "The new £300,000 doctors' surgery which has been open for just FOUR HOURS since January." After all, anyone who closes a new surgery for 2 months must have rather serious building infrastructure problem to deal with - subsidence, say, or substandard building materials - surely? Well, it seems that the surgery's problems are entirely digital:

[...] practice manager Gerry Barclay said: 'Despite the best efforts of all parties involved in getting the surgery open on January 14, it rapidly became apparent that we could not provide an efficient service to the community due to serious computer connectivity problems.
A less tasteful blogger than yours truly would have doubtless made a joke about DREs but I shall forego that indulgence.

I would love to have some clarification on those "connectivity" problems. Since telecomms engineers are involved, I would have suspected that it's a problem with the fiber connection between Westbury-on-Severn and Gloucester - still, that's only 8-10km, so quite why it's going to take 8 weeks to fix is a mystery. The surgery itself seems to be Drs Timothy Alder and Amanda Lacey, The Surgery, Westbury On Severn, Glos, GL14 1PB. Here's the official practice announcement:

Updated on 01 Mar 2013 - Following a meeting on-site with the Head of IT from Gloucestershire PCT, engineers from his team and the equipment installers, it is believed that a solution has been identified that will require additional equipment to be installed once funding is agreed. Although no definitive date for re-opening can be given as yet, it is anticipated that at least 8 weeks will be required to obtain the equipment, install then test it.
I mean, flippin' heck. That's going to be 4 months of downtime. Just what is BT and the PCT playing at? How could you spent £300K building a surgery only to find that the telecomms required for the surgery to operate at all simply don't work? Isn't this one of the first things you'd check before putting a new NHS site in a village? Can we assume then that the NHS requires dedicated fiber to all connected establishments? If so, this sounds like a terribly bad and expensive idea; the patient information services like EMIS shouldn't require more than a few Mbps of bandwidth, if that; consider the amount of information the GP refers to in a typical 10 minute patient consultation, multiply by two doctors and you're still looking at a tiny amount of bandwidth.

The Web has already solved the problem of secure transmission of information over a public network. Transport Layer Security (TLS/SSL, the protocols used to wrap HTTP to produce HTTPS) and the Certificate authority public key infrastructure in widespread use allows any out-of-the-box Windows or Mac desktop in the surgery to connect to NHS patient record endpoints, conduct 2-way authentication to confirm that each knows that the other is a valid client, and securely transmit data even if a black-hat attacker has complete control of the network between the surgery and the endpoint. Give the surgery a router that blocks all uninitiated incoming connections and you should be golden. This way you can set up a surgery in a shed in the back of someone's garden as long as you have a handy neighbour on whose WiFi connection you can piggy-back.

IT and comms problems like this indicate to me that the NHS continues to be wedded to slow-moving centralised solutions to communications security, exemplified by the NHS Spine. Rather than finding ways to tweak existing technologies and infrastructure for the system's requirements, the NHS - like so many other monolithic structures - believes that its requirements are so special that developing everything from the ground up would be more "efficient". In engineering we call this "reinventing the wheel" and expect such wheels to be decidedly fragile and unevenly circular. I note that the Connecting for Health prime contractor for the Spine was BT; doubtless they encouraged the NHS in this approach.

Connecting for Health was dementedly complicated. It was puffed up in publicity pieces as needing to meet terribly strict performance goals (up to 80 million patient records! megabytes of data per person!) Looking at the NHS National Network requirements we have four main features:

  • Choose and Book
  • Electronic Prescription Service
  • Summary Care Records
  • Picture Archiving and Communications System (the transfer of digital images such as X-rays and scans)
Choose and Book essentially manages appointment calendars for doctors and their associated facilities. This is not hard and does not require any detectable bandwidth. You have at least two physically separate servers storing any given calendar; one enables writes, the others subscribe to updates from the first server. You have a highly available central directory service (several replicas) which lets you query all doctors/facilities and returns the current list of servers for any given doctor's calendar, with the primary writable server first. When you want to choose+book, your GP connects to the directory, picks the right doctor, connects to the first server (if it is up and knows it can write appointments - if not, it works down the list of backup servers until it finds the current writer) and makes the calendar appointment. Since any given doctor/facility treats 1-20 patients per day, and will therefore average 1-20 bookings per day, you don't need many servers to serve tens of thousands of calendars.

Electronic Prescription is a per-patient query conducted by pharmacies - what prescription was this patient granted? You have a public key infrastructure so that individual GPs sign prescriptions with their private key, and pharmacies can then verify the prescription by checking it against a central record (updated daily) of valid and revoked GP signatures. Your maximum traffic is determined by the number of patients who go to a pharmacy for a prescription each day, which might be in the low millions - this means an average of about 200 queries per second or so during UK working hours. Note that prescriptions are almost always made locally to the pharmacy, so the pharmacy could choose whether to verify directly with the practice, or just check the GP signature against the daily known-good list. Again, very low bandwidth.

Summary care records and picture archiving are problems of managing per-patient data. Because people only seldom move around the country, you have a network of servers storing the data (each patient's data stored on 2-3 physically separate machines) and just store the patient data on servers close to the GP's surgery. If the patient goes to hospital for a stay of more than a few days, migrate their records to servers close to the hospital. In any case, GPs view text records and regular resolution images for a patient so the bandwidth requirements are small. You don't need real-time commits either; currently, updates from GP surgeries are doing well to make it in by the same day. If you have a 10 minute commit time for 95% of patients (time from the GP making the record change until that change is visible by a hospital 50 miles away), that's still massively better than you actually need.

Using common infrastructure and protocols drastically reduces the likelihood of a common-cause failure, and makes 8-week outages like Westbury-on-Severn a thing of the past. All you need to run the surgery is a regular PC with the standard NHS software installed, and the GP's private key data. You could connect to any commercial network of 1Mbps and up, and still expect a reasonably reliable service unless the network has major hardware problems.

The plan for any patient to be able to view their own records over the Net, incidentally, was demented. This should have been done through the surgery, with patients authenticating themselves to their surgery with a passport or similar in person in order to gain a temporary access token. That way, anyone with real concern about their record (very few people) would just need to turn up to their surgery to get access; remote attackers would be stymied, needing substantial social engineering and risk to turn up in the patient's currently registered surgery in order to get a token.

I would like someone in the know to produce a post mortem for "Connecting for Health" when it is finally dead and buried, investigating just why they ended up burning tens of billions of pounds reinventing a poor version of what the Web provided for free. I would like senior members of the contracting firms named and shamed where appropriate, and the same in spades for the NHS and Government officials who oversaw this disaster:

Originally expected to cost £2.3 billion (bn) over three years, in June 2006 the total cost was estimated by the National Audit Office to be £12.4bn over 10 years, and the NAO also noted that "...it was not demonstrated that the financial value of the benefits exceeds the cost of the Programme."
Labour owns this disaster, and every time they make a claim of financial prudence the Lib Dems and Tories should beat them over the head with it.

2013-03-15

Retirement risk - you can't remove it

Megan McArdle always wrote interesting (if occasionally economic-nerd-appealing) articles when she was at The Atlantic, and I'm glad to see that her move to the Daily Beast hasn't quenched the fire. Her latest piece on risk transfer in the USA retirement system should be required reading for anyone with a vested interest in retirement - and if you're planning to live to 65, this means you:

There is no system that gets rid of retirement risk. It just shifts who bears the risk. And don't think that there's some easy political fix, because the same political incentives that have stymied sound regulation of whatever system you want to fix, will also shape whatever new system you want to create.
McArdle is looking at the US retirement system, but the same situations and incentives apply almost equally in the UK. Indeed, she points out that the US state retirement solution (Social Security) is generally lauded for its relative lack of perverse incentives compared to other countries - yes, George Osborne (and Gordon Brown), we're looking at you.

For UK readers of McArdle's article, a 401K is pretty much the same as a personal (defined contribution) pension with tax relief on the contribution; Roth and IRAs (Individual Retirement Accounts) are similar though have different tax relief components. The problems faced both sides of the Atlantic appear to be distressingly similar:

That is, private pensions no longer rely on the premise that retirement can be made cheaper through investment in assets that grow faster than GDP. But such a free lunch was what made the plans attractive for employers in the first place, and as employers have faced the plans' real costs, they have increasingly eliminated them.
For anyone on the receiving end of a shutdown of a defined benefit private pension, McArdle's explanation will doubtless be cold comfort, but the truth is usually uncomfortable. She also identifies the risks associated with retirement:
  • investment risk: the money you put into the stock market gives lower returns than you were promised;
  • savings risk: you've saved too little for your retirement;
  • sovereign debt risk: government has borrowed too much and run out of the money promised to public sector workers and social security retirees.
  • company risk: the company pension fund either has too little money to pay retirees the full whack, or is nailed by a company bankruptcy.
  • tail vs idiosyncratic risk: attempts to provide a more "reliable" retirement funding concentrate risk so that previous common-but-small-impact failures (like companies going bankrupt) are replaced with unlikely-but-catastrophic failures (government running out of money, affecting pretty much everyone).
She points out that the move away from defined benefit pensions in the private sector removes company risk but replaces it with investment and savings risk. The attempts to get government to backstop all pensions are removing idiosyncratic risk but trading it for tail risk - if you think a government running out of money is unlikely, just look at Greece. And look at Spain, and Portugal, and in 10-20 years maybe France as well. She doesn't cover actuarial risk, but it's a factor too - if people live longer, annuity rates will fall and governments will need to pay out state benefits for longer.

Luckily public sector workers are rolling in the clover - aren't they? Well, being in the public sector they've traded idiosyncratic risk for tail risk:

Idiosyncratic failures are less likely to be catastrophic. It's very bad if your pension fund collapses. But you may have a sibling whose pension fund has not collapsed, or a spouse. Your children have a spare bedroom. You have social security benefits. And unless you live in a company town, you can probably pick up a part-time job--and if you do, you can move to one. But if everyone loses half of their social security benefits, your social network is probably suffering just as badly as you are.
For this reason, any country with an increasing fraction of employees employed by the public sector should be terrified. The cost of public sector pension payments can be met by increased public sector contributions, but governments find it much easier to raise contributions by employing more people - thereby deferring the problem, but ensuring that it's going to be that much worse when it hits.

The one solution I really like is Denmark's:

Denmark's quasi-mandatory system forces almost everyone to put 9-15% of their income into a defined contribution plan. Average assets in these plans total almost $200,000 per person.
Let's be clear; there's still investment risk here, but at least Denmark has eliminated savings risk. I doubt, however, that such a system can be extended to the UK (let alone the USA) without a massive depressive effect on the economy, and no politician is going to go for that. After all, the benefits won't be felt for 10-20 years, and he'll be up for election in 4.

2013-03-13

Turning the tables on expensive health care

For anyone who wonders "why the heck is US health care so expensive", may I recommend Jim Epstein's terrific piece in Reason on US physicians breaking from the insurance model and going for a direct payment model:

A drained abscess runs $30, a pap smear, $40, a 30-minute house call, $100. Strep cultures, glucose tolerance tests, and pregnancy tests are on the house. Neuhofel doesn't accept insurance. He even barters on occasion with cash-strapped locals.
Epstein points out that many of the costs of regular doctors come from having to employ an army of staff to manage the forms, phone calls and risks of the US "HMO" (health maintenance organisation, an insurer gone wild) model. Doctors like Neuhofel have had enough of the crap and costs which come with that model, and are reverting to caring for the patient rather than being an abused effective employee of HMOs. With direct care, their interests and their patients' interests are much better aligned.

I'm going to bill Epstein for the cost of replacement of a coffee-drenched keyboard, as a result of reading:

Insurance used to pay $128 for a bag of IV fluid. Now Davidson doesn't bother passing on the cost of IV bags because they run $1.50 each.
$128? IV fluid is SALT WATER! Sure, it's sterile, and sometimes they mix in sugar (D5W) but still, $128 for a couple litres of salt water? No wonder health care costs are out of control.

I think that the direct care model is great, but the big problem I can see is what happens when you really are sick and need to go to hospital. I can't see hospital bureaucracies moving to the direct care model; they're still going to need to deal with insurance because you really, really do need at least catastrophic care insurance (covering critical illness with a high deductible). Once you have the staff to deal with the insurance companies, the benefits of adopting direct care are much reduced. The secondary problem is the increased risk of lawyer attack for a direct care physician who only carries out treatments which seem necessary. The first patient of a direct care physician who misses a massively unlikely but important symptom through omitting an expensive test will be lawyered-up and litigating against the physician before you can blink an eye.

For those believing that Obama's healthcare reforms are going to help, remember that it is only going to increase the bureaucracy required to obtain healthcare, and look at what the current bureaucracy is costing subscribers:

Wong says he launched his business partly on the belief that Obamacare will drive up health care costs, causing more and more companies and individuals to drop out and start paying their own health care bills. Neuhofel agrees that Obamacare could be good for business. "I expect some real unintended consequences after Obamacare is implemented. There could be more uninsured people."
After all, any occasion where governments believe they can design a better system than the private sector (even one as bloated and demented as the US health insurance system) has to make one wonder at their optimism.

[ Hat tip: Advice Goddess Amy Alkon who has been banging this drum for years. ]

Self determination for all but the whites

Veteran clown Seumas Milne "argues" in the Guardian that the recent 1514 to 3 vote in favour of continued British rule of the Falkland islands is a North Korean-style ballot:

No doubt 1,514 island residents really did vote in favour of continued British rule. The only surprise was that three islanders dared to spoil the rousing choruses of Land of Hope and Glory by voting against.
It's that the poll was a foregone conclusion and designed to miss the entire point of Britain's dispute with Argentina over the islands – which began 180 years ago when one of Lord Palmerston's gunboats seized them and expelled the Argentine administration.
Astonishingly, Milne appears unaware of the fate of previous Guardian columnists (Flavia Dzodan, Sean Penn, ambassador Alicia Castro) putting forward their ideas on Argentina taking over the "Malvinas". He gets swiftly set straight in the comments:
The islands might be 8,000 miles from the UK (something that doesn't trouble other countries of the world with THEIR islands) but they are 400 from Argentina.
If distance is the issue, then it is still an issue with the Argentine claim. As would be the usual bollocks about "continental shelf."
There are numerous disputes - ones of a more serious nature - such as the islands disputed between the Japanese and Chinese, between North and South Korea, etc etc. I suggest that the Guardian gets stuck in there. Maybe send a journalist to stir up shit in China and Japan, North and South Korea.
It used to stagger me that a flagship journal for human rights and democracy, such as the Guardian styles itself, would support the military annexation of land and populations based on a flimsy-as-paper argument about a Huguenot, Luis Vernet, making a commercial settlement in 1828 under a joint Argentina-UK pact where Argentina refused to provide any warship to back his claim. Sadly, it appears that Seumas is happy to pursue any argument, no matter how absurd, as long as it is contrary to the policy of the UK government, even if that means backing the increasingly dictatorial and distasteful Argentine regime.

As the above commenter notes, there are plenty of more unsavory regimes casting their island claims far beyond their shores. That Seumas does not see fit to remark upon these makes one wonder what it is about the Falklands that he finds so exceptional.

Seumas is sadly not immune from the occasional inconsistency in his argument:

[...] most of whom weren't born there but are subsidised to the tune of £44,856 a head to keep them in the Rhodesian retro style to which they are accustomed?
I like the precision of that "44,856". The sly allusion to the racist imperialist rule in Rhodesia is also a nice touch. But what's this?
A generation on, the discovery of potentially large oil and gas deposits around the islands, development of fisheries and growing importance of the Antarctic sea lanes have changed the picture.
Well, Seumas, either the Falklanders are financial dependents, or they're not. Which is it?

Lasy word to commenter Chrispytl:

So Milne wishes to now simply ignore the wishes of virtually the whole of the residents of the Falkland Islands?
The man must really hate democracy.
He must love the EU though.
Seumas, I think you've met your match. Time for a piece on a less challenging topic.

2013-03-12

Iron Dome - success overstated?

Now the dust has settled on last year's Gaza punch-up, Professor Ted Postel of MIT has been looking at Iron Dome's performance. He's not particularly impressed:

According to Dr. Pedatzur, American expert Professor Theodore A. Postol said, "If the definition of a successful interception by the Iron Dome means destroying the warhead of the attacking missile, then the rate of its success during the Pillar of Cloud operation is very low: probably 5%."
He raises an interesting question: what is a successful interception by Iron Dome? Remember that a substantial component of Iron Dome is its knowledge of vulnerable versus safe areas for missiles to land in; it therefore engages a small subset of the ballistic missiles actually fired at it. Postol is pointing out that the warhead of a Qassam (a stovepipe with high explosive in the nose and fins welded on the back) is not huge and actually quite tricky to destroy.

If we can't judge success by the bangs in the sky, can we judge by the damage on the ground?

"Israelis have submitted about 3,200 requests to the authorities to repair homes that have been damaged by Palestinian rockets", which appears to be excessive given the IDF's claim that only 58 rockets got past Iron Dome.
Hmm. I'm not so sure about this. It depends very heavily on what "damage" consists of. I can well believe that even a small warhead, 5 to 10Kg of HE for the smaller Qassams, going off in an urban setting could mess up the windows of 10-20 houses and thus occasion a claim. That's before any fraudulent claims. So 58 rockets could conceivably generate 1000 claims; certainly, the numbers suggest more rockets landing than claimed, but it still looks like a healthy interception rate. That Rafael Armaments and the IDF are putting the best possible shine on Iron Dome's performance doesn't surprise me.

What's interesting is that Ted Postel was quoted back in November 2012 being fairly positive about Iron Dome:

"How well did Iron Dome work?"
It appeared to work very well—a lot better even than the people involved in building it expected. It's an astonishing achievement—I think it's even fair to use the word miraculous—to be able to hit these rockets with the reliability they demonstrated.
...
There were some news reports where they were talking about saving hundreds of lives, but that's a total misunderstanding of the lethality of these weapons. Before the recent attacks, some 11,000 or 12,000 rockets and mortars were launched over six or eight years, and in total, 60 or 61 people were killed. So if you are saving lives, it would be "several" lives.
It's therefore not obvious that Postel has an interest in playing down Iron Dome's performance, and he's had time and opportunity to review more data on it. I am not sure that the data he quotes fully supports his claims, but without much more detailed analysis it's hard for either of us to be sure of the real story.

The most important thing Iron Dome did, of course, was to make Israeli citizens feel relatively safe from Qassam rockets. It therefore provided political cover for the prosecution of the Israeli offensive against Hamas and their friends, which probably had a far greater medium and long term utility for Israel than keeping rockets out of homes.

2013-03-11

Sauce for the gander is sauce for the goose

Mr. Justice Sweeney sentences Chris Huhne and Vicky Pryce to 8 months apiece for perverting the course of justice:

In my view the matters advanced on your [Pryce] behalf do not amount to exceptional circumstances, thus it is clear that an immediate custodial sentence must be imposed in your case as well.
There can be no discount for a plea, nor any for genuine remorse – clearly there is none.
Having weighed all the various features, including the fact that CH was somewhat more culpable than you but his sentence was discounted to reflect his plea, the sentence that I impose on you is also one of 8 months' imprisonment.
There's not much to say here, beyond no doubt thousands of other couples thinking "there but for the grace of God..." It also reminds me of a proverb to which Vicky Pryce should have paid attention: "when you go to seek revenge, dig two graves."

I think Huhne and Pryce were fortunate that Mr. Justice Sweeney started from the point of a minimum sentence, realising that for the offending pair even one week of jail would be 90% of the punishment. It's quite possible that another judge would have leaned more heavily on the deterrence angle, especially for an ex-Minister such as Huhne who, if anyone, should be responsible for upholding and respecting a law.

2013-03-09

Instructive data on the effect of hypothecated bans

There's been a lot of talk about banning certain categories of weapons / accessories / limiting ammunition purchases in the good ol' US of A recently. Nothing's gone onto the statute book yet, but what's the effect? Bob Owens reports that you can't buy a gun or ammunition, but not for the reason you'd think:

The [gun store] owner was standing out front talking to the first customer in line as the clerks inside finished setting up for the daily rush. They would open promptly at 9:00 AM. [...] There were 25 souls patiently queued up from the front door down the sidewalk into the parking lot. This is the new normal, and has been for months. Sometimes the line is shorter, sometimes it is longer, and on days that it is cold and rainy, people sit in their vehicles until the store opens, but there is always a line.
Gun store owners jokingly laud President Obama as the best salesperson they've ever had, but there's a kernel of truth to it. If you threaten to ban something, those who want that item will (as long as that item has a long shelf life) pre-emptively stock up on it. After all, even if no ban comes to pass, they're still going to use up the item over time, so they've paid a small premium in return for security of supply.

Of course with the various UK plans to ban coffee, bacon and alcohol, getting the populace to lay in a stock for the future is a little trickier. Setting up one's own pig farm or still would seem to be the best strategy. You can always trade booze for coffee.

Donald Sensing anecdotally supports the above report from Bob Owens:

The problem is finding ammo. The gun counter had a sign posted that sales of ammo were restricted to three boxes per customer, and no more than one box can be of 9mm, .40-cal or .45-cal. Those calibers are also sold only from behind the counter now, no longer being placed on the shelves. As for .22-cal. long rifle, it is to laugh.
I chatted with the sales attendant for awhile, who told me that the store gets ammo delivered at 8 a.m. on MWF. "The line to buy starts forming outside at 6 a.m." He also said their ammo delivery amounts are just as high as ever, it just does not stay in stock.
Bear in mind that Sandy Hook (the trigger for the talk of firearms banning) was 3 months ago; this is not a flash in the pan. This is a sustained high demand, surpassing the industry's ability to ramp up production.

The net effect of all the talk on banning or restricting firearms? Bob Owens has no doubts.

In my estimation, this is the most heavily-armed the American people have ever been. I'm including the World Wars. Even then, the guns and ammo were going to military units deploying overseas, not going towards suburban stockpiles, and under freshly turned earth in hidden caches.
It's just possible that people like Senator Dianne Feinstein of California are secret agents of the NRA, proposing pointless bans on "assault-type" weapons in order to spur the populace to be better armed. Someone from the Huffington Post should probably write a conspiracy article about that.

Picking winners is easy

At least, that's the opinion of economist and Guardian favourite Ha-Joon Chang:

...[Britain] urgently needs to develop a long-term productive strategy through a broad-based public consultation involving not just the government and private sector firms, but trade unions, educational institutions and research institutes.
The government should talk to all these entities and ask them: "do you need more money?" I wonder what they'll say. Anyone want to have a guess? Anyone? Bueller?
The strategy should first carefully identify the industries, and the underlying technologies, that will be the future motor of the economy and then provide them with the necessary support. This could be in the form of subsidies for R&D, loan guarantees for small firms, or preferences in government procurement, and should be targeted at "strategic" industries, although they could also be in the form of policies that are apparently not industry-specific.
This sounds very much like a "picking winners" strategy. We remember how well that worked out in the 1970s with the National Enterprise Board who, for instance, sank £200 million into semiconductor specialist Inmos who never made a profit - and this in the middle of the semiconductor revolution. That £200 million in 1980, incidentally, would be about £800 million today.

Ha-Joon Chang may have spent a lot of time researching economics, but it would behoove him to examine a little history to see how well the policies he prescribes have turned out in the past. He's been calling for a selective UK industrial policy since at least 2010. The example he picked in that article is instructive:

For example, the Nokia Group had to sit through 17 years of losses (helped by government procurement programmes) in order to establish its electronics division, which is now the core of its business.
Let's look at Nokia's share price over the past 3 years. From about $10/share in November 2010 it's dropped to $3.68 a share today and had 2012 results of a €2.3bn loss. If Ha-Joon can't predict industrial success over 3 years, what makes him think that government can do any better?

Ha-Joon Chang has been teaching Economics at the same university for 23 years. Perhaps the lack of variety and challenge has made him a little stale.

2013-03-07

Balance

If the BBC is inviting the demented and mendacious PCS union shill Richard "I don't understand the difference between tax avoidance and tax evasion" Murphy of the Tax Justice Network to be their @BBCExtraGuest on Twitter this week, I'd like them to invite someone appropriately far to the economic right next week; say, Madsen Pirie of the ASI. Sound fair? What are the chances?

Richie's self-importance knows no bounds:

Paid your TV licence, Richard, like the rest of the UK. Of more concern: what did the Twitterverse do to get you bloviating on QT?

I don't object to Murphy spouting his opinions - after all, this is the Internet, and opinions are like arseholes. It's his complete refusal to engage in any sensible debate in his blog comments and dismissal of any dissent while he blurts out complete non-sequiturs. See his article on RR paying no tax in the UK and his comments:

Verth: Surely all RR was referring to was the fact they make their sales through overseas companies and hence pay tax there not in the UK. That's not spinning in my view. It seems to me you're the one doing the spinning by implying/suggesting that they have said they should be taxed on a sales destination basis, which I don't think is what they said at all."
Richard Murphy: But if 51% of all employees are in UK it's very likely all profit is made at point of sale In fact that's an absurd claim which has little or no foundation
"I don't want it to be true, so it isn't." No attempt at actual argument or deploying facts, numbers etc. For a chartered accountant you'd think he'd have a stronger attachment to facts. He's also an "economist", presumably in the same way that Polly Toynbee is an "economist" - he talks about economics and usually gets it wrong. Economics may be in his university degree title, but he shows no evidence of actually having read any of the literature.

Back to his QT twittering:

You see what I mean. "4 times as effective". Investment by whom? In what? Investment by the Government? That well-known multiplier of money? If it's 4x as effective, why isn't every Government investing 1bn instead of cutting 4bn? Is he even listening to himself? The man has no shame.

Of equal shamelessness:

£95bn is about £1400 for every man, woman and child in the UK. Since tax paid ultimately comes from people (workers, shareholders and company owners) Richard Murphy is claiming that every family of wife, husband and 2 children will have to find an extra £5600 per year in tax - or find someone else to pay it for them - in order to fill that "tax gap". Good luck with that, Richard. Corporation tax in 2008/2009 was £51bn so you'd have to nearly triple the corporate tax take to fill the "tax gap". I can't believe that the UK Revenue is leaving £90bn on the table. This fails even the laughter test.

2013-03-05

A-400M: not even a bargain at half the price

Angela Monaghan, the Telegraph's "industry correspondent" clearly knows what side her bread is buttered. She writes a slavishly lickspittle article welcoming the A-400M into service at the bargain price (for the RAF) of £3.2bn for 22 aircraft:

Philip Dunne, the minister for defence equipment, support and technology, says the A400M will become the "workhorse" of the RAF's lift capability, transforming how it does business. Speaking on one of the first flights of a sample A400M at Brize Norton, he said: "It has much greater lift capacity than the Hercules it will be replacing and much greater range, so that we will either be able to lift twice as much for the same distance, or travel twice as far with the same amount of kit."
Yes, the A-400M can carry 37 tonnes of kit 3300km, cruising around Mach 0.7. This is about twice the capacity of the C-130J Super Hercules which carries 19 tonnes of kit at about Mach 0.6. So this sounds like a no-brainer - except that a C-130J will set you back about $100m with all the options, or £60m, whereas the RAF is spending over £140m per aircraft for a basic A-400M.

Comparing it to the C-17 which cost the RAF about £70m each: the C-17 carries 77 tonnes of kit 4400km at Mach 0.74. Suddenly the A-400M doesn't look like so much of a bargain in either direction.

I refer you to the inimitable Lewis Page who nailed this project back in 2010:

The UK has been able to acquire much bigger, faster, longer-ranging C-17 Globemasters from the US in recent years for acquisition costs of £70m at most. A Globemaster carries more than twice what an A400M can and costs half what an A400M does: it is four times better value for money.
He quoted RAF Wing Commander Roger Green who was similarly forthright:
There is a problematic situation regarding the A400M should it go unserviceable whilst away from a main or RAF support staging base. Because the C–130 is in service with many air forces, and both the C–130 and the C–17 are operated by the USAF, the RAF has been able to take advantage of the mutual assistance that exists between national air forces on a global basis. That is not going to be the case with the A400M and it is likely that outside Europe, RAF A400M operations will have to be supported from its main base with the concomitant operational penalties.
Mr. Page was not impressed back in 2010, and his humour is unlikely to have improved over the past 3 years.

The A-400M is a staggeringly stupid and expensive project which was conducted solely to funnel money to the European aviation industry in order that they could continue to compete with Boeing, Lockheed Martin et al. It hasn't even achieved that aim - no-one sane would buy an A-400M when the C-130J or C-17 are available, established, operated world-wide and well-supported. I don't see any of these issues covered by Ms. Monaghan in her Telegraph article. Perhaps she should consider going out and doing some actual journalism.

2013-03-04

Want more tax? Buy more engines!

The usual suspects are out in the streets tearing their clothes at the news that Rolls Royce paid no corporation tax in the UK last year:

Rolls-Royce's annual financial statement, released in February, shows it made £1.4bn in pre-tax profit in 2012, an increase of 24% on 2011.
OK, corporation tax is on profit; there's profit, why isn't there tax? Well, it seems that Rolls Royce did pay a fair amount of tax - just not in the UK:
According to its records, last year Rolls-Royce paid £218m in taxes abroad where it said it conducts 85% of its business.
Indeed, Rolls Royce isn't selling many engines in the UK - we're not building many planes. The RAF Typhoon uses a Eurojet EJ200 which is based on a Rolls Royce design but produced by a consortium and (as far as I can tell) isn't in current production. The major airliner manufacturers are all based abroad. So it's not surprising that the sales of Rolls Royce engines are being booked abroad. The UK operation must be substantially loss-making in isolation - presumably they receive indirect revenue from the sales abroad, but not enough to generate any actual profit.

Someone needs to be given short shrift:

Chris Williamson, Labour MP for Derby North, said he had written to the chief executive of Rolls-Royce for more information.
He said: "We do need to get to the bottom of the story. All companies, irrespective of how many people they employ, have an obligation to pay tax if they are making profits here.
Well, because Rolls Royce employ a lot of people (many in Derby) and aren't selling engines in the UK, they're not making any profits here, are they? So, by your argument, the obligation to pay UK tax is negated.

Now the tax paid on profits worldwide isn't huge - £218m tax /£1.4bn profit is 15%, so I was curious about the nitty gritty of the figures as I'd have naively expected something over 20%. So I looked at the breakdown of their 2012 results. It rather looks to me that their taxation was £318m not £218m. Oopsie, BBC journalists. That's a 22% tax fraction which looks far more reasonable.

It seems entirely unsurprising to me that Rolls Royce has paid no corporation tax in the UK. They have over 20,000 people in the UK; if we assume a low average wage of £25,000 and a tax + employee/employer NI take of about £6000 per person, that's £120m contribution to the Exchequer right there, in good years and bad. This is before any local taxes on RR's substantial commercial properties, and the knock-on effect on Derby's economy - I remember vividly having to pay an unconscionable amount for a dingy hotel room with a sagging bed in Derby, and not much less for a passable Indian meal for four, when meeting with some RR folks. Good times.

Rolls Royce are one of the few UK engineering firms who actually appear to know what they're doing; contrast them with the sharks at BAE Systems if you want to see how good they really are. RR build engines at the top of the line which really perform, don't seem to overrun much and, unlike BAE, repeatedly win in a truly competitive world market. If Chris Williamson doesn't like them conducting all their sales overseas, he should be lobbying the Government to buy more RR engines. Of course, even he can see that without an actual need for those engines, the tax take would be more than offset by the engine sticker price. In the meantime, the USA is probably reaping much of the tax take from RR. You could try asking for it to be repatriated, of course. Good luck with that.

2013-03-03

CloudFlare: anatomy of an Internet outage

This morning, Internet hosting company CloudFlare dropped off the Net for an hour; their 23 data centers spread across 14 countries and 4 continents progressively vanished from the Internet. This was a near-total outage for them. CloudFlare have served over 1 trillion page views since they started, so they're not exactly amateurs at this business. How, then, could they have such a massive simultaneous outage?

To the immense credit of CloudFlare they posted an excellent post-mortem on their company blog:

The cause of the outage was a system-wide failure of our edge routers
[...]
We saw a DDoS attack [distributed denial-of-service; lots of computers across the world acting together to attack a target] being launched against one of our customers.
[...]
We have an internal tool that profiles attacks and outputs signatures that our automated systems as well as our ops team can use to stop attacks.
[...]
One of our ops team members took the output from the profiler and added a rule based on its output to drop packets that were between 99,971 and 99,985 bytes long
[...]
Flowspec [router configuring system] accepted the rule and relayed it to our edge network. What should have happened is that no packet should have matched that rule because no packet was actually that large. What happened instead is that the routers encountered the rule and then proceeded to consume all their RAM until they crashed.
If you're into networking to any degree, go read the whole post-mortem; it's exemplary - and it should make you a little concerned if you have Juniper routers in your shop. If you're not into networking, and wonder why this is so interesting and why it matters to the Internet as a whole, I shall attempt to pitch an explanation.

A bit of background first. The "edge routers" referred to above are devices that connect the CloudFlare data centers (buildings full of computers that run the CloudFlare websites) to the rest of the Internet. Edge routers function like postal sorting centres; every packet (addressed envelope) that comes to them will have its address checked, and the routers will determine whether the address is a local computer in the data center, or some other computer in the Internet. If the latter, the edge router has a list of other routers that handle different addresses; with our postal analogy, it's like realising that NW postcodes get handled by the north-west London regional sorting centre, so all envelopes with NW postcodes will get forwarded to that centre for further routing. The edge routers also advertise to their Internet neighbours which addresses they can handle; in this case, the addresses of machines in the CloudFlare data centers. That information propagates out through the Internet so that when you want to go to an address owned by CloudFlare, your ISP will send your packets to the edge router of the nearest appropriate CloudFlare data center.

Every data center will have at least two edge routers connecting it to the Internet; it may also have other routers which connect it directly to other CloudFlare data centres, but we'll ignore those for now. The reason it has at least two routers is for redundancy - if one router has a software or electronic failure, the other can keep things running until the first one is repaired. But if they are both the same model of router, and both have the same configuration, this only gives you very limited protection.

The outage ran roughly as follows:

  1. Unnamed bad people mount a distributed denial of service attack against a CloudFlare customer.
  2. CloudFlare spots the attack and runs its details through a program to work out how to block it.
  3. The analysis produces a very weird rule that blocking packets between 99,971 and 99,985 bytes long should stop the attack - this cannot possibly be correct as packets on the CloudFlare network are no bigger than 4500 bytes.
  4. A CloudFlare ops member sends that rule out to all the CloudFlare edge routers so that they will start ignoring the attack.
  5. The rule causes all CloudFlare routers to use up all their memory and crash, repeatedly.
  6. CloudFlare ops detect that they are disconnected from the Internet, and presumably their customer support hotline starts ringing off the hook.
  7. CloudFlare ops can't reprogram the routers via the network because they're continually crashing, so have to contact each data center to get someone to visit each router and physically restart them to wipe out the bad configuration.
  8. The routers restart, come back online, and get reprogrammed with a known good configuration that does not include the pathological rule.

If I were CloudFlare, I'd be making the following changes to my processes:

  1. Add a new edge router to each data center that is not a Juniper router;
  2. Perform some sanity checking and independent review on the DDoS traffic profiler so that if it spits out rules which could have no actual effect then they get spotted and stopped;
  3. Use a canarying process where new non-critical rules first get pushed out to low-traffic data centers and left to bake for 30-60 minutes, then rolled out to other data centers in a set (and carefully thought-out) sequence.

This is one of the aspects of the Internet's reliability that continues to worry me. It includes some very large, complex distributed systems owned by a range of companies (Microsoft, Google, CloudFlare, Facebook etc.) but within those companies there is a natural tendency to standardise on a single vendor and small range of devices to perform key functions like edge routing. The Internet as a whole is very diverse in technologies and software, which is why it is so robust, but we are going to keep seeing these large entities suffering large if not global outages as long as they value economy of scale in purchasing and maintenance over true system diversity. Worse, if multiple companies standardise on the same hardware, you get problems like the Juniper BGP routering vulnerability that nailed Blackberry maker RIM and a number of ISPs.

Fun fact: the last time that Google went down worldwide was 7th May 2005; a bad Domain Name Service configuration left google.com unfindable by the rest of the Internet for 10-20 minutes. Facebook's last major outage was also DNS-related and took it out for about 25 minutes on 10th December 2012.