Thursday, 5 September 2019

Thoughts on brexit and democracy

Whether you think we should leave or remain, as far as I can see these are the facts:
  1. For the past 40 years, the EU have been getting the blame for a lot of problems. Some of this is deserved, some of it is scape goating.
  2. In 2016 the Prime Minister, David Cameron, committed to doing "my best" to implement the result of the referendum.
  3. David Cameron arranged for parliament to legislate for an advisory referendum.
  4. Campaigns commenced, in which both sides lied. They stated things about our current relationship with the EU which were demonstrably untrue (or at the very least, were designed to mislead), they continued to do so after evidence was presented showing they were untrue, and they presented their predictions as fact - both sides said certain things would definitely happen if we voted to leave, and that certain things would definitely happen if we voted to remain.
  5. Several of the big campaigns broke the law (and this has since been proved in court.
  6. The referendum was held, in which 52% of voters voted to "leave" and 48% voted to "remain". Both options were unqualified as to exactly what they meant.
  7. David Cameron demonstrated what doing "my best" entailed by immediately quitting and leaving the problem to Theresa May.
  8. Parliament is made up of MPs who have direct contact with their constituents, but the government didn't try to gauge Parliament's understanding of what their constituents wanted from brexit, and therefore what Parliament were likely to support.
  9. The Conservative government interpreted the referendum result as meaning that a "hard" brexit should be implemented and started work to take us out of the single market.
  10. Parliament voted to start the process of us leaving the EU. 81% voted to start the process, 19% voted not to start the process.
  11. Despite 81% of the MPs apparently supporting leaving (at least, they voted to start the process), the government felt they didn't have a big enough majority to push through a "hard brexit", so called a general election.
  12. In 2017, the public democratically elected a new parliament, and the Conservative party lost their majority, but stayed in power as a minority government.
  13. The government's strategy to leave the EU remained unchanged despite the new mix of MPs - they were still negotiating a hard Brexit with no input from the new Parliament.  The MPs are elected to represent all of their constituents, but the government didn't consult with them to see what the constituents wanted from brexit, and therefore what Parliament would support.
  14. The government negotiated a "hard brexit" deal with the EU and then asked Parliament to support it.  Parliament refused to support it, which might not be surprising since the government had never asked if their view of brexit matched up with the views of the MPs.
  15. Courts ruled that there had been a lot of wrong-doing during the referendum, but that they couldn't invalidate the result because it had been legislated as an "advisory" referendum, despite David Cameron pledging to implement whatever the result was.  If the referendum had not been "advisory", its likely that the result would have been declared invalid and the whole thing re-run to make sure the public.
  16. There is testimony from an expert that there's good reason to believe that the illegal behaviour significantly affected the referendum result.  This is obviously expert opinion rather than provable fact.
  17. In 2019, Boris Johnson took over as Prime Minister.  One of his first acts was to prorogue (suspend) Parliament.  This would reduce the amount of time available to Parliament and likely reduce the amount of influence Parliament has over brexit.  I'm not commenting on why he is proroguing Parliament, only that he is and it has an impact.
  18. Boris Johnson has stated that he believes he will get a last minute deal from the EU, but that if he doesn't we will leave without a deal.
  19. The vast majority of MPs in Parliament have indicated that they don't support the UK leaving without a deal.
  20. The majority of MPs have indicated that they don't support risking a no-deal brexit.  There is good indication that many of them simply don't believe that the Prime Minister will get a deal.
  21. The Prime Minister reportedly hasn't actually tried to negotiate with the EU, which probably makes MPs less inclined to believe he will get a deal.
  22. Parliament have voted to prevent a no-deal brexit from happening.

Opinion

So, I've tried to be as factual as possible up until now.  I don't think you can reasonably argue that any of the facts above are untrue.  Certainly I've seen people dismiss expert opinion with comments like "oh but that expert is a remainer so their opinion doesn't count", but that doesn't change the fact that an expert has expressed an opinion.

This is where things get a bit more murky, because I'm putting my opinion forward rather than just sticking to the facts.  But I've tried to think critically and logically about this in light of all the facts.

Firstly, I think dismissing expert opinions as irrelevant because they might have some bias is a shame - all experts on both sides have valuable things to say.  But notably, most of the expert opinion I have seen is that leaving without a deal is going to cause big problems.  Conversely, the claims that everything will be fine always seem to be made by people who are not experts in the relevant field.  If you think it'll all be fine then that's great - go look at the evidence, reason critically and present your findings.  If you're not an expert and you're not prepared to present any evidence, please forgive me if I choose to believe the people who are qualified in the relevant field or are presenting compelling evidence.

Now, I have a problem with the original interpretation that the public voted for a "hard-brexit" for two reasons: Firstly, because the official Vote Leave campaign, and several other campaigns explicitly stated that voting "leave" would not lead to us leaving the single market, and as the referendum itself didn't specify one way or the other, there is absolutely no indication that this is what the majority actually wanted; and secondly because the voters only voted to leave by a fairly slim majority, so reasonably a government should also be working to accommodate the significant minority too. It seems to me that it would have been more reasonable for the government to try and accommodate both sides by taking some middle ground and heading for the "Norway solution", and indeed that is what most of the high profile campaigners on the "leave" side had been promoting immediately prior to the referendum.

Secondly, the government has put about more and more rhetoric that people voted to leave the EU at any cost, and that a no-deal brexit is "the will of the people".  Since there seems to be a problem demonstrating that the public voted for a "hard brexit", demonstrating that they voted for a no-deal seems even more of a problem.  I've heard it said that David Cameron is on video saying, prior to the referendum, that a no-deal is a possibility, but I've not seen this video, nor been able to find it.  Regardless, the official Vote Leave campaign, and most of the other big "leave" campaigns didn't discuss this possibility, so I don't think you can reasonably say that people expected it to happen as a result of voting to leave the EU.

My summary on this is: if the referendum result doesn't clearly show that people voted for a "hard-brexit" or "no-deal" brexit, rather than one of the many other types that were possible, you need to actually ask rather than just making it up.


Thirdly, the idea that Parliament preventing a no-deal is somehow undemocratic doesn't seem to make sense: MPs are elected to represent all of their constituents.  In order to do this they talk to constituents, etc. and if their constituents are overwhelmingly against no-deal they have an obligation to represent that view and vote against a no-deal..

Similarly, I've seen claims that Parliament doesn't represent "the will of the people" because most MPs are in favour of remaining.  I can't comment on whether a majority of MPs actually are in favour of remaining these days (I don't think there has been any indicative vote on that?) but you can't forget that they were democratically elected a year after the original referendum.  If a constituency still wanted to leave the EU, they wouldn't have elected an MP who supports remaining.  It seems only reasonable to assume that the current mix of MPs is reasonably representative of their constituencies, so if they are at odds with the referendum that seems to be all the more reason to suspect that the referendum result is no longer an accurate representation of "the will of the people".  Similarly, its important to remember that many of the current MPs weren't the ones who voted to start the process of us leaving, many weren't the ones who voted to have a referendum in the first place, and many were elected on a manifesto of not supporting brexit.

Finally, if you have a democratically elected Parliament, the idea that it is ok to use constitutional loopholes to prevent them from overturning a referendum that happened long before they were elected seems bonkers.  People change their minds, and you can't argue that a "remain" supporting MP who was elected in 2017 shouldn't be allowed to represent those views because their constituency voted "leave" in 2016 doesn't make sense - if the people of a "leave" voting constituency still wanted to leave, why would they have elected a "remain" supporting MP?

Democratically elected MPs who stand up for what they honestly believe their constituents now want, rather than what they wanted 3 years ago, are not "traitors" - please stop calling them that.  "Traitor" is not synonymous with "has s slightly different vision of brexit than me".

And last, but not least, comments like "the EU aren't trying to give us a good deal" make absolutely no sense at all. The EU's obligations are to negotiate in a way that benefits their members, they are not obliged to give us a good deal. If we're lucky, there will be overlap between things that benefit them and things that benefit us, and that's where a good deal for both sides comes from. But the EU isn't going to harm themselves in order to give us a good deal, and why should anyone expect them to?  At the moment, it appears that the EU has decided that agreeing to the UK's "red lines" is more harmful to them than a no-deal, and the only way we can change their opinion is by changing our red lines.

The fact that we are told that "give us a deal or we'll shoot ourselves in the head" is our best negotiating tactic really underlines just how weak the UK's negotiating position is, and if we won't compromise why would we expect the EU to?

Thursday, 29 August 2019

Carbon footprint

I've been doing some work estimating the carbon footprint of running servers with the aim to offset our products.  There are obviously two main parts to this: the emissions caused by manufacturing, supplying (and, at the end of its life, disposing of) the hardware, and those caused by actually running the hardware.  The former is a one-off cost each time you buy a new server, whereas the latter is the ongoing cost (e.g. electricity for powering the server, the air conditioning to keep it cool, etc.)

There are lots of different types of emissions that contribute to climate change, and for simplicity these are all summed together and expressed as kilograms of CO2 equivalent (kgCO2e).

Dell, helpfully, publish carbon footprint figures for their hardware, but unfortunately don't explain their methodology and some of the figures look suspiciously like a work of fiction to me.  I'll look at the Dell PowerEdge R440 as an example.

Dell's data sheet estimates a total carbon footprint and breaks down the carbon footprint into several aspects by percentage.  So I can use that total and the breakdown to calculate the carbon footprint of each aspect:
AspectPercentageEmissions
Manufacturing15.7%1155.52 kgCO2e
Transportation0.3%22.08 kgCO2e
Use83.9%6175.04 kgCO2e
EoL0.1%7.36 kgCO2e
TOTAL100%7360 kgCO2e

The data sheet estimates it uses 1480.002 KWh / year, and they assume a 4 year life, so that's 5920.008 KWh over its life.  They don't say what "Use" actually includes - I'm assuming that it is just the electrical power consumed by the server.

The amount of CO2e created in order to generate a KWh of electricity depends on how you're generating it - wind, hydro, solar, nuclear, etc. produce low emissions, coal produces very high emissions, gas is somewhere in the middle.  In the UK, DEFRA publish annual conversion factors based on the current generation mix on the national grid.  This changes year to year (the trend is downwards as we add more green capacity to the grid) and in 2019, this conversion factor is 0.2773 kgCO2e / KWh including transmission and distribution.  Other countries have a different mix of generating capacities, so will need a different conversion factor.

So, given the electricity consumption that Dell estimate over the server's life (5920.008 KWh), the emissions quoted for "Use" seem outrageously high - the conversion factor they seem to have used works out at 1.043 kgCO2e / KWh - almost 4 times the DEFRA figures.

A 2011 report from the Parliamentary Office of Science & Technology estimates that coal power (which is the worst case) produces 0.786-0.990 kgCO2e / KWh, so Dell's figure is even worse than the worst case of running the hardware off 100% coal power.

Its possible that their "Use" figure also includes the air conditioning required to keep the server cool.  If this is the case it makes their figures quite useless since they don't actually say that's what they're doing.  A rule of thumb is that about 50% of the power consumed by a data centre goes on air conditioning, so that would make their conversion factor 0.5215 kgCO2 / KWh - still way above DEFRA's figures for 2019.  In fact, even DEFRA's conversion factor from 2002 is significantly lower than this.

Unfortunately, very few other server vendors seem to publish figures to use as a comparison.  I couldn't find anything for HP kit (they provide a carbon footprint calculator, but this is only for printers, workstations and stuff rather than servers, and it also doesn't work at all).  Lenovo don't publish any information for their servers, but they do for workstations - although I haven't analysed their numbers in depth, they do look more reasonable than Dell's, attributing around 50% of the emissions to "use".

Recalculating Dell's figures using DEFRA's conversion factors, I would expect something like:
AspectPercentageEmissions
Manufacturing40.9%1155.52 kgCO2e
Transportation0.8%22.08 kgCO2e
Use58.1%1641.62 kgCO2e
EoL0.3%7.36 kgCO2e
TOTAL100%2826.58 kgCO2e

This looks more in line with Lenovo's figures.

Thursday, 28 March 2019

Netfilter's conntrack

People who use Linux for firewalling tend to use iptables to set up their rules.  The subsystem in the Linux kernel that actually does the firewalling is called Netfilter.

I've never found a complete description of all of Netfilter's features, especially some of the lesser used ones.  So here is a bit of an overview which includes a few recent discoveries that I've not seen documented elsewhere:

Netfilter includes a connection tracker, which can keep track of each flow that the system is handling.  Each flow has a 32 bit value called the connection mark (connmark), which you can use for anything you like.  This mark allows you to record 32 bits of information that persists as long as the flow does rather than having to treat each packet in complete isolation.

Packets traversing through the system are always in one of the following connection tracking states: UNTRACKED, INVALID, NEW, ESTABISHED, RELATED.

UNTRACKED and INVALID refer to packets that are either explicitly being excluded from connection tracking, or that the connection tracker doesn't think are valid for the current state of the flows that it knows about.

When a new flow is established, the first packet is in either the NEW or RELATED state, and subsequent packets are in the ESTABLISHED state.  RELATED means that netfilter thinks that the new flow is somehow related to another flow, and therefore shouldn't be handled in complete isolation.

I've seen information elsewhere that says that when a flow starts in the RELATED state, it inherits the connmark from the parent.  Experimentation shows that this isn't entirely accurate (or at least, not entirely clear).  It turns out that flows that start in the RELATED state permanently share the same connmark data with the flow(s) that they are related to.  This means that if any of the flows change their connmark, those changes also affect any other flows that they are related to.

The REJECT filter target asks the kernel to drop the packet being processed and reply with some kind of packet that indicates that it was rejected.  For example, "-j REJECT --reject-with tcp-reset" will respond with a TCP RST packet.  The response packet originates in the OUTPUT chains and has a state of RELATED, rather than being considered part of the original connection as you might expect.

In the case of rejecting connections with a TCP RST packet, the RST will, of course, have the same 5-tuple as the original TCP connection.  There doesn't appear to be any way of accessing a unique ID that identifies the flow, so as far as I can tell it is (probably) impossible for an external application to reliably tell the difference between packets belonging to the original (rejected) flow, and packets belonging to the related flow that carries the RST.

It is a shame that a flow ID isn't made available to user applications through the NFLOG / NFQUEUE interface.  Some poking around suggests that a flow ID *might* be available through the NFQA_CT section of the netlink message, so that warrants further investigation maybe.