Blogroll

I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading.

Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!

Frank Fetter and the Austrians

Mises Institute - 34 min 6 sec ago

Although students of Austrian economics are familiar with Mises, Hayek, and the other major figures of the school, there are many economists who worked in and around the Austrian tradition—and made crucial contributions to it—whose writings are today neglected. One of the most significant of these is the American Frank A. Fetter, the “forgotten giant” of the Austrian school.

When I began studying the Austrians, I noticed that Fetter’s name often appeared on standard lists of economists who worked in the tradition. (For example, he receives a chapter in the excellent collection 15 Great Austrian Economists, now available in an abridged audio version here). But as I explored his work, I also noticed that almost every discussion of it focused mainly on drawing parallels between his theories and those of the Austrians, without mentioning any personal or professional relationships he had with them, or what they might have thought of each other.

Unlike Mises, for instance, whose personal manner and life story are preserved through audio recordings and first- and second-hand accounts, there are virtually no published records that describe what Fetter was like, or how he interacted with his fellow economists. And besides some positive remarks scattered throughout his works, there is almost no evidence that he ever met or seriously engaged with the Austrians, especially after the First World War. At first glance then, it seems as if his connection to the Austrians was more “spiritual” than practical.

However, a wealth of unpublished records in the archive of Fetter’s papers and correspondence tell a very different story, and I’m happy to say that after a great deal of research in the collection, I have been able to uncover this history for the first time. You can read the full details in a new paper that will appear shortly in the Journal of Institutional Economics (ungated version here). Below I will mention a few highlights of Fetter’s fifty-year relationship with the Austrian school.

Fetter’s Influence on the Austrians

Fetter’s most Austrian work is in the field of value, price, and distribution theory. Both his criticism and positive theory quickly attracted the attention of the Austrians, whom he met during trips to Vienna in 1910 and 1914, and also during their own visits in the US.

He became particularly close with Böhm-Bawerk, with whom he went climbing in the mountains of Austria. In economics, Böhm-Bawerk bestowed high praise on Fetter’s price theory, writing to him that,

The method that you follow… is Daedalian and original, and has led to a good number of insightful and unexpected results. Moreover, I rejoiced in many a fine use of terms that you incorporated into the analysis of your historical-statistical material. They definitely made a good and important step toward the improvement and standardization of that instrument of our scientific inquiries that we refer to as terminology.

Even though they diverged on interest theory (Fetter sharply criticized Böhm-Bawerk’s partial-productivity theory of interest), Böhm-Bawerk was still able to write that “Your work is so penetrated by a truly scientific spirit that I always enjoy reading it even if I cannot fully agree.”

Fetter’s pure time preference theory of interest was more in accord with Mises’s views. But beyond a few scattered references, Mises never publicly indicated that Fetter was a major inspiration for his writings on the subject. Once again though, the unpublished record puts things in a different light. In 1938, while drafting Nationalökonomie, the German-language predecessor to Human Action, Mises wrote to Fetter to express his appreciation, stating that, “In these last months I have reread your contributions on the theory of interest. It is my firm opinion that they are more important than any other contribution on the subject since Böhm-Bawerk. I am indebted to them.” Given Mises’s regard for Böhm-Bawerk and his parsimony with compliments, this is a great tribute.

Fetter remained in contact with the Austrians throughout the inter-war period, during which he befriended many young students of the Mises Circle who looked to him for both professional advice and guidance as an expert theorist. Oskar Morgenstern, for example, worked as Fetter’s editorial assistant on a multi-volume festschrift for Wieser, co-edited with Hans Mayer and Richard Reisch.

In fact, there were scarcely any Austrian economists in the period 1900-1950 who didn’t have some kind of interaction with Fetter. The list of those he influenced is a who’s who of Austrian economics: Eugen von Böhm-Bawerk, Gottfried Haberler, W.H. Hutt, Fritz Machlup, Hans Mayer, Ludwig von Mises, Oskar Morgenstern, Joseph Schumpeter, and Friedrich von Wieser. He was also friends with other US economists of interest to the Austrian school, such as Benjamin Anderson, John Bates Clark, Arthur Marget, and Frank Taussig. And although Fetter was not a liberal in Mises’s sense (Fetter was also influenced by early progressivism), he nevertheless was friends with liberals and libertarians like Henry Hazlitt, Garet Garrett, and John T. Flynn, and shared some of their views.

Fetter’s Place in the History of Economic Thought

Importantly, like Joseph Schumpeter (who quipped that “only fish go in schools”), Fetter was highly suspicious of attempts to conveniently label economists as members of one group or another. Not only do school labels make it easy to misrepresent opponents’ views without actually understanding them, they can also lead to blind devotion and intellectual stagnation. In Fetter’s own case:

[A]ltho my years of economic study were spent entirely under teachers of the historical school, yet I was early tagged as an adherent of “the Austrian school”, because of my recognition of their substantial contributions… [Yet] I have never been consciously an adherent of any “school” or sect of economic theory and have earnestly striven to prevent either pride of personal opinion or a mistaken sense of loyalty to the ideas of any writer or school from dimming my eyes to newly discovered truth. I have continued to believe that sharp differences of opinions among economists on intellectual issues is consistent with mutual respect and halting friendship, and that in such matters the one loyalty, is loyalty to the search for truth, not to some theoretical hero, living or dead, or to some cult, past or present.

These sobering words should challenge contemporary economists of all types. As Joseph Salerno explains in his essay “Economics: Vocation or Profession,” economics is a search for meaningful truths about the world. Yet whether labels are based on an individual or a school, they often take on lives of their own, in some cases even replacing sound arguments as standards of truth. Taking Fetter’s warning seriously is one good way to ensure that we do not fall into this trap.

Categories: Current Affairs

30 Years Later: Margaret Thatcher’s Vision for Europe Revisited

Mises Institute - 34 min 6 sec ago

Europe is today in the midst of a debate on the future of the European Union. It is not the first one: back before the Maastricht Treaty was passed in 1992, political leaders were discussing as well about where the EU, or as it was called back then, the European Community, was heading. Should it go the way of the “ever closer union,” or revert back to the fundamental principles? There was a split going through Europe on questions like this.

This was the situation in which the British prime minister Margaret Thatcher found herself on September 20, 1988, when she stepped in front of a crowd at the College of Europe in Bruges. “I decided that the time had come to strike out against what I saw as the erosion of democracy by centralization and bureaucracy, and to set out an alternative view of Europe’s future,” she would later write in her memoirs The Downing Street Years.

The result was today’s infamous yet magnificent ‘Bruges speech,’ which was far from being anti-EU, but a stark warning against Brussels, and an attempt to save the EU in the wake of federalists demanding more and more integration. This week, we are celebrating the thirtieth anniversary of this speech. And, as it turns out, it has stood the test of time shockingly well. Indeed, many of the warnings that Thatcher put forth are even truer today (which you can read in our new study).

The European Heritage

In Thatcher’s vision, the European heritage is of crucial importance. She tries to teach us that Europe can be proud of its history. While wars did play too big of a role in the past, Europe is still the continent in which the ideal of individual liberty prevailed before anywhere else. It is the continent which brought forth many of the greatest innovations, artistic pieces, literary works, and intellectuals the world has ever seen.

Great Britain has played an instrumental part in the European story, Thatcher makes clear: “Our links to the rest of Europe, the continent of Europe, have been the dominant factor in our history.” Britain has contributed mightily to European history and its values with the Magna Carta, the Glorious Revolution, and many other major steps on the path to freedom. But so has Britain benefitted from its link to mainland Europe, for instance having “borrowed that concept of the rule of law which marks out a civilized society from barbarism.”

This special relationship, says Thatcher, must be retained. Today this is even truer: on the eve of Brexit, it is of the utmost importance to keep this mutual understanding between the two sides intact, regardless of whether Britain is in- or outside of the EU.

Despite the millennia-long European history of (much) success, we need to remember that it is the long history of Europe that is important, not the EU (the latter being only sixty years old): “Europe is not the creation of the Treaty of Rome. Nor is the European idea the property of any group or institution.” Not everyone who criticizes the EU is automatically anti-European — an important point in today’s world in which Europe and the EU are most of the time used synonymously.

Rather, the European Union is a tool which can be used to promote the values Europeans defended so often in the twentieth century: the EU “is not an end in itself,” but rather “a practical means by which Europe can ensure the future prosperity and security of its people.”

A Europe of Free Enterprise and Free Trade

What is the way to future prosperity? For Thatcher, it is “to deregulate and remove the constraints on trade.” It means “action to free markets, action to widen choice, action to reduce government intervention.” Instead of increasing centralization and regulatory efforts, Europe should remain a champion of free enterprise. History — and the Soviet Union, should be enough proof that centralized decision-making doesn’t work.

The EU should not only be pro-trade to the inside, however. Instead, it should be globally oriented: “Europe never would have prospered and never will prosper as a narrow-minded, inward-looking club,” she warned. Free trade with the outside world — something that the EU is lacking to this day (while forcing all member states to comply with its trade policy), is one of the most important competences of Brussels: “we must ensure that our approach to world trade is consistent with the liberalisation we preach at home.”

For this, a strong relationship with America is needed. For Margaret Thatcher, the US was indeed to a certain extent part of Europe, “in the sense that she shares a common heritage of civilised values and a love of liberty.” It is a natural fit between the two sides of the Atlantic, since the core values are shared with one another. In the face of today’s trade wars and aggressions on both sides, it would be all the worse if this relationship would be squandered in just a few months’ time.

Against Eurotopia

If there is any argument with which the prime minister hit home continuously, it was her stark opposition to a centralized federal state, ruled by the Brussels bureaucracy. The idea of a United States of Europe is a utopia that “never comes, because we know we should not like it if it did.” Instead of politicians trying to create a single European identity, the mantra should be unity in diversity: “Europe will be stronger precisely because it has France as France, Spain as Spain, Britain as Britain, each with its own customs, traditions and identity. It would be folly to try to fit them into some sort of identikit European personality.”

In Margaret Thatcher’s opinion, the EU should stay a supranational organization which is based on voluntary cooperation between sovereign states, rather than one federal state. She perhaps felt alone with this opinion when she presented it thirty years ago. But today, with another debate on the future of the European Union — and even farther down the road of the “ever closer union,” we should keep in mind what Lady Thatcher said, and “to raise the flag of national sovereignty, free trade and free enterprise — and fight.” Indeed, as the prime minister wrote in her memoirs, “if there was ever an idea whose time had come and gone it was surely that of the artificial mega-state.”

Originally published by the Austrian Economics Center.

Categories: Current Affairs

In Socialist Venezuela the Poor Starve to Death While the Politically Powerful Feast

Mises Institute - 34 min 6 sec ago

The socialist policies of the Venezuela government continue to impose a living hell on its people. Hyperinflation has turned its currency to literal garbage. Mortality rates have skyrocketed for groups such as infants, pregnant mothers and the elderly as clinics have shut down and medicine grown scarce. Food has disappeared from store shelves forcing the population to consume pets and zoo animals.  A recent poll found that 78% of Venezuelans “reported trouble keeping themselves fed.”

Of course, this is not true for all Venezuelans.

Earlier this week President Nicolas Maduro was seen in a plush Istanbul restaurant lavishly dining on expensive steaks while smoking fine cigars, the check paid for by the wealth his regime has drained from his people. Once again we see that under socialism “all animals are equal, but some animals are more equal than others."

While the outrage over Maduro’s obtuse opulence is well deserved, it serves as only a gaudy reminder of how socialism actually operates in the real world. The more controlled an economy becomes, the more it benefits those with power.

While less obvious than Maduro’s dinner prepared by celebrity chefs, we’ve seen this play out throughout the country. The regime understands that its survival depends upon keeping the guns of government pointed at the people, and not at themselves. As such, the country has fallen into rule by corruption, with the police and military being offered access to food and supplies in exchange for their loyalty.

Maduro’s government is able to benefit from the trade in a variety of ways. As a South American businessman told an AP reporter last year, a bribe to the right official allows him to sell his goods to the Venezuelan government. He can afford to pay it because the government pays him a higher price than international markets do. The government then takes the food and gives it to the military, who is then able to feed their families and sell the rest – and for dollars as opposed to increasingly worthless bolivars.

It’s been noted that in Venezuela today, black markets in food are “a better business than drugs." As is the case with any other black market, the business is even better if it comes with the protection of a government badge. Not only is Maduro’s regime active in supplying the black markets of government officers, but they also unleash the police on the bachaqueros – illegal vendors – that compete with them.

This is not the only way that those with state privilege are able to profit from the horrors of socialism.

As the Miami Herald reported recently, those close to Maduro – including his stepsons – have been able to exploit the government’s currency exchanges at rates that don’t take into consideration the hyperinflation going on within the country. It has resulted in $1.2 billion money-laundering case filed in Miami:

In the Miami federal case, prosecutors charge that a network of Venezuelan businessmen and executives with the national oil company PDVSA managed to quickly turn $42 million worth of bolivars into $600 million in U.S. dollars by simply making a “loan” to the state-owned firm. PDVSA tapped into the government exchange to pay off the loan in a few months and, according to federal court records, funneled the windfall back to the ring. Its members then hid the money in Europe and the U.S. and bought up mansions from Cocoplum to Wellington in South Florida.

Russell Dallen, a Miami businessman who manages a capital investment company and formerly owned a newspaper in Venezuela, dubbed the government currency scheme a “perpetual money machine.”

“That’s one of the reasons why Venezuela has not changed this [government exchange] system,” said Dallen, a financial investor who has closely followed the money-laundering case.

This corruption, of course, is not unique to Maduro's regime - but simply a byproduct of the socialist system he inherited. Hugo Chavez may still remain popular among many within the country, but his own corruption has enabled his daughter to enjoy a life of luxury. Her wealth has been estimated in the billions, so she can even afford more houses than Bernie Sanders and nicer outfits than Alexandria Ocasio-Cortez. 

Socialism is sold to the idealistic and naïve as a way to end the inequality that exists in a free market. In reality, it only changes the way in which power and privilege is consolidated. On the market, wealth is acquired through voluntary exchange and serving the desires of consumers - one of the many ways it makes us more humane.  In socialism it’s acquired through force and brutality. As F.A. Hayek explained in The Road to Serfdom, the result is the worst rising to the top.

For the people in Venezuela, their future will not be improved by simply replacing Maduro for a more modest socialist leader. It can only come by rejecting the very ideology that has eroded away the country’s wealth for decades. Until then, those with political power will continue to live at the expense of their neighbors.

Categories: Current Affairs

Introducing the Cloudflare Onion Service

CloudFlare - 2 hours 49 min ago
Introducing the Cloudflare Onion Service
  • When: a cold San Francisco summer afternoon
  • Where: Room 305, Cloudflare
  • Who: 2 from Cloudflare + 9 from the Tor Project
Introducing the Cloudflare Onion Service

What could go wrong?

Bit of Background

Two years ago this week Cloudflare introduced Opportunistic Encryption, a feature that provided additional security and performance benefits to websites that had not yet moved to HTTPS. Indeed, back in the old days some websites only used HTTP --- weird, right? “Opportunistic” here meant that the server advertised support for HTTP/2 via an HTTP Alternative Service header in the hopes that any browser that recognized the protocol could take advantage of those benefits in subsequent requests to that domain.

Around the same time, CEO Matthew Prince wrote about the importance and challenges of privacy on the Internet and tasked us to find a solution that provides convenience, security, and anonymity.

From neutralizing fingerprinting vectors and everyday browser trackers that Privacy Badger feeds on, all the way to mitigating correlation attacks that only big actors are capable of, guaranteeing privacy is a complicated challenge. Fortunately, the Tor Project addresses this extensive adversary model in Tor Browser.

However, the Internet is full of bad actors, and distinguishing legitimate traffic from malicious traffic, which is one of Cloudflare’s core features, becomes much more difficult when the traffic is anonymous. In particular, many features that make Tor a great tool for privacy also make it a tool for hiding the source of malicious traffic. That is why many resort to using CAPTCHA challenges to make it more expensive to be a bot on the Tor network. There is, however, a collateral damage associated with using CAPTCHA challenges to stop bots: humans eyes also have to deal with them.

Introducing the Cloudflare Onion Service

One way to minimize this is using privacy-preserving cryptographic signatures, aka blinded tokens, such as those that power Privacy Pass.

The other way is to use onions.

Introducing the Cloudflare Onion Service

Here Come the Onions

Today’s edition of the Crypto Week introduces an “opportunistic” solution to this problem, so that under suitable conditions, anyone using Tor Browser 8.0 will benefit from improved security and performance when visiting Cloudflare websites without having to face a CAPTCHA. At the same time, this feature enables more fine-grained rate-limiting to prevent malicious traffic, and since the mechanics of the idea described here are not specific to Cloudflare, anyone can reuse this method on their own website.

Before we continue, if you need a refresher on what Tor is or why we are talking about onions, check out the Tor Project website or our own blog post on the DNS resolver onion from June.

As Matthew mentioned in his blog post, one way to sift through Tor traffic is to use the onion service protocol. Onion services are Tor nodes that advertise their public key, encoded as an address with .onion TLD, and use “rendezvous points” to establish connections entirely within the Tor network:

Introducing the Cloudflare Onion Service

While onion services are designed to provide anonymity for content providers, media organizations use them to allow whistleblowers to communicate securely with them and Facebook uses one to tell Tor users from bots.

The technical reason why this works is that from an onion service’s point of view each individual Tor connection, or circuit, has a unique but ephemeral number associated to it, while from a normal server’s point of view all Tor requests made via one exit node share the same IP address. Using this circuit number, onion services can distinguish individual circuits and terminate those that seem to behave maliciously. To clarify, this does not mean that onion services can identify or track Tor users.

While bad actors can still establish a fresh circuit by repeating the rendezvous protocol, doing so involves a cryptographic key exchange that costs time and computation. Think of this like a cryptographic dial-up sequence. Spammers can dial our onion service over and over, but every time they have to repeat the key exchange.

Alternatively, finishing the rendezvous protocol can be thought of as a small proof of work required in order to use the Cloudflare Onion Service. This increases the cost of using our onion service for performing denial of service attacks.

Problem solved, right?

Not quite. As discussed when we introduced the hidden resolver, the problem of ensuring that a seemingly random .onion address is correct is a barrier to usable security. In that case, our solution was to purchase an Extended Validation (EV) certificate, which costs considerably more. Needless to say, this limits who can buy an HTTPS certificate for their onion service to a privileged few.

Introducing the Cloudflare Onion Service

Some people disagree. In particular, the new generation of onion services resolves the weakness that Matthew pointed to as a possible reason why the CA/B Forum only permits EV certificates for onion services. This could mean that getting Domain Validation (DV) certificates for onion services could be possible soon. We certainly hope that’s the case.

Still, DV certificates lack the organization name (e.g. “Cloudflare, Inc.”) that appears in the address bar, and cryptographically relevant numbers are nearly impossible to remember or distinguish for humans. This brings us back to the problem of usable security, so we came up with a different idea.

Onion addresses are like IP addresses, not domain names

Forget for a moment that we’re discussing anonymity. When you type “cloudflare.com” in a browser and press enter, your device first resolves that domain name into an IP address, then your browser asks the server for a certificate valid for “cloudflare.com” and attempts to establish an encrypted connection with the host. As long as the certificate is trusted by a certificate authority, there’s no reason to mind the IP address.

Roughly speaking, the idea here is to simply switch the IP address in the scenario above with an .onion address. As long as the certificate is valid, the .onion address itself need not be manually entered by a user or even be memorable. Indeed, the fact that the certificate was valid indicates that the .onion address was correct.

In particular, in the same way that a single IP address can serve millions of domains, a single .onion address should be able to serve any number of domains.

Except, DNS doesn’t work this way.

How does it work then?

Just as with Opportunistic Encryption, we can point users to the Cloudflare Onion Service using HTTP Alternative Services, a mechanism that allows servers to tell clients that the service they are accessing is available at another network location or over another protocol. For instance, when Tor Browser makes a request to “cloudflare.com,” Cloudflare adds an Alternative Service header to indicate that the site is available to access over HTTP/2 via our onion services.

Introducing the Cloudflare Onion Service

In the same sense that Cloudflare owns the IP addresses that serve our customers’ websites, we run 10 .onion addresses. Think of them as 10 Cloudflare points of presence (or PoPs) within the Tor network. The exact header looks something like this, except with all 10 .onion addresses included, each starting with the prefix “cflare”:

alt-svc: h2="cflare2nge4h4yqr3574crrd7k66lil3torzbisz6uciyuzqc2h2ykyd.onion:443"; ma=86400; persist=1

This simply indicates that the “cloudflare.com” can be authoritatively accessed using HTTP/2 (“h2”) via the onion service “cflare2n[...].onion”, over virtual port 443. The field “ma” (max-age) indicates how long in seconds the client should remember the existence of the alternative service and “persist” indicates whether alternative service cache should be cleared when the network is interrupted.

Once the browser receives this header, it attempts to make a new Tor circuit to the onion service advertised in the alt-svc header and confirm that the server listening on virtual port 443 can present a valid certificate for “cloudflare.com” — that is, the original hostname, not the .onion address.

The onion service then relays the Client Hello packet to a local server which can serve a certificate for “cloudflare.com.” This way the Tor daemon itself can be very minimal. Here is a sample configuration file:

SocksPort 0 HiddenServiceNonAnonymousMode 1 HiddenServiceSingleHopMode 1 HiddenServiceVersion 3 HiddenServicePort 443 SafeLogging 1 Log notice stdout

Be careful with using the configuration above, as it enables a non-anonymous setting for onion services that do not require anonymity for themselves. To clarify, this does not sacrifice privacy or anonymity of Tor users, just the server. Plus, it improves latency of the circuits.

Introducing the Cloudflare Onion Service

If the certificate is signed by a trusted certificate authority, for any subsequent requests to “cloudflare.com” the browser will connect using HTTP/2 via the onion service, sidestepping the need for going through an exit node.

Here are the steps summarized one more time:

  1. A new Tor circuit is established;
  2. The browser sends a Client Hello to the onion service with SNI=cloudflare.com;
  3. The onion service relays the packet to a local server;
  4. The server replies with Server Hello for SNI=cloudflare.com;
  5. The onion service relays the packet to the browser;
  6. The browser verifies that the certificate is valid.

To reiterate, the certificate presented by the onion service only needs to be valid for the original hostname, meaning that the onion address need not be mentioned anywhere on the certificate. This is a huge benefit, because it allows you to, for instance, present a free Let’s Encrypt certificate for your .org domain rather than an expensive EV certificate.

Convenience, ✓

Distinguishing the Circuits

Remember that while one exit node can serve many many different clients, from Cloudflare’s point of view all of that traffic comes from one IP address. This pooling helps cover the malicious traffic among legitimate traffic, but isn’t essential in the security or privacy of Tor. In fact, it can potentially hurt users by exposing their traffic to bad exit nodes.

Remember that Tor circuits to onion services carry a circuit number which we can use to rate-limit the circuit. Now, the question is how to inform a server such as nginx of this number with minimal effort. As it turns out, with only a small tweak in the Tor binary, we can insert a Proxy Protocol header in the beginning of each packet that is forwarded to the server. This protocol is designed to help TCP proxies pass on parameters that can be lost in translation, such as source and destination IP addresses, and is already supported by nginx, Apache, Caddy, etc.

Luckily for us, the IPv6 space is so vast that we can encode the Tor circuit number as an IP address in an unused range and use the Proxy Protocol to send it to the server. Here is an example of the header that our Tor daemon would insert in the connection:

PROXY TCP6 2405:8100:8000:6366:1234:ABCD ::1 43981 443\r\n

In this case, 0x1234ABCD encodes the circuit number in the last 32 bits of the source IP address. The local Cloudflare server can then transparently use that IP to assign reputation, show CAPTCHAs, or block requests when needed.

Note that even though requests relayed by an onion service don’t carry an IP address, you will see an IP address like the one above with country code “T1” in your logs. This IP only specifies the circuit number seen by the onion service, not the actual user IP address. In fact, 2405:8100:8000::/48 is an unused subnet allocated to Cloudflare that we are not routing globally for this purpose.

This enables customers to continue detecting bots using IP reputation while sparing humans the trouble of clicking on CAPTCHA street signs over and over again.

Security, ✓

Why should I trust Cloudflare?

You don’t need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers, so you could audit this service using Nimbus, our certificate transparency log, to reveal any potential cheating.

Additionally, since Tor Browser 8.0 makes a new circuit for each hostname when connecting via an .onion alternative service, the circuit number cannot be used to link connections to two different sites together.

Note that all of this works without running any entry, relay, or exit nodes. Therefore the only requests that we see as a result of this feature are the requests that were headed for us anyway. In particular, since no new traffic is introduced, Cloudflare does not gain any more information about what people do on the internet.

Anonymity, ✓

Is it faster?

Tor isn’t known for being fast. One reason for that is the physical cost of having packets bounce around in a decentralized network. Connections made through the Cloudflare Onion Service don’t add to this cost because the number of hops is no more than usual.

Another reason is the bandwidth costs of exit node operators. This is an area that we hope this service can offer relief since it shifts traffic from exit nodes to our own servers, reducing exit node operation costs along with it.

BONUS: Performance, ✓

How do I enable it?

Onion Routing is now available to all Cloudflare customers, enabled by default for Free and Pro plans. The option is available in the Crypto tab of the Cloudflare dashboard.

Browser support

We recommend using Tor Browser 8.0, which is the first stable release based on Firefox 60 ESR, and supports .onion Alt-Svc headers as well as HTTP/2. The new Tor Browser for Android (alpha) also supports this feature. You can check whether your connection is routed through an onion service or not in the Developer Tools window under the Network tab. If you're using the Tor Browser and you don't see the Alt-Svc in the response headers, that means you're already using the .onion route. In future versions of Tor Browser you'll be able to see this in the UI.

We've got BIG NEWS. We gave Tor Browser a UX overhaul.

Tor Browser 8.0 has a new user onboarding experience, an updated landing page, additional language support, and new behaviors for bridge fetching, displaying a circuit, and visiting .onion sites.https://t.co/fpCpSTXT2L pic.twitter.com/xbj9lKTApP

— The Tor Project (@torproject) September 5, 2018

Any last words?

Similar to Opportunistic Encryption, Opportunistic Onions do not fully protect against attackers who can simply remove the alternative service header. Therefore it is important to use HTTPS Everywhere to secure the first request. Once a Tor circuit is established, subsequent requests should stay in the Tor network from source to destination.

As we maintain and improve this service we will share what we learn. In the meanwhile, feel free to try out this idea on Caddy and reach out to us with any comments or suggestions that you might have.

Acknowledgments

Patrick McManus of Mozilla for enabling support for .onion alternative services in Firefox; Arthur Edelstein of the Tor Project for reviewing and enabling HTTP/2 and HTTP Alternative Services in Tor Browser 8.0; Alexander Færøy and George Kadianakis of the Tor Project for adding support for Proxy Protocol in onion services; the entire Tor Project team for their invaluable assistance and discussions; and last, but not least, many folks at Cloudflare who helped with this project.

Addresses used by the Cloudflare Onion Servicecflarexljc3rw355ysrkrzwapozws6nre6xsy3n4yrj7taye3uiby3ad.onion cflarenuttlfuyn7imozr4atzvfbiw3ezgbdjdldmdx7srterayaozid.onion cflares35lvdlczhy3r6qbza5jjxbcplzvdveabhf7bsp7y4nzmn67yd.onion cflareusni3s7vwhq2f7gc4opsik7aa4t2ajedhzr42ez6uajaywh3qd.onion cflareki4v3lh674hq55k3n7xd4ibkwx3pnw67rr3gkpsonjmxbktxyd.onion cflarejlah424meosswvaeqzb54rtdetr4xva6mq2bm2hfcx5isaglid.onion cflaresuje2rb7w2u3w43pn4luxdi6o7oatv6r2zrfb5xvsugj35d2qd.onion cflareer7qekzp3zeyqvcfktxfrmncse4ilc7trbf6bp6yzdabxuload.onion cflareub6dtu7nvs3kqmoigcjdwap2azrkx5zohb2yk7gqjkwoyotwqd.onion cflare2nge4h4yqr3574crrd7k66lil3torzbisz6uciyuzqc2h2ykyd.onion

Subscribe to the blog for daily updates on our announcements.

Introducing the Cloudflare Onion Service
Categories: Technology

Hancock's half hour

Adam Smith Institute - 3 hours 49 min ago

You will have by now noticed that the role of the Secretary of State for Health and Social Care is not to do anything important, like sorting out the NHS, but to provide gentle amusement whilst in transit.

Social care is a favourite. According to Richard Humphries of the King’s Fund, the last 20 years has seen a dozen consultations and green and white papers on how social care should be improved, and funded more fairly, but nothing has actually happened.

The present incumbent has now come up with the bright wheeze that "workers could have their pay docked to pay into a new social care fund". "People who made payments could either have all their future care costs met by the fund or, more likely, would benefit from a cap that would mean they did not have to pay care bills above a certain level."

Workers would be free to opt out of the scheme but those who did would get no benefits. Mr Hancock suggests that "auto-enrolment" for social care would just be a simple extension of "auto-enrolment" for pensions, introduced in 2012 and proving more successful than sceptics expected. But that was because employees got the benefit of employers' contribution. That would not be the case here.

Presumably workers, and everyone else, would be allowed to opt in and out according to their financial pressures at those times. Keeping track of what individuals have contributed, their entitlements, and the entitlements of their partners, would clearly be difficult. Maybe Mr Hancock, who must believe history repeats itself will come up with stamps as the solution.

A person’s entitlement, and that of their partner, would be calculated from the value of stamps purchased and when (because inflation will need to be taken into account). Just imagine how many civil servants will be needed to do these individual calculations on top of tax and pensions.

National Insurance was set up in 1911 with much the same mission, except it included pensions. They wanted to keep it simple with every worker (and employer) making the same contribution pro rata to wages. Mr Hancock no doubt has the same simplicity in mind. But his freedom to opt in and out will complicate matters. In pensions this became “Class 1” and then it dawned on the government that the self employed had to be treated differently so Classes 2 and 4 were born. Class 3 is for voluntary contributions. Labour governments are especially fond of complicating further – notably in 1948 and in the 1990s.

107 years on, HM Treasury are still fiddling with it. Class 2 is merging with Class 4 and white van man is unhappy: he thinks he is paying too much whilst others think he gets off lightly.

The key point here is that the handing out of benefits based on stamps (contributions) was deemed discriminatory. National Insurance is now simply a tax and benefits are part of state welfare available to all according (in theory) to need rather than contribution.

In short, National Insurance is a mess and it should be merged with Income Tax. But that won’t happen soon.

Mr Hancock wants to do it all over again. It will fail (if it ever happens) for the same reasons. The poor will opt out because they cannot afford the contributions but, when the time comes, will demand the benefits in the name of fairness. And based on all evidence of recent history, they will be right to assume government will capitulate and pay.

The rich do have an obligation to take care of the poor when social care is needed. There is a need to redistribute in an advanced economy that can afford it. And it is all becoming a great deal more expensive with longevity, increasing mental health problems and social care increasingly needed by those of working age: “It is notable that over half of these additional cost pressures arise from care and support to meet the needs of working age adults.”

Mr Hancock is wrong though to believe that his department, or local authorities or any other part of government, can run insurance schemes better than the free market can. Insurance companies have looked at this problem and walked away: too expensive as a whole. But the upper end of it, just like BUPA, could well be handled by the free market and that would have a small benefit for social care as a whole just like private healthcare has on the NHS.

The simple and effective way to enlarge the private social care insurance market would be to make the premiums tax deductible. What HMRC loses in tax, government saves on welfare. Then treat social care similarly and in harness, but not merged, with the NHS. Simples.

Categories: Current Affairs

Girl Guides are becoming more unhappy - this isn't a surprise

Adam Smith Institute - 8 hours 48 min ago

We’ve a survey telling us that Girl Guides are becoming more unhappy as time passes. That is, the newer generations are more unhappy than the older age cohorts were. This is not a surprise, at least some of this will come from the economic and social emancipation of women.

The survey:

There has been a sharp decline in happiness among girls and young women in the UK in the last decade, with the majority of them blaming exams and social media for causing stress, a major survey has found.

Just one in four (25%) girls and young women between the ages of seven and 21 described themselves as “very happy” in the latest girls’ attitudes survey for the Girlguiding organisation – down from 41% in 2009.

This is not an isolated finding, Stevenson and Wolfers have found the same to be true - to some extent - right across the rich world.

The question is, well, why? The answer being that old economists’ favourite, opportunity costs. It has always, for as long as we’ve been measuring such at least, true that men report being unhappy at higher rates than women. The decline in female happiness is really bringing their rate down to that of their male contemporaries. So, why?

It’s hardly controversial that men historically had more life choices than women, that this inequality is either well on the way to being or entirely wiped out now. This should make women unhappier.

Yes, unhappier. For the cost of anything is what is given up to gain that thing. The more choices one has the more is given up by choosing any one mode or method of life. As women’s choices have expanded their levels of reported happiness have declined to those of the men who have always had such a palette of shades to life.

No, this doesn’t mean that any increase in unhappiness is from this cause. But it does mean that we’ve got to be careful about the attribution of any change in these levels of happiness. Strange but true, some of it will be coming from the way the world is getting better.

Categories: Current Affairs

Where Caesar’s Image Isn’t

Blog & Mablog - 13 hours 48 min ago

“Caesar identifies his own with his image; God identifies His own with His image. Caesar is therefore required by God to recognize what is not lawful for him to have. Marriage is right at the center of what is not lawful for him to have” (Same Sex Mirage, p. 71).

The post Where Caesar’s Image Isn’t appeared first on Blog & Mablog.

Categories: People I don't know

Socialism and 'Social' Justice

Mises Institute - Wed, 19/09/2018 - 20:35
Volume 11, Number 2 (1995)

I may, as a result of long endeavors to trace the destructive effect which the invocation of ‘social justice’ has had on our moral sensitivity, and of again and again finding even eminent thinkers thoughtlessly using the phrase, have become unduly allergic to it, but I have come to feel strongly that the greatest service I can still render to my fellow men would be that I can make ... speakers and writers ... thoroughly ashamed...to employ the term ‘social justice’.

—F.A. Hayek1

In his Preface to The Mirage of Social Justice, Hayek explained how he came to conclude “that the Emperor had no clothes on, that is, that the term ‘social justice’ was entirely empty and meaningless” and “that the people who habitually employ the phrase simply do not know themselves what they mean by it and just use it as an assertion that a claim is justified without giving a reason for it”.

I

In his Preface to The Mirage of Social Justice, Hayek explained how he came to conclude “that the Emperor had no clothes on, that is, that the term ‘social justice’ was entirely empty and meaningless”2 and “that the people who habitually employ the phrase simply do not know themselves what they mean by it and just use it as an assertion that a claim is justified without giving a reason for it”.3

Certainly, as Hayek proceeded so painstakingly to show, this cant expression is usually employed quite thoughtlessly. Few if any of those who habitually employ it have even attempted to produce a systematic and consistent rationale for its application. But this is still not sufficient to show that it is “entirely empty and meaningless”. For there is in fact sufficient regularity in the actual usage of the expression ‘social justice’ to provide it with a meaning, albeit a meaning which is somewhat vague and variable.

In that meaning it can be defined most illuminatingly as referring to the achievement by extensive statist means of whatever would for socialists be an ideal distribution of goods of all kinds. Following the suggestion made by Hayek in his Preface to the Second Edition of The Road to Serfdom — a work dedicated to “The Socialists of All Parties” — the word ‘socialism’ is here to be understood to mean: “not the nationalization of the means of production and the central economic planning which this made possible and necessary...” but “...the extensive redistribution of incomes through taxation and the institutions of the welfare state”.4

Consider, for example, quotations from a Fabian Society review of the 1974-9 Labour Party administrations in the United Kingdom (Bosanquet and Townsend 1980). The Editors proclaim “that the Labour Party can and should light a flame in a world of injustice and inequality.”5 Contributor after contributor speaks of “socialist canons of equality and social justice”6 and of “a more socially just and equal society”.7 One even goes so far as to lay it down — without attempting to explain what this might mean or why we should accept it as true — that, in particular, “Racial equality requires a society which is equal in all respects”.8

Such identification of inequality with injustice and of equality with social justice have become characteristic of “the socialists of all parties”.9 According to Bosanquet and Townsend, these identifications were manifested in two ways. In the first place, none of the contributors made any attempt to respond to the request of the editors that they should examine and elucidate “the meaning of equality”. In the second place, and perhaps still more significant, the editors failed to demand, and the contributors neglected to offer, any reasons at all either for adopting equality as a value or for concluding themselves entitled or required to impose that value upon others by force. No doubt it appeared to one and all altogether obvious that a just society must be an equal one; if not perhaps, if this is conceivable, “a society which is equal in all respects”. For, given the equation between equality and justice, then there would certainly be no need for further justification on either count.

This suggests the reason why Hayek was wrong to maintain “that the people who habitually employ the phrase [social justice] just use it as an assertion that a claim is justified without giving a reason for it.” For anyone asserting that some policy is required by a kind of justice is in fact giving what — if but only if their assertion were true — would constitute the best of reasons. The truth, however, is that social justice as customarily conceived is precisely not a kind of justice.10

On the contrary, such ‘social’ justice essentially involves what, by the standards of the old-fashioned, without prefix or suffix, sort of justice must constitute a paradigm case of flagrant injustice; namely, the abstraction under the threat of force (the taxing away) of (some of) the justly acquired property of the better off in order to give it (less, of course, some often substantial service charge) to those whose previous just acquisitions or lack of just acquisitions have left worse off.

It is of the greatest importance to socialists as here conceived thus to maintain that their cherished policies are mandated by a kind of justice. For this enables them to see themselves — and, hopefully, to be seen — as in incontestable occupation of the moral high ground. It thus becomes possible for a spokeswoman for a Labour Opposition to say in all sincerity during a House of Commons debate upon a Queen’s speech: “Our complaint against the Government, and in particular the Prime Minister, is that brick by brick they have set out to create an unjust society.”11

Again, it is only on the assumption that Procrustean policies12 are mandated by a kind of justice that their supporters become equipped with an answer to the objection of those who would ask by what right they are proposing to employ the enforcement machinery of the state in order to realize their own personal vision of the ideal society? If but only if the prescriptions of social justice were indeed mandates of a kind of justice, then the socialists certainly would have a decisive answer to this libertarian objection. For, as Adam Smith so soundly observed in his other masterpiece:

The man who barely abstains from violating either the person, or the estate, or the reputation of his neighbours, has, surely, little positive merit. He fulfills, however, all the rules of what is peculiarly called justice, and does everything which his equals can with propriety force him to do, or which they can punish him for not doing.13

II

In the Preface to The Mirage of Social Justice, Hayek proceeds to explain why he decided not to try “to justify my position vis-a-vis a major recent work”, namely “John Rawls A Theory of Justice”. It was “because the differences between us seemed more verbal than substantial”.14

This decision was both somewhat surprising and extremely unfortunate. It was surprising since it was explicitly grounded upon a passage from an article Rawls published much earlier, and to which Hayek himself confessed that he could find no satisfactory parallel in the later book.15 It was unfortunate, since it ensured that The Mirage of Social Justice received far less attention than it should have done, and otherwise would. For although the book of Rawls is misleadingly entitled A Theory of Justice, it in fact deals only — or, some might say, alternatively — with “the principles of social justice”, principles which, we are told, “provide a way of assigning rights and duties in the basic institutions of society and...define the appropriate distribution of the benefits and burdens of social cooperation”.16

From the beginning Rawls assumes that social justice thus conceived constitutes the greater part if not the whole of justice, insisting that (unqualified) “Justice is the first virtue of social institutions, as truth is of systems of thought”.17 Later, however, albeit only once and as it were parenthetically, he does at least warn readers not to confuse “The principles of justice for institutions with the principles which apply to individuals and their actions in particular circumstances”.18

Because this book attempted to satisfy the need for some clear formulation and persuasive rationalization of the putative principles of social justice, it received on its first appearance such a wide and overwhelmingly enthusiastic welcome that it at once became, and has ever since remained, the standard starting point for all subsequent discussion. For instance, in a notably uncritical “Critical Notice”, the lifelong socialist Stuart Hampshire wrote:

I think that this book is the most substantial and interesting contribution to moral philosophy since the war, at least if one thinks only of works written in English. It is a very persuasive book, being very well argued and carefully composed.19

It presents, Hampshire continued,

a noble, coherent, highly abstract picture of the fair society, as social democrats see it...This is certainly the model of social justice that has governed the advocacy of R. H. Tawney and Richard Titmuss and that holds the Labour Party together.20

III

What actually holds the Labour Party together as an organization is, surely, the strength of the labour unions, which created it in the beginning and which continue to provide by far the greatest part of its funding. But Hampshire was certainly right to suggest that intellectuals who are social democrats, in the present understanding of the expression,21 are inspired by some such ideal of social justice. Indeed at the time of writing the Labour Party itself is debating the replacement of its original statement of aim, which demanded “the nationalization of the means of production,” with a new statement, which will most likely revolve around the ideal or ideals of equality and social justice conceived as requiring “the extensive redistribution of incomes through taxation and the institutions of the welfare state.” For us here the crucial question is whether social justice so conceived is indeed a kind of justice. If we are to answer that question truly we must recall the warning issued by Plato’s Socrates: “If I do not know what justice is I am scarcely likely to find out whether it is an excellence, and whether its possessor is happy or not happy.”22

That was a warning to which Rawls not so much fails as refuses to attend. He never finds room to quote, much less to examine, either some variant of the traditional definition of the word ‘justice’ or any preferred alternative. Indeed it is only on his five hundred and seventy ninth page that he thinks to explain, without any suggestion of apology, that he was eager “to leave questions of meaning and definition aside and get on with the task of developing a substantive theory of justice.”23

So what is justice? Among those who have asked themselves this question there seems, at least until comparatively recently, to have been little disagreement.24 The central, crucial element in their definitions has always been what Plato scripted Polemachus to offer as his first suggestion: “to render to each their due,”25 a phrase later translated into Latin as suum cuique tribuere. Ulpian prefaced this with two further clauses, making his own definition run: Honeste vivere, neminem laedere, suum cuique tribuere [To live honestly, to injure no one, to render to each their own]. The Institutes of Justinian proclaim that the mark of a just person is a constant and perpetual resolve to render to each suum jus [his right, his own]. That last Latin expression is in such contexts naturally construed as referring to the several and presumably often very different deserts and entitlement of different individuals, the deserts primarily under the criminal and the entitlements under the civil law. These traditional definitions tend to confirm the contention that “To apply the term ‘just’ to circumstances other than human actions or the rules governing them” — such as the operation of social institutions or the behaviour of some hypostatized Society — “is a category mistake”.26

Rawls distances his conception of social justice still further from the justice which can and can only characterize the actions of individuals and the general rules governing those actions by his refusal to recognize entitlements which are neither (creditably) deserved nor (discreditably) undeserved. Thus from the premise “that no one deserves his place in the distribution of native endowments, any more than one deserves one’s initial starting place in society” he apparently infers that no one can be morally entitled to anything gained in consequence of enjoying such not-deserved because neither deserved nor undeserved entitlements.27 But this conclusion is unconscionable. For neither universal human rights, nor individual property rights, nor claims to the legitimate possession and retention of one’s own bodily parts are grounded in pretended desert.28 Rawls, nevertheless, is not prepared to accept the implication that, in as much as social justice is not a variety of traditional, without prefix or suffix justice, the cherishers of this ideal of ‘social’ justice (a.k.a. the Procrusteans) are as such neither occupants of the moral high ground, nor entitled to draw on the forces of the state to realize their ideal.

IV

At one point in A Theory of Justice Rawls claims that “Throughout the choice between a private-property economy and socialism is left open...”29 But the hypothetical contracting parties who “in the original position” are to make the hypothetical social contract from which he proposes to derive the fundamental principles of social justice have to take for granted the ultimately collective ownership of all wealth and income. “For simplicity” we are required to “assume that the chief primary goods at the disposition of society are rights and liberties, powers and opportunities, income and wealth”.30

The contracting parties are also conceived as operating behind a veil of ignorance: “...no one knows his place in society, his class position or social status; nor does he know his fortune in the distribution of natural assets and abilities, his intelligence and the like”.31 It should be noticed that this prescription is introduced not so much to ensure impartiality but because it supposedly expresses “the result of leaving aside those aspects of the social world that seem arbitrary from a moral point of view”.32

After the captivating frankness of the confession that “We want to define the original position so that we get the desired solution”,33 and given that the hypothetical contracting parties have therefore been made to assume both that all relevant property is collectively owned and that all individual differences in social situation and personal achievement are morally irrelevant, it should come as no surprise that they cannot but “acknowledge as the first principle of justice one requiring an equal distribution. Indeed, this principle is so obvious that we would expect it anyone immediately.”34

Nor is it surprising to find that Rawls is no more eager than most other advocates of equality and social justice to settle for an absolute equality of wealth and income. Thus he continues: “If there are inequalities in the basic structure that work to make everyone better off in comparison with the benchmark of initial equality, why not permit them?”35 Why not indeed, if only we were considering two alternative arrangements both of which were allowed to be morally indifferent? But Rawls has from the beginning himself insisted that “laws and institutions no matter how efficient and well arranged must be reformed or abolished if they are unjust”.36 He might perhaps, had he recognized this difficulty, have tried to wriggle out of it by assuming, somewhat implausibly, that all those who are to be assigned37 below average incomes would agree to abandon their rights not to be exceeded in return for some suitably substantial additions to the lower income which they would otherwise have enjoyed. For it is a well established legal principle that volenti non fit injuria.

Having failed to appreciate this first difficulty, Rawls proceeds by way of salutary remarks about envy to another, which he also fails to recognize. Earlier the pellucidly unequivocal prescription that “social and economic inequalities are to be arranged so that they are...reasonably expected to be to everyone’s advantage” was characterized as “ambiguous”.38 Now it is laboriously construed as a formulation of what Rawls calls the Difference Principle: “Inequalities are permissible when they maximize, or a least all contribute to, the long-term expectations of the least fortunate group in society”.39 This unlovely dog-in-the-manger principle simply cannot be derived from what Rawls himself has just proclaimed to be, on his own assumption, the first principle of justice. If that is indeed to be accepted as fundamental and inviolable, and if the desired above average inequalities are to be shown to be at least not unjust, then not only members “of the least fortunate group in society” but also all the others who are to be less than average advantaged will have somehow to be bought off.

V

Section I, above, drew attention to some of the benefits which socialists derive from pretending that the prescriptions of ‘social’ justice are the mandates of (unqualified) justice. These benefits are implications carried by that claim. There are, of course, also costs. One of these is rarely noticed. Yet it deserves special emphasis and attention. For if only this implication were to become widely appreciated then there would surely be a much greater reluctance to make claims which carry it.

We have here an occasion for introducing the distinction between justicizing — showing to be just — and justifying. It is certainly possible to justify things which are neither just nor unjust and perhaps possible to justify the unjust.

That said we can, without prejudice to any questions about alternative justifications go on to assert that if compulsory transfers of any of the present wealth or income of the better off to the presently worse off are indeed demanded by justice, then this surely implies that the amounts to be thus compulsorily transferred are not justly possessed by the former but are properly the property of the latter. From that it certainly follows that all those enjoying amounts of wealth and income larger than whatever are allowed to constitute their socially just allocations are necessarily in possession of some — and presumably in many cases much — stolen property and, most shameful of all, property stolen from people worse off than themselves. No doubt there are cases in which people may quite rightly and properly refuse to make any individual voluntary contributions to further some purpose which they are urging ought to be financed by new taxes to be paid by everyone. But the retention by thieves of stolen property until those thieves are forced to surrender their illicit gains is, most emphatically, not one of those cases.

VI

Rawls regularly describes his conception of social justice as “justice as fairness”. Fairness as justice would be a more apt description. For the only necessary connection between justice and equality is that the rules of justice, like all rules, apply equally to all the cases which satisfy their terms.40 A system of ‘criminal justice’ insisting that convicted criminals should be treated exactly as if they had been found not guilty would, as Kant might have said, contradict itself. But suppose that we were charged with making a fair distribution among a particular set of people of some collection of goods which we were entitled and perhaps also required to distribute. The presumption, albeit a defeasible presumption, surely is that a fair distribution would be the one which gave equal shares to all concerned?41

Where Rawls goes so radically wrong is in so constructing “the original position” that his hypothetical contracting parties assume that all presently available wealth and income as well as all the wealth and income to be produced in future in their to them presently unknown national territory is their collective property, which they are entitled to distribute at their absolute discretion to different subsets among themselves (and, presumably, their descendants).

All this is simply irrelevant to questions about the justice or injustice of the actual distributions of income and wealth in non- socialist countries. For in such countries most property is presently private, and the always in-principle defeasible presumption must be that this property has been or is being justly acquired. So, if any compulsory transfers are to be not merely justified but justicized, then it will need to be shown not only that the property claims of those from whom some amount is to be taken are to the extent unjust, but also that those to whom these transfers are to be made have just claims to possession of the amounts to be transferred.42 That would be no easy task. It is one not even attempted by Rawls. He, as we have seen, apparently does not even notice that he is making this radically socialist assumption of total collective ownership.

VII

The direct compulsory transferring of wealth or income from the better off to the worse off constitutes the most clear-cut and dramatic feature of the conflict between the ideal of ‘equality and social justice’ and the ethics of a Great Society. But there is also an even more important tendency for the traditional virtues of such a society to be undermined by the institutions of an extensive and comprehensive welfare state.

Suppose, for instance, that educational services for children are provided by a near total state monopoly. Then parents are necessarily deprived both of a choice between schools competing to provide either better service and/or the same service at less cost, and of the responsibility for making such choices in the senses which best suit the needs of their own children. Notoriously such systems tend to serve the interests of their employees rather than of the consumers and, by excluding competition, reduce the chances of reducing the costs and/or of improving the quality of the services provided.43

Again, when first a system of compulsory National Insurance and then much later a comprehensive National Health service were introduced in the UK these centralized and comprehensive state systems replaced large numbers of voluntary and private Friendly Societies and Medical Institutes. Of course not everyone who would at some time need the services provided by these institutions had previously been enrolled as a member, although, according to D. G. Green, “By the time the British Government came to introduce compulsory social insurance of 12 million persons under the 1911 National Insurance Act, at least 9 million were covered by registered and unregistered voluntary insurance associations...”44 Green further states, “The rate of growth of the friendly societies over the preceding thirty years had been accelerating.”45

On the other hand, these predecessor institutions had enabled their members to take the responsibility for providing themselves with the relevant benefits and had offered many welcome opportunities in their organization and management for voluntary public service. These responsibilities and these opportunities were removed once the replacement state organization was in place.

The previous voluntary organizations, because they were smaller and because more of their members knew one another, were also better able to discourage and detect fraud: “The Prudential Assurance Company, the largest of the industrial assurance companies, had to abandon sick pay because, as its secretary told the Royal Commission on Friendly Societies in 1873, ‘after five years’ experience we found we were unable to cope with the fraud that was practised”.46

VIII

These near-total state monopolies in the provision of all health services and of all educational services for children have both played parts in depriving our people of choices and consequently of responsibilities which our ancestors used to have. But what has probably done most to discourage the virtues appropriate to a Great Society and to promote progressive demoralization is the introduction of systems of tax-financed handouts designed to rectify various perceived deficiencies (a.k.a. inequalities). For consider Charles Murray’s Law of Unintended Rewards. This, in the original formulation, reads: “Any social transfer increases the net value of being in the condition that prompted the transfer”.47 This law like the other established laws of economic analysis constitutes a logically necessary truth. For, as Murray goes on to observe, if “A deficiency is observed — too little money, too little food, too little academic achievement — and a social transfer program tries to fill the gap with a welfare payment then the program, however unintentionally, must be constructed in such a way that it increases the net value of being in the condition that it seeks to change — either by increasing the rewards or by reducing the penalties”.48

Where the condition prompting some particular programme is one to which the patients of that condition could not by their own efforts avoid becoming and/or remaining subject there is of course no call to take account of Murray’s Law. Indeed the whole point of providing welfare services for, for instance, the blind precisely is to reduce as much as can be the monstrous disvalue of being in a condition into which no one would willingly fall and which all its victims would strive to escape, if only that were possible.

But many, perhaps most, of the conditions unintentionally ‘rewarded’ by existing state welfare provisions are conditions into which at least some of their victims could and indeed ought to have avoided falling and/or which they could and indeed ought to escape partly or wholly by their own efforts. Insofar as this is the case, such rewards must necessarily tend to weaken both any existing inhibitions against falling into these conditions and any existing incentives to escape them. In the case of many of these conditions this alone should be recognized as a more than sufficient reason as far as possible both to maintain and to strengthen such inhibitions and such incentives.

But the implications and the actual effects of the ideology of equality and social justice are directly contrary. For, necessarily, every handout mandated by social justice is a welfare right.49 Among those working within the machinery of the welfare state the supreme commandment appears to have become: “Thou shalt not be judgmental.”50 For those people — to borrow the expression employed by General Lee to describe the Union armies — it is in the highest degree politically incorrect to wish to distinguish the deserving from the undeserving poor. All welfare payments and services are considered to be owed as of right, and to generate no reciprocal duties for their beneficiaries. It is, therefore, reckoned to be scandalous that there should be less than a 100% uptake by those thus entitled to benefit. It is a scandal which activists both inside and outside that machinery constantly labour to diminish.51

The effects of the operation of Murray’s Law are bound to increase the larger the amounts paid out in welfare payments to each beneficiary. In any expanding economy in which the decision makers are misguided by ideals of equality and social justice those amounts themselves are bound to increase. For those ideals require relativistic standards of poverty according to which the size of the various welfare payments to be provided is determined: not by reference to some comparatively fixed and stable standard of hardship, but by reference to, and relative to, the rising average level of incomes over the population as a whole.52

There is by now a great and ever growing accumulation of evidence to show the strength of the effects brought about by the operation of Murray’s Law of Unintended Rewards. But one recent study is peculiarly impressive for anyone who can remember how miserably low the living standards of the households of unemployed working men were in the UK during the nineteen thirties. The conclusions of this study were unequivocal and decisive:

In summary, the cross-sectional evidence...reveals a pattern that is inescapable: the inter-war unemployment insurance system importantly shaped the unemployment histories of every nook and cranny of Britain. Whether one examines the pattern by age, sex, industry, duration, location or skill, one simple fact emerges: lowering the cost of an activity [an inactivity-AF] induces more of that activity [or inactivity-AF]. In the present instance, lowering the cost of unemployment induced more unemployment in inter-war Britain.53

It may nevertheless be allowed that “There is no reason why in a free society government should not assure to all protection against severe deprivation in the form of an assured minimum income, or a floor below which nobody needs to descend”.54 A prudent government, however, even when that assured minimum income was very low would still, at least in the case of conditions which could have been avoided, try to find ways of channeling the necessary relief funds through private organizations less inhibited from discriminating between deserving and undeserving recipients than our present welfare state bureaucracies.

It is remarkable that Milton Friedman in developing his proposals for a Negative Income Tax appears never to have considered the relevance to its introduction of the economists’ general Law of Supply and Demand, of which what Murray was later to formulate as his Law of Unintended Rewards can be seen as a special case. For, as we may learn from Murray, it was in an attempt to meet the objection that the introduction of such a guaranteed income would cause people to reduce their work effort or to drop out of the labour force altogether that the Office of Economic Opportunity set up “the most ambitious social-science experiment in history”.55 The result was totally decisive, demonstrating beyond all possibility of dispute that the objections had been and were right.

We can perhaps avoid attributing any such oversight to Hayek. For, later in the book in which he conceded that government might take steps “to assure to all protection against severe deprivation...a floor below which no one needs to descend,” he went on to insist that “The mischievous idea that all public needs should be satisfied by compulsory organization...is wholly alien to the basic principles of a free society. The true liberal must on the contrary desire as many as possible of those ‘particular societies within the state’, voluntary organizations between the individual and government, which...Rousseau and the French Revolution wanted to suppress”.56

  • 1. F. A. Hayek, The Mirage of Social Justice, Vol II, Law, Legislation and Liberty (London: Routledge and Kegan Paul, 1976), p. 97.
  • 2. Hayek, The Mirage of Social Justice, p. xi.
  • 3. Hayek, The Mirage of Social Justice, p. xi.
  • 4. F. A. Hayek, The Road to Serfdom, 2nd ed. (London: Routledge and Kegan Paul, 1976), p. viii.
  • 5. N. Bosanquet & P. Townsend, Labour and Equality (London: Heinemann, 1980), preface.
  • 6. Bosanquet & Townsend, p. 131.
  • 7. Bosanquet & Townsend, p. 228, also compare p. 67 and p. 227.
  • 8. Bosanquet & Townsend, p. 151.
  • 9. Since nowadays this category apparently embraces most spokespersons for the mainstream Christian churches, it becomes noteworthy that Cruden’s Concordance to the (King James) Bible contains no entry at all for either ‘inequality’ or ‘social justice’ and only two for ‘equality’. These are both to II Corinthians 14, which provides no Biblical warrant for these identifications. It is also worth noting that the first employment of the expression ‘social justice’ recorded in the big Oxford English Dictionary is that by John Stuart Mill in Utilitarianism (1861).
  • 10. See, for instance, Antony Flew, “Is “Social Justice” a Kind of Justice?” Journal des Economistes et des Etudes Humaines, Vol IV, no 2/3, (June/September, 1993), pp. 281-94.
  • 11. See Hansard for 6/XI/72, 845, 55. The Prime Minister was Edward Heath, whose administration had in fact taken few if any steps to reverse any of the policies of its Labour predecessors.
  • 12. Compare Flew 1981, Ch. I-IV, and Flew 1987, Part II.
  • 13. Adam Smith, The Theory of Moral Sentiments (Indianapolis: Liberty Press, 1969). This frequently quoted passage comes from the penultimate paragraph of Chapter I of Section II of Part II of this classic that Smith originally published in 1759.
  • 14. Hayek, The Mirage of Social Justice, pp. xii - xiii.
  • 15. Hayek, The Mirage of Social Justice, pp. 100 and 183.
  • 16. John Rawls, A Theory of Justice (Cambridge Mass and Oxford: Harvard University Press and Clarendon, 1972), p. 4.
  • 17. Rawls, p. 3.
  • 18. Rawls, p. 54. Compare this with one successor’s surprised statement that “there appears to be a category of ‘private justice’ which concerns the dealing of a man with his fellows where he is not acting as a participant in one of the major social institutions” (D. Miller, Social Justice (Oxford: Clarendon, 1976) p. 17).
  • 19. Stuart Hampshire, “Critical Notice,” New York Review of Books (1972, Issue 3).
  • 20. Hampshire, ibid.
  • 21. It is too rarely remembered that all the European Social-Democratic Parties were originally Marxist, and that even the Bolsheviks began as the allegedly majority faction in the Russian Social-Democratic Labour Party.
  • 22. Plato, The Republic, 354C.
  • 23. Rawls, p. 579.
  • 24.  Perhaps we need here to distinguish between the concept and conceptions of justice. For, although there seems to have been little disagreement about the concept, there have of course been rival conceptions both of what people’s moral and legal deserts and entitlement are and of how these are properly to be determined.
  • 25. Plato, 331E.
  • 26. Hayek, The Mirage of Social Justice, p. 31.
  • 27. Rawls, pp. 103-104.
  • 28. Robert Nozick, Anarchy, State and Utopia (New York and Oxford: Basic Press and Blackwell, 1975), pp. 206-207.
  • 29. Rawls, p. 258.
  • 30. Rawls, p. 62, emphasis added.
  • 31. Rawls, p. 137.
  • 32. Rawls, p. 15.
  • 33. Rawls, p. 141.
  • 34. Rawls, pp. 150-151.
  • 35. Rawls, p. 151.
  • 36. Rawls, p. 3.
  • 37. It is significant that ‘assigned’ and ‘distributed’, in an equally active understanding, are both favorite words in A Theory of Justice. Any administration proposing to establish a Commission to advise on the control of incomes could confidently seek a suitable Chairman from Harvard.
  • 38. Rawls, p. 60.
  • 39. Rawls, p. 151.
  • 40. Compare, for instance, Antony Flew, The Politics of Procrustes: Contradictions of Enforced Equality (London and Buffalo: Temple Smith and Prometheus, 1981), pp. 64 and 67-70.
  • 41. Compare, for instance, Flew, Chapter III, Section 4.
  • 42. In the UK the Archbishops’ Commission for Urban Priority Areas endorsed a claim by the Bishop of Liverpool that “It is not charity when the powerful help the poor...it is justice”, appealing to the Parable of the Good Samaritan for support. But, that parable, as they ought to have known, shows how love (Greek, agapee, hence Latin caritas, hence old English charity) goes beyond the demands of the law (of justice). The true model for the enforced transfers supported by the Commission is the legendary robber Robin Hood, who stole from the rich and gave (some of) his takings to the poor (Anderson 1992, pp 221-4).
  • 43. See, for example, Antony Flew, Shephard’s Warning: Setting Schools Back on Course (London: Adam Smith Institute, 1994).
  • 44. D. G. Green, Reinventing Civil Society (Longon: Institute of Economic Affairs, 1993), pp. 31-32.
  • 45. Green, Reinventing Civil Society, pp 31-32.
  • 46. Green, Reinventing Civil Society, p. 58.
  • 47. Charles Murray, Losing Ground: American Social Policy 1950 - 1980 (New York: Basic, 1984), p. 212.
  • 48. Murray, pp. 212-213, emphasis in the original.
  • 49. On the present century, the century of the rise of that ideology, the Universal, European and other Declarations of Human Rights have all included welfare as well as option rights. Option rights, like those of the American Declaration of Independence, are the rights of individuals to be left to their own devices, provided only that they respect the equal rights of others. Welfare rights are rights to be provided with some good, necessarily at the expanse of others and presumably by the appropriate welfare state. See, for example, Antony Flew, Equality in Liberty and Justice (London and New York: Routledge, 1989), Chapter 2.
  • 50. Compare, for instance, N. Dennis and G. Erdos, “Thou Shalt Not Commit a Value Judgement”, Chapter 3 of Families Without Fatherhood (London: Institute of Economic Affairs, 1992).
  • 51. D. Anderson, ed., The Loss of Virtue: Moral Confusion and Social Disorder in Britain and America (New York: Social Affairs Unit and National Review, 1992)., p. 209. Enormous funds are spent by the British welfare services in promoting public knowledge of individual’s rights to welfare benefits. In theory this is supposed to help the needy who may be ignorant of the assistance available to them, but in practice it creates a climate of opinion in which the individual is encouraged to seek out what he can get and to behave in a way which will justify receiving benefits.
  • 52. Or even by reference to, and relative to, the levels achieved by the best off. See D. Green, Equalizing People (London: Institute of Economic Affairs, 1990), Chapter II, for several examples of the ways in which persons paid as social scientists contrive to work themselves and to invite others into frenzies of indignation by misrepresenting lesser improvements in the condition of the worst off than in the condition of the best off as a “grotesque increase” in the burden of poverty under administrations -- those, of course, of Margaret Thatcher — which in this way allegedly continued to “reduce the incomes of the poorest” (emphasis original).
  • 53. K. Matthews and D. Benjamin, US and UK Unemployment between the Wars: A Doleful Story (London: Institute of Economic Affairs, 1992), p. 110.
  • 54. Hayek, The Mirage of Social Justice, p. 87.
  • 55. Murray, p. 149.
  • 56. Hayek, The Mirage of Social Justice, pp. 150-151.
Categories: Current Affairs

Central Planning Failed in the USSR, but Central Banks Have Revived It

Mises Institute - Wed, 19/09/2018 - 17:35

The Federal Reserve’s changing of the guard — the end of Janet Yellen’s tenure and the beginning of the Jerome Powell era — has me remembering what it was like to grow up in the former Soviet Union.

Back then, our local grocery store had two types of sugar: The cheap one was priced at 96 kopecks (Russian cents) a kilo and the expensive one at 104 kopecks. I vividly remember these prices because they didn’t change for a decade. The prices were not set by sugar supply and demand but were determined by a well-meaning bureaucrat (who may even have been an economist) a thousand miles away.

If all Russian housewives (and house-husbands) had decided to go on an apple-pie diet and started baking pies for breakfast, lunch, and dinner, sugar demand would have increased but the prices still would have been 96 and 104 kopecks. As a result, we would have had a shortage of sugar — a common occurrence in the Soviet era.

In a capitalist economy, the invisible hand serves a very important but underappreciated role: It is a signaling mechanism that helps balance supply and demand. High demand leads to higher prices, telegraphing suppliers that they’ll make more money if they produce extra goods. Additional supply lowers prices, bringing them to a new equilibrium. This is how prices are set for millions of goods globally on a daily basis in free-market economies.

In the command-and-control economy of the Soviet Union, the prices of goods often had little to do with supply and demand but were instead typically used as a political tool. This in part is why the Soviet economy failed — to make good decisions you need good data, and if price carries no data, it is hard to make good business decisions.

When I left the Soviet Russia in 1991, I thought I would never see a command-and-control economy again. I was wrong. Over the past decade the global economy has started to resemble one, as well-meaning economists running central banks have been setting the price for the most important commodity in the world: money.

Interest rates are the price of money, and the daily decisions of billions of people and their corporations and governments should determine them. Like the price of sugar in Soviet Russia, interest rates today have little to do with supply and demand (and thus have zero signaling value).

For instance, if the Federal Reserve hadn’t bought more than $2 trillion of US debt by late 2014, when the US government debt crossed the $17 trillion mark, interest rates might have started to go up and our budget deficit would have increased and forced politicians to cut government spending. But the opposite has happened: As our debt pile has grown, the government’s cost of borrowing has declined.

The consequences of well-meaning (but not all-knowing) economists setting the cost of money are widespread, from the inflation of asset prices to encouraging companies to spend on projects they shouldn’t. But we really don’t know the second-, third-, and fourth derivatives of the consequences that command-and-control interest rates will bring. We know that most likely every market participant was forced to take on more risk in recent years, but we don’t know how much more because we don’t know the price of money.

Quantitative easing: These two seemingly harmless words have mutated the DNA of the global economy. Interest rates heavily influence currency exchange rates. Anticipation of QE by the European Union caused the price of the Swiss franc to jump 15% in one day in January 2015, and the Swiss economy has been crippled ever since.

Americans have a healthy distrust of their politicians. We expect our politicians to be corrupt. We don’t worship our leaders (only the dead ones). The US Constitution is full of checks and balances to make sure that when (often not if) the opium of power goes to a politician’s head, the damage he or she can do to society is limited.

Unfortunately, we don’t share the same distrust for economists and central bankers. It’s hard to say exactly why. Maybe we are in awe of their PhDs. Or maybe it’s because they sound really smart and at the same time make us feel dumber than a toaster when they use big terms like “aggregate demand.” For whatever reason, we think they possess foresight and the powers of Marvel superheroes.

Warren Buffett — the Oracle of Omaha himself — admitted that he doesn’t know how the QE experiment will end. And if you think well-meaning economists running central banks know, you may have another thing coming.

Alan Greenspan — the ex-pope of the Federal Reserve — in a 2013 interview with the Wall Street Journal said that he “always considered [himself] more of a mathematician than a psychologist.” But after the 2008–09 financial crisis and the criticism he received for contributing to the housing bubble, Greenspan went back and studied herd behavior, with some surprising results. “I was actually flabbergasted,” he admitted. “It upended my view of how the world works.”

Just as the well-meaning economists of the Soviet Union didn’t know the correct price of sugar, nor do the good-intentioned economists of our global central banks know where interest rates should be. Even more important, they can’t predict the consequences of their actions.

Categories: Current Affairs

A Policy of Northern Oppression

Mises Institute - Wed, 19/09/2018 - 17:35

As the fear of spies and traitors spread through the North, political arrests became commonplace, even in states as far north as Maine. Anybody expressing any anti-war sentiment would be assumed to be a traitor and a secessionist, and arrests were carried out according to a guilty-until-proven-innocent policy. Martial Law was not confined to the slave states. 

Chris Calton recounts the controversial history of the Civil War. This is the 23rd episode in the third season of Historical Controversies. You may support this podcast financially at Mises.org/SupportHC.

Categories: Current Affairs

Liberty, Dicta & Force

Mises Institute - Wed, 19/09/2018 - 17:35

From the introduction:

Advancing social ideas that do not demand obedience or compliance requires far more personal patience than simply forcing others to comply via the political ballot box. The widely held idea that dicta and force can serve a useful purpose will eventually fade into backward thinking in the so-called public sector as it has in the private sector. Time, nature, reason, and the human spirit will see to that. Irrespective of good intentions or the approval by consensus, nature's unrelenting feedback will gradually drive ruling political authorities to extinction.

Liberty is a self-actualized mindset of seeing and enjoying the grandeur of nature and humanity in a way that is not accessible to those adhering to politics and government. As miraculous as the universe is, it is not beyond the workings of nature, and to expect political governments to be able to defy its laws with dicta and force is to expect the unnatural.

A fundamental yet simple tenet of liberty and life is that no one owes you anything! That includes kindness, food, healthcare, education, and respect. The beauty of this tenet is that others, when left to their own devices, are inclined to respond with kindness, food, healthcare, education, and respect, without even being asked. My endless gratitude goes to all those minding their own business while caring for my every need. The belief that government can force these benefactors to take better care of me (and you) is a deep-seated, fallacious, and detrimental notion that those in the political world embrace.

Chapter 1, “The Political Box,” discusses why so many people remain trapped in a political box, holding firmly to the illusion that politics and government serve a beneficial social function.

Chapter 2, “Barbaric Civility,” discusses the duality of standards of conduct in which people condone dastardly conduct in public (political) matters that they would never think of using in their personal affairs.

Chapter 3, “Doing Good: Nice Guys Finish First,” discusses the selfish nature of living organisms and the natural selection of human cooperation over force as a more adaptive behavior for surviving and propagating.

Chapter 4, “Fairness and Equality,” discusses the nonsense and divisiveness of the political use of “fairness” and “equality” to disguise acts of inhumanity as moral in order to gain votes and power, while reducing the potential welfare of all.

Chapter 5, “Discrimination, Beliefs, and Expressions,” discusses the importance of discrimination and how political laws prohibiting selective associations — as well as disassociations — are inhumane. The nonpolitical world is an individual one where relationships are voluntary, joint ventures based on preferences.

Chapter 6, “Tragedy of the Commons and Human Behavior,” discusses how individuals achieve results that are “better than rational” when seeking ways to manage the resources of the commons, and how government intervention only obstructs the process.

Chapter 7, “Obedience to Authority,” discusses the degree to which the most compassionate people can become desensitized and conduct themselves in abhorrent ways when they are obedient to authority.

Chapter 8, “Complexity, Adaption, and Order: Visualizing the Invisible Hand,” discusses the multifaceted, revolutionary new science of complexity theory (also called chaos theory) that shows why the political top-down ordering of society is disruptive to social order.

Chapter 9, “Political Democracy,” explores the inherent inhumanity of political democracy as a social scheme in which common sense and goodwill are scorned and individual predation upon others is praised.

Chapter 10, “A Better Life — A Better World,” concludes the discussion and considers finding purpose in life while trying to make the world a better place.

Categories: Current Affairs

Prayer alert: please pray for Sarah, victim of the 'worst sex grooming case'

Christian Concern - Wed, 19/09/2018 - 17:15
Please pray for protection for a precious young woman the Christian Legal Centre is supporting, named Sarah. She has been rescued from a horrendous 12-year ordeal at the hands of an Islamic grooming gang, and desperately needs your prayers.

Please pray for protection for a precious young woman the Christian Legal Centre is supporting, named Sarah. She has been rescued from a horrendous 12-year ordeal at the hands of an Islamic grooming gang, and desperately needs your prayers.

read more

Renderkit - Moderately critical - Access bypass - SA-CONTRIB-2018-060

Drupal Contrib Security - Wed, 19/09/2018 - 17:02
Project: RenderkitDate: 2018-September-19Security risk: Moderately critical 11∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: 

This module, typically in combination with cfr:cfrplugin, allows to compose behaviors from granular components. One of such behaviors is to display a list of related entities, for a given source entity and a given entity relation (e.g. an entity reference field).

The components that display related content do not check if the user has access to view the related entities. This way e.g. unpublished nodes may be displayed to anonymous visitors.

This vulnerability is mitigated by the facts that
- a site builder must have used the component that displays "related" entities for a source entity, using cfr:cfrplugin, OR a programmer has used one of the affected components in code.
- a source entity displayed this way must reference access-restricted content.

Solution: 

Install the latest version:

Also see the Renderkit project page.

Reported By: Fixed By: Coordinated By: 
Categories: Technology

The Man with the Quivering Red Laser Dot on His Chest

Blog & Mablog - Wed, 19/09/2018 - 17:01
Introduction:

So let us discuss the recent charges leveled against Brett Kavanaugh. There are a number of things to say about all this, and I intend to say as many of them as I can get to, but the first and fundamental thing is this: If we didn’t really want to go to the circus, then we shouldn’t have bought all those circus tickets.

The Real Failure:

A friend asked me yesterday about the prospect of raising boys in an environment like this one. And of course, it should go without saying that Christian parents should bring up their boys with a resolve to not be meatheads, to not be louts, and not to touch or take what is not theirs to touch or take. Believe me, as a pastor I have seen plenty of behavior in that vein, and it is the kind of behavior that Christian parents really should have on their radar. I offer this qualification because it should be a baseline commitment for all Christian parents. I offer this qualification because it should go without saying.[i]

But we have a far more pressing duty. The thing that is troubling our nation is not what some idiot boy might have done at a kegger almost half a century ago. The thing that really reveals the poverty-stricken nature of our public character is that nobody in charge has any apparent idea of how to process accusations of this nature. The problem is not the fact that criminals do criminal things in private that we all lament; the problem is what all our respectable solons are doing in public. Right now, right in front of us, in real time. We all agree that when some molester feels a woman up, this is a bad thing. Nobody defends that. So why are we good with everybody feeling up Lady Justice? Everybody seems to be defending that.

So by all means, teach your sons to really respect what no means. But while you are at it, you should also teach them what justice is, what credible charges are, what dirty politics refers to, what due process means, and why the presumption of innocence is so important. If you accept this responsibility, as you should, I would recommend you follow the link to A Justice Primer.

“Where there is no vision, the people perish: But he that keepeth the law, happy is he” (Prov. 29:18). We need to stop thinking that miscarriages of justice will somehow right themselves. We desperately need to learn these principles.

More of What You Subsidize:

Some of you may recall—after the late hit that was delivered on Roy Moore in the last election cycle—that I warned everyone that if they continued to respond to such things in the way they were doing, then we were going to get a lot more of it.

This is what I said then:

“I will put it this way. If you change your vote because of unsubstantiated allegations, you are actually voting for political campaigns to get increasingly dirty. You are voting for more of what apparently works. You are voting for our October surprises to get exponentially more lurid. Why? Because it changed your behavior last time. What did you think would happen?”

Someone might respond by saying that it has always been this way. What about Anita Hill? No, it has not always been this way. The same principles of justice were violated in the Clarence Thomas hearings, sure enough, and Robert Bork before that. Our national politics have been an ungodly mess for some time now. But we are rapidly descending from ungodly miscarriages of justice into absurdist miscarriages of justice.

David French said, in his support of Kavanaugh, that it was telling that there was just one witness. Are you kidding me? The Democrats on the other side are no doubt chortling—now that that you have agreed to come to their circus, they can always hire more clowns. This is the same David French who was willing to play this wretched game earlier, when it came to Roy Moore.

And look. As I said in the Moore case, and as I am saying now in the Kavanaugh case, it is quite possible that the substance of the allegation is true. But I am also saying that if you reward this kind of behavior the week before the confirmation, or the election, or the whatever, then you are going to get way more of what you are apparently willing to put up with.

Some Miscellany:

As someone has shrewdly observed, this particular set-to is nothing more than a full dress rehearsal for the hearings on the replacement for Ruth Bader Ginsberg. If you think Brett Kavanaugh is a reprobate, just wait until we learn about fillintheblank. I understand there was a time in fourth grade where he was rough-housing with the kids in a way that made the recess lady “uncomfortable.” That poor personage, whoever he may be, already has a red laser dot quivering on his chest.

Second, there is a difference between adverbs and adjectives, between “credibly alleged” and “credible allegation.” What is being said about Kavanaugh might be a credible allegation. We would have to examine the evidence to see. We would have to cross-examine the witnesses. We should follow the rules of due process. But there is no way in blue blazes that this is credibly alleged. A forty-year-old charge being trotted out by political enemies on the eve of an important “advise and consent” vote regarding the highest judicial office in the land? Are you kidding me? You people could make a cat laugh.

And now for a third miscellaneous thought. Some might say that I have these high principles when it comes to conservatives, but that I would be whooping and hollering in glee if “the treatment” were being given to some liberal nominee to the Supreme Court. And to this charge, I cheerfully respond with some exuberant raspberries. I am extraordinarily glad that Mitch the Man refused to a confirmation vote on Merrick Garland. The Senate was completely within its rights to refuse to put him up for a vote, and three cheers from me. But if they had held hearings for Garland, and the week before the vote, some renegade conservatives rolled out a story about Garland’s junior high years when he had apparently gotten to second base with one Stephanie Noblunk, who was apparently quite the hottie, I would be as appalled as I am now. I would be as opposed to that kind of dirty politics as I am now. And why? Because justice matters in every direction.

A Fun Thought Experiment:

The Lord Jesus once dealt with an allegation of sexual misconduct.

“And the scribes and Pharisees brought unto him a woman taken in adultery; and when they had set her in the midst, They say unto him, Master, this woman was taken in adultery, in the very act. Now Moses in the law commanded us, that such should be stoned: but what sayest thou? This they said, tempting him, that they might have to accuse him. But Jesus stooped down, and with his finger wrote on the ground, as though he heard them not. So when they continued asking him, he lifted up himself, and said unto them, He that is without sin among you, let him first cast a stone at her. And again he stooped down, and wrote on the ground. And they which heard it, being convicted by their own conscience, went out one by one, beginning at the eldest, even unto the last: and Jesus was left alone, and the woman standing in the midst. When Jesus had lifted up himself, and saw none but the woman, he said unto her, Woman, where are those thine accusers? hath no man condemned thee? She said, No man, Lord. And Jesus said unto her, Neither do I condemn thee: go, and sin no more” (John 8:3–11).

The Lord apparently thought that the allegation against the woman was more than credible—He thought it was true. At the end of the account, He tells her to “go and sin no more,” an exhortation we may trust that she took to heart. But even though the Lord thought the allegation was true, He nevertheless threw the whole thing out on procedural grounds.

They caught her in “the very act,” did they? So where was the man? They caught her in the very act of adultery all by herself? This is, as the public defender assigned to her case might note, something that should be consider “curious.”

The other thing that the Lord did was put the accusers on trial. In Numbers 5:11-31, when a jealous husband brought his wife in for a trial by ordeal, there were a number of interesting features in that process. In the biblical kind of ordeal, the weird thing had to happen in order to convict. It was not an absurdist kind of witch trial, where “if she sinks she is innocent, and if she floats she is guilty.” That said, there are some interesting parallels. The husband’s charges were written down; the Lord stooped and wrote in the dust. The husband himself was put on trial, in that if his wife was acquitted, he was barred from being able to divorce. Jesus put all the accusers of this woman on trial. The charges against the woman in Numbers were mixed with dust from the floor of the Tabernacle; Jesus wrote in the dust on the floor of the Temple.

What did He write? My supposition is that He wrote something like the charge against her, which was that of adultery. Then He uttered the famous line about the one without sin casting the first stone. What sin was He referring to? He was not saying that if anyone had ever sinned in their life in any way,  He was talking about the sin in question, the sin of adultery. And these religious accusers “convicted by their own conscience, went out one by one, beginning at the eldest.”

So here is the thought experiment part. Kavanaugh has already agreed to testify under oath. His accuser has said she would, but is now showing some signs of being coy about it. If she is not willing to testify under oath, and to do so now, then the Senate should simply move forward with the confirmation process, ignoring all the yelling.

But here is the thing. I think that the committee hearing the testimony should all be put under oath also. Every senator there should solemnly swear that if a comparable allegation is made against them, then they will voluntarily step down from office. After all, what is sauce for the goose is also sauce for all the judgy geese.

[i] I also offer this qualification because it is not yet November, when it will go without saying.

The post The Man with the Quivering Red Laser Dot on His Chest appeared first on Blog & Mablog.

Categories: People I don't know

When your meeting’s stuck in the mud, revving

Ministry Nuts and Bolts - Wed, 19/09/2018 - 14:58
The committee was stuck in the mud, revving its wheels like a stranded Land Rover.
Categories: Friends

The Story of the Mises Institute

Mises Institute - Wed, 19/09/2018 - 14:25

[Prepared for delivery in Hamburg, Germany, upon receiving the Roland Baader Prize.]

Thank you very much for the great honor you have conferred on me. The Roland Baader Prize is named for an outstanding champion of the free market and disciple of Ludwig von Mises. As I am the founder of the Ludwig von Mises Institute, you will not be surprised to learn that I too am a disciple of Mises. I am sure that the members of this audience revere Mises as well, and I’d like to point out another thing we have in common. The Mises Institute is headquartered in Alabama, a state in the American South, and I am speaking to an in audience in Germany. My friend Judge John Denson, whom many of you will know from his books on revisionist history, has said that both Germany and the South were conquered and then occupied by the American army.

I’d like to begin by telling you something about how I founded the Mises Institute in 1982 and what we are trying to accomplish. Thirty-five years ago, when I was contemplating the creation of a Ludwig von Mises Institute, the Austrian School of economics, and its Misesian branch in particular, were very much in decline. The number of Misesian economists was so small that all of them knew each other personally, and could probably have fit in Mises’s small living room. This is a world that young people today, who find Austrian economics all over the place, can hardly imagine.

I wanted to do what I could to promote the Austrian School in general and the life and work of Mises in particular. Mises was a hero both as a scholar and as a man, and it was a shame that neither aspect of his life was being properly acknowledged.

I first approached Mises’s widow, Margit, who was what Murray Rothbard called a “one-woman Mises industry.” After her husband’s death, she made sure his works stayed in print and continued to be translated into other languages. She agreed to be involved and to share her counsel as long as I pledged to dedicate the rest of my life to the Institute. I have kept that pledge. Margit von Mises became our first chairman. How lucky we were to have as her successor, the great libertarian businessman Burt Blumert, who was also a wise advisor from the beginning.

When I told Murray Rothbard about the proposed institute, he clapped his hands with glee. He said he would do whatever was necessary to support it. He became our academic vice-president and inspiration.

Ron Paul agreed to become our distinguished counsellor, and was also a huge help in assembling our early funding, as well as an inspiration.

Murray would later say, “Without the founding of the Mises Institute, I am convinced the whole Misesian program would have collapsed.” Of course, we can’t know how things would have turned out had we made different choices. I simply wanted to do what I could, with the help of dear friends like Murray and Burt, to support the Austrian School during some very dark times, and I was prepared to let the chips fall where they may.

When I look back on all we’ve accomplished over the past 35 years, I can hardly believe it. Naturally we’ve promoted and kept in print works of Mises, the Nobel Prize-winning works of F.A. Hayek, and the indispensable catalogue of Murray Rothbard. Beyond that, we’ve made available to the world, free of charge, an enormous library of the most brilliant and important works ever written on Austrian economics and libertarian theory.

On our campus, the library and archives – based on the massive collections of Rothbard and Bob LeFevre’s Freedom School – are incomparable. We have lecture halls, classrooms, student and faculty offices, student housing, a bookstore, and much more, all thanks to our magnificent donors.

Then there’s the entire run of the Quarterly Journal of Austrian Economics (which the Institute publishes), its predecessor, the Review of Austrian Economics, Murray Rothbard’s Journal of Libertarian Studies, and the publications that he edited during the especially dark days of the 1960s and 1970s. Add to that many thousands of articles on every subject under the sun and thousands of hours of free audio and video from our seminars and other events, and you have a program of self-education that at one time would have required access to university libraries and a huge investment of time and money.

At the Mises Institute, we aim to introduce students to the thought of Mises and his great student Murray Rothbard, and I would like to tell you something about each of these great heroes of liberty.

How blessed are we that we have not a criminal like Marx nor a monster, like Keynes to follow, but Ludwig von Mises, a hero as well as a genius.

Mises was not only a dazzling economist and champion of liberty, but no Communist, nor Nazi, nor central banker could pressure him into doing the wrong thing.

Born in 1871 in the city of Lemberg, then part of the Austro-Hungarian empire, he moved with his family to Vienna as a young man. Mises’s father was a high executive in the Austro-Hungarian railways.

The grammar schools and gymnasiums he attended—super high schools in our terms—still have his records. He was recognized as extraordinary from the first.

Mises excelled as a student at the University of Vienna, earning a doctorate in economics and law. He wrote a book on housing policy before encountering Menger’s Principles and becoming an Austrian economist.

Mises clerked for judges and practiced law before getting a job as an economist at the professional housing association. While there, he demonstrated that high real estate taxes were hindering new construction, a serious problem in housing-short Vienna. Through his papers and lectures, that is, the pure power of his mind, he brought about a cut in taxes, leading to more investment in housing, exactly as he had predicted.

Mises was denied a paid position at the university, despite publishing his astounding Theory of Money and Credit. Before the founding of the Fed, he demonstrated that such a central bank would harm business and people to aid the government and its cronies, as well as bring on the business cycle of artificial booms followed by busts.

Mises was an army officer during the war, and we are privileged to have his medals at the Institute. At first, Mises was an economic advisor to the general staff. Then he was sent to the most dangerous duty in the war and almost killed. Guido Hülsmann, author of the great Mises biography, discovered that the power of Mises’s free-market analysis led to his corrupt and statist opponents hoping to kill him. There was a lot of money at stake. Still, the wounded Mises was decorated for bravery under fire, and as a great leader of men under brutal attack.

After the war, Mises secured a position as an economic advisor to the government for the Vienna Chamber of Commerce. He had been blocked from a position at the university by powerful socialists, and instead worked as a privatdozent and later a prestigious associate professor at the university, both unpaid positions. Unpaid or not, he used it to teach students and host his famous private seminar, which attracted top intellectuals from all over Europe. They remembered it as the most intense, rigorous, and fun experience of their academic lives.

Though working in effect two full-time jobs, Mises threw himself into his work as an economic advisor to call for a fully redeemable gold standard. The central bank was furious. It turned out that the then-current system allowed officials to have a secret slush fund for themselves and friendly economic journalists. The vice president of the central bank even hinted at a bribe for Mises if only he would be more accommodating to compromise. Of course, then and throughout his life, he never would.

The power of Mises’s influence as an economic advisor was shown in two more important ways. Austria threatened to follow Germany into hyperinflation. Almost singlehandedly his persuasion prevented a repeat in his country, if not of all inflation, of the speed and depth of the German catastrophe.

After the war, a coalition government, in part Marxist, came to power in Austria. Otto Bauer, a leader of the Austrian Social Democratic party and foreign minister, intended to introduce Bolshevism in Austria, but he listened to his old school chum Mises, something Bauer resented bitterly in later years.

Evening after evening, Mises persuaded Bauer and his equally Marxist wife that Bolshevism would mean mass starvation. Bauer was convinced.

All this time, Mises was also trying to do his scholarly work. And he did, while also paying full attention to his day job. In what would normally be his leisure time, for example, he wrote first his world historic article and then his book on Socialism. Just after the establishment of Bolshevism in Russia, he proved that with no private property in the means of production, socialism would be a chaotic and poverty-producing disaster. No planning board could substitute for property and market. Tragically for the world, it took decades before socialists would admit, after his death, “Mises was right.”

But the evil of statism also grew from another direction, and Mises was the first to see what was in store for Austria with the National Socialists. Many colleagues credited him with saving their lives, because they left in time. In 1934, Mises secured the first and only paid professorship of his life, at the International Graduate School in Geneva. It was a happy time for Mises, who lectured in accentless French and wrote in German. But by 1940, it was getting very uncomfortable in Switzerland.

Already in 1938, the invading Nazis had ransacked his Vienna apartment, and stolen his library and papers. Mises and his wife Margit—later first chairman of the Mises Institute—decided to go to America.

They crossed France barely in front of advancing German troops, just making it into neutral Portugal and a ship to New York. Once here, in an academic community offering professorships to all the European Marxists and Keynesians, there was nothing for the “Neanderthal,” “reactionary,” and “caveman” Mises. The intellectual climate of the New Deal was bitterly hostile. Even when the libertarian Volker Fund offered to pay his entire university salary, Mises was shunned for defending freedom and capitalism.

Finally, businessman Lawrence Fertig, later a benefactor of the Mises Institute, was able to persuade NYU, where he was on the board, to allow Mises to be an unpaid, permanent “visiting professor.” Even so, Keynesian deans gave him the worst offices and class hours, and tried to persuade students not to take his courses.

Yet, though in a new country at almost sixty, of whose language he had only a reading and writing knowledge to begin with, Mises was undefeated. He restarted his weekly seminar, attracting such participants as Henry Hazlitt, Ayn Rand, and Murray Rothbard. Important business leaders, journalists, and financiers audited his classes. This drove other professors, said Robert Nozick, wild with envy.

But Mises, never compromising his principles, just moved ahead, uncomplaining, undismayed, and unhindered. And it was in the 1940s that Mises completed his monumental treatise Human Action, in which he reconstructed all of economic analysis on a sound individualistic foundation.

Any of the books I’ve mentioned—and he wrote many more—would be a significant lone achievement for a lifetime. It was one of the great moments of my life to have dinner with Mises and his wife while serving as his editorial assistant. He was eighty-six, and magnificent. I can testify that Rothbard was right: he was trailing clouds of glory from a lost and better civilization: pre-WWI Vienna. In looks, speech, dress, bearing, and manners, he was a great European gentleman.

Because Mises was intransigent on matters of principle, some of his critics have denounced him as “obnoxious”! He might have had reason, but as Rothbard, Hazlitt, Hayek, Fertig, Leonard Read, and so many others confirmed to me, he was kind, funny, and generous, no matter what he was put through. He was especially good with students. Or to a twenty-three-year-old kid helping bring some of his books back into print, as well as to publish a new paper.

One of Roland Baader’s strongest principles was the importance of sound money, and

this he learned from Mises. In his great essay “Monetary Reconstruction,” Mises defied the pseudo-economists of his time and called for a return to a  full gold standard. We do not need to expand the money supply as the economy grows. To the contrary, doing so promotes inflation and economic instability.

In these days of political correctness, it’s important to realize that Mises opposed the lunatic left that seeks to root out the institutions on which our civilization rests.

In his classic Socialism, he attacked the radical feminist movement: “3So far as Feminism seeks to adjust the legal position of woman to that of man, so far as it seeks to offer her legal and economic freedom to develop and act in accordance with her inclinations, desires, and economic circumstances—so far it is nothing more than a branch of the great liberal movement, which advocates peaceful and free evolution. When, going beyond this, it attacks the institutions of social life under the impression that it will thus be able to remove the natural barriers, it is a spiritual child of Socialism. For it is a characteristic of Socialism to discover in social institutions the origin of unalterable facts of nature, and to endeavour, by reforming these institutions, to reform nature.”

For Mises, the feminist drive to abolish the family rested on a total misconception of the place of women in society: “The misconception to which the principle of equality before the law is exposed in the field of general social relationships is to be found in the special field of the relations between those sexes. Just as the pseudo-democratic movement endeavours by decrees to efface natural and socially conditioned inequalities, just as it wants to make the strong equal to the weak, the talented to the untalented, and the healthy to the sick, so the radical wing of the women’s movement seeks to make women the equal of men. Though they cannot go so far as to shift half the burden of motherhood on to men, still they would like to abolish marriage and family life so that women may have at least all that liberty which seems compatible with childbearing. Unencumbered by husband and children, woman is to move freely, act freely, and live for herself and the development of her personality.”

In order to grasp Mises’s line of argument, we need to keep in mind a key point. Ignoring this point is the major failing of all leftists. Legal equality doesn’t abolish biological differences. Thus, it doesn’t follow from the fact that women don’t earn as much as men, or don’t hold as many powerful positions, that they are victims of discrimination “4.4But the difference between sexual character and sexual destiny can no more be decreed away than other inequalities of mankind. It is not marriage which keeps woman inwardly unfree, but the fact that her sexual character demands surrender to a man and that her love for husband and children consumes her best energies. There is no human law to prevent the woman who looks for happiness in a career from renouncing love and marriage. But those who do not renounce them are not left with sufficient strength to master life as a man may master it. It is the fact that sex possesses her whole personality, and not the facts of marriage and family, which enchains woman. By “abolishing” marriage one would not make woman any freer and happier; one would merely take from her the essential content of her life, and one could offer nothing to replace it.

Tributes to Murray N. Rothbard are often taken up with a listing of his accomplishments. This is because he was so astonishingly prolific that there seems to be many scholars with that name.

As soon as you describe him as an economist, you recall that he wrote some ten large volumes on history. But describe him as a historian and you suddenly recall that he made large contributions to political philosophy. But as soon as you begin talking about his libertarianism, you recall again that he wrote vast amounts of technical economic theory.

It is the same with the venues in which he chose to write. If you look at his scholarly publications list, which is vast and expansive, you can easily forget that he wrote constantly and for 50 years in popular periodicals of every sort, commenting on politics, movies, culture, sports, and anything else in the popular scene.

The problem grows worse when you consider the major parts of his legacy. Let me list just a few:

  • He was the economist who provided a bridge from Mises to the modern Austrian school, through his personal influence, articles, and especially through Man, Economy, and State, which appeared in 1963;
  • He developed the Misesian system in the areas of welfare economics, production theory, banking, monopoly theory, and tied it all together with a theory of natural rights that drew on medieval and enlightenment thought;
  • He was the pioneer of libertarian theory who finally tied the principle of property rights to a consistent non-aggression principle of politics;
  • He was the anti-war theorist who insisted that the cause of peace is inseparable from the dream of prosperity;
  • He rescued the 19th-century American hard money school from obscurity and wove its contributions into modern banking theory;
  • He demonstrated the libertarian origins of the American Revolution with the most extensive account ever of the tax strikes and prominence of libertarian theory during the Colonial Period;
  • He explained the ideological upheaval that afflicted the American Right following World War II, showing the clear difference between the Old Right and the New based on the attitude toward war.

This of course only scratches the surface, but if I went on like this, I would use too many words and take up too much time, when what I would really like to discuss is Rothbard’s methods as a researcher, writer, and scholar. I would also like to draw attention to his heroism.

A friend tells the story of a time when he was hanging around Rothbard’s apartment one summer. The conference that was coming up that weekend was mentioned, and Rothbard had forgotten about it. Rothbard rushed to the typewriter and started writing. The words flowed from him as if the entire paper had already been written in his head.

The result was a 60-page paper on monetary history and theory, complete with bibliography and footnotes. The scene was recalled to me the way miracles are described in the Gospels. His jaw was on the floor in amazement.

The anecdote is inspiring but also intimidating for those who labor so hard to accomplish a tiny fraction of this level of productivity. We might look at what he did and become discouraged that we could never equal his productivity in even one small sector, much less take on all of his interests in so many areas of life.

Rothbard’s first step toward writing was to learn as much as possible. He never stopped taking this step for his entire life. There was never a point when he woke up feeling as if he knew all that he needed to know. No matter how much he wrote, he was always careful to read even more.

If you follow his model, you will not regard this as an arduous task, but rather a thrilling journey. A trip through the world of ideas is more exciting and exhilarating than the grandest excursion to the seven wonders of the world, more daring and adventurous than wild game hunting, and far more momentous than any moon shot.

There is another respect in which we can all emulate Murray. He was fearless in speaking the truth. He never let fear of colleagues, fear of the profession, fear of editors or political cultures, stand in the way of his desire to say what was true. This is why he turned to the Austrian tradition even though most economists at the time considered it a dead paradigm. This is why he embraced liberty, and worked to shore up its theoretical and practice rationale, at a time when the rest of the academic world was going the other way.

This fearlessness, courage, and heroism applied even in his political analysis. He was an outspoken opponent of the U.S. nuclear buildup and militarization during the Cold War. His opinion in that regard cost him many publication outlets. It cost him friends. It cost him financial supporters. It hurt his prospects for professional advancement. A surprising number of his articles were written for very small publications, simply because the larger ones were captives of special interests.

But time would eventually reveal that he took the right path. Forty years of pro-Cold War writing on the Right were made irrelevant by events. Rothbard’s work during these years has stood the test of time. He is seen as one of the lone prophets of the collapse of socialism in Russia and Eastern Europe.

The choices he made in life were not designed to advance his career. They were made to advance liberty and truth. For many years, publications were closed to him. He did not teach in a prestigious institution. His income was small. Only very late in life did he begin to get his due as a thinker and teacher. But he never complained. He was grateful for any and every opportunity that came along to write and teach. His legacy is now a living part of the world of ideas. The people who tried to exclude him and write him out of history are mostly forgotten.

Like Mises, and also Roland Baader, Rothbard supported sound money. He opposed fractional reserve banking and favored the gold standard. His work with Ron Paul and the Gold Commission in 1982 was a high point in the struggle for liberty. Murray was the main author of the Commission’s Minority Report, “The Case for Gold.”   I can still hear his voice, as he used to say to me “The dollar is a unit of weight, dammit!”

Like Mises, Rothbard had no use for the lunatic left. He challenged so-called “left libertarians” on an issue that will be of special interest to a German audience, immigration. Shortly before his death, Murray Rothbard published an article called “Nations by Consent: Decomposing the Nation State.” He had begun rethinking the assumption that libertarianism committed us to open borders.

He noted, for instance, the large number of ethnic Russians whom Stalin settled in Estonia. This was not done so that Baltic people could enjoy the fruits of diversity. It never is. It was done in an attempt to destroy an existing culture, and in the process to make a people more docile and less likely to cause problems for the Soviet empire.

Murray wondered: does libertarianism require me to support this, much less to celebrate it? Or might there be more to the immigration question after all?

And here Murray posed the problem just as I have: in a fully private-property society, people would have to be invited onto whatever property they traveled through or settled on.

If every piece of land in a country were owned by some person, group, or corporation, this would mean that no person could enter unless invited to enter and allowed to rent or purchase property. A totally privatized country would be as closed as the particular property owners desire. It seems clear, then, that the regime of open borders that exists de facto in the U.S. and Western Europe really amounts to a compulsory opening by the central state, the state in charge of all streets and public land areas, and does not genuinely reflect the wishes of the proprietors.

In the current situation, on the other hand, immigrants have access to public roads, public transportation, public buildings, and so on. Combine this with the state’s other curtailments of private property rights, and the result is artificial demographic shifts that would not occur in a free market. Property owners are forced to associate and do business with individuals they might otherwise avoid.

Roland Baader, like Mises and Rothbard, emphasized the importance of the moral foundations of society. He described the Ten Commandments as the “constitution of society.” You can be sure he would have wanted nothing to do with the libertines and degenerates who today masquerade as “left libertarians.”

I’d like to conclude with some thoughts on the dangers to libertarianism we need to confront. We have been told by some libertarians in recent months that yes, yes, libertarianism is about nonaggression and private property and all that, but that it is really part of a larger project opposed to all forms of oppression, whether state-imposed or not. This has two implications for the thick libertarian. First, opposing the state is not enough; a real libertarian must oppose various other forms of oppression, even though none of them involve physical aggression. Second, libertarianism should be supported because the reduction or abolition of the state will yield the other kinds of outcomes many thick libertarians support: smaller firms, more worker cooperatives, more economic equality, etc.

Let’s evaluate these implications one at a time.

To claim that it is not enough for the libertarian to oppose aggression is to fall into the trap that destroyed classical liberalism the first time, and transformed it into modern liberalism. How, after all, did the classical liberalism of the eighteenth and nineteenth centuries become the state-obsessed liberalism of the twentieth and twenty-first centuries? How did the once-venerable word liberalism become perverted in the first place? Precisely because of thickism. Sure, twentieth-century liberals said, we favor liberty, but since mere negative liberty – that is, restrictions on the state – doesn’t appear to yield a sufficiently egalitarian result, we need more than that. In addition to restrictions on some state activity, we need the expansion of other forms of state activity.

After all, the new liberals said, state oppression isn’t the only form of oppression in the world. There’s poverty, which limits people’s ability to make life choices. There’s private property, whose restrictions limit people’s ability to express themselves. There’s discrimination, which limits people’s opportunities. There’s name-calling, which makes people feel bad. To focus entirely on the state is to miss these very real forms of harm, the new liberals said.

Sound familiar? Is this not precisely what many thick libertarians are now saying? Attacking the state is not enough, we hear. We must attack “patriarchy,” hierarchy, inequality, and so on. Thick libertarians may disagree among themselves as to what additional commitments libertarianism entails, but they are all agreed that libertarianism cannot simply be dedicated to eradicating the initiation of physical force.

If some libertarians wish to hope for or work toward a society that conforms to their ideological preferences, they are of course free to do so. But it is wrong for them – especially given their insistence on a big tent within libertarianism – to impose on other libertarians whatever idiosyncratic spin they happen to have placed on our venerable tradition, to imply that people who do not share these other ideologies can’t be real libertarians, or to suggest that it would be “highly unlikely” that anyone who fails to hold them could really be a libertarian. That these are the same people who complain about “intolerance” is only the most glaring of the ironies.

Thus the danger of thick libertarianism is not simply that vast chunks of the American population will fail to pass its entrance requirements, not keeping up every ten minutes with what MSNBC informs us is acceptable to believe and say. The danger is that thick libertarianism will import its other concerns, which by their own admission do not involve the initiation of physical force, into libertarianism itself, thereby transforming it into something quite different from the straightforward and elegant moral and social system we have been defending for generations.

Now for the second implication, that opposition to the state should be favored because it will yield egalitarian outcomes. (Of course, the abolition of the state will necessarily increase the level of egalitarianism from the point of view of status; the inequality of status between state officials on the one hand, who today may carry out all kinds of moral outrages with the legitimacy of the state to support them, and ordinary people, who are constrained by the traditional moral rules against theft and aggression, on the other, will no longer exist when the state disappears.) But what if it doesn’t? The claim that firms will tend to be smaller on the free market, and that government policy encourages bigness in business, is far too sweeping a statement about far too complex a phenomenon. What if the absence of the state leads to no change in firm size, or in the employer-employee relationship, or in wealth inequality?

At that point, the question would become: to which principle are thick libertarians more committed, nonaggression or egalitarianism? What if they had to choose?

Likewise, the hatred of some classical liberals for the Church motivated them to confiscate Church property and impose restrictions of various kinds on Church activity. When it came down to a choice between their belief in liberty and their personal hatred for the Church, their personal hatred won the day, and their supposedly principled opposition to violence was temporarily suspended.

How people arrive at libertarianism is also immaterial. There are various schools of thought that culminate in the principle of nonaggression. Once there, we may of course debate what precisely constitutes aggression in particular cases, and other foundational questions within the general framework of the impermissibility of aggression. But if the school of thought you belong to takes you only partly toward nonaggression, it is not the case that you have discovered a new or better form of libertarianism. Such a case would mean only that you are partly a libertarian, not a different kind of libertarian.

Whether it’s the claim that self-defense laws are “racist,” that Bitcoin is “racist,” or that libertarians ought to throw off “white privilege” – all of which have been advanced by libertarians claiming to have moved beyond our alleged fixation with the nonaggression principle – the various forms of thick libertarianism are confusing the core teaching of what we believe. None of these concerns have the slightest bit to do with libertarianism.

All of these additional claims are a distraction from the central principle: if you oppose the initiation of physical force, you are a libertarian. I have no doubt that Roland Baader would have agreed. Let us move forward to advance the principles that he learned from Mises, against their detractors, whether “libertarian” or otherwise.

Categories: Current Affairs

Dads, is Family Discipleship on Your Calendar?

Children Desiring God - Wed, 19/09/2018 - 14:00

Christian dads, everything we do should be marked with intentionality—even how we take dominion over our schedules.

Using data analysis, our smartphones and smartwatches can monitor all kinds of details of our lives: our health, our money, our media consumption, and more. My phone often informs me about my schedule. “You have a full day tomorrow that starts early,” it says.

TimeSpent is an app that goes further. Inspired by the late Peter Drucker, who coached leaders to “know thy time,” it helps users complete the exercise Drucker recommended of keeping a log of their time in order to determine what they are doing over the course of 24-hour time periods.

What would such a tool show about your life? What would it indicate about your work, your exercise, or your leisure time? More importantly, what would it indicate about your life as a Christian dad?

Paul speaks directly to Christian dads in his letter to the Ephesians: “Fathers, do not provoke your children to anger, but bring them up in the discipline and instruction of the Lord” (Ephesians 6:4).

Logging The Right Kind of Time

If you were to log your time, what would your schedule say about your attention to this verse? What data would accumulate in your log from time spent disciplining your children in a corrective way, taking your children to church, or intentional family discipleship?

Faithfulness as a Christian father isn’t measured in a specific quantity of hours logged, but our schedules are a reflection of what’s important to us. In The Family Ministry Field Guide, Timothy Paul Jones describes a survey he conducted of Christian parents. He found a large majority understand their responsibility to raise their children in the instruction of the Lord, but they find it difficult to make time to do it intentionally such as through family Bible reading, worship, and prayer.

It’s not that parents are unable to bring their intentions to bear on their schedules. An analysis of time logs for many Christian parents would reveal that many family aspirations related to education, music, and sports somehow make the jump from intention to committed time. This is significant because much of what fills up our schedule as parents tends to be what can be described as secondary parenting goals.

Dr. Jeremy Pierre, a counseling professor at Southern Seminary, explains that an unspoken goal of many parents is “to maximize opportunities for the highest quality education and vocational training.” This leads them to fill up their schedules with sports, music lessons, and other related activities for their children. Pierre recognizes that while such a goal can be important to fulfilling a parent’s mission, it has to be seen as secondary to those primary, mission-critical goals that if not met will result in mission failure.

One of the mission critical, primary goals Pierre identifies for dads, based on Scripture, is to “demonstrate personal commitment to, and enjoyment of, the gospel of Jesus Christ in front of children, instructing them carefully in it.” That’s a well-articulated goal. Notice it’s not about punching a clock and knocking out family discipleship activities—it’s about instruction that grows out of a love for the gospel.

Dads who love baseball and hope to pass along a love of the game to their kids don’t settle for just watching baseball games on TV with their kids, or occasionally playing catch in the backyard. They talk about it naturally in various settings. They sign their kids up for T-ball and everything that follows it. Some even go the significant expense and effort of supporting their children in traveling baseball teams. A dad’s love for the game of baseball will be obvious in his schedule, even to the point of pushing beyond resistance from his kids or enduring the demands of regular practice and games.

Our kids are smarter than any app that analyzes schedules. They quickly discern what we love and what we want them to love based on how we spend our time. Children benefit greatly from hearing Sunday school lessons and sermons from teachers and preachers who love the gospel. But they are also watching to see if you love the gospel and if you want them to love it.

Faithfulness is Key

You don’t have to be qualified to teach or preach in order to demonstrate love for the gospel to your kids. In fact, Paul doesn’t include any qualifications for dads the way he does for elders and deacons when it comes to instruction in the Lord. You can do this.

Much of your faithfulness will come in the form of regularly taking your children to church and talking with them after the service about what they heard, patiently disciplining your children in a way that doesn’t provoke them to anger,I and leading your family in daily prayer. But your children also need to regularly hear you reading Scripture and teaching them from the Bible. That’s why your schedule needs some kind of regular family devotional time.

When I first started trying to get into a devotions routine with my family, I looked to products that had multiple steps and required a lot of front-end planning. I pulled off a few of these but quickly found myself feeling unqualified to execute the model, and frustrated by the need for prep time. As a result, our family devotion time was sporadic, even though I knew it was important to do.

I was grateful for an older friend who encouraged me to scrap the complicated model and simply pick up the Bible and read it to my family. “Just start reading through a book of the Bible, maybe start with the Gospel of John,” he said. “Now that my kids are grown, they tell me that our time together reading the Bible was the most meaningful part of their spiritual formation.”

When I asked him what kind of discussion they had about the text, he said they would talk about what the passage revealed about God and what it revealed about us and our need for Christ—but he said there were many nights his family would simply read a chapter from the Bible, pray for the Holy Spirit to illuminate it, and call it a night.

After taking this approach, our family was able to fit in much more family devotion time than we thought possible and were able to read much more of the Bible as a family than we would have imagined. We’ve even been able to add on to that Bible reading routine, singing worship songs and incorporating devotional resources such as Glorious God, Glorious Gospel.

When you feel under-qualified and crunched for time, you can trust the Holy Spirit to produce fruit from the means of regularly reading the Word to your children, leading your family in regular prayer, lovingly disciplining them, and regularly leading them to church for faithful preaching and teaching.

We probably won’t see an app anytime soon that informs us how our schedules line up with our responsibilities as Christian dads. But we can ask the Holy Spirit to grow our love for the gospel, and our desire to faithfully instruct our children from that love with as much of our schedule as we can, within the limited years God places them in our care.

Find more vision and resources for family discipleship here.

Categories: Christian Resources

RPKI and BGP: our path to securing Internet Routing

CloudFlare - Wed, 19/09/2018 - 13:01
 our path to securing Internet Routing our path to securing Internet Routing

This article will talk about our approach to network security using technologies like RPKI to sign Internet routes and protect our users and customers from route hijacks and misconfigurations. We are proud to announce we have started deploying active filtering by using RPKI for routing decisions and signing our routes.

Back in April, articles including our blog post on BGP and route-leaks were reported in the news, highlighting how IP addresses can be redirected maliciously or by mistake. While enormous, the underlying routing infrastructure, the bedrock of the Internet, has remained mostly unsecured.

At Cloudflare, we decided to secure our part of the Internet by protecting our customers and everyone using our services including our recursive resolver 1.1.1.1.

From BGP to RPKI, how do we Internet ?

A prefix is a range of IP addresses, for instance, 10.0.0.0/24, whose first address is 10.0.0.0 and the last one is 10.0.0.255. A computer or a server usually have one. A router creates a list of reachable prefixes called a routing table and uses this routing table to transport packets from a source to a destination.  

On the Internet, network devices exchange routes via a protocol called BGP (Border Gateway Protocol). BGP enables a map of the interconnections on the Internet so that packets can be sent across different networks to reach their final destination. BGP binds the separate networks together into the Internet.

This dynamic protocol is also what makes Internet so resilient by providing multiple paths in case a router on the way fails. A BGP announcement is usually composed of a prefix which can be reached at a destination and was originated by an Autonomous System Number (ASN).

IP addresses and Autonomous Systems Numbers are allocated by five Regional Internet Registries (RIR): Afrinic for Africa, APNIC for Asia-Pacific, ARIN for North America, LACNIC for Central and South America and RIPE for Europe, Middle-East and Russia. Each one operates independently.

 our path to securing Internet Routing

With more than 700,000 IPv4 routes and 40,000 IPv6 routes announced by all Internet actors, it is difficult to know who owns which resource.

There is no simple relationship between the entity that has a prefix assigned, the one that announces it with an ASN and the ones that receive or send packets with these IP addresses. An entity owning 10.0.0.0/8 may be delegating a subset 10.1.0.0/24 of that space to another operator while being announced through the AS of another entity.

Thereby, a route leak or a route hijack is defined as the illegitimate advertisement of an IP space. The term route hijack implies a malicious purpose while a route leak usually happens because of a misconfiguration.

A change in route will cause the traffic to be redirected via other networks. Unencrypted traffic can be read and modified. HTTP webpages and DNS without DNSSEC are sensitive to these exploits.

 our path to securing Internet Routing

You can learn more about BGP Hijacking in our Learning Center.

When an illegitimate announcement is detected by a peer, they usually notify the origin and reconfigure their network to reject the invalid route.Unfortunately, the time to detect and act upon may take from a few minutes up to a few days, more than enough to steal cryptocurrencies, poison a DNS cache or make a website unavailable.

A few systems exist to document and prevent illegitimate BGP announcements.

The Internet Routing Registries (IRR) are semi-public databases used by network operators to register their assigned Internet resources. Some database maintainers do not check whether the entry was actually made by the owner, nor check if the prefix has been transferred to somebody else. This makes them prone to error and not completely reliable.

Resource Public Key Infrastructure (RPKI) is similar to the IRR “route” objects, but adding the authentication with cryptography.

Here’s how it works: each RIR has a root certificate. They can generate a signed certificate for a Local Internet Registry (LIR, a.k.a. a network operator) with all the resources they are assigned (IPs and ASNs). The LIR then signs the prefix containing the origin AS that they intend to use: a ROA (Route Object Authorization) is created. ROAs are just simple X.509 certificates.

If you are used to SSL/TLS certificates used by browsers to authenticate the holder of a website, then ROAs are the equivalent in the Internet routing world.

 our path to securing Internet Routing our path to securing Internet Routing

Signing prefixes

Each network operator owning and managing Internet resources (IP addresses, Autonomous System Numbers) has access to their Regional Internet Registry portal. Signing their prefixes through the portal or the API of their RIR is the easiest way to start with RPKI.

Because of our global presence, Cloudflare has resources in each of the 5 RIR regions. With more than 800 prefix announcements over different ASNs, the first step was to ensure the prefixes we were going to sign were correctly announced.

We started by signing our less used prefixes, checked if the traffic levels remained the same and then signed more prefixes. Today about 25% of Cloudflare prefixes are signed. This includes our critical DNS servers and our public 1.1.1.1 resolver.

Enforcing validated prefixes

Signing the prefixes is one thing. But ensuring that the prefixes we receive from our peers match their certificates is another.

The first part is validating the certificate chain. It is done by synchronizing the RIR databases of ROAs through rsync (although there are some new proposals regarding distribution over HTTPS), then check the signature of every ROA against the RIR’s certificate public key. Once the valid records are known, this information is sent to the routers.

Major vendors support a protocol called RPKI to Router Protocol (abbreviated as RTR). This is a simple protocol for passing a list of valid prefixes with their origin ASN and expected mask length. However, while the RFC defines 4 different secure transport methods, vendors have only implemented the insecure one. Routes sent in clear text over TCP can be tampered with.

 our path to securing Internet Routing

With more than 150 routers over the globe, it would be unsafe to rely on these cleartext TCP sessions over the insecure and lossy Internet to our validator. We needed local distribution on a link we know secure and reliable.

One option we considered was to install an RPKI RTR server and a validator in each of our 150+ datacenters, but doing so would cause a significant increase in operational cost and reduce debugging capabilities.

Introducing GoRTR

We needed an easier way of passing an RPKI cache securely. After some system design sessions, we settled on distributing the list of valid routes from a central validator securely, distribute it via our own Content Delivery Network and use a lightweight local RTR server. This server fetches the cache file over HTTPS and passes the routes over RTR.

Rolling out this system on all our PoPs using automation was straightforward and we are progressively moving towards enforcing strict validation of RPKI signed routes everywhere.

 our path to securing Internet Routing

To encourage adoption of Route Origin Validation on the Internet, we also want to provide this service to everyone, for free. You can already download our RTR server with the cache behind Cloudflare. Just configure your Juniper or Cisco router. And if you do not want to use our file of prefixes, it is compatible with the RIPE RPKI Validator Export format.

We are also working on providing a public RTR server using our own Spectrum service so that you will not have to install anything, just make sure you peer with us! Cloudflare is present on many Internet Exchange Points so we are one hop away from most routers.

Certificate transparency

A few months ago, Nick Sullivan introduced our new Nimbus Certificate Transparency Log.

In order to track the emitted certificates in the RPKI, our Crypto team created a new Certificate Transparency Log called Cirrus which includes the five RIRs root certificates as trust anchors. Certificate transparency is a great tool for detecting bad behavior in the RPKI because it keeps a permanent record of all valid certificates that are submitted to it in an append-only database that can’t be modified without detection. It also enables users to download the entire set of certificates via an HTTP API.

Being aware of route leaks

We use services like BGPmon and other public observation services extensively to ensure quick action if some of our prefixes are leaked. We also have internal BGP and BMP collectors, aggregating more than 60 millions routes and processing live updates.

Our filters make use of this live feed to ensure we are alerted when a suspicious route appears.

The future

The latest statistics suggest that around 8.7% of the IPv4 Internet routes are signed with RPKI, but only 0.5% of all the networks apply strict RPKI validation.
Even with RPKI validation enforced, a BGP actor could still impersonate your origin AS and advertise your BGP route through a malicious router configuration.

However that can be partially solved by denser interconnections, that Cloudflare already has through an extensive network of private and public interconnections.
To be fully effective, RPKI must be deployed by multiple major network operators.

As said by Job Snijders from NTT Communications, who’s been at the forefront of the efforts of securing Internet routing:

If the Internet's major content providers use RPKI and validate routes, the impact of BGP attacks is greatly reduced because protected paths are formed back and forth. It'll only take a small specific group of densely connected organizations to positively impact the Internet experience for billions of end users.

RPKI is not a bullet-proof solution to securing all routing on the Internet, however it represents the first milestone in moving from trust based to authentication based routing. Our intention is to demonstrate that it can be done simply and cost efficiently. We are inviting operators of critical Internet infrastructure to follow us in a large scale deployment.

Subscribe to the blog for daily updates on our announcements.

 our path to securing Internet Routing
Categories: Technology

RPKI - The required cryptographic upgrade to BGP routing

CloudFlare - Wed, 19/09/2018 - 13:00
RPKI - The required cryptographic upgrade to BGP routing

We have talked about the BGP Internet routing protocol before. We have talked about how we build a more resilient network and how we can see outages at a country-level via BGP. We have even talked about the network community that is vital to the operation of the global Internet.

Today we need to talk about why existing operational practices for BGP routing and filtering have to significantly improve in order to finally stop route leaks and hijacks; which are sadly pervasive in today’s Internet routing world. In fact, the subtle art of running a BGP network and the various tools (both online and within your a networks subsystems) that are vital to making the Internet routing world a safe and reliable place to operate need to improve.

Internet routing and BGP and security along with its operational expertise must improve globally.

RPKI - The required cryptographic upgrade to BGP routingphoto by Marco Verch by/2.0

Nothing specific triggered today’s writing except the fact that Cloudflare has decided that it's high-time we took a leadership role to finally secure BGP routing. We believe that each and every network needs to change its mindset towards BGP security both on a day-by-day and a long-term basis.

It's time to stop BGP route leaks and hijacks by deploying operationally-excellent RPKI!

Cloudflare commits to RPKI

Resource Public Key Infrastructure (RPKI) is a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number. RPKI is defined in RFC6480 (An Infrastructure to Support Secure Internet Routing). Cloudflare commits to RPKI.

Because any route can be originated and announced by any random network, independent of its rights to announce that route, there needs to be an out-of-band method to help BGP manage which network can announce which route. That system exists today. It's part of the IRR (Internet Routing Registry) system. Many registries exist, some run by networks, some by RIRs (Regional Internet Registries) and the grand daddy of IRRs, Merit's RADB service. This service provides a collective method to allow one network to filter another networks routes.

This works somewhat. An invalid announcement is normally squashed near-instantly as the route crosses an ASN boundary because one network is meant to filter the other network (based on rules created from the IRR database). This of course doesn’t happen perfectly - in fact, far from it. Route leaks or route hijacks happen more often than they should. A fact that is well documented. Here’s the highlights:

  • 1997 - AS7007 mistakenly (re)announces 72,000+ routes (becomes the poster-child for route filtering).
  • 2008 - ISP in Pakistan accidentally announces IP routes for YouTube by blackholing the video service internally to their network.
  • 2017 - Russian ISP leaks 36 prefixes for payments services owned by Mastercard, Visa, and major banks.
  • 2018 - BGP hijack of Amazon DNS to steal crypto currency.

That’s just a partial list! Each route leak or hijack exposes a lack of route filtering by the network that peers or transits the offending network.

RPKI comes into the picture because the existing IRR system lacks any form of cryptographic signing for its data. In fact, today the IRR databases contain plenty of invalid data (both stale data and typo’ed data). There's very little control over the creation of invalid data.

Implementing RPKI is just the first step in better BGP route security because RPKI only secures the route origin; it doesn't secure the path. (Sadly the same is true for IRR data). When we want to secure the path; we are going to need something else; but that comes later.

The RPKI TL;DR

BGP routing isn’t secure. Its main hope, RPKI, uses a certificate system that’s akin to secure web browsing (or at-least its early days). While secure web browsing has moved on and is far more secure and is somewhat the default these days, the state of BGP route validation has not moved forward. To secure BGP routing, all networks would need to be embrace RPKI (and more). Cloudflare proposes to plot a course to improve BGP routing-security globally by setting an example and implementing best practices, installing operationally excellent software and promoting its RPKI effort worldwide. RPKI is one of our focuses in 2018 and beyond!

The simplest introduction to BGP possible

BGP isn’t simple. BGP on the global Internet doubly-so. This fact should not deter either the casual reader or the seasoned network engineer. What is important is to place the limit around what is worth knowing about and discarding all the minor items that make up the very complex world of BGP networking. In fact, to operate a BGP enabled network connected to a telco or ISP isn’t that complicated. It turns out that in the world of BGP, security is an afterthought.

Lets begin.

I’m going to pick a hypothetical example. A University in a country that operates an NREN (National Research & Education Network). This is not uncommon. The university in this case is connected via a single telecommunications link and (using BGP terminology) has a single upstream. The NREN provides all the connectivity to the local and global Internet, along with other NRENs in other countries.

We start with some basics. BGP is about numbers. First off is a unique number called the Autonomous System Number or ASN. This number comes from a range of numbers that are managed by the RIRs (Regional Internet Registries). For example, Cloudflare has the AS number 13335 allocated for its network. ASNs were just 16-bit numbers, but are now 32-bit numbers (because the internet grew to the point of running out of the 65,536 or 2^16 initial allocation). For our university, we will use 65099 as our example ASN. This is from the reserved block of ASNs and used here for documentation reasons only.

The second number is the IP addresses allocated to the university. Most reader are familiar with IP addresses; however in the BGP world we use IP blocks called CIDRs (Classless Inter-Domain Routing). This is a range of IP addresses that are sequential and bonded on binary boundaries. Within Cloudflare, we have quite a few IP blocks allocated by the RIRs. For our example, we will assume the university has two blocks allocated. 10.0.0.0/8 and 2001:db8::/32 . Both these are private or documentation addresses and later-on you’ll see these show up again in a different manner when we talk about filtering.

This is enough for us to get the university ready to connect to the NREN. Or maybe not.

Ready to connect

Hold on a second - there’s paperwork to fill-in. Not actual paper; but close enough. While the internet is build on the concept of permissionless innovation, there’s still good practices that still need to be adhered too.

Before you can announce a route via your BGP speaking router, you need to setup either an IRR route object or an RPKI ROA (or both).

Internet Routing Registries

The IRR (Internet Routing Registries) is used to record a route that will be announced on the Internet and associate it with the ASN that will announce it. In this example we will use the private or documentation ranges of 10.0.0.0/8 and 2001:db8::/32 along with ASN 65099. The simplest IRR routing record looks like this:

route: 10.0.0.0/8 origin: AS65099

In reality, we need a lot more to make it fully-functional and we need a place to upload this routing record. You could use your RIR to host your IRR data, or you could use global services like RADB or ALTDB. You can also use your transit provider in some cases. Once you have an account setup on one of these services, you will be ready to upload these routing record (how you upload it is very specific to the IRR chosen).

route: 10.0.0.0/8 descr: University of Blogging descr: Anytown, USA origin: AS65099 mnt-by: MNT-UNIVERSITY notify: person@example.com changed: person@example.com 20180101 source: RADB

That last line reflects where you store your IRR routing record.

IRR for your ASN

Just like your IP network blocks, its also good to place a record for your ASN in the IRR. When you networking gets more complex, this will be solidly needed. It doesn’t hurt to add it now.

aut-num: AS65099 as-name: UNIVERSITY-OF-BLOGGING-AS descr: University of Blogging descr: Anytown, USA mnt-by: MNT-UNIVERSITY notify: person@example.com changed: person@example.com 20180101 source: RADB

You can check for their existence using the classic command line whois command (or the RADB website).

One last item needs to be completed; but not by you.

Your ASN needs to be placed in the as-set of your upstream ISP (or service provider). The entry in there will provide the rest of the global Internet an indication that your ASN is allowed to be routed via your upstream (the NREN in this case). If all goes well, something like this will show up in the IRRs.

as-set: AS-NREN descr: NREN of country XX members: ... members: AS65099 members: ... mnt-by: MNT-NREN notify: person@example.edu changed: person@example.edu 20180101 source: RADB

The members area of this as-set provides a list of ASNs that are announced by the upstream (the ASN). We have not defined the upstreams ASN yet, so lets pretend they are ASN 65001 (this ASN is still from the documentation range).

Getting the university online

BGP (like everything in networking) needs some configuration setup. This configuration would exist on a network router at the edge of your network, or whatever device is being used to connect the local network to the upstream (the NREN). We are using a very simple router config here to show the minimum configuration needed. Your configuration language could be different.

router bgp 65099 neighbor 192.168.0.2 remote-as 65001 neighbor 192.168.0.2 prefix-list as65001-listen in neighbor 192.168.0.2 route-map as65001-listen in

This is a very trivial example (it’s missing a complete filter configuration that’s normally required). The key point is that the router doesn’t contain any code or language regarding the IRR entries shown above. That’s because the IRR entries are out-of-band. They exist outside of the BGP protocol. In other words, it takes more than just configuring a BGP session in order to actually connect to the global Internet.

The key filtering comes into play on the upstream (the NREN in this example). It’s the job of that network to confirm everything heard from its customer.

RPKI vs IRR - why is it so important?

Two global databases are being discussed today. IRR & RPKI. While IRR is clearly in use today; it’s not the primary focus herein. However, it’s the de-facto bridging option for route filtering today.

As stated above, Internet Routing Registries (IRRs) have a very loose security model. This has been known for a long time. Records exist within IRRs that are both clearly wrong and/or are clearly missing. There’s no cryptographic signing of records. There are multiple suppliers of IRR data; some better than others. IRR still has some proponents that want to clean up its operational data (including the author of this blog). Efforts like IRRD4 (by Job Snijders @ NTT) could help clean-up IRR usage. IRR is not the main focus herein.

Resource Public Key Infrastructure (RPKI) is a cryptographic method of signing records that associate a route with an originating AS number. Presently the five RIRs (AFRINIC, APNIC, ARIN, LACNIC & RIPE) provide a method for members to take an IP/ASN pair and sign a ROA (Route Origin Authorization) record. The ROA record is what we need to focus on.

RPKI - The required cryptographic upgrade to BGP routing

Once a route is signed; it can propagate to anyone that wants to use the data to filter routing or monitor this data as ROAs are public. A ROA is a digitally signed object that makes use of RFC3852 Cryptographic Message Syntax (CMS) as a standard encapsulation format. In fact ROAs are X.509 certificates as defined in RFC5280 (Internet X.509 Public Key Infrastructure Certificate) and RFC3779 (X.509 Extensions for IP Addresses and AS Identifiers).

As the ROA is a digitally signed object, it provides a means of verifying that an IP address block holder has authorized an AS (Autonomous System) to originate routes to that one or more prefixes within the address block. The RPKI system provides an attestation method for BGP routing.

define attestation:
 ... the action of bearing witness
 ... something which bears witness, confirms or authenticates

The existence of routing information (an IP block plus the matching ASN) within a valid certificate (i.e. something that can be validated against the RIRs TAs) is the missing part of the BGP security system and something that the IRR system can't provide. You really know who should be doing what with a BGP route.

Where are the certificates if they are not in the BGP protocol?

Good question. As we said above, the routing databases are outside of the BGP protocol. Both IRR and RPKI use a third-party entities to hold the database information. The difference is that with RPKI the same entity that allocated or assigned a numeric resource (like an IP address or ASN) also holds the CA (Certificate Authority) used to validate the ROAs record.

In the RPKI world; CAs are called TAs, or Trust Authorities. However, if you are familiar with the web security model, then you are familiar with what a TA is.

Who could operate a TA?

Today the five RIRs are the TAs for RPKI. This makes sense. Only the RIRs know who is an owner of IP space (and ASs). The present day RPKI systems operate in conjunction with existing RIR login credentials. Once you can login to a portal and control your IP allocations and ASN allocations; then you can also create, edit, modify, and delete RPKI data in the forms of ROAs. This is the basis of how RPKI separates itself from the IRR. You can only sign your own resources. You can’t just randomly create data. If you lose your RIR allocation, then you lose the RPKI data.
From a policy point of view, there are some interesting issues that become apparent pretty quickly. First off, an ISP with an allocation needs to keep its RIR membership up to date (i.e. pay its dues). Second, it needs to be aware that the RIR and the ISP could be legal entities based in different countries and hence international law plays a role in any dispute between the ISP and RIR or in fact any third party that gets involved in an IP address dispute. This has been a concern within the RIPE (Europe, the Middle East and parts of Central Asia) region as RIPE is based in The Netherlands. Similarly, ARIN (North America and parts of the Caribbean) is a US entity.

Which RIR for which IP address?

Presently, because of the large amount of IP address transfers occurring between some RIR regions, the RIRs changed their TA root certificates so that each RIR includes every available IP address (0.0.0.0/0 & ::/0) and every available AS number (0-4,294,967,295). IP numeric space and ASN numeric space are well defined as follows:

IPv4: 0.0.0.0 - 255.255.255.255 IPv6: 0000:0000:0000:0000:0000:0000:0000:0000 - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ASN: 1 - 4,294,967,295 (AS 0 is unused)

IANA (Internet Assigned Numbers Authority) holds the master list for this space and divvies it up the five RIRs as allocations or assignments. The IPv4 and IPv6 assignments can be seen here and  here. ASNs can be found here. For example, here’s an abbreviated overview into how IPv6 space is allocated to various RIRs.

Prefix Designation Date WHOIS Status 2001:0000::/23 IANA 1999-07-01 whois.iana.org ALLOCATED 2001:0200::/23 APNIC 1999-07-01 whois.apnic.net ALLOCATED 2001:0400::/23 ARIN 1999-07-01 whois.arin.net ALLOCATED ... 2001:1200::/23 LACNIC 2002-11-01 whois.lacnic.net ALLOCATED ... 2001:4200::/23 AFRINIC 2004-06-01 whois.afrinic.net ALLOCATED ... 2002:0000::/16 6to4 2001-02-01 ALLOCATED ... 2a00:0000::/12 RIPE NCC 2006-10-03 whois.ripe.net ALLOCATED 2c00:0000::/12 AFRINIC 2006-10-03 whois.afrinic.net ALLOCATED ...

As stated above; each RIR holds a root key (a TA, or Trust Anchor) that provides them the ability to create signed records below their root. Below that TA there is a certificate that covers the exact space allocated or assigned to the specific RIR. This allows the TA to be somewhat static (or stable) and the RIR to update the underlying records as-needed.

Who is implementing RPKI today?

Sadly not enough people or networks. While each RIR is supporting RPKI for its members; the toolset for successfully operating a network with RPKI enabled route filtering is still very limited.

It turns out that IXP (Internet Exchange Points) have started to realize that filtering using RPKI is a valid option for their route-servers.

In addition, a handful of networks are also participating in both signing IP routes and verifying IP routes via RPKI. This isn’t quite enough to secure the global Internet yet.

Then there's the Dutch!

In early September, the NLNOG technical meeting featured a non-trivial number of RPKI-related talks. It seems that local Dutch operators and software developers are taking RPKI seriously and it’s possible that The Netherlands may contain some of the more forward-thinking RPKI networks around. Read more here.

Mutually Agreed Norms for Routing Security (MANRS)

The Internet Society (Cloudflare is a strong supporter of this organization) has pushed an initiative called MANRS (Mutually Agreed Norms for Routing Security) in order to convince the network operator community to implement routing security. It focuses on Filtering, Anti-spoofing, Coordination, and Global Validation. The Internet Society is doing a good job in educating networks on the importance of better routing security. While they do educate networks about various aspects of running a healthy BGP environment; it's not an effort that creates any of the required new technologies. MANRS simply promotes best-practices, which is a good start and something Cloudflare can collaborate on. That all said, we think it’s simply too-polite an effort as it doesn’t have enough teeth to quickly change how networks behave.

Cloudflare also wants to move the BGP community further along the RPKI path. Our operational efforts can, and should, coexist with The Internet Society’s MANRS initiative; however, we're focusing on operationally viable solutions that help move the global network community much further along.

How is RPKI deployed in a real operational network

As network operators don’t want to run an cryptographic software on the control plane of a router (or even have RPKI data anywhere near the control plane), the normal deployment is to pair routers with a server.

RPKI - The required cryptographic upgrade to BGP routing


The server runs all the RPKI code (including the crypto processing of the TA, the certificate tree, and the ROAs). When the router sees a new route, the router send a simple message across a communications path (that includes the origin AS plus the IP route). The server, running a validator, responds with a yes/no answer that drives the filtering of that BGP route. This lightweight protocol is defined in RFC6810, then updated later to include some BGPsec support in RFC8210 (The Resource Public Key Infrastructure (RPKI) to Router Protocol). This lightweight protocol is nicknamed “RTR”.

Present implementations include https://github.com/rtrlib/rtrlib (in ‘C’) and NIST’s package https://www.nist.gov/services-resources/software/bgp-secure-routing-extension-bgp-srx-prototype which is based on quagga; hence not usable in production.

Operationally, neither are fully usable within production environments.
The RIPE validator https://github.com/RIPE-NCC/rpki-validator-3 (written in Java) can produce filter sets similar to IRR tools and seems to be the most prevalent tool for the limited number of RPKI setups found in networks today. There's recently a software release from NLnet Labs research group which is Rust-based. Their RPKI validator is called Routinator 3000.

The industry still needs some more operationally-focused software!

Can everyone participate in RPKI routing filtering?

Yes. No. Maybe. Ask your lawyers.

For many years there’s been a solid discussion about the role of the RIRs as holders of the private key of the CA at the top of their tree. Five trees. IANA was meant to run a single root above them (similar to how DNSSEC works with one key held at the DNS root - or dot); but that didn’t happen for many reasons including the fact that IANA/ICANN was essentially reporting to the US government back when this was all being setup. The RIR setup has stuck and at this point no-one expects IANA to ever hold a single root certificate, plus it’s all historic at this point and not worth rehashing here.

This is not a major operational issue; however it does have some slight consequences. While having five roots could be considered a messy setup, it actually matches the web space CA model.

Some RIR regions have special issues. ARIN (in North America and portions of the Caribbean) has a TA and ROAs; but wants full indemnification should the data be wrong or used incorrectly. In the RIPE region (Europe, ME & Russia), the members voted down full support for RPKI because they didn’t want to have a Dutch entity (RIPE NCC) hold a certificate for a non-Dutch entity and have a Dutch LEA letter shutdown a network by forcing that certificate to be invalidated. Read their respective terms of service:

The legal issues aren’t the focus of this blog entry; but it will be obvious later when implementing RPKI as-to-why the legal issues become an impediment to successful global RPKI deployment.

IRR - legacy or bridging solution?

Everyone assumes that IRR will ultimately go away; however, that’s a long long way out. There’s efforts underway to make IRR data cleaner, and in some cases, to (finally) link the underlying RPKI & IRR data together. They are very similar data; but with different security models.

This blog post was written with RPKI as the go-forward methodology in mind and hence does not need to address all the subtle issues around IRR brokenness. It would be a whole fresh blog post to address the legacy issues within IRR. That said, it’s clear that RPKI isn’t today a complete substitute for all the IRR data (and RPSL/RPSLng data) that exists today. The good news is that there’s work within the IETF and drafts in-flight to cover that. RPKI is a good protocol to base route filtering on and Cloudflare will be rolling out full support for RPKI enabled filtering and route announcements within its global network.

If you look back at the examples above of the university and its NREN, then realize that in the RPKI world the same information is being stored; however, the validity and attestation of the data increases n-fold once RPKI becomes the universal mechanism of choice.

Cloudflare wants to see this happen and will push for RPKI to become mainstream within the BGP world. We want to squash the existence of BGP route leaks and hijacks forever!

Next steps

Read the RPKI and BGP: securing our part of the Internet blog entry to follow what we are doing on the technical side for Cloudflare’s RPKI implementation.

Subscribe to the blog for daily updates on our announcements.

RPKI - The required cryptographic upgrade to BGP routing
Categories: Technology

Pro-life charity's freedom of speech restricted as abortion clinic ‘buffer zones’ rejected

Christian Concern - Wed, 19/09/2018 - 12:48
In a victory for freedom of speech, the Home Secretary, Sajid Javid, has rejected calls for ‘buffer zones’ to be introduced outside abortion clinics, saying that they “would not be a proportionate response” to pro-life activities. This ironically comes as a pro-life charity has been banned from having a stall at freshers’ fairs in three different universities. Pro-life charity's freedom of speech restricted as abortion clinic ‘buffer zones’ rejected

In a victory for freedom of speech, the Home Secretary, Sajid Javid, has rejected calls for ‘buffer zones’ to be introduced outside abortion clinics, saying that they “would not be a proportionate response” to pro-life activities. This ironically comes as a pro-life charity has been banned from having a stall at freshers’ fairs in three different universities.
 

read more

Pages

Subscribe to oakleys.org.uk aggregator
Additional Terms