Wednesday, July 28, 2021

COVID-19: federal election, and low-interest / high-inflation

COVID-19 messaging and the federal election

The upcoming federal election timing seems to be based on the idea that lockdowns will be over, borders will be reopened, and citizens will be vaccinated.

We're then just waiting to give the government that made this possible a majority mandate so that they can lead us into the genuinely and truly unknown. Really: I don't know, and nor does anyone else.

So, that is the strategy, but they'd better get going on a parallel strategy to bring people onside with the idea that rising case counts are OK in a world where people who wanted to be vaccinated have had the opportunity.

First: the Federal government doesn't control lockdowns to a large extent. That's up to the provinces and PHUs.

In Ontario, we have no date for full reopening, and further reopening is conditional on vaccination targets that may never be met. There is no visible plan beyond the current stage of partial reopening.

The message pushed by the media continues to be that case counts are the primary concern.

Since the vaccine doesn't prevent infection, it's reasonable to expect that case counts will start rising again in September and October like they did last year. However, you'd expect the cases to be mostly non-serious for the vaccinated. It seems clear that this virus is not going away, unless it naturally weakens and goes away on its own.

We haven't yet brought people onside with the idea that high case counts are OK as long as other metrics are under control. To be fair, other countries are struggling to do this as well, but I expect the UK to arrive at a proposal. They have gone full steam ahead on the reopening as of mid-July, removing most if not all restrictions, and are seeing major case count increases but low death rates. They have been about 2 months ahead of us on reopening.

For our messaging, I'd propose focusing entirely on the actual hospitalization and death risk to under-12s and the vaccinated. Everyone who wants both vaccine doses will have had the opportunity very soon, so presumably the unvaccinated are happy to take the risk, and we'll have the healthcare resources to handle them.

This will need to become like the flu, where plenty of people get an uncomfortable case periodically; some people get hospitalized; some people die; but largely it does not affect most people beyond an uncomfortable few days of symptoms.

So, unless they the Federal government gets going on working that messaging through the system, the narrative come Election Day may be "well, they opened the borders to US travellers in August; and then they opened the borders to foreign travellers in September; and look at our case counts! We can't reopen and he wants an election?!". Other countries have had elections during the pandemic, but this one is not mandatory and as a feature of our minority government would need to be instigated.

Low-interest / high-inflation

At some point, I have a feeling that it's going to become obvious (rather than be revealed) that this low-interest / high-inflation world we are growing into is not transitory, but is a new normal to be managed by a stronger state.

I can't say I'm 100% confident about this, but how can anyone be at this point? I just don't think it's a sure thing that "high inflation means we will raise interest rates to bring inflation back on target". That was just what we did yesterday.

Part of the "great reset" narrative is about moving from asset ownership to asset rental, and low interest / high inflation puts assets out of reach for many while providing an opportunity via wage inflation to rent more of what you would otherwise have owned.

Another reason high inflation is wanted is to inflate away the piles of debt that have accumulated during COVID-19. Not only does it inflate away the debt, but it also increases taxes through the back door, because higher receipts and/or higher wages both lead to higher GDP and higher taxes, even if the tax rates stay the same.

It also transfers wealth from savers to debtors. Savers get lower returns on their capital and debtors get higher prices on assets purchased with cheap debt.

The notion that monetary policy is a science where you have rules that you apply consistently to get a result is not true. Monetary policy is bent toward what society needs from the monetary system at any given time. We need something new because the old tools aren't working anymore.

We haven't done inflation targeting forever, so it's perfectly reasonable that we'd change course if it's not doing what we'd want anymore. It will screw up people who are rigidly attached to the old system, however, and anyone that made assumptions based on it (i.e. retirees). I assume Millennials will be fine to let retirees (Boomers) sweat a little bit.

I think many people could have seen this coming. It has been decades in the making. We're just now getting confirmation of what many suspected was the case - that is, that governments and people are far too indebted for significant interest rate hikes to be a reasonable response to excess inflation.

The part that's missing from the picture is the part where governments have to control the flow of capital in other ways. Less "invisible hand" and more "nasty government hand". For example, the stress test on mortgages, which makes you qualify at a higher rate than the market demands in order to borrow to buy a house. Essentially, this is a government-influenced qualification that is higher than the market rate and applies only to houses. This type of thinking would be perfectly in line with the general economic shift away from "one size fits all" systems and toward crafting solutions for specific purposes and use cases.

I didn't say anything about yield curve control, which is presumably a necessary part of this if it is in fact a thing. I don't want to think about that yet.

Electric vehicles and what they mean to me as at July 28th, 2021

So here are the mental notes I've made over the past couple of years on this electric vehicle experiment:

  1. You have to drive an EV around 30,000km before you break even on the carbon emissions required to build the battery over and above the emissions required to build the common components between gas and EV. That is, when you drive an EV off the lot you have to drive 30,000km before the lower carbon emissions of driving on a battery have offset the emissions required to make the battery. After 30K, you pull ahead.

  2. With the exception of Tesla, fast chargers are on multiple networks, in odd locations, and there is no reliable source of charger availability. You can find charger locations easily enough and it contains availability data, but the data on whether or not they are working or occupied is not reliable.

  3. EVs are more expensive up-front but their maintenance and operating costs are much lower.

  4. EVs are heavier than their gas equivalents due to the battery, and as a result they contribute more to wear and tear on roads (which is primarily driven by weight-per-axle). Presumably they will also turn out to be more fatal in collisions. Example: the forthcoming F-150 Lightning truck is 1800lbs heavier than the gas version.

  5. Fast chargers may only work at half-speed if someone is charging in the bay next to you.

  6. Unlike gas vehicles, you get less mileage on the highway than in the city. The range drops fast if you drive the car fast, and you can't take advantage of regenerative braking if you aren't braking. If you're one of those people that drives 130km/h on the highway, you are going to get less range - maybe significantly less - than going at 100.

  7. This isn't fully clear yet because the market hasn't been fleshed out with larger vehicles, but with chargers having a fixed supply rate, I imagine that larger, heavier vehicles like crossovers, trucks, and SUVs with less-aerodynamic postures are going to take longer to charge to achieve the same range as a smaller car.

And this leads me to these conclusions:

  1. My personal focus is on driving as little as possible and using transit where I can. Driving less in any car is better than driving more in an EV. As an infrequent driver, the carbon emission reductions are not going to be significant for me.

  2. EVs are better for the environment in some cases, but not good for the environment. Mining battery metals is not a clean process, all things considered, but the impact will be more on things that you never notice, like polluting someone else's local environment, employing someone else's child labour, dragging a deep ocean floor you never see, or depleting someone else's groundwater than about carbon emissions. We seem to be on track to prioritize carbon emissions over all else.

  3. There is no such thing as a car that is "good for the environment". All cars are made from mined metals, coated with toxic paint, have plastic interiors, and ride on rubber tires. All cars require roads that are usually made from asphalt or concrete.


And I'm reminded that one of the arguments for diesel cars was that they had fewer carbon dioxide emissions than gasoline cars, at the expense of emitting more pollutants that had a more direct, localized effect on the people that lived around them.

Sunday, July 18, 2021

"Healthy in moderation" is an exclusive statement

It occurred to me the other day that if your diet is mostly made up of things that "can be part of a healthy lifestyle" then you must have a very unhealthy diet indeed.

How quickly the ways to listen to music have changed: Luka Bloom, etc.

I recently went to look up an artist to whom I listened to quite enthusiastically when I was in University, but to whom I haven't listened to in some time.

I don't like to bucket musicians into genres because, whether true or not, I secretly suspect that they hate it. But, Luka Bloom was the artist I went to look up, and he would fall roughly into the "Irish folk singer-songwriter" genre. I first heard Mr. Bloom on one of those Windham Hill collections that were popular in the 1990s, and went on to admire his back catalogue.

I was happy to find that he was still active and had released some new material. But, I could not believe that it was not on Spotify.

I pretty much listen to everything on Spotify now. I have muscles that have memorized how to listen to music in any given situation and they have only been fully-trained on Spotify.

Back in the day, I was one of those people who amassed stacks and stacks of CDs organized into multitudes of CD towers. As time went on and I moved from place to place, it got to the point where I didn't get them out of the moving boxes anymore, and they stayed in storage.

Initially, the reason they stayed in situ was because I had converted the purchased CDs into MP3 files as soon as I added them to my collection. Over time, the CDs had been mostly been for display. For many years, I listened to most of my music digitally using the Squeezebox line of digital music players, many of which were scattered around the house. Squeezebox eventually got discontinued, though I still have a number in use.

But, then came Spotify. In most cases, it became easier to listen to all of my music - purchased or not - through Spotify.

So, coming back to Luka Bloom, I was surprised to find that he'd made an executive decision to not release his latest music on Spotify and to make it available only on his website, where all of the money goes directly to the people that made the whole package possible.

I fully respect with and agree with this decision. I don't understand how great artists with loyal but modest followings manage to make any money off the platform. It seems optimized for superstars with millions of plays each month. Beyond just respecting this decision, I like it a lot. But it nonetheless threw me a curveball: I've mostly forgotten how to listen to MP3 files that I own in all the places I listen to Spotify.

I've figured it out, of course, and found a way to make it accessible wherever I am - I'm one of those technical people - but the point is that there must be many people out there who have no idea how to listen to music that's not on Spotify (or Apple Music, YouTube Music, etc.), and people who risk their visibility and income by not using that platform may be shut out of an audience altogether.

Regardless, I bought the albums blind. Another moment of discomfort occurred when I couldn't actually listen to them before I bought them. I used to visit record stores regularly and buy albums unheard, but now it feels like a huge risk even as I spend less money than ever on music.

Anyway, the albums are great and I highly recommend them:

On music in general, I still follow the general approach to paying for music that I wrote about in HMV Canada bankruptcy and thinking about digital music and Spotify streaming, which is:
  • Spotify is a discovery and convenience tool, not a replacement for buying music.
  • I still buy a fair amount of music, but it is mostly digital now, via iTunes.
  • After I've purchased music, I still tend to listen to it on Spotify for convenience.
    • In my mind, that supports the artists twice (to the extent that you can call Spotify streams "support").
  • During the pandemic, I bought a number of concert livestreams to support artists I like.
I have bought only one physical CD this year: Steven Wilson - The Future Bites

Here's one from the new Luka Bloom album:





Tuesday, August 04, 2020

Homemade (and grown!) English-style pickled onions

English-style pickled onions in malt vinegar are an acquired taste, but I have firmly acquired it.

I picked, prepared, and pickled the onions in the space of one day. The onions were Barletta type (they have early maturity and are naturally small in size) and I used this recipe. I haven't eaten one yet (they need to mature for a few weeks) so I can't vouch that either of things are net positives!




Monday, August 03, 2020

PowerShell and passing command-line arguments to external scripts

I like PowerShell a lot, but occasionally you run into something that seems mind-bendingly over-engineered. The simple act of calling an external script and passing command-line arguments to it is one of those things.

To avoid wasting any more of your time, here is the best way I have found to do it.

I will call the following Python script my_script.py from PowerShell, which simply prints out the arguments passed to Python:

import sys

for i in range(len(sys.argv)):
print("my_script args: " + str(i) + ": " + str(sys.argv[i]))

The script is called from PowerShell by putting the Python command-line arguments into an array and passing them to the external script using the Splat operator.

# Put Python command-line arguments into an array
$cmd_args = @("c:\temp\my_script.py", "-f", "c:\myfile.txt", "-t", "5")

# Call the Python executable, supplying arguments using the Splat operator
& python.exe @cmd_args

Which produces the expected output:

my_script args: 0: c:\temp\my_script.py
my_script args: 1: -f
my_script args: 2: c:\myfile.txt
my_script args: 3: -t
my_script args: 4: 5


Splunk and the self-signed certificate on port 8089

I'm writing this post after finding a solution to this problem. Pieces of the solution were scattered around the web but I didn't find them all in one place.

Problem

Splunk's ports when accessed using SSL/TLS are by default protected with a self-signed certificate. Many Enterprises are beginning to scan for these cases and flagging them for remediation so that the encrypted communications are protected by a certificate signed by the Enterprise itself.

Using an alternate certificate for the Splunk web UI (port 8000 by default) is well-documented but I did not feel that it was documented well for the management port (port 8089 by default).

Solution

The solution has a few steps:
  1. Generate a Certificate Signing Request (CSR) and private key.
  2. Use the CSR to obtain a signed certificate from a Certificate Authority (CA)
  3. Obtain the Root CA certificate chain for the organization that provided the signed certificate
  4. Combined outputs of steps 1-3 as required by Splunk
  5. Configure Splunk to use the items in step 4
  6. Restart Splunk
Before going further, consider whether you need the management port to be enabled for Universal Forwarders (UF). It is not required for forwarder management from the web UI, nor for deployment apps. It is required for API or CLI communication with the UF. If you don't use these features then you can simple disable the port by putting the following in server.conf and restarting the UF.

[httpServer]
disableDefaultPort = true

However, if you want to leave the port open and protect it with your own certificate then read on.

And, unless you have changed the default configuration, Splunk KV stores on the same server will also be protected by the configuration applied in this post.

Step 1: Generate a Certificate Signing Request (CSR) and private key.


These steps will leave you with a CSR stored in server_conf.csr and a private key in server_conf.key

Linux

openssl req -out server_conf.csr -new -newkey rsa:2048 -keyout server_conf.key

Windows

REM SPLUNK_HOME is the root of your Splunk Enterprise installation set SPLUNK_HOME="C:\Program Files\Splunk"

REM TMP will hold the generated private key and CSR files
set TMP=C:\TEMP REM Generate the private key for the certificate.

%SPLUNK_HOME%\bin\splunk cmd openssl genrsa -des3 -out %TMP%\server_conf.key 2048

REM Generate the CSR request file
%SPLUNK_HOME%\bin\splunk cmd openssl req -new -key %TMP%\server_conf.key -out %TMP% \server_conf.csr

You should leave this step with two outputs:
  • CSR file
  • Private key

Step 2: Use the CSR to obtain a signed certificate from a Certificate Authority (CA)

Step 3: Obtain the Root CA certificate chain for the organization that provided the signed certificate


The method to accomplish Step 2 and 3 will vary by CA, but you will normally need to provide your CSR file as part of the process.

You should leave these steps with:
  • CA-signed certificate provided by your CA
  • Root CA and Intermediate CA certificates provided by your CA

Step 4: Combine outputs of steps 1-3 as required by Splunk

All of the files you have created so far are plaintext files. They need to be combined in specific ways:
  • Root CA and Intermediate CA certificates combined into a single file (example: server_conf_root.pem)
  • CA-signed certificate and private key (example: server_conf.pem)
By "combined", I literally mean to copy and paste the contents of the files you received into a single file, one after the other. The example filenames above will be used in subsequent steps.

Store the files in a location accessible by your Splunk installation that will not be affected by upgrades. For example, you may choose to create a directory like $SPLUNK_HOME/etc/auth/mycerts, giving you these files:
  • $SPLUNK_HOME/etc/auth/mycerts/server_conf_root.pem
  • $SPLUNK_HOME/etc/auth/mycerts/server_conf.pem

Step 5: Configure Splunk to use the items in step 4

Modify your server.conf file to include these attributes:

[sslConfig]
enableSplunkdSSL = true
serverCert = /opt/splunk/etc/auth/mycerts/server_conf.pem
sslRootCAPath = /opt/splunk/etc/auth/mycerts/server_conf_root.pem
sslPassword = <key password entered during CSR creation>

Note that, when you restart Splunk in a subsequent step, the sslPassword value will be replaced with a hash of the value by Splunk. As long as everything is working you do not need to worry about it.

Step 6: Restart Splunk

This step hopefully does not need any elaboration!

After the restart, you can use a browser to access the management port (i.e. https://splunk.mycompany.com:8089) and confirm that it is using your CA-signed certificate using the browser's certificate inspection functionality.

Unless you have changed the default configuration, Splunk KV stores on the same server will also be protected by the configuration applied in this post.