Conversation with General Keith Alexander
I follow Emily Chang’s Studio 1.0 podcast on SoundCloud. It’s very good.
She recently sat down with Former NSA Director General Keith Alexander to discuss privacy vs. security and why there needs to be more collaboration between Washington and Silicon Valley in the on-going encryption debate.
I enjoyed the conversation and you may too.
Comments (Archived):
The gov’t has to reveal the encryption hole they indirectly discovered in Apple’s OS if they ever want to build any semblance of trust w/ the tech community. There’s an opportunity here to create a favorable precedent that ideally will lead to collaboration, common ground and practical solutions, although likely not totally ideal for all concerned, it can nonetheless lead to reasonable compromises that balance privacy and security. This is not, and never will be, a black and white issue. It’s way too nuanced to view w/ such a sharp filter.
I don’t think that’s true at all. If they developed an exploit for whatever web servers ISIS favors… do they have to disclose that? Think this through a little further and the trust build argument with the tech sector starts to crumble. I think it’s particularly good the FBI took the creative path and signalled to the world… “NM, we’re good.” THAT signals to all the bad actors out there something far more valuable than some kumbaya with private sector players.What I particularly do NOT like about Gen. Alexander’s packaging of privacy is it’s negotiable and open for dilution. That has the potential to put a lot of things in play that are in an important document of covenants called the “Bill of Rights”. At what point do we dilute speech? Search and seizure? Fair trial by peers? Oh, wait… we’re already well down that path. So, NM, we’re good. I can’t wait for Thiel’s seasteading to catch on.
I feel that for “If they developed an exploit for whatever web servers ISIS favors… do they have to disclose that?” the answer actually is yes, they should disclose that!Their primary mandate is to defend the cybersecurity of the American public and their data and systems, and the offensive capability is a secondary nice-to-have function. So if they find a vulnerability specific to a particular ISIS server then that would be kept exploitable, but if they find a vulnerability in popular software that’s used by many entities including both ISIS and USA civilians and companies, then their duty should be to put the interests of those civilians above their (ease of) ability on surveiling ISIS, and they should be actively working on ensuring that this vulnerability gets removed.The question is not about what they’d like to do or what makes their job easier – the question is about what goals has the US (civilian) government mandated to them.
The gov’t has to reveal the encryption hole they indirectly discovered in Apple’s OS What is the saying in ice hockey? Turnabout is fair play, eh?Apple wants the exploit? They can pay the hacker to give it to them. The government is under no obligation to disclose this and the idea of them doing something like this (for Apple) is ridiculous. Why give up the “competitive advantage” that they have? Not exactly like there was a reciprocal spirit of cooperation. Apple said no and now they pay the price for that no (you know, for marketing purposes and all of that for the bottom line has nothing to do with greater good).if they ever want to build any semblance of trust w/ the tech community.That will only last as long as they give the whiny hackers everything they want whenever they want it. The minute they don’t bow to any new demands or concepts, all of that trust will go out the window and they are back in the mud. That is the way things work. You are only good as your last trade as the saying goes.
“Competitive advantage”….Seriously? Since when are they in competition w/ one another. Didn’t know the gov’t is in the device biz. There has to be some middle ground here. Apple drew a hard line in the sand and came away w/ a red face when they said access wasn’t reasonably doable or even doable at all. Not. This isn’t going away and the gov’t will always have the upper hand. Why fight a continually losing battle if a reasonable (and not necessarily ideal for either party) compromise can be reached? The need for access is going to continue to escalate commensurate w/ terrorist activity that subsequently leads to reasonable cause and a court order. Privacy is sacred until it is trumped by the need for public safety. I’m pretty sure our framers weren’t even vaguely familiar with the term or concept of suicide bomber.
“Competitive advantage”….Seriously? Since when are they in competition w/ one another. Didn’t know the gov’t is in the device biz.The ability to unlock that particular phone, vs Apple updating the OS to prevent it from happening. Additionally showing it is a good idea to cooperate. If you don’t don’t expect any “favors”.Why fight a continually losing battle if a reasonable (and not necessarily ideal for either party) compromise can be reached?Well Apple drew first blood on that. Now they pay the price (as if it really matters to them, it doesn’t).As I’ve said before, face it – any other company could never even come close to thumbing their nose at the government like Apple did. I don’t like that type of power in the hands of corporations with a particular agenda which essentially boils down to sales and profits. As much as I am all for profits (and my comments typically reflect that) that type of muscle really irks me. More than the governments muscle.And lastly I am more concerned with my Mac OSX and IOS working correctly and not being buggy than I am about these esoteric security issues (that might happen if the right circumstances come together) and protection of privacy that Apple floats to somehow give themselves a false competitive advantage. It’s a losing battle anyway every fucking day it seems I am updating Mac OSX (because of all of those security researchers (umm thanks for your hard work)). Considering the amount of Mac’s I own (in addition to other computers) it’s a royal pain in the ass. (But at least it’s not Windows).
once a spy always a spy. they never truly retire to private/ corporate life.Keith, if you want to stop the terrorist threat in its tracks you stop invading countries to facilitate the taking over of their their central banks and population/ natural resources by the Federal Reserve and US investment banks. Can you do that?
It’s interesting that when it comes to government access to our data, tech firms are up in arms about security and privacy rights. But when it comes to tech firms having access to our data, they can’t get enough. And here I’m referring to data brokers and ad tech firms. Granted, the scope and kind of data are different. But the issues seem more alike than different to me.
I think the fundamental difference lies in identity. Ad companies as Google or Facebook don’t really care about your identity, they care about your profile as a customer and most of the work is done automatically by algorithms on collected data.Government agencies’ algorithms are looking for threats. Once the algorithm determines a person can be a threat, that person becomes an identifiable target that can be analyzed by a human operator.
Many argue that the absence of PII doesn’t mitigate the effects of ad tech surveillance. How it makes people feel and what they’re exposed to as a result of the data is disturbing to many people…and in some cases, an invasion of privacy. “We don’t know it’s you, but we’re going to treat you differently” doesn’t make much difference to many people. IOW, they don’t know that Larry is poor, but we’re going to treat him as poor anyway.
I don’t worry about a silly algorithm sending me ads about services I already pay for, it bothers me. Google’s algorithms have access to almost all my email communications since 2004. What worries me is that a person with a secret court order can access all that part of my life without me being notified and make a judgment, a human judgment.OK, I ride a bike to go to work, but that don’t makes me poor, silly algorithm.
The consequences aren’t all that matter here – one could argue that there could be grave consequences to the online data collection that goes on. Privacy is privacy no matter how you cut it. Is your lack of worry over online data collection any different than the person who says, “I don’t worry about the government accessing my emails and phone calls because I haven’t done anything wrong – I’m not a terrorist”. In both cases, the focus is on the possible consequences, not the fact as to whether it’s OK to access the person’s data or whether the person gave permission to access their data.
I don’t like it and even don’t think it is right, I just assume that everything that flows on the internet or through radio waves is public, encrypted or not. It makes my life easier to assume that than to fight against it. For anything that goes out of your brain, 100% private or 100% secure is a myth, we are left to deal with acceptable risk.In HTTP, the protocol, there is a “Do Not Track” header field: DNT. I don’t know the history or who incorporated it to the RFC and I believe that it is very naive to think that everyone would comply with the intended purpose it has, that is: “if DNT has the value 1, don’t track this message”. If it is not backed by enforceable law, it is a waste of time.
DNT is not honored online more than it is honored, AFAIK.
I do. This really dawned on me this morning. Our spam filter somehow didn’t work and I was deluged with 150 spam emails. It was a big waste of time. That email address was never used for anything other than work but somehow after years they find it out and sell it violating my privacy. There is a real cost.
Spam is always a nuisance. What puzzles me is why it is still used, is it effective? Do people react to email ads?
It’s the cost side of the equation that makes it effective. If my ROI is calculated where the Invest part = 0 Then any return whatsoever, 1 in a million for instance produces an infinite ROI. That is why people have wanted to charge a super small amount to send an email. Then the I part for a million emails might be $1,000 that would change the I part. But it would also really curtail tons of “legitimate” email too. Like those ones you get from a store you like too often..
I have to agree completely. I know people are going to say but the ad firms only use it to serve up ads and offers. Because believe me even though they say the don’t have PII that is actually really lame. I don’t need PII to directly target your ads and your email.Now the question is the same did I agree to give them my data, and what happens when they misinterpret it. Yes it’s only ads and offers versus targeting me for surveillance.
Right, but it’s more than ads. There are data companies marrying what I watch on TV (OTT or broadcast/cable) with online browsing data…and others marrying it with IRL buying data…plus geo data on where the person’s been (from their mobile phone).
We are in total and complete agreement.Your best quote in a series of great comments is “privacy is privacy no matter how you cut it”That is TRUTH.People that want to invade my privacy always have an excuse why I shouldn’t mind:If you haven’t done anything wrong…….It’s only ads…….No! bullshit. When you come to my house don’t go through my medicine cabinet.
Bingo!
Thanks for the referral- I’ll try it. Your last referral, Brad Inman’s “Unlisted” on Real Estate is fantastic. So many insights on business in or out of real estate.
Articulate speaker, and I don’t know whether I’m the only one, but I’m a little nauseated right now from the strong pro-establishment whiff that this (accomplished, let’s acknowledge that) gentleman is dishing out in this interview.
He is just being politically correct, an ex NSA head can’t really give his opinion, he just has to stick with policy.The interchange at 00:15:20 in the interview is awesome, Chang is a great interviewer.
Make sense now that you’ve pointed out the obvious. It’s probably why I find it to be grating after listening to it for more than a few minutes.Chang is excellent at what she does, yes.
.The naivete that is displayed in these discussions is truly breathtaking.The most important fact to start with is this — the CIA (and by reference the NSA) exists solely to break the laws of other countries in the pursuit of information to be used by the US to its exclusive advantage in times of war and peace.There are no limits. None whatsoever.The information the CIA obtains is used with a degree of ruthlessness that makes death a nice outcome considering all the other possible outcomes. Since its inception, the CIA has not been “playing” a game.Who do you think thought up rendition and black sites? Do you think they no longer exist?To the CIA, we are at war all the time and we are at war with everyone.To the NSA, there is no bit of data in the world it cannot access.America believes that these two organizations suddenly become choir boys when summoned before the Congress when there is a Niagara Falls of evidence that the entire intel community routinely lies to Congress.James Clapper, DNI (not the DCI, the DNI Director of National Intelligence), lied to Congress about the freakin’ NSA’s surveillance programs and later said he misspoke and later said he told the least dangerous lie.The freakin’ DNI lying to Congress about the NSA.The CIA and the NSA outlast every administration. You think the professional spooks and watchers below the top level like the Obama administration? Shoot straight with them?There is a culture there that is founded on their interpretation of patriotism. It goes back to the OSS and it hasn’t really changed. Who can change it?The NSA director is appointed for 10 years specifically to allow him to outlast administrations and to be able to disregard any real attempts at controlling him.The CIA and the NSA are the American equivalent of the lawless lands in the northwest corner of Pakistan.JLMwww.themusingsofthebigredca…
I can visualize an exclusive cabinet for your files in some dark office.. 🙂
.Truth is I applaud everything the CIA/NSA is doing. I just hope we know it and are realistic about what needs to be done.Where it runs afoul of the Constitution then we need some insiders who will respect the rule of law. Once you pass the edge of our borders — anything goes.Someone who is not going to be looking for a new gig in 4 years needs to know what these guys are up to because they used to be in the regime change business with little or no supervision.We want them. We need them. We just need to know WTF they’re up to.What are they doing with 1MM SF of Cray computers in Utah?JLMwww.themusingsofthebigredca…
I understand what they are doing and why, not sure if I would stand up and shout bravo though. If that huge amount of resources and intelligence, or just a part of it, could be put to the service of understanding the root causes of the world’s problems, it would be a better place.
.Therein lies the rub, they think that is what they ARE doing.JLMwww.themusingsofthebigredca…
Then they are not that intelligent.
No here is the issue:There are some that think: If we just were kinder (give more money, etc, etc) then those people would be better.Kindness is only viewed as weakness. So work to stomp it out.I fall into the second camp. Those of us in the second camp seem to (at least me) actually live with those people much more than those in the first camp.But what do I know. They say if you are young and not a liberal you have no heart, if you are old and not conservative, you have no brain.
I like people and organizations that use their brains and a their hearts, they usually make better decisions.
Having no heart is also dumb.
What do they say if you’re middle aged and neither?
> in 4 yearsfor 4 years?within 4 years?
American are pissed because they now know about some of this stuff. These guys are not supposed to be on the front page or any page. Can we put the genie back in the bottle and build some airports, bridges and roads, please. Where’s Bill Casey when you need him?
“HUMINT > SIGINT” ~William J. CaseyRight on brother.
=== Part I ===The GeneralThe General is calm, smooth, a skilled communicator, obviously just from the audio with at least some, likely a lot of, leadership abilities, and likely some really good values.Congratulations to him on his service; we are lucky to have such good people defending us.On TrumpThe General mentioned a nice list of points to evaluate a candidate for POTUS — national security, Medicare, the debt, etc. But for such a list, this late in the campaign there is a problem: Altogether there are only five candidates and on the Republican side only three.So, this late in the selection process, we don’t get to order up a designed candidate like ordering options on a new car and, instead, as with cars on some dealer’s lot, have to pick one, and that’s different. So, we have to pick the least bad.So, there’s not much sense in saying that we want this, that, and these three other things and want a superhero, e.g., Captain America, the Lone Ranger, or Abraham Lincoln, because, again, we have only the five to pick from, and that’s different.The General mentioned that he wanted “a more deliberate set of discussions on how to solve the problems” or some such (likely not an exact quote).Yup, but, General, there is a strong suspicion that a candidate that concentrated on such discussions early in the campaign would have been laughed off the stage early on. Or, part of what a good candidate and a POTUS needs are some skills at leadership, e.g., building consensus, getting hopefully well over 50% of the citizens — the actual, real citizens — in some significant sense on board with the program, and the campaign, rallies, Web sites, attack ads, TV interviews, Twitter comments, etc. are about that and part of the process. Maybe in part sad but true.Or, as we know well, “God sure must have loved the common man because he made so many of them.”Actually this statement is not very surprising because clearly can replace man with any of dog, cat, monkey, crow, fish, lobster, worm and still have the statement be true.Actually, we have just a special case of the trivial tautology that in any collection the fraction of exceptional cases is small and the rest, the fraction of common cases, is large. A trivial tautology — semi-, pseudo-, quasi-significant.Or Trump is smart enough to sell to his main, large target audience and not try to prove that he is exceptionally smart by communicating above his audience and losing.For “deliberate set of discussions”, sure, the General would like those; so would I; and maybe all of 0.5% of the rest of the citizens would, too. Actually, the Trump Web site has long had some such discussions, but the newies have nearly entirely ignored them.But, on speeches with policy details, yesterday, in Trump’s interview at CNN with Anderson Cooper starting at about 38:00 inhttps://www.youtube.com/wat…Trump said that he “would be doing probably 10 over the next two months”. He mentioned that his AIPAC speech was an example and well received and that one of his next 10 would be on unity.So, looks like from Trump over the next two months, the General will be getting some of what he wants.Or, from his business experience, we have to believe that Trump knows how to write detailed, rock solid planning documents and contracts — no darned joke.IronNet and Cyber SecurityThe General mentioned that he wants his startup IronNet to approach cyber security for banks, utilities, e.g., Sony, with “behavioral” approaches and “behavioral analytics” where can “see the entire networks at network speeds”.He also wants to find the faults and correct them.Okay, that should be able to help cyber security.Cyber Security 101But, General, here is a 101 on that:At IBM’s Watson lab, I was in an artificial intelligence (AI) group in server and network monitoring and management that tried to do such things.Really, the nice solution would be to re-engineer all of digital everything, computing, communications, all of it, so that good security, monitoring, etc. was all designed in, built-in, but that’s not feasible in practice, except in rare cases, soon.So, in reality, have to break the work down into three steps,(1) detection of problems (attacks),(2) diagnosis of problems,(3) correction of problems.The first step, detection, partitions into two parts:(A) Seen BeforeThe most common and likely the most useful and effective approach to detection is to monitor for problems (attacks) seen before.One important way to do such monitoring is to look for bit string signatures, one or more such signatures, for each old, analyzed, understood attack.Another approach is, when a vulnerability is found, e.g., in Adobe’s Flash video player, a buffer overflow in some software, then patch the software.(B) Not Seen BeforeWe know that there will be new attacks, that is, ones not seen before, that is, ones not covered by (A). These are commonly called zero day attacks. And we should also look for these attacks.For these attacks, the main approach is, right, “behavioral,” that is, something about the server farm or network has, call it, anomalous behavior.So, over time we monitor the server farm and/or network, that is, the target systems, collect operating data, analyze that data, learn what the normal, usual, healthy behavior is and decree and declare anything else as an anomaly and a symptom of a problem (attack). Then with this symptom, we start step (2) diagnosis.Here the word or terminology learning is, at first glance, attractive intuitively but suggests that the work, that is, the learning, is somehow similar to what humans would do. So, this word usage is wildly inappropriate: For anything at all effective, the learning is wildly different from anything humans would or could do.Inescapable FundamentalsFor any monitoring and detection, especially for (B) detection via behavioral monitoring, necessarily and inescapably there are two ways to be wrong:(i) a false alarm where we say that the target system we are monitoring is sick when it is healthyand(ii) a missed detection where we say that the target system we are monitoring is healthy when it is sick.It works out … that the bottom line is that we want the lowest probability of missed detections we can get for whatever probability of false alarms we are willing to tolerate.For one more step, we want to be able to pick the probability of false alarms and/or, for any detection, if only as a measure of seriousness of a detection, say what the lowest probability of a false alarm is for which the observed data would still raise an alarm of a detection.As has long been known, especially for behavioral monitoring, in practice, on the server farm bridge and/or the network operations center (NOC), the main pain in the back side is false alarm rate too high.Indeed, an old view of false alarm rate in behavioral monitoring is inHerve Debar, “IDFAQ: What is behavior based Intrusion Detection?”, SANS, IBM Zurich Research Laboratory.still athttp://www.sans.org/resourc…withThe high false alarm rate is generally cited as the main drawback of behavior-based techniques because the entire scope of the behavior of an information system may not be covered during the learning phase.Sorry, Herve: I hope that the night before you wrote that you had a great time with a bottle or two of Beaujolais and a really nice, soft, round, blond, smiling Mädchen, but in analyzing the probability of false alarms you are not doing at all well!Detector QualityTo continue, it’s easy to get no false alarms — just turn off the detectors, but, sure, then the probability (actually, the conditional probability given a sick target) of a missed detection is 100%. Sure, it’s easy to get no missed detections — just sound the alarm all the time, but then get a probability (actually the conditional probability given a healthy target) of a false alarm of 100%.Here our detector just ignores data from the target system we are monitoring. We call that the trivial detector. But, even with just a trivial detector, we can get any probability, even as low as we want, even 0, of a false alarm we want.So, right, there is a trade-off between false alarms and missed detections. Indeed, there are infinitely many such trade-offs, one set of them for each detection technique.Gee, at times some vendors have advertised low false alarm rates! Trivially easy: Just don’t use their detectors or any detectors!Indeed, the generic situation is illustrated in the attached graph “Generic Detector Comparisons”. There one of the detectors — the straight line — illustrated is the trivial detector. The line shows what pairs of probability of false alarm and missed detection are available from just a trivial detector.The graph also illustrates some better detectors and also a perfect detector.So, really, again, what we want is the detection technique that will give us the lowest probability of a missed detection for whatever probability of a false alarm we are willing to tolerate.So, right, some detectors are better than others.And, your guess is right, Virginia: There can be a best possible detector and we can ask for such and sometimes get it or a good approximation to it.Thresholds, Several Variables, Rectangles, FractalsLong the workhorse of monitoring was thresholds on single variables taken one at a time.But, as we know now very, very well, the data we can collect from the target systems in essentially real time is astoundingly large, wide, deep, rapidly flowing rivers of such data. E.g., Microsoft is awash in means to collect data, and HP with their OpenView and Mercury Interactive can collect much more.Well, just a little reflection shows that by exploiting data on several variables jointly we can get much better detectors than using just thresholds on those variables one at a time. Or, for a simple argument, suppose have data on 10 variables. Then with thresholds we are saying that there is a geometric region of normal behavior that is a rectangle, just a rectangle, in 10 dimensions.If we believe that just a rectangle is often a good fit to normal behavior of a complex system, then I’ve got a bridge over the East River you should also be wild about buying. Instead, if we make the rectangle too small, then we will get too many false alarms. If we make the rectangle too big we will get too many missed detections. Bummer trade-off.So, sure, in part what we need are geometric regions that are better fits to normal behavior than just rectangles.Four questions:Q 1. How to get a better fit, e.g., suppose, not really too difficult to believe, the region of normal behavior is a fractal, e.g., some 10 dimensional version of the Mandelbrot set?https://upload.wikimedia.or…That image is in just two dimensions. There are also such things in higher dimensions, e.g., 5, 10, 20, …. Try not to think about such things, not even with your AR/VR glasses; I don’t want any minds blown.Oh, by the way, that set is not quite as bad at it looks since, from a short proof, it is closed in the usual topology so that, yes, there exists a real valued function 0 on that set, strictly positive otherwise, and infinitely differentiable, in the case of the Mandelbrot set, sample paths of Brownian motion, Cantor sets of positive measure, an astounding result, but that is a detour.Don’t tell K. Arrow; the result helps solve a problem stated but not solved in the famous paper by Arrow, Hurwicz, and Uzawa! Still, extra credit for a proof! Bet you could hold a meeting in an old phone booth of everyone at Fort Meade who could prove that! Ah, give them a weekend! Ah, that result is not totally a detour — there is a connection with problem detection!Q 2. And, next, since we are not so good thinking in 10 dimensions, and, really, in line with Fred’s post”Fun Friday: AR and VR”, April 8, 2016 –athttp://avc.com/2016/04/fun-…and there my commenthttp://avc.com/2016/04/fun-…on understanding data in dimensions higher than just 2 or 3, we need tools that work in higher dimensions. How to do that?Q. 3. How to select the probability of a false alarm, set that in advance, and get that probability in practice? And, for a detection, how to know how serious it is, e.g., what is the lowest probability of a false alarm for which the data remains a detection?Q. 4. What do we know about detector quality?
=== Part II ===Some Sample MathIn the Hacker News thread”Non-obvious indicators that a transaction might be fraudulent (simility.com)”athttps://news.ycombinator.co…is posthttps://news.ycombinator.co…with how to take the Non-obvious indicators of that thread and get the best possible detector of “a transaction” that is “fraudulent.”So, right, in that post there is an optimization problem, basically optimal resource allocation, and, building on work of J. Lagrange, K. Pearson, J. Neyman, and H. Everett, a nice solution.In this case, we had data on both healthy examples and a sick ones and found the best possible detector.Since that is the best possible detector, when we have that much data, that is what we should do.Uh, the solution is definitely NOT computer science (gee, science used to be highly respectable work!) support vector machines.ScopeQ. Are we really limited to cyber security for major commercial firms? Or how about security more generally? Or, should the NSA, CIA, DIA, DARPA, ONR, ONI, etc. also be interested? Or how about monitoring for health and wellness of systems more generally? Or, for that matter, how about cases of quality control? And what about monitoring other systems of wide variety? What about health of a human?A. For human health, the medical community knows so much about sickness and health that likely nearly always it has better means, that is, higher quality detectors, indeed, ones that also do well on diagnosis. For much of the rest, right, the discussion here stands to be relevant.Another ApproachBut for the important case(B) Not Seen Beforewhat the heck to do?To be clear, here we have data from a healthy system but not from a sick one. So, we are attempting the challenging zero day detection.Well, intuitively we can take one of Fred’s old pictureshttps://scontent-lga3-1.cdn…consider monitoring by collecting data on two variables, call this picture the joint probability density of the two variables from the target system when it is healthy, and decree and declare that anything on the ground as a detection of a sick target system.Or, we can build a wall around that figure and pour in water. Then the fraction of the probability mass under the water (really under the water, not just under the water level) is the probability of a false alarm. So, we can adjust that probability by adjusting the water level.Then there is a weak but still useful sense in which we get the best possible detector — if we are, say, translation indifferent, then when write out the math we can tap lightly with the classic Fubini theorem and show that asymptotically for large amounts of data, quite relevant in the practical context, we have the best possible detector.So, for the math and the software, how in effect to find that probability density and pour in the water?Well, once the number of variables we are monitoring jointly gets above a few, actually finding a good approximation, which we would not be able to visualize anyway, not even with AR/VR, can require a forbiddingly large amount of data.But, good news: With some mathematics and some corresponding software, we can still say how to pour in the water and still say where the water is so that we can make detections “at network speeds”. But, yes, buried in that detection is a cute algorithm.For the math, the software, and the algorithm, that would be a bit much to explain here in this post already too long.Q&AQ. Is this solid stuff?A. Yup, some of it is in a peer reviewed publication.Q. Who wrote the paper?A. Ah, modesty and anonymity constrain me!The math prerequisites for the core math proved to be a bit too much for a surprisingly large sample of the best of the US computer science community.Q. The work is based on neural network learning?A. Nope.Q. Is the work artificial intelligence or machine learning?A. Nope. I regard those terms, from the computer science community, as severe, contemptible, despicable, disgusting insults. We not only have wearable computers, we also have flushable computer science, filling much needed gaps in the literature and illuminating if ignited.Instead, the work is some original applied math, complete with theorems and proofs (a good way to know that much of the work is rock solid) based on some advanced pure/applied math prerequisites.Statistical Hypothesis TestingYes, congrats Virginia, you remembered Stats 101 well!Right, inescapably we are into statistical hypothesis testing. That is, such monitoring is necessarily close to or really just the same as some continually applied statistical hypothesis tests. And there a false alarm is called Type I error, and a missed detection is called Type II error.Such statistics goes way back, e.g., to K. Pearson.Usually we know the probability distribution of the data when, say, the system we are monitoring is healthy. E.g., sometimes that distribution is Gaussian, sometimes Chi squared, etc.Yes, nearly always that statistics uses data on just one variable.So, that work assumes a distribution (is parametric) and uses only one variable, is univariate.Okay, if don’t know the distribution, then we have non-parametric or distribution-free testing.For the data we stand to get from monitoring server farms and networks, we have, except for some rare special cases, no hope at all of knowing the probability distribution.If we want to use several variables jointly, that is, be multi-variate, then we don’t see much in the literature, even if we assume a probability distribution, e.g., multi-variate Gaussian.Well for monitoring server farm and networks, we definitely want to exploit several variables jointly. So, we want some statistical hypothesis tests that are both multi-variate and distribution-free. Ah, cruel world!If we want to be both multi-variate and distribution-free, then I know of only one collection of tests, and it is likely and apparently the only such collection or nearly so. It’s a large collection.Q. Who did that work?A. Again, modesty and anonymity constrain me.So, really we’re talking a large collection of statistical hypothesis tests that are both multi-dimensional and distribution-free. And, then we need some algorithms, etc.WarningIt is likely that my work in behavioral monitoring of server farms and networks for security, etc. puts me among the top few people in the world in that field. E.g., nearly no one else in the field can even read what I have already long since published.For over 17 years, I have offered this work, with explanations such as the above, to venture firms coast to coast, really to a significant fraction of all the venture firms in the US and also to some established companies: Bottom line, essentially no interest.Math and algorithms aside, there are at least five biggie issues:(1) Will be selling to high end sites that are total nervous nellies about security, reliability, etc. I’ve seen some of these sites and people — we’re talking nervous up off the tops of the charts.Thus will need to provide highly polished products and services, including for the additional threat to security, performance, and reliability from the monitoring itself.May well need on-site expert customer support — e.g., which targets to monitor and for each target what variables to use and why.Altogether, simple or cheap it won’t be.(2) The high end sites are forbiddingly large and complicated; the computing to monitor such systems could be comparable in size to that of the systems being monitored.(3) If can’t make some usable mathematical assumptions, then really can’t hope to do much. E.g., if a customer site changes everything some Monday morning, then likely alarms will sound continually until staff just turns off the monitoring. Advising a customer on what the assumptions are and what will or will not violate them stands often to be challenging.(4) Will need to write some high quality production software for the monitoring itself. Then for the data collection, will need infrastructure software large enough to compete with, say, the US Interstate highway network. E.g., stand to need lots of long discussions with all the major hard/software vendors. We’re talking big time infrastructure. Then will need to write much more such code for good usability, user interface, etc. Then much more for a lot of utility functions, e.g., managing historical data. Then will need much more software. After all that, much more, still. Then, sure training for everyone involved.(5) My view is that, for the high end sites, an approach via SaaS with the IronNet code running in the cloud won’t work or won’t be very welcome. So, will have to have floor space in the customer’s site. Then some CIO may say: “Get that MESS OUT of my server farm.”I will say, if NSA or CIA called me, then I missed their call. But, along those lines, I will say that, in an advanced math course I took in grad school, where I was the grader, the NSA guy in the class was by a wide margin the worst student in the class! He didn’t last very long! One reason: The first homework assignment said to show that there are no countably infinite sigma algebras. It took me most of an evening to get that one. It was just a magnificent course, powerful material, beautifully presented, each day it was a shame to erase the board, from a star student from a star at Princeton, but listening to a math lecture where don’t understand a single word said stands to be somewhat less pleasant than a full day of water boarding.I know; I know; I know; some of the sales pitch is that, for each problem that is not detected soon enough, a CIO wants to be able to tell the rest of the C-suite that he was using the best tools there are. And, yes, some outages — I won’t relate some of the ugly history — can sink a major company or nearly so. So, sure, maybe some CIOs are highly motivated for means to cover their asses.Yes, once there was a 15 minute outage in some NYSE data feeds, and the NYSE staff detected the problem only when irate traders seeing garbage data on their screens called. Embarrassing.Yes, once I got an invitation to present at the main NASDAQ site in Trumbull, CT — I did present; we had a good time; I got a free lunch and some nice swag.Sure, might start with some market niches. Okay. There I’d start with an easier goal — health and wellness but not just for cyber security, even not mostly for cyber security.Or, for a different start, maybe do go for monitoring for cyber security but monitoring just one target system at just one customer site and expand slowly from there.Call that a joint research project. I was our lead on one such with GM — we gave a paper at an AAAI IAAI conference at Stanford. Fly to Silicon Valley? Yup. Make money? Nope.I considered everything and concluded that I needed another project. Then I dreamed up another project, my current project, much easier to do, much easier to start, much less nervous customers, and with much, Much, MUCH more financial upside. For the software? The production code is 80,000 lines of typing and already typed in and running. Beta test in progress.So, for my current project, sure, I may dust off some old code I did write for my work in detection and deploy it on my server farm. So, that would be on just my server farm, in ways easy for me, for whatever limited utility I could get, and that would be many factors of 10 easier than selling to the world’s 200 top sites.Even if I’m one of the best guys in the world in server farm and network problem detection, (1)-(5) here are why I gave up on that work.To a General, without some special strategy and tactics, a project to make big bucks from behavioral monitoring of high end sites for cyber security stands to be about as much fun as an unanesthetized root canal procedure with a barbed wire enema while walking ashore at Guadalcanal.I recommend being careful.
great interview. nice thoughts about West Point and how the spin on Snowden has been
What spin.
“when you listen to something that raises more questions than it answers.” The acronym for this is D.C.
.Why does anyone think for a second that anyone “knows” what the CIA and NSA are really up to?Does it occur to anyone that people whose entire job is “keeping secrets” might actually be “keeping secrets?”Or that things are so tightly compartmentalized that nobody in the US has even a whiff of what the CIA is doing overseas or with the cooperation of foreign governments?The commingling of military cooperation and national intelligence is so tightly wound as to be inseperable. Any country receiving direct American military support is letting the US read all of its mail at every level as a cost of doing business.The US is not returning the favor and, in fact, engages in colossal disinformation letting the intelligence shops of foreign nations disseminate what it wants the Russians, as an example, to know.The old joke was — How do you talk directly to the Russians? Tell the __________ something and tell them it’s a secret. [Fill in the blank with your own favorite country.]As to waterboarding and other techniques. They are extremely effective. I underwent waterboarding as part of SEER training in the early 1970s. They didn’t call it waterboarding. I lasted about 30 seconds and that may be being generous.Why does anyone not think that the FBI, CIA, NSA are not putting undercover operatives into high tech companies? As employees? In the US and abroad?Why does anyone think there are not US and foreign high tech companies who cooperate with the American alphabet soup agencies in return for similar assistance in doing business with or in the US?Think about how the IRS came to be weaponized and apply that thought process to the entire world. You think the rest of the gov’t is purer than the freakin’ IRS.How charming we can be sometimes.JLMwww.themusingsofthebigredca…
> Trump openly opposes NATO (at least in its current form) and believes in bringing back waterboarding and more severe forms of interrogation, claiming that “the generals” only publicly say that these techniques do not work.For Trump’s statements, in part he wants free publicity, and so far he’s gotten maybe $1.2 billion of it. While I like Trump, tough to forget that the free publicity could be a huge money maker for the Trump family for at least 100 years.But taken literally, there is a little more nuance to what he actually said: On NATO, he wants to modify it, e.g., have it do better responding to terrorism. And he wants the US to spend less money supporting NATO.On water boarding, if only by implication, he is for that only for countries who did not sign the Geneva convention, e.g., ISIS.I doubt that many US generals claimed that water boarding doesn’t work; instead likely they said that they want the US to obey the Geneva convention in the hope that some other country that signed that convention and has a US prisoner will also obey. Of course, lots of luck with that.The usual US newsie view of NATO is that it was set up to protect the NATO countries from attack by other countries, e.g., the USSR. Well, okay. But also, bluntly, and likely more importantly, NATO can’t so much as ignite a firecracker without the approval of the US, so, thus, with the US, NATO keeps any of the NATO countries from attacking anyone, especially the USSR. I mean, look at history: The Russians got attacked by France and Napoleon, IIRC at some point, the Swedes, then by Germany in WWI, then by Germany in WWII. I have no affectionate feelings for Communism or Stalin, but I can see the history — Russia is the one that got attacked.Right, in 9/1939, Russia took half of Poland. Sure they did; else Germany would have taken all of Poland and, thus, had a short march to Moscow.Net, net, Europe, the US, Russia, and the world need NATO and the US over NATO to keep a lid on the fundamental political, economic, and military instabilities of so many relatively small European countries.
.The CIA does not operate inside the US (theoretically).The entire 9-11 episode lies at the feet of the FBI CounterIntel operation which, apparently, had detected the suspicious phenomenon of gobs of Muslim pilot trainees not making normal progress toward a private pilot’s license while renting time on a 737 simulator.A female agent in Phoenix had the info and was told to “shut up” by senior FBI guys in Minnesota. It was a systems failure.As to Snowden, he was a contractor in a contract site. He was really not a spook, he was a sysadmin.There was a huge failure there in that the facility, apparently, had no video oversight, had computers with USB drives, had no internal document security (why was a systems admin looking at actual documents), allowed document files to be downloaded (something that never is allowed to happen), allowed flash drives in the facility, had inadequate in/out physical security, and hadn’t interrogated Snowden in more than a year.Normally, someone with that level of security clearance would have been routinely interrogated every 90-180 days and it would likely have been caught.The breadth and depth of the failures — personnel, physical plant, computer hardware, software, basic security operations — are monumental and highlight why the CIA hates contractors. Rightfully so.Your WWII example is based on military battlefield intel not CIA level national intel.Battlefield intel is not very good on its best day but it isn’t supposed to be. They don’t have analysts and they don’t have the training to do such an interrogation.If it had been the Israelis, they’d have taken a battery operated drill with a wood bit and drilled the info out of them. The first guy might not talk but the rest of them would. Similar to testing the flying capabilities of the first of three prisoners from a helicopter. Works every time.In my day, I can tell you stories of VC/NVA getting a good meal, a cigarette, a shot of whiskey and a .45 being cocked thereafter and their telling you the name of their officers, the unit ID and whatever else they possessed.As to Petreaus, he was not a trained intel guy and he was thinking with his dick which is a classic intel vulnerability. It is a perfect example of why the military is not very good at professional intel. Plus, he was just stupid.I can assure you that the right people can tell folks like Tim Cook exactly what to day and that the phone companies for years were providing the FBI/CIA/NSA complete and total access to their phone records.Many American senior business executives would consider it an honor to cooperate with law enforcement and intel. Who knows what the FBI/CIA/NSA tells these guys they’re working on.The power in the intel/law enforcement top ranks is as close to absolute power as can be had.The other day, the President of the US gave Hillary Clinton a “get out of jail free” card on the email business. It was as clear a message from him to the DOJ as can be given. That is raw power.Reagan defied the Congress in the Iran-Contra crisis. He exercise the power and then sent Ollie North in to fall on his sword. Why you think they assign USMC Lt Cols to the White House in the first place? To fall on their swords when needed.JLMwww.themusingsofthebigredca…
In a perfect democracy, government agencies report to the congress and the congress is elected by the people. If people is properly informed and have access to better and more data, instead of lies and garbage, perhaps they could elect better representatives more aligned with their interests.I think this is already happening, governments sooner or later will have to evolve and adapt to more active and communicative voters and taxpayers.
.Very interesting and thoughful comment. A good thought provoking read.I do want to quibble on one thing. Coincident with the Russian annexation of Poland and after the German attack, the Brits and the French and the Germans were engaged in what came to be known as the Phoney War.During this period, the English were in communication with the Russians who immediately sent out feelers that their interests were aligned — against their common enemy, the Germans. The Russians had not declared their enmity toward Germany yet and, in fact, were beginning to look like potential allies though Hitler and Stalin would never have allowed that to happen so great was the hatred and distrust.In addition, the Germans had formally declared war against England and France which the Russians did not. This fact alone, given everyone’s full plates, may explain why the English and French did not do anything further.The Germans had a border with France and Russia did not have a single touch point with either England or France, so the potential for direct combat was virtually zero.When the Russians picked a fight with Finland, the English considered going to the Finns aid but did not. The war sorted itself out quickly as the Finns were no pushovers.Any failure to react v the Russians was clearly based on the notion that the English and the Russians would end up as bedfellows.The Russians, under Stalin, were looking for room for their people much the same way that the Germans, under Hitler, claimed to be doing.At the end of WWII, the Russians moved wholesale populations and replaced them with ethnic Russians — Latvia, Lithuania, Estonia — particularly farmers.This is actually a problem even today as the heritage of Russian blood in such newly NATO member countries can provide Putin with the argument of protecting ethnic Russian interests in these little countries.As an aside, had the English and the French invaded Germany at the outset of the Polish campaign, they would likely have conquered the entire country in the first month of the invasion as virtually the entire German Army (25 divisions more or less at that time) was in Poland while the English/French had 110 divisions at their disposal.Whenever WWII’s first six months are wargamed, it is apparent that the English and the French could have squashed the Germans if they had struck first and if they had moved when the Germans were focused on Poland.JLMwww.themusingsofthebigredca…
Thanks for the history lessons! Some of my sources on history are good but not all.>Is your point on torture that if the US has enemy combatant prisoners of a “nation” that is not a Geneva Convention signatory, that means the US can ignore the treaty?Well, I don’t know what the heck we do or should do about water boarding or whatever, and I was trying to take a guess at what it was that Trump was saying.Or, he was saying that ISIS chops off heads and drowns people in cages, etc., so it’s a bit silly that we can’t use water boarding when we push back against them. In this he looks direct, determined, no BS, gets attention, and may have a point.The Geneva Convention stuff was mentioned by others — I’m not sure it was mentioned by Trump.As I understand it, at about the last minute before his invasion of Poland, Hitler had a “Pact” with Stalin and part of that was that the USSR would get the eastern half of Poland.That Stalin used the eastern half of Poland to keep Hitler farther from Moscow was from just a movie — poor source of history.For the US and an “empire”, I don’t see that we’ve tried very hard or effectively to do that. Instead it appears that after WWII, the US had more money than brains and wanted to respond to the wars of the previous 50 or so years by ‘managing’ the rest of the world with economic carrots out front and military sticks out back. Well, that worked somewhat in Germany, South Korea, Japan, Taiwan, etc., in a sense worked great in Gulf War I, but flopped badly in Viet Nam, Iran, Iraq, Akrapistan, and is doing poorly now in the ISIS areas and Syria. Our “best and brightest” were neither good nor bright. My take is that we have bled ourselves weak on absurd foreign adventures. Maybe we could have done well with the Shah in Iran, with Saddam in Iraq, and with Ho in Viet Nam, but, in fact, we didn’t. So maybe the problem was the principle and maybe just the execution, but it wasn’t much of an effort at empire.
.The number of German divisions at various points in the Second World War has been debated for decades.The rapid growth of the Army, the segregation into Wehrmacht and SS units, combat losses, units being rehabilitated at their home casernes, divisions in name only fighting as lesser units (a division with only brigade level numbers of soldiers), reserve units of no combat capability, home defense units (later in the war particularly) make it virtually impossible to know at any instant in time exactly what number of “combat ready” divisions the German army possessed except for at the very beginning of the war prior to Operation Barbarrosa, the invasion of Russia.The Germans were forbidden, by the World War I Versailles Treaty, from having more than 100,000 men under arms in all branches of their armed forces.Hitler cheated on this, initially, by growing the SA (Sturm Abteilung) and by attempting to invigorate old reserve units which had their roots prior to WWI. He then, famously, murdered much of the leadership of the SA and conscripted many of their men into the German Army.By 1936, Hitler was openly conscripting civilians but only had a total of 36 “divisions” by 1938. Hitler wanted to have a “big” army and the German numbers were, therefore, quite boastful.These conscripts were organized into “divisions” which were organized units — absent NCOs and officers — in name only.The Germans, on paper by their count, had 36 divisions total in 1938 in their entire army.Western intelligence agreed to this number which was already in violation of the Versailles Treaty and thus of great interest. You have to recall also that most German divisions were geographically identified with their home city and breeding ground something which was quite unique to their army.When I served in Germany in the 1970s, I lived in a caserne which had been the home of a German division. It was like a castle. Cold as Hell in the winter.The whole point of the preceding is to say that it was not possible for the Germans to have fielded a large army in 1939 as they didn’t have one to field.When the Germans invaded Poland, they invaded with 9 Panzer divisions each of which had a TOE of approximately 325 tanks which was the core of the combat power committed to Poland.A German panzer division was typically not a combined arms unit — meaning they had few, if any, organic infantry, artillery, combat engineer units — as they were tank heavy and light in mechanized infantry and artillery and combat engineer support. This made them nimble and deadly. It also made them very low in numbers.Still, there were only 9 of them as skinny in body count as they were.The German army exploded after Poland and by the time they went west, they were reported to have a total of 2MM + soldiers but only 2,400 tanks in the attack.When the Germans invaded Russia they were reported to have 15-17 panzer divisions and more than 125 infantry divisions which was misleading because many of these infantry divisions were inferior troops or used solely to safeguard supply lines or to fight partisans and guerrillas and were 10,000 men.An American division of that time might have had as many as 15K soldiers and a Marine division might have had as many as 22K, so the relative combat power ratio is not linearly comparable.They also routinely counted as “their” divisions, units which came from allies such as the Muslim Brotherhood which supplied two divisions (very large ones) by the end of the Russian campaign.The exercises that I witnessed were conducted by the Army War College and were conducted at the division level. (I was a lowly Captain but I was an aide de camp so I had a front seat.)They all routinely concluded that if the English and the French had mobilized promptly (the French had 5MM reservists many of whom were WWI veterans) and attacked when Germany was engaged in Poland, the outcome would have been favorable.The biggest intellectual debate was, as you identified, whether the English and the French were sufficiently offensive minded to actually make war in the manner that was emerging with the Germans obtaining long stretches of air superiority and deep armored thrusts into the enemy rear.JLMwww.themusingsofthebigredca…
.Perhaps the most mysterious German-Soviet agreement was the 1940 German-Soviet Commercial Agreement which was an enormous increase in their trade agreement at an instant in time that the invasion of Russia had already been settled upon.From 1940 until the actual invasion of Russia the Russians and the Germans traded like mad men though it became clear that the Germans imported more than they exported.The Germans imported huge amounts of raw materials while the Russians imported finished goods.The Germans, who were supposed to supply things like plans for battleships and cruisers, naval guns but no ships upon which to set them, fighters and bombers were clever in delivering only “samples” of four different aircraft and not any quantities while they got, in turn, oil, rubber, and grain.Some argue that without the German import of oil, rubber, grain, they would not have had the raw materials to actually invade Russia in June 1941.JLMwww.themusingsofthebigredca…
I can give you a common view from a naive US citizen:On the CIA doing ‘regime change’: I thought that the big example was helping the Shah come to power in Iran and the reason for that was to ‘contain’ the USSR.Panama? The US built the canal, IIRC, US President Carter gave the canal and everything back to Panama.For the various South American dictators that were dumped, that may have been for the US Fruit company but maybe more for keeping Soviet allies and Communism out of the Americas. That was not a very strong effort if only from the evidence that it was a seriously bad failure with Fidel in Cuba. How serious? The Cuban Missile Crisis, about the closest the US and the USSR came to nuke war. The suggestions that Cuba had something significant to do with the assassination of JFK.My understanding is that having the US dollar the default reserve currency is a big economic advantage to the US. It’s been called a huge interest free loan to the US, but I’ve never seen a good description of the details.Just why have US industries had a lot of world domination? Candidate reasons: Starting at about 1900, the US economy grew like a weed — steel, rails, telephones, newspapers, autos, oil, farm machinery, electric power, radio, plastics, aircraft, TV. Why? Usual suspects — big country, good climate, lots of great farm land, lots of other natural resources, one language, one currency, good constitution with political stability, two oceans to isolate from the rest of the world, a lot of freedom in the collection and use of capital.E.g., Henry Ford: He just did it, and the US Federal Government had next to nothing to do with it; what Ford did certainly was not a planned and intended effort at international economic imperialism. Same for Steinmetz and GE and electric utilities. Same for Edison and his electric lighting. Same for Rockefeller and oil. Carnegie and steel. IBM and punched cards.Then, sure, once IBM had a good business in the US, they expanded to overseas — here maybe Tom Watson had some conversations with people in DC (District of Columbia, not a US ‘state’ but an area on the map between the states of Maryland and Virginia with the center of the US Federal Government) to keep down tariffs and let him sell, keep his intellectual property safe, keep competitors out of the US, but I don’t have any evidence he did.There were some ‘compound growth effects’: So, sure, early on we had Western Union and telegraphs — click, click. Then to get more range, they wanted electronic amplification and developed electronic vacuum tubes. But, then, those vacuum tubes were huge things in radio, telephone, TV, radar, computers, electronic recording, etc.Then in the 1930s, the US telephone regulated monopoly AT&T saw that those darned vacuum tubes were too hot, noisy, expensive, unreliable, etc. and started research for a solid state amplifier. WWII was an interruption, but then by 1948 or so, AT&T announced the transistor. We can note that AT&T set up the intellectual property so that it was given to the world — not exactly an effort at economic imperialism. So, AT&T got what they needed from the transistors, but soon from the transistor there was an explosion in analog electronics and then digital electronics, to the present. Can say some similar things about lasers.Yes, the US military pushed hard on airplane engines, pistons and later jets, and airplanes. So, the same US companies, Boeing, McDonnell-Douglas, General Dynamics, GE, Pratt and Whitney, had big advantages for commercial aviation.E.g., Boeing took four jet engines first developed for US military super sonic fighter planes, wrapped a commercial airplane around them, got the 707, and in short order put the North Atlantic passenger ships nearly out of business. E.g., why cross the Atlantic in five days when can do it if five hours? Besides, early on, supposedly the 707 was a flying cash register, a license to print money.The US military pushed hard on radar and digital electronics, and the result was Silicon Valley.But, often Europe, the British empire, and Russia were ahead: (A) Nearly everything up to Maxwell’s equations in electro-magnetism. (B) Special and general relativity. (C) Quantum mechanics. (D) Mathematics. (E) Chemistry and pharmaceuticals. And no doubt more. Still, from such work, often the US made the big bucks. To me, the main reason was the work of US business, not US DC foreign policy.But all of that is just what it looks like to a naive US citizen. The truth under the table and behind the walls might be significantly different.E.g., FedEx, and I know some things about it. The founder, COB, CEO Fred W. Smith is the one who did it. He made big use of his family fortune and got big investments from General Dynamics, etc. And eventually, as he said to me on the phone once, he “was going international”. And he did. Maybe he’s made big bucks from the international part.But, gotta tell you: Lots of other countries could have done it first. Indeed, to start Fred used French Dassault DA-20 Fanjet Falcon airplanes, and used those due to some severe anti-business regulation of the US Civil Aeronautics Board (CAB), the US source of ‘economic regulation’ of the US commercial airlines. Eventually President Carter appointed Alfred Khan who promptly disbanded the CAB, and one result was that FedEx was able to fly large planes. Gee, France, Germany, Italy, England, Poland, Austria, Belgium, Sweden, Norway, etc. were all in essentially all respects perfectly capable of doing such a thing, but mostly they didn’t. Yes, eventually there was DHL from wherever. The main difference was just Fred W. Smith and Memphis, and Memphis is not exactly the crown jewel of anything.E.g., I’ve got a project. If it works, then, like Google and maybe Facebook, I stand to get more revenue from outside the US than inside and add a little to ‘US international economic imperialism’. But, gotta tell you, “absolutely, positively”, so far no one in US government is helping me “go international” or, really, helping me at all. What I’m doing could in principle be done nearly anywhere in the world with good Internet access, e.g., maybe the Piedmont of Italy, Vienna, Austria — hmm, there’s an idea! But likely and apparently I’m the only one in the world doing anything at like what I am doing. Just why? I don’t know.Ah, let’s see: Romania? Hmm. Let me think …. Right, I remember, the wife of writer Saul Bellow — Alexandra Bellow (formerly Alexandra Ionescu Tulcea; born 30 August 1935) is a mathematician from Bucharest, Romania. Yup, and for some of that math, look in the back of a book by Jacques Neveu in France.
.I had to go back to the source as you were measuring with a micrometer and I was cutting with a chain saw.Actually, to be accurate, you are conflating the number of divisions in the Polish offensive with the total number of German divisions.When I was in Germany, I was befriended by a German Graf who had fought a Waffen SS tank brigade across Russia.The unit I commanded was living in his family’s caserne.The stories he told. Wow!JLMwww.themusingsofthebigredca…
.A Kampfgruppen is a “task force” which is not a standard organizational subdivision but rather a “one off” force put together for a specific military objective or campaign such as Kampfgruppen Peiper in the Bulge.A Kampfgruppen is the exact reaction to the absence of such forces within a Panzer division. The Kampfgruppen wedded these missing forces thereby validating their absence in the organic Panzer division proving my point.As to the theory of Blitzkrieg, it was a theory at that time and not much more. Men like GH Liddell Hart and Heinz Guderian and Erwin Rommel were very junior and while they wrote before the war, they had no real field experience until WWII began.I cannot tell you how hard I studied Rommel’s Attack when I was a VMI cadet. He was an infantryman in Italy during WWI and not a word about armor.The experience Guderian gained in Poland was put to good use in France but the theory was really developed on the heels of France and used effectively in Russia.The tank battles in Russia were some of the best examples of tactical, game day thinking ever. Interestingly enough one of my classmates commanded the attack on the Kuwait airport which was the largest tank battle since Kursk.Even the German experience in Spain did not entail the kind of equipment that would be available in WWII.The biggest contribution to tank warfare, said Guderian when pressed, was radio communication which allowed individual units to fight a coordinated, tactically sound battle with one unit being able to engage and “fix” an opponent and another unit being able to destroy the same unit from the flank or other maneuver.The Krauts are natural born soldiers.JLMwww.themusingsofthebigredca…
Once again I’m pissed off at the course in European history I got in college: It did a lot on history before Rome but stopped at about 1900. Bummer.I’ve gotten some of my history of Europe since 1900 from decently good books but too much from TV shows. Bummer.
Wow! I guess, with the protection of the Atlantic Ocean, I can get by without anything like a good background in European history!
Yes, in the course, I mentioned to the prof that the course concentrated on kings, etc. but omitted more fundamental causes — rivers, agriculture, the wheel, domestic animals, textiles, political organization, working in wood, stone, and metals, the bow and arrows, swords, specialization, money, language, writing, ship building, open ocean sailing, math, navigation, gunpowder, iron, steam, steel, electricity — now we are at 1900 or so.
My brother lives in Wroclaw in Poland. Before 1945 it used to be Breslau in Germany. You can still in a few places see the remnants of it being a German city.