Sunday, May 25, 2003
Security & Technology
The other day, I was looking around for some new information on Quicksilver (Neal Stephenson's new novel, a follow up to Cryptonomicon) and I came across Stephenson's web page. I like everything about that page, from the low-tech simplicity of its design, to the pleading tone of the subject matter (the "continuous partial attention" bit always gets me). At one point, he gives a summary of a talk he gave in Toronto a few years ago:
Basically I think that security measures of a purely technological nature, such as guns and crypto, are of real value, but that the great bulk of our security, at least in modern industrialized nations, derives from intangible factors having to do with the social fabric, which are poorly understood by just about everyone. If that is true, then those who wish to use the Internet as a tool for enhancing security, freedom, and other good things might wish to turn their efforts away from purely technical fixes and try to develop some understanding of just what the social fabric is, how it works, and how the Internet could enhance it. However this may conflict with the (absolutely reasonable and understandable) desire for privacy.And that quote got me to thinking about technolology and security, and how technology never really replaces human beings, it just makes certain tasks easier, quicker, and more efficient. There was a lot of talk about this sort of thing around the early 90s, when certain security experts were promoting the use of strong cryptography and digital agents that would choose what products we would buy and spend our money for us.
As it turns out, most of those security experts seem to be changing their mind. There are several reasons for this, chief among them fallibility and, quite frankly, a lack of demand. It is impossible to build an infallible system (at least, it's impossible to recognize that you have built such a system), but even if you had accomplished such a feat, what good would it be? A perfectly secure system is also a perfectly useless system. Besides that, you have human ignorance to contend with. How many of you actually encrypt your email? It sounds odd, but most people don't even notice the little yellow lock that comes up in their browser when they are using a secure site.
Applying this to our military, there are some who advocate technology (specifically airpower) as a replacement for the grunt. The recent war in Iraq stands in stark contrast to these arguments, despite the fact that the civilian planners overruled the military's request for additional ground forces. In fact, Rumsfeld and his civilian advisors had wanted to send significantly fewer ground forces, because they believed that airpower could do virtually everything by itself. The only reason there were as many as there were was because General Franks fought long and hard for increased ground forces (being a good soldier, you never heard him complain, but I suspect there will come a time when you hear about this sort of thing in his memoirs).
None of which is to say that airpower or technology are not necessary, nor do I think that ground forces alone can win a modern war. The major lesson of this war is that we need to have balanced forces in order to respond with flexibility and depth to the varied and changing threats our country faces. Technology plays a large part in this, as it makes our forces more effective and more likely to succeed. But, to paraphrase a common argument, we need to keep in mind that weapons don't fight wars, soldiers do. While technology we used provided us with a great deal of security, its also true that the social fabric of our armed forces were undeniably important in the victory.
One thing Stephenson points to is an excerpt from a Sherlock Holmes novel in which Holmes argues:
...the lowest and vilest alleys in London do not present a more dreadful record of sin than does the smiling and beautiful country-side...The pressure of public opinion can do in the town what the law cannot accomplish...But look at these lonely houses, each in its own fields, filled for the most part with poor ignorant folk who know little of the law. Think of the deeds of hellish cruelty, the hidden wickedness which may go on, year in, year out, in such places, and none the wiser.Once again, the war in Iraq provides us with a great example. Embedding reporters in our units was a controversial move, and there are several reasons the decision could have been made. One reason may very well have been that having reporters around while we fought the war may have made our troops behave better than they would have otherwise. So when we watch the reports on TV, all we see are the professional, honorable soldiers who bravely fought an enemy which was fighting dirty (because embedding reporters revealed that as well).
Communications technology made embedding reporters possible, but it was the complex social interactions that really made it work (well, to our benefit at least). We don't derive security straight from technology, we use it to bolster our already existing social constructs, and the further our technology progresses, the easier and more efficient security becomes.
Update 6.6.03 - Tacitus discusses some similar issues...
Posted by Mark on May 25, 2003 at 02:03 PM .: link :.
Sunday, May 18, 2003
Creeping Determinism & 9/11
Connecting the Dots by Malcolm Gladwell : A thoughtful counter-point to the arguments posited after 9/11 that the CIA and FBI failed to accurately assess all of the intelligence pointing towards a major terrorist attack. Gladwell argues that the clarity presented in these arguments, such as the one in the book The Cell or the passionate and detailed report made by Senator Richard Shelby in December, are an example of 20/20 hindsight, or what he calls "creeping determinism". A term coined thirty years ago by psychologist Baruch Fischhoff, creeping determinism refers to "the sense that grows on us, in retrospect, that what has happened was actually inevitable".
Its an obvious point, but it operates on several levels, and almost every major war provides us with an example. We look back on the Union's victory in the Civil War or the Allies victory in WWII with a sense of inevitability; that those victories were a foregone conclusion. But such was not the case. We all know the Allies won WWII, but such a conclusion was unthinkable in 1940 London, and the Union didn't exactly thrash the South in the early days of the war. Of course, the concept is much broader and includes other situations than war as well...
So was the "intelligence failure" of 9/11 really a case of ineffective intelligence analysis, or just another example of creeping determinism? Its easy, in retrospect, to look back on the evidence of a major terrorist attack and conclude that our intelligence agencies failed to "connect the dots", but what we are seeing is really a distortion caused by the clarity of all that evidence. What we are seeing is what is called in information theory, signal, and what we are not seeing is noise. Sure, there was lots of evidence pointing towards a major terrorist attack, but what we "don't hear about is all the other people whom American intelligence had under surveillance, how many other warnings they received, and how many other tips came in that seemed promising at the time but led nowhere." When you get threats of bombings and attacks all the time, how do you distinguish between the signal and the noise? Which attack is the one that will actually happen? These aren't limitations of our intelligence community, these are limitations on intelligence itself. "In the real world, intelligence is invariably ambiguous."
As such, there is no such thing as a perfect intelligence community. Every choice you make involves tradeoffs, and its not exactly clear which choices are the right ones. For instance, Shelby talks about the relationship between the CIA and FBI disapprovingly, noting their failure to share information promptly and efficiently between (and within) organizations. But Gladwell points out that it is just as easy to make a case for the old system, where organizations competed with one another. " Isn't it an advantage that the F.B.I. doesn't think like the C.I.A.?"
As you can see, going over the evidence and the arguments can be frustrating. On the one hand, when you can look back on events knowing the outcome, the evidence seems obvious, but was it so obvious at the time? And why aren't we fixing it now?
Today, the F.B.I. gives us color-coded warnings and speaks of "increased chatter" among terrorist operatives, and the information is infuriating to us because it is so vague. What does "increased chatter" mean? We want a prediction. We want to believe that the intentions of our enemies are a puzzle that intelligence services can piece together, so that a clear story emerges. But there rarely is a clear story--at least, not until afterward, when some enterprising journalist or investigative committee decides to write one.There's no way to fix the limitations of intelligence itself. We can make changes to our intelligence systems, but that doesn't necessarily mean we'll be making progress. We're not so much solving a problem as we're trading one set of disadvantages for another. The trick is figuring out which situation is beter than the other, which isn't as easy as it sounds...
Posted by Mark on May 18, 2003 at 11:41 AM .: link :.
Sunday, May 11, 2003
To hit or not to hit, that is the question
Gambling is a strange vice. Anyone with a brain in their head knows the games are rigged in the Casino's favor, and anyone with a knowledge of Mathematics knows how thoroughly the odds are in the Casino's favor. But that doesn't stop people from dropping their paychecks in a few hours. I stopped by Atlantic City this weekend, and I played some blackjack. The swings are amazing. I only played for about an hour, but I am always fascinated by the others at the table and even my own reactions.
I don't play to win, rather, I don't expect to win, but I like to gamble. I like having a stack of chips in front of me, I like the sounds and the smells and the gaudy flashing lights (I like the deliberately structured chaos of the Casino). I allot myself a fixed budget for the night, and it usually adds up to approximately what I'd spend on a good night out. People watching isn't really my thing, but its hard not to enjoy it at a Casino, and that's something I spend a lot of time doing. Some people have the strangest superstitions and beliefs, and its fun to step back and observe them at work. Even though I know the statistical underpinnings of how gambling works at a Casino, I even find myself thinking the same superstitious stuff because its only natural.
For instance, a lot of people think that if a player sitting at their table makes incorrect playing actions, it decreases their advantage. Statistically, this is not true, but when that guy sat down at third-base and started hitting on his 16 when the dealer was showing a 5, you better believe a lot of people got upset. In reality, that moron's actions have just as much a chance of helping other players as hurting them, but that's no consolation to someone who lost a hundred bucks in the short time since that guy sat down. Similarly, many people have progressive betting strategies that are "guaranteed" to win. Except, you know, they don't actually work (unless they're based on counting, but that's another story).
The odds in AC for Blackjack give the House an edge of about 0.44%. That doesn't sound like much, but its plenty for the Casino, because they have an unfair advantage even if the odds were dead even. Don't forget, the Casino has deep pockets, and you don't. In order to take advantage of a prosperous swing in the game, you need to weather the House's streaks. If you're playing with $1000, you might be able to swing it, but don't forget, the Casino is playing with millions of dollars. They will break your bank if you spend enough time there, even if they didn't have the statistical advantage. That's why you get comps when you win. They're trying to keep you there so as to bring you closer to the statistical curve.
The only way you can really win at Blackjack is to have the luck of a quick streak and the willpower to stop while you're up (as I noted before, if you're up a lot, the Casino will do their best to keep you playing), but that's a fragile system - you can't count on that, though it will happen sometimes. The only way to consistently win at Blackjack is to count cards. That can give you the advantage of around 1% (more on certain hands, less on others) - depending on the House rules. This isn't Rain Man - you aren't keeping track of every card that comes out of the deck (rather, you're keeping a relative score of high value cards to low cards), and you don't get an automatic winning edge on every hand. Depending on the count, the dealer can still play consistently better than you - but the dealer can't double down or split, and they only get even money for Blackjack. That's where the advantage comes.
Of course, you have to have a pretty big bankroll to compensate for the Casino's natural "deep pockets" advantage, and you'll need to spend hundreds of hours practicing at home. Blackjack is fast and you need to be able to keep a running tab of the high/low card ratio (and you need to do some other calculations to get the true count), all the while you must appear to be playing normally, talking with the other players, dealing with the deliberately designed chaotic distractions of the Casino and generally trying not to come off as someone who is intensely concentrating. No small feat.
I'm not sure if that'd take all the fun out of it, not to mention draw the Casino's attention on me (which can't be fun), but it would be an interesting talent to have and its a must if you want to win. At the very least, it's a good idea to get the basic strategy down. Do that and you'll be better than most of the people out there (even if you just memorize the Hard Totals table, you'll be in good shape).
Posted by Mark on May 11, 2003 at 09:12 PM .: link :.
Sunday, May 04, 2003
State of the Blog
Recently, Steven den Beste updated his blogroll, then commented on the negative economy of scale and inverse network effect that allows his blogroll to be very valuable to those who are included. Naturally, given the value of those links, he gets a lot of mail from people asking to be put on the list. The reason he doesn't do so is that the list would get very long and unwieldy (and thus the value of said link would go down), and also because "Sturgeon's Law is in full force in the blogosphere: 90% of blogs are crap, if not an even higher proportion than that. (Not yours, of course.)"
I thought about that for a moment, and I realized that my blog is crap, part of that 90%. Not (I hope) because the content is low quality, but because it is so infrequently and inconsistently updated. At which point, I began examining what I'm doing here, why I'm doing it, and how I should proceed. I have not been very productive over the last year. There are many reasons for this, most of which contribute to my lack of motivation to produce more posts. One major factor in my lack of motivation is the fact that only a handful of people (if that) will ever actually see them, thus making the decision to blow off the blog that much easier.
I've been doing this for close to 3 years, and it has never really caught on. For a long time, I posted nearly every day. I didn't worry about my lack of readership because I enjoyed what I was doing. And whatever feedback I did get was gratifying. Then things began to slow down, and now I'm stuck in a negative feedback loop where I don't even want to be linked anymore because I don't create enough high-quality content. But I don't create enough high-quality content because I don't have enough people visiting!
It's more complicated than that, of course, but that is the general idea. I still enjoy doing the weblog, I just don't do it enough. Even when I do, I'm terribly inconsistent. However, I think this is something I can correct. What I'm going to try to do is post at least once a week, on Sundays (anything beyond that is just gravy). Hopefully, being on a regular schedule will force me to consistently churn out worthwhile material. I also need to start creating more original high-quality content, as opposed to just linking to it (as I mostly do now). This will probably be a gradual thing, as I begin to comment more on what I link to. And thus I hope to bootstrap myself into superstardom. Or maybe just a few additional readers.
Posted by Mark on May 04, 2003 at 12:02 PM .: link :.
Where am I?
This page contains entries posted to the Kaedrin Weblog in May 2003.
Kaedrin Beer Blog
12 Days of Christmas
2006 Movie Awards
2007 Movie Awards
2008 Movie Awards
2009 Movie Awards
2010 Movie Awards
2011 Fantastic Fest
2011 Movie Awards
2012 Movie Awards
2013 Movie Awards
2014 Movie Awards
2015 Movie Awards
6 Weeks of Halloween
Arts & Letters
Computers & Internet
Disgruntled, Freakish Reflections
Philadelphia Film Festival 2006
Philadelphia Film Festival 2008
Philadelphia Film Festival 2009
Philadelphia Film Festival 2010
Science & Technology
Security & Intelligence
The Dark Tower
Weird Book of the Week
Weird Movie of the Week
Copyright © 1999 - 2012 by Mark Ciocco.