2007 Newsgroup postings (10/25 - 11/07) Lynn Wheeler

2007 Newsgroup Postings (10/25 - 11/07)

IBM System/3 & 3277-1
IBM System/3 & 3277-1
IBM System/3 & 3277-1
instruction sets, was Direction of Stack Growth
The history of Structure capabilities
The history of Structure capabilities
The history of Structure capabilities
IBM System/3 & 3277-1
IBM System/3 & 3277-1
IBM System/3 & 3277-1
IBM System/3 & 3277-1
The history of Structure capabilities
How to tell a fake SSL certificate from a real one
What do ATMS and card readers use?
what does xp do when system is copying
The history of Structure capabilities
VM TSM server support
How to tell a fake SSL certificate from a real one
How to tell a fake SSL certificate from a real one
How to tell a fake SSL certificate from a real one
Abend S0C0
Is the media letting banks off the hook on payment card security
Abend S0C0
Abend S0C0
How to tell a fake SSL certificate from a real one
Fixing our fraying Internet infrastructure
The new urgency to fix online privacy
Default Search Engines are dangerous, Especially Google <- Domain Name Stealers
complicated address generation unit?
The new urgency to fix online privacy
Is the media letting banks off the hook on payment card security
Is the media letting banks off the hook on payment card security
Is the media letting banks off the hook on payment card security
Students mostly not ready for math, science college courses
Is the media letting banks off the hook on payment card security
Is the media letting banks off the hook on payment card security
Students mostly not ready for math, science college courses
Translation of IBM Basic Assembler to C?
Students mostly not ready for math, science college courses
Translation of IBM Basic Assembler to C?
Is the media letting banks off the hook on payment card security
Translation of IBM Basic Assembler to C?
New 'virtual IT job' could be very real
does memory still have parity?
complicated address generation unit?
Translation of IBM Basic Assembler to C?
Students mostly not ready for math, science college courses
Translation of IBM Basic Assembler to C?
Half a Century of Crappy Computing
How to tell a fake SSL certificate from a real one
Translation of IBM Basic Assembler to C?
Translation of IBM Basic Assembler to C?
Translation of IBM Basic Assembler to C?
Fixing our fraying Internet infrastructure
The new urgency to fix online privacy
Translation of IBM Basic Assembler to C?
CSA 'above the bar'
Translation of IBM Basic Assembler to C?
Fixing our fraying Internet infrastructure
Fixing our fraying Internet infrastructure
Fixing our fraying Internet infrastructure
The new urgency to fix online privacy
CSA 'above the bar'
Translation of IBM Basic Assembler to C?
CSA 'above the bar'
CSA 'above the bar'
The new urgency to fix online privacy
CSA 'above the bar'
High order bit in 31/24 bit address
CSA 'above the bar'
Latest OECD broadband data puts US in middle of the pack on speed, price
The new urgency to fix online privacy
Translation of IBM Basic Assembler to C?
Translation of IBM Basic Assembler to C?
System 360 EBCDIC vs. ASCII
Real storage usage - a quick question

IBM System/3 & 3277-1

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Thu, 25 Oct 2007 20:49:56 -0400

ArarghMail710NOSPAM writes:
Although there might have been an option to the assign.

Besides, a lot of shops used Hasp or some such, and program had no control of the card reader.

re:
https://www.garlic.com/~lynn/2007q.html#48 IBM System/3 & 3277-1
https://www.garlic.com/~lynn/2007q.html#69 IBM System/3 & 3277-1
https://www.garlic.com/~lynn/2007q.html#70 IBM System/3 & 3277-1
https://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1

for this student class registration app ... it run w/o hasp.

green card reader/punch command codes:
https://www.garlic.com/~lynn/gcard.html#23
from above:


Command                       Binary      Hex
Sense                         0000 0100   04
Feed, Select Stacker          SS10 F011
Read Only                     11D0 F010
Diagnostic Read               1101 0010   D2
Read, Feed, Select Stacker    SSD0 F010

there was read, feed, and select stacker in single command this had the minimum overhead, if you already knew what stacker the card was going into ... i.e.
SSD0 F010 .... or 1100 0010 ... C2

would do ebcdic read, feed and select stacker 3.

or you could do read separately from feed, select stacker.

for student class registration app ... just do read, feed, select stacker 3 ... process the information ... and if there was a problem, do a write, feed, select stacker three ... writing a totally blank card (idea was just to put a blank colored card behind registration cards that needed more work).

i had mentioned that i had done port of 1401 mpio application (unit record frontend for 709) to 360/30. I would do separate read from feed/select stacker ... not to dynamically select stacker ... but i wouldn't know before hand whether it was bcd or binary. I would do bcd read ... and if it got an error, i would reread with binary read ... before doing feed, select stacker.

past posts mentioning hasp
https://www.garlic.com/~lynn/submain.html#hasp

i had done highly optimized os/360 system that included hasp. i got nearly three times thruput compared to vanilla os/360 plus hasp (for standard university student job stream).

this is part of presentation i gave at fall '68 share meeting in Atlantic City ... mentioning the just os/360 system thruput and performance work (running on real hardware) ... a lot of cp67 system thruput and performance work ... and os/360 system thruput in virtual machine.
https://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14

recent posts mentioning doing 1401 mpio port
https://www.garlic.com/~lynn/2007d.html#51 IBM S/360 series operating systems history
https://www.garlic.com/~lynn/2007h.html#52 ANN: Microsoft goes Open Source
https://www.garlic.com/~lynn/2007m.html#73 Operating systems are old and busted
https://www.garlic.com/~lynn/2007n.html#59 IBM System/360 DOS still going strong as Z/VSE
https://www.garlic.com/~lynn/2007p.html#2 what does xp do when system is copying

IBM System/3 & 3277-1

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Thu, 25 Oct 2007 21:22:26 -0400

hancock4 writes:
How did you control routing the cards to the appropriate stacker? My yellow card has a chart for the 3504/3505 card reader with Commands for Sense, feed-select stacker, read,feed, select stacker. Tere's a binary code for a byte, but where does this byte go--the channel control word (CCW)? Could this be done in COBOL or was assembler required? (There are other "I/O Command Codes" listed as well.)

original post
https://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1

recent post that discusses part of 2540/3505 ccw op-code format
https://www.garlic.com/~lynn/2007r.html#0 IBM System/3 & 3277-1

the discussion that covered the 2540/3505 ccw op-code (command-code) format ...
https://www.garlic.com/~lynn/gcard.html#23

was just the "command code" field of the ccw (first byte). here is format of channel command word (8 bytes, double world)

https://www.garlic.com/~lynn/gcard.html#12

the full 8-byte CCW (from above) is


Format-0 Channel Command Word

0---------------1---------------2---------------3---------------+
| Command code  |                 Data address                  |
      0---------------1---------------2---------------3---------------+

      4---------------5---------------6---------------7---------------+
|   Flags       |///////////////|           Byte count          |
4---------------5---------------6---------------7---------------+

 Standard Command codes           Flags

 xxxx 0000  Invalid               Bit 32 (80) - Chain data
++++ ++01  Write                     33 (40) - Chain command
++++ 0100  Sense                     34 (20) - Suppress incorrect length
++++ ++10  Read                      35 (10) - Suppress data transfer
 xxxx 1000  Transfer in Channel       36 (08) - Program controlled interrupt
++++ ++11  Control                   37 (04) - Use Indirect Data Address Word
 ++++ 1100  Read Backward             38 (02) - Suspend
0000 0011  Control No-op             39 (01) - Must be 0
1110 0100  Sense ID

 x - Bit Ignored             + - Modifier Bit for Specific Type of Device

....

so operating system "access methods" ... effectively i/o libraries were the same for both cobol and assembler. these "access methods" generated channel programs (sequences of channel command words) and invoked kernel/system call for it to be executed. access methods would have some number of options that could allow various kinds of control ... including things like stacker (however, most systems ran with hasp or other "spooling" function that handled all the unit record ... and stored the records as intermediary disk files. by the time an application got around to executing, the physical cards normally had long since been processed.

misc. past posts mentioning hasp
https://www.garlic.com/~lynn/submain.html#hasp

"access methods" were library routines typically written in assembler. it would be possible for application programmers to implement their own equivalent "access method" code that generated their own channel programs and directly invoked the kernel/system call to do the actual i/o operation.

i believe most of the student registration app was in cobol ... but i wrote some assembler for doing the card reader/punch scenario and some glue code that it allowed to be called from cobol.

IBM System/3 & 3277-1

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Thu, 25 Oct 2007 21:38:50 -0400

hancock4 writes:
I didn't know the 2540 could read mark-sense spots, was that a standard or optional feature? I thought mark-sense cards had to be run through a Reproducer which would read, translate, and punch the card for the fields coded.

I think the old Reproducers read the marks by touch and conductivity testing (pencil lead is graphite which conducts), while the 2540 used photocells to read cards. I believe the pioneer IBM test scoring machine 'tabulated' the final score merely by checking the current flow from touching the answer sheet. The more correct answers, the more current would flow and the further the dial would move on the meter.

original post:
https://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1

misc. other responses
https://www.garlic.com/~lynn/2007r.html#0 IBM System/3 & 3277-1
https://www.garlic.com/~lynn/2007r.html#1 IBM System/3 & 3277-1

i remember the 2540 having brushes ... and my recollection was that the 2540 had option to directly read sense marks ... but this was over 40yrs ago ... so i could be wrong (but i have no recollection of the sense mark cards being preprocessed and generating a "real" hole-punched equivalent ... for processing by the student class registration application).

when i was doing the 1401 mpio port ... they would let me have the machine room for the weekend ... i would pull a 48hr shift from 8am sat until 8am mon ... and then drag myself off to some monday classes.

after a couple weekends, i learned that the first thing needed doing was standard operator shift maintenance ... before doing anything else clean all the tape heads ... and take the 2540 reader/punch apart and clean all the components (especially the reader read brushes) and put it back together.

instruction sets, was Direction of Stack Growth

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: instruction sets, was Direction of Stack Growth
Newsgroups: comp.arch.embedded,comp.arch,comp.realtime,comp.dsp
Date: Fri, 26 Oct 2007 07:15:03 -0400

"robertwessel2@yahoo.com" <robertwessel2@yahoo.com> writes:
Amusingly that issue made a reappearance with the z990, where a split L1 cache (I and D) was introduced. Basically a store into the same 256 byte cache line that had instructions in it (and was in the L1I), introduced a significant slow down while a whole lotta flushing happened.

this is analogous but different to the significant rewrite effort for both MVS and VM in the 3084 time-frame (four-way multiprocessor) for kernel storage ... trying to force storage to cache lines and multiples of cache lines ... so that different storage allocations didn't overlap in common cache line ... which had the possibility that different processors were simultaneously operating on different storage areas sharing common cache line (resulting in significant cache thrashing).

The history of Structure capabilities

From: Anne & Lynn Wheeler  <spamtrap@crayne.org>
Subject: Re: The history of Structure capabilities
Newsgroups: comp.lang.asm.x86,alt.folklore.computers
Date: Fri, 26 Oct 2007 07:41:30 -0400

Frank McCoy <spamtrap@crayne.org> writes:
But ... I figured a way to do both with the same counter. Supposedly impossible if you read the specifications for the machine. There's not the slightest possibility in the world that I could have programmed a HLL language to do either one.

The second relied on *knowing* that no possible routine I could execute would overflow the counter.

i had a bug report submitted for my resource manager ... i was doing some calculations using the TOD clock ... 64 bits ... with bit 32 equal to 1024/1000 of a second. the calculations were happening every 5-10 seconds ... so i did some shifting to fit saved time values into single (32bit) word. The shifting gave the result a period of approx. 30 minutes. The problem was that the customer had hit the processor stop button while processor happening to be executing my little bit of code (couple thousand instructions) ... and left the processor in stop state for more than 30 minutes. When they hit start, the kernel failed. I then had divide instruction that resulted in overflow program check (which the kernel wasn't set up to handle).

There wouldn't have been a problem if

the stop had happened when the processor was executing any other code .... than the couple thousand instructions that happened every 5-10 seconds on a processors with execution rates of at least several MIPS .... probability something on the order of 5x10**3/5x10**7 (or less) .... maybe .0001,

or if they had restarted the processor before 30 minutes was up,

or if the kernel had been prepared to handle a divide overflow. ....

The history of Structure capabilities

Refed: **, - **, - **

From: Anne & Lynn Wheeler  <spamtrap@crayne.org>
Subject: Re: The history of Structure capabilities
Newsgroups: comp.lang.asm.x86,alt.folklore.computers
Date: Fri, 26 Oct 2007 08:58:54 -0400

Frank McCoy <spamtrap@crayne.org> writes:
It was the only way though to fit the resulting code in the available space. Unlike today where if a program needs 16 megabytes of code space, (Not counting even larger data-spaces) nobody winces or even hardly notices at all.

recent post (in comp.arch) about growing difficulty (in the past) being able to fit 2mbyte application into 16mbyte virtual address space
https://www.garlic.com/~lynn/2007q.html#68 Direction of Stack Growth

there was a different problem in the port of apl\360 to cms for cms\apl.

apl\360 was subsystem that supported 16kbyte workspaces in real memory environment ... with apl\360 providing its own infrastructure for timesharing, terminal support, and swapping workspaces.

in port to cms\apl ... all the timesharing and terminal support was being provided by the underlying cp67 (virtual machine) infrastructure.

the problem then was the garbage collection (storage management) strategy in apl\360. apl was interpreted with all (interpreted) code and data in the 16kbyte workspace. part of apl was to always allocate new storage location on every assignment (even if it involved a variable that already existed). storage allocation started low (in the workspace) and proceeded upwards until it hit the top of the workspace ... and which time it would garbage collect ... collecting all allocated variables/data into contiguous area of low storage and repeat. Storage allocation rate was proportional to frequency of assignments (somewhat independent of the aggregate size of the allocated variables). This strategy would frequently & repeatedly touch all available storage in the workspace ... which wasn't too bad with workspace being swapped as single 16kbyte area.

in the transition to cms\apl ... it moved from single 16kbyte real storage swapped area ... to potentially 16mbyte virtual address space that was paged in 4k pages. an application that ran comfortably in apl\360 16k workspace ... moved to cms\apl running in 16mbyte virtual address space could cause severe page thrashing (attempting to frequently and repeatedly touching every virtual page in the address space). so as part of port to cms\apl and (relatively large) virtual address spaces ... the whole apl storage and garbage collection mechanism had to be reworked.

lots of past posts mentioning apl ... and/or HONE ... a large (cp67-based and later vm370) timesharing service that delivered a lot of applications, most of which had been implemented in apl
https://www.garlic.com/~lynn/subtopic.html#hone

The history of Structure capabilities

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The history of Structure capabilities
Newsgroups: alt.folklore.computers
Date: Sat, 27 Oct 2007 17:42:46 -0400

paul c <toledobythesea@ooyah.ac> writes:
I met many people in those days who had wildly inflated opinions as to the number of mainframes there actually were but I remember very clearly from 1989 or so that there were less than 30,000 VSE active licences and something like 6,000 MVS licences worldwide.

Even if one accepts your numbers, the point remains that the number of people to whom mainframe decimal arithmetic is available is dwarfed by the number who depend on Intel and clone binary arithmetic.

(In the 'old' mainframe days, say before 1990, I remember that IBM, Amdahl and Hitachi rarely mentioned unit sales, rather dollar sales. I guess that is because the dollar sales sounded much more impressive to investors. There must be people on this group who have authoritative numbers.)

43xx machines was selling into the same market as vax in similar time period ... although it had higher unit sales ... in part because some (large commercial) customers did volume orders of hundred(s) at a time.

past post with decade (78-87) of vax sales sliced/diced
https://www.garlic.com/~lynn/2002f.html#0 Computers in Science Fiction
https://www.garlic.com/~lynn/2005f.html#37 Where should the type information be: in tags and descriptors

in the above, the mid-80s numbers for mid-range were starting to really drop off ... they were incrased vax sales, but they were microvax

the issue was that this mid-range market started to move to workstations and larger pcs starting in the mid-80s. at one point there was some assumption that the 4341 follow-on ... the 4381, was going to continue the remarkable sales volumes of 4341 ... but by that time ... the mid-range market was starting to shift ... similarly for the 4331 following, the 4361. There has been some semi-humorous reference that the reason that a pair of 4361s (for redundancy) were used as service processor for 3090s was that there were so many 4361s sitting around in warehouses

4341 announced 30jan79, withdrawn 11feb86
https://web.archive.org/web/20190105032753/https://www.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP4341.html

3090 announced 12feb85, withdrawn 5may89
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP3090.html

somewhat based on enormous growth in the early 80s ... in the mid-80s there was projection that world-wide sales were going to continue to grow, doubling to $120billion (which spawned massive build-out to double manufacturing capacity). I made prediction instead that the company was going to go into the red (unless some significant restructure happened) ... which wasn't exactly a career enhancing thing to say at the time.

When we left in '92 in an "early out" program, i had an exit interview with an executive who commented that they could have forgiven me for being wrong, but they were never going to be able to forgive me for being right. '92 was also the year that the company went into the red. past posts commenting on the situation:
https://www.garlic.com/~lynn/2005j.html#32 IBM Plugs Big Iron to the College Crowd
https://www.garlic.com/~lynn/2005s.html#16 Is a Hurricane about to hit IBM ?
https://www.garlic.com/~lynn/2006.html#21 IBM up for grabs?
https://www.garlic.com/~lynn/2006.html#22 IBM up for grabs?
https://www.garlic.com/~lynn/2006l.html#17 virtual memory
https://www.garlic.com/~lynn/2006r.html#20 50th Anniversary of invention of disk drives

IBM System/3 & 3277-1

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sat, 27 Oct 2007 18:05:00 -0400

bbreynolds <bbreynolds@aol.com> writes:
This thread started about the 3277-001 used on a System/3 Model 15 (would that be a 5415?): as 3277's relied on the 3271/3272/3275 for the major portion of their intelligence, I would assume that there would have had to been some pretty substantial hardware in the System/3 to make the 3277-001 believe it was attached to a controller. I can't think how the functions would be split out on a 3277 not on a controller; unless the 3277-001 was "gutted". Any hint if a cable other than a simple coax connected the 3277 to the CPU?

3277 had quite a bit of local intelligence ... it was possible to do some custom stuff in the terminal that changed the repeat start-delay and repeat ... as well as adding fifo to handle keyboard locking up if you happen to be typing when the system went to (re)write something on the screen. the move to 3274 controller for 3278/3279/etc terminals ... moved all that intelligence back into the controller ... reducing amount of electronics and manufacturing costs. with electronics moved back into controller ... it also degraded performance and response.

several of us complained about it ... but were told that 327x terminals were targeted at data entry market and didn't have the requirements for interactive response and human factors that would be needed for something like interactive computing. as seen in some of the referenced performance comparisons ... say
https://www.garlic.com/~lynn/2001m.html#19 3270 protocol

... it was much more difficult to achieve subsecond response with 3274/3278 vis-a-vis 3272/3277. However, for mvs/tso with system response already on the order of a second (or much worse) ... it was pretty negligible consideration. however, heavily loaded vm/cms systems tended to be more on the order of a quarter second (or less, one system i had care&feeding of ... was on the order of .11 seconds 90th percentile for trivial interactive under heavy load).

IBM System/3 & 3277-1

Refed: **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sat, 27 Oct 2007 18:13:21 -0400

Anne & Lynn Wheeler <lynn@garlic.com> writes:
3277 had quite a bit of local intelligence ... it was possible to do some custom stuff in the terminal that changed the repeat start-delay and repeat ... as well as adding fifo to handle keyboard locking up if you happen to be typing when the system went to (re)write something on the screen. the move to 3274 controller for 3278/3279/etc terminals ... moved all that intelligence back into the controller ... reducing amount of electronics and manufacturing costs. with electronics moved back into controller ... it also degraded performance and response.

re:
https://www.garlic.com/~lynn/2007r.html#7 IBM System/3 & 3277-1

another example of the electronics in 3277 was the 3277ga ... which was a large tektronics tube that had special adapter to plug into the side of 3277 terminal. system would write standard 3270 datastream, escape characters in the datastream would divert output to the 3277ga. 3277ga was capable of fairly high-performance graphic displays ... at much lower price than 2250/3250.

IBM System/3 & 3277-1

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sun, 28 Oct 2007 08:29:41 -0400

"Rostyslaw J. Lewyckyj" <urjlew@bellsouth.net> writes:
If memory hasn't failed me, we read mark sense cards on something that was called a 1230. We didn't have one in the computing center. It was in a separate laboratory somewhere in the School of Education. We sent the decks over there. I don't remember what we got back. I think the 1230 may have punched the marked card.

re:
https://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1
https://www.garlic.com/~lynn/2007r.html#2 IBM System/3 & 3277-1

wiki mark sense page
https://en.wikipedia.org/wiki/Mark_sense

mentions that 513, 514, 557, and 519 could handle mark sense. also has pointer to 805 test scoring machine.

513 & 514 reproducing punches could handle mark sense ... so it is possible that a 513/514 had preprocessed the mark sense student registration cards ... and the 2540 was only processing the reproduced punch cards (and i just not paying that much attention).

the wiki reference also has url for 513/514 (pdf) reference manual

IBM System/3 & 3277-1

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sun, 28 Oct 2007 08:50:54 -0400

somebody picking around in some of the referenced old postings, sent private email asking about reference to ANR download being 2-3 times faster than DFT download ... and what was ANR ... other than APPN "Automatic Networking Routing".

ANR was 3272/3277 ... vis-a-vis DFT 3274/3278-9. In addition to DFT having slower human (real terminal) response ... because so much of the electronics had been moved back into controller, it also affected later terminal emulation download thruput.

quicky search engine for 3277 & anr turns up
http://www.classiccmp.org/pipermail/cctech/2007-September/084640.html

misc. past posts mentioning terminal emulation
https://www.garlic.com/~lynn/subnetwork.html#emulation

as client/server started to proliferate ... the communication group made various attempts (like SAA) to protect their terminal emulation install base. when we came up with 3tier/multi-tier architecture ... we took lots of heat from the sna and saa forces. misc. posts mentioning coming up with multitier networking architecture
https://www.garlic.com/~lynn/subnetwork.html#3tier

for other drift ... APPN started out as AWP164. For a time, the person responsible and I used to report to the same executive. I would periodically chide him that the communication group didn't appreciate what he was doing and that he should instead work on real networking (like tcp/ip). In fact, the communication group non-concurred with announcing APPN. After some delay and escalation, the announcement letter was carefully rewritten to not state any connection between APPN and SNA.

of course we were also running hsdt project ... misc. posts
https://www.garlic.com/~lynn/subnetwork.html#hsdt

and recent post illustrating gap between what we were doing and what the communication group was doing
https://www.garlic.com/~lynn/2007p.html#64

part of the issue was that in early days of SNA ... my wife had co-authored AWP39 ... peer-to-peer networking architecture ... which the communication group possibly viewed as competitive with their communication activity. she was then con'ed into going to pok to be in charge of loosely-coupled architecture and was frequently battling with SNA forces that it wasn't appropriate for loosely-coupled operation. She came up with peer-coupled shared data architecture ... which didn't see a lot of uptake until sysplex ... except for IMS hot-standby ... misc. past references
https://www.garlic.com/~lynn/submain.html#shareddata

recent posts mentioning AWP39
https://www.garlic.com/~lynn/2007b.html#9 Mainframe vs. "Server" (Was Just another example of mainframe
https://www.garlic.com/~lynn/2007b.html#48 6400 impact printer
https://www.garlic.com/~lynn/2007d.html#55 Is computer history taugh now?
https://www.garlic.com/~lynn/2007h.html#35 sizeof() was: The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2007h.html#39 sizeof() was: The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2007l.html#62 Friday musings on the future of 3270 applications
https://www.garlic.com/~lynn/2007o.html#72 FICON tape drive?
https://www.garlic.com/~lynn/2007p.html#12 JES2 or JES3, Which one is older?
https://www.garlic.com/~lynn/2007p.html#23 Newsweek article--baby boomers and computers
https://www.garlic.com/~lynn/2007q.html#46 Are there tasks that don't play by WLM's rules

The history of Structure capabilities

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The history of Structure capabilities
Newsgroups: alt.folklore.computers
Date: Sun, 28 Oct 2007 09:21:28 -0400

jmfbahciv writes:
In the auld mainframe days, IBM leased their equipment so the units sold count would have been close to zero. I would speculate that the reporting of dollars might have been a habit of the way accounting worked.

also in this thread:
https://www.garlic.com/~lynn/2007r.html#6 The history of Structure capabilities

somewhat motivated by the gov. litigation ... which also contributed to 23jun69 unbundling announcement
https://www.garlic.com/~lynn/submain.html#unbundle

business moved to sales ... and leases were converted to sales.

i've also commented that leases was behind the cpu "meter" that measured how much the processor was used per month (leases could be one, two, three, or four shift leases ... i.e. 7x24 was four shift).

leasing and cpu "meter" also had impact on offering 7x24 timesharing ... since offshift use frequently wouldn't cover the increased lease cost related to running the cpu "meter". somewhat breakthru was various strategies to leave the system up&running, but idle ... and not run the cpu "meter" ... aka the "meter" would run when the processor was executing and/or when i/o channel programs were executing. the trick was to get a terminal i/o channel program suspended ... to allow response to incoming characters ... but not run the "meter" when everything was otherwise idle.

misc. past posts mentioning timesharing
https://www.garlic.com/~lynn/submain.html#timeshare

How to tell a fake SSL certificate from a real one

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Sun, 28 Oct 2007 09:51:34 -0400

Anonymous Sender <anonymous@remailer.metacolo.com> writes:
You're right of course. There's no shortage of inattentive or ignorant users in the world. But this is a PEBKAC problem, not a software or security methods issue.

we were called in to consult with this small client/server startup that wanted to do payments on their server. this resulted in something that is frequently now called electronic commerce ... misc. related postings
https://www.garlic.com/~lynn/subnetwork.html#gateway

they also had invented this technology called SSL that they wanted to use for the payments. As part of the payment transaction stuff ... we had to do this detailed audit of the SSL protocol as well as walk thru of this new organizations calling themselves certification authorities ... and these things that they were issuing called digital certificates. somewhat related past postings
https://www.garlic.com/~lynn/subpubkey.html#sslcert

part of the browser/webserver interaction assumptions for SSL ... was not only did the users understand the whole PKI gorp ... but were also required to understand the relationship between the webserver they thot they were talking to and the corresponding URL. SSL then would provide for verifying the correspondence between the URL and the webserver they were actually talking to (both are a requirement in order to result in the webserver a user actually talks to, is the webserver that the user thinks they are talking to).

this criteria was almost immediately compromised in actual deployments. merchants fairly quickly found that use of SSL cut their thruput by 80-90 precent so they regressed to just using SSL for checkout/pay phase with a CLICK button provided to enduser.

The CLICK button paradigm contributed sigificantly to obfuscating what the user thot of as a website and the corresponding URL (they were no longer paying attention to the actual URL used ... in part because they were no longer actually typing it).

Now there was no longer (any SSL) verification of the initial website contact ... and the (possibly fraudulent) website was then providing the CLICK button URL for the SSL portion. An attacker could possibly obtain a perfectly valid digital certificate that corresponds to the URL provided by the CLICK button ... and effectively nearly all users would never pay any attention.

misc. recent posts mentioning this issue:
https://www.garlic.com/~lynn/aadsm26.htm#28 man in the middle, SSL
https://www.garlic.com/~lynn/aadsm26.htm#31 man in the middle, SSL ... addenda 2
https://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
https://www.garlic.com/~lynn/2007k.html#79 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007q.html#72 Value of SSL client certificates?
https://www.garlic.com/~lynn/2007q.html#73 Value of SSL client certificates?

This obfuscation has also been leveraged by various phishing email exploits ... either by taking a user to fraudulent impersonation website (with perfectly valid SSL digital certificate) and/or using some flavor of proxy technology for a man-in-the-middle attack (again possibly with perfectly valid SSL digital certificate) ... recent posts discussing a man-in-the-middle using some form of proxy technology
https://www.garlic.com/~lynn/2007q.html#6 what does xp do when system is copying
https://www.garlic.com/~lynn/2007q.html#29 what does xp do when system is copying
https://www.garlic.com/~lynn/2007q.html#31 what does xp do when system is copying

misc. posts mentioning man-in-the-middle attacks
https://www.garlic.com/~lynn/subintegrity.html#mitm

What do ATMS and card readers use?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What do ATMS and card readers use?
Newsgroups: comp.protocols.tcp-ip
Date: Sun, 28 Oct 2007 10:27:38 -0400

ediebur writes:
I seem to remember that ATMS and card readers ( credit cards in checkout lines) used X25, which I haven't seen in 10 years and was only a formality then, do they still use it?

some of the larger installations ... say large hotels, casinos, etc would have x.25 leased-line, along with active monitoring and service level agreements. other retail establishments with multiple stores ... might aggregate transmissions from stores (standard retail store-fronts, c-stores, etc) to a regional or corporate concentrator ... which might be then use x.25 leased-line.

however large percentage of point-of-sale terminals ... have been psuedo pc/xt ... in very compact form-factor and some flash in place of real harddrive ... and doing real-time ascii modem dial-up (1200 baud) to some 1-800 number.

we were asked to come in and do some consulting with small client/server startup that wanted to do some payment transactions on their servers.

they had started out doing a "mall" type paradigm (that was largely underwritten by a large telco) ... with multiple "store fronts" all hosted on common platform ... and implemented one of the x.25 leased-line protocols out the backend of the "mall" to the financial institution processor.

they also had this technology they had invented called SSL which they wanted to use ... initially in the browser to webserver operations.

this was then converted to individual webservers ... using a SSL tunnel from the webserver to a "payment gateway" ... which then had a leased-line x.25 protocol to the financial institution processor. various posts mentioning some of this
https://www.garlic.com/~lynn/subnetwork.html#gateway

what was carried within the webserver/gateway SSL ... was the message/packet format that was defined for the x.25 leased-line operation ... which the gateway could transparently passthru.

part of the issue/project back then was inventing new processes and procedures that were equivalent to active monitoring related to the (possibly replicated) leased-line x.25 operation ... and the associated service level agreements ... for use in the anarchy of the internet.

one of the issues in the early deployment of the gateway was that the internet backbone was toing thru transition to hierarchical routing ... and therefor you could no longer advertise your own alternative routes (as countermeasure to various kinds of outages and/or failures). as a result we had to fall-back to purely multiple A-record operation ... and the side initiated the request would roll thru the different listed ip-addresses ... until it got one that connected. we could mandate this on the webserver/gateway implementation.

however, we ran into some problems with the browser/webserver part. we claimed that a lot of large merchant websites had similar availability requirements as the payment gateways (wanting to be able to survive things like single-point-of-failures). the initial response from the people implementing the browser code was that such was too complicated and "advanced" (i.e. not taught in beginning classes) ... even after we provided them with sample client code from 4.3 tahoe. it took a year to get multiple a-record support into the browser client side code.

there then was some early transition ... with retail store PC operations (i.e. vendors that provided card processing software that ran on "normal" PCs) that would support the tcp/ip gateway operation in addition to direct dial-up modem operation.

you are now starting to see some number of the customer point-of-sale hardware terminals also offering tcp/ip communication option.

some of this was based on previously having done ha/cmp product
https://www.garlic.com/~lynn/subtopic.html#hacmp

and two of the people we had worked with at one of the dbms vendors
https://www.garlic.com/~lynn/95.html#13
https://www.garlic.com/~lynn/96.html#15

had left to join the small client/server startup and were in charge of developing this thing called a "commerce server".

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Sun, 28 Oct 2007 10:42:54 -0400

krw <krw@att.bizzzz> writes:
Did you see Hillary's $1M for the "Woodstock Concert Museum"? I loved John Mccain's retort at the debate a few days ago:

TV "pork barrel" program i saw talked about NY senators' earmark (directed appropriations) for woodstock and the MASS senators' earmark (amendment to homeland security bill) for improvements to small island airports off MASS (suggesting that next time you have long wait in some large airport security line ... just remember that the money is going instead for improvements at nantucket airport).

The history of Structure capabilities

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The history of Structure capabilities
Newsgroups: alt.folklore.computers
Date: Sun, 28 Oct 2007 12:01:02 -0400

Anne & Lynn Wheeler <lynn@garlic.com> writes:
43xx machines was selling into the same market as vax in similar time period ... although it had higher unit sales ... in part because some (large commercial) customers ordered in units of hundred.

re:
https://www.garlic.com/~lynn/2007r.html#6 The history of Structure capabilities

somewhat related to recent post mentioning timesharing
https://www.garlic.com/~lynn/2007r.html#11 The history of Structure capabilities

other posts mentioning timesharing (60s, 70s, and much of 80s, vm/cms provided "personal computing" timesharing services)
https://www.garlic.com/~lynn/submain.html#timeshare

at one point the consolidated US hone datacenter (providing online interactive vm/cms-based service to field, sales and marketing had upwards of 40k defined users)
https://www.garlic.com/~lynn/subtopic.html#hone

with various HONE clones in datacenters around the world providing additional service.

in the time-frame the (worldwide) internal network
https://www.garlic.com/~lynn/subnetwork.html#internalnet

was growing from 2000 to 2500 nodes (and the internet going thru growth spurt and finally passing the internal network in number of nodes), it had coverage of just about all employees in the world (say on the order of 400k).

circa 1980 the external explosion in 43xx boxes ... also saw a similar explosion in internal boxes (lots of internal network nodes were 43xx boxes mostly providing vm/cms timesharing service). misc. old email with 43xx references
https://www.garlic.com/~lynn/lhwemail.html#4341

internally, a lot of the 43xx boxes were going in as "departmental" boxes ... some locations co-opting departmental conference rooms as "machine" rooms (contributing to the scarcity of conference rooms, this was also seen at some number of customers). later, workstations and larger PC started performing similar capability and as technology shrank ... could even move into smaller "wiring closets"

misc. past posts mentioning departmental machine/servers
https://www.garlic.com/~lynn/2001m.html#15 departmental servers
https://www.garlic.com/~lynn/2001n.html#23 Alpha vs. Itanic: facts vs. FUD
https://www.garlic.com/~lynn/2002.html#2 The demise of compaq
https://www.garlic.com/~lynn/2002.html#7 The demise of compaq
https://www.garlic.com/~lynn/2002d.html#4 IBM Mainframe at home
https://www.garlic.com/~lynn/2002h.html#52 Bettman Archive in Trouble
https://www.garlic.com/~lynn/2002i.html#30 CDC6600 - just how powerful a machine was it?
https://www.garlic.com/~lynn/2002j.html#66 vm marketing (cross post)
https://www.garlic.com/~lynn/2003d.html#64 IBM was: VAX again: unix
https://www.garlic.com/~lynn/2003n.html#46 What makes a mainframe a mainframe?
https://www.garlic.com/~lynn/2003o.html#24 Tools -vs- Utility
https://www.garlic.com/~lynn/2004.html#46 DE-skilling was Re: ServerPak Install via QuickLoad Product
https://www.garlic.com/~lynn/2004j.html#57 Monster(ous) sig (was Re: Vintage computers are better
https://www.garlic.com/~lynn/2004k.html#23 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of
https://www.garlic.com/~lynn/2004q.html#71 will there every be another commerically signficant new ISA?
https://www.garlic.com/~lynn/2005f.html#30 Where should the type information be: in tags and descriptors
https://www.garlic.com/~lynn/2005m.html#12 IBM's mini computers--lack thereof
https://www.garlic.com/~lynn/2006p.html#31 "25th Anniversary of the Personal Computer"
https://www.garlic.com/~lynn/2006t.html#37 Are there more stupid people in IT than there used to be?
https://www.garlic.com/~lynn/2007j.html#7 Newbie question on table design
https://www.garlic.com/~lynn/2007m.html#72 The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
https://www.garlic.com/~lynn/2007n.html#20 The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
https://www.garlic.com/~lynn/2007n.html#21 The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM

VM TSM server support

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VM TSM server support
Date: Mon, 29 Oct 2007 07:34:00 -0400
Newsgroups: bit.listserv.vmesa-l

especially since TSM was originally renamed/rebanded ADSM .... and the runup to ADSM was workstation datasave (built on cms) and the precursor to workstation datasave was CMSBACK.

i had originally done CMSBACK at SJR ... for SJR and the HONE systems (which i was also provided a lot of support for) ... misc. past posts mentioning HONE (internal vm/based timesharing service providing online services for field, sales, and marketing worldwide) and/or APL (large part of HONE services were implemented in APL)
https://www.garlic.com/~lynn/subtopic.html#hone

some number of past posts mentioning backup/archive systems
https://www.garlic.com/~lynn/submain.html#backup

and couple old email mentioning early CMSBACK activities ... which spread to some number of other internal installations besides SJR and HONE
https://www.garlic.com/~lynn/lhwemail.html#cmsback

How to tell a fake SSL certificate from a real one

Refed: **, - **, - **, - **, - **

From:  lynn@garlic.com
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Mon, 29 Oct 2007 05:16:16 -0700

On Oct 28, 1:22 pm, Krazee Brenda <i...@sanibleone.com> wrote:
Small?

Netscapeware?

re:
https://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one

at one time ... way back when.

slightly related archeological post
https://www.garlic.com/~lynn/2007r.html#13 What do ATMS and card readers use?

a couple of people from a large dbms vendor, that we had worked with when we were doing ha/cmp product
https://www.garlic.com/~lynn/subtopic.html#hacmp

and scale-up for large distributed databases ... had joined the small startup and were in charge of developing something called a commerce server.

random post about long ago and far away meeting at the dbms vendor where some names were mentioned
https://www.garlic.com/~lynn/95.html#13
https://www.garlic.com/~lynn/96.html#15

How to tell a fake SSL certificate from a real one

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Mon, 29 Oct 2007 18:31:07 -0400

Nomen Nescio <nobody@dizum.com> writes:
That's is a patently false statement. If a site spoofs certificates they're not "perfectly" anything but forgeries. At which point the problem lies squarely in the hands of the user. And education is the only way to fix that broken wheel. The finest tools in the world placed in the hands of the incompetent won't result in a fine family heirloom.

Again, this is in no way an SSL problem. The secure layer that can't be misused is a myth.

re:
https://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one

the comment wasn't about an attacker spoofing a certificate ... the comment was about spoofing a website (at a totally different URL) ... for which they might have a perfectly valid certificate.

the phishing attackers have been successful with "click" paradigm ... claiming to be one thing and actually having duplicated the site at a totally different website/URL (for which they have a valid certificate).

the issue was that the original SSL deployment about the end-users knowing the binding between the site they thought they were talking to and the URL for that site. Almost immediately there was widely deployment based on using "click" buttons ... and possibly for most users, they never acquired a knowledgeable awareness of the URL for the website they believed they were talking to.

other phishing attacks have used variation on proxy technologies ... having valid certificate for the URL (they had convinced victims to) click on. they would create a (SSL) session with the end-user ... and then also create another (SSL) session with the "real" site ... and transparently pass communication between the two sessions.

SSL was originally suppose to 1) guarantee that the website that the user thot they were talking to, was the actual website they were talking to and 2) encrypt/hide that communication. However, there was somewhat implicit assumption that the end-user had to explicitly know/provide the URL for the website they were talking to ... and the only SSL actually did was guarantee that the website being talked to corresponded with the provided URL. SSL was widely advertised as "1" ... which allowed attackers to take advantage of the fact that majority of the users in the world were interacting with websites ... not by explicity entering a known URL ... but by clicking on buttons (w/o acquiring necessary awareness of the corresponding URL).

This divergent between what SSL was frequently being claimed to solve and how it was actually being used, started to happen very early.

Part of this was almost immediately the majority of the merchant ecommerce sites found that use of SSL cut their thruput by 80-90percent. As a result they switched to not using SSL for the initial connection (which may have been actually entered by a user instead of clicking), and restricting its use for the pay/checkout portion of the shopping experience ... which was a click operation ... for a URL provided by (potentially fraudulent) merchant website.

Almost immediately, possibly 99.999 percent of the SSL use in the world was open to attackers being able to redirect users to a different URL (which users become conditioned to not pay attention to) and for which the attackers could have a perfectly valid digital certificate.

this contributed to some my comments about "comfort" certificate, mentioned in some of these past posts
https://www.garlic.com/~lynn/subpubkey.html#sslcert

there was a large disconnect between what most users in the world were conditioned to believe was provided by SSL ... and what SSL was actually providing.

How to tell a fake SSL certificate from a real one

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Mon, 29 Oct 2007 21:02:48 -0400

"Sebastian G." <seppi@seppig.de> writes:
But was recognized very lately. Wasn't it a study from the Berkeley University that shocked all intelligent users on the web with the simple fact that ~ 90% of the users can even read URLs and judge websites purely by their appearance?

re:
https://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#13 What do ATMS and card readers use?
https://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one

no, it was realized very early ... it was built into the original assumptions for using SSL to meet electronic commerce requirement. The security issue was how can the user be sure that the website they thought they were talking to, was the website they were talking to.

SSL was proposed as addressing the problem ... so long as the user had adequate knowledge and provided the URL for the website they thought they were talking to ... then SSL would complete the other part of establishing that the website being talked to corresponded to the provided URL.

This was part of end-to-end evaluation of using SSL for electronic commerce application. The problem was that as soon as the end-user starting clicking on buttons (that provided the URL) ... it invalidated the original requirements needed for meeting the end-to-end security requirements for electronic commerce applications and the role that SSL played in addressing it.

We saw it as soon as merchants didn't require SSL as part of the full session (which was another requirement that we had for SSL addressing the electronic commerce application) ... so the user no longer had assurance that the merchant website they thought they were talking to, was the website they were talking to. It then was further aggravated when the merchant websites started providing the CLICK buttons for pay/checkout. Since the initial merchant website contact wasn't being validated ... there was no trust that the website being talked to was the website the enduser believed they were talking to ... and therefor could be a fraudulent website. Then the potentially fraudulent website is providing a URL for pay/checkout ... this could be a perfectly valid website with a perfectly valid SSL digital certificate ... but operated by fraudulent organization.

It was the small client/server startup that suggested their SSL invention as electronic commerce solution ... assuring users that the website that they thought they were talking to was, in fact, the website they were talking to. This became the widest deployed and supported purpose for SSL on the web (as well as the main source of revenue for the entities calling themselves certification authorities). However, we showed that SSL could only meet those objectives if certain other criteria were met. When those criteria were not met ... then it was no longer possible to claim that SSL was satisfying the security requirements for electronic commerce.

The user had to provide the URL (and understand the relationship between the website they thought they were talking to and the provided URL) to satisfy the end-to-end security paradigm needed for SSL. Anything that interfered with that was going to create security exposures and vulnerabilities. It was obvious that the whole button click paradigm would obfuscate the relationship between URL and website. It was further obvious that security risks were especially part of any environment where non-validated and non-trusted sources might provide click buttons (and the corresponding URL). This was part of the analysis that if the initial merchant website contact/URL wasn't validated ... then it could be a potentially fraudulent website, and therefor any click button providing a URL (originating from a potentially fraudulent website) couldn't also be trusted (even if it involved a valid SSL digital certificate).

It became really broken when "click" buttons started to show up in untrusted/unvalidated "spamming" email ... taking the enduser to fraudulent websites (potentially with valid SSL digital certificates). However, simple end-to-end security analysis shows that clicking on buttons (providing URLs) from sources that aren't trusted/validated, then there isn't a lot of reason to believe the resulting session (even with SSL) is to be trusted.

Endusers were encouraged to believe that SSL provided end-to-end security for electronic commerce. this helped convince merchants that they should pay for the digital certificates in support of SSL operation. click buttons broke critical part of the end-to-end paradigm that SSL (for electronic commerce) was dependent on.

Abend S0C0

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Abend S0C0
Newsgroups: alt.folklore.computers
Date: Mon, 29 Oct 2007 21:47:13 -0400

paul c <toledobythesea@ooyah.ac> writes:
sorry, i was way out on that one, i was indeed mis-remembering soc1 which your latest posts out was/is operation exception. maybe i never even saw exception zero, can't be sure after all this time.

i.e. standard OCx codes started out corresponding to program interrupts.

interrupts:
https://www.garlic.com/~lynn/gcard.html#7

i.e. from above:


Program-interruption-codes (high byte is always zero)

01 - Operation             0C - Exponent overflow          1A - Page state
02 - Privelaged operation  0D - Exponent underflow         1B - Page transition
03 - Execute               0E - Significance               1C - Space-switch eve
04 - Protection            0F - Floating-point divide      1F - PC-transl spec
05 - Addressing            10 - Segment translation        20 - AFX translation
06 - Specification         11 - Page translation           21 - ASX translation
07 - Data                  12 - Translation specification  22 - LX translation
08 - Fixed-point overflow  13 - Special operation          23 - EX translation
09 - Fixed-point divide    14 - VM pseudo page fault       24 - Primary auth
0A - Decimal overflow      17 - ASN-translation spec       25 - Secondary auth
0B - Decimal divide        18 - Page access                40 - Monitor event



80 - PER event bit (ORed together with any other program interruption code)

the original question was whether mvt documented/supported 0C0 abend code for imprecise program interrupts. I don't recollect running across a reference.

I do remember when dealing with the 370/195 people looking at doing a dual i-stream version (basically simulating a multiprocessor machine), they commented that a lot of the difference between 360/195 and 370/195 (besides some of the pre-virtual memory 370 instructions), was that a lot of instruction retry logic went into 370/195.

I did run across a cms pliopt reference on the web that mentions specifying "IMP" to generate extra code to correctly handle imprecise interrupts on 360/91, 360/195, and 370/195).

following is on bitsavers, 1967, os (i.e. mvt) support for 360/91:
http://www.bitsavers.org/pdf/ibm/360/C28-6666-0_360-91_OSsupport.pdf

it has table on pg. 39 on what is precise and what is imprecise. for standard/precise interrupts, the ILC field in the program old psw, has the "length" of the instruction causing the interrupt. for imprecise interrupts, the ILC field is zero.

on page 10, discussing program first-level interrupt handler, there is and added note (bar-code from TNL update, aka Page revised by TNL N28-2308, 1/31/68):
| Note: When an imprecise or a multiple-imprecise program interruption | causes a task to be terminated, the completion code is "0C0" since the | last digit reflects the decimal content of bits 26-31 in the program old | PSW.

which is then translated to S0C0.

Is the media letting banks off the hook on payment card security

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Tue, 30 Oct 2007 07:01:40 -0400

Is the media letting banks off the hook on payment card security
http://www.computerworld.com/blogs/node/6446

from above ...
The real problem isn't that some retailers are failing to adequately secure credit card data. Sure that's an issue. But a much bigger problem is the fact the entire payment system is decades old, archaic and in desperate need of a complete security overhaul, she said.

... snip ...

say x9.59 financial standard
https://www.garlic.com/~lynn/x959.html#x959

where the x9a10 financial standard working group had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments ("ALL", as in credit, debit, stored-value/gift, ach/check, point-of-sale, face-to-face, card-present, internet, card-not-present, non-face-to-face, aka ALL)

some of the issues have been discussed in more detail in the postings dicussing the "naked transaction" metaphor
https://www.garlic.com/~lynn/subintegrity.html#payments

part of the x9a10 working group activity in the mid-90s, was looking at the exploits involving various kinds of breaches ... effectively in relationship to the vulnerability of the information (aka "naked transaction") and numerous thread models. part of the x9.59 standard wasn't directed at preventing access to the data ... but eliminating the usefulness of the data to attackers (a kind of armouring every transaction).

some of this came out of the experience having worked on what is now commingly referred to as electronic commerce ... for some topic drift (and archeological applicability) ... recent postings related to that subject:
https://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#13 What do ATMs and card readers use?
https://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#19 How to tell a fake SSL certificate from a real one

the "naked transaction" metaphor was somewhat the comment behind that even if the planet was buried miles deep in encryption, it wouldn't still eliminate information leakage i..e the information was required in numerous business processes (frequently backroom operations that might involve several different people ... and probably not apparent to the consumer public as directly part of the original transaction) ... and had to be kept readily available. At the same time, the "naked transaction" metaphor met that the information had to be kept totally unavailable and confidential and never accessed by anybody.

various posts making the comment about burying the planet miles deep in encryption:
https://www.garlic.com/~lynn/aadsm19.htm#45 payment system fraud, etc
https://www.garlic.com/~lynn/aadsm22.htm#36 Unforgeable Blinded Credentials
https://www.garlic.com/~lynn/aadsm23.htm#54 Status of SRP
https://www.garlic.com/~lynn/aadsm24.htm#38 Interesting bit of a quote
https://www.garlic.com/~lynn/aadsm24.htm#48 more on FBI plans new Net-tapping push
https://www.garlic.com/~lynn/aadsm25.htm#13 Sarbanes-Oxley is what you get when you don't do FC
https://www.garlic.com/~lynn/aadsm26.htm#8 What is the point of encrypting information that is publicly visible?
https://www.garlic.com/~lynn/aadsm26.htm#27 man in the middle, SSL ... addenda
https://www.garlic.com/~lynn/aadsm27.htm#3 Solution to phishing -- an idea who's time has come?
https://www.garlic.com/~lynn/2005v.html#2 ABN Tape - Found
https://www.garlic.com/~lynn/2006e.html#26 Debit Cards HACKED now
https://www.garlic.com/~lynn/2006h.html#15 Security
https://www.garlic.com/~lynn/2006o.html#37 the personal data theft pandemic continues
https://www.garlic.com/~lynn/2006p.html#8 SSL, Apache 2 and RSA key sizes
https://www.garlic.com/~lynn/2006u.html#43 New attacks on the financial PIN processing
https://www.garlic.com/~lynn/2006v.html#2 New attacks on the financial PIN processing
https://www.garlic.com/~lynn/2006v.html#49 Patent buster for a method that increases password security
https://www.garlic.com/~lynn/2006y.html#25 "The Elements of Programming Style"
https://www.garlic.com/~lynn/2007b.html#8 Special characters in passwords was Re: RACF - Password rules
https://www.garlic.com/~lynn/2007b.html#20 How many 36-bit Unix ports in the old days?
https://www.garlic.com/~lynn/2007c.html#10 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#33 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#43 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007d.html#34 Mixed Case Password on z/OS 1.7 and ACF 2 Version 8
https://www.garlic.com/~lynn/2007e.html#26 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007f.html#75 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007g.html#20 T.J. Maxx data theft worse than first reported
https://www.garlic.com/~lynn/2007k.html#76 My Dream PC -- Chip-Based
https://www.garlic.com/~lynn/2007n.html#85 PCI Compliance - Encryption of all non-console administrative access
https://www.garlic.com/~lynn/2007o.html#0 The Unexpected Fact about the First Computer Programmer
https://www.garlic.com/~lynn/2007o.html#28 EZPass: Yes, Big Brother IS Watching You!

Abend S0C0

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Abend S0C0
Newsgroups: alt.folklore.computers,comp.lang.asm370
Date: Tue, 30 Oct 2007 07:25:43 -0400

oops, didn't include comp.lang.asm370 in original post
https://www.garlic.com/~lynn/2007r.html#20 Abend S0C0

I wrote:
following is on bitsavers, 1967, os (i.e. mvt) support for 360/91:
http://www.bitsavers.org/pdf/ibm/360/C28-6666-0_360-91_OSsupport.pdf

it has table on pg. 39 on what is precise and what is imprecise. for standard/precise interrupts, the ILC field in the program old psw, has the "length" of the instruction causing the interrupt. for imprecise interrupts, the ILC field is zero.

on page 10, discussing program first-level interrupt handler, there is and added note (bar-code from TNL update, aka Page revised by TNL N28-2308, 1/31/68):


| Note: When an imprecise or a multiple-imprecise program interruption
| causes a task to be terminated, the completion code is "0C0" since the
| last digit reflects the decimal content of bits 26-31 in the program old
| PSW.

which is then translated to S0C0.

Abend S0C0

Refed: **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Abend S0C0
Newsgroups: alt.folklore.computers,comp.lang.asm370
Date: Tue, 30 Oct 2007 09:09:34 -0400

re:
https://www.garlic.com/~lynn/2007r.html#20 Abend S0C0
https://www.garlic.com/~lynn/2007r.html#22 Abend S0C0

cms script document formating command was developed at the science center in the mid-60s (along with lots of other online & interactive features).
https://www.garlic.com/~lynn/subtopic.html#545tech

this was originally done with "dot" commands ... somewhat descendent of similar application on CTSS

besides the cms & cp67 publications (from the science center), one of the early corporate publications using script was principle of operations. this is fairly apparent from what appears to doing some sort of photo offset printing from original image produced on 1403 printer using TN train.

Part of the issue of using script for principles of operation was that on the command line could specify an option that selectively printed or not printed various material. The base document for principle of operations was referred to as the architecture "red book" ... since it was distributed internally in a red colored three ring binder ... and was on the order of twice as large as the principles of operation document. The architecture "red book" had lots of engineering notes, much more detailed explanation of what was going on, and also included justifications for why something was done or not done. Using script, it was possible to have a single document ... where the whole document was printed (architecture "red book") or just the principles of operation subset was printed.

the referenced 369/91 document
http://www.bitsavers.org/pdf/ibm/360/C28-6666-0_360-91_OSsupport.pdf

appears to have been originally printed on 1403 printer with TN train. One of the issues is whether or not this was done with cms/script or some other application. the 360/91 document is left justified with ragged right.

The principles of operation
http://www.bitsavers.org/pdf/ibm/360/poo/A22-6821-0_360PrincOps.pdf

also appears to be 1403 printer output with TN train ... but is both left and right justified (with diagrams placed on the page with some graphics). other principles of operation had even the diagrams from 1403 printer output.

in '69, GML (or generalized markup language) was invented at the science center (the letters G, M, and L chosen because of they are initials of three people at the science center). And GML tag processing was added to the cms/script command (it wasn't uncommon to find files with mix of both "dot" and "tag" formatting commands)

GML then morphed into SGML ...
https://www.garlic.com/~lynn/submain.html#sgml

and spawned things like HTML, XML, etc ... originally by way of a cms/script clone from univ. of waterllo in use at cern ... a reference describing the morphing of SGML into HTML
http://infomesh.net/html/history/early/

How to tell a fake SSL certificate from a real one

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Tue, 30 Oct 2007 11:36:30 -0400

Nomen Nescio <nobody@dizum.com> writes:
The URL is still available for the user to inspect if they care to glance at an address or status bar. So your theory fails on that fact alone. However *most* users are still going to be providing their own links when engaging in mission critical activities anyway, in the form of previously stored (and working) bookmarks or such. Many will even be typing in www.mybank.com (I do every time I visit my bank site). So while your "theory" may hold true in select first encounter scenarios, for the *vast* number of SSL connections it's completely irrelevant even as a minor modification to the problem of user attentiveness.

re:
https://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real on
https://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#19 How to tell a fake SSL certificate from a real one

the counter example is the subsequent vast proliferation of spamming email with "click" URL and the problem with phishing websites ... as per previous post.

the theory behind and design point of digital certificates and PKIs were the letters of intent/introduction from sailing ship days for first time interaction between strangers where the relying party had no other recourse to any information about the party they were dealing with.

this recent post discusses some of the limitations on the actual value of digital certificates and PKIs in SSL and other protocols for electronic commerce
https://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game

where, in fact, the vast majority of electronic commerce transactions involved repeated and/or well-known websites (i.e. transactions rates quite skewed, negating the underlying justification for using PKI and digital certificates in these applications).

original justification for using SSL for electronic commerce (by far the most widely deployed use of SSL in the world) was

• is the website that the user think they are talking to, actually the website they are talking to (SSL use for this was dependent on user knowing the relationship between the website they believed they were talking to and the corresponding URL)

• hiding information (typically transaction account numbers) for information in transit

going to "known" websites with URLs from trusted repository easily eliminates the justification and requirement for digital certificates and PKI operation ... i.e. if there is a trusted respository of URLs then it is possible to store the associated public keys in the same repository. this is the certificate-less mode of operation
https://www.garlic.com/~lynn/subpubkey.html#certless

recent discussion about (redundant and superfluous) certificate/PKI operation being added to the original simple public key specification for kerberos
https://www.garlic.com/~lynn/2007q.html#2 Windows Live vs Kerberos
https://www.garlic.com/~lynn/2007q.html#5 Windows Live vs Kerberos

or old email from 1981 discussing (pgp-like) public key proposal
https://www.garlic.com/~lynn/2006w.html#email810515

even before we had finished the SSL related activity for doing payment transactions on the internet ... something that is frequently now referred to as electronic commerce
https://www.garlic.com/~lynn/subnetwork.html#gateway

... we had started to realize that PKIs and digital certificates were redundant and superfluous for most applications. As part of deploying the backend portion (between webservers and something called a payment gateway) we had specified requirement and implementation for (first) SSL mutual authentcation. However, both the websites and payment gateway was registered with the other, respective party ... making the digital certificates redundant and superfluous (other than re-using existing SSL library with requirement to have something called a digital certificate).

Eliminating the requirement for digital certificates ... and having the client starting out with the server's public key (along with the servers URL), it is possible to do a drastically simplified and lower overhead SSL-like protocol.

The case for trusted respository of URLs ... along with the elimination for any digital certificates ... can be extended to not only local repositories ... but also online repositories like a secure, trusted DNS ... where public keys are stored along with the mapping of domain name to ip-address. Starting out with the client-side of the protocol already having the server-side public key ... can simplify the protocol ... misc. past posts discussing how improving the security of DNS (with registered public keys) is important to SSL domain name certification authorities ... but also can represent a catch-22 ... resulting in the elimination of any requirement for PKI, certification authorities, and digital certificates
https://www.garlic.com/~lynn/subpubkey.html#catch22

in the mid-90s, after having worked on what is now commonly referred to as electronic commerce (and associated SSL deployments), for some topic drift ... recent post discussing another aspect of those deployments
https://www.garlic.com/~lynn/2007r.html#13 What do ATMs and card readers use?

... we got involved with the x9a10 financial standard working group that had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments (internet, non-internet, point-of-sale, debit, credit, stored-value/gift, check/ach, card-present, card-not-present, etc ... i.e. ALL). the result was x9.59 financial standard protocol
https://www.garlic.com/~lynn/x959.html#x959

part of the effort was doing some detailed threat and vulnerability analysis ... for all kinds of retail transanctions (not just the internet ones ... represented by electronic commerce, and the largest deployed use for SSL). A big problem was the ease that account numbers could be used for performing fraudulent transactions. Account numbers showed up in a wide variety of places ... things like internet transmission (i.e. "data-in-flight") where SSL was being used to "hide" the information ... but also things like transaction repositories (i.e. "data-at-rest") which were required by a large number of backroom processes (not normally apparent to customers and the general public). This is somewhat the general "harvesting" vulnerability (skimming, evesdropping, data breaches, security breaches, phishing, etc) ... lots of past posts
https://www.garlic.com/~lynn/subintegrity.html#harvest

the vast number of places that account numbers existed and were required, led to the comment that even if the planet were buried under miles of information hiding encryption ... it still couldn't prevent leakage. so the x9.59 financial standards approach was to eliminate account number leakage as a vulnerability (i.e. skimming, evesdropping, data breaches, security breaches, phishing, etc, could still happen, but the information wouldn't be useful to the attackers).

the side-effect is not only does it eliminate fraud from data breaches and security breaches ... but also any evesdropping exploits on the internet ... the type of thing that SSL is targeted at preventing (and the major deployment purpose of SSL in the world today).

First off, there are numerous reasons that PKI and digital certificates for SSL have become redundant and superfluous. Then it can be shown that a single, common protocol (x9.59) ... can eliminate the major deployed use of SSL (for hiding accounts numbers) at the same time eliminating much of the fraud that can arise from data and security breaches.

Fixing our fraying Internet infrastructure

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Tue, 30 Oct 2007 22:46:50 -0400

re:
https://www.garlic.com/~lynn/2007q.html#18 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#19 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#60 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#62 Fixing our fraying Internet infrastructure

Is U.S. Stuck in Internet's Slow Lane?
http://www.redorbit.com/news/technology/1123786/is_us_stuck_in_internets_slow_lane/index.html

from above ...
The United States is starting to look like a slowpoke on the Internet. Examples abound of countries that have faster and cheaper broadband connections, and more of their population connected to them.

... snip ...

The new urgency to fix online privacy

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Wed, 31 Oct 2007 09:43:43 -0400

The new urgency to fix online privacy
http://news.zdnet.com/2010-1009_22-6216061.html

from above ...
A decade ago, I started writing about online privacy issues. At the time, legal colleagues told me that while they found the topic interesting from an academic standpoint, it had no real world applications. They encouraged me instead to focus on "real" upcoming problems, like Y2K.

... snip ...

and ...
Y2K came and went without much lasting effect. But privacy protection has become a real world industry of its own. Unfortunately, privacy and security breaches regularly occur these days.

... snip ...

recent post about work on x9.59 financial standard protocol in the mid-90s to take much of the sting out of data breaches and security breaches
https://www.garlic.com/~lynn/2007r.html#24 How to tell a fake SSL certificate from a real one

other x9.59 financial standard references
https://www.garlic.com/~lynn/x959.html#x959

one of the issues related to digital certificates was that in the early 90s, there was push for x.509 identity digital certificates. part of the issue was, what exact personal information might arbitrary relying parties require ... so there was some direction to increasingly overload x.509 identity digital certificates with more and more personal information.

in the mid-90s, several institutions were starting to realize that x.509 identity digital certificates, overloaded with increasing amounts of personal information, represented significant privacy and liability problems. somewhat as a result, there was retrenching to digital certificates that contain little more than a public key and an account number or other form of record locator (possibly even a "userid") ... where the necessary information was actually located. these were sometimes referred to as relying-party-only certificates
https://www.garlic.com/~lynn/subpubkey.html#rpo

however, we were able to trivially show that such truncated certificates were redundant and superfluous ... it was earily possible to run the public key operations w/o the digital certificates at all
https://www.garlic.com/~lynn/subpubkey.html#certless

part of the issue was the problem faced by some of the public key payment transaction protocol specification efforts. that even the truncated relying-party-only digital certificates, appended to a standard payment transaction, could represent a factor of 100-times payload and processing bloat (for something that was purely redundant and superfluous) ... recent post
https://www.garlic.com/~lynn/2007q.html#72 Value of SSL client certificates?

misc. posts mentioning the enormous bloat for payment operations
https://www.garlic.com/~lynn/subpubkey.html#bloat

very similar issues (as with the personal information in the x.509 identity digital certificates) have recently been cropping up (more than a decade later) in the form of identification cards (again with potential for being grossly overloaded with increasing amounts of personal information).

misc. past posts mentioning co-authoring x9.99, financial industry privacy standard.
https://www.garlic.com/~lynn/aadsm17.htm#45 x9.99 financial PIA standard now available from ANSI e-store
https://www.garlic.com/~lynn/aadsm17.htm#47 authentication and authorization ... addenda
https://www.garlic.com/~lynn/aadsm18.htm#28 x9.99 privacy note
https://www.garlic.com/~lynn/aadsm18.htm#32 EMV cards as identity cards
https://www.garlic.com/~lynn/aadsm19.htm#35 de-identification
https://www.garlic.com/~lynn/aadsm20.htm#2 US consumers want companies fined for security breaches
https://www.garlic.com/~lynn/aadsm25.htm#21 Identity v. anonymity -- that is not the question
https://www.garlic.com/~lynn/aadsm25.htm#26 Fraudwatch - how much a Brit costs, how to be a 419-er, Sarbanes-Oxley rises as fraud rises, the real Piracy
https://www.garlic.com/~lynn/aadsm25.htm#33 Mozilla moves on security
https://www.garlic.com/~lynn/aadsm26.htm#57 Our security sucks. Why can't we change? What's wrong with us?
https://www.garlic.com/~lynn/aadsm27.htm#51 Know Your Enemy: Scott McNeally on security theater
https://www.garlic.com/~lynn/2004l.html#8 x9.99 privacy impact assessemnt (PIA) standard
https://www.garlic.com/~lynn/2005l.html#36 More Phishing scams, still no SSL being used
https://www.garlic.com/~lynn/2005t.html#9 phishing web sites using self-signed certs
https://www.garlic.com/~lynn/2005u.html#18 XBOX 360
https://www.garlic.com/~lynn/2005v.html#3 ABN Tape - Found
https://www.garlic.com/~lynn/2006e.html#44 Does the Data Protection Act of 2005 Make Sense
https://www.garlic.com/~lynn/2006o.html#37 the personal data theft pandemic continues
https://www.garlic.com/~lynn/2006q.html#25 garlic.com
https://www.garlic.com/~lynn/2006v.html#39 On sci.crypt: New attacks on the financial PIN processing
https://www.garlic.com/~lynn/2007b.html#61 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#10 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007f.html#72 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007g.html#15 T.J. Maxx data theft worse than first reported
https://www.garlic.com/~lynn/2007o.html#13 EZPass: Yes, Big Brother IS Watching You!

Default Search Engines are dangerous, Especially Google <- Domain Name Stealers

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Default Search Engines are dangerous, Especially Google <- Domain Name Stealers.
Newsgroups: comp.protocols.tcp-ip
Date: Wed, 31 Oct 2007 11:42:11 -0400

try this instead:

Insider domain name snatching probed
http://news.yahoo.com/s/ap/20071024/ap_on_hi_te/techbit_domain_name_probe
Insider Domain Name Snatching Probed
http://www.physorg.com/news120994012.html
Insider Domain Name Snatching Probed
http://www.redorbit.com/news/technology/1115699/insider_domain_name_snatching_probed/index.html
ICANN probing "insider trading" allegations with domain name registrations
http://arstechnica.com/news.ars/post/20071024-icann-probing-insider-trading-allegations-with-domain-name-registrations.html

complicated address generation unit?

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: complicated address generation unit?
Newsgroups: comp.arch
Date: Wed, 31 Oct 2007 18:34:19 -0400

karthikbalaguru <karthikbalaguru79@gmail.com> writes:
I think modern Processors w.r..t RISC are making things less complex in the processor level to increase the efficiency. (just as they reduced the instructions) and making it complex at the compiler level.

I think this must be because of the RISC and other architecture models that came into existence

i've frequently claimed that john ("father" of risc architecture)
http://domino.research.ibm.com/comm/pr.nsf/pages/news.20020717_cocke.html

efforts in 801/risc were motivated by the high complexity in the failing future system project (canceled before even being announced)
https://www.garlic.com/~lynn/submain.html#futuresys

one of the things that help put the "nail" in "FS" coffin was evaluation that claimed if an FS machine was made out of the fastest then available hardware (370/195) it would have the thruput of about 370/145 (on the order of 30 times slowdown).

in various meetings in the 70s, there were periodic comments that the lack (and/or the simplicity) of some (801/risc) hardware feature was purposeful hardware/software design/complexity tradeoff and would be compensated for by either something in the cp.r operating system and/or something in the pl.8 programming language.

various past posts mentioning 801, risc, romp. rios, pc/rt, fort knox, somerset, power, power/pc, etc.
https://www.garlic.com/~lynn/subtopic.html#801

The new urgency to fix online privacy

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Wed, 31 Oct 2007 21:14:34 -0400

hancock4 writes:
Another part of the problem is that personal information is collected on us individuals without us even knowing it. Later, this information can be used against us when we apply for a job, mortgage, credit, or new apartment. We aren't even aware of the databases or have any way of knowing if there's erroneous or malicious information placed in them. There are those in the business community who make use of this data and staunchly defend its existence and usage.

Again, the power of the Internet and monetary exchange, especially making overseas transactions as simple as if they occurred here, makes fraud and misuse all the much easier. But people these days travel overseas extensively and want to use their credit-cards instantly. People want to use e-commerce easily. Businesses obviously want as few restrictions as possible on customer transactions.

https://www.garlic.com/~lynn/2007r.html#26 The new urgency to fix online privacy

one of the main reasons that there is name on credit or debit card ... is to allow people at point of sale to check the card name against matching name on some sort of gov. issued card that has picture (and check the picture against what the person doing the transaction looks like). this basically turns something that should have been simply authentication into effectively identification.

in the mid-90s, EU had made statement that all electronic payment cards at point-of-sale ... should be as anonymous as cash ... with at least the name coming off the cards. this implied that the transaction needed better/stronger form of authentication. this is somewhat the theme of this slightly earlier post yesterday
https://www.garlic.com/~lynn/2007r.html#21 Is the media letting banks off the hook on payment card security

one of the issues looked at in the mid-90s by the x9a10 financial standards working group ... given the requirement to preserve the integrity of the financial infrastructure for all retail payments ... was improving authentication of transaction as well as meeting various EU privacy directives (for the x9.59 retail transaction financial standard).
https://www.garlic.com/~lynn/x959.html#x959

some this was also considered in the work on x9.99 privacy financial standard (while both x9.59 and x9.99 were in the US x9 standards group, some amount of requirements from around the world were looked at ... looking ahead that both could be moved forward to international ISO standard).

the other issue looked at in the mid-90s for current spate of financial transactions was that the account number was basically serving dual purpose ... both as integral part of a large number of business processes (not just the immediate transaction authorization transaction apparent to consumers on the initial operation) as well as authentication mechanism (knowing the account number was sufficient to perform a fraudulent transaction). This created strongly diametrically opposing requirements ... that the account number needed to be readily and widely available and at the same time the account number had to be kept confidential and never divulged.

some amount of work went into the x9.59 financial standard to eliminate the dual purpose use of the account number ... creating a brand new mechanism for strong authentication ... leaving the account number having the sole purpose for use in the necessary business process. it was no longer possible to originate a financial transaction just knowing the account number ... a valid financial transaction required a totally different authentication mechanism. with that change, it was no longer necessary to protect, hide, encrypt, etc ... the account number. as a side effect, it means that it is no longer necessary to use SSL (on the internet) for payment transactions to preserve the integrity of the financial infrastructure. It also eliminates a lot of the repercussions from numerous data breaches and security breaches.

fundamentally, it comes down to eliminate the dual-use purpose for account numbers (i.e. one or the other, keep it confidential and never allow it to be divulged OR make it widely and readily available BUT don't create a situation where there are simultaneously both requirements for the same piece of information).

the other effort in x9a10 financial standard working group for the x9.59 was to make it as privacy agnostic as possible.
https://www.garlic.com/~lynn/subpubkey.html#privacy

as a financial standard for all retail payments ... that met it needed to be usable for credit, debit, stored-value/gift, ach/check, etc. (as well as point-of-sale, internet, face-to-face, cardholder-present, cardholder-not-present, etc).

In the credit and debit scenario there is account number, that (at least in the US) is tied to a bank account which is subject to gov. "know your customer" mandates (aka it is possible to eliminate a lot of public information associating a specific account number with a specific person ... but gov. mandates require that the financial institution have that association available somewhere). However, there is nothing in the x9.59 financial standard that prevents it also being used for "anonymous" accounts (aka privacy agnostic) ... like is possible (even in the US) with stored-value/gift cards.

so as part x9.59 ... it created a new transaction authentication mechanism ... which it is claimed 1) allows names to be removed from cards (in so far as that has been an implied authentication mechanism) and 2) eliminates dual-use purpose for account numbers ... so it is no longer necessary to hide account numbers in order to prevent fraud ... and by implication if account numbers are divulged in data breaches and/or security breaches ... it won't result in fraud (nothing is done to eliminate breaches, however breaches that result in fraudulent financial transactions is largely eliminated).

recent related post & thread drift
https://www.garlic.com/~lynn/2007r.html#24 How to tell a fake SSL certificate from a real one

Is the media letting banks off the hook on payment card security

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Wed, 31 Oct 2007 21:40:27 -0400

hancock4 writes:
I would say yes to that. Financial nitty-gritty is boring to most people and the mass media avoids it. (If some banker is caught sleeping with a data thief, then they'll cover it.) Sadly, it is vital for consumers to understand financial issues and most don't. Indeed, many people on community boards, town councils, even corporate boards, don't understand the basics of financial statements (e.g. and income statement and balance sheet). I suspect most people these days don't balance their checkbook nor know how to do so.

re:
https://www.garlic.com/~lynn/2007r.html#21 Is the media letting banks off the hook on payment card security

old reply (to one of your posts) where it is mentioned that us financial institutions were getting nearly 40percent of their bottom line from payment transactions (by comparison it was less than 10percent for european institutions). one might conjecture there is not a lot of interest in "rocking" the boat
https://www.garlic.com/~lynn/2007k.html#12 IBM Unionization

other posts mentioning the subject
https://www.garlic.com/~lynn/aadsm27.htm#39 a fraud is a sale, Re: The bank fraud blame game
https://www.garlic.com/~lynn/2007c.html#38 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007i.html#71 Free Checking
https://www.garlic.com/~lynn/2007l.html#35 My Dream PC -- Chip-Based
https://www.garlic.com/~lynn/2007n.html#68 Poll: oldest computer thing you still use
https://www.garlic.com/~lynn/2007q.html#43 what does xp do when system is copying

for a little topic drift
https://www.garlic.com/~lynn/2007r.html#24 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#27 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#29 The new urgency to fix online privacy

for other topic drift, here are a few posts that mention that over a period of couple weeks earlier this spring, there were articles claiming that identity fraud was falling by 10-12 precent at the same time identity frauds exploding:
https://www.garlic.com/~lynn/aadsm27.htm#43 a fraud is a sale, Re: The bank fraud blame game
https://www.garlic.com/~lynn/aadsm27.htm#45 Threatwatch: how much to MITM, how quickly, how much lost
https://www.garlic.com/~lynn/2007e.html#58 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007e.html#62 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007f.html#58 Securing financial transactions a high priority for 2007

Is the media letting banks off the hook on payment card security

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Wed, 31 Oct 2007 22:44:48 -0400

much of financial institution income from payment transactions comes in the form of interchange fees payed by merchants ...
https://www.garlic.com/~lynn/aadsm23.htm#37 3 of the big 4 - all doing payment systems
https://www.garlic.com/~lynn/aadsm26.htm#1 Extended Validation - setting the minimum liability, the CA trap, the market in browser governance
https://www.garlic.com/~lynn/aadsm26.htm#25 EV - what was the reason, again?
https://www.garlic.com/~lynn/aadsm26.htm#34 Failure of PKI in messaging
https://www.garlic.com/~lynn/aadsm27.htm#32 The bank fraud blame game
https://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game
https://www.garlic.com/~lynn/aadsm27.htm#39 a fraud is a sale, Re: The bank fraud blame game
https://www.garlic.com/~lynn/aadsm27.htm#62 Fingerprint Firefox Plugin?
https://www.garlic.com/~lynn/2006k.html#23 Value of an old IBM PS/2 CL57 SX Laptop
https://www.garlic.com/~lynn/2007.html#27 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#38 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007h.html#28 sizeof() was: The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2007h.html#56 T.J. Maxx data theft worse than first reported
https://www.garlic.com/~lynn/2007i.html#72 Free Checking
https://www.garlic.com/~lynn/2007l.html#35 My Dream PC -- Chip-Based

some of this has been involved in various litigation and antitrust actions regarding interchange fees
https://www.garlic.com/~lynn/2005u.html#16 AMD to leave x86 behind?
https://www.garlic.com/~lynn/2007i.html#17 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#47 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#59 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007n.html#68 Poll: oldest computer thing you still use

Is the media letting banks off the hook on payment card security

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 06:41:53 -0400

somewhat related recent news stories

Cut Card Costs, Not Cash Usage, Say UK Retailers
http://www.epaynews.com/index.cgi?survey=&ref=browse&f=view&id=1193910598837043222&block=

from above:
"Banks have long abused their position by imposing much higher charges on retailers for processing card payments than cash," says BRC director general Kevin Hawkins. "Clearly, the banks have spotted that replacing cash with cards would mean a further boost to their profits."

... snip ...

Banks neglect responsibility for data breaches, some say
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1280423,00.html

from above:
Security experts say banks that are suing TJX Cos. Inc. over the data breach that compromised more than 94 million credit card accounts should accept more of the blame for what happened. By requiring that merchants store credit card transaction records for up to 18 months, they say, banks are putting companies like TJX at heightened risk of attack.

... snip ...

part of issue is the requirement of the account number in numerous business processes ... like refunds for returns or charge disputes ... that require the original transaction (typically located by transaction date and account number).

one of the x9.59 financial standard
https://www.garlic.com/~lynn/x959.html#x959

objectives were to make these transaction records much less vulnerable to fraud ... not by encryption and/or controlling access to the transaction records ... but by eliminating the usefulness to crooks for enabling fraudulent transactions ... aka eliminating the dual-use purpose of the current infrastructure. this is also discussed in postings in threads discussing the naked transaction metaphor
https://www.garlic.com/~lynn/subintegrity.html#payments

and the fragile nature of not providing separate authentication mechanism (besides knowledge of the account number) in the existing transaction infrastructure.

Students mostly not ready for math, science college courses

Refed: **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Students mostly not ready for math, science college courses
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 07:06:57 -0400

Students mostly not ready for math, science college courses
http://www.mysanantonio.com/news/education/stories/MYSA103007.01A.SCIENCESHORTAGE.346bc07.html

from above:
It's no longer news that the American science juggernaut is losing ground to India, China and other countries busy churning out computer scientists and engineers,

... snip ...

Is the media letting banks off the hook on payment card security

Refed: **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 07:54:35 -0400

re:
https://www.garlic.com/~lynn/2007r.html#21 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#30 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#31 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#32 Is the media letting banks off the hook on payment card security

eliminating the account number dual-use ... requirement for being readily available and widely deployed for numerous business processes at the same time required to be kept totally confidential and never divulged .... goes a long way to eliminating the fraud consequences of data breaches and security breaches (doesn't prevent the information from being obtained ... just eliminates much of its usefullness for fraudulent purposes).

the vulnerability and threat models of the current infrastructure is discussed in posts related to the naked transaction metaphor
https://www.garlic.com/~lynn/subintegrity.html#payments

having to do with skimming, evesdropping, data breaches, security breatches, etc ... i.e. various forms of account number "harvesting" for fraudulent purposes
https://www.garlic.com/~lynn/subintegrity.html#harvest

this also has big impact on much of the phishing activities directed at obtaining account numbers in order to perform fraudulent transactions ... aka a lot of the motivation for man-in-the-middle attacks on the internet
https://www.garlic.com/~lynn/subintegrity.html#mitm

it isn't the only scenario. for instance, much of the hype regarding multi-factor authentication ... from 3-factor authentication model
https://www.garlic.com/~lynn/subintegrity.html#3factor

there are implicit assumptions that the different factors are subject to different vulnerabilities and exploits. another thing that started happening (at least by the 80s) were skimming attacks.

part of the assumption that pin-debit is more secure than signature debit and/or credit ... is that the "card", as something you have authentication and the "pin", as something you know authentication ... have different vulnerabilities. However skimming attacks would record all information associated with a transaction ... and be able to replay the recorded information. In this situation, both the "account number" (actually image of the magstripe, enabling production of a counterfeit card) and the "pin" were vulnerability to a common skimming attack (negating assumptions that the multi-factor authentication had independent vulnerabilities and exploits). This is also why you don't see pin-debit transactions being used on the internet (i.e. vulnerable to evesdropping/skimming attacks).

part of the work in x9a10 financial standards working group was developing the x9.59 protocol
https://www.garlic.com/~lynn/subpubkey.html#x959

that also had countermeasures to various kinds of evesdropping, skimming, and/or harvesting that would enable any form of replay attacks

part of this is also illustrated in the various posts in the yes card threads ... i.e. some technology that was being developed in the same timeframe as the x9.59 financial standard protocol. There was some amount of work in the yes card scenario for countermeasures against the lost/stolen card threat ... but turns out that it was wide-open to skimming attacks (enabling production of counterfeit chipcards that could be used for fraudulent transaction). other characteristics of the yes card operation, in some past meeting where it was described in some detail, prompted somewhat spontaneous comment from somebody in the audience about do you mean they managed to spend billions of dollars to prove that chipcards are less secure than magstripe cards.
https://www.garlic.com/~lynn/subintegrity.html#yescard

Is the media letting banks off the hook on payment card security

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 08:16:08 -0400

the dual-use nature of the current infrastructure can also create ambiguity and confusion for users ... on one hand they are conditioned to divulge their account number (as necessary for performing financial transactions) ... but at the same time they are being told that their account number has to be kept strictly confidential and never divulged (this potentially may create tremendous anxiety for users every time they go to perform a transaction).

as before ... misc. posts mentioning the "naked transaction" metaphor
https://www.garlic.com/~lynn/subintegrity.html#payments

Students mostly not ready for math, science college courses

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Students mostly not ready for math, science college courses
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 09:45:39 -0400

Quadibloc <jsavard@ecn.ab.ca> writes:
And even if it wasn't, outsourcing has definite cost advantages...

re:
https://www.garlic.com/~lynn/2007r.html#33 Students mostly not ready for math, science college courses

as per past posts ... some of the oursourcing started because

1) scarcity of resources for y2k remediation (for backroom, production, commercial system) that was going on at the same time as the internet "bubble"

2) more than half of the high-skilled resources that didn't directly showup as outsourcing were foreign nationals that were obligated and/or at least inclined to return home at some point (sometimes there is the "tipping point" buzzword used here ... which can result in accelerated negative feedback).

a lot of the business relationships that were spawned during the go-go years of the internet bubble ... tended to survive after the bubble burst.

another factor is a lot of internet and other connectivity technologies ... with regard to collapsing distances and enabling telecommuniting ... also removes barriers to outsourcing work (from tv commercials, if you can work while on vacation on any beach in the world ... then possibly your work can be performed by any qualified individual any place in the world)

recent posts mentioning outsourcing and/or y2k remediation
https://www.garlic.com/~lynn/2007g.html#7 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007h.html#36 sizeof() was: The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2007n.html#47 WindowsMonitor or CUSP?
https://www.garlic.com/~lynn/2007o.html#23 Outsourcing loosing steam?
https://www.garlic.com/~lynn/2007p.html#39 India is outsourcing jobs as well
https://www.garlic.com/~lynn/2007p.html#46 India is outsourcing jobs as well

Translation of IBM Basic Assembler to C?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 10:01:57 -0400

Bernd Felsche <bernie@innovative.iinet.net.au> writes:
Once you have Linux, you would not need to *buy* very much in terms of application software. The distros on DVD are *loaded* with hundreds of applications. If you go online, then there are many applications that are free to download and use; mostly open source as well.

Consumer: Sign of the Apocalypse? Wal-Mart Sells Linux PCs
http://www.technewsworld.com/story/60101.html

from above ...
About 600 Wal-Mart stores will carry the US$199 Linux-powered Green gPC made by Everex of Taiwan, Wal-Mart said. It was available online on Wednesday.

... snip ...

Students mostly not ready for math, science college courses

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Students mostly not ready for math, science college courses
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 10:44:54 -0400

Walter Bushell <proto@oanix.com> writes:
Which means kids should want jobs that can only be done locally, if it can be done in a low wage economy, it will be done in a low wage economy.

re:
https://www.garlic.com/~lynn/2007r.html#33 Students mostly not ready for math, science college courses
https://www.garlic.com/~lynn/2007r.html#36 Students mostly not ready for math, science college courses

aka abdicate any inclination to compete with the rest of the world and settle for (local) low-paying low-skill (frequently service industry) jobs ... oops, that isn't working either.

Translation of IBM Basic Assembler to C?

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 11:43:20 -0400

Charlton Wilbur <cwilbur@chromatico.net> writes:
The general public seems to understand this quite well. If you go to a Wal-Mart, you get generic low-quality clothes, generic low-quality housewares, and generic low-quality electronics, all for cheap. If you go to a Target, you get slightly better quality and slightly higher price. If you go to a higher-end specialty store in any of those areas, you get better products and better service. The public understands this. Why don't you?

some of this is image and positioning

i.e. the counter argument has been that prices for some products have been significantly inflated by extensive advertising as part of creating demand ... the generics have been able to contract for identical products from the same exact manufacturer (sometimes a side effect of these businesses spinning off actual manufacturing and/or outsourcing; in attempt at improving the bottom line) and still make a profit when charging half as much. the generics also don't have any ongoing product development overhead ... they are just pricing for duplicate. this sometimes even shows up in various kinds of (illegal) knock-offs and counterfeits ... where they are identical and have been produced in the same plant.

further cost savings have come from having an extremely sophisticated supply-chain (computer based) infrastructure that will do just-in-time delivery ... minimizing various costs like unsold inventory overhead.

it would be interesting to see actual cost/quality trade-off numbers for broad range of retailers and their products.

similar issues played out in the 60s and 70s with clone controllers ... as undergraduate in 60s, i was involved in building a clone controller that got written up as spawning a new industry
https://www.garlic.com/~lynn/submain.html#360pcm

the appearance of the plug-compatible controllers was large part of the motivation for the (canceled w/o even being announced) future system project
https://www.garlic.com/~lynn/submain.html#futuresys

and the distraction of the future system project contributed to providing customer opportunities for plug-compatible processors ... finally when the future system project was eventually killed there was mad rush to get both hardware and software items back into the 370 product pipeline (and efforts to fend off the clone manufacturers).

somewhat similar process was repeated in the 80s with PC clone products.

in the 60 & 70s ... there was much more focus on hardware clones, in part because the software technology was much more primitive. with the rise of more sophisticated and portable software technology in the 80s, there was much broader competition from similar hardware ... but no longer requiring exact hardware compatibility ... which contributed to turning hardware into much more of a commodity business.

For instance, the same RDBMS would be available across a broad range of different hardware platforms and provide same exact operation. misc. past post mentioning work on the original RDBMS/SQL implementation
https://www.garlic.com/~lynn/submain.html#systemr

Is the media letting banks off the hook on payment card security

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Thu, 01 Nov 2007 18:51:40 -0400

hancock4 writes:
Banks take a steep 'discount' for processing credit cards. That is, when a merchant turns in a charge slip, the bank takes 2-4% of the purchase amount as a commission. Since most stuff is done by credit card these days, that's a hefty amount, and that doesn't count the consumer interest on outstanding balances.

re:
https://www.garlic.com/~lynn/2007r.html#21 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#30 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#31 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#32 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#34 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#35 Is the media letting banks off the hook on payment card security

one of the reasons that you see so much advertisements for debit on tv ... is that debit volumes have been growing much faster than credit ... although signature debit interchange fees are comparable to credit ... (while pin debit fees are much lower ... as implied in the article referenced by the original post)

Debit Card Volume Passes Credit Card (or did it?)
http://www.netbanker.com/2005/11/debit_card_volume_passes_credi.html
Debit Volume Exceeds Credit, Visa Says
http://www.banktech.com/news/showArticle.jhtml?articleID=167100397

in debit, since there is no credit extended ... there is no consumer interest (there are also increasing credit customers not carrying balances) ... so the revenue is nearly all coming off the interchange fees ... some going to the merchant financial institution, some going to the associations, and some going to the consumer financial instituation.

Translation of IBM Basic Assembler to C?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Fri, 02 Nov 2007 07:16:58 -0400

"Charlie Gibbs" <cgibbs@kltpzyxm.invalid> writes:
The even more scary belief - one that isn't restricted to here in Canuckistan - is that tomorrow's technology will solve every problem we're busily creating today.

extend to the individual is never responsible? that somebody else will always be around to bail them out?

New 'virtual IT job' could be very real

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: New 'virtual IT job' could be very real
Newsgroups: alt.folklore.computers
Date: Fri, 02 Nov 2007 07:34:45 -0400

more 40+ yr old technology ...

New 'virtual IT job' could be very real
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9045178

from above:
Virtualization may be becoming something so ubiquitous and essential to operations that it has become a new form of operating system for the data center.

... snip ...

courtesy of the cambridge science center circa 1965
https://www.garlic.com/~lynn/subtopic.html#545tech

other recent posts mentiong 40+ yr old technology
https://www.garlic.com/~lynn/2007.html#39 Just another example of mainframe costs
https://www.garlic.com/~lynn/2007b.html#23 How many 36-bit Unix ports in the old days?
https://www.garlic.com/~lynn/2007b.html#26 How many 36-bit Unix ports in the old days?
https://www.garlic.com/~lynn/2007l.html#23 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007p.html#7 what does xp do when system is copying
https://www.garlic.com/~lynn/2007q.html#3 Virtualization: Don't Ask, Don't Tell
https://www.garlic.com/~lynn/2007q.html#22 Enterprise: Accelerating the Progress of Linux
https://www.garlic.com/~lynn/2007q.html#25 VMware: New King Of The Data Center?
https://www.garlic.com/~lynn/2007q.html#49 Slimmed Down Windows Offers Glimpse Into Microsoft's Virtualization Ambitions
https://www.garlic.com/~lynn/2007q.html#59 Virtualization: Everybody's Doing It, but Few Know How
https://www.garlic.com/~lynn/2007q.html#64 Virtual Browsers: Disposable Security
https://www.garlic.com/~lynn/2007q.html#66 Direction of Stack Growth

does memory still have parity?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: does memory still have parity?
Newsgroups: alt.folklore.computers
Date: Fri, 02 Nov 2007 10:22:52 -0400

jeffj@panix.com (Jeff Jonas) writes:
A friend maintained DEC VAC clusters for 800 number translation. Now that's probably accomplished with a rack of redundant blade servers or Beowulf clusters (which compete well with supercomputers for total thruput).

re:
https://www.garlic.com/~lynn/2007q.html#67 does memory still have parity?

which is what we pitched at bellcore when we were doing ha/cmp product
https://www.garlic.com/~lynn/subtopic.html#hacmp

course, we also pitched ha/cmp scale-up for supercomputers ... old posts with slight drift
https://www.garlic.com/~lynn/95.html#13
https://www.garlic.com/~lynn/96.html#15

post from last year
https://www.garlic.com/~lynn/2006x.html#3 Why so little parallelism?

and other old email on the subject from the period
https://www.garlic.com/~lynn/lhwemail.html#medusa

other related
https://www.garlic.com/~lynn/2000c.html#21 Cache coherence
https://www.garlic.com/~lynn/2006w.html#40 Why so little parallelism?
https://www.garlic.com/~lynn/2006w.html#41 Why so little parallelism?

complicated address generation unit?

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: complicated address generation unit?
Newsgroups: comp.arch,alt.folklore.computers
Date: Fri, 02 Nov 2007 12:49:16 -0400

re:
https://www.garlic.com/~lynn/2007r.html#28 complicated address generation unit?

other 801 posts
https://www.garlic.com/~lynn/subtopic.html#801

part of the 801 hardware/software tradeoff was that there was never going to be any hardware cache consistency support (part of this was likely lessons learned from the heavy penalty that 370s were paying for multiprocessor cache consistency). one of the side-effects (with separate instruction and data caches) and was that the (program) loader which would be dealing with instruction images as "data" ... and needed to execute an instruction to flush changed data cache lines back to storage (when dealing with "store-in" data cache).

the lack of cache consistency also complicated being able to provide multiprocessor support ... for the most part not even attempted. there was a 4-way "single-chip rios" multiprocessor ... but it had a gimmick that "shared data" would be accessed from virtual segments that were marked "non-cacheable" (aka all loads/stores bypassed cache).

this was also in large part behind our choosing to do loosely-coupled (aka cluster) product support for scale-up. we started off with simple fall-over in ha/cmp
https://www.garlic.com/~lynn/subtopic.html#hacmp

but continued with cluster scale-up with medusa in the '91 timeframe ... some old email
https://www.garlic.com/~lynn/lhwemail.html#medusa

recent post referencing some of the effort:
https://www.garlic.com/~lynn/2007r.html#43 does memory still have parity?

some of this grew out of my wife's experience having served a stint in pok, in charge of mainframe loosely-coupled architecture (aka mainframe for cluster)
https://www.garlic.com/~lynn/submain.html#shareddata

and my experience helping deploy a large "single-system image" mainframe cluster for internal HONE operation
https://www.garlic.com/~lynn/subtopic.html#hone

the whole 801/risc simplicity philosiphy also impacted things like compare&swap instruction.

charlie had invented compare&swap at the science center
https://www.garlic.com/~lynn/subtopic.html#545tech

when working on fine-grain locking for cp67 multiprocessor support; in fact the mnemonic compare&swap was chosen because CAS are charlie's initials
https://www.garlic.com/~lynn/subtopic.html#smp

attempting to promote compare&swap for the original 370 architecture ... there was lots of resistance claiming that multiprocessor support requirements weren't sufficient to justify additional instruction. the challenge to justify compare&swap instruction for 370 was to come up with other uses (other than strict multiprocessor operation). thus was born the scenarios for its use by multi-threaded applications to coordinate multiple (user-level) threads w/o requiring the overhead of kernel calls. current generation of that description appears in the appendix of the principles of operation
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dz9zr003/A.6?DT=20040504121320

first off, as a purely single-processor operation ... compare&swap hadn't been justified for rios (since there was no multiprocessor) ... but the compare&swap use had started to show up in many multi-threaded applications, especially DBMS implementations (even if they weren't running on multiprocessor/multicore machines). so to ease the RIOS port for these types of applictions, a C macro was provided that invoked a system call that simulated the compare&swap semantics. There was a very short instruction fastpath in the system call interrupt handler that simulated compare&swap semantics (while disabled for interrupts) and immediately returned to the applications.

while RIOS continued as purely non-cache-coherent, non-multiprocessor, a group spun off, somerset (ibm, motorola, apple, etc) to do a PC 801/risc chip (power/pc). this was going to include support for cache-coherent and multiprocessor support. The issue here was how to come up with instruction(s) that met 801/risc simplicity philosiphy ... which led to design for instruction that would obtain exclusive control of storage location, allowing other instructions (on the same processor) to operate on location. An issue then was that compare&swap design (also) didn't allow interrupts to occur in the middle of the atomic instruction (especially when used in user-level applications enabled for interrupts).

Translation of IBM Basic Assembler to C?

Refed: **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Fri, 02 Nov 2007 13:48:19 -0400

jmfbahciv writes:
The problems with today's drivers is that they think they already have autopilots operating the car.

in the past there have been suggestions that people shouldn't be allowed to drive unless they could at least service, maintain, and repair their own vehicle.

there has been some of that in internet discussions.

some of the current internet issues is pieces of it have grown up cobbled together.

a lot of the PC heritage is stand-alone machine where applications, games, etc would take over control of all aspects of machine operation. there were never any thot given to defensive paradigm and/or countermeasures against various kinds of bad things happening.

there may be some analogy here with the early days of automobiles. there was horseless carriage metaphore adaptation but automobiles started to face problems because of the differences (as opposed to the similarities) ... like the speed of the devices and increasingly popularity resulted in proliferation of accidents, injuries, and deaths not seen with the original.

a somewhat similar analogy could be made about paradigm targeted at stand-alone kitchen table operation ... and what happens when it is attached to the wild anarchy of the internet (w/o safety glass, bumpers, impact barriers/zones, collapsable steering wheel, padded dashboards, seatbelts, airbags, etc).

the current scenario is that cellphone use, while driving, have accident rates on par with DUI.

some of this is while the metaphor somewhat could remain the same, it was necessary to do detailed vulnerability and threat analysis regarding what has changed and the related implications. then it would be necessary to devise specific countermeasures for the identified vulnerabilities and threats.

misc. past posts mentioning vulnerabilities, threats, risks, and/or fraud
https://www.garlic.com/~lynn/subintegrity.html#fraud

misc past posts about internet anarchy and/or wild west
https://www.garlic.com/~lynn/2001m.html#30 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
https://www.garlic.com/~lynn/2001m.html#27 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
https://www.garlic.com/~lynn/2001m.html#28 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
https://www.garlic.com/~lynn/2001m.html#29 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
https://www.garlic.com/~lynn/2001m.html#30 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
https://www.garlic.com/~lynn/2001m.html#31 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
https://www.garlic.com/~lynn/2002.html#26 Buffer overflow
https://www.garlic.com/~lynn/2002f.html#24 Computers in Science Fiction
https://www.garlic.com/~lynn/2003i.html#17 Spam Bomb
https://www.garlic.com/~lynn/2004i.html#16 New Method for Authenticated Public Key Exchange without Digital Ceritificates
https://www.garlic.com/~lynn/2004k.html#32 Frontiernet insists on being my firewall
https://www.garlic.com/~lynn/2007c.html#30 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007k.html#48 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007m.html#7 nouns and adjectives
https://www.garlic.com/~lynn/2007n.html#15 What if phone company had developed Internet?
https://www.garlic.com/~lynn/2007n.html#16 What if phone company had developed Internet?
https://www.garlic.com/~lynn/2007r.html#13 What do ATMS and card readers use?

Students mostly not ready for math, science college courses

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Students mostly not ready for math, science college courses
Newsgroups: alt.folklore.computers
Date: Fri, 02 Nov 2007 14:12:13 -0400

Charlton Wilbur <cwilbur@chromatico.net> writes:
One way out is to find a service you care about, and do that. A friend of mine started out as an engineer, found himself turning into a cubicle monkey, and left that particular rat race. He got his plumber's licence, and now he's doing new plumbing installations in new buildings. It's definitely "just a job" to him, but he does it well enough, and it pays well enough, and he's not in a cubicle.

in high school, i got job in local hardware store ... somewhat rural area ... which contributed to also getting stints on various building projects. by the time i had entered college i had performed just about every type of task that would be associated with home and small commercial buildings (foundations, cement, framing, electrical, plumbing, roofing, siding, wallboard, mud&tape)

i had one task where 500 (94lb) bags of cement showed up on flatbed trailer, it had to be offloaded into the store's warehouse ... with no mechanical or wheeled assistance of any kind (simple carry) and there was no loading dock (so had to be lifted off the flatbed) ... oh, and it happened to be hundred degrees outside. it shorten the elapsed time by carrying four bags at a time into the warehouse.

one commercial building project ... somebody forgot to set the utility boxes in the foundation forms before concrete pour. i then got the task of hand chiseling the holes in the foundation for utilities. after that i took to walking projects (before things like pours), cross-checking what had been done against specification/drawings.

that possibly contributed to being made foreman on the next project ... not very large ... three 9-man crews. it paid fairly well, i was out of college a number of years before monthly take-home reached the same level.

past posts in thread:
https://www.garlic.com/~lynn/2007r.html#33 Students mostly not ready for math, science college courses
https://www.garlic.com/~lynn/2007r.html#36 Students mostly not ready for math, science college courses
https://www.garlic.com/~lynn/2007r.html#38 Students mostly not ready for math, science college courses

for other topic drift:
https://www.garlic.com/~lynn/2007e.html#48 time spent/day on a computer
https://www.garlic.com/~lynn/2007f.html#76 Working while young
https://www.garlic.com/~lynn/2007g.html#79 Working while young
https://www.garlic.com/~lynn/2007h.html#19 Working while young
https://www.garlic.com/~lynn/2007j.html#94 IBM Unionization
https://www.garlic.com/~lynn/2007k.html#0 IBM Unionization

Translation of IBM Basic Assembler to C?

Refed: **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Sat, 03 Nov 2007 09:43:40 -0400

jmfbahciv writes:
Oh, thank you. I've been saying that but you wrote it better than I ever could. I don't think a lot of people reading this knows what stand-alone means. There are huge implications of what can and cannot be run on stand-alone and not-stand-alone machines.

re:
https://www.garlic.com/~lynn/2007r.html#45 Translation of IBM Basic Assembler to C?

the early (cp67 & vm370) virtual machine based time-sharing services
https://www.garlic.com/~lynn/submain.html#timeshare

beefed up the cms virtual machine environment in various ways ... frequently referred to as "padded-cells" ... limiting the impact of virtual "stand-alone" operation in a large shared environment .. i.e. isolating users from each other ... for instance some of the finanacial oriented commercial timesharing services would have lots of users from competing wall street firms (and other related institutions).

i've posted numerous times about when the science center
https://www.garlic.com/~lynn/subtopic.html#545tech

had a number of different projects on their service that involved some of the corporation's most sensitive information ... as well as numerous non-employees (including students) from around the cambridge area.

i've also made posts with referenced articles about applying the 40+ yr old technology as a basis for providing similar kinds of isolation/partitioning as countermeasure to various kinds of current threats and vulnerabilities ... for instance
https://www.garlic.com/~lynn/2007o.html#7 Hypervisors May Replace Systems As King Of The Data Centers

another reference in this vein about the 40+ yr old technology
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml

a few other posts along this theme
https://www.garlic.com/~lynn/2007q.html#64 Virtual Browsers: Disposable Security
https://www.garlic.com/~lynn/2007q.html#66 Direction of Stack Growth
https://www.garlic.com/~lynn/2007r.html#42 New 'virtual IT job' could be very real

i.e. assuming that you won't be able to prevent various kinds of bad things from happening ... so use virtual machine technology to isolate the scope of the damage.

and for slightly different drift about threats and vulnerabilities in this environment ... the thread about dangers of c language string/storage metaphor
https://www.garlic.com/~lynn/subintegrity.html#overflow

misc. past posts about threats, vulnerabilities, exploits, risk, fraud, etc
https://www.garlic.com/~lynn/subintegrity.html#fraud

Half a Century of Crappy Computing

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Half a Century of Crappy Computing
Newsgroups: comp.arch,comp.arch.embedded,alt.folklore.computers
Date: Sat, 03 Nov 2007 10:43:33 -0400

nmm1@cus.cam.ac.uk (Nick Maclaren) writes:
Note that young humans can often recover from the destruction of ALL of the components handling a particular skill, by relearning from scratch. If every DNS server on the Internet died unrecoverably tomorrow, I doubt that it would recover as well.

for a little topic drift ... some references to recent thread in a.f.c
https://www.garlic.com/~lynn/2007q.html#18 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#19 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#60 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#62 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#25 Fixing our fraying Internet infrastructure

and these posts in another thread that recently strayed into subject of threats, vulnerabilities, exploits, etc on the internet:
https://www.garlic.com/~lynn/2007r.html#45 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2007r.html#47 Translation of IBM Basic Assembler to C?

including some application of 40+ yr old technology, courtesy of the science center
https://www.garlic.com/~lynn/subtopic.html#545tech

as part of the solution.

for even greater topic drift ... cp67 & cms started at the science center
https://www.garlic.com/~lynn/subtopic.html#545tech

in the mid-60s ... some amount of it fairly obviously adopted from ctss, like the initial version of the cms document formater application. Later, in 69, three people at the science center invented GML (i.e. three letters chosen as first letter of their last name). This eventually morphed into sgml
https://www.garlic.com/~lynn/submain.html#sgml

and become the basis for current genre of html, xml, etc ... i.e. reference to a cms script clone from waterloo in extensive use at cern and the evolution of sgml into html
http://infomesh.net/html/history/early/

and to somewhat wander back to part of the topic ... reference to the person responsible for DNS doing stint at science center in the early 70s
http://alum.mit.edu/ne/noteworthy/profiles/mockapetris.html

How to tell a fake SSL certificate from a real one

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server,alt.folklore.computers
Date: Sat, 03 Nov 2007 16:01:27 -0400

Anne & Lynn Wheeler <lynn@garlic.com> writes:
or old email from 1981 discussing pgp-like public key proposal
https://www.garlic.com/~lynn/2006w.html#email810515

re:
https://www.garlic.com/~lynn/2007q.html#72 Value of SSL client certificates?
https://www.garlic.com/~lynn/2007q.html#73 Value of SSL client certificates?
https://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#19 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#24 How to tell a fake SSL certificate from a real one

from my RFC index
https://www.garlic.com/~lynn/rfcietff.htm

recent PGP RFCs

https://www.garlic.com/~lynn/rfcidx8.htm#5081
5081 E
Using OpenPGP Keys for Transport Layer Security (TLS) Authentication, Mavrogiannopoulos N., 2007/11/02 (8pp) (.txt=15300) (Refs 3280, 4346, 4366, 4880) (was draft-ietf-tls-openpgp-keys-11.txt)

https://www.garlic.com/~lynn/rfcidx8.htm#4880
4880 PS
OpenPGP Message Format, Callas J., Donnerhacke L., Finney H., Shaw D., Thayer R., 2007/11/02 (90pp) (.txt=203706) (Obsoletes 1991, 2440) (Refs 1423, 1950, 1951, 1991, 2045, 2440, 2822, 3156, 3447, 3629, 4086) (Ref'ed By 5081) (was draft-ietf-openpgp-rfc2440bis-22.txt)

and as always ... clicking on the ".txt=nnn" field, retrieves the actual RFC

could we be getting closer to certificate-less SSL/TLS protocol? misc. posts mentioning publickey certificate-less operation
https://www.garlic.com/~lynn/subpubkey.html#certless

for additional drift, posts mentioning possibility of general use of "on-file" public keys (from the domain name system), including for a SSL/TLS protocol like operation.
https://www.garlic.com/~lynn/subpubkey.html#catch22

and for even more drift ... a totally different DNS topic drift (from a thread in comp.arch)
https://www.garlic.com/~lynn/2007r.html#48 Half a Century of Crappy Computing

Translation of IBM Basic Assembler to C?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Sat, 03 Nov 2007 18:24:24 -0400

Morten Reistad <first@last.name> writes:
I get constant flashbacks to 1984, to cics, vtam, 3270 streams and ims when I program for apache/agi, tcp/ip, http/html, and mysql.

I have even introduced some cics tricks to collegues, they thought they were brand new.

university had ONR grant for library automation project in the 60s and was selected to be betatest site for (original) CICS product (i.e. CICS had been developed at a customer site ... and then was selected to be turned into product offering) ... and i got tasked to help support/debug

some recent posts mentioning cics
https://www.garlic.com/~lynn/2007q.html#14 Does software life begin at 40? IBM updates IMS database
https://www.garlic.com/~lynn/2007q.html#26 Does software life begin at 40? IBM updates IMS database
https://www.garlic.com/~lynn/2007q.html#39 Oracle Raises Stakes With BEA Offer

misc. other posts mentioning CICS (&/or bdam):
https://www.garlic.com/~lynn/submain.html#bdam

Translation of IBM Basic Assembler to C?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Sat, 03 Nov 2007 18:37:11 -0400

Walter Bushell <proto@oanix.com> writes:
How many times has virtual memory, for example, been "reinvented". >;)(

old science center
https://www.garlic.com/~lynn/subtopic.html#545tech

quote about (one of) justifications for virtual machine project (first cp40 on custom modified 360/40 and then morphed to cp67 when standard 360/67 with virtual memory was available):
What was most significant was that the commitment to virtual memory was backed with no successful experience. A system of that period that had implemented virtual memory was the Ferranti Atlas computer, and that was known not to be working well. What was frightening is that nobody who was setting this virtual memory direction at IBM knew why Atlas didn't work

... snip ...

quoted from L.W. Comeau, "CP-40, the Origin of VM/370", Proceedings of SEAS AM82, September, 1982

above from Melinda's "VM and the VM Community: Past, Present, and Future"
http://www.leeandmelindavarian.com/Melinda/
http://www.leeandmelindavarian.com/Melinda#VMHist

for slightly more drift, another footnote from Melinda's paper:
Creasy had decided to build CP-40 while riding on the MTA. "I launched the effort between Xmas 1964 and year's end, after making the decision while on an MTA bus from Arlington to Cambridge. It was a Tuesday, I believe." (R.J. Creasy, private communication, 1989.)

... snip ...

and for other drift, lots of posts mentioning virtual memory and page replacement algorithms
https://www.garlic.com/~lynn/subtopic.html#wsclock

Translation of IBM Basic Assembler to C?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Sun, 04 Nov 2007 08:07:00 -0500

Steve O'Hara-Smith <steveo@eircom.net> writes:
Good point - it has not only been developed steadily since the mid 90s but it builds on techniques that are much older.

re:
https://www.garlic.com/~lynn/2007r.html#50 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2007r.html#51 Translation of IBM Basic Assembler to C?

i.e. fairly widely deployed ... including things like atm machines. even periodic comments that ims may still have very large amount of data under management (especially in critical backroom business processes)

and there is even fairly direct connection between mysql RDBMS and the original RDBMS/SQL, system/r
https://www.garlic.com/~lynn/submain.html#systemr

and html a morphing of sgml (outgrowth of gml) ... recent post (gml invented at the science center 1969)
https://www.garlic.com/~lynn/2007r.html#48 Half a Century of Crappy Computing

with reference:
http://infomesh.net/html/history/early/

Fixing our fraying Internet infrastructure

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Sun, 04 Nov 2007 08:44:11 -0500

somewhat topic drift, recent news reference

Technology is root of all evil, says IMF
http://www.theregister.co.uk/2007/10/23/technology_inequality_imf_economist_donkey/

from above:
In essence, according to the IMF, technological innovation is what causes economic inequality among the human race. Yes, you read that right: technology - and not just the machinery, but people with tech skills - are to blame for the fact that some people are dirt poor and others disgustingly rich.

... snip ...

past posts in thread:
https://www.garlic.com/~lynn/2007q.html#18 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#19 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#60 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#62 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#25 Fixing our fraying Internet infrastructure

The new urgency to fix online privacy

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Sun, 04 Nov 2007 09:18:23 -0500

hancock4 writes:
The problem is that modern society is structured so that those things are not "conveniences" but necessities.

Further, almost all of us have mortgages or rental leases, driver's licenses, bank accounts, etc., all soures for which to track us.

re:
https://www.garlic.com/~lynn/2007r.html#26 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#29 The new urgency to fix online privacy

somewhat as part of the EU-DPD, in the mid-90s, there was the statement that all retail electronic transactions should be as anonymous as cash ... this was interpreted as meaning that names needed to be taken off payment cards (although account numbers would still be retained).

part of this is long standing thread about confusing authentication and identification ... and resulting in huge proliferation of identification related operations ... at enormous numbers of locations around the world.

the theory behind the names on the cards was that point-of-sale clerk could ask for gov. (picture) identification and cross-check the names on the payment card and the gov. id ... as means of authentication.

elimination of name from cards ... and reducing the potential vast number of places that identification operations can occur ... was providing improved authentication and/or other fraud countermeasures.

this was one of the things that we grappled with in x9a10 financial standard working group (which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments) for the x9.59 standard
https://www.garlic.com/~lynn/x959.html#x959

as i've mentioned before, we claimed that the resulting x9.59 standard was privacy agnostic
https://www.garlic.com/~lynn/subpubkey.html#privacy

that there was significantly strong authentication measures (as fraud countermeasure) to eliminate the potential of a lot of the identification operations (frequently because of confusing authentication and identification).

x9.59 still retained account numbers and as such, financial institutions could still satisfy gov. "know your customer" mandates ... but in theory, the number of places that identification operations occurred, could be radically reduced (to bare minimum that were actually required to meet gov. mandates). X9.59 wouldn't be totally anonymous ... recognizing the gov. "know your customer" mandates ... but it could drastically reduce the number of places where any personal information had to be unnecessarily exposed.

There was a similar previous cycle in the 90s involving x.509 identity digital certificates ... increasingly overloaded with personal information ... but by the mid-90s, many institutions realized that the x.509 paradigm represented enormous privacy and liability issues ... and as such, there was retrenching to something called relying-party-only certificates
https://www.garlic.com/~lynn/subpubkey.html#rpo

But as mentioned frequently before ... we were able to show such certificates were redundant and superfluous (essentially attempting to preserve the enormous, misguided investment in x.509 identity digital certificate infrastructure ... in large part having confused authentication and identification).

That confusion (about authentication and identification) still exist and the current round is seen in some of the direction to grossly overload identification smartcards (the new generation of x.509 identity digital certificate infrastructure) with enormous amounts of personal information.

Translation of IBM Basic Assembler to C?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Sun, 04 Nov 2007 10:00:05 -0500

Morten Reistad <first@last.name> writes:
I get constant flashbacks to 1984, to cics, vtam, 3270 streams and ims when I program for apache/agi, tcp/ip, http/html, and mysql.

I have even introduced some cics tricks to collegues, they thought they were brand new.

it wasn't that long ago that i visited a datacenter (in us) with over 120 cics regions. the majority of the cable tv operations in the US outsourced their dataprocessing to the center; billing, statementing, account management, driving terminals in service centers and customer support centers, as well as programming/downloading controls for settop boxes (premium service, pay-for-view, on-demand, etc).

the connectivity to the settop boxes were the cable company connectity ... but the control information going to the cable headend was coming from one of the cics regions with LU0 addressing.

recent posts
https://www.garlic.com/~lynn/2007r.html#50 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2007r.html#51 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2007r.html#52 Translation of IBM Basic Assembler to C?

for a little x-over in another thread ... these kind of outsourcing datacenters are typically subject to quarterly audits both by the more well known audit firms (on behalf outsourcing institutions) ... but also by a dozen or so different privacy organizations.
https://www.garlic.com/~lynn/2007r.html#26 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#29 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#54 The new urgency to fix online privacy

CSA 'above the bar'

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: CSA 'above the bar'
Newsgroups: bit.listserv.ibm-main
Date: Sun, 04 Nov 2007 13:20:48 -0500

Steve Samson <ssamson@dc.rr.com> writes:
The discussion suggests that the "dead zone" represented an arbitrary decision. However it is absolutely necessary to preserve compatibility with programs dating back to OS/360. If a 24-bit or 31-bit address is interpreted as or expanded to a 64-bit address and the high-order bit happens to be on, that would cast the virtual address into the 2-4 gigabyte range and unpredictable effects could ensue.

Use of the high-order bit in an address to signal the end of a parameter list is common, and no practical means of filtering or converting the programs is available.

I think the dead zone is necessary in z/VSE for the same reason.

Other operating systems did not use the high order bit in the same way, so there is no need for the dead zone in virtual addresses.

Has this helped to achieve clarity?

360/67 had both 24-bit and 32-bit virtual addressing mode ... as well as number of other issues that didn't reappear until xa. there was some discussion in the xa mode about returning to the 360/67 32-bit mode vis-a-vis using 31-bit ... which would have been in the architecture "redbook" (the discussion i remember was the effect on things like BXH and BXLE instruction)

principles of operation was one of the first major publications done with cms script ... in large part because it supported conditional so on the command line ... either the whole architecture "redbook" could be printed ... or just the principles of operation subset (w/o all the additional detail ... it was called "redbook" because it was distributed in a 3-ring red binder).

common segment area started out being the MVS solution to moving subsystems into the own address space ... and the pervasive use of pointer passing APIs. this was what initially led to MVS kernel image occupying 8mbytes of every 16mbyte virtual address space (so for applications making kernel calls ... the kernel could directly access the parameter list). however, this pointer-passing api paradigm created significant problems when subsystems were moved into their own address space (as part of morphing os/vs2 svs to os/vs2 mvs). common segment could start out as 1mbyte in every address space ... where applications could squirrel away parameter list ... and then make call to the subsystem (passing thru the kernel for the address space switch).

the problem was for the larger installations, common segment could grow to 5-6 mbytes that appeared in every application virtual address space (with the 8mbyte taken out for the kernel image) that might leave only 2-3mbytes for applications (out of the 16mbytes).

the stop-gap solution in the 3033 time-frame was dual-address space mode (pending access registers, program call, etc) ... there was still a pass thru the kernel to switch to a called subsystem ... but the called subsystem could reach back into the calling application's virtual address space (w/o being forced to resorting to the common segment hack).

3033 also introduced a different "above the line" concept. the mismatch between processor thruput and disk thruput was becoming more and more exacerbated. i once advocated a statement that over a period of a decade or so, that the disk relative system thruput had declined by an order of magnitude (or more) ... aka disk thruput increased by 3-4 times while processor thruput increased by 40-50 times. As a result, real storage was more and more being used for caching and/or other mechanisms to compensate for the lagging disk relative system thruput.

we were starting to see clusters of 4341 decked out w/max. storage and max channel and i/o capacity ... matching or beating 3033 thruput at a lower price. one of the 4341 cluster benefits was that there was more aggregate real storage than the 16mbyte limit for 3033. the hack was to redefine two (undefined/unused) bits in the page table entry. standard page table entry had 16 bits, including a 12bit (4k) page number field (allowed addressing up to 16mbytes real storage). With the two additional bits, it was possible to address up to 16384 4kbyte pages (up to 64mbyte of real storage) ... but only 16mbytes at a time.

in real addressing mode ... it was only possible to address the first 16mbytes and in virtual addressing mode ... it was only possible to address a specific 16mbytes (but it was possible to have more than 4096 4kbyte pages).

it was possible to use channel program IDAL to specify address greater than 16mbyte real address (allowing data to be read/written above the 16mbyte line). however, the actual channel programs were still limited to residing below the 16mbyte line. some of this was masked by the whole channel program translation mechanism that was necessary as part of mobing to 16mbyte virtual memoy environment. the original transition for mvt was hacking a little bit of support for a single virtual address space (i.e. os/vs2 svs) and cribbing in code from CP67 for doing all the gorp for copying the channel program (passed by svc0/excp), fixing the corresponding virtual pages (to real addresses) and replacing all the virtual addresses with corresponding real addresses (as well as potentially converting non-IDAL CCWs to IDAL CCWs).

recent posts mentioning the channel program copying hack for virtual memory environment
https://www.garlic.com/~lynn/2007e.html#19 Cycles per ASM instruction
https://www.garlic.com/~lynn/2007e.html#27 IBM S/360 series operating systems history
https://www.garlic.com/~lynn/2007e.html#46 FBA rant
https://www.garlic.com/~lynn/2007f.html#0 FBA rant
https://www.garlic.com/~lynn/2007f.html#6 IBM S/360 series operating systems history
https://www.garlic.com/~lynn/2007f.html#33 Historical curiosity question
https://www.garlic.com/~lynn/2007f.html#34 Historical curiosity question
https://www.garlic.com/~lynn/2007k.html#26 user level TCP implementation
https://www.garlic.com/~lynn/2007n.html#35 IBM obsoleting mainframe hardware
https://www.garlic.com/~lynn/2007o.html#41 Virtual Storage implementation
https://www.garlic.com/~lynn/2007p.html#69 GETMAIN/FREEMAIN and virtual storage backing up
https://www.garlic.com/~lynn/2007p.html#70 GETMAIN/FREEMAIN and virtual storage backing up
https://www.garlic.com/~lynn/2007p.html#73 GETMAIN/FREEMAIN and virtual storage backing up
https://www.garlic.com/~lynn/2007p.html#74 GETMAIN/FREEMAIN and virtual storage backing up
https://www.garlic.com/~lynn/2007p.html#72 A question for the Wheelers - Diagnose instruction
https://www.garlic.com/~lynn/2007q.html#8 GETMAIN/FREEMAIN and virtual storage backing up
https://www.garlic.com/~lynn/2007q.html#24 GETMAIN/FREEMAIN and virtual storage backing up

Translation of IBM Basic Assembler to C?

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Sun, 04 Nov 2007 13:52:20 -0500

Morten Reistad <first@last.name> writes:
Again, you are attacking something which is a real problem, and is not really solvable with 1970's commercial technology; but where huge advances have been made since then. This time, however, you are right that this thing isn't completely solved in the production systems before very recently.

Go find Theo de Raadt's papers on OpenBSD to see how this thing is to be solved. Implemented in OpenBSD, Dragonfly, and on the way into Linux and FreeBSD. The really important stuff is in Linux 2.6.12, the detailted protection bits are in 2.6.17 built with a gcc >= 4.1.2, and a complete implementation in 2.6.24 (the latest).

there have been two different issues.

there is an enormous integrity problem with the standard C language string/storage paradigm ... leading to all sorts of integrity and exploit problems. a hardware countermeasure was being able to mark specific storage location as "non-executable" ... i.e. storage regions where instruction couldn't be fetched. it wasn't impossible for these things to occur in other (non-C) environments ... it was just that there have been no recorded examples (in part because it was significantly much more difficult to make such mistakes as compared to C environments).

lots of past posts about buffer exploits
https://www.garlic.com/~lynn/subintegrity.html#overflow

there have been some number of environments where it was possible to mark things as "executable" ... but this particular hardware protection feature is to mark things as "non-executable" as countermeasure to the enormous number of mistakes attritable to C-language programming.

old references from mid-2004 and later about linux support for no-execute
http://kerneltrap.org/node/3240
http://osdir.com/ml/linux.gentoo.amd64/2005-10/msg00050.html

the other scenario was from the original 801/risc design from 70s and subject of possible associated hardware/software trade-offs.
https://www.garlic.com/~lynn/2007r.html#28 complicated address generation unit?
https://www.garlic.com/~lynn/2007r.html#44 complicated address generation unit?

where the hardware was providing no proection at all ... not even separation between kernel mode and application mode (privileged/non-privileged). the claim was that cp.r would only load validly compiled programs and the pl.8 compiler would only product correct applications (including not allowing security violations). of course, when was decided to adapt 801/risc for unix environment and the pc/rt ... it was necessary to at least introduce machine state for privileged instructions.

part of the original design point had to do with memory mapping paradigm and the number of different distinct objects that could be in the virtual address space at one time. 801/risc performance was enhanced and hardware simplified by having 16segment registers (i.e. the address space control information in control registers) and inverted page tables. the claim was applications can compensate for the minimal number of 16 segments by changing segment register values (effectively remapping portions of the virtual address space) as easily as they could change general purpose (and/or address pointer) registers. since there was no protection domains at all (in theory having all been correctly handled by software) ... inline application code could easily change virtual address space control information (w/o requiring kernel calls involving permission and access checking)

misc. 801, risc, romp, rios, power, somerset, fort knox, etc posts
https://www.garlic.com/~lynn/subtopic.html#801

Fixing our fraying Internet infrastructure

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Sun, 04 Nov 2007 17:53:22 -0500

John Ahlstrom <AhlstromJK@comcast.net> writes:
I think the Register article is based on a parody of the report by an economist Clive Clark (http://www.ft.com/cms/s/0/b4d3d020-8037-11dc-b075-0000779fd2ac.html?nclick_check=1)

re:
https://www.garlic.com/~lynn/2007r.html# Fixing our fraying Internet infrastructure

i.e.

Technology is root of all evil, says IMF
http://www.theregister.co.uk/2007/10/23/technology_inequality_imf_economist_donkey/

also from above:
Most of the mainstream financial press have chosen to ignore this dazzling suggestion from the world globalisation bureau that globalisation is great and if something has gone wrong it must be someone else's fault. But noted economics pundit Clive Crook, writing for the Financial Times, has fallen on it with glee.

... snip ...

the "has fallen on it with glee" is click reference to

End global inequality: become a Luddite
http://www.ft.com/cms/s/e17c6aea-7fdf-11dc-b075-0000779fd2ac,Authorised=false.html?_i_location=http%3A%2F%2Fwww.ft.com%2Fcms%2Fs%2F0%2Fe17c6aea-7fdf-11dc-b075-0000779fd2ac.html%3Fnclick_check%3D1&_i_referer=http%3A%2F%2Fwww.theregister.co.uk%2F2007%2F10%2F23%2Ftechnology_inequality_imf_economist_donkey%2F&nclick_check=1

from above:
"IMF Fuels Critics of Globalisation," was the headline in the Wall Street Journal. "Technology and foreign investment are making income inequality worse around the world, the IMF said in a new report, handing critics of globalisation a powerful argument to use in their political battles," the article began.

... snip ...

search engine for "IMF Fuels Critics of Globalisation" turns up quite a few references ... like this web page with text of the wall street journal article
https://www-304.ibm.com/easyaccess1/fileserve?contentid=232077

another reference with quotes from the (WSJ) article

Oh no! Globalisation increases returns to human capital
http://www.economist.com/blogs/freeexchange/2007/10/oh_no_globalisation_increases.cfm

which also references:

Globalization and Inequality-Becker
http://www.becker-posner-blog.com/archives/2007/10/globalization_a_1.html

the above has quite a bit of discussion. part of the (base) post
... This effect of technological progress has been used to explain the sharply rising gap in earnings between college graduates and others during the past three decades in the United States (see my discussion of inequality in the blog entries for April 23 and December 10, 2006).

... snip ...

the original IMF article is here:

World Economic Outlook; Globalization and Inequality
http://www.imf.org/external/pubs/ft/weo/2007/02/index.htm

"the WEO is usually prepared twice a year" ... and this one makes references to another recent IMF report "Global Financial Stability Report" and lists some of the issues raised, like the problems in collateralized securities market. One of the things somewhat behind the scenes, but implicit in all this, are very sophisticated financial risk computer models taking into account hundreds of thousand of factors that are constantly being updated. From an financial risk modeling standpoint, one might be tempted to conclude that recent issues in the collateralized securities market may have involved inaccurate and/or missing information.

recent posts mentioning subprime mortgages (related to the collateralized securities market)
https://www.garlic.com/~lynn/2007j.html#81 IBM Unionization
https://www.garlic.com/~lynn/2007j.html#82 IBM Unionization
https://www.garlic.com/~lynn/2007k.html#10 IBM Unionization
https://www.garlic.com/~lynn/2007k.html#12 IBM Unionization
https://www.garlic.com/~lynn/2007o.html#0 The Unexpected Fact about the First Computer Programmer
https://www.garlic.com/~lynn/2007p.html#50 Newsweek article--baby boomers and computers
https://www.garlic.com/~lynn/2007q.html#28 what does xp do when system is copying
https://www.garlic.com/~lynn/2007q.html#41 Newsweek article--baby boomers and computers

Fixing our fraying Internet infrastructure

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Sun, 04 Nov 2007 18:29:18 -0500

re:
https://www.garlic.com/~lynn/2007r.html#53 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#58 Fixing our fraying Internet infrastructure

for other topic drift ... one of the most successful breakouts for massively parallel "GRID" computing (from national labs), has been into financial market segment (a lot of it supporting financial modeling).

recent reference here ... looking at being able to improve financial modeling performance, including enabling "real-time" trading
https://www.garlic.com/~lynn/2007k.html#23 Another "migration" from the mainframe
https://www.garlic.com/~lynn/2007l.html#34 Is Parallel Programming Just Too Hard?
https://www.garlic.com/~lynn/2007l.html#65 mainframe = superserver

and this reference ..

Grid Computing for Financial Services 2007 Future Grid: Dominate the financial markets with outstanding processing capability, technology management and infrastructure development (London, UK)
http://www.iqpc.com/cgi-bin/templates/genevent.html?topic=233&event=12603&

although bleeding edge is still in national labs and research institutions, recent article here

Argonne Labs plans half-petaflop BlueGene supercomputer
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9045418
IBM Blue Gene/P Supercomputer Comes to U.S.
http://www.cioinsight.com/article2/0,1540,2211361,00.asp

i.e.
Argonne National Laboratory will gain 445 teraflops of computing power from the new supercomputer.

and ...
The Armonk, N.Y., company is currently building its first Blue Gene/P system at the Julich Research Center in Germany.

...

for other drift ... long ago and far away
https://www.garlic.com/~lynn/95.html#13
https://www.garlic.com/~lynn/96.html#15

much of our work on medusa was oriented towards the commerical market ... misc. old email
https://www.garlic.com/~lynn/lhwemail.html#medusa

Fixing our fraying Internet infrastructure

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Mon, 05 Nov 2007 08:17:44 -0500

Anne & Lynn Wheeler <lynn@garlic.com> writes:
the original IMF article is here:

World Economic Outlook; Globalization and Inequality
http://www.imf.org/external/pubs/ft/weo/2007/02/index.htm

"the WEO is usually prepared twice a year" ... and this one makes references to another recent IMF report "Global Financial Stability Report" and lists some of the issues raised, like the problems in collateralized securities market. One of the things somewhat behind the scenes, but implicit in all this, are very sophisticated financial risk computer models taking into account hundreds of thousand of factors that are constantly being updated. From an financial risk modeling standpoint, one might be tempted to conclude that recent issues in the collateralized securities market may have involved inaccurate and/or missing information.

re:
https://www.garlic.com/~lynn/2007r.html#53 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#58 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#59 Fixing our fraying Internet infrastructure

this old, long winded post mentions a number of things, including some of the home loan problems from the 80s, one was that variable rate home loans nearly took citibank under and as a result they totally got out of the mortgage market
https://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management and Information Security

for past couple days citibank again has been having problems with variable rate loans

In Citi shake-up, broader troubles
http://www.theaustralian.news.com.au/story/0,25197,22705392-36375,00.html Sub-prime fallout claims Citigroup chairman
http://www.nbr.co.nz/home/column_article.asp?id=19420&cid=8&cname=News
Yen Rises as Citigroup Writedowns Prompt Carry-Trade Reduction
http://www.bloomberg.com/apps/news?pid=20601085&sid=aFQz1RhA98mU&refer=europe
Subprime crisis last blow for Citi head
http://www.msnbc.msn.com/id/21625483/ Citi Is A Mess
http://www.forbes.com/business/2007/11/05/citigroup-prince-exits-business-cx_lm_1105prince.html World shares fall as Citi reignites credit concerns
http://investing.reuters.co.uk/news/articleinvesting.aspx?type=tnBusinessNews&storyID=2007-11-05T090530Z_01_N02311433_RTRIDST_0_BUSINESS-MARKETS-GLOBAL-DC.XML

interview in real time on one of the business channels is claiming that the institutions currently having problems with collaterized securities, weren't doing risk management (not restricted just to citi).

The new urgency to fix online privacy

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Mon, 05 Nov 2007 08:52:36 -0500

re:
https://www.garlic.com/~lynn/2007r.html#26 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#29 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#54 The new urgency to fix online privacy

somewhat recent article

Uncle Sam's newest security challenge to businesses
http://news.zdnet.com/2100-1009_22-6216821.html

a few snipets from above:
These breaches come with a high price tag. Forrester Research says that a security breach can cost anywhere between $90 and $305 per record,

Protecting financial information for a small retail chain will not be the same as what's required for an international bank.

The business world has already experienced the impact of government attempting to control the inner workings of an organization. Sarbanes-Oxley is well-intentioned, but the cost of compliance has been staggering for many businesses.

... snip ...

in much of the attention related to privacy ... repeated surveys have shown that general consumer concerns hasn't been so much preventing disclosing of general personal information ... but specifically with preventing disclosing of personal information that can result in fraud, id theft, and/or (institutional) denial of service

while i've mentioned that x9.59 financial standard protocol
https://www.garlic.com/~lynn/x959.html#x959

was designed to be privacy agnostic
https://www.garlic.com/~lynn/subpubkey.html#privacy

there was major effort in x9.59 to eliminate most of the existing fraud. in the mid-90s, the x9a10 financial standard working group had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments. part of that was doing a detailed vulnerability and threat analysis.

part of x9.59 was eliminating much of the confusion between identification and authentication, and being able to leverage strong authentication in lieu of identification ... and thereby eliminating much of the general fallback to identification as part of financial transactions. at the same time, x9.59 was targeted at eliminating the fraud that rises from numerous kinds of evesdropping, skimming, harvesting, data breaches, security breaches, etc. The claim was that harvesting of previous transactions (enabling various kinds of replay attacks and other kinds of fraud) would be nearly impossible to prevent. The issue was the existing infrastructure places nearly diametrically opposing requirements on the information from those previous transactions ...

• required to be generally available for numerous business process • required to be kept confidential and never divulged

we had also been called in to help wordsmith the cal. state electronic signature law ... and then the fed. electronic signature law
https://www.garlic.com/~lynn/subpubkey.html#signature

some of the other organizations that were participating in the electronic signature legislation were also involved in the data breach and security breach disclosure legislation effort and had done detailed consumer surveys and studies related to that effort. the primary concerns that were raised with regard to personal information disclosure was 1) enabling fraud and 2) could be used by organization and institutions for denial of service.

a lot of churn and swirl around privacy frequently fails to establish any priority or ranking as to different kinds of threats and vulnerabilities related to different kinds of personal information disclosure.

CSA 'above the bar'

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: CSA 'above the bar'
Newsgroups: bit.listserv.ibm-main
Date: Mon, 05 Nov 2007 09:20:30 -0500

John.Mckown@HEALTHMARKETS.COM (McKown, John) writes:
Just as a thought. Could somebody write a subsystem which starts at IPL time, does the shared GETMAIN, then (here's the rub) somehow have that memory automatically added to every address space which starts thereafter? I don't know enough about subsystems. I would guess that it would be easier for said subsystem to implement a PC so that a "client" could request access to the shared GCSA (to coin a phrase for it - G for Grande, like the HLASM instructions). The PC would set up all the "difficult" parts and return a 64-bit address to the shared memory space.

re:
https://www.garlic.com/~lynn/2007r.html#56 CSA 'above the bar'

i had done something similar, but different in the waning days of cp67 and then ported it to vm370. it was generalized memmap function that allowed different virtual address spaces to have the same shared memory object at different addresses.

vm370 started out with a drastic subset of this function that was cribbed off the virtual "IPL" command. however, it was dependent on providing r/o sharing of the same object by "segment protection" feature that was part of the original, base 370 virtual memory architecture.

this was one of the features that got dropped when the retrofit of virtual memory hardware to 370/165 ran into scheduling problems ... could regain six month in schedule if several features were dropped (and the favorite son operating system in pok claimed that they didn't find the features really useful).

as a result, this caused all the other processors that already had implemented full 370 virtual memory architecture to go back and pull the dropped features. it also forced the vm370 group to significantly redo their implementation on how to protect shared segments across multiple different virtual address spaces (effectively a real cludge that had been used in cp67)

in any case, a drastic subset of my (genealized) memory mapping and sharing implementation was eventually released as something called discontiguous shared segments.

lots of past posts mentioning the cms filesystem changes supporting memory mapping (and page mapped operation)
https://www.garlic.com/~lynn/submain.html#mmap

and numerous posts discussing the difficulty that the os/360 relocatable adcon convention represented for allowing sharing same object in different virtual address spaces at potentially different virtual addresses
https://www.garlic.com/~lynn/submain.html#adcon

while tss/360 had numerous other problems, they at least adopted a different convention to address relocatable address constant issue for a shared, virtual memory environment

Translation of IBM Basic Assembler to C?

Refed: **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Mon, 05 Nov 2007 10:09:04 -0500

Bernd Felsche <bernie@innovative.iinet.net.au> writes:
Only the bank. The conversation between your computer and the bank's should be encrypted end-to-end. If it isn't, then the bank lasts about 3 days online. Everything that they had will be in offshore banks.

we had been called in to consult with small client/server startup that wanted to do financial transactions on their server and had this technology they wanted to use that they had invented called SSL.

SSL was suppose to address two issues

1) is the webserver you think you are talking to, actually the webserver you are talking to

2) encrypt/hide the data transmitted

almost immediately major deployment of SSL compromised the first objective and could allow spoofing/impersonation attacks and/or man-in-the-middle attacks
https://www.garlic.com/~lynn/subintegrity.html#mitmattack

recent long-winded thread in another n.g.
https://www.garlic.com/~lynn/2007q.html#72 Value of SSL client certificates?
https://www.garlic.com/~lynn/2007q.html#73 Value of SSL client certificates?
https://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#19 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#24 How to tell a fake SSL certificate from a real one
https://www.garlic.com/~lynn/2007r.html#49 How to tell a fake SSL certificate from a real one

the major use of SSL has been for "hiding" these financial transactions (during tansmission) ... keeping them hidden from prying eyes. however, later when we were working on x9.59 financial standard protocol ... it was realized that the major vulnerability for these operations weren't "data in transit" but "data at rest" (i.e. the data breaches and security breaches).

part of the issue was the diametrically opposing requirements for much of the data, being readily available and at the same time kept confidential and never divulged.

from the security acronym "PAIN"
• Privacy (sometimes CAIN and confidential) • Authentication • Integrity • Non-repudiation

basically the SSL encryption was achieving security via Privacy (or Confidential).

In effect, x9.59 financial standard protocol
https://www.garlic.com/~lynn/x959.html#x959

substituted Authentication and Integrity for Privacy to achieve security. In fact, the claim is that it is no longer actually required to hide such transactions for security purposes (i.e. requirement given the x9a10 financial standard working group to preserve the integrity of the financial institution for all retail payments). X9.59 doesn't eliminate evesdropping, skimming, data breaches, security breaches, etc ... but eliminates the threats, risks, vulnerabilities, fraud, etc that might result from such events.

other recent posts mentioning x9a10 financial standard working group
https://www.garlic.com/~lynn/2007o.html#0 The Unexpected Fact about the First Computer Programmer
https://www.garlic.com/~lynn/2007o.html#28 EZPass: Yes, Big Brother IS Watching You!
https://www.garlic.com/~lynn/2007q.html#11 what does xp do when system is copying
https://www.garlic.com/~lynn/2007q.html#72 Value of SSL client certificates?
https://www.garlic.com/~lynn/2007r.html#21 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#29 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#34 Is the media letting banks off the hook on payment card security
https://www.garlic.com/~lynn/2007r.html#54 The new urgency to fix online privacy
https://www.garlic.com/~lynn/2007r.html#61 The new urgency to fix online privacy

CSA 'above the bar'

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Newsgroups: bit.listserv.ibm-main
Subject: Re: CSA 'above the bar'
Date: Mon, 05 Nov 2007 19:17:37 -0500

bdissen@DISSENSOFTWARE.COM (Binyamin Dissen) writes:
Does z/VM use virtual storage?

comment in this thread asking how many times has virtual memory been reinvented
https://www.garlic.com/~lynn/2007r.html#51 Translation of IBM Basic Assembler to C?

some footnotes about the science center
https://www.garlic.com/~lynn/subtopic.html#545tech

from Melinda's paper "VM and the VM Community: Past, Present, and Future"
http://www.leeandmelindavarian.com/Melinda/
http://www.leeandmelindavarian.com/Melinda#VMHist

...
What was most significant was that the commitment to virtual memory was backed with no successful experience. A system of that period that had implemented virtual memory was the Ferranti Atlas computer, and that was known not to be working well. What was frightening is that nobody who was setting this virtual memory direction at IBM knew why Atlas didn't work

... snip ...

quoted from L.W. Comeau, "CP-40, the Origin of VM/370", Proceedings of SEAS AM82, September, 1982

and ...
Creasy had decided to build CP-40 while riding on the MTA. "I launched the effort between Xmas 1964 and year's end, after making the decision while on an MTA bus from Arlington to Cambridge. It was a Tuesday, I believe." (R.J. Creasy, private communication, 1989.)

... snip ...

cp40 was built on specially modified 360/40 with virtual memory hardware ... implementing virtual machines. This morphed into cp67 when 360/67 with standard virtual memory became available.

and as per previous post in thread
https://www.garlic.com/~lynn/2007r.html#56 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#62 CSA 'above the bar'

the initial hack to mvt for os/vs2, in support of 370 virtual memory, involved borrowing a lot of code from cp67.

lots of the vm370 microcode assists developed during the 70s and early 80s eventually morphed into pr/sm and current day LPARs ... which is basically stripped down version of full VM virtual machine function.

CSA 'above the bar'

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: lynn@GARLIC.COM (Anne & Lynn Wheeler)
Subject: Re: CSA 'above the bar'
Newsgroups: bit.listserv.ibm-main
Date: 5 Nov 2007 16:45:47 -0800

eamacneil@YAHOO.CA (Ted MacNEIL) writes:
That's why there can be a 'double paging' penalty for a LINUX (or z/OS, or z/VM, or...).

z/VM, and its predecessors, has always had the capability to defines more storage than is on the box.

It even has swap files.

i had other problems with the os/vs2 group (initially svs before it morphed into mvs).

one was all the stuff about LRU replacement algorithms and what it met. lots of posts on the subject
https://www.garlic.com/~lynn/subtopic.html#wsclock

early on, the pok performance modeling group had discovered on a page fault that if it selected "non-changed" pages (for replacement) before "changed" pages ... there wouldn't need the overhead of doing a write before the read. i tried to convince them it would be violated fundamental tenents of LRU replacement paradigm. It wasn't until well into MVS releases that somebody pointed out that they were selecting for replacement, high-use, non-changed, system/shared executable pages, before (lower use) private application data pages (which were changed/modified).

another issue isn't just the double paging overhead ... there is the possibility that a virtual guest is running a LRU-like replacement algorithm and selecting a real page with a low use virtual page for replacement (to be refreshed with the missing page). VM may also be doing LRU-like replacement algorithm and noticed (also) that the guest's real page (virtual machine virtual page) hadn't been recently used and selected it for replacement. The pathelogical problem is that the guest may always be deciding it needs one of its real pages (because the corresponding virtual pages weren't being used) moments after VM has decided to remove the corresponding guest virtual machine page from real storage .... aka running a virtual guest's LRU-like replacement algorithm can violate the premise behind LRU replacement ... since the guest's real page that corresponds to the guest's least recently used virtual page has some probability of being the next page that the guest might actually decide to use

misc. past posts in thread:
https://www.garlic.com/~lynn/2007r.html#56 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#62 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#64 CSA 'above the bar'

The new urgency to fix online privacy

Refed: **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Tue, 06 Nov 2007 08:53:26 -0500

Bernd Felsche <bernie@innovative.iinet.net.au> writes:
Many online stores opt to use payment processing systems offered by their out-sourced web service provider. None of them will store any critical financial data ... it's all passed through and once the data transfer has been acknowledged, details get neutered before committed to long-term storage (for audit trails).

this is an example of how SSL (use) became broken as designed.

we had been called in to consult with a small client/server startup that wanted to do payments on their server and had this technology they had invented called SSL. recent post with some discussion of some implementation characteristics of the early implementation
https://www.garlic.com/~lynn/2007r.html#13 What do ATMS and card readers use?

lots of other posts mentioning that effort
https://www.garlic.com/~lynn/subnetwork.html#gateway

the requirement for e-commerce

1) is the website the user thinks they are talking to, the website they are actually talking to (countermeasure to man-in-the-middle attacks, impersonation exploits, etc).

2) hide/encrypt transmission

this required that users realize/know the relationship between the website they are talking to and the corresponding URL. the assumption was that the user provided a "trusted" URL ... and then SSL protocol assured the correspondence between the supplied, trusted URL and the website actually contacted.

almost immediately, merchants found that use of SSL during the shopping phase, dropped their thruput by 80-90 percent and so dropped SSL from the initial connection (eliminating #1 part of SSL function)

the websites then would provide a click/pay button where the (possibly fraudulent and/or spoofed) website provided the SSL URL to the browser. this accelerated the disconnect between consumers awareness between URL and the websites they thought they were talking to. In the case of payment processing outsourcing, the click/pay button could even involve a URL that was totally different than the merchant website's, widening the gap between end user's URL awareness and the corresponding website.

then SSL will dutifully encrypt/hide the transaction information between the end users and the possibly fraudulent website.

a crook just needed to register any domain name and obtain a valid SSL domain name digital certificate for that domain name. this was somewhat behind our early comments about "comfort" certificates.
https://www.garlic.com/~lynn/subpubkey.html#sslcert

we then got involved with the x9a10 financial standard working group which in the mid-90s had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments ... that resulted in the x9.59 financial standard
https://www.garlic.com/~lynn/x959.html#x959

as part of the x9a10 effort, there were detail end-to-end vulnerability and threat studies of all aspects of the payment transactions ... lots of posts about fraud, threats, risks, vulnerabilities, exploits
https://www.garlic.com/~lynn/subintegrity.html#fraud

and all the related business processes ... included regulations where merchants are mandated to have logs of transactions for extended periods as part of things like processing returns, charge backs, disputes, etc. ... part of the observation that the current infrastructure places diametrically oppossing requirements on the information ... that it be both readily (and potentially widely) available and at the same time kept confidential and never disclosed (aka potentially a payment card should be kept in the users safe deposit box and never used).

the work on x9.59 standard was required to address all the issues, not just a small percentage potentially for some specific environment. this is part of the characteristic that we claimed that x9.59 was made privacy agnostic
https://www.garlic.com/~lynn/subpubkey.html#privacy

CSA 'above the bar'

Refed: **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: CSA 'above the bar'
Newsgroups: alt.folklore.computers,bit.listserv.ibm-main
Date: Tue, 06 Nov 2007 10:06:25 -0500

Herbie.VanDalsen@ELAVON.COM (Van Dalsen, Herbie) writes:
Someone wants to create a shared block of memory CSA/not and share it between programs. My understanding is that a 24-bit program can address 24-bit addresses, 31-bit...., 64-bit... So in my inexperienced mind the 24bit program could never share in the happiness of this above the bar heaven of shared storage.

as i mentioned in this post
https://www.garlic.com/~lynn/2007r.html#62 CSA 'above the bar'

... the way that i originally did sharing implementation and mmap support
https://www.garlic.com/~lynn/submain.html#mmap

was that the same shared object wasn't required to occupy the same virtual address in every virtual address space. however, it could represent a challenge when program images with "relocatable address constants" were involved
https://www.garlic.com/~lynn/submain.html#adcon

there would still be an issue of the amount of happiness (available in 24bit mode) as opposed to any happiness.

it would create a problem for processors that had virtual caches ... i.e. cache lines indexed by virtual address ... resulting in synonyms/duplicates in the cache when the same object was addressed by different virtual addresses.

here is old email discussing dual index 3090 D-cache
https://www.garlic.com/~lynn/2003j.html#email831118

in this post
https://www.garlic.com/~lynn/2003j.html#42 Flash 10208

other posts about virtual cache
https://www.garlic.com/~lynn/2006u.html#37 To RISC or not to RISC
https://www.garlic.com/~lynn/2006v.html#6 Reasons for the big paradigm switch
https://www.garlic.com/~lynn/2006w.html#17 Cache, TLB, and OS

one of the other issues for TLB (hardware that translates virtual page addresses to real page addresses) ... all the entries were tagged/associated with specific virtual address spaces ... i.e. "STO-associative". This generalized mechanism resulted in a huge number of "duplicated" entries CSA/common-segment. So as a special case optimization for the whole MVS CSA/common-segment hack gorp ... a special option was provided that identified virtual addresses as something belonging to common-segment. These areas then became associated in the TLB with effectively a system-wide, unique, artificial "common-segment" virtual address space (effectively violating the whole generalized virtual address space architecture ... rather than associated with generalized virtual address space ... it became associated with a custom operating system specific construct that was known to have very specific characteristics).

past post in this thread discussing rise of the whole ugly common segment gorp
https://www.garlic.com/~lynn/2007r.html#56 CSA 'above the bar'

other posts in this thread
https://www.garlic.com/~lynn/2007r.html#64 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#65 CSA 'above the bar'

High order bit in 31/24 bit address

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: High order bit in 31/24 bit address
Newsgroups: alt.folklore.computers,bit.listserv.ibm-main
Date: Tue, 06 Nov 2007 13:38:01 -0500

ssamson@DC.RR.COM (Steve Samson) writes:
As for 32-bit mode (TSS) I don't have a POPS for that architecture but I suspect the HO bit is treated as any other. TSS did not use the "sign bit" as a signal, just as an address bit.

lots of 360 documents at bitsavers:
http://www.bitsavers.org/pdf/ibm/360/

including various functional characteristics
http://www.bitsavers.org/pdf/ibm/360/functional_characteristics/

specifically 360/67 functional characteristics a27-2719-0
http://www.bitsavers.org/pdf/ibm/360/functional_characteristics/A27-2719-0_360-67_funcChar.pdf
and ga27-2719-2
http://www.bitsavers.org/pdf/ibm/360/functional_characteristics/GA27-2719-2_360-67_funcChar.pdf

which has a lot of the gory details.

as somewhat referenced here ... 360/67 was originally intended for use by tss/360 ... but for a whole variety of reasons, most of them ran cp67 (or in straight 360/65 mode with mvt w/o using virtual memory hardware)
https://www.garlic.com/~lynn/2007r.html#64 CSA 'above the bar'
curtesy of science center
https://www.garlic.com/~lynn/subtopic.html#545tech

in any case, psw format, pg. 15


bit         meaning
0-3         spare (must be 0)
4           24-32 bit address mode
5           translation control
6           i/o mask (summary)
7           external mask (summary)
8-11        protection key
12          ascii-8 mode
13          machine check mask
14          wait state
15          problem state
16-17       instruction length code
18-19       condition code
20-23       program mask
24-31       spare
32-63       instruction address

...

there were a quite a few of the machines used internally.

one of the projects were adding 370 virtual machine option to cp67 simulation ... this was having cp67 simulate the new instructions added to 370 (prior to announcement of 370 virtual memory).

one of the places that deployed numerous of these machines was in the field/data processing/sales division for a project called HONE
https://www.garlic.com/~lynn/subtopic.html#hone

for Hands-On Network Environment ... the idea was that in the wake of 23jun69 unbundling announcement
https://www.garlic.com/~lynn/submain.html#unbundle

that SEs in the branch office could get operating system "hands-on" experience with (370) systems running in cp67 (370) virtual machines.

however, the science center had also ported apl\360 to cms for cms\apl and done a lot of work enhancing it to operate in "large" virtual memory environment (most apl\360 was limited to 16k workspaces, hardly adequate for many real world problems). With cms\apl, there were lots of new (internal) apl-based applications developed (some number of them of the genre that today would be done with spreadsheets) ... including "configurators" ... which basically filled out mainframe system orders for the branch office personal. As the use of these applications grew on HONE ... eventually they eclipsed the virtual guest "hands-on" training and would consume all available resources. at some point in the 70s, it was not even possible to submit a mainframe order that hadn't been run thru HONE configurator.

science center had also done quite a bit of work in the area of sophisticated system performance modeling ... including laying the groundwork for what would become capacity planning. some of this i've commented about with regard to calibrating and validating
https://www.garlic.com/~lynn/submain.html#benchmark
the release of my resource manager
https://www.garlic.com/~lynn/subtopic.html#fairshare

in addition, a flavor of the performance modeling work was also deployed on HONE as the (apl based) performance predictor. Branch office people could submit customer configuration and workload details/characteristics and then ask "what-if" questions of the performance predictor ... as to what would happen if there was configuration and/or workload changes.

another project was doing the cp67 changes to support a full 370 virtual memory implementation. this had a version cp67 running either in a 360/67 virtual machine (under cp67) or stand-alone real 360/67 simulating virtual machine with full 370 virtual memory operation. Then there was a custom version of cp67 that believed it ran on 370 virtual memory "hardware" (rather than on 360/67 hardware). This was in regular production use a year before the first engineering 370 machine with virtual memory support was operational (and long before announcement).

past posts in the related thread:
https://www.garlic.com/~lynn/2007r.html#56 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#62 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#64 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#65 CSA 'above the bar'
https://www.garlic.com/~lynn/2007r.html#67 CSA 'above the bar'

CSA 'above the bar'

Refed: **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: CSA 'above the bar'
Newsgroups: alt.folklore.computers,bit.listserv.ibm-main
Date: Tue, 06 Nov 2007 15:05:52 -0500

Anne & Lynn Wheeler <lynn@garlic.com> writes:
one of the other issues for TLB (hardware that translates virtual page addresses to real page addresses) ... all the entries were tagged/associated with specific virtual address spaces ... i.e. "STO-associative". This generalized mechanism resulted in a huge number of "duplicated" entries CSA/common-segment. So as a special case optimization for the whole MVS CSA/common-segment hack gorp ... a special option was provided that identified virtual addresses as something belonging to common-segment. These areas then became associated in the TLB with effectively a system-wide, unique, artificial "common-segment" virtual address space (effectively violating the whole generalized virtual address space architecture ... rather than associated with generalized virtual address space ... it became associated with a custom operating system specific construct that was known to have very specific characteristics).

re:
https://www.garlic.com/~lynn/2007r.html#67 CSA 'above the bar'

from z/architecture principles of operation
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dz9zr003/CCONTENTS

segment-table entries
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dz9zr003/3.11.2.2?DT=20040504121320

defining the (MVS-specific) common-segment bit (in 64bit address segment table) ... aka
Common-Segment Bit (C): Bit 59 controls the use of the translation-lookaside-buffer (TLB) copies of the segment-table entry and of the page table which it designates. A zero identifies a private segment; in this case, the segment-table entry and the page table it designates may be used only in association with the segment-table origin that designates the segment table in which the segment-table entry resides. A one identifies a common segment; in this case, the segment-table entry and the page table it designates may continue to be used for translating addresses corresponding to the segment index, even though a different segment table is specified.

... snip ...

... aka segment table (and the corresponding segment table origin address or "STO") is effective equivalent to unique virtual address space.

since MVS has the common segment(s) appearing in every virtual address space, rathing than filling up TLB entries with large number of duplicated entries for the same information, effectively create a special class of virtual addresses that apply across everything in the system. this ugly common segment gorp then creates all sort of complications (that weren't part of the original virtual memory architecture) ... see the programming notes regarding common segment operation/problems at the above URL describing segment-table entries.

Latest OECD broadband data puts US in middle of the pack on speed, price

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Latest OECD broadband data puts US in middle of the pack on speed, price
Newsgroups: alt.folklore.computers
Date: Tue, 06 Nov 2007 15:33:19 -0500

Latest OECD broadband data puts US in middle of the pack on speed, price
http://arstechnica.com/news.ars/post/20071106-latest-oecd-broadband-data-puts-us-in-middle-of-the-pack-on-speed-price.html

misc. items from above:
After OECD reports showed the US dropping down the list when it came to broadband penetration (it is now ranked 15th in the number of broadband subscribers per 100 inhabitants), ... ... The OECD examined the average monthly subscription for a broadband connection (regardless of speed or technology) and found that the US sits in 21st place. ... If we look at raw speed, the US is still stuck in 14th.

... snip ...

other threads related to this topic:
https://www.garlic.com/~lynn/2007g.html#6 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007g.html#7 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007g.html#34 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007g.html#35 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007g.html#52 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007g.html#68 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007h.html#42 Experts: Education key to U.S. competitiveness
https://www.garlic.com/~lynn/2007i.html#13 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007l.html#22 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007o.html#20 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007o.html#21 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007o.html#22 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007p.html#15 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007p.html#18 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007p.html#22 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007p.html#32 U.S. Cedes Top Spot in Global IT Competitiveness
https://www.garlic.com/~lynn/2007q.html#18 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#19 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#60 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007q.html#62 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#25 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#33 Students mostly not ready for math, science college courses
https://www.garlic.com/~lynn/2007r.html#36 Students mostly not ready for math, science college courses
https://www.garlic.com/~lynn/2007r.html#38 Students mostly not ready for math, science college courses
https://www.garlic.com/~lynn/2007r.html#46 Students mostly not ready for math, science college courses
https://www.garlic.com/~lynn/2007r.html#53 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#58 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#59 Fixing our fraying Internet infrastructure
https://www.garlic.com/~lynn/2007r.html#60 Fixing our fraying Internet infrastructure

The new urgency to fix online privacy

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Tue, 06 Nov 2007 17:03:30 -0500

Dave Garland <dave.garland@wizinfo.com> writes:
I have only seen this in some grocery stores. They will take your check, run it through a reader (that presumably reads the machine-readable routing number, account number, and check number) and give it back to you. You don't fill in an amount (I don't recall whether the cashier punches the amount into a keypad, or whether it interfaces with the cash register) or sign it. It is then withdrawn from your account as if it had been a signed paper check processed in the usual way.

recent note ...

New Fed Pricing Expected to Spur Further Moves to Electronic Processing
http://www.digitaltransactions.net/newsstory.cfm?newsid=1572

from above:
The Federal Reserve Board is cutting its fees for handling Check 21 items delivered to paying banks electronically but raising tariffs for processing paper checks and the substitute checks authorized under Check 21, a Fed announcement released on Tuesday says.

... snip ...

there is also some recent news items about patent legal action against companies implementing/deploying remote/electronic check image capture.

Other Shoe Drops As USPTO Affirms Second DataTreasury Patent
http://www.digitaltransactions.net/newsstory.cfm?newsid=1556

Translation of IBM Basic Assembler to C?

Refed: **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Tue, 06 Nov 2007 17:46:21 -0500

Charlton Wilbur <cwilbur@chromatico.net> writes:
I recall reading somewhere that the biggest source of stolen credit card numbers was actually restaurants: you hand your credit card over to the waiter, who takes it off and runs it, and has ample opportunity to copy down all the important information on it. By hand, no computer or other technology necessary.

in the 60s/70s there was activity creating counterfeit cards from just known account number information. an enhancement to the magstripe was fairly quickly developed that added special code (CVV, CVC etc) as countermeasure to this kind of exploit ... see reference here
https://en.wikipedia.org/wiki/Card_Security_Code

That gave rise to "skimming" attacks ... recording all the information off a valid magstripe (necessary) for production of counterfeit cards.

just manual copying, pretty much limits fraud to card-not-present attack (i.e. internet, phone, mail-order) ... all kinds of card-not-present fraud is something like 1/6th to 1/5th of all credit card fraud. fraud from waiter doing manual copying of credt card information would be some limited part of card-not-present fraud.

in the 90s there was case of (NYC) waiter who had miniture card swipe reader pinned to the inside of his lapel connected to a PDA. at the end of the shift ... all of the harvested magstripe information was sent over the internet to some location in the far east where counterfeit cards were on the street almost immediately

there has been quite a bit about various kinds of compromises of point-of-sale terminals (overlays, insides electroniclly modified, etc) comparable to some of the skimming/compromises documented for ATM machines

similar article from jan2002
https://www.garlic.com/~lynn/aepay10.htm#6 credit card & gift card fraud

above referenced article mentions that the kind of magstripe card skimming device was demonstrated at CalTech in the 60s.

others
https://www.garlic.com/~lynn/aepay6.htm#ccfraud latest credit scam puts plastic in peril ... is your credit card being cloned?
https://www.garlic.com/~lynn/aepay6.htm#ccfraud2 out of control credit card fraud
https://www.garlic.com/~lynn/aepay9.htm#risks credit card & gift card fraud
https://www.garlic.com/~lynn/aepay10.htm#41 ATM Scams - Whose Liability Is It, Anyway?
https://www.garlic.com/~lynn/aepay10.htm#44 Credit Card Skimming Rising In the US
https://www.garlic.com/~lynn/aepay11.htm#18 Hacker accesses 2.2 million credit cards
https://www.garlic.com/~lynn/aepay11.htm#22 FBI Probing Theft of 8 Million Credit Card Numbers

a little search engine for information about rates turns up this for australia
http://www.moneybuddy.com.au/credit-cards/credit-card-security.html

that states that nearly half the credit card fraud is from magstripe "skimming" (either compromising the normal terminal with special recording and/or having dedicated device for additional swipes for the purpose).

previous post
https://www.garlic.com/~lynn/2007o.html#27 EZPass: Yes, Big Borther IS Watching You!

that found statistics where 1/3 of credit card fraud was from combination of "lost/stolen" card and "intercepted in post".

all kinds of "card-not-present" fraud is on the order of 1/6th to 1/5th of all credit card fraud. fraud from waiter doing manual copying of credit card information would be some limited part of card-not-present fraud.

Translation of IBM Basic Assembler to C?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Translation of IBM Basic Assembler to C?
Newsgroups: alt.folklore.computers
Date: Wed, 07 Nov 2007 07:59:11 -0500

Howard S Shubs <howard@shubs.net> writes:
My understanding is that they stopped shipping checks around in early 2006 or thereabouts. Everything since then has to have been a recreated check. Not so?

recent post with reference to FED check processing
https://www.garlic.com/~lynn/2007r.html#71 The new urgency to fix online privacy

the referenced article has several statements about both paper checks and electronic checks

New Fed Pricing Expected to Spur Further Moves to Electronic Processing
http://www.digitaltransactions.net/newsstory.cfm?newsid=1572

another reference from above:
Over the past four years, the Fed has reduced the number of check-processing sites from 45 to 19, and has plans to reduce that count to four by early 2011.

... snip ...

System 360 EBCDIC vs. ASCII

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: System 360 EBCDIC vs. ASCII
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Wed, 07 Nov 2007 09:12:30 -0500

timothy.sipples@US.IBM.COM (Timothy Sipples) writes:
An awful lot of modems and serial connections had to handle 7-bit, too, complicating the user experience for dial-up access to host systems, BBSes, etc. Basically if you set your modem to 7 bits, you struggled to transfer binary files (see: Kermit), and PC extensions for things like line drawing characters looked like a jumbled mess. If you set your modem to 8 bits you usually lost the parity bit, so you lost what little error checking you had. And a lot of systems still tried to use that high order bit for parity, so you saw a jumbled mess on your PC again. Owners of modem dial-up pools installed workarounds to try to detect what the end user had set, but this was a mess, too. On some systems you wouldn't see anything, so you didn't know what to do. (The correct answer: hit Enter a few times, or maybe Escape, or....) I'm sure AT&T enjoyed some extra earnings as dial-up modem users had to call over and over again, hoping to get the configuration settings right through trial and error, all because of the complications of 7 versus 8 bits. This affected all sorts of serial connections, including hardwired ones: plotters, ASCII terminals, etc.

when cp67 was installed at the univ the last week of jan68, it had terminal support for 1052s and 2741s ... but the univ. had some number of tty/ascii devices. so one of the modifications to cp67 was to add tty/ascii terminal support.

the base cp67 code had some stuff for dynamically determining the terminal type and "switching" the 2702 line scanner using the SAD command. so to remain consistent, i worked out a process to add TTY/ascii terminal support ... preserving the base cp67 dynamic terminal type determination. the univ. also was getting dial-up interface ... with base number that would roll-over to the first unused line. the idea that all terminals could dial in on the same phone number, regardless of type.

this "almost" worked ... but it turned out that they had taken some short cuts with 2702 implementation. the issue was that while SAD command would switch the line scanner ... but the short-cut was that the line-speed oscillator was hard-wired to each port. for hard-wired lines ... the appropriate terminal types was connected to the appropriate 2702 with the corresponding line-speed wired (and then cp67 could dynamically determine the correct terminal type and switch the line scanner as needed with the SAD command). However, this wouldn't work for dial-up lines with common dial-in pool ... where any terminal type might get connected to any 2702 port.

so somewhat because of this, the univ. decided to build our own clone controller that would also be able to perform dynamic line-speed determination. this involved reverse engineering the 360/67 multiplexor channel interface and building a channel interface board for an Interdata/3 minicomputer (platform for implemented controller clone). misc. past posts about the clone controller project
https://www.garlic.com/~lynn/submain.html#360pcm

i remember two "bugs" from the project.

one bug involved "red-lighting" the 360/67. the 360/67 had high-resolution timer that tic'ed at approx 13microsec. the timer had to update loc. 80 storage when it "tic'ed". If the timer tic'ed a 2nd time before the previous tic had been updated in storage (say because some channel/controller had obtained the storage bus and failed to release it for that perioid), the timer would force a red-light/machine check.

the other bug was initially getting ascii data into storage .. after running it thru standard ascii->ebcdic translation table, it was all garbage. we eventually figured out every byte was "bit-reversed" ... i.e. 2702 line-scanner would take leading bit off the line and store it in low-order bit position (in a byte ... reversing the order of bits off the line). the interdata/3 started out doing standard ascii taking leading bit off the line and storing it in the high-order bit in a byte. so initially, the ascii bytes was getting to 360/67 main memory in non-bit-reversed bytes and then being run through the standard 2702 ascii->ebcdic (bit-reversed) translation table.

this project got written up as the four of us being instrumental in starting the clone controller business.

of course, all the clone controller business was the major motivation for the future system project ... lots of past posts
https://www.garlic.com/~lynn/submain.html#futuresys

including a few with this reference
https://www.ecole.org/en/session/49-the-rise-and-fall-of-ibm
https://www.ecole.org/en/session/49-the-rise-and-fall-of-ibm

from above:
IBM tried to react by launching a major project called the 'Future System' (FS) in the early 1970's. The idea was to get so far ahead that the competition would never be able to keep up, and to have such a high level of integration that it would be impossible for competitors to follow a compatible niche strategy. However, the project failed because the objectives were too ambitious for the available technology. Many of the ideas that were developed were nevertheless adapted for later generations. Once IBM had acknowledged this failure, it launched its 'box strategy', which called for competitiveness with all the different types of compatible sub-systems. But this proved to be difficult because of IBM's cost structure and its R&D spending, and the strategy only resulted in a partial narrowing of the price gap between IBM and its rivals

... snip ...

there has been various speculation that the extremely boroque characteristics of the pu4/pu5 (vtam/ncp) interface was result of "box strategy", following FS being killed.

The lack of attention to the 370 product line (because of the FS distraction) then appeared to provide openings for clone processor makers to gain traction. When FS was finally killed, there then was mad rush to get stuff back into the 370 hardware and software pipelines.

I was at the science center during the FS days ... and didn't endure myself to the participants by drawing some analogy between their activities and a cult film that had been playing down in central sq. for over a decade (while continuing to do work on cp67 and 370).

Real storage usage - a quick question

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Real storage usage  - a quick question
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
To: <ibm-main@bama.ua.edu>
Date: Wed, 07 Nov 2007 10:44:19 -0500

VeilleuxJL@AETNA.COM (Veilleux, Jon L) writes:
In z/OS 1.8 the memory management is much more conducive to large memory. They no longer use the least recently used algorithm and no longer check every page. This has made a big difference for us. Under 1.7 we had issues with large real memory sizes due to the constant checking by RSM. This is no longer the case and we have increased our memory dramatically with no performance hit.

one of the things found in "clock" LRU-approximation that i had originally done as undergraduate in the 60s
https://www.garlic.com/~lynn/subtopic.html#wsclock

was that if the interval between page resets started to exceed some limit, then there was little differention benefit of the reset activity ... least recently used tends to have some implicit dependencies on amount of "history" ... if the duration is too long ... then it lost much of its correlation being able to differentate between pages as to future page reference pattern.

however across a wide range of configurations and workloads in the 70s, "clock" LRU-approximation had the advantage of effectively being able to (usefully) dynamically adapt the interval. however with a lot of cp67 experimenting and also heavy use of storage reference traces and page replacement modeling ... it was possible to show that outside some useful operating range ... the use of LRU algorithms for differentiating/predicting future page reference behavior became less and less accurate. It was also possible to show that for very large memories ... that the overhead of repeatedly resetting page reference bits provided less benefit than any possible improvement in page replacement strategy.

we did do some experimenting at the science center attempting to recognize the operating region/environment across where clock LRU-approximated was beneficial ... and attempt to take some secondary measures/strategies when it was outside that operating region/environment.

one of the scenarios was that most LRU-approximation algorithms are measured against how well they performed vis-a-vis simulation that exactly implemented least-recently-used page ordering (measured in terms of total page faults for given workload and real storage size). "Good" approximations tended to come within 5-15 percent (total page faults) of "real" least-recently-used page ordering. We were able to find some page replacement variations that instead of being 5-15 percent worse/more (total page faults compared to simulated "real" least-recently-used page ordering), we were able to show 5-15 percent fewer total page faults.

the scenario was that in some configuration/workload scenarios, LRU-approximate could effectively cycle thru every page in real storage w/o finding a candidate ... and then take the first page it started with. Besides having a lot of processing overhead, this characteristic effectively degraded to FIFO page replacement (there are operating regions for LRU where it can degenerate to FIFO page replacement at the same time taking an extrodinary amount of processor overhead). our variation tended to recognize when operating in this configuration/workload region and effectively switched to RANDOM page replacement at very low processor overhead (and modeling showed that when not able to make any other differentiation between pages to be replaced ... RANDOM replacement makes better choice than FIFO, independent of the overhead issue).

In fact, the original cp67 delivered at the univ. last week jan68, ... also referenced here
https://www.garlic.com/~lynn/2007r.html#74 System 360 EBCDIC vs. ASCII

... effectively implemented something that tended to operate as FIFO replacement with purely software and didn't make use of the hardware reference bits. As undergraduate, I did the kernel algorithm and software changes to implement "clock" LRU-approximation page replacement ... taking advantage of page replacement bits. In this scenario ... with only on the order of 120 real "pageable pages" ... this reduced the time spent in page replacement selection (under relatively heavy load) from approx. 10 percent of total processor to effectively unmeasureable (and at the same time drastically improvement the quality of the replacement choice).

previous, next, index - home