2002 Newsgroup postings (03/13 - 04/06) Lynn Wheeler

2002 Newsgroup Postings (03/13 - 04/06)

Storage Virtualization
More on Aging Legacy Workforce
IBM's "old" boss speaks (was "new")
IBM's "old" boss speaks (was "new")
Mainframers: Take back the light (spotlight, that is)
What goes into a 3090?
LISTSERV(r) on mainframes
Bus & Tag, possible length/distance?
What are some impressive page rates?
What are some impressive page rates?
Deleting files and emails at Arthur Andersen and Enron
What are some impressive page rates?
Progress? (was Re: Way up north in Alaska ...)
Back to the H20Cooler
EMV cards
Deleting files and emails at Arthur Andersen and Enron
Deleting files and emails at Arthur Andersen and Enron
Smart Cards
Opinion on smartcard security requested
What goes into a 3090?
What goes into a 3090?
Crazy idea: has it been done?
Opinion on smartcard security requested
Opinion on smartcard security requested
Back to the H20Cooler
Crazy idea: has it been done?
Crazy idea: has it been done?
moving on
moving on (typo)
Crazy idea: has it been done?
Progress? (was Re: Way up north in Alaska ...)
Hardest Mistake in Comp Arch to Fix
What goes into a 3090?
Mainframers: Take back the light (spotlight, that is)
Lisp Chips
Replacement for RFC 1700?
Crypting with Fingerprints ?
Would the value of knowledge and information be transferred or shared accurately across the different culture??????
Crypting with Fingerprints ?
Why Use *-* ?
Smart Cards
REVIEW: "Authentication: From Passwords to Public Keys", Richard E. Smith
What goes into a 3090?
Hardest Mistake in Comp Arch to Fix
SQL wildcard origins?
REXX and its designer (was: IBM 7090 instruction set)
What goes into a 3090?
Multics_Security
flags, procedure calls, opinions
PKI and Relying Parties
IBM going after Strobe?
IBM 360 definition (Systems Journal)
PKI and Relying Parties
Mainframers: Take back the light (spotlight, that is)
Mainframers: Take back the light (spotlight, that is)
Mainframers: Take back the light (spotlight, that is)
PKI and Relying Parties
Mainframers: Take back the light (spotlight, that is)
O'Reilly C Book
Computers in Science Fiction
Browser Security
Computers in Science Fiction
Computers in Science Fiction
Computers in Science Fiction
Computers in Science Fiction
Digital Signatures (unique for same data?)
First images in email?
Blade architectures
Blade architectures
Computers in Science Fiction
Computers in Science Fiction
Blade architectures
Digital certificate varification
Blade architectures
Computers in Science Fiction
Computers in Science Fiction

Storage Virtualization

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Storage Virtualization
Newsgroups: comp.arch.storage
Date: Wed, 13 Mar 2002 17:15:37 GMT

"Bill Todd" writes:
IOPS is indeed a fairly standard figure of merit quoted by disk vendors. It has a pretty standard definition: sequential (non-queued) random small read requests (effectively averaging a 1/3 stroke seek and 1/2 rotation in latency, though with minor biases due to disk zoning).

aka random arrival with FIFO (or non-queued) queueing vis-a-vis random arrival with some sort of optimized queue re-ordering.

with FIFO (or non-queued) queueing, the avg seek & rotation between serviced operations will be the same as the arrival.

with some sort of optimized queueing, the order that the operations are serviced are different than the order that they arrive,

aka operations have been re-ordered so that the avg seek & rotation between serviced operations is minimized. depending on queue depth, total thru-put with queue re-ordering can easily double or triple total thruput per second.

a possible easier comparison to understand is fixed-head disks ... where arm motion isn't a factor and only rotational delay comes into play. random/FIFO results in approx. two requests per revolution. optimized re-order queueing can reach requests per revolution equivalent to number of records per track (which for small records & large tracks .. can be significant number).

with deep enuf queue, non-fixed-head disks could even result in servicing multiple requests per arm position (with some sort of optimized queue re-ordering).

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

More on Aging Legacy Workforce

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: More on Aging Legacy Workforce
Newsgroups: bit.listserv.ibm-main
Date: Wed, 13 Mar 2002 22:15:31 GMT

jfregus@IX.NETCOM.COM (John F. Regus) writes:
Maybe this is the answer, but one thing is for sure...we should not as a nation, allow an increase in foreign worker visas for system engineering jobs, just because employers know these people are willing to work at a fraction of what the American worker is willing to work for.....

it isn't just a matter of foreign work visas ... it is foreign workers make up a large percentage of qualified workers. During the early '90s there was some report that there was 1) severe shortage of advance degree technical graduates and 2) half of the advance degree technical graduates in the US were foreign.

it was verging on implying that 1) a lot of US kids weren't motivated to work that hard, 2) a large amount of the technology advancements during the '90s was fueled by foreigners, 3) it wasn't a question of salary ... it was a question of having them at any price.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

IBM's "old" boss speaks (was "new")

Refed: **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM's "old" boss speaks (was "new")
Newsgroups: bit.listserv.ibm-main
Date: Wed, 13 Mar 2002 23:57:43 GMT

IBM-MAIN@ISHAM-RESEARCH.COM (Phil Payne) writes:
IBM is still in need of a breakup, but an internal one. Software Division should be broken up and handed to the product houses. Middleware products should go into a hat and be pulled out by the respective VP&GMs of the server divisions.

middleware and servers had been no-no words ... it was suppose to have been SAA at least until the year ibm went into the red.

the other part was that there was prediction that ibm mainframe business was going to shortly double again ... so there was big spending on doubling manufacturing capacity just as growth went flat or some declined.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

IBM's "old" boss speaks (was "new")

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM's "old" boss speaks (was "new")
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Thu, 14 Mar 2002 05:07:29 GMT

ted.macneil@mobile.rogers.com (ted.macneil) writes:
Does anybody remember ADSTAR? It never really got off the ground when IBM realized that storage and storage management was too profitable to spin off.

For years, the only remnant was ADsm, which is now TSM. :-{)}

and adsm lineage was workstation datasave (out of sjr/arc before being transferred to adstar) ... and before that some other stuff.

random refs:
https://www.garlic.com/~lynn/2001n.html#66 Holy Satanism! Re: Hyper-Threading Technology - Intel information.
https://www.garlic.com/~lynn/2001n.html#92 "blocking factors" (Was: Tapes)
https://www.garlic.com/~lynn/99.html#149 OS/360 (and descendants) VM system?

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Mainframers: Take back the light (spotlight, that is)

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Mainframers: Take back the light (spotlight, that is)
Newsgroups: alt.folklore.computers
Date: Thu, 14 Mar 2002 15:25:05 GMT

"Russell P. Holsclaw" writes:
No. That started somewhere else, AFAIK. RAID started with the idea that all those teeny little disk drives made for PCs could be bundled together and compete effectively with the big-platter drives that IBM was still building then. That, and achieve all sorts of speed and redundancy at the same time.

I can't find the reference ... but I believe the first implementation was by rochester/as400 (note the patent predates the as/400). There was also disk stripping in early '80s.

from IBM disk history:
https://web.archive.org/web/20020615185815/http://www.papyrusweb.ch/Syspinner/IBMHistoryOfFirsts.asp

1978

First patent for RAID (Redundant Arrays of Independent Disks) technology. IBM subsequently co-sponsored the research by the University of California at Berkeley that led to the initial definition of RAID levels in 1987. The first two-speed tape unit, raising streaming speeds to 160 kb/second.

Hierarchical Storage Manager (HSM), which provided customers system-delivered migration of inactive data from disk to less expensive tape.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What goes into a 3090?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What goes into a 3090?
Newsgroups: alt.folklore.computers
Date: Thu, 14 Mar 2002 15:34:47 GMT

cbh@ieya.co.REMOVE_THIS.uk (Chris Hedley) writes:
One final thing which struck me as a bit strange is that neither unit seemed to have the traditional front panel with interesting lights; they just had a couple of rather uninteresting looking buttons to power the things on and off. Had the S/370s done away with front panels by that time, or did it just live elsewhere (ops room, for example?)

two things that went into a 3090 ... were a pair of 4361s (small 370s, from line 135, 138, 4331, 4361) running vm/370 release 6.

IBM service had a policy that they could bootstrap diagnose machine in the field starting with a scope. Starting with 3081 it was no longer possible to scope ... so there was a "service processor" that had all sorts of probes into the machine for diagnosing ... and the service processor could be scoped. The service processor on 3081 was a uc.5 microprocessor (also used in 37xx, 8100, and some number of other products). The service processor on the 3090 was redundant 4361s. All the service menus were written in IOS3270.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

LISTSERV(r) on mainframes

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: LISTSERV(r) on mainframes
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Thu, 14 Mar 2002 17:29:32 GMT

gabe@GABEGOLD.COM (Gabe Goldberg) writes:
Not true. LISTSERV for VM has been continuously available since 1986 and

misc. additional ref, listserv, bitnet, earn (& visit to paris, 1985)
http://www.lsoft.com/products/default.asp?item=listserv-history

start of bitnet in europe (earn, early 1984)
https://www.garlic.com/~lynn/2001h.html#65 UUCP email

bitnet & csnet 1980/1981
https://www.garlic.com/~lynn/2000d.html#72 When the Internet went private

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Bus & Tag, possible length/distance?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Bus & Tag, possible length/distance?
Newsgroups: bit.listserv.ibm-main
Date: Thu, 14 Mar 2002 21:03:13 GMT

Ken.Porowski@CIT.COM (Porowski, Ken) writes:
IIRC 400 was the max. except on 3803/3420 which was temperamental (although the '45 could be too). If you are going to push the limits use the 'blues' with as few (preferably no) butts. Not sure but could you use 2 escon converters (1 @ CPU, 1 @ device and run escon between?

blk mux & data streaming was introduced at the same time. blk mux channels had protocol that allowed channel disconnect/reconnect (aka set sector disk CCW). old channels had synchronous hand-shake per byte and 1.5mbyte transfer and 200'. data streaming did the 8byte trick, extended/doubled the max. distance to 400' and added 3mbyte/sec support.

The max. distance is the "daisy-chain" distance ... if you have multiple controllers on the same channel ... there is cable from the channel to the first controller, then cable from first controller to second controller, etc. The sum of all the cable distances for the same channel is the 400' limit. This would be a single 400' cable if there is only one controller (and the controller supports data streaming).

random refs:
https://www.garlic.com/~lynn/96.html#5 360 "channels" and "multiplexers"?
https://www.garlic.com/~lynn/2000b.html#38 How to learn assembler language for OS/390 ?
https://www.garlic.com/~lynn/2000c.html#75 Does the word "mainframe" still have a meaning?></pre>
https://www.garlic.com/~lynn/2001h.html#28 checking some myths.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What are some impressive page rates?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What are some impressive page rates?
Newsgroups: alt.folklore.computers
Date: Fri, 15 Mar 2002 15:19:59 GMT

"John Lynn" writes:
I was trying to impress some young Compaq jock the other day on the speed of IBM processors with expanded storage and a good OS (like VM/XA, VM/ESA or maybe even Z/VM)... but I could not swear to any really massive pages/second on super-busy systems... Does anyone have any true numbers? Thanks...

garlic baiting huh?


machine         360/67  3081K
mips            .3      14      47
pageable pages  105     7000    66
users           80      320     4
channels        6       24      4
drums           12meg   72meg   6
page I/O        150     600     4
user I/O        100     300     3
disk arms       45      32      4?perform.
bytes/arm       29meg   630meg  23
avg. arm access 60mill  16mill  3.7
transfer rate   .3meg   3meg    10
total data      1.2gig  20.1gig 18

span of time nearly 15 years (late '60s to early '80s) ... relatively normal, mix-mode workload with sub-second response (3081k was around .11secs 90th percentile for trivial interactive). primary paging device ("drums") were fixed-head disks. '67 had paging drums on single 1.5mbyte/sec I/O channel capable of little over 300 4k/sec. Interactive workload paging in 105 pages tended to bursty (periods of 100 percent utilization). 3081k had two 3mbyte/sec channels ... but 2305 were still 1.5mbyte/sec transfer ... mixed-mode workload also tended to be somewhat bursty (short periods of 100 percent utilization ... with avg. at 50 percent utilization).

there were some configurations in the '80s that had STC or Intel "electronic" drums ... aka devices emulated 2305 fixed head disks that were all electronic (neither arm latency or rotational latency). Lore was that these devices were built from "memory" chips that had failed Q&A test ... the disk emulation electronics could compensate for all sorts of failing bit locations and map around them. However, with the real 2305s and rotational delay ... and any load ... page queueing strategy would re-order pages to do full-track I/O transfers (effectively operated with very low avg. latency per page) mitigating the latency difference between rotating drums and electronic drums

later in '80s (early to mid '80s) VM got "big pages" .... i.e. a page I/O operation could be a single 4k page transfer ... or a full-track transfer of pages (10 at a time on 3380) ... using a journaling (write-optimized) strategy (attempting to optimize moving arm 3380 devices to be close to fixed-head devices in thruput). 2305 fixed-head could re-order queue so that it could pick any page from any track in order to get a full track of page transfer in single revolution. The probability of finding large numbers of pages in the queue at the same arm position to allow full track transfer was low. However, the 3380s were 3mbyte/sec data transfer (twice 2305 fixed-head).

Big pages was a strategy to cluster tracks worth of a process's virtual pages in a single transfer. This tended to increase the total number of pages transferred ... compared to a straight single page at a time strategy. The trade-off was that ten pages were transferred in a single arm/rotation latency instead of having ten arm/rotation latencies. In effect, it was trading off less efficient use of real memory and transfer bandwidth against significant reduction in arm/rotation latency per page. Lets say "big pages" resulted in 30 percent more pages (3 out of 10) transferred than necessary compared to a single page strategy ... however, the overall system thruput went up because of the reduced avg. arm/rotation latency for the other 70 percent (7 out of 10).

The point of the 360/67 and 3081k comparison was that the relative system thruput of disk technology had declined by a factor of five to ten times over a ten to 15 year period (aka processor and real memory resources had increased by factor of 50 times, but avg disk record access latency had only improved by a factor of less than four). With somewhat similar workload, the total number of simultaneous users supported had increased proportional to overall disk latency. The strategy was to try and trade-off transfer bandwidth (which had increased by factor of ten) and real storage against access latency ... aka increase significantly the amount of data transferred per access.

This was similar to various RAID and journaling file system strategies motivations later in the '80s; aka ... in part ... do much larger transfers per access operation ... also attempt to use real memory for caching to minimize reads ... and optimize for a write mostly environment (journaling file system). The problem with the journaling file system was that garbage collection frequently negated the write-oriented optimization. The write-optimized advantage in the big page strategy was that there was high re-use of pages once written ... and reading a page effectively made it evaporate from disk eliminating the need for garbage collection.

The write-optimized strategy was to dedicate 3380s arms and 3380 track space. The 3380 track space needed to be possibly ten times larger than the total expected number of allocated pages. Arm motion tended to be one of the elevator-type algorithms. When it came to write out the next big page, the closest unallocated track in the direction of travel was where the big page went. Because of the sparse allocation (ten percent) that tended to be at the same arm position ... until all tracks on that cylinder filled and it moved to the next nearest cylinder. The is similar to the write-optimized journal file system stuff ... except they didn't have the luxury of old pages evaporating and had to do garbage collection ... and they couldn't mandate ten percent or lower space allocation.

In any case, big-pages possibly increased the number of pages transferred per application by 10 to 50 percent (compared to strict single page at a time strategy) ... however, big page strategy increased the system capacity for page transfer by possibly 500 percent (compared to single page at a time on movable arm disk). As a result, both application and total system thruput went up (aka even if the number of page transfers doubled, being able to do five times as many came out a net win).

zero latency, 3mbyte/sec transfer across four dedicated channels of dedicated 3380 paging devices is 3072/sec. 3mbyte/sec is 1.3 mills for 4k-transfer. 16mills avg latency per 10 page transfer comes out to 1.6mills per page. write-optimized allocation tended to do multiple writes per arm position as a result avg latency was closer to 10 to 12 mills or around 1.2mills per page transferred ... or about 50 percent latency and 50 percent transfer ... reducing the 3072/sec in half to 1536/sec. With the smarter track caching controllers and multiple track writes at the same arm position, even avg. rotational delay between writes could be eliminated (avg. latency dropping below 10mills/transfer) ... possibly raising the peak thruput into the 2000-2500/sec range ... aka mid to late '80s.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What are some impressive page rates?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What are some impressive page rates?
Newsgroups: alt.folklore.computers
Date: Fri, 15 Mar 2002 15:53:40 GMT

Anne & Lynn Wheeler writes:


garlic baiting huh?

machine         360/67  3081K
mips            .3      14      47
pageable pages  105     7000    66
users           80      320     4
channels        6       24      4
drums           12meg   72meg   6
page I/O        150     600     4

the other factor for high page rates is pathlength. when i started on cp/67 ... the aggregate pathlength to do 150 page i/os per second would have been around something like 70 to 80 percent of the processor (page fault, page replacement, i/o supervisor, dispatching, etc). Many systems of the era had similar pathlengths.

i got the aggregate cp/67 pathlength down so 150 page i/os was around 15 percent of the processor.

as an aside ... even with the high page i/o rate in the mentioned ('67 & 3081) configurations and low page i/o pathlength overhead ... total processor utilization was still around one hundred percent (aka productive system thruput ... not just page thrashing environment).

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Deleting files and emails at Arthur Andersen and Enron

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Deleting files and emails at Arthur Andersen and Enron
Newsgroups: comp.arch.storage,alt.folklore.computers
Date: Fri, 15 Mar 2002 19:50:35 GMT

cthomaier@mindspring.com (Conrad Thomaier) writes:
I was listening to the news today and they talked about how AA and Enron were deleting files and emails.

It brought up this question: How easy is it to completely delete files and emails?

I would assume that large companies like these have sophisticated backup systems that would keep copies of emails and files on tape. They would certainly be backing up data stored on the networks. And typically (but not necessarily always) wouldn't data stored on an individual's PC's hard drive be also backed up across the network?

So, just because I "delete" an email or file, does that mean the email or file is deleted from wherever it was backed up?

Or are the AA and Enron folks fooling themselves into thinking their files and emails are gone?

say you have a disaster/recovery plan and at least weekly backups and the email was on a disk for two months. depending on onsite and offsite tape cycle ... the email could exist on 8 tapes, several stored onsite and at least a couple stored offsite.

if it is full media backup ... such tapes will contain an quite a bit of data ... other than email ... so it wouldn't normally be a case of just burning all the tapes.

possibly the most famous of all of these was ollie (and I don't know if I get any of that blame because of some of the email backup practices I propagated in the '70s ... long-term email could be sitting around possibly on multiple tens of tapes).

For PCs ... besides any of the local backup that may be done by individuals, there are all sorts of enterprise copying/backup to central/enterprise servers, which, then in turn do backup (workstation datasave, adsm, etc) as part of general recovery as well as enterprise disaster/recovery plans.

random refs:
https://www.garlic.com/~lynn/2001n.html#66 Holy Satanism! Re: Hyper-Threading Technology - Intel information.
https://www.garlic.com/~lynn/2002e.html#3 IBM's "old" boss speaks (was "new")

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What are some impressive page rates?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What are some impressive page rates?
Newsgroups: alt.folklore.computers
Date: Sat, 16 Mar 2002 14:14:32 GMT

Anne & Lynn Wheeler writes:
later in '80s (early to mid '80s) VM got "big pages" .... i.e. a page I/O operation could be a single 4k page transfer ... or a full-track

the other characteristic of "page pages" is it is a "no-dup" algorithm.

a "duplicate" algorithm remembers the disk location of a page after it has been read into real memory (a copy of the page exists on both disk and in real storage). if the page is subsequently selected for replacement and hasn't been changed during its most recent stay in real memory, a write to disk can be avoided by remembering its previous disk location.

a "no-duplicate" algorithm discards/forgets any previous disk location for a page (when it is read into real memory, aka a page either exists on disk or in memory, but not both) and any time a page is selected for replacement it is always written out to (a new) disk location.

A no-duplicate algorithm increases the page write activity as a trade-off either to minimize disk space requirements or (in the big pages case) as part of strategy for minimizing disk access latency per transfer.

As previously mentioned a "big page" implementation also typically increases page transfer rates (compared to a page at a time implementation). On page out, a cluster of pages equivalent to track capacity is gathered together and written out as a single unit (minimizing disk access latency per page transfer). If there is a subsequent page fault for any page in a "big page" cluster, the whole "big page" is fetched as a single transfer. An attempt is made to select members of a "big page" based on some probability that if any particular page is used that all of them will be used. As a program's access patterns change over time, members of particular big page can also change. As a result, it is not always true that just because a program had previously referenced all pages in a particular big page cluster that it would continue to in the future ... aka a subsequent big page "read" will fetch into memory some virtual pages that the program wouldn't be referencing.

misc. dup/no-dup previous discussion:
https://www.garlic.com/~lynn/93.html#13 managing large amounts of vm
https://www.garlic.com/~lynn/2000d.html#13 4341 was "Is a VAX a mainframe?"
https://www.garlic.com/~lynn/2001l.html#55 mainframe question
https://www.garlic.com/~lynn/2002b.html#10 hollow files in unix filesystems?
https://www.garlic.com/~lynn/2002b.html#20 index searching

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Progress? (was Re: Way up north in Alaska ...)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Progress? (was Re: Way up north in Alaska ...)
Newsgroups: alt.folklore.computers
Date: Sun, 17 Mar 2002 15:59:35 GMT

Ric Werme writes:
Here in NH, all the income from the state lottery goes to schools. I have a fantasy of being asked to be a substitute teacher one day when the subject is probability and statistics. I doubt I'd be asked back. :-)

I once saw an analysis of the cal. lottory.

The first week, a community "invests" 1 million dollars in the lottory. The cal. lottory (has something like a 80 percent paybacK) pays back $800,000 and the other $200,000 goes to the state. Much of the $800,000 is taxed as income by both federal & state ... something up to 30 percent goes to taxes. or possibly $240,000 leaving $560,000. In this scenario ... the gov(s) take more in income taxes on the pay back .. than the amount they keep directly off the lottory.

the second week the remaining $560,000 is "invested" in the lottory. The lottoray pays back $448,000, of which 30 percent goes to taxes leaving $313,600.

For the big sum paybacks ... the gov(s) have been able to "take" on the order of 50% each week between the take off the top directly by the lottory plus the remaining take from income taxes.

There have also been some questions as to the costs of operating the lottory ... and what of the lottory net each week actually makes it to the schools (analogous to some of the consumer issues raised as to non-profit charities).

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Back to the H20Cooler

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Back to the H20Cooler
Newsgroups: earthlink.watercooler
Date: Sun, 17 Mar 2002 20:55:59 GMT

"rowe" writes:
But Earthlink never really had a "watercooler"...that was a MindSprung thing. EL always had the coffeehouse.--jonathan

no netcoms that still had their shell accounts ... until the take-over?

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

EMV cards

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: EMV cards
Newsgroups: sci.crypt
Date: Mon, 18 Mar 2002 16:39:31 GMT

"Gaetano Lazzo" writes:
Ok, forget MPCOS. Let's talk of EMV (hey, the subject was EMV card anyway!!!)

a lot of the cards have 8-bit chip, low tamper-evident characteristics, and poor random number generation characteristics (keys are injected at personalization). card vendor typically multi-sources the chip ... so even hard to know characteristics of any particular card.

big part of the standard is the protocol handshake with the (7816, contact) point-of-sale terminal to communicate what apps loaded on the cards so that POS terminal can light-up the appropriate buttions. another characteristic is that the card issuer has all the secret keys ... including the one controlling the card die command.

more in alt.technology.smartcards ng, from alt.technology.smartcards FAQ
Europay, MasterCard and Visa formed working group to create their Integrated Circuit Card Specifications for Payment Systems, commonly called "EMV'96" or just "EMV" www.mastercard.com/emv/emvspecs02.html The specification was intended to create common technical basis to compete with the Mondex specifications.

--------------------------------------------

the above URL is not longer valid, try
https://web.archive.org/web/20020202080649/http://www.mastercardintl.com/newtechnology/smartcards/tech1.html

Note that somewhat orthogonal to EMV specification is the x9.59 standard for all retail electronic payment transactions; point-of-sale, internet, non-internet, debit, credit, atm, payment cards, non-payment cards, stored-value; aka ALL.

x9.59 reference:
https://www.garlic.com/~lynn/x959.html#x959

authentication, hardware-tokens, ATM payments, etc:
https://www.garlic.com/~lynn/x959.html#aads

discussion of NACHA/debit-network (secure ATM payments) trials with both software and hardware tokens:
https://web.archive.org/web/20020204041928/http://internetcouncil.nacha.org/Projects/ISAP_Results/isap_results.htm

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Deleting files and emails at Arthur Andersen and Enron

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Deleting files and emails at Arthur Andersen and Enron
Newsgroups: comp.arch.storage,alt.folklore.computers
Date: Mon, 18 Mar 2002 19:10:33 GMT

"Mike Swaim" writes:
Enron uses MS Exchange server as their email system. It usually runs on dedicated hardware, with its own disks, so email would be a separate set of tapes from the databases and fileservers. I have no idea what AA uses.

one issue is are they directly doing backups of the server to tape ... or do they have a backup server (mainframe or not) which copies files over the lan and do backups from the backup server.

larger corporations ... are doing some amount of their regular data backups over LANs to a centralized backup facility ... rather than having to backup lots of individual servers (a medium sized corporate site could easily have hundred plus servers in need of backups ... plus attempting to address some issues with regard to providing backup services for thousands of desktop machines).

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Deleting files and emails at Arthur Andersen and Enron

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Deleting files and emails at Arthur Andersen and Enron
Newsgroups: comp.arch.storage,alt.folklore.computers
Date: Mon, 18 Mar 2002 20:03:49 GMT

Anne & Lynn Wheeler writes:
one issue is are they directly doing backups of the server to tape ... or do they have a backup server (mainframe or not) which copies files over the lan and do backups from the backup server.

random enterprise backup refs:
http://www.tivoli.com/products/solutions/storage/
http://portal2.legato.com/products/networker/
http://microsoft.net/ntserver/partners/findoffering/serversolutions/legatoexchange.asp
https://web.archive.org/web/20011004102511/http://www.gartnerweb.com/public/axl/reprints/tivoli/00086113.html
https://web.archive.org/web/20020112233427/http://www.peapod.co.uk/products/legato/index.html
http://mlarchive.ima.com/msexchange/1999/Jan/0558.html
http://www.networkcomputing.com/920/920r2.html
http://www.gmasterinc.com/security/brightstor.htm?source=overture
http://www.compaq.com/products/storageworks/ebs/ebsdatacenters.html

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Smart Cards

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Smart Cards
Newsgroups: comp.security.misc
Date: Mon, 18 Mar 2002 20:45:01 GMT

phn writes:
The first application for smart cards ( satelite decoders) was broken before the first year. Latest generation of smartcards was broken last summer by Shamir ( 'S' in RSA)

No, cards alone does not solve anything. Except maybe new limits in marketing budgets.

there are a wide variety of chips used in hardware tokens ... with a wide variety of protection available. many of the smartcards multi-source their chips ... so for a particular smartcard, it might even be difficult to tell what chip is inside.

some of the infrastructures are implemented with a common shared-secret ... making it a lot more worthwhile to extract the shared-secret from a single chip (possibly several weeks using multi-million dollar equipment) ... which results in compromise of the whole infrastructure.

other infrastructures have no common shared-secret and the PIN is only used to enable the correct operation of some function ... but doesn't result in divulging any sensitive information (significantly reducing the possible ROI for tampering with a particular resistant chip).

besides the infrastructure security characteristics (i.e. do all chips/tokens work with a common shared-secret, etc), things to look for are evaluations, like FIPS140, Common Criteria, EAL, etc

a number of url refs:
https://www.garlic.com/~lynn/2002c.html#21 Opinion on smartcard security requested

some fips140, common criteria, eal, etc
https://web.archive.org/web/20020124070419/http://csrc.nist.gov/cc/sc/sclist.htm
http://csrc.ncsl.nist.gov/cryptval/140-1/1401val2000.htm
https://web.archive.org/web/20021212213418/http://www.cl.cam.ac.uk/Research/Security/tamper/
http://www.cl.cam.ac.uk/users/rja14/tamper.html
https://web.archive.org/web/20030302034138/http://www.commoncriteria.org/epl/AssuranceLevel/index.html

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Opinion on smartcard security requested

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Opinion  on smartcard security requested
Newsgroups: sci.crypt
Date: Tue, 19 Mar 2002 16:45:25 GMT

tabuelnaga@hotmail.com (Tarek) writes:
Dear all,

Frankly the Smart Card security concept is not clear for me. And i got involved in it so i need some support. Now, i know memory cards use PIN to read or write data on the card .. But once the PIN is available the data is clear with no encryption. While, smart cards plus having PIN, they use other encryption algorithms like RSA 1024 or 3DES to encrypt data on the card. right ??

Now, i wana use card to store value with no processing - something like telephone calls - and i want to choose betweem memory cards and smart cards .. The price is critical issue u know .. but taking into consideration, no compromises in security - here i got my problem .. which one to choose !?

Anyone can tell me the difference in security between memory cards and smart cards from security point of view ?? i see they both dependent on the PIN .. if i have the PIN, i got the data .. in memory cards i got the data clear .. while in smart cards i got them encrypted BUT i have the encryption algorithm on the card so i can use it to decrypt the data .. right ?? or there is something i miss ??

basically the HK transit (octopus card) is stored value memory contactless card, no-pin, data encrypted. The terminals have the shared-secret, the encrypted data is read by the terminal (as card is passed over the reader going thru the turnstyle), decrypted, updated, re-encrypted and rewritten. While passing thru the turn-style there isn't enuf time for PIN entry (i think time constraints is that it all has to happen within 100 ms with card within 10cm of reader).

with some simple asic ... it would be possible to make the chip active/in-active w/o the correct pin ... and die if too many consecutive incorrect PINs are entered.

it is possible to go to something like multi-app "smart-chip" ... say like EMV and the stored value still works the same way ... PIN for enabling actions, terminal read encrypted value, decrypt with shared-secret, update, re-encrypt, write encrypted updated value back. The "smart-chip" isn't so much for doing a specific application ... it is for supporting multiple applications on the same chip, negotiating with the terminal, telling it how many & what kind apps there are, letting terminal specify/select the application (stored value, loyalty, etc, ... aka the chip multi-app info allows terminal to light/display specific buttons for application selection).

These stored-value chips/apps are subject to brute-force attack on the encrypted value to recover the (system-wide shared-secret) key. One of the security increments is "derived key" ... basically the terminal reads chip data that is a combination of the account/serial number plus the encrypted information. It computes a derived key that is a combination of the system-wide secret key and the account/serial number, the data is decrypted with the derived key, updated, re-encrypted, rewritten. To derive the key ... use something like a one-way hash ... brute-force attack that recovers any specific chip derived key doesn't get the shared-secret key in all the terminals. This works for stored-value implementations, memory/chip, pin/no-pin, etc (it doesn't protect from an exploit that recovers the secret key by a terminal attack ... but they could possibly be FIPS140 level 4 devices which are more resilient to attacks). Derived key stored-value with "armored" terminals housing secret-key aren't uncommon.

Slight variation with chip is to make derived key a combination of the sysetm-wide shared-secret key, the chip account number and the entered PIN. The chip doesn't need the PIN-processing (whether memory or smart, it is all in the terminal). This also works with "memory" magnetic stripes. Progression to memory chip is partially 1) contact vis-a-vis contactless in high-volume transit applications and 2) more difficult to counterfeit card by just duplication (just copy a valid magstripe onto a thousand cards, even memory chips can have engraved serial numbers so more than simple information recording is required).

Fraudulent terminals can invalidate value by writing back bad data.

suggest looking for descriptions of mondex, EMV, stored-value, etc.

Above describes the offline transactions. There is some trends towards online transactions (even in high volume transit, with time limitations like 100ms). Here the chip just performs some authentication operation on the transaction (like a digital signature).

This can apply to any type of online transaction that is signed by the chip. In this scenario things move into areas like 3-factor authentication:

1) something you have (a hardware token)
2) something you know (a pin)
3) something you are (fingerprint, biometric)

hardware token can be configured so that it doesn't work correctly w/o pin &/or fingerprint and the information doesn't need to be otherwise divulged (a correct pin/fingerprint can be implied by correct hardware token operation). other implementations require transmission of pin/biometric ... effectively turning them into shared-secrets (although not system-wide shared-secrets).

A transaction is passed to the chip, the chip can digital sign the transaction and return the digital signature. The online server can authenticate the transaction with the digital signature and then authorise/execute to the corresponding transaction.

The digital signature case for online transactions is that the chip has tamper-resistant techniques to protect the chip-specific private key and a public key is recorded with the online server. this eliminates the shared-secret exploit with secret/symmetric keys, aka attacking the server ... possibly by an insider ... and recovering a shared-secret it is possible to generate fraudulent transactions. Also, since it is a chip-specific private key, a correct digital signature implies possesion of the hardware token.

Receiving a digitally signed transaction from an appropriately configured hardware token can imply 3-factor authentication ... aka

1) possesion of the token, something you have
2) knowledge of a pin, something you know
3) valid fingerprint, something you are

x9.59 standard is targeted at this for all payment transactions (credit, debit, pos, internet, stored-value, atm, etc).
https://www.garlic.com/~lynn/x959.html#x959

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What goes into a 3090?

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What goes into a 3090?
Newsgroups: alt.folklore.computers
Date: Tue, 19 Mar 2002 17:20:28 GMT

cbh@ieya.co.REMOVE_THIS.uk (Chris Hedley) writes:
I guess that these 4361s were fairly small units? The 3090 was big, but it didn't seem quite big enough physically to contain a pair of mini- equivalents as well as, I assume, the main memory, channel adapters, power supply, intercooler and God knows what else went in there!

I also assume that the two service processors didn't double up as FEPs?

about the size of small desk or file cabinet ... air-cooled. big things could have been any interface for bus&tag cables ... but packaging for 3090 service processor wouldn't have needed that.

hardware & software was modified to have lots of probes all over the 3090 for fault detection, diagnostics, etc.

boxes were dedicated to service processor function.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What goes into a 3090?

Refed: **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What goes into a 3090?
Newsgroups: alt.folklore.computers
Date: Tue, 19 Mar 2002 17:48:19 GMT

cbh@ieya.co.REMOVE_THIS.uk (Chris Hedley) writes:
I've seen a few pictures (not as detailed as I'd have liked) of some varieties of S/360s and early 370s, which seemed to have banks (of 9?) TCMs plumbed together. It took me quite a while to figure out what they were...

TCMs were 3090 ... they weren't in 360s or 370s.
https://web.archive.org/web/20020609182101/http://www-mae.engr.ucf.edu/~jtt/heat_transfer.htm
http://ref.cern.ch/CERN/CNL/2001/003/comp30/
http://www.cctec.com/maillists/nanog/historical/0

sorry, couldn't find a picture.

for some 360 & 370 pictures
https://web.archive.org/web/20031121232747/www.cs.ncl.ac.uk/events/anniversaries/40th/webbook/photos/index.html

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Crazy idea: has it been done?

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Crazy idea: has it been done?
Newsgroups: comp.arch,alt.folklore.computers
Date: Tue, 19 Mar 2002 18:10:59 GMT

"Stephen Fuld" writes:
Terje is right, of course, but scatter/gather is much more general than that. It has been used since the 1960s for almost any kind of I/O in several mainframe lines. And, in at least one of them, you could connect one channel to another with a short cable and use the I/O hardware to perform memory to memory copies, including gathering up various address/length areas on the "write" side of the copy to a totally different set of scatter address/length areas on the "read" side.

360 channel i/o since mid'60s strung together multiple channel commands. scatter/gather could be performed by either "command chaining" (each chained operation had unique command, address, and length) or just data chaining (first chained operation had command, address, and length, subsequent data chained commands had just address & length).

370 channel i/o introduced IDAL (indirect data address list) and IDAWs. the issue was that in "command chaining" ... each channel command was defined as synchronous ... the previous command had to be complete before fetching the next command (this allowed for various kinds of self-modifying i/o operations ... previous command could read data that modified the subsequent command). This resulted in some timing & overrun issues for higher speed devices. IDALs allowed scatter/gather and a whole list could be prefetched minimizing some of the timing/overrun issues.

on the i/o side it was contiguous sequential flow of data ... operation of IDALs and data chaining (except some timing issues) for scatter/gather were transparent.

Besides application use of scatter/gather ... a big use of scatter/gather involved large data transfers in virtual memory environment ... where the application running in virtual memory might think it was one contiguous transfer ... but the individual virtual pages are randomly distributed in real memory (and the system i/o runs with real addresses). The kernel may have to translate a contiguous i/o requests into multi-part scatter/gather requests crossing one or more virtual page boundaries (located at non-sequential & non-contiguous real page locations).

random ref:
https://www.garlic.com/~lynn/2002d.html#52 Hardest Mistake in Comp Arch to Fix

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Opinion on smartcard security requested

Refed: **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Opinion  on smartcard security requested
Newsgroups: sci.crypt
Date: Tue, 19 Mar 2002 23:17:19 GMT

tabuelnaga@hotmail.com (Tarek) writes:
okayyy .. here some info that may clarify the situation .. i'm thinking to make a pre-paid cards .. these cards will store money as points .. u should guess that :)) now, these cards will be used to buy goods from shops with POS's .. sure if i used smart cards the cost of cards will be very high .. so i'm thinking to use memory cards .. but i'm not sure if this is a secure solution or not .. i may be not that lucky guy and i find my cards reloaded again in the shops illegaly or in other words someone will get my card .. read the data and knows how i save my data .. then make similar cards ..

you find (online) magstripe prepaid/stored-value cards all over the place. they work with the same magstripe terminal used for debit & credit.

I was at grocery store yesterday ... besides grocery store prepaid/stored-value magstripe cards ... there was cards for possibly half-dozen other places all lined up on j-hooks at each check out counter.

random prepaid/stored value magstripe refs:
https://www.garlic.com/~lynn/aadsm6.htm#digcash IP: Re: Why we don't use digital cash
https://www.garlic.com/~lynn/aadsm7.htm#idcard2 AGAINST ID CARDS
https://www.garlic.com/~lynn/2001m.html#4 Smart Card vs. Magnetic Strip Market
https://www.garlic.com/~lynn/2002c.html#22 Opinion on smartcard security requested
https://www.garlic.com/~lynn/2002c.html#23 Opinion on smartcard security requested
https://www.garlic.com/~lynn/2002d.html#41 Why?

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Opinion on smartcard security requested

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Opinion  on smartcard security requested
Newsgroups: sci.crypt
Date: Wed, 20 Mar 2002 00:03:24 GMT

Paul Rubin <phr-n2002a@nightsong.com> writes:
European public phones use memory cards and they suffer from massive amounts of fraud. Fortunately, their profits on non-fraudulent calls are high enough that they survive the fraud. If you use memory cards you have to decide whether you can survive fraud too. If you use smart cards, you'll still have some fraud, but maybe not as much.

note that there are different failure modes with respect to offline point-of-sale stored value and online point-of-sale stored value.

one of the reasons for the EMV card kill command (i.e. know the super shared-secret and be able to send the card die command) is because of possible compromise related to offline operation ... and so the fallback plan to kill the card at the first chance).

cloning a valid offline stored-value card ... where the card might have a valid $100 ... means that a single valid $100 could turn into tens of thousands of copies of $100. Cloning an online stored-value card doesn't get more than the original $100 (no matter how many copies are made).

It is sort of the difference between counterfeiting $100 bills or counterfeiting an authentication token that enables access to an account that has a total of $100.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Back to the H20Cooler

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Back to the H20Cooler
Newsgroups: earthlink.watercooler
Date: Wed, 20 Mar 2002 05:05:04 GMT

"rowe" writes:
What? BTW...into garlic? We have a shop here in town called Racambole and she's got some great stuff!! You site must be some kind of code? Any hot sauce?--jonathan

earthlink bought netcom ... and i lost my shell account. netcom.com use to be in bldg corner of winchester & i280 ... but moved downtown when they got larger.

garlic.com is south valley internet .. maybe 25 miles south of where netcom bldg. was downtown, san martin ... about halfway between morgan hill and gilroy. If you buy garlic ... most of it will be from someplace around gilroy (garlic capital of the world). A lot of mushroom comes from mushroom farms around morgan hill. A lot of strawberries, artichokes, avocados, etc come from watsonville ... just over hecker pass to the west.

in the morning the wind blows up valley because the bay is warmer than south valley land. you walk out of the house many mornings and the smell of garlic immediately hits you in the face (even 20-30 miles north of the fields).

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Crazy idea: has it been done?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Crazy idea: has it been done?
Newsgroups: alt.folklore.computers
Date: Wed, 20 Mar 2002 14:10:28 GMT

ab528@FreeNet.Carleton.CA (Heinz W. Wiggeshoff) writes:
Huh? There were two methods of VM communication twixt CMS sessions, (massive brain fart here), but I don't recall CTC being involved.

there were "virtual" CTCs supported by VM ... in addition to real CTCs, i.e. VM would emulate virtual CTC between two virtual machines on the same real CEC (not needing real CTC hardware) ... not very often virtual machines running CMS ... but more often between multiple virtual machines running various flavors of OS ... typically with ASP & HASP ... which morphed into JES3 & JES2.

enhancement to real CTC was trotter/3088 ... which was an 8-armed CTC with switch in the middle. one of my wife's battles when she was in charge of "loosely-coupled" architecture (aka cluster) ... was getting enhanced I/O function into trotter. regular CTC required a lot of chatter for initiation of each I/O ... point was to simplify a lot of that with trotter ... in effect give it more of HYPERchannel flavor than the old fashioned CTC handshaking chatter.

VM also supported virtual unit record ... with output of one virtual machine's "punch" appearing in the "reader" of another virtual machine. This is the original email implementation from the mid-60s (first between virtual machines on the same processor and then VNET extending that to networked environment). "SMSG" & "IUCV" were introduced as another method for virtual machine to virtual machine communication in the mid-70s.

these days you have LPARS and the whole parallel sysplex interprocessor coordination stuff.

misc. trotter/3088/smsg/iucv
https://www.garlic.com/~lynn/2000c.html#56 Does the word "mainframe" still have a meaning?
https://www.garlic.com/~lynn/2000f.html#30 OT?
https://www.garlic.com/~lynn/2000f.html#37 OT?
https://www.garlic.com/~lynn/2001b.html#73 7090 vs. 7094 etc.
https://www.garlic.com/~lynn/2001h.html#8 VM: checking some myths.
https://www.garlic.com/~lynn/2001j.html#26 Help needed on conversion from VM to OS390

misc. hyperchannel
https://www.garlic.com/~lynn/subnetwork.html#hsdt

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Crazy idea: has it been done?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Crazy idea: has it been done?
Newsgroups: comp.arch,alt.folklore.computers
Date: Wed, 20 Mar 2002 14:52:11 GMT

jmfbahciv writes:
In TOPS-10, nothing had to be moved. All the monitor did was change the first user's page map page (remove the memory chunk) and modify the receiver's user page map page (add the memory chunck).

the issue in VM was 1) supporting the real hardware (even if a real CTC went out of one virtual machine and back into a different virtual machine on the same real processor) or 2) emulating the real hardware (no real CTC, but the emulation of virtual CTC between two virtual machines on the same real processor).

some customers had virtual tape support ... where real tape drive might be on some other machine and the I/O commands & data forwarded thru some network interface ... possibly flowing over a real CTC.

VM was frequently in a real quandary ... trying to preserve the look and feel of "real" machine (at the virtual machine interface) with lots of people believing that VM was a traditional operating system and the kernel should be supporting higher level application services. The real-machine-emulation forces trying to keep the cp "micro-kernel" down to under 100k bytes ... and the traditional operating system forces trying to balloon the kernel to megabyte or more. It was always easier to drop some Q&D application support into a compact, simple micro-kernel ... than it was to come up with a "hardware" emulation architected paradigm. The problem was that after many years of the Q&D application level support stuff ... you no longer had a compact, simple (KISS) micro-kernel (aka simple is frequently much harder than Q&D).

I did do a page-mapped interface semantics in the early '70s for data transfer ... both for disk support and various other things. This was well before expanded store on the 3090 and (official) machine instructions for moving pages around.

A variation of page-mapping tricks was also done for System/R implementation (aka the original relational database was done on VM at SJR ... now ARC).

misc. page-mapped refs:
https://www.garlic.com/~lynn/2000.html#75 Mainframe operating systems
https://www.garlic.com/~lynn/2001i.html#20 Very CISC Instuctions (Was: why the machine word size ...)

misc. expanded store:
https://www.garlic.com/~lynn/95.html#15 multilevel store
https://www.garlic.com/~lynn/2001m.html#25 ESCON Data Transfer Rate
https://www.garlic.com/~lynn/2002c.html#53 VAX, M68K complex instructions (was Re: Did Intel Bite Off More Than It Can Chew?)

misc. system/r
https://www.garlic.com/~lynn/2000b.html#55 Multics dual-page-size scheme
https://www.garlic.com/~lynn/2000e.html#49 How did Oracle get started?
https://www.garlic.com/~lynn/2001d.html#44 IBM was/is: Imitation...
https://www.garlic.com/~lynn/2002.html#10 index searching

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

moving on

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From:    Anne & Lynn Wheeler <lynn@garlic.com>
Newsgroups: bit.listserv.vmesa-l
Date:    Tue, 19 Mar 2002 11:47:34 -0700
Subject: moving on

some ancient history

lyn hadley ph682prs@nepca ,,,

nepca ... was new england programming center (machine) "A" (there was also NEPCB).

the cp67/vm370 group outgrew the space on 3rd floor, 545 technology sq. and moved out to the old SBC building in burlington mall (ibm had spun off service bureau corporation to control data).

POK needed the vm group in the mid-70s for developing and supporting the VMTOOL. this was internal use only XA-mode version of VM that was targeted solely for the support of MVS/XA development. POK closed the new england programming center and moved it all to POK. Even with the closing of burlington mall, the "NEPCA" node (and ph682prs userid) sruvived well into the '80s.

By 1985, the vm group had moved to kingston ... and ph682prs@nepca had become ph68prs@kgnvmc.

At 19:31 est, 18 mar 2002, alan ackerman wrote:
Lyn Hadley, "Sir Lyn the Fixer", one of the Knights of VM, is retiring at the end of this month.

I thought those of you who have been around for awhile might like to know. I shall certainly miss him!

With his permission, I'm forwarding this note he sent to the VM team here at Bank of America:

------------------------------------------------------------------------
From: Lyn Hadley (SMTP:sirlyn@us.ibm.com)
Subject: Time to say 'Good-bye'

Over the next few days I am cleaning up and turning over my work to others here at IBM as I make the transition to retirement the end of this month. I wanted to take the opportunity to say 'Good-bye' to my friends at Bank of America who have kept me so gainfully employed for the past several years. I shall indeed miss my interactions with customers like you. I hope IBM will continue to provide you with the products and service solutions that will meet your needs for a long time.

I have enjoyed my years of working with customers on VM. It was 30 years ago this year that I first saw VM and began to learn the idiosyncrasies of the virtual machine world.

I wish you the best as you continue to use IBM products and services.

A friend, Lyn Hadley

--
Anne & Lynn Wheeler lynn@garlic.com, https://www.garlic.com/~lynn/

moving on (typo)

Newsgroups: bit.listserv.vmesa-l
Date:    Tue, 19 Mar 2002 11:53:53 -0700
From:    Anne & Lynn Wheeler <lynn@garlic.com>
Subject: moving on (typo)

some ancient history (typo)

lyn hadley ph68sprs@nepca ,,, ... By 1985, the vm group had moved to kingston ... and ph68sprs@nepca had become ph68sprs@kgnvmc.

--
Anne & Lynn Wheeler lynn@garlic.com, https://www.garlic.com/~lynn/

Crazy idea: has it been done?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Crazy idea: has it been done?
Newsgroups: comp.arch,alt.folklore.computers
Date: Wed, 20 Mar 2002 15:48:18 GMT

Anne & Lynn Wheeler writes:
micro-kernel ... than it was to come up with a "hardware" emulation architected paradigm. The problem was that after many years of the Q&D application level support stuff ... you no longer had a compact, simple (KISS) micro-kernel (aka simple is frequently much harder than Q&D).

misc. past kiss refs:
https://www.garlic.com/~lynn/99.html#170 checks (was S/390 on PowerPC?)
https://www.garlic.com/~lynn/99.html#228 Attacks on a PKI
https://www.garlic.com/~lynn/2001.html#18 Disk caching and file systems. Disk history...people forget
https://www.garlic.com/~lynn/2001c.html#58 PKI and Non-repudiation practicalities
https://www.garlic.com/~lynn/2001d.html#16 Verisign and Microsoft - oops
https://www.garlic.com/~lynn/2001d.html#41 solicit advice on purchase of digital certificate
https://www.garlic.com/~lynn/2001d.html#46 anyone have digital certificates sample code
https://www.garlic.com/~lynn/2001e.html#26 Can I create my own SSL key?
https://www.garlic.com/~lynn/2001g.html#38 distributed authentication
https://www.garlic.com/~lynn/2001h.html#7 PKI/Digital signature doesn't work
https://www.garlic.com/~lynn/2001i.html#16 Net banking, is it safe???
https://www.garlic.com/~lynn/2001i.html#25 Net banking, is it safe???
https://www.garlic.com/~lynn/2001i.html#36 Net banking, is it safe???
https://www.garlic.com/~lynn/2001i.html#51 DARPA was: Short Watson Biography
https://www.garlic.com/~lynn/2001j.html#49 Are client certificates really secure?
https://www.garlic.com/~lynn/2001j.html#52 Are client certificates really secure?
https://www.garlic.com/~lynn/2001k.html#1 Are client certificates really secure?
https://www.garlic.com/~lynn/2001k.html#34 A thought on passwords
https://www.garlic.com/~lynn/2001l.html#1 Why is UNIX semi-immune to viral infection?
https://www.garlic.com/~lynn/2001l.html#3 SUNW at $8 good buy?
https://www.garlic.com/~lynn/2002b.html#22 Infiniband's impact was Re: Intel's 64-bit strategy
https://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
https://www.garlic.com/~lynn/2002b.html#59 Computer Naming Conventions
https://www.garlic.com/~lynn/2002c.html#15 Opinion on smartcard security requested
https://www.garlic.com/~lynn/2002c.html#35 TOPS-10 logins (Was Re: HP-2000F - want to know more about it)
https://www.garlic.com/~lynn/2002d.html#0 VAX, M68K complex instructions (was Re: Did Intel Bite Off MoreThan It Can Chew?)
https://www.garlic.com/~lynn/2002d.html#1 OS Workloads : Interactive etc

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Progress? (was Re: Way up north in Alaska ...)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Progress? (was Re: Way up north in Alaska ...)
Newsgroups: alt.folklore.computers
Date: Wed, 20 Mar 2002 23:00:27 GMT

lawrence@c896388-c.attbi.com (Lawrence Statton N1GAK) writes:
So the claim in the suit was prima facae false, in that in any packet of tickets there were SOME winners. However, CSL, caved immediately, and has recently offered some settlement to "The People of California". You can check out their web-site at
http://www.calottery.com/ for more details.

the other issue is that even after the prizes are awarded ... they are declared as income ... and both the state & federal gets an "additional take" in income taxes ... over & above what the state got directly in the lottory process. For the big prizes ... that is approaching 50 percent (top federal bracket plus top state bracket).

One number that doesn't show up is what percent of the prizes actually awarded ... do the state & federal gov recoup additionally in the form of income taxes (aka there is the direct contribution that lotteries make to state coffers ... but also the indirect contribution that lotteries make to both the state & federal coffers because of taxes on the prizes).

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Hardest Mistake in Comp Arch to Fix

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Hardest Mistake in Comp Arch to Fix
Newsgroups: comp.arch,alt.folklore.computers,comp.sys.unisys
Date: Thu, 21 Mar 2002 17:06:49 GMT

adi@pirx.hexapodia.org (Andy Isaacson) writes:
As an email also pointed out, you're correct -- the FPS/CRI team responsible for the e10k was in San Diego, not Oregon. (Did FPS also have offices in Oregon?)

earlier FPS systems were from oregon

random refs:
https://www.garlic.com/~lynn/2000c.html#5 TF-1
https://www.garlic.com/~lynn/2000c.html#61 TF-1
https://www.garlic.com/~lynn/2001b.html#56 Why SMP at all anymore?
https://www.garlic.com/~lynn/2001m.html#25 ESCON Data Transfer Rate
https://www.garlic.com/~lynn/2002.html#0 index searching

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What goes into a 3090?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What goes into a 3090?
Newsgroups: alt.folklore.computers
Date: Thu, 21 Mar 2002 20:22:55 GMT

cbh@ieya.co.REMOVE_THIS.uk (Chris Hedley) writes:
No, not a trick question! I was thinking back to when I was given a tour of the main computer room at a place I used to work, and two large lumps at the side of the room were identified to me as a pair of 3090 systems. Both were pretty much the same, large slabs with alternating blue metal panels and grey ribbed plastic ones, IIRC. I don't want to guess at

a couple other things that went into 3090 (that have been subject of some threads here & comp.arch) were vector facility and extended store.

expanded store was a cross between memory and electronic disk. It was getting around the 31bit (2gigabyte) addressing limit on 3090 (i.e. couldn't address more than 2gigabytes of real storage). There was also a case made that the bus for expanded store could be made wider with longer latency (i.e. memory positioned longer distance from the cpu) than standard memory).

the advantage over real electronic disk was that it had a synchronous page move instruction that was on the order of tens of processor cycles ... orders of magnitude less than the pathlength to perform a disk I/O operation.

The expanded store bus was also where they attached HiPPI connection (because the regular I/O iterface couldn't handle the HiPPI data rate). The HiPPI programming model then looked somewhat more like some of the PC operations than mainframe I/O channel programming. Basically there were reserved expanded store addresses where data was stuff that controlled HiPPI i/o operations. The expanded store synchronous page move instructions were used to move the control information to those reserved addresses for controlling HiPPI i/o.

another 3090 feature was vector facility.

not so much 3090 but in that era was ESCON. ESCON had been floating around the company since the '70s but was having hard time getting out. Engineers in the 6000 group took the escon specs and effectively tweacked them ... getting about 10 percent higher thruput, full-duplex operation and using much cheaper optical components (rather than much higher priced escon driver/receivers ... basically stuff adapted from the cdrom industry) and it was called SLA (serial link adapter). There was then a several month period deciding whether to work on driving SLA to gigabit or merge the work into fiber-channel standards work.

Eventually the decision was made to follow the fiber-channel standard path and the engineer largely responsible for SLA eventually became the editor/owner of the standards document (in the fiberchannel standards group). There was some amount of heat generated in the fiber-channel standards group (from some of the escon & other forces) trying to (force?) fit the (mainframe) half-duplex device i/o paradigm on top of the fiber-channel dual simplex (full duplex simulation with dedicated channels for transmission in each direction) protocol.

some random expanded store & vf refs:
https://www.garlic.com/~lynn/95.html#15 multilevel store
https://www.garlic.com/~lynn/2000c.html#61 TF-1
https://www.garlic.com/~lynn/2001m.html#25 ESCON Data Transfer Rate
https://www.garlic.com/~lynn/2001m.html#53 TSS/360
https://www.garlic.com/~lynn/2002c.html#53 VAX, M68K complex instructions (was Re: Did Intel Bite Off More Than It Can Chew?)
https://www.garlic.com/~lynn/2002e.html#26 Crazy idea: has it been done?

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Mainframers: Take back the light (spotlight, that is)

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Mainframers: Take back the light (spotlight, that is)
Newsgroups: comp.lang.asm370,alt.folklore.computers
Date: Thu, 21 Mar 2002 22:47:28 GMT

Kragen Sitaker writes:
Speeding up searching your linked lists by a large constant factor by having an index of starting points is one thing. Speeding it up to the point that it has the same asymptotic complexity as a binary-tree search, but without the worst-case performance and about the same constant factor, is something else entirely. And that's what skip lists do.

we did something slightly related ... but different for online phone books in the late '70s. We had sorted (phone book) file of all records and rather than a binary search we went thru three phased implementation.

The first phase ... which didn't make it to deployment was a straight radix search ... instead of binary search ... use the first letter of the name (26 letters) to select approx. place in file to start search. For actual deployment, the 2nd phase was to use a weighted radix search ... having calculated the weighted distribution of occurance of each letter as the first letter of last names. There was also some calculation that attempted to estimate amount of error after each probe and use that as part of calculating next record ro probe.

The 3rd phase was as the online phone books got larger and larger, the record of the first occurance of each letter (first letter in last name) was recorded for each phone book file. The weighted radix search started knowing the first and last record that had last name starting with specific letter.

The weighted (with letter frequency distribution) radix had maybe 1/3rd the probes to find a match (compared to straight binary search). Explicitly recording the range of records for each first letter might get another 20 percent off the 1/3rd (maybe 1/4th compared to binary search).

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Lisp Chips

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Lisp Chips
Newsgroups: comp.arch
Date: Fri, 22 Mar 2002 21:14:33 GMT

Peter Boyle writes:
Now do it in 512byte packets and you need 1.5GB/s of sustained context switch traffic, while on a RISC it would be 1/4 this, and still less on x86.

Of course you can do better by queueing/dequeueing multiple MTU's at a time in the driver, make judicious use of polling, etc... but I think there is clearly a potential problem ... then start hosting multiple links.

You mean 'tcp/ip connections with a small MTU'? Like say dial-up users?

Hadn't thought of dialup, but I would guess so if sufficiently heavily loaded.

there was gigabit router presentation at aug-88(?) ietf ... tcp/ip traffic was heavily bimodel ... lots of max. MTU packets (1500) and lots of minimum sized packets (setup, ACKs, misc. other stuff; http1.0 aggravated this)) ... making the avg. a couple hundred (althouhg setup/teardown & ACKs shouldn't be perculating all the way up the protocol stack).

work had been done on no-buffer copy, dedicated function 100 instruction packet handler in order for a 50mip processor to support gigabit router function.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Replacement for RFC 1700?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Replacement for RFC 1700?
Newsgroups: comp.security.misc
Date: Sun, 24 Mar 2002 15:29:44 GMT

"Felix Tilley" writes:
RFC 1700 is out of date. Is it going to be revised? Is it going to be replaced? Is there already a replacement? if so, where?

see rfc3232

3232 I
Assigned Numbers: RFC 1700 is Replaced by an On-line Database, Reynolds J., 2002/01/24 (3pp) (.txt=3849) (Obsoletes 1700) (was draft-rfc-editor-rfc1700bis-00.txt)

reference
https://www.garlic.com/~lynn/rfcietff.htm

and click on RFCs that are slso " Standards (STD)"

and click on STD-2 "1700" (Stan) - ASSIGNED NUMBERS

1700 -S
ASSIGNED NUMBERS, Postel J., Reynolds J., 1994/10/20 (230pp) (.txt=458860) (STD-2) (Obsoleted by 3232) (Obsoletes 1340)

=======================

http://www.iana.org/
http://www.iana.org/numbers.html

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Crypting with Fingerprints ?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Crypting with Fingerprints ?
Newsgroups: sci.crypt
Date: Sun, 24 Mar 2002 16:17:46 GMT

"Softman" writes:
It's true that the information is "static". How do you change you password with biometrics?:) Do not suggest cutting something off. Or do you need to wear some rubber fingers as keys? How do you make another password? What if you need two passwords for different applications? Two signatures? Imaging someone stealing your biometrics data from the golf club and accessing some secure enviroments with it? Or simpler, "just press here sir" in a super market?!!

biometrics can be straight shared-secret .... i.e. in the same manner that passwords are shared-secret.

also the environment that a biometric sensor is implemented can either be some random, insecure location .... or it can be a secure sensor that always has a armed guard present (degree that fraudulent or counterfiet information can be injected).

the x9.84 biometric standard has a big section on types of security needed when biometrics is used in a shared-secret paradigm (aka easy to replace a compromised PIN ... but harder to replace a compromised fingerprint or iris).

in a 3-factor authentication paradigm

something you have
something you know
something you are

... something you have can be a hardware token. it is possible to implement the something you know and something you are as a secret ... but a non-shared-secret; aka the correct operation of the hardware token is dependent on the token owner communicating a correct PIN or a biometric to the token. The correct operation of the token can be something like a digital signature ... and it isn't necessary for the PIN or biometric to be shared .... just that it can be prooved that the correct operation of the token is dependent on the correct PIN/biometric.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Would the value of knowledge and information be transferred or shared accurately across the different culture??????

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Would the value of knowledge and information be transferred or shared accurately across the different culture??????
Newsgroups: comp.society.futures
Date: Sun, 24 Mar 2002 16:02:58 GMT

tharat_4@yahoo.com (thararat) writes:
However, I am, who come from the developing country, suspicious that the transformation of knowledge and information via new technology channel from one culture to other culture or from one language to other language at same culture is done accurately and efficient with entirely its value. Do people in particular society at one culture understand and utilize that knowledge and information in a proper manner as the contributors wish it will be. Of course the difficulties must come about to share those knowledge but does it work properly and contribute the great benefit to the society???

random refs: "The Network Nation, Human Communicaton via Computer", Hiltz & Turoff, 1978 Addison-Wesley Publishing Company, Inc.

"Knowledge Machines, Language and Information in a Technological Society" Murray, 1995 Longman.

there was comment of being "proficient" in some aspect of computer programming languages. the analogy drawn was that "proficient" in a natural language implies "thinking" & "dreaming" in that language; in principle that would also apply to programming languages (aka real proficiency would imply people actually think & dream in the programming language analogous to learning a naturual language).

I remember writing programming code in the '70s and numerous people commenting that they didn't understand the code ... and it was my fault that they couldn't understand it.

not only issues about does a cultural have the knowledge constructs available for understanding something ... but does the associated language and people experience include the constructs and context for understanding the technology. I saw cases where it was difficult just to convey meaning translating from a programming language into English.

random refs:
https://www.garlic.com/~lynn/aepay2.htm#position AADS NWI and XML encoded X9.59 NWI
https://www.garlic.com/~lynn/aepay10.htm#26 Definese Dept Criticised on Internal Credit Card Fraud
https://www.garlic.com/~lynn/99.html#205 Life-Advancing Work of Timothy Berners-Lee
https://www.garlic.com/~lynn/2001j.html#29 Title Inflation
https://www.garlic.com/~lynn/2001k.html#64 Programming in School (was: Re: Common uses...)
https://www.garlic.com/~lynn/2002b.html#51 "Have to make your bones" mentality
https://www.garlic.com/~lynn/2002c.html#27 OS Workloads : Interactive etc

there can also be sub-cultures within a large country, random refs:
https://www.garlic.com/~lynn/2002d.html#24 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002d.html#25 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002d.html#32 Farm kids
https://www.garlic.com/~lynn/2002d.html#42 Farm kids

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Crypting with Fingerprints ?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Crypting with Fingerprints ?
Newsgroups: sci.crypt
Date: Sun, 24 Mar 2002 16:34:34 GMT

"Softman" writes:
It's true that the information is "static". How do you change you password with biometrics?:) Do not suggest cutting something off. Or do you need to wear some rubber fingers as keys? How do you make another password? What if you need two passwords for different applications? Two signatures? Imaging someone stealing your biometrics data from the golf club and accessing some secure enviroments with it? Or simpler, "just press here sir" in a super market?!!

as an aside ... while the fingerprint may be perceived to be static, a fingerprint reading is anything from static.

Lets say there is a 40 minutia point reference (FBI standard) ... and then a match is attempted ... a match might represent only ten points. biometric reading matches tend to be extremely "fuzzy" ... with all sorts of art regarding false positives and negatives (i.e. sensor equipment, algorithms, thresholds, etc). In fact, if two readings were taken seconds apart and they came up with the same exact match ... you sould be very suspicious of some sort of fraud going on.

in any case, if a 40 minutia point reading was somehow taken as some sort of encrypting key ... the probability of a subsequent fingerprint reading exactly duplicating an earlier reading should be almost zero (and therefor being able to recover any data encrypted with a key from an earlier reading should be close to negligible).

random ref:
https://www.garlic.com/~lynn/aadsm10.htm#bio4 Fingerprints (was: Re: biometrics)

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Why Use - ?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Why Use *-* ?
Newsgroups: comp.lang.asm370
Date: Sun, 24 Mar 2002 20:47:03 GMT

writes:
Real programmers don't do packed decimal! A real programmer will do radix 10 to radix 16 conversions by successive multiplication and shift.

there use to be complaints about the mud i tracked into bldg. 28 (from cleats in my hiking boots). Where light rail & 85 is now at cottle used to be open field. cottle was paved ... but there was no sidewalk and the shoulder was dirt (or mud in the winter).

Real Programmers Don't Write Specs Real Programmers don't write specs. Users should consider themselves lucky to get any programs at all and take what they get.

Real Programmers don't comment their code. If it was hard to write, it should be hard to understand.

Real Programmers don't write application programs, they program right down on the bare metal. Application programming is for feebs who can't do systems programming.

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Real Programmers don't write in COBOL. COBOL is for wimpy applications programmers.

Real Programmers' programs never work right the first time, but if you throw them on the machine they can be patched into working after "only a few" 30-hour debugging sessions.

Real Programmers don't write in FORTRAN. FORTRAN is for pipe stress freaks and crystallography weenies.

Real Programmers never work 9 to 5. If any real programmers are around at 9am, it's because they were up all night.

Real Programmers don't write in BASIC. Actually, no programmers write in BASIC after the age of 12 years. (REX is not BASIC)

Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN.

Real Programmers don't play tennis, or any other sport that requires you to change clothes. Mountain climbing and caving are OK, and real programmers wear their wilderness boots to work in case a mountain should suddenly spring up in the middle of the machine room.

Real Programmers don't document. Documentation is for simps who can't read assembly listings or better, the object deck.

Real Programmers don't write in PASCAL, or BLISS, or ADA, or any of those pinko computer science languages. Strong typing is for people with weak memories.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Smart Cards

Refed: **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Smart Cards
Newsgroups: comp.security.misc
Date: Sun, 24 Mar 2002 23:00:39 GMT

"Tor Rustad" writes:
Attacks can be mounted on systems without a common shared-secret. For example, I recall an interesting story from the US, where organised crime used a mobile base station (GSM network)...

e-commerce on the Internet can be broken in a number of ways, even when smartcards are used. Of course, the fraud with credit cards has been high for a long time now, but that is no excuse for designing new systems which are hopelessly broken.

slightly related (thread in this n.g. last fall).
https://www.garlic.com/~lynn/2001j.html#54 Does "Strong Security" Mean Anything?

also:
https://www.garlic.com/~lynn/2001j.html#5 E-commerce security????

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

REVIEW: "Authentication: From Passwords to Public Keys", Richard E. Smith

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: REVIEW: "Authentication: From Passwords to Public Keys", Richard E. Smith
Newsgroups: comp.security.misc
Date: Sun, 24 Mar 2002 23:08:47 GMT

"Tor Rustad" writes:
In a homogeneous environment, roll-out of HW based PKI scheme may not result in big support problems. However, I have yet to see a HW based PKI architecture, which can be used in large scale roll-out, without big support problems, no matter the skills of the designers.

it is possible to have a hardware token digital signature authentication scheme w/o requiring a PKI ....

NACHA had trials for the ATM/debit network ... misc. refs:
https://www.garlic.com/~lynn/subtopic.html#aads

aka basically debit infrastructure cost plus the incremental cost of embedding a chip in a debit card & chip readers in terminals ... as opposed to the cost of chipcard infrastructure plus the cost of a PKI infrastructure.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

What goes into a 3090?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What goes into a 3090?
Newsgroups: alt.folklore.computers
Date: Sun, 24 Mar 2002 23:42:39 GMT

cbh@ieya.co.REMOVE_THIS.uk (Chris Hedley) writes:
I was appalled that I couldn't get Windows 2000 to work with as "little" as 48MB the other day: single user, no applications and it couldn't move the mouse pointer because it seemed to be paging to heavily! But I digress...)

slightly related
https://www.garlic.com/~lynn/2001f.html#37 Ancient computer humor - Memory
https://www.garlic.com/~lynn/2001k.html#73 Expanded Storage?

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

Hardest Mistake in Comp Arch to Fix

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Hardest Mistake in Comp Arch to Fix
Newsgroups: alt.folklore.computers
Date: Mon, 25 Mar 2002 00:56:59 GMT

Eric Smith <eric-no-spam-for-me@brouhaha.com> writes:
Don't just the original Zork games by the later bastardized stuff from Activision. I strongly recommend trying Zork I. Other classic Infocom games that are good as introductions:

zork download at
https://www.leeandmelindavarian.com/Melinda/
https://www.leeandmelindavarian.com/Melinda#VMHist

scroll down near the bottom of the page.

i had acquired copy of mainframe adventur shortly after it was available, random refs:
https://www.garlic.com/~lynn/98.html#56 Earliest memories of "Adventure" & "Trek"
https://www.garlic.com/~lynn/99.html#52 Enter fonts (was Re: Unix case-sensitivity: how did it originate?
https://www.garlic.com/~lynn/99.html#83 "Adventure" (early '80s) who wrote it?
https://www.garlic.com/~lynn/99.html#84 "Adventure" (early '80s) who wrote it?
https://www.garlic.com/~lynn/99.html#169 Crowther (pre-Woods) "Colossal Cave"
https://www.garlic.com/~lynn/2000b.html#72 Microsoft boss warns breakup could worsen virus problem
https://www.garlic.com/~lynn/2000d.html#33 Adventure Games (Was: Navy orders supercomputer)
https://www.garlic.com/~lynn/2001m.html#44 Call for folklore - was Re: So it's cyclical.

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

SQL wildcard origins?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: SQL wildcard origins?
Newsgroups: alt.folklore.computers,comp.databases.postgresql.hackers,microsoft.public.sqlserver,microsoft.public.sqlserver.odbc
Date: Mon, 25 Mar 2002 14:07:33 GMT

couperusNOSPAM@znet.com (Jitze Couperus) writes:
But certain mainframe operating systems did already use ? and * to denote wildcards, for example in their job control languages.

No - I fear that the issue you raise is just one more example of academics with their head in the world of set theory and "data banks" who had little knowledge of the practicalities of real computing and/or how it was practised in the real world.

Recall that the original paper(s) on the subject concerned themselves purely with a relationaly complete query language, and didn't even recognize the need for a programmatic interface for insert, update or delete operations - let alone the concept of atomicity for compound interactions (Although they did wax eloquent about "update anomlies".) A more telling example of this incompetence was the complete lack of syntactic paralellism between the "insert" and "update" verbs. One alternates the field names and their associated values, whereas the other lists all field names first, followed by a list of the data values matched by ordinal position in the list. Besides being a classic bug-breeder, it is this sort of pointless asymmetry within the language syntax that caused me to wonder if the erudite fathers of this stuff could code their way out of a paper bag.

original implementation sequel (aka structured english query language; eventually shortened to structured query language, sql), & system/r were done (at sjr, bldg. 28) on CMS & VM/370 which used '*' for wildcard ... cms possibly inheriting '*' from CTSS?? also on CMS, about same time as SQL & system/r implementation was QBE (quuery by example).

from:
http://www.mcjones.org/System_R/

the birth of sql
http://www.mcjones.org/System_R/SQL_Reunion_95/sqlr95-Prehisto.html

also from some long ago sjr reference

Date: 03/10/80 18:36:35
From: Jim Gray

Peter DeJong of Yorktown Computer Science
Father of QBE
Arch-enemy of System R
Will be speaking on Tuesday (today) at 2:30-3:30 in 2C-244
On: System For Business Automation (SBA) which is a conceptual model for an electronic office system. Peter has lots of good ideas on how to send forms around to people, how to use abstract data types to conquer the office automation problem. He also has some ideas on how to implement triggers which are key to SBA.

... snip ... top of post, old email index

misc. other refs:
https://web.archive.org/web/20030708114514/www.postgresql.org/docs/index.php?sql.html
http://icg.harvard.edu/~cs265/lectures/readings/astrahan-1976.html
https://web.archive.org/web/20021226023317/http://www.itworld.com/nl/db_mgr/05142001/
http://linux.oreillynet.com/pub/a/linux/2000/10/20/aboutSQL_1.html
https://web.archive.org/web/20021223161402/http://coronet.iicm.edu/Dbase1/courses/rdbl/nur_html/rdbh09.htm

--
Anne & Lynn Wheeler | lynn@garlic.com - https://www.garlic.com/~lynn/

REXX and its designer (was: IBM 7090 instruction set)

Refed: **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: REXX and its designer (was: IBM 7090 instruction set)
Newsgroups: alt.folklore.computers
Date: Tue, 26 Mar 2002 21:55:41 GMT

jcmorris@mitre.org (Joe Morris) writes:
...which starts a new OT question: where is Mike Cowlishaw these days?

And did anyone ever publish on the web his dictionary of IBMisms?

somebody put it up on the web ... but not mike. mike is now ibm fellow .. still in uk and still involved in rexx

http://www.rexxla.org/ rexx pages

http://www2.hursley.ibm.com/rexx/ mike's rexx page

ibm jargon
https://web.archive.org/web/20020601123619/http://www.212.net/business/jargon.htm

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

What goes into a 3090?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What goes into a 3090?
Newsgroups: alt.folklore.computers
Date: Tue, 26 Mar 2002 21:56:45 GMT

cruff@qwest.net (Craig Ruff) writes:
At work (NCAR), we use Hippi (both parallel and serial) for the data fabric in our Mass Storage System (MSS). It uses Hippi switches to build a crossbar fabric to move data directly between the storage devices (disk, tape) and the client hosts (various Unix systems). This allows us to drive the devices at full speed most of the time and it scales very well. This arrangement has been used since 1986 (at which time it was Hyperchannel based), and was fully a SAN before the term was invented. Of course this is hardly the first implementation of SAN type stuff in history, but don't tell that to the marketing types who think they have something new.

10-15 years ago, we spent some amount of time with the datatree people, helped fund some of the lincs->unitree activity, and spent quite a bit of time with the mesa archival people. actually have a meeting next week with engineer that did some amount of the a515 and the hippi swtuff (datatree & mesa archival were both ibm mainframe "servers" original with hyperchannel, unitree/lincs original was cray & hyperchannel, another player in ieee mss meetings was done at nasa/ames and was uts, mainframe, hyperchannel).

the original a510 remote device adapter (emulated ibm channel, capable of attaching ibm controllers) ... on ibm mainframe, take the complete ccw program and do a little translation and then write the ccw program to the memory of the a510 and then effectively instruct the a510 to emulate a start i/o. all data/memory references went back thru the hyperchannel network to the mainframe memory (as in real ibm channel).

However, this wouldn't work with disk "search" ccw operations since there are timing constraints on being able to retrieve the search argument when dealing with ibm ckd (count-key-data) disks. for (at least) ncar, there was an enhanced a510 called the a515 which

1) supported downloading both the CCW programs as well as search arguments to the a515 memory ... overcoming the ckd disk timing constraints

2) ibm mainframe could download the ccw package to the a515 and pass an "id" to a cray or other computer on the hyperchannel network ... and one of these other computers could "activate" the I/O operation. The data transfer then would be done to/from the memory of the "3rd party" computer rather than the ibm mainframe. this allowed the ibm mainframe to perform the SAN management of the disk/tape ... but allow the data to flow directly from disk and the 3rd party client machine (aka the "server" might be a 4341 machine ... and the "client" some supercomputer).

One of the things in the IEEE standards meetings for hippi switch and ipi disks was being able to translate the ncar/a515 3rd party transfer architecture from the a515 to hippi/ipi.

random refs:
https://www.garlic.com/~lynn/98.html#58 Reliability and SMPs
https://www.garlic.com/~lynn/2000c.html#68 Does the word "mainframe" still have a meaning?
https://www.garlic.com/~lynn/2001.html#21 Disk caching and file systems. Disk history...people forget
https://www.garlic.com/~lynn/2001.html#22 Disk caching and file systems. Disk history...people forget
https://www.garlic.com/~lynn/2001f.html#66 commodity storage servers
https://www.garlic.com/~lynn/2001g.html#33 Did AT&T offer Unix to Digital Equipment in the 70s?
https://www.garlic.com/~lynn/2002.html#10 index searching

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

Multics_Security

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Multics_Security
Newsgroups: alt.os.multics,alt.folklore.computers
Date: Wed, 27 Mar 2002 17:45:55 GMT

"Cousin Stanley" writes:
Greetings ...

The following short letter-to-the-editor from John Bedinger appeared in the current print version of eWeek, March 25, 2002 Volume 19, Number 12, page_34 ...

Does this accurately reflect the state of of "modern" shared-utility computing and security as compared to Multics ???

Cousin Stanley
---------------------------------------------------------------

--- Shared utility ---

I was interested to see that corporations are finally realizing the value of shared-utility computing, a concept pioneered in the late '60s and early '70s by the MIT-led Multics team under contract to DARPA ( "The IT on-off switch", March 11 page 36 ).

Multics included the concepts of multiple virtual machines, resource partitioning, multiple cooperating processors, and a security scheme that was never broken.

It appears that within a year or so, IBM and others may achieve the level of shared-utility computing capability that Multics provided more than 30 years ago.

note that cp/67 starting about the same time and in the same bldg. (and some of the same heritage to ctss, actually cp/67 was predated by cp/40 and then ported to 360/67 and renamed cp/67) saw a fairly wide distribution in numerous secure deployments as well as real service bureaus. IDC with some lincoln labs people and others started in '68 with cp/67. NSCC with some of cp/67 people and others also starting in '68. both offered online computing for (somewhat) general audience (they both had some targets for financial & securities ... other kind of security ... community)

in the '70s some number of these moved to vm/370 (the port of cp/67 to 370s) ... in the '70s, tymshare also offered large vm/370-based service bureau operation (open shared-utility ... i.e. not restricted to closed community ... but general online service).

the largest such shared-utility was probably HONE starting in 1970 first on cp/67 and then migrated to vm/370 (although internal corporate world-wide offering for sales & field support people, as opposed to general purpose open offering like tymshare where anybody in the world could get an account; as an aside the internal network was larger than arpanet/internet until around 1985).

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

flags, procedure calls, opinions

Refed: **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: flags, procedure calls, opinions...
Newsgroups: comp.arch,alt.folklore.computers
Date: Wed, 27 Mar 2002 18:07:21 GMT

"Simon Ford" writes:
I did find something [possibly] fairly interesting while looking last night
http://www.research.ibm.com/journal/rd/441/Amdahl.pdf

it's called "Architecture of the IBM System/360" and describes various choices thay made on the arch (although i havn't read it properly yet). It's by G. M. Amdahl among others who i think must have been the lead engineer (and the guy with that law about parallelism??? it rings a bell)

Anyway, it may be interesting reading.

another possibly interesting read from melinda's site
https://www.leeandmelindavarian.com/Melinda#VMHist

besides VM history documents is

"Development of 360/370 Architecture: A Plain Man's View"

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

PKI and Relying Parties

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: PKI and Relying Parties
Newsgroups: comp.security.misc,comp.security.ssh,sci.crypt
Date: Wed, 27 Mar 2002 18:16:02 GMT

Paul Rubin <phr-n2002a@nightsong.com> writes:
If you're trying to use a cert to authenticate a high-value extranet peer, and you don't want to run your own CA, the safest approach is to configure your software to accept only specific certs kept in a list that you maintain. Have the peer get their cert (whether class 3 or whatever), then you authenticate them offline by whatever method you desire before installing their cert in your software. Normally there's enough hassle (both business and technical) in bringing a new extranet partner online that adding some cert verification doesn't make it that much worse. But I guess it depends on your specific situation.

You might want to read Bruce Schneier's article on PKI risks, and his book "Secrets and Lies".

some number of financial institutions have gone to relying-party-only certificates ... i.e. certificates issued by the institution and only useful by that insitution. what they found out was that they were interested in public key authentication ... which (apparently when they started) they thought was equivalent to PKI, CAs, certificates, etc.

What they started to find out was that the transactions & operations were accessing the same infrastructure that effectively was used for issuing the certificates ... including real time status information.

It was then trivially possible to show that the actual issuance of a certificate as redundant and superfluous.

random refs:
https://www.garlic.com/~lynn/subpubkey.html#radius
https://www.garlic.com/~lynn/subpubkey.html#sslcerts
https://www.garlic.com/~lynn/subpubkey.html#privacy

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

IBM going after Strobe?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM going after Strobe?
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Wed, 27 Mar 2002 18:26:36 GMT

bshannon@JHANCOCK.COM (Shannon, Bob) writes:
PPE was from Boole & Babbage and was the predecessor of InTune. It worked just like the sampler you described. You executed PPE and it attached whatever program you specified in an execution parameter. It didn't support MVS/XA and faded away for a few years until Boole resurrected it.

offering some of the same functionality was vs/repack ... which was released as product in 1976. it not only was useful for things like hot-spots ... but also had added functionality gathering storage references and would take trace combined with load map and attempt to do optimal load restructuring for virtual memory operation (thus the product name vs/repack). it dated back to around 1970 and was used internally before being released as a product in '76. it was used for in the port of apl\360 from a small workspace, real memory environment to cms/apl ... a virtual memory operation (garbage collection space management had to be completely redone for a virtual storage operation) ... which eventually morphed into apl/sv & apl2. It was also used by (at least) the IMS group.

random vs/repack
https://www.garlic.com/~lynn/99.html#68 The Melissa Virus or War on Microsoft?
https://www.garlic.com/~lynn/2000g.html#30 Could CDR-coding be on the way back?
https://www.garlic.com/~lynn/2001b.html#83 Z/90, S/390, 370/ESA (slightly off topic)
https://www.garlic.com/~lynn/2001i.html#20 Very CISC Instuctions (Was: why the machine word size ...)
https://www.garlic.com/~lynn/2002c.html#28 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002c.html#45 cp/67 addenda (cross-post warning)
https://www.garlic.com/~lynn/2002c.html#49 Swapper was Re: History of Login Names

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

IBM 360 definition (Systems Journal)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM 360 definition (Systems Journal)
Newsgroups: bit.listserv.ibm-main
Date: Wed, 27 Mar 2002 21:59:34 GMT

guenther.vieth@D.KAMP.NET (Guenther Vieth) writes:
Hi Oldies, just found this at ebay. Anyone interested ??? Phil ? Rick ? others ???

possibly of interest
http://www.research.ibm.com/journal/rd/441/Amdahl.pdf

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

PKI and Relying Parties

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: PKI and Relying Parties
Newsgroups: comp.security.misc,comp.security.ssh,sci.crypt
Date: Thu, 28 Mar 2002 13:34:10 GMT

Harold Hammond writes:
This isn't about access control or about the reliability of a PKI. The simple question is how can one get access to up-to-date CRLs without becoming a CA.

I want to be able to check Certificate Revocation Lists for digital certificates being presented at my website. I do not want to be a CA. I do not want anyone to be a CA on my behalf.

another way of doing it is use an enhanced RADIUS with your website that supports digital signature in place of password or challenge/response (aka the webserver authentication hook implements radius ... and then radius specifies password, challenge/response or digital signature on an account by account basis).

RADIUS repository supplies both the authentication material (registering password, public key, etc) and the current/accrurate authorization information.

There is some claim that CRLs are the equivalent of the 1960s revoked account lists distributed in monthly paper booklets in the credit card industry. This was an offline technology implementation. Offline technology approaches (like CRLs) became obsolete when moving from an offline paradigm to an online paradigm starting sometime in the '70s.

You don't become a CA or support CRLs ... you just have registeration of those that you accept and their authentication material (whether password, digital signature, challenge/response, etc).

misc. RADIUS related discussions
https://www.garlic.com/~lynn/subpubkey.html#radius

for addition radius references go to
https://www.garlic.com/~lynn/rfcietff.htm

and click on Term (term->RFC#)

in the Acronym Fastpath section, click on "RADIUS"

i.e.

remote authentication dial in user service (RADIUS )
see also authentication , network access server , network services
3162 2882 2869 2868 2867 2866 2865 2809 2621 2620 2619 2618 2548 2139 2138 2059 2058

clicking on any RFC nuumber will give you a summary of that RFC. Clicking on the "(.txt=nnnnn)" field (in a RFC summary) will retrieve the actual RFC.

also of possible interest are the RFCs of the AAA working group: Authentication, Authorization and Accounting
see also accounting , authentication , authorization
3127 2989 2977 2906 2905 2904 2903

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

Mainframers: Take back the light (spotlight, that is)

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Mainframers: Take back the light (spotlight, that is)
Newsgroups: comp.lang.asm370,alt.folklore.computers
Date: Thu, 28 Mar 2002 21:02:03 GMT

Eric Smith <eric-no-spam-for-me@brouhaha.com> writes:
No one said it was. But it's almost always wider than a byte. In PCs, it's almost always 64 bits. Since the memory modules are 72 bits wide these days, it would be inefficient to make the ECC word length any narrower (or wider).

i've seen 8+2 ECC (correct any 1bit error, detect any 2bit errors) memory on some PCs.

I've also seen 64+16 ECC (correct any 15bit error, detect any 16bit errors) ... more mainframe oriented.

note that this is ECC ... as in error-correcting codes ... and not ECC as in elliptical curve cryptography.

Although there is some common with respect to galois field and reed solomon ecc (aka as in cdroms) & galois field & elliptical curve

misc. galois field & reed solomon
http://www.4i2i.com/reed_solomon_codes.htm
http://www.csl.sony.co.jp/person/morelos/ecc/codes.html
http://www.eccpage.com/
https://web.archive.org/web/20030417024804/http://www.ee.umn.edu/users/jchen/ecc.html
http://home.netcom.com/~chip.f/viterbi/fecbiblio.html
http://www.computer.org/proceedings/fccm/8159/81590219abs.htm

misc. galois field & elliptical curve
http://www.wikipedia.com/wiki/Elliptical_Curve_Cryptography
http://tools.ietf.org/html/rfc2409.txt

random refs:
https://www.garlic.com/~lynn/2001b.html#80 Disks size growing while disk count shrinking = bad performance
https://www.garlic.com/~lynn/2001k.html#71 Encryption + Error Correction
https://www.garlic.com/~lynn/93.html#28 Log Structured filesystems -- think twice
https://www.garlic.com/~lynn/99.html#115 What is the use of OSI Reference Model?
https://www.garlic.com/~lynn/99.html#210 AES cyphers leak information like sieves

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

Mainframers: Take back the light (spotlight, that is)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Mainframers: Take back the light (spotlight, that is)
Newsgroups: alt.folklore.computers
Date: Thu, 28 Mar 2002 21:08:53 GMT

Charles Shannon Hendrix writes:
It also was a one-man show, or cloned very closely.

Imagine there were over 100 different mainframes, all using channel I/O. I'm sure there would have been similar incompatibilities.

There is no reason for that of course, but it would probably have happened.

there were at least 100 different mainframe controllers all using the same channel I/O (and their respective device drivers) and even when you are talking about all done under the same corporate umbrella ... there still was a huge amount of regression testing to make it work.

move up a layer or two to something like LU0 or LU2.0 controllers and things even more convoluted. For the most part, things built to channel I/O specification possibly needed tweaking during regression testing. There were instances where things built to LU2.0 specification was guaranteed to not work (i.e. the specification and the reality weren't the same) ... again possibly all within the same corporate umbrella.

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

Mainframers: Take back the light (spotlight, that is)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Mainframers: Take back the light (spotlight, that is)
Newsgroups: comp.lang.asm370,alt.folklore.computers
Date: Fri, 29 Mar 2002 02:05:40 GMT

CBFalconer writes:
I think that is, on the face of it, impossible. You have to have some sort of distance measure, and there isn't enough room for it in that combination. 8+4 I could believe.

yes, sorry for the brain check (although there were PC advertisements in the past quoting "8+2" ... but it was the ratio of bits they were referring to ... not the encoding size).

random refs:
https://web.archive.org/web/20030223012238/http://www.nuvisionmiami.com/books/asm/workbook/error_correcting.htm

from the above.


The number of parity bits depends on the number of data bits:
Data Bits :   4   8   16   32   64   128
Parity Bits:  3   4    5    6    7     8
Codeword :    7  12   21    38  71   136

We can say that for N data bits, (log2 N)+1 parity bits are required. In other words, for a data of size 2n bits, n+1 parity bits are embedded to form the codeword. It's interesting to note that doubling the number of data bits results in the addition of only 1 more data bit. Of course, the longer the codeword, the greater the chance that more than error might occur.1

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

PKI and Relying Parties

Refed: **, - **, - **, - **, - **, - **, - **, - **

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: PKI and Relying Parties
Newsgroups: comp.security.misc,comp.security.ssh,sci.crypt
Date: Fri, 29 Mar 2002 13:16:18 GMT

john.veldhuis writes:
CRLs for certain certificates are usually signed by the CA who has certified them. So, one way or another, someone has to perform CA duty.

If you have a PKI with certificates. For a relying-party-only environment, it is possible to have a pki, or a npki, or a spki ... that doesn't have certificates ... just an online environment.

In effect, certificates are something like letters of credit from the (offline) sailing ship days (where there was no way of calling up and verifying the information) or the plastic payment cards before online transactions (the cards look the same, but instead of using the front for offline transactions, the magstripe on the back is used for online transactions).

the certificates are somewhat like processor cache lines ... so the processor can use the local information w/o having to reference the original information. CRLs are analogous to the cache-line broadcast invalidation signals (you hope that everybody that needs to get the signal, is listening).

In the case of SSL domain name certificates ... it could be possible for the relying part to provide the domain name and get back both an ip address and an associated public key from the domain name infrastructure (no certificates, just online information, both the ip-address and the public key).

First, public keys aren't currently registered with the domain name ... so while the domain name infrastructure has the capability of serving up arbitrary information (not just ip-addresses), it doesn't currently have the public key information to server up.

Second, there are integrity issues with the domain name infrastructure serving ... which effectively has given rise to the whole SSL domain name certificates. A server someplace applies to a certification authority to get them to certify a credential as to the server's domain name.

Now a certification authority typically is just that ... they certify information ... they aren't the authoritative agency responsible for the information they are certifying. A certification authority typically checks out the information they are certifying with the authoritative agency that is responsible for the information being certified.

So who is the authoritative agency for domain name information?, the domain name infrastructure. This is the same domain name infrastructure that supposedly has integrity issues giving rise to the justification for SSL domain name certificates. So one of the solutions to address the integrity issues on behalf of certification authorities ... is to have public keys registered with the domain name infrastructure at the same time a domain name is registered. That registered public key, used in various domain name infrastructure business operations addresses various domain name infrastructure integrity issues.

So if domain name infrastructure integrity issues are addressed, it goes a long way to eliminating the original requirement for having SSL domain name certificates. Also if that approach includes the registering of public keys, then the domain name infrastructure now has public keys that it can serve up real-time at the some time it serves up ip-addresses (as per "one").

In the case of relying-party-only financial operations, they can be their own CA. Note however, this typically involves registering a public key for an account, generating a certificate (typically with account number, public key and nothing else, in part because of privacy & liability issues), saving the certificate original in the account record, and sending a copy of the certificate back to the public key owner.

The public key owner (also the account owner) then generates some form of transactions which they then sign with their private key. They then package up the transaction, the digital signature, and the certificate copy back to their financial institution (relying party). Both the transaction and the certificate contain the account number (redundant information), which then instructs the processing to retrieve the account record.

now, the account record contains the original of the certificate, a copy of which is also appended to the transaction. It is at this point that it is apparent that the appending of the copy of a certificate to the end of a transactions is redundant and superfluous ... because it is being sent back to the relying-party which has the original of the certificate ... which the relying-party is going to read as part of processing the transaction.

Now, for various efficiency reasons, the relying-party when it generates the certificate (ASN.1 encoded) is likely to store the unencoded version of the fields in the account record (and/or the unencoded version of the fields are already going to be in the account record). As a result, the relying-party is retrieving the same information from the account record (as might be found in the certificate) ... but already in unencoded and directly usable form.

The other issues that arises in the financial relying-party only scenario is one of service. The reason that the original of the certificate (or at least all the same information in directly usable, unencoded form) is stored in the account record ... is when somebody calls up with a question or some issue as to why something works or doesn't work with their account ... all that information is directly available to answer the call.

A financial relying-party is also likely to prefer real-time copies of the information and a paradigm designed for online, real-time operation ... as opposed to a paradigm designed for offline, stale information operation ... especially when it is performing online, real-time operations; aka certificates are redundant and superfluous and were never intended as a solution to online, relying-party-only operation in the first place.

random refs:
https://www.garlic.com/~lynn/subpubkey.html#privacy privacy, reliability, relying-party-only
https://www.garlic.com/~lynn/subpubkey.html#sslcerts ssl certification
https://www.garlic.com/~lynn/subpubkey.html#radius various online certificate-less pki

--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/

Mainframers: Take back the light (spotlight, that is)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Mainframers: Take back the light (spotlight, that is)
Newsgroups: alt.folklore.computers
Date: Mon, 01 Apr 2002 17:41:47 GMT

Kragen Sitaker writes:
Well, from reading posts here and chatting with folks who had implemented 370 OSes, I seem to recall that with a properly written driver, even a seriously buggy device couldn't crash the computer (except, perhaps, by shorting it out --- purely electrical problems.) It seems that such a level of isolation would prevent problems on one device from impairing the stability of the whole system, just as it does in software (memory protection.)

when playing in the disk engineering lab in the later half of the '70s ... the mean time between failure for standard MVS/370 with a single test cell was on the order of 15 minutes (a test cell consisted of a single device under development). I worked on doing an absolutely bullet-proof input/output supervisor so that 6-12 twelve test cells could be operated & tested concurrently on the same computer w/o any operating system failure. Prior to that, dedicated computer time was scheduled per test cell (2914(?) switches later replaced with 3914(?) switches for isoliation)
a test cell was a steel mesh cage with door and special combination lock ... and the device was inside (this wasn't an electrical isolation problem... it was a physical security issue). There would be several of these in the engineering computer room (initially at the time, 2nd floor of bldg 14, although this was moved to bldg. 86 when they started doing seismic retrofit to bldg. 14).
random refs:
https://www.garlic.com/~lynn/subtopic.html#disk
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
O'Reilly C Book
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: O'Reilly C Book Newsgroups: alt.folklore.computers,comp.lang.c Date: Tue, 02 Apr 2002 15:44:34 GMT
jchausler writes:
Am I missing something here? (It wouldn't be the first time). What's wrong with null terminated strings? Now I assume you mean NUL terminated strings, i.e. an ASCII ZERO vs.. "NULL" a zero string (or any other) address, i.e. you can have a string with a NULL address (meaning there's no string) or a string with a NUL as the first character meaning an "empty" string, or am I just (once again) confused. I've been writing C for years using all the above without a problem. Where have I been mislead? Enlighten me, I'm always willing to learn!

it isn't so much NULL terminated string ... it is paradigm of implicit string lengths (aka a NULL terminate string has some implicit length).
there tends to be a significant increase in buffer overrun exploits in an environment where programmers are relying on implicit string lengths. lots of environments have explicitly implemented string lengths ... where the programmer is forced to always check for string length & buffer size mismatch ... or the underlying protocol semantics always deal with string length & buffer size matching.
in the late '80s when we were working on ha/cmp ... and doing various vulnerability analysis ... we predicted that the c-based environments would have one to two order of magnitude more buffer problems than environments that had explicit length handling paradigms.
misc. refs:
https://www.garlic.com/~lynn/subtopic.html#hacmp
https://web.archive.org/web/20011004023230/http://www.hdcc.cs.cmu.edu/may01/index.html
random refs:
https://www.garlic.com/~lynn/99.html#85 Perfect Code
https://www.garlic.com/~lynn/99.html#163 IBM Assembler 101
https://www.garlic.com/~lynn/2000.html#25 Computer of the century
https://www.garlic.com/~lynn/2000b.html#17 ooh, a real flamewar :)
https://www.garlic.com/~lynn/2000b.html#22 ooh, a real flamewar :)
https://www.garlic.com/~lynn/2000c.html#40 Domainatrix - the final word
https://www.garlic.com/~lynn/2001b.html#47 what is interrupt mask register?
https://www.garlic.com/~lynn/2001b.html#58 Checkpoint better than PIX or vice versa???
https://www.garlic.com/~lynn/2001c.html#32 How Commercial-Off-The-Shelf Systems make society vulnerable
https://www.garlic.com/~lynn/2001c.html#38 How Commercial-Off-The-Shelf Systems make society vulnerable
https://www.garlic.com/~lynn/2001c.html#73 PKI and Non-repudiation practicalities
https://www.garlic.com/~lynn/2001i.html#54 Computer security: The Future
https://www.garlic.com/~lynn/2001k.html#43 Why is UNIX semi-immune to viral infection?
https://www.garlic.com/~lynn/2001l.html#49 Virus propagation risks
https://www.garlic.com/~lynn/2001m.html#27 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
https://www.garlic.com/~lynn/2001n.html#30 FreeBSD more secure than Linux
https://www.garlic.com/~lynn/2001n.html#71 Q: Buffer overflow
https://www.garlic.com/~lynn/2002.html#23 Buffer overflow
https://www.garlic.com/~lynn/2002.html#38 Buffer overflow
https://www.garlic.com/~lynn/aadsm5.htm#asrn4 assurance, X9.59, etc
https://www.garlic.com/~lynn/aepay7.htm#3dsecure2 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure
https://www.garlic.com/~lynn/aepay7.htm#3dsecure4 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure
https://www.garlic.com/~lynn/aadsm10.htm#cfppki13 CFP: PKI research workshop
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers,alt.history.future,rec.arts.sf.science,rec.arts.sf.written Date: Wed, 03 Apr 2002 00:38:37 GMT
cbh@ieya.co.REMOVE_THIS.uk (Chris Hedley) writes:
I always thought that ISO 9000 was about achieving a standard quality; that said quality might be significantly inferior and more difficult to attain before the introduction of ISO 9000 seems irrelevant.

I just wish someone would do business a favour and make bureaucracies like ISO 9000 illegal and their protagonists punishable by death.

Chris.

the ISO 9000 audits that i'm aware of involve 1) is there a documented process, 2) have you read & understood the documented process for what you do, 3) do you follow the documented process for what you do (nothing about standards or quality).
software process(es) ... the framework quadmire
https://web.archive.org/web/20060831110450/http://www.software.org/quagmire/
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Browser Security
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Browser Security Newsgroups: sci.crypt Date: Wed, 03 Apr 2002 21:51:46 GMT
"Jo�l Bourquard" writes:
Browsers actually implement the SSL standard, which was developed by Netscape and can be found in various RFCs and in the free OpenSSL implementation.

browsers implement the SSL specification ... the standard is TLS
basically client gets a server's certificate ... containing the server's public key. the client validates that it is a valid certificate and supposedly is for the server that the client believes it is talking to. the client generates a secret key, encrypts it with the servers public key and transmits it to the server. The server decrypts the secret key with the server's private key and then starts encrypted communication using the (now) shared-secret key.
most browsers have security configuration options with respect to which levels of SSL (&/or TLS) is supported as well as what kinds of "secret key" algorithms can be used (including related key lengths).
misc. refs to SSL domain name certificates:
https://www.garlic.com/~lynn/subpubkey.html#sslcerts
with respect to TLS RFC standard documents, goto
https://www.garlic.com/~lynn/rfcietff.htm
click on Term (term->RFC#) field
then in the Acronym fastpath section, click on "TLS"
that will get you the various TLS related RFCs (either that use TLS or specify TLS) ... i.e.
transport layer security (TLS )
see also encryption , security
3207 2847 2830 2818 2817 2716 2712 2595 2487 2246
clicking on any of the RFC numbers will display a summary of that RFC. clicking on the ".txt=" field in the summary will fetch the actual RFC.
misc. summary examples from above:
2830 PS
Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security, Hodges J., Morgan R., Wahl M., 2000/06/08 (12pp) (.txt=24469) (LDAP)
2246 PS
The TLS Protocol Version 1.0, Allen C., Dierks T., 1999/01/27 (79pp) (.txt=170401)
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers Date: Thu, 04 Apr 2002 03:37:59 GMT
"Charlie Gibbs" writes:
To me, a stack (in this context) is all of the layers taken as a whole. The term emphasizes that the complete environment consists of a number of distinct layers - modularity in a vertical sense. Consider the OSI model, for instance.

somewhat as a total aside ... an OSI "stack" had the protocol/message passing layers (there is something at the highest layer and it needs to send something to it's counterpart at another node ... the trail of bits, etc. to get out, back in). note however this is missing the whole "management" & "service" out-of-band stuff needed to actually make such an infrastructure work .... aka the service definition stuff ... when depicted at all ... is usually this broad/fuzzy band off to the side and perpendicular to the protocol/model layers (and OSI stack/model doesn't actually work w/o the service & management stuff).
random osi refs:
https://www.garlic.com/~lynn/99.html#114 What is the use of OSI Reference Model?
https://www.garlic.com/~lynn/99.html#115 What is the use of OSI Reference Model?
https://www.garlic.com/~lynn/2000b.html#0 "Mainframe" Usage
https://www.garlic.com/~lynn/2000b.html#1 "Mainframe" Usage
https://www.garlic.com/~lynn/2000b.html#4 "Mainframe" Usage
https://www.garlic.com/~lynn/2000b.html#8 "Mainframe" Usage
https://www.garlic.com/~lynn/2000b.html#10 "Mainframe" Usage
https://www.garlic.com/~lynn/2000b.html#59 7 layers to a program
https://www.garlic.com/~lynn/2000b.html#79 "Database" term ok for plain files?
https://www.garlic.com/~lynn/2000d.html#63 Is Al Gore The Father of the Internet?
https://www.garlic.com/~lynn/2000d.html#70 When the Internet went private
https://www.garlic.com/~lynn/2000d.html#72 When the Internet went private
https://www.garlic.com/~lynn/2000e.html#19 Is Al Gore The Father of the Internet?^
https://www.garlic.com/~lynn/2001e.html#16 Pre ARPAnet email?
https://www.garlic.com/~lynn/2001e.html#17 Pre ARPAnet email?
https://www.garlic.com/~lynn/2001e.html#23 Pre ARPAnet email?
https://www.garlic.com/~lynn/2001e.html#24 Pre ARPAnet email?
https://www.garlic.com/~lynn/2001e.html#25 Pre ARPAnet email?
https://www.garlic.com/~lynn/2001e.html#32 Blame it all on Microsoft
https://www.garlic.com/~lynn/2001e.html#34 Blame it all on Microsoft
https://www.garlic.com/~lynn/2001i.html#5 YKYGOW...
https://www.garlic.com/~lynn/2001i.html#6 YKYGOW...
https://www.garlic.com/~lynn/2001j.html#4 I hate Compaq
https://www.garlic.com/~lynn/2001j.html#20 OT - Internet Explorer V6.0
https://www.garlic.com/~lynn/2001k.html#62 SMP idea for the future
https://www.garlic.com/~lynn/2001k.html#71 Encryption + Error Correction
https://www.garlic.com/~lynn/2001m.html#15 departmental servers
https://www.garlic.com/~lynn/2001n.html#15 Replace SNA communication to host with something else
https://www.garlic.com/~lynn/2001n.html#27 Unpacking my 15-year old office boxes generates memory refreshes
https://www.garlic.com/~lynn/2002e.html#53 Mainframers: Take back the light (spotlight, that is)
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers Date: Thu, 04 Apr 2002 12:57:51 GMT
Lars Poulsen writes:
For IBM's mainframe systems, a moderate (10-25 terminals) might incur a software charge of about $15,000 per month to run VM/370, MVS, CICS, a usable set of compilers and an inventory, accounting and billing system for a small manufacturing company.

as part of unbundling ... 69jun23, ibm starting charging licensing fees (aka monthly) for various application, compilers, etc. However, SCP stuff (aka operating system) was still viewed as part of the hardware and there wasn't any licensing fees.
The Resource Manager got to be the guinea-pig for SCP charging (i.e. operating system component that had monthly licensing fee, May, 1976).
https://www.garlic.com/~lynn/2001e.html#45
as a result (in addition to doing all the product stuff, documentation, training classes, etc) for the Resource Manager ... I got to spend six months with the business people setting ground rules for SCP charing/licensing.
random refs:
https://www.garlic.com/~lynn/94.html#20 CP/67 & OS MFT14
https://www.garlic.com/~lynn/94.html#27 370 ECPS VM microcode assist
https://www.garlic.com/~lynn/94.html#52 Measuring Virtual Memory
https://www.garlic.com/~lynn/95.html#1 pathlengths
https://www.garlic.com/~lynn/95.html#3 What is an IBM 137/148 ???
https://www.garlic.com/~lynn/95.html#14 characters
https://www.garlic.com/~lynn/96.html#24 old manuals
https://www.garlic.com/~lynn/97.html#11 OSes commerical, history
https://www.garlic.com/~lynn/99.html#100 Why won't the AS/400 die? Or, It's 1999 why do I have to learn how to use
https://www.garlic.com/~lynn/99.html#126 Dispute about Internet's origins
https://www.garlic.com/~lynn/99.html#180 The Watsons vs Bill Gates? (PC hardware design)
https://www.garlic.com/~lynn/2000.html#63 Mainframe operating systems
https://www.garlic.com/~lynn/2000.html#75 Mainframe operating systems
https://www.garlic.com/~lynn/2000c.html#44 WHAT IS A MAINFRAME???
https://www.garlic.com/~lynn/2000f.html#28 OT?
https://www.garlic.com/~lynn/2000f.html#30 OT?
https://www.garlic.com/~lynn/2000f.html#78 TSS ancient history, was X86 ultimate CISC? designs)
https://www.garlic.com/~lynn/2001b.html#15 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
https://www.garlic.com/~lynn/2001b.html#16 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
https://www.garlic.com/~lynn/2001b.html#18 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
https://www.garlic.com/~lynn/2001b.html#23 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
https://www.garlic.com/~lynn/2001b.html#74 Z/90, S/390, 370/ESA (slightly off topic)
https://www.garlic.com/~lynn/2001b.html#79 Z/90, S/390, 370/ESA (slightly off topic)
https://www.garlic.com/~lynn/2001c.html#13 LINUS for S/390
https://www.garlic.com/~lynn/2001e.html#45 VM/370 Resource Manager
https://www.garlic.com/~lynn/2001e.html#51 OT: Ever hear of RFC 1149? A geek silliness taken wing
https://www.garlic.com/~lynn/2001e.html#64 Design (Was Re: Server found behind drywall)
https://www.garlic.com/~lynn/2001f.html#48 any 70's era supercomputers that ran as slow as today's supercomputers?
https://www.garlic.com/~lynn/2001f.html#56 any 70's era supercomputers that ran as slow as today's supercomputers?
https://www.garlic.com/~lynn/2001h.html#1 Alpha: an invitation to communicate
https://www.garlic.com/~lynn/2001h.html#18 checking some myths.
https://www.garlic.com/~lynn/2001h.html#61 Net banking, is it safe???
https://www.garlic.com/~lynn/2001l.html#9 mainframe question
https://www.garlic.com/~lynn/2001l.html#32 mainframe question
https://www.garlic.com/~lynn/2002b.html#28 First DESKTOP Unix Box?
https://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
https://www.garlic.com/~lynn/2002b.html#55 "Fair Share" scheduling
https://www.garlic.com/~lynn/2002b.html#56 Computer Naming Conventions
https://www.garlic.com/~lynn/2002c.html#11 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002c.html#12 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002c.html#13 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002c.html#28 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002c.html#39 VAX, M68K complex instructions (was Re: Did Intel Bite Off More Than It Can Chew?)
https://www.garlic.com/~lynn/2002c.html#45 cp/67 addenda (cross-post warning)
https://www.garlic.com/~lynn/2002c.html#53 VAX, M68K complex instructions (was Re: Did Intel Bite Off More Than It Can Chew?)
https://www.garlic.com/~lynn/2002c.html#54 Swapper was Re: History of Login Names
https://www.garlic.com/~lynn/2002d.html#0 VAX, M68K complex instructions (was Re: Did Intel Bite Off MoreThan It Can Chew?)
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers Date: Thu, 04 Apr 2002 13:05:24 GMT
"GerardS" writes:
---- VM/370 was (and is) free. ========================= Gerard S.

Resource Manager was the first charged for SCP component. However, it turned out that well over half of the code in the resource manager was doing things for multiprocessor sensitivity. For the next (full) release of VM/370 after the resource manager .... all the code in the resource manager related to restructuring for multiprocessor support was incorporated in the base (free) VM/370 and the rest of the resource manager along with some other new features were packaged as VM/HPO (high performance option). Then it was restructured again ... vm/370, vm/bsepp (basic extensions) and vm/sepp (the full HPO extensions).
MVS/HPO (mvs lincensed SCP component) then followed the business & pricing that was done for VM resource manager & VM/HPO.
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers Date: Thu, 04 Apr 2002 13:11:28 GMT
Lars Poulsen writes:
You are correct, Sir. The version that would have been in the above-described bundle would have been VM/SP. Since I never worked in an IBM shop, I'm not too sure what the difference was. I always assumed that the "free" version was frozen at some point in time, and to get new device and CPU support, you had to switch to the "product" version.

VM resource manager, ... then VM/HPO, then VM, vm/bsepp, & vm/sepp ... with the licensed for components shipped as incremental add-ons to the base release (free) product. Resource Manager was originally available for VM/370 Release 3 (although some amount of the code had been originally done while I was an undergraduate, had been made available on CP/67, was then dropped in the CP/67 to VM/370 port ... and then re-introduced with the resource manager).
The HPO, bsepp, and sepp stuff then continued up until VM/370 Release 6. It was at what would have been VM/370 Release 7 ... that the whole thing was redone, including basic licensing fees and renamed VM/SP Release 1.
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Digital Signatures (unique for same data?)
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Digital Signatures (unique for same data?) Newsgroups: sci.crypt Date: Thu, 04 Apr 2002 13:34:34 GMT
Kenn Lynch writes:
I know this is very generic question but I'm trying to get a better understanding of the nature of the actual digital signature data when using DSA/SHA and RSA.

Possibly I'm having a senior moment but, I am not clear on why multiple signatures from the same input data would be different? (and how you would verify if they are different?)

frequently messages for RSA signatures define a 20byte random number (NONCE) that is inserted into the message prior to computing SHA-1. The nonce would result in a different SHA1 for the same message ... but is based on the message being modified every time with a unique nonce. The RSA private key is then used to encrypt the SHA1 ... yielding a predictable digital signature for each SHA1. However, if the process produced a unique SHA1 for every signing ... then there would be a unique RSA digital signature ... as an outcome of the defined process. RSA private key encryption of a 20byte SHA1 yeilds a 20byte encrypted value (or 20 byte digital signature).
DSA defines a signing process on SHA1 that includes a random number generated as part of the digital signature operation with the private key. DSA yields a digital signature that isn't a straight forward encryption of the 20byte SHA1 by the private key. DSA yields a digital signature that is two 20byte values. Verifying the signature involves the public key and the two 20byte values ... w/o knowing either the original private key or the random number generated as part of the DSA process. The integrity of the DSA process is dependent, in part, on the quality of the random number generation and not being able to determine either the private key or the random number generated.
RSA has been common for possibly a nummber of reasons. One is that RSA encryption of a message and RSA encryption of the SHA1 is effectively the same operation. DSA only is a signing operation.
One of the other common occurances of RSA digital signature has been most of the chipcard implementations up until relatively recent times. A chipcard was used to protect the private key as well as perform the signature/encryption operation. However, the majority of chips used in chip cards have had terrible random number generation characteristics (as well as being slow). As a result, infrastructures were built that had public/private keys generated external to the chips and then injected into the chip as part of some personalization process. Message & protocols were then defined that had no dependency on the chipcard supporting quality random number characteristics .... in effect any random number operation was performed externally in some other component responsible for composing the message (... aka the NONCE; which frequently also calculated the SHA1) before sending it to the chip for signing.
This eliminated the exposure (in DSA) of exposing the private key because of poor random number generation capability.
misc. sha1 & dsa refs (fips180 & fips186):
https://www.garlic.com/~lynn/ansiepay.htm#anxclean Misc 8583 mapping cleanup
https://www.garlic.com/~lynn/2000b.html#93 Question regarding authentication implementation
https://www.garlic.com/~lynn/2001g.html#14 Public key newbie question
https://www.garlic.com/~lynn/2001m.html#2 RSA SecurID: public key cryptography?
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
First images in email?
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: First images in email? Newsgroups: alt.folklore.computers Date: Thu, 04 Apr 2002 13:53:27 GMT
"Douglas H. Quebbeman" writes:
I believe there was a standard for images in Teletext? Whatever the system was that became popular in France. Also, the GKS standard defined a format for storing graphics information in files. GKS didn't catch on much here in the states, although Digital Research did have a GKS subsystem called GSX that ran under CP/M. But as with a CP/M BIOS, the computer manufacturer had to implement the low-level routines to integrate GSX with the host hardware. The only version I saw ran on the Televideo Z-80 based 80x series. I was using it in 1983, but I thought I read an article in a 1981 issue of Microsystems that was where I first saw it.

one of the first I saw was a xmas greeting designed to slowly draw a xmas tree on a 3270 screen ... in the early '70s on the internal network. it used cms exec to write part of the xmas tree to the screen, pauase, write some more, etc. later versions got a lot fancier being able to twinkle bulbs on color 3279.
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Blade architectures
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blade architectures Newsgroups: comp.os.vms,comp.arch Date: Thu, 04 Apr 2002 18:19:55 GMT
"Brig Campbell" writes:
The Datacenter program for Windows 2000 offers "A minimum uptime guarantee of 99.9% availability" for a single box. Vendors are free to go higher for specific applications/configurations. Unisys has customers with individual systems running in very managed environments at 5-9's.

Windows 2000 Datacenter Program overview:
http://www.microsoft.com/windows2000/datacenter/evaluation/business/windcprog.asp

one of the places that we looked at when we were doing ha/cmp that needed five nines was 1-800 lookup service (aka the mapping between a 1-800 number and a real numbers). That was total of five minutes outage per year ... regardless of reason, planned, unplanned, etc. A non-clustered fault-tolerant system w/o hot-pluggable software ... could fail the five-nines system with a single software maintenance event.
another issue when we were working on the distributed lock manager for HA/CMP ... was various of the DBMS vendors that also had products that ran in VMS cluster environment had complaints about the length of time things were suspended when a failure occurred and lock consistency had to be rebuilt in a VMS environment. One major requirement of the HA/CMP DLM (by various DBMS vendors) was to have a significant faster recovery time (than vms) when a cluster node failed.
Note however, that even for five nines ... various natural disasters become a major consideration ... just about requirement geographicly distributed cluster (we had coined the term disaster survivability during our ha/cmp days to distinguish from straight disaster recovery scenarios).
misc. ha/cmp refs:
https://www.garlic.com/~lynn/subtopic.html#hacmp
random refs:
https://www.garlic.com/~lynn/aadsm2.htm#availability A different architecture? (was Re: certificate path
https://www.garlic.com/~lynn/aadsmail.htm#variations variations on your account-authority model (small clarification)
https://www.garlic.com/~lynn/aadsmore.htm#time Certifiedtime.com
https://www.garlic.com/~lynn/aadsmore.htm#pressign President Clinton digital signing
https://www.garlic.com/~lynn/aepay2.htm#cadis disaster recovery cross-posting
https://www.garlic.com/~lynn/98.html#23 Fear of Multiprocessing?
https://www.garlic.com/~lynn/99.html#71 High Availabilty on S/390
https://www.garlic.com/~lynn/99.html#128 Examples of non-relational databases
https://www.garlic.com/~lynn/99.html#145 Q: S/390 on PowerPC?
https://www.garlic.com/~lynn/99.html#184 Clustering systems
https://www.garlic.com/~lynn/2000g.html#27 Could CDR-coding be on the way back?
https://www.garlic.com/~lynn/2000g.html#32 Multitasking and resource sharing
https://www.garlic.com/~lynn/2001.html#33 Where do the filesystem and RAID system belong?
https://www.garlic.com/~lynn/2001.html#41 Where do the filesystem and RAID system belong?
https://www.garlic.com/~lynn/2001c.html#66 KI-10 vs. IBM at Rutgers
https://www.garlic.com/~lynn/2001e.html#2 Block oriented I/O over IP
https://www.garlic.com/~lynn/2001e.html#4 Block oriented I/O over IP
https://www.garlic.com/~lynn/2001g.html#46 The Alpha/IA64 Hybrid
https://www.garlic.com/~lynn/2001i.html#41 Withdrawal Announcement 901-218 - No More 'small machines'
https://www.garlic.com/~lynn/2001i.html#43 Withdrawal Announcement 901-218 - No More 'small machines'
https://www.garlic.com/~lynn/2001i.html#48 Withdrawal Announcement 901-218 - No More 'small machines'
https://www.garlic.com/~lynn/2001i.html#49 Withdrawal Announcement 901-218 - No More 'small machines'
https://www.garlic.com/~lynn/2001j.html#23 OT - Internet Explorer V6.0
https://www.garlic.com/~lynn/2001j.html#47 OT - Internet Explorer V6.0
https://www.garlic.com/~lynn/2001k.html#5 OT - Internet Explorer V6.0
https://www.garlic.com/~lynn/2001k.html#18 HP-UX will not be ported to Alpha (no surprise)exit
https://www.garlic.com/~lynn/2001l.html#47 five-nines
https://www.garlic.com/~lynn/2001n.html#47 Sysplex Info
https://www.garlic.com/~lynn/2001n.html#85 The demise of compaq
https://www.garlic.com/~lynn/2001n.html#90 Buffer overflow
https://www.garlic.com/~lynn/2002.html#24 Buffer overflow
https://www.garlic.com/~lynn/2002.html#28 Buffer overflow
https://www.garlic.com/~lynn/2002.html#44 Calculating a Gigalapse
https://www.garlic.com/~lynn/2002b.html#63 Filesystem namespaces (was Re: Serving non-MS-word .doc files (was Re: PDP-10 Archive migrationplan))
https://www.garlic.com/~lynn/2002c.html#39 VAX, M68K complex instructions (was Re: Did Intel Bite Off More Than It Can Chew?)
https://www.garlic.com/~lynn/2002e.html#47 Multics_Security
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Blade architectures
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blade architectures Newsgroups: comp.os.vms,comp.arch Date: Thu, 04 Apr 2002 19:36:00 GMT
Anne & Lynn Wheeler writes:
Note however, that even for five nines ... various natural disasters become a major consideration ... just about requirement geographicly distributed cluster (we had coined the term disaster survivability during our ha/cmp days to distinguish from straight disaster recovery scenarios).

also, a couple years ago we were talking with a large financial service operation who attributed 100 percent availability for six plus year period to
1) ims hotstandby (clustering technique) 2) automated operator
aka as hardware and software reliability gets better ... larger percentage of outages were attributable to disasters and human mistakes.
recent thread (drift) on software process
https://www.garlic.com/~lynn/2002e.html#59 Computers in Science Fiction
somewhat related posting
https://www.garlic.com/~lynn/2001k.html#15 HP-UX will not be ported to Alpha (no surprise)exit
random human related refs:
https://www.garlic.com/~lynn/99.html#71 High Availabilty on S/390
https://www.garlic.com/~lynn/99.html#107 Computer History
https://www.garlic.com/~lynn/99.html#128 Examples of non-relational databases
https://www.garlic.com/~lynn/99.html#136a checks (was S/390 on PowerPC?)
https://www.garlic.com/~lynn/2000.html#22 Computer of the century
https://www.garlic.com/~lynn/2000f.html#12 Amdahl Exits Mainframe Market
https://www.garlic.com/~lynn/2000f.html#54 360 Architecture, Multics, ... was (Re: X86 ultimate CISC? No.)
https://www.garlic.com/~lynn/2001.html#43 Life as a programmer--1960, 1965?
https://www.garlic.com/~lynn/2001b.html#25 what is interrupt mask register?
https://www.garlic.com/~lynn/2001c.html#13 LINUS for S/390
https://www.garlic.com/~lynn/2001d.html#70 Pentium 4 Prefetch engine?
https://www.garlic.com/~lynn/2001d.html#71 Pentium 4 Prefetch engine?
https://www.garlic.com/~lynn/2001e.html#44 Where are IBM z390 SPECint2000 results?
https://www.garlic.com/~lynn/2001e.html#47 Where are IBM z390 SPECint2000 results?
https://www.garlic.com/~lynn/2001h.html#8 VM: checking some myths.
https://www.garlic.com/~lynn/2001k.html#13 HP-UX will not be ported to Alpha (no surprise)exit
https://www.garlic.com/~lynn/2001k.html#14 HP-UX will not be ported to Alpha (no surprise)exit
https://www.garlic.com/~lynn/2001k.html#18 HP-UX will not be ported to Alpha (no surprise)exit
https://www.garlic.com/~lynn/2001l.html#32 mainframe question
https://www.garlic.com/~lynn/2001l.html#47 five-nines
https://www.garlic.com/~lynn/2001n.html#47 Sysplex Info
https://www.garlic.com/~lynn/2001n.html#85 The demise of compaq
https://www.garlic.com/~lynn/2002.html#24 Buffer overflow
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers,alt.history.future,rec.arts.sf.science,rec.arts.sf.written Date: Thu, 04 Apr 2002 20:04:38 GMT
Anne & Lynn Wheeler writes:
software process(es) ... the framkework quadmire
https://web.archive.org/web/20060831110450/http://www.software.org/quagmire/

related to software quality is availability ... recent thread (drift) in comp.arch:
https://www.garlic.com/~lynn/2002e.html#67 Blade architectures
https://www.garlic.com/~lynn/2002e.html#68 Blade architectures
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers,alt.history.future,rec.arts.sf.science,rec.arts.sf.written Date: Thu, 04 Apr 2002 20:11:26 GMT
Steinn Sigurdsson writes:
Hint - check his e-mail address!

also check list of members at
http://www.software.org/pub/memberaffiliate.asp
https://web.archive.org/web/20060106002548/http://www.software.org/pub/memberaffiliate.asp
also previous ref to
https://web.archive.org/web/20060831110450/http://www.software.org/quagmire/
something like 2167A could also increase development costs by order of magnitude with respect to run of the mill development.
the detail paper for the above ref'ed graph is at:
https://web.archive.org/web/20060425234703/http://www.software.org/quagmire/frampapr/
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Blade architectures
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blade architectures Newsgroups: comp.os.vms,comp.arch Date: Fri, 05 Apr 2002 20:22:48 GMT
"Bill Todd" writes:
About three years ago I had some enjoyable conversations with one of the HA/CMP DLM implementors. Though they wrote their code in 1993, he was unaware of significant advances in the DLM (such as dynamic mastery migration based on load and speed-ups in lock database rebuilding after a failure), even though the I&DS volume describing them had been published in 1991.

It would be nice to know more details about their internal implementation, but Clam never allowed them to publish.

My wife and I ran small skunkworks responsible for HA/CMP. I had done initial DLM prototype in the late '80s (in part based on discussions with various DBMS vendors). CLaM was under contract to do a lot of software development (it wasn't CLaM's choice about publishing &/or ownership). Both my wife and I left summer of '92 to go on and do other stuff.
The DBMS vendors that used/supported the HA/CMP DLM had description and it was fairly straight-forward stuff. I believe that these same DBMS vendors had been making the same suggestions for a number of years to the original makers.
One could conjecture once any faster implementation was available, that it would prompt similar work.
random refs:
https://www.garlic.com/~lynn/95.html#13 SSA
https://www.garlic.com/~lynn/aadsm5.htm#asrn2 Assurance, e-commece, and some x9.59 .... fyi
https://www.garlic.com/~lynn/2000f.html#30 OT?
https://www.garlic.com/~lynn/2001b.html#3 Power failure during write (was: Re: Disk drive behavior (again))
https://www.garlic.com/~lynn/2001e.html#4 Block oriented I/O over IP
https://www.garlic.com/~lynn/2002c.html#44 cp/67 (coss-post warning)
part of the semantics & requirements were based on these DBMS vendors having implementations already running on vax cluster and ease of porting that cluster implementation to an ha/cmp platform. however, that shouldn't be taken as the actual implementation was straight vax and/or that we hadn't worked on other cluster-type implementations prior to HA/CMP (including my wife having done a stint in POK responsible for loosely-coupled architecture).
random refs:
https://www.garlic.com/~lynn/94.html#16 Dual-ported disks?
https://www.garlic.com/~lynn/98.html#30 Drive letters
https://www.garlic.com/~lynn/98.html#35a Drive letters
https://www.garlic.com/~lynn/98.html#37 What is MVS/ESA?
https://www.garlic.com/~lynn/98.html#57 Reliability and SMPs
https://www.garlic.com/~lynn/99.html#71 High Availabilty on S/390
https://www.garlic.com/~lynn/99.html#77 Are mainframes relevant ??
https://www.garlic.com/~lynn/99.html#92 MVS vs HASP vs JES (was 2821)
https://www.garlic.com/~lynn/99.html#100 Why won't the AS/400 die? Or, It's 1999 why do I have to learn how to use
https://www.garlic.com/~lynn/99.html#128 Examples of non-relational databases
https://www.garlic.com/~lynn/2000.html#13 Computer of the century
https://www.garlic.com/~lynn/2000.html#78 Mainframe operating systems
https://www.garlic.com/~lynn/2000e.html#22 Is a VAX a mainframe?
https://www.garlic.com/~lynn/2000f.html#29 OT?
https://www.garlic.com/~lynn/2000f.html#30 OT?
https://www.garlic.com/~lynn/2000f.html#37 OT?
https://www.garlic.com/~lynn/2001b.html#73 7090 vs. 7094 etc.
https://www.garlic.com/~lynn/2001c.html#69 Wheeler and Wheeler
https://www.garlic.com/~lynn/2001d.html#70 Pentium 4 Prefetch engine?
https://www.garlic.com/~lynn/2001d.html#71 Pentium 4 Prefetch engine?
https://www.garlic.com/~lynn/2001e.html#2 Block oriented I/O over IP
https://www.garlic.com/~lynn/2001f.html#21 Theo Alkema
https://www.garlic.com/~lynn/2001g.html#44 The Alpha/IA64 Hybrid
https://www.garlic.com/~lynn/2001g.html#46 The Alpha/IA64 Hybrid
https://www.garlic.com/~lynn/2001g.html#49 Did AT&T offer Unix to Digital Equipment in the 70s?
https://www.garlic.com/~lynn/2001h.html#76 Other oddball IBM System 360's ?
https://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce
https://www.garlic.com/~lynn/2001j.html#23 OT - Internet Explorer V6.0
https://www.garlic.com/~lynn/2002b.html#37 Poor Man's clustering idea
https://www.garlic.com/~lynn/2002b.html#54 Computer Naming Conventions
https://www.garlic.com/~lynn/2002e.html#25 Crazy idea: has it been done?
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Digital certificate varification
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Digital certificate varification Newsgroups: sci.crypt Date: Sat, 06 Apr 2002 00:32:22 GMT
ashwood@msn.com (Joseph Ashwood) writes:
However there is a trust model that is designed specifically to deal with this problem. It works like this. You trust Verisign to issue certificates to the correct people, and to only the correct people. Verisign then issues a certificate to Alice. Since Verisign issued (and signed) the certificate, you can trust that Alice really is Alice.

certification authorities (CA) typically certify some information in conjunction with a public key. you supply a public key, some proof that you posses the corresponding private key and some claim.
if the claim is some email address belongs to you ... the CA could do some checking by exchanging some number of emails with the indicated email address ... and then certify ... yes indeed the email address you claim seems to be associated with you. when a certification authority believes it has done enuf checking corresponding to their published policies and practices ... then they sign a certificate that contains the supplied public key and the claimed information (which might be something like "abc@nospam.com" email address).
another scenario is the SSL domain name certificate. supposedly the purpose of this is some concern with the integrity of the domain name infrastructure and clients talking to the server they think they are talking to (basically compare the URL they typed in with the domain name in the supplied server certificate ... if the certificate validates and the domain names match ... then supposedly things are working).
note however, CAs typically are just certification agencies ... not the actual agencies responsible for the validity of the information that they are certifying. A CA will typically check with the authoritative agency responsible for the validity of the information as part of the certification process. A slight catch in this particular scenario is that the authoritative agency responsible for domain name information is the same domain name infrastructure that there are integrity concerns about. Some of the (possibly CA-originated) proposals to improve the integrity of the domain name infrastructure (so that CA's can trust the authoritative reference as to the owner of domain names, or more realisticly that others can trust the result of the CA's checking) ... seem to also lesson the need for SSL domain name certificates (i.e. removing various concerns regarding domain name infrastructure integrity).
https://www.garlic.com/~lynn/subpubkey.html#sslcerts SSL domain name server certificates
Now there has been some issue of identity certificates (like certifying an accurate and unique reference to a person's identity). Some of the largest numbers of people related certificates have been associated with financial institutions and financail transactions. In these scenarios there has been direction towards relying-party-only certificates ... the certificates don't actually contain any identity information at all (name, address, phone number, birth date, etc) but simply just an account number (and public key) because of numerous privacy and liability related issues.
These account number, relying-party-only certifcates are involved in various messages or transactions where there is some item (also containing the account number) that is signed and the item, the digital signature, and the certificate are packaged up and sent to the relying-party insitution. The relying-party then processes the item ... which includes reading the account record containing the original of the certificate (as well as the public key). In these scenarios it is trivial to show that the transport (and therefor the use) of the certificate is redundant and superfluous (just sending the item and digital signature is sufficient, since the public key can be obtained when the account record is read).
https://www.garlic.com/~lynn/subpubkey.html#privacy Identity, Privacy and Authentication
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Blade architectures
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blade architectures Newsgroups: comp.arch Date: Sat, 06 Apr 2002 03:23:51 GMT
lindahl@pbm.com (Greg Lindahl) writes:
Yes, but if I have a cluster of 4,096 systems... your estimate is high, I think. The raw error rate seemed high, it should be 1 in 10**15 or less.

typical mainframe RAS has detailed erep recording with daily, monthly, trend, etc. reports. there is industry service that collects such reports from installed customer base and reports aggregate and avgs.
after year of a particular new mainframe model ... the expectation was that there would be 3-5 total (channel input/ouput) errors across all installed machines for all customers for the full year (not 3-5 errors per day or week or month ... and not per machine ... but 3-5 total errors across all machines for period of year). i got contacted as part of process that was investigating whey there was a report of a total of 15 errors across all machines for a period of a year ... rather than the predicted 3-5 total errors across all machines for the year period (effectively a prediction based on having something better than 10**-15 ... something along the lines of 10**-18 or better).
random refs:
https://www.garlic.com/~lynn/94.html#24 CP spooling & programming technology
https://www.garlic.com/~lynn/96.html#27 Mainframes & Unix
https://www.garlic.com/~lynn/2000.html#22 Computer of the century
https://www.garlic.com/~lynn/2000.html#84 Ux's good points.
https://www.garlic.com/~lynn/2001k.html#18 HP-UX will not be ported to Alpha (no surprise)exit
https://www.garlic.com/~lynn/2001l.html#14 mainframe question
one might make the case that improved availability is at least partially do to better recording, monitoring and reporting ... as well as things like service level agreements aka SLA, IT shops being contractually held to specific availability standards (along with things like penalties for not meeting contractual specified service)
random refs:
https://www.garlic.com/~lynn/aadsm5.htm#asrn3 Assurance, e-commerce, and some x9.59 ... fyi
https://www.garlic.com/~lynn/2001e.html#48 Where are IBM z390 SPECint2000 results?
https://www.garlic.com/~lynn/2001n.html#85 The demise of compaq
https://www.garlic.com/~lynn/2002.html#28 Buffer overflow
https://www.garlic.com/~lynn/2002.html#29 Buffer overflow
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers Date: Sat, 06 Apr 2002 17:01:09 GMT
jmfbahciv writes:
Sure. They didn't need to buy five systems to service 10,000 accounts. And don't underestimate one mainframe on site. In the late 70s or early 80s, a study was done at DEC. I can't remember the exact percentage, but something like 70% of our profitable mini and peripheral business was with entities that happened to also have a mainframe. Nobody followed that study up to find out which came first, the mainframe or the other biz.

slightly related ... even more drift
https://www.garlic.com/~lynn/2001m.html#15 departmental servers
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
Computers in Science Fiction
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Computers in Science Fiction Newsgroups: alt.folklore.computers Date: Sat, 06 Apr 2002 17:45:11 GMT
Anne & Lynn Wheeler writes:
slightly related ... even more drift
https://www.garlic.com/~lynn/2001m.html#15 departmental servers

the 4341 had "ECPS" ... originally done on the 370/148. Basically, detailed kernel studies were done and code accounting for nearly 70 percent of kernel pathlength was "dropped" into microcode. Typically on the low-end and mid-range 370s, there was a 10-to-1 performance difference between the native microcode engine and 370 processing (i.e. the native microcode engine was executing an avg. of ten instructions for every 370 instruction). The implementation of major kernel pathlength in the microcode (with a 10:1 performance improvement) was in addition to the otherwise great 4341 price/performance.
4341 rain/rain4 comparison numbers:
https://www.garlic.com/~lynn/2000d.html#0 Is a VAX a mainframe?
The ECPS (and earlier VMA microcode work) eventually evolved into the full LPAR support seen on modern generation of mainframes. A large subset of the full virtual machine support has been dropped into microcode to the extent it is possible to configure a physical machine into a small number of distinct virtual machines (aka LPAR or Logical PARtitions) purefly with microcode configuration w/o requiring the operation of the full virtual machine operating system.
original 370/148 ecps work
https://www.garlic.com/~lynn/94.html#21 370 ECPS VM microcode assist
misc. ecps & lpar references
https://www.garlic.com/~lynn/94.html#27 370 ECPS VM microcode assist
https://www.garlic.com/~lynn/94.html#28 370 ECPS VM microcode assist
https://www.garlic.com/~lynn/98.html#45 Why can't more CPUs virtualize themselves?
https://www.garlic.com/~lynn/98.html#57 Reliability and SMPs
https://www.garlic.com/~lynn/99.html#191 Merced Processor Support at it again
https://www.garlic.com/~lynn/2000.html#8 Computer of the century
https://www.garlic.com/~lynn/2000.html#12 I'm overwhelmed
https://www.garlic.com/~lynn/2000.html#63 Mainframe operating systems
https://www.garlic.com/~lynn/2000.html#86 Ux's good points.
https://www.garlic.com/~lynn/2000b.html#50 VM (not VMS or Virtual Machine, the IBM sort)
https://www.garlic.com/~lynn/2000b.html#51 VM (not VMS or Virtual Machine, the IBM sort)
https://www.garlic.com/~lynn/2000b.html#52 VM (not VMS or Virtual Machine, the IBM sort)
https://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
https://www.garlic.com/~lynn/2000b.html#62 VM (not VMS or Virtual Machine, the IBM sort)
https://www.garlic.com/~lynn/2000c.html#8 IBM Linux
https://www.garlic.com/~lynn/2000c.html#50 Does the word "mainframe" still have a meaning?
https://www.garlic.com/~lynn/2000c.html#68 Does the word "mainframe" still have a meaning?
https://www.garlic.com/~lynn/2000c.html#76 Is a VAX a mainframe?
https://www.garlic.com/~lynn/2000e.html#6 Ridiculous
https://www.garlic.com/~lynn/2000f.html#78 TSS ancient history, was X86 ultimate CISC? designs)
https://www.garlic.com/~lynn/2000g.html#3 virtualizable 360, was TSS ancient history
https://www.garlic.com/~lynn/2000g.html#7 360/370 instruction cycle time
https://www.garlic.com/~lynn/2001.html#34 Competitors to SABRE?
https://www.garlic.com/~lynn/2001b.html#29 z900 and Virtual Machine Theory
https://www.garlic.com/~lynn/2001b.html#72 Z/90, S/390, 370/ESA (slightly off topic)
https://www.garlic.com/~lynn/2001b.html#83 Z/90, S/390, 370/ESA (slightly off topic)
https://www.garlic.com/~lynn/2001d.html#26 why the machine word size is in radix 8??
https://www.garlic.com/~lynn/2001d.html#54 VM & VSE news
https://www.garlic.com/~lynn/2001d.html#67 Pentium 4 Prefetch engine?
https://www.garlic.com/~lynn/2001e.html#5 SIMTICS
https://www.garlic.com/~lynn/2001e.html#61 Estimate JCL overhead
https://www.garlic.com/~lynn/2001e.html#73 CS instruction, when introducted ?
https://www.garlic.com/~lynn/2001f.html#17 Accounting systems ... still in use? (Do we still share?)
https://www.garlic.com/~lynn/2001f.html#23 MERT Operating System & Microkernels
https://www.garlic.com/~lynn/2001h.html#2 Alpha: an invitation to communicate
https://www.garlic.com/~lynn/2001h.html#33 D
https://www.garlic.com/~lynn/2001i.html#2 Most complex instructions (was Re: IBM 9020 FAA/ATC Systems from 1960's)
https://www.garlic.com/~lynn/2001i.html#3 Most complex instructions (was Re: IBM 9020 FAA/ATC Systems from 1960's)
https://www.garlic.com/~lynn/2001i.html#37 IBM OS Timeline?
https://www.garlic.com/~lynn/2001i.html#38 IBM OS Timeline?
https://www.garlic.com/~lynn/2001k.html#8 Minimalist design (was Re: Parity - why even or odd)
https://www.garlic.com/~lynn/2001k.html#65 SMP idea for the future
https://www.garlic.com/~lynn/2001l.html#24 mainframe question
https://www.garlic.com/~lynn/2001l.html#36 History
https://www.garlic.com/~lynn/2001m.html#38 CMS under MVS
https://www.garlic.com/~lynn/2001n.html#26 Open Architectures ?
https://www.garlic.com/~lynn/2001n.html#31 Hercules etc. IBM not just missing a great opportunity...
https://www.garlic.com/~lynn/2001n.html#32 Hercules etc. IBM not just missing a great opportunity...
https://www.garlic.com/~lynn/2001n.html#92 "blocking factors" (Was: Tapes)
https://www.garlic.com/~lynn/2002.html#14 index searching
https://www.garlic.com/~lynn/2002.html#52 Microcode?
https://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
https://www.garlic.com/~lynn/2002c.html#53 VAX, M68K complex instructions (was Re: Did Intel Bite Off More Than It Can Chew?)
https://www.garlic.com/~lynn/2002d.html#31 2 questions: diag 68 and calling convention
https://www.garlic.com/~lynn/2002e.html#25 Crazy idea: has it been done?
https://www.garlic.com/~lynn/2002e.html#62 Computers in Science Fiction
--
Anne & Lynn Wheeler | lynn@garlic.com, https://www.garlic.com/~lynn/
next, previous, index - home