From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blinkylights Newsgroups: alt.folklore.computers Date: Sun, 05 Oct 2008 19:21:32 -0400re:
oops, that first (illegal naked short selling) URL was supposed to be:
A Wikipedia Conspiracy and the Wall Street Meltdown
http://news.slashdot.org/news/08/10/05/201205.shtml
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: illegal naked short selling Newsgroups: alt.folklore.computers Date: Sun, 05 Oct 2008 20:39:08 -0400re:
posts from spring of 2007 mentioning reference to illegal naked short
selling
https://www.garlic.com/~lynn/2007j.html#74 IBM Unionization
https://www.garlic.com/~lynn/2007j.html#75 IBM Unionization
after running across reference similar to one mentioned in this post
https://www.garlic.com/~lynn/2008k.html#4 dollar coins
CRAMER REVEALS A BIT TOO MUCH
http://nypost.com/2007/03/20/cramer-reveals-a-bit-too-much/
talking about illegal naked short selling.
other posts ...
https://www.garlic.com/~lynn/2008k.html#1 dollar coins
https://www.garlic.com/~lynn/2008k.html#9 dollar coins
https://www.garlic.com/~lynn/2008k.html#25 IBM's 2Q2008 Earnings
https://www.garlic.com/~lynn/2008k.html#31 SEC bans illegal activity then permits it
https://www.garlic.com/~lynn/2008k.html#44 SEC bans illegal activity then permits it
https://www.garlic.com/~lynn/2008n.html#23 Michigan industry
https://www.garlic.com/~lynn/2008n.html#25 Blinkylights
https://www.garlic.com/~lynn/2008n.html#31 Blinkylights
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Credit Card Security Date: October 5, 2008 Blog: Financial Securityre:
and
http://www.linkedin.com/answers/finance-accounting/financial-regulation/FIN_FRG/333069-2064487
note that there was a rather large (POS) chipcard rollout in the
earlier part of this decade/century in NE US .... but it turned out to
be a yes card ... which may contribute to some of the
skepticism/reluctance ... misc. past posts mentioning
yes card
https://www.garlic.com/~lynn/subintegrity.html#yescard
about the same time there was a different, large chipcard deployment targeted for the online consumer pc (internet) market ... along with distribution of "free" serial-port card readers. there was enormous consumer installation problems with the serial-port reader (lots of BSOD and/or re-installs from scratch). The pervasiveness of the serial-port installation problems then contributed to effectively abandoning the effort and a rapidly growing opinion that chipcards weren't practical in the consumer PC market.
Some indepth postmortem analysis indicated that the problems were with the serial-port installation ... as opposed specifically with the chipcard operation (but it was too late to undo the spreading impression about chipcards not being practical in the consumer market).
Part of this demonstrated the adage about fleeting institutional knowledge. In the 95/96 timeframe, there were several presentations that a major motivation for online banking moving from the dedicated dialup operations of the 80s to the internet in the mid-90s was the significant support costs associated with dedicated serial-port modem installations. one bank, at the time, claimed that they were having to support over 60 different drivers as well as handle significant customer support calls. With move to internet ... this was all offloaded to ISPs which could amortize the support across all a consumer's online activity (and growing motivation to include support as part of original PC).
oh, and about the time of the rapidly spreading impression that
chipcards weren't practical in the consumer (home) pc market ... all
the activity associated with the EU FINREAD effort seemed to
evaporate.
https://www.garlic.com/~lynn/subintegrity.html#findread
And, as mentioned previously ... the x9a10 financial standard activity
was required to support ALL retail payments in the x9.59 financial
standard ... i.e. at least both POS and online/internet.
https://www.garlic.com/~lynn/x959.html#x959
past posts discussing serial-port (card reader) problem
https://www.garlic.com/~lynn/2002m.html#37 Convenient and secure eCommerce using POWF
https://www.garlic.com/~lynn/aadsm23.htm#43 Spring is here - that means Pressed Flowers
https://www.garlic.com/~lynn/aadsm23.htm#50 Status of SRP
https://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
https://www.garlic.com/~lynn/aadsm27.htm#58 On the downside of the MBA-equiped CSO
https://www.garlic.com/~lynn/2007n.html#60 Poll: oldest computer thing you still use
https://www.garlic.com/~lynn/2007n.html#65 Poll: oldest computer thing you still use
https://www.garlic.com/~lynn/2007n.html#66 Poll: oldest computer thing you still use
https://www.garlic.com/~lynn/2007n.html#75 Poll: oldest computer thing you still use
https://www.garlic.com/~lynn/2007n.html#78 Poll: oldest computer thing you still use
https://www.garlic.com/~lynn/2007u.html#11 Public Computers
https://www.garlic.com/~lynn/2008j.html#56 WoW security: now better than most banks
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: VMware Chief Says the OS Is History Newsgroups: alt.folklore.computers Date: Mon, 06 Oct 2008 08:35:33 -0400Steve O'Hara-Smith <steveo@eircom.net> writes:
Flexible Silicon Solar Cells; Thin but efficient solar cells use
one-tenth the silicon of conventional cells.
http://www.technologyreview.com/energy/21467/
from above:
Arrays of the cells have about a 12 percent efficiency. The Illinois
researchers increased the arrays' power output by about two and half
times by adding concentrators in the form of a layer of cylindrical
microlenses. The best solar cells on the market convert more than 20
percent of the sunlight that falls on them into energy.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Wachovia Bank web site Newsgroups: microsoft.public.security Date: Mon, 06 Oct 2008 10:19:44 -0400re:
recent article from this morning:
Browser Security UI: the horns of the dilemma
https://financialcryptography.com/mt/archives/001050.html
which references ("ISPs doing MITMs on their customers"):
http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html
and example:
http://www.sslshopper.com/article-phishing-with-ev-ssl-certificates.htm
in all this description ... CAs are actually "certification authorities" ... i.e. they are certifying information. Frequently this has been twisted to "certificate authorities" ... because of the frequent focus on selling digital certificates (which is just a representation of the information that they are certifying).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Houses Newsgroups: alt.folklore.computers Date: Mon, 06 Oct 2008 10:42:55 -0400D.J. <jollycamper72@cableone.net> writes:
we had various contracts for marketing information. one was a female that did a lot of subcontract work for dataquest (& then gartner after they purchased dataquest). one of the things she was very good at was surveys ... including telephone technology surveys.
she characterized a lot of the south (including texas) as having large percentage of "good ole boys" ... the amount of information extracted increased significantly when she adopted a "cheerleader" persona.
somewhat, in return i got a cameo role in a expensive marketing survey hired by the executive heading up the boca PC division. The contract called for a several hr (video taped) roundtable of the top dozen experts in silicon valley discussing the future of the PC business.
I cleared participation with our direct executive report ... and dataquest agreed to garble my introduction at the start of the round table.
misc. past references:
https://www.garlic.com/~lynn/2002k.html#55 Moore law
https://www.garlic.com/~lynn/2005t.html#21 What ever happened to Tandem and NonStop OS ?
https://www.garlic.com/~lynn/2007g.html#81 IBM to the PCM market
https://www.garlic.com/~lynn/2007h.html#0 The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2008d.html#60 more on (the new 40+ yr old) virtualization
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Houses Newsgroups: alt.folklore.computers Date: Mon, 06 Oct 2008 14:25:32 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
and for a real challenge ... we also had her do ha/cmp technology classes in tokyo.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Credit Card Security Date: October 6, 2008 Blog: Financial Securityre:
and some recent chipcard news ... somewhat along the lines of the yes card problems:
Oyster card hack details revealed
http://news.bbc.co.uk/1/hi/programmes/click_online/7655292.stm
Boffins (finally) publish hack for world's most popular smartcard
http://www.theregister.co.uk/2008/10/06/mifare_hack_finally_published
note that a lot of the EU chipcards grew out of the environment in the 80s when telecom was significantly more expensive than in the states. the EU chipcards weren't initially billed as a security issue ... but enabled doing offline transactions (usually referred to as "stored value" of one kind or another) and represented overall less expensive alternative to the high telco costs in europe.
in the early 90s, "magstripe" online "stored value" cards were introduced in the US ... since they were significantly less expensive than the EU alternative chipcards (a lot of these now show up as store brand cards and/or "gift" cards).
About the same time, EU also started to see a significant decline in telco costs (sometimes in conjunction with the proliferation of the internet) ... greatly changing the online/offline chipcard economic trade-off. A lot of the chipcard reaction was to try and increase the feature/function provided by chipcards (as part of justifying their expense). This also tended to further increase their costs ... as well as complexity (which tends to adversely impact integrity and security).
A possible alternative approach was to leverage online transactions and reduce the feature/function in the chipcard ... purely concentrating on addressing security (it is possible to aggressively reduce cost while increasing security via less complexity).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The end of the baby boomers, US bonds maturing, and then what? Date: October 6, 2008 Blog: Risk Managementsupposedly it increases the number of retirees by something like a factor of four times ... and the following generation is only a little over half as large ... that increases the ratio of retirees to workers by a factor of something like eight times.
there are several professions that are claiming that cutting their numbers in half has all sorts of far reaching effects.
An obvious case is health and medical profession specializing in geriatrics (since the ratio of patients to workers is also likely to change by factor of eight times)
A year or so ago, there was program that the number of oil field development projects were only possibly 2/3rds the expected level (given the demand) ... the explanation was that such projects take 7-8 yrs and with expected retirements, there weren't going to be enough experienced personal to complete more projects.
there are also claims that the following generation ... besides being only half as large, also has a lower avg education level (which seems to have been in downward slope for 30 some yrs) ... which implies that they will be much less competitive in a global economy.
some number of critical infrastructures were developed, built and supported by baby boomers. the retirement of those baby boomers is periodically listed as one of the top risks faced by those critical infrastructures.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Homebanking authentication methods: what's being used by your bank? Date: October 7, 2008 Blog: Information Securitythere are two parts ... the bank authenticating you and you authenticating the bank.
SSL has somewhat been seen as bank authentication ... but because of various deployment issues going back to the start, there are lots of short comings.
Browser Security UI: the horns of the dilemma
https://financialcryptography.com/mt/archives/001050.html
dynamic pages aren't really a countermeasure (for bank impersonation)
since it is actually easier for an attacker to mount a MITM-attack
than creating a bogus website with static pages (simple approach is to
take some form of proxy code and slightly modify it for purpose of
MITM-attacks) ... part of old thread discussing such MITM attacks
https://www.garlic.com/~lynn/aadsm26.htm#28 man in the middle, SSL
There have been all sorts of attempts to improve on client/customer authentication. Part of the problem is that "static" data is extremely subject to phishing (and MITM) attacks. Back in the 60s when i first started using passwords ... I only had a very few. Kindergarten 101 security requires a unique password for every unique security domain (as countermeasure against cross-domain attacks) ... but the proliferation in the number of such environments means that everybody has large scores or hundreds of "somthing you know" pin/password authentication (creating a huge security human factors problem with being able to keep them all straight).
An attempt was made to deploy hardware tokens/chipcards in the earlier part of this decade/century for the consumer home PC market. The problem was that part of the program also involved distributing serial-port card readers ... which resulted in enormous customer installation and support problems ("BSOD", reinstalls of system/machines from scratch, large number of customer calls). The magnitude of the problems basically resulted in abandoning the effort and a rapidly spreading opinion that chipcards weren't practical in the customer market segment.
In depth, after action studies attributed the problems to serial-port
installations but was too late to head off the rapidly spreading view
that chipcards weren't practical in the consumer market. It also seem
to contribute to EU FINREAD effort appearing to evaporate ... even
though many of the FINREAD readers weren't serial-port ... misc. past
posts mentioning EU FINREAD activity
https://www.garlic.com/~lynn/subintegrity.html#finread
This is an example of fleeting institutional knowledge. There were several presentations in the 95/96 timeframe about big factor in the move from the dial-up home banking programs from the 80s to the internet (even tho it was generally viewed as less secure). This issue was huge consumer support problems again with serial-port ... in this case for modems. Some institutions claimed that they had well over 60 different software drivers supporting in-house dial-in operations ... and also had huge consumer support issues with configuration problems. Migration to internet and online service providers ... eliminated all those costs for the individual institutions (being able to amortize across the whole consumer online experience and helping motivate support being incorporated as part of standard products)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Does anyone read the Greater IBM Connection Blog? Date: October 7, 2008 Blog: Greater IBMIn the late 70s and early 80s ... i got blamed for online computer conferencing on the internal network ... misc. past posts mentioning the internal network
which was larger than the arpanet/internet from just about the beginning until possibly summer of '85.
recent post to ibm-main (originated on bitnet ... unv. network from
the 80s ... using similar technology to that used for the internal
network)
https://www.garlic.com/~lynn/2008m.html#35 IBM THINK original equipment sign
above reference has picture of desk ornament commemorating 1000th node on the internal network (from 1983).
other archived stuff from greater ibm:
https://www.garlic.com/~lynn/2008j.html#74 Are we approaching a "tipping point" with regard to business travel?
https://www.garlic.com/~lynn/2008k.html#59 Happy 20th Birthday, AS/400
https://www.garlic.com/~lynn/2008m.html#88 Sustainable Web
https://www.garlic.com/~lynn/2008n.html#50 The Digital Dark Age or.....Will Google live for ever?
https://www.garlic.com/~lynn/2008n.html#60 Costing for IT Services
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Browser Security UI: the horns of the dilemma Date: October 8, 2008 10:29 AM Blog: Financial Cryptographyre:
My oft repeated comments were that we had signoff on the webserver to payment gateway ... but we couldn't dictate the webserver to browser .... and almost immediately, merchants found that SSL cut webserver thruput 85-95% and so they dropped back to just using SSL with a payment/checkout button.
so the latest in this
Google's Obfuscated TCP
http://it.slashdot.org/it/08/10/08/0025258.shtml
Obfuscated TCP
http://code.google.com/p/obstcp/
However, SSL was to address two issues
1) validating that the website you think you are talking to, is the website you are talking to
2) hide information
The big problem with conditioning endusers to clicking on buttons from unvalidated sources ... is the validating part is broken.
SSL required the end user understand the relationship between the webserver they thought they were talking to and the corresponding URL ... and then the browser SSL code provided the assurance between the URL and webserver they were talking to. With the checkout/pay paradigm button clicking (provided from a non-SSL validated source), the paradigm degenerated to the webserver is whatever webserver that it claimed to be (since an unvalidated source was providing the URL, not the enduser from validated source).
recent related threads:
https://www.garlic.com/~lynn/2008n.html#96 Wachovia Bank web site
https://www.garlic.com/~lynn/2008n.html#100 Wachovia Bank web site
https://www.garlic.com/~lynn/2008o.html#4 Wachovia Bank web site
https://www.garlic.com/~lynn/2008o.html#9 Homebanking authentication methods
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Wed, 08 Oct 2008 14:18:12 -0400it is not just the pres; congress approval numbers have been running about 1/3rd that of the pres.
Congressional Performance; Congressional Approval Falls to Single Digits
for First Time Ever
http://rasmussenreports.com/public_content/politics/mood_of_america/congressional_performance/congressional_performance
there have also been claims that recent congress had the lowest
attendance record in the history of the country ... and one of the
lowest legislative activity
https://www.garlic.com/~lynn/2007v.html#20 Education ranking
CSPAN on sunday had a guest that claimed that the financial industry had
contributed $250m to congress the session that repealed Glass-Steagall
... and the financial industry has contributed $2b to the current
congress (that recently passed the $700b bailout bill, with those voting
for the bill receiving an avg of 45percent more from the financial
industry, than those voting against) ... recent post
https://www.garlic.com/~lynn/2008n.html#99 Blinkylights
related:
https://www.garlic.com/~lynn/2008k.html#71 Cormpany sponsored insurance
https://www.garlic.com/~lynn/2008m.html#49 Taxes
https://www.garlic.com/~lynn/2008m.html#50 Taxes
https://www.garlic.com/~lynn/2008m.html#87 Fraud due to stupid failure to test for negative
repeatedly over the past several months, there have been statements "calling the bottom" to the current economic downturn (supposedly based on previous similar events). the current situation differentiates itself with so much institutional fabrication since 2001. there is danger that because of the confidence crisis (since there is such an enormous trust issue because of the pervasiveness of the fabrication), that things continue on down past 2001 reset point (including the housing market, financial institutions, as well as equity markets).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What risk of possible data leakage do you see for your organization? Date: October 9, 2008 Blog: Information SecurityIn the mid-90s we got involved in the X9A10 financial standard working of the financial infrastructure for *ALL* retail payments (credit, debit, stored-value, POS, face-to-face, internet, etc).
One of the interesting side-effects of the X9A10 financial standard working group being given the requirement to preserve the integrity of the financial infrastructure for all retail payments, which resulted in x9.59 standard
https://www.garlic.com/~lynn/x959.html#x959
... was besides the ALL obvious stuff, including POS and internet ... also had to be considered was things like metro transit gates.
As a part of that we developed a framework for security proportional to risk as parameterised risk management.
From basic 3-factor authentication ... lots of past posts
https://www.garlic.com/~lynn/subintegrity.html#3factor
The other part of the x9a10 financial working group *ALL* was framework for supporting a person-centric paradigm ... as opposed to strictly an "institutional-centric" paradigm (each institution issuing a card). This required that the same chipcard not only operate highly secure for one or more authentication factor x9.59 financial transactions (potentially even same chipcard with a large number different financial institutions accounts) ... but the same chipcard could be easily used for things like ISP internet login authentication and physical door access authentication (w/o requiring institutional loading/personalizing the chip).
Finally, the chip would be form-factor and transport agnostic (POS, transit, internet); the same chip-core would work with contact and contactless ... and also as embedded chip in things like PDAs and/or cellphone.
so, as part of meeting the X9A10 *ALL* requirement, frameworks for
recent related thread:
Credit Card Security
http://www.linkedin.com/answers/finance-accounting/financial-regulation/FIN_FRG/333069-2064487
and
https://www.garlic.com/~lynn/2008n.html#90 Credit Card Security
https://www.garlic.com/~lynn/2008o.html#2 Credit Card Security
https://www.garlic.com/~lynn/2008o.html#7 Credit Card Security
Another part of X9A10 effort was detailed, end-to-end, threat and vulnerability studies. Another aspect of security proportional to risk was that in much of the current paradigm, information from previous transactions (skimming, data breaches, security breaches, etc) can be used by crooks for fraudulent transactions. The issue is that the value of the information to the merchant is basically some percent of the profit from the transaction; however, the value of the information to the crook is the account balance &/or credit limit. This can mean that the crook can afford to outspend (attacking the system) the merchant (defending the system) by factor of 100 times. The scope of the problem is further compounded by some studies showing that up to 70percent of identity theft involves insiders.
X9.59 didn't do anything about preventing such information leakage, but it tweaked the paradigm so that the information was useless to the crooks (i.e. could no longer be used for fraudulent transactions). We periodically commented that in the current paradigm, even if the planet was buried under miles of information hiding encryption, it still wouldn't be able to prevent information leakage.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blinkylights Newsgroups: alt.folklore.computers Date: Thu, 09 Oct 2008 10:30:44 -0400related to ... long-winded, decade old post mentioning many of the current problems:
in the S&L crisis period, citibank "discovering" the risk in ARMs and then getting out of the mortgage market.
the following is analytics related as opposed to all the fiddling and fabrication that went on ...
http://www2.marketwire.com/mw/mmframe?prid=441535&attachid=850879
"In 1973, Wm. Mack Terry and his colleagues at the Bank of America in
San Francisco introduced the world's first matched maturity transfer
pricing system," added Dr. Donald R. van Deventer, Kamakura Chairman and
Chief Executive Officer. "Over the last 35 years, the concept has been
increasingly refined and modified to incorporate the best practice
calculations embedded in KRM Version 7.0. Best practice transfer pricing
calculations would have made it clear that neither Bear Stearns nor
Lehman Brothers had more than a marginal chance of survival when funding
30 year sub-prime mortgage loans with thirty day borrowings. Board
members can and should demand clarity of disclosure on the total risk of
an institution and the contribution of each business unit and
transaction to total risk. This capability is available now, and
Kamakura has been gratified that so many institutions have reached out
to Kamakura for best practice risk analytics during the current crisis."
... snip ...
past posts mentioning Kamakura:
https://www.garlic.com/~lynn/2007v.html#25 Newsweek article--baby boomers and computers
https://www.garlic.com/~lynn/2008.html#66 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008.html#70 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008b.html#12 Computer Science Education: Where Are the Software Engineers of Tomorrow?
https://www.garlic.com/~lynn/2008c.html#21 Toyota Sales for 2007 May Surpass GM
https://www.garlic.com/~lynn/2008c.html#87 Toyota Sales for 2007 May Surpass GM
https://www.garlic.com/~lynn/2008g.html#64 independent appraisers
https://www.garlic.com/~lynn/2008j.html#29 dollar coins
https://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
the stories are that even the best of analytics wouldn't have been able to head off the current problems ... because the books were being fiddled to allow extremely risky actions that appeared to boost the bottom line ... as means of inflating executive compensation.
misc. past references:
https://www.garlic.com/~lynn/2008f.html#76 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#52 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008h.html#42 The Return of Ada
https://www.garlic.com/~lynn/2008m.html#96 Blinkylights
https://www.garlic.com/~lynn/2008m.html#99 Blinkylights
https://www.garlic.com/~lynn/2008n.html#3 Blinkylights
https://www.garlic.com/~lynn/2008n.html#15 Blinkylights
https://www.garlic.com/~lynn/2008n.html#49 VMware Chief Says the OS Is History
https://www.garlic.com/~lynn/2008n.html#52 Technology and the current crisis
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
https://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008n.html#72 Why was Sarbanes-Oxley not good enough to sent alarms to the regulators about the situation arising today?
https://www.garlic.com/~lynn/2008n.html#78 Isn't it the Federal Reserve role to oversee the banking system??
https://www.garlic.com/~lynn/2008n.html#80 Why did Sox not prevent this financal crisis?
https://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Financial Crisis - the result of uncontrolled Innovation? Date: October 9, 2008 Blog: Organizational DevelopmentThe "problems" possibly are mostly
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
GAO has been doing database of corporate restatements. Basically financials are inflated, the bonuses taken on the inflated statements and possibly later the financials are restated ... but the bonuses aren't forfeited.
A lot of it is leveraging the lack of transparency as part of fiddling the books.
Toxic CDOs had been used two decades ago during the S&L crisis to obfuscate underlying values.
Getting triple-A rating on toxic CDOs allowed unregulated mortgage originators to continue funding their operations and unload all the mortgages they could possibly write ... w/o needing to pay any attention to loan quality. Then lots of institutions and retirement funds would snap up these supposedly "safe", triple-A rated toxic CDOs.
Speculators taking advantage of things like no-documentation, 1-2 percent intro, interest only mortgages ... basically could treat the home owner market like the unregulated 1920s stock market.
long-winded, decade old-post discussing many of the current problems,
including needing visibility in CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management and Information Security
note that the subprime loans (no-documentation, no-down, 1-2percent intro rate, possibly interest only payments) were supposedly for low-income, first time home buyers. However, studies are claiming that at least 61percent of such loans went to people that would have otherwise qualified for normal loans ... heavily suggesting speculators were taking advantage of the offerings. Also there have been huge price spike in segments of the home owner market not normally associated with low-income, first-time home buyers ... again suggesting heavy speculation activity.
Last spring there was a business school article that claimed something like 1000 executives are responsible for 80% of the current crisis ... and it would go a long ways towards fixing the problem if the gov. could figure how they could loose their job.
Example of fiddling financial statements was freddie in 2004 was fined $400m for $10b inflation in financial statements. The CEO was replaced ... but allowed to keep tens of (hundred?) millions. A few weeks ago, Warren Buffett said that he was largest stockholder in freddie in the 2000-2001, but got completely out because of their accounting practices.
article from today
Expert: Flawed corporate watchdog methods helped fuel economic crisis
http://www.news.uiuc.edu/news/08/1009corporations.html
another item/quote from today:
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings."
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Is Information Security driven by compliance?? Date: October 9, 2008 Blog: Information Securitywe had been asked to help wordsmith cal. state electronic signature legislation ... misc. past posts
some of the other participants were heavily into privacy issues and had done detailed, in-depth customer surveys. They found the top, number one issue was identity theft, and the 2nd was "denial of service" (by institutions and gov. using personal information).
A big part of identity theft was crooks acquiring information (data breaches and security breaches) and being able to perform fraudulent financial transactions ... which was getting little or no attention (little public connection between the breaches and the resulting fraud). This appeared to be the motivation for the cal. state breach notification legislation ... hoping the publicity would result in corrective actions.
Also, in the mid-90s we had been asked to participate in the x9a10
financial standard working group which had been given the requirement
to preserve the integrity of the financial infrastructure for all
retail payments ... which resulted in the x9.59 financial standard.
https://www.garlic.com/~lynn/x959.html#x959
Part of the effort involved, detailed, end-to-end, threat and vulnerability studies.
Part of the issue here (related to data breaches) was something from kindergarten security 101, security proportional to risk. Majority of the data breaches has involved financial transaction information. Part of the issue, is the value of the information to merchants is some percent of profit off the transaction; however the value of the information to the crooks is the account balance and/or credit limit. The result is that the crooks can frequently outspend the merchants by a factor of 100:1 attacking the system (as the merchants can afford spend on defending the system).
So part of x9.59 financial standard was to slightly tweak the paradigm and make the information useless to crooks (doing nothing to prevent the data breaches, but eliminating the motivation for the data breaches)
somewhat related answer to this question
Financial Crisis - the result of uncontrolled Innovation?
http://www.linkedin.com/answers/management/organizational-development/MGM_ODV/335924-10127581
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: what will be a wow feature in a credit card Date: October 9, 2008 Blog: Credit Card Professionalsin the mid-90s, we had been called in to work on the x9a10 financial standard working group which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments. this resulted in the x9.59 financial standard
a lot of this was making x9.59 payment method agnostic (credit, debit, stored-value) as well as format agnostic, extremely lightweight, very low power, very fast, and very high security (use for broad range of transactions values from very low to very high ... at POS, internet, and even transit turnstyle).
Part of this was somewhat creating a framework for security proportional to risk that we called parameterised risk management .... which included allowing the same operation to work with multiple different numbers of authentication factors.
From 3-factor authentication model ... lots of past posts
https://www.garlic.com/~lynn/subintegrity.html#3factor
Another part of this ALL requirement was framework to tweak the paradigm to allow person-centric operation ... as opposed to institutional-centric paradigm (where a person might get a unique hardware token from every institution that they had dealings with). This allows a person to have a single (or very few) hardware tokens that satisfies all authentication requirements for a broad range of different kinds of transactions and values.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest Date: October 9, 2008 Blog: Government PolicyOn sunday, CSPAN had guest on that said that the financial industry contributed $250m to congress in the session that repealed Glass-Steagall (Glass-Steagall had been passed in the wake of the '29 crash to keep the safety & soundness of regulated banking separate from highly risky, unregulated investment banking). PBS program going into some detail about the repeal:
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
and also that the financial industry contributed $2b to congress in the most recent session that saw the passage of the $700b bailout (supposedly those that voted for received 45percent more than those that voted against).
Much of the current problems is the lack of transparency and visibility allowing a lot of fiddling, fabrication and fudging the books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to obfuscate underlying values and sell stuff that otherwise wouldn't have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated mortgage originators to continue to fund their operations and also unload all the mortgages they could write w/o having to pay any attention to quality. There was little motivation not to write, no-documentation, ARMs with 1-2percent intro rates and interest only payments. Speculators could snap these up and basically treat the home owners market like the unregulated 1920s stock market.
Then there were a large number of institutions and retirement funds buying up these supposedly safe triple-A rated toxic CDOs.
and article from today:
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=212300096
but there is also the whole crisis & trust confidence in institutions ... in part because of the financial statement fiddling and restatements ... but also because of trust issues in rating services.
older article
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall street sucked out of the infrastructure as their reward for contributions to creating the current problem
two weeks ago one of the tv business news shows had a representative from one of the rating companies to discuss downgrades they were giving some companies. the host spent much of the show trying to get the guest to admit to being responsible for the crisis (because of all the triple-A ratings they had given toxic CDOs).
the triple-A rated toxic CDOs allowed enormous speculation in the home owner market ... plot avg home prices back to 1970 and avg home prices as a percent of avg salary also back to 1970s. Both plots show an enormous ugly speculation pimple/boil starting earlier in this decade that is only about half-way deflated. Nominally the deflation of the ugly speculation pimple/boil would reset back to 2001 level. However the loss of confidence in so many institutions might continue the downward spiral past the 2001 reset point (the crisis confidence is also evident in credit and equity markets)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What's your view of current global financial / economical situation? Date: October 9, 2008 Blog: EconomicsOn sunday, CSPAN had guest on that said that the financial industry contributed $250m to congress in the session that repealed Glass-Steagall (Glass-Steagall had been passed in the wake of the '29 crash to keep the safety & soundness of regulated banking separate from highly risky, unregulated investment banking). PBS program going into some detail about the repeal:
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
and also that the financial industry contributed $2b to congress in the most recent session that saw the passage of the $700b bailout (supposedly those that voted for received 45percent more than those that voted against).
Much of the current problems is the lack of transparency and visibility allowing a lot of fiddling, fabrication and fudging the books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to obfuscate underlying values and sell stuff that otherwise wouldn't have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated mortgage originators to continue to fund their operations and also unload all the mortgages they could write w/o having to pay any attention to quality. There was little motivation not to write, no-documentation, ARMs with 1-2percent intro rates and interest only payments. On the home owner market side of these triple-A rated, toxic CDOs, Speculators could snap these up and basically treat the home owners market like the unregulated 1920s stock market.
On the other side of these triple-A rated, toxic CDOs, there were a large number of institutions and retirement funds buying up these supposedly safe triple-A rated toxic CDOs.
Long-winded, decade old post discussing many of the current problems,
including need for visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management and Information Security
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Is the Credit Cruch a boost for Virtualization? Date: October 9, 2008 Blog: Enterprise SoftwareFor the past 20 yrs or so there has been increasing leveraging of dedicated computers for specific applications. The hardware (and other related) costs were trade-off against expensive and scarce human expertise that would have required getting a large number of different applications to gracefully co-exist on a single computer. After 20 yrs of this approach, there are massive numbers of installed computers running at 5-10 percent utilization.
This has created an enormous opportunity to leverage racks, grid, and virtualization to frequently achieve 10:1 consolidation in the total number of computers (and in some cases, 10:1 consolidation in the number of an institution's datacenters). Virtualization allows for significant consolidation with little or none of the scarce expertise that would have been required using more traditional consolidation technologies.
This is also a "green" play ... representing a corresponding significant reduction in power & cooling (in addition to cost savings).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old XDS Sigma stuff Newsgroups: alt.folklore.computers Date: Thu, 09 Oct 2008 13:57:54 -0400Al Kossow <aek@spies.com> writes:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What risk of possible data leakage do you see for your organization? Date: October 9, 2008 Blog: Information Securityre:
recent study ... another take on the "inside" scenario:
Study: 80% of Organizations Suffer Breaches, Most From the Inside
http://www.darkreading.com/document.asp?doc_id=165612
Majority of the data breaches that are making the press, have been the kind involving financial transaction information that crooks can use to make fraudulent transactions.
Another aspect of the X9A10 financial standard, in-depth, end-to-end, threat and vulnerability study was the dual-use nature of the breached information. The transaction information is needed for executing the transaction and a variety of ancillary of business processes, but also contains the information crooks leverage for performing fraudulent transactions. As a result, there are diametrically opposing, dual-use security requirements .... on the one hand, the information has to be generally available for all the business processes ... and on the other hand the information must be kept completely confidential and never divulged (nominally not even presenting the information in order to perform a transaction).
The diametrically opposing security requirements has led us to periodically observe that even if the planet was buried under miles of information hiding encryption, it still wouldn't be able to stop the information leakage.
This also part of the paradigm tweaking done in the x9.59 protocol
... to eliminate the dual-use nature of the information (and also
eliminate the motivation for the majority of the breaches).
https://www.garlic.com/~lynn/x959.html#x959
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old XDS Sigma stuff Newsgroups: alt.folklore.computers Date: Thu, 09 Oct 2008 15:11:52 -0400Al Kossow <aek@spies.com> writes:
CERN had made a presentation at SHARE circa 1974 on competitive analysis of TSO and vm370/cms. Internally, copies of the report were classified "confidential - restricted" ... basically available on a need-to-know basis only ... so as to limit the information to employees (about how badly TSO compared).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Nonviolent Activists Are Now Terrorists Newsgroups: alt.folklore.computers Date: Thu, 09 Oct 2008 15:34:49 -0400Nonviolent Activists Are Now Terrorists
we've constantly heard the same refrain over the yrs trying to apply RDBMS technology to real-world information.
I've often claimed that original relational/sql implementation System/R
... misc past posts
https://www.garlic.com/~lynn/submain.html#systemr
had effectively made performance trade-offs ... for silver bullet application ... financial transaction processing. Basically account record with prestructured and uniform, homogeneous information regarding all the entries (significantly reduced per account record processing ... if it could be assumed that all information about each entry was uniform).
there is also frequently a significant upfront effort to come-up with some sort of semi-generalized uniform definitions for the tables ... which then frequently also requires enormous justification to change &/or add-to the table structure definitions (with frequent quotes of 18m-36m elapsed time cycle for such efforts).
The stronger implication is that all sorts of valuable information may get contorted and/or discarded because the original effort hadn't anticipated all possible future cases.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What are the Black Swans for IT Security? Date: October 9, 2008 Blog: Information SecurityNonviolent Activists Are Now Terrorists
we've constantly heard the same refrain over the yrs trying to apply RDBMS technology to real-world information.
I've often claimed that original relational/sql implementation
System/R ... misc past posts
https://www.garlic.com/~lynn/submain.html#systemr
had effectively made performance trade-offs ... for silver bullet application ... financial transaction processing. Basically account record with prestructure and uniform, homogeneous information regarding all the entries (significantly reduced per account record processing ... if it could be assumed that all information about each entry was uniform).
there is also frequently a significant upfront effort to come-up with some sort of semi-generalized uniform definitions for the tables ... which then frequently also requires enormous justification to change &/or add-to the table structure definitions (with frequent quotes of 18m-36m elapsed time cycle for such efforts).
The stronger implication is that all sorts of valuable information may get contorted and/or discarded because the original effort hadn't anticipated all possible future cases.
At the same time I was involved in doing some of the System/R
implementation ... I also got involved in doing a similar kind of
implementation which didn't require the uniformity and
prestructuring. In recent yrs, I've gone thru several
re-implementations from scratch and have used it for a number of
things like my RFC index
https://www.garlic.com/~lynn/rfcietff.htm
and various merged glossaries and taxonomies
https://www.garlic.com/~lynn/index.html#glosnote
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis? Date: October 10, 2008 Blog: Financial RegulationMuch of the current problems is the lack of transparency and visibility allowing a lot of fiddling, fabrication and fudging the books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to obfuscate underlying values and sell stuff that otherwise wouldn't have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated mortgage originators to continue to fund their operations and also unload all the mortgages they could write w/o having to pay any attention to quality. There was little motivation not to write, no-documentation, no down payment ARMs with 1-2percent intro rates and interest only payments. Speculators could snap these up and basically treat the home owners market like the unregulated 1920s stock market.
Then there were a large number of institutions and retirement funds buying up these supposedly safe triple-A rated toxic CDOs.
Previously, home owner market was indirectly regulated, mortgages were originated by regulated institutions that kept the mortgages on their books ... so there was significant motivation to pay attention to mortgage quality.
Long-winded, decade old post discussing many of the current problems,
including need for visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm
Last spring there was a business school article that claimed something like 1000 executives are responsible for 80% of the current crisis ... and it would go a long ways towards fixing the problem if the gov. could figure how they could loose their job.
GAO has been doing database of increasing number of financial restatements. Basically the financials are fiddled in a number of ways to inflate them and executives get bonuses on the inflated financials. Later, the financials may be restated but the bonuses aren't forfeited.
Example of fiddling financial statements, freddie in 2004 was fined $400m for $10b inflation in financial statements. The CEO was replaced ... but allowed to keep tens of (hundred?) millions. A few weeks ago, Warren Buffett said that he was largest stockholder in freddie in 2000-2001, but got completely out because of their accounting practices.
article from yesterday:
Expert: Flawed corporate watchdog methods helped fuel economic crisis
http://www.news.uiuc.edu/news/08/1009corporations.html
and different item/quote from yesterday:
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.."
... snip ...
and article from today:
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=212300096
but there is also the whole crisis & trust confidence in institutions ... in part because of the financial statement fiddling and restatements ... but also because of trust issues in rating services.
two weeks ago one of the tv business news shows had a representative from one of the rating companies to discuss downgrades they were giving some companies. the host spent much of the show trying to get the guest to admit to being responsible for the crisis (because of all the triple-A ratings they had given toxic CDOs).
another article
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall street sucked out of the infrastructure as their reward for contributions to creating the current problem
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blinkylights Newsgroups: alt.folklore.computers Date: Fri, 10 Oct 2008 10:16:29 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
from today:
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=212300096
but there is also the whole crisis & trust confidence in institutions ... in part because of the financial statement fiddling and restatements ... but also because of trust issues in rating services.
past posts mentioning GAO database of increasing number of financial
restatements (basically various fiddling to inflate financials to inflate
executive bonuses, later financials may be restated but bonuses
not forfeited)
https://www.garlic.com/~lynn/2008j.html#64 lack of information accuracy
https://www.garlic.com/~lynn/2008k.html#20 IBM's 2Q2008 Earnings
https://www.garlic.com/~lynn/2008n.html#2 Blinkylights
https://www.garlic.com/~lynn/2008n.html#28 Blinkylights
https://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008n.html#72 Why was Sarbanes-Oxley not good enough to sent alarms to the regulators about the situation arising today?
https://www.garlic.com/~lynn/2008n.html#74 Why can't we analyze the risks involved in mortgage-backed securities?
https://www.garlic.com/~lynn/2008n.html#80 Why did Sox not prevent this financal crisis?
https://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
https://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Does anyone get the idea that those responsible for containing this finanical crisis are doing too much? Date: October 11, 2008 Blog: EconomicsLast sunday, CSPAN had guest on that said that the financial industry contributed $250m to congress in the session that repealed Glass-Steagall (Glass-Steagall had been passed in the wake of the '29 crash to keep the safety & soundness of regulated banking separate from highly risky, unregulated investment banking). PBS program going into some detail about the repeal:
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
and also that the financial industry contributed $2b to congress in the most recent session that saw the passage of the $700b bailout (supposedly those that voted for received 45percent more than those that voted against).
Much of the current problems is the lack of transparency and visibility allowing a lot of fiddling, fabrication and fudging the books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to obfuscate underlying values and sell stuff that otherwise wouldn't have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated mortgage originators to continue to fund their operations and also unload all the mortgages they could write w/o having to pay any attention to quality. There was little motivation not to write, no-documentation, no down payment ARMs with 1-2percent intro rates and interest only payments. Speculators could snap these up and basically treat the home owners market like the unregulated 1920s stock market.
Then there were a large number of institutions and retirement funds buying up these supposedly safe triple-A rated toxic CDOs.
Previously, home owner market was somewhat indirectly regulated, mortgages were originated by regulated institutions that kept the mortgages on their books ... so there was significant motivation to pay attention to mortgage quality.
Plot avg. home prices back to 1970 as well as avg. home prices as percent of avg. salary ... there is a unique ugly speculation pimple/boil inflating in the early part of this decade ... which has only about half-way deflated. The ugly speculation pimple/boil also contributed to significant over building, the over supply may result in downward spiral continuing down past the 2001 reset point.
Long-winded, decade old post discussing many of the current problems,
including need for visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm
Last spring there was a business school article that claimed something like 1000 executives are responsible for 80% of the current crisis ... and it would go a long ways towards fixing the problem if the gov. could figure how they could loose their job.
GAO has been doing database of increasing number of financial restatements. Basically the financials are fiddled in a number of ways to inflate them and executives get bonuses on the inflated financials. Later, the financials may be restated but the bonuses aren't forfeited.
Example of fiddling financial statements, freddie in 2004 was fined $400m for $10b inflation in financial statements (in spite of SOX). The CEO was replaced ... but allowed to keep tens of (hundred?) millions. A few weeks ago, Warren Buffett said that he was largest stockholder in freddie in 2000-2001, but got completely out because of their accounting practices.
recent article
Expert: Flawed corporate watchdog methods helped fuel economic crisis
http://www.news.uiuc.edu/news/08/1009corporations.html
... and recent quote (from different source):
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.."
... snip ...
Is this akin to Cal. electrical power crisis buying electricity on "spot" market and no provisions for long-term infrastructure investment?
and more recent article
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=212300096
but there is also the whole crisis & trust confidence in institutions ... in part because of the financial statement fiddling and restatements ... but also because of trust issues in rating services.
a couple weeks ago one of the tv business news shows had a representative from one of the rating companies to discuss downgrades they were giving some companies. the host spent much of the show trying to get the guest to admit being responsible for the crisis (because of all the triple-A ratings they had given toxic CDOs).
older article from last spring:
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall street sucked out of the infrastructure as reward for their contribution creating the current crisis
so there was wide spread systemic greed in several parts of the infrastructure that had disastrous interaction.
there is some character of a "Winnie-the-Pooh" metaphor in all this ... basically pooh bear disavows all responsibility for irrational behavior around honey ... explaining that he is a bear of no brain at all.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Signposts on the US Government's Trail of IT Failures Newsgroups: alt.folklore.computers Date: Sat, 11 Oct 2008 14:56:07 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
Signposts on the US Government's Trail of IT Failures
http://www.ecommercetimes.com/story/must-read/64704.html
from above:
Why can't the U.S. government get its IT shop in order? A look at some
of the reasons large IT projects fail in the private sector goes a long
way toward explaining what may be causing so many government-funded
undertakings to go south
... snip ...
and recent item for different topic drift:
Asia trumping US on science R&D; Federal funding for research has been
falling in real terms. Is the nation's economic edge at stake?
http://features.csmonitor.com/innovation/2008/10/09/asia-trumping-us-on-science-rd/
misc. past posts mentioning modernization/re-engineering IT efforts
w/problems
https://www.garlic.com/~lynn/2002g.html#16 Why are Mainframe Computers really still in use at all?
https://www.garlic.com/~lynn/2003m.html#13 Cost of patching "unsustainable"
https://www.garlic.com/~lynn/2004l.html#49 "Perfect" or "Provable" security both crypto and non-crypto?
https://www.garlic.com/~lynn/2005.html#37 [OT?] FBI Virtual Case File is even possible?
https://www.garlic.com/~lynn/2005.html#48 [OT?] FBI Virtual Case File is even possible?
https://www.garlic.com/~lynn/2005b.html#3 [OT?] FBI Virtual Case File is even possible?
https://www.garlic.com/~lynn/2005c.html#17 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005h.html#13 Today's mainframe--anything to new?
https://www.garlic.com/~lynn/2005j.html#13 Performance and Capacity Planning
https://www.garlic.com/~lynn/2006o.html#9 Pa Tpk spends $30 million for "Duet" system; but benefits are unknown
https://www.garlic.com/~lynn/2007e.html#52 US Air computers delay psgrs
https://www.garlic.com/~lynn/2007i.html#38 John W. Backus, 82, Fortran developer, dies (Actually, Working under the table!)
https://www.garlic.com/~lynn/2007o.html#18 Flying Was: Fission products
https://www.garlic.com/~lynn/2007o.html#23 Outsourcing loosing steam?
https://www.garlic.com/~lynn/2007o.html#43 Flying Was: Fission products
https://www.garlic.com/~lynn/2007u.html#19 Distributed Computing
https://www.garlic.com/~lynn/2008h.html#6 The Return of Ada
https://www.garlic.com/~lynn/2008h.html#50 Microsoft versus Digital Equipment Corporation
https://www.garlic.com/~lynn/2008m.html#41 IBM--disposition of clock business
https://www.garlic.com/~lynn/2008m.html#45 IBM--disposition of clock business
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Signposts on the US Government's Trail of IT Failures Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 09:04:46 -0400jmfbahciv <jmfbahciv@aol> writes:
at least boyd managed to undo some of that (for f15 & f18) as well as do
an alternate (f16). .. misc. past boyd posts
https://www.garlic.com/~lynn/subboyd.html#boyd
and then was involved in f20 ... larger numbers of less expensive f20
that were much less complicated and required much less service per hrs
flown ... met the requirement more often than small numbers of much more
complicated f16s. misc. past posts/threads mentioning f20:
https://www.garlic.com/~lynn/94.html#8 scheduling & dynamic adaptive ... long posting warning
https://www.garlic.com/~lynn/2002c.html#14 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002d.html#1 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002d.html#2 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2004g.html#4 Infiniband - practicalities for small clusters
https://www.garlic.com/~lynn/2004n.html#27 Shipwrecks
https://www.garlic.com/~lynn/2005d.html#45 Thou shalt have no other gods before the ANSI C standard
https://www.garlic.com/~lynn/2006g.html#13 News Release
https://www.garlic.com/~lynn/2006n.html#43 MTS, Emacs, and... WYLBUR?
https://www.garlic.com/~lynn/2007i.html#3 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#4 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#6 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#7 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#8 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#10 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007i.html#25 Latest Principles of Operation
https://www.garlic.com/~lynn/2007o.html#40 EZPass: Yes, Big Brother IS Watching You!
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 09:35:58 -0400jmfbahciv <jmfbahciv@aol> writes:
nominally subprime were targeted at low-income 1st time home owners ... however, no-documentation, no-down ARMs with low 1-2 percent intro rate and possibly interest only payments were snapped up by speculators ... one study found 61% of subprime loans went to those that would otherwise qualify for normal loan.
the speculators caused huge inflation in home market prices ... in segments of the market that you wouldn't find low-income, first time home owners. plot avg home prices as well as avg home prices as percent of avg income back to 70s. current is unique, ugly, speculation pimple/boil starting in earlier part of this decade and has only been about halfway deflated. the enormous speculation also caused over building (speculation creating appearance that demand was much greater than actually existed). the resulting oversupply further depresses market and may result in downard spiral of prices to continue past 2001 reset point.
then there is the significant systemic greed and interactions with other parts of the infrastructure.
quote cited from
https://www.garlic.com/~lynn/2008o.html#14 Blinkylights
https://www.garlic.com/~lynn/2008o.html#27 Blinkylights
Best practice transfer pricing calculations would have made it clear
than neither Bear Stearns nor Lehman Brothers had more than a marginal
change of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
... snip ...
and then systemic interaction with credit freezing up
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=212300096
but there is also the whole crisis & trust confidence in institutions ... in part because of the financial statement fiddling and restatements ... but also because of trust issues in rating services ... especially with a lot of institutions and retirement funds "snapping" up the supposedly safe, triple-A rated toxic CDOs.
GAO has been doing database of increasing number of financial restatements (in spite of SOX). Basically the financials are fiddled in a number of ways to inflate them and executives get bonuses on the inflated financials. Later, the financials may be restated but the bonuses aren't forfeited.
The home owner market would nominally be somewhat indirectly regulated because regulated banks would be making loans from deposits and would keep them on the books. The number of subprime loans that they would nominally be able to make would be limited by the regulators (somewhat like limit on CRA funds).
However, unregulated mortgage originators could leverage the triple-A rating on toxic CDOS to fund their operations and provide subprime loans to any and all comers w/o regard to qualifications (subprime loans having huge demand with speculators planning on flipping the property before the rate reset).
a couple weeks ago one of the tv business news shows had a representative from one of the rating companies to discuss downgrades they were giving some companies. the host spent much of the show trying to get the guest to admit to being responsible for the crisis (because of all the triple-A ratings they had given toxic CDOs).
a business school article from last spring estimated that 1000 executives are responsible for 80percent of the current crisis and that it would go a long way towards fixing the problem if the government could figure out how they could loose their jobs.
another article from last spring:
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall street sucked out of the infrastructure as reward for their contribution creating the current crisis
so there was wide spread systemic greed in several parts of the infrastructure that had disastrous interaction.
there is some character of a "Winnie-the-Pooh" metaphor in all this ... basically pooh bear disavows all responsibility for irrational behavior around honey ... explaining that he is a bear of no brain at all.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: How much is 700 Billion Dollars?? Date: October 12, 2008 Blog: Risk Managementfrom last spring ...
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall street sucked out of the infrastructure as reward for their contribution creating the current crisis
a little topic drift ...
Asia trumping US on science R&D; Federal funding for research has
been falling in real terms. Is the nation's economic edge at stake?
http://features.csmonitor.com/innovation/2008/10/09/asia-trumping-us-on-science-rd/
longer recent/related answer
Does anyone get the idea that those responsible for containing this
finanical crisis are doing too much?
http://www.linkedin.com/answers/finance-accounting/economics/FIN_ECO/340229-20738879
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Signposts on the US Government's Trail of IT Failures Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 11:32:04 -0400krw <krw@att.bizzzzzzzzzz> writes:
F15 & F18 started out similarly ... and Boyd significantly improved
old reference ... quoting biographies, boyd getting the f15 weight cut in half
https://www.garlic.com/~lynn/2003h.html#57 employee motivation & executive compensation
one of the tactics boyd used was drawing comparisons with the f111
... past thread
https://www.garlic.com/~lynn/2007h.html#68 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007h.html#69 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007h.html#70 John W. Backus, 82, Fortran developer, dies
as in the above thread, F14 was done prior to boyd's e-m theory of maneuverability
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 12:51:42 -0400re:
and
Does anyone get the idea that those responsible for containing this
finanical crisis are doing too much?
http://www.linkedin.com/answers/finance-accounting/economics/FIN_ECO/340229-20738879
https://www.garlic.com/~lynn/2008o.html#28
from today, somewhat more computer related:
The Rise of the (Financial) Machines
http://news.slashdot.org/news/08/10/12/1146231.shtml
from above:
Somehow the genius quants -- the best and brightest geeks Wall Street
firms could buy -- fed $1 trillion in subprime mortgage debt into their
supercomputers, added some derivatives, massaged the arrangements with
computer algorithms and -- poof! -- created $62 trillion in imaginary
wealth.
... snip ...
This assumes that they weren't just trying to purposefully obfuscate what was going on, i.e.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
The reports are that the recent Lehman CDS auction, after net settlement there is less than 2percent actually changes hands (i.e. they sold each other large numbers of CDS that net'ed nearly to zero).
So do they get commissions for the CDS? ... significantly inflating bonuses is motivation for fiddling books; Commissions would be motivation for the large number of CDS sold (which would put it somewhat in the same league as stock transaction churn ... i.e. trades purely for the purpose of increasing commissions).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 16:28:46 -0400so this claims there was only about $1 trillion in actual subprime
past posts reference study that found 61 percent of subprime loans
went to people that would qualify for normal loans. first order
approx. then is $390b went to owner-occupied, low-income, first time
owners. However, the study said number of loans ... not amount of
loans. low-income first time owner subprimes were at the low-end of
the home owner market ... not the speculation end where the huge ugly
pimple/boil price inflation happened. that means that possibly $100b
would be more than enuf to outright buy every owner-occupied,
low-income, first-time home owner, non-speculation subprime
mortgage. reference to $300b passed last summer to mitigate mortgages
in trouble:
https://www.garlic.com/~lynn/2008n.html#99 Blinkylights
so of the bailout $1.5trillion and counting ... $100b is possibly more than enuf to cover that underlying issue ... the rest is to cover the mess that wall street, public companies, speculators and financial institutions got themselves into.
there is the upenn business school article from last spring that mentions possibly 1000 executives are responsible for 80% of the current financial mess (and it would go a long way to fixing the mess if the gov. could figure out for them to loose their job).
and recent quote from last week:
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings."
... snip ...
I've mentioned the winnie-the-pooh metaphor, on the theory that claiming
bear with no brains at all ... absolves them of any responsibility;
misc. past posts:
https://www.garlic.com/~lynn/2008n.html#3 Blinkylights
https://www.garlic.com/~lynn/2008n.html#14 Blinkylights
https://www.garlic.com/~lynn/2008n.html#33 Blinkylights
https://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
https://www.garlic.com/~lynn/2008n.html#52 Technology and the current crisis
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#31 The human plague
another metaphor is the emperor's new clothes parable ... being
able to make $1trillion to appear like $62 trillion?
https://www.garlic.com/~lynn/2008o.html#34 The human plague
and
http://news.slashdot.org/news/08/10/12/1146231.shtml The Rise of the (Financial) Machines
http://www.nytimes.com/2008/10/12/opinion/12dooling.html?em The Rise of the Machines
from the above:
Somehow the genius quants -- the best and brightest geeks Wall Street
firms could buy -- fed $1 trillion in subprime mortgage debt into their
supercomputers, added some derivatives, massaged the arrangements with
computer algorithms and -- poof! -- created $62 trillion in imaginary
wealth
... snip ...
which references:
http://edge.org/3rd_culture/dysong08.1/dysong08.1_index.html Economic Dis-equilibrium
past reference to emperor's new clothes parable:
https://www.garlic.com/~lynn/2008j.html#20 dollar coins
https://www.garlic.com/~lynn/2008j.html#40 dollar coins
https://www.garlic.com/~lynn/2008j.html#60 dollar coins
https://www.garlic.com/~lynn/2008j.html#69 lack of information accuracy
https://www.garlic.com/~lynn/2008k.html#10 Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
https://www.garlic.com/~lynn/2008k.html#16 dollar coins
https://www.garlic.com/~lynn/2008k.html#27 dollar coins
https://www.garlic.com/~lynn/2008l.html#42 dollar coins
https://www.garlic.com/~lynn/2008m.html#4 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008m.html#12 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008m.html#99 Blinkylights
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: VMware Chief Says the OS Is History Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 17:00:30 -0400re:
"Black Silicon" Advances Imaging, Solar Energy
http://tech.slashdot.org/tech/08/10/12/1620212.shtml
SiOnyx Brings 'Black Silicon' into the Light; Material Could Upend
Solar, Imaging Industries Xconomy
http://www.xconomy.com/boston/2008/10/12/sionyx-brings-black-silicon-into-the-light-material-could-upend-solar-imaging-industries/
from above:
... they found that if they blasted the surface of a silicon wafer with
an incredibly brief pulse of laser energy in the presence of gaseous
sulfur and other dopants, the resulting material—which they called
"black silicon"—was much better at absorbing photons and releasing
electrons.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 21:35:09 -0400Carl Flippin <carlf@photocarl.org> writes:
lots of it involves highly risky unregulated investment banking. the idea behind them being unregulated would be that they would have the complete freedom to take any action they wanted to and be able to succeed or fail based on those actions (basically an economic survival of the fitest). basic, fundamental principle of the paradigm was that 1) they could take any risk they wanted to and 2) they would be allowed to fail.
there is a fundamental, argument going on frequently referred to as moral hazard ... allowing unlimited risky behavior with the consequence of failure ... but then not letting them actually fail ... will encourage worse and worse risky behavior.
because of a whole lot of systemic issues ... including the repeal of Glass-Steagall (Glass-Steagall had been passed in the wake of crash of '29 to keep the safety & soundness of regulated banking separate from the highly risky, unregulated investment banking). detailed discussion
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
Part of the issue is clearly delineate the risky investment banking activity from the safety & soundness of regulated banking and provide aid to bring those areas back to healthy operation (and allow the risky investment banking activity to succeed or fail on their own avoiding promoting ever increasing risky behavior and moral hazard).
Pumping money into the fissure w/o addressing the underlying systemic problems may actually accelerate overall infrastructure failure (i.e. indiscriminate pumping out money doesn't actually mean that it is doing anything to resolve the crisis).
This is claimed to better directly address the commercial paper credit crisis (only dealing with "safe & sound" regulated financial institutions):
Fed to buy commercial paper in bid to jump-start credit
http://www.breitbart.com/article.php?id=CNG.716df1deadc3c9e574febd0bf5c04483.331
http://www.breitbart.com/article.php?id=081007145358.da2mju5j&show_article=1
another scenario for not indiscriminately pumping money into the breach
Curing the Credit Crisis: A Better Alternative Plan
http://seekingalpha.com/article/97159-curing-the-credit-crisis-a-better-alternative-plan
above talks about not only lehman and bear-stearns
https://www.garlic.com/~lynn/2008o.html#14 Blinklights
https://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
https://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#27 Blinklights
playing long/short (w/marginal chance of survival) ... but also some
of the banks:
Not only did banks lend long to borrowers, banks borrowed short-term
CP money to buy collateralized residential and commercial
mortgage-backed securities for their own inventories or balance
sheets. Banks paid for these toxic assets by issuing commercial paper:
They thought it was a great borrow-short/lend-long spread play. But
when these short-term loans come due, they can't "roll" them over.
... snip ...
past posts mentioning moral hazard:
https://www.garlic.com/~lynn/2008g.html#64 independent appraisers
https://www.garlic.com/~lynn/2008j.html#71 lack of information accuracy
https://www.garlic.com/~lynn/2008j.html#76 lack of information accuracy
https://www.garlic.com/~lynn/2008k.html#16 dollar coins
https://www.garlic.com/~lynn/2008l.html#51 Monetary affairs on free reign, but the horse has Boulton'd
https://www.garlic.com/~lynn/2008l.html#67 dollar coins
https://www.garlic.com/~lynn/2008m.html#83 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008m.html#86 WSJ finds someone to blame.... be skeptical, and tell the WSJ to grow up
https://www.garlic.com/~lynn/2008n.html#0 Blinkylights
https://www.garlic.com/~lynn/2008n.html#3 Blinkylights
https://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Sun, 12 Oct 2008 22:08:23 -0400re:
hot off the press ... mentioned that in 87, wall street leaders stepped in and took action to help stock market
Wall Street Leaders Missing In Action
http://www.consumeraffairs.com/news04/2008/10/bailout14.html
but ...
In the current crisis, today's Wall Street leaders seem to be hiding,
some behind the restrictiveness of the Sarbanes Oxley Act and others
because they played a role in problem and are ashamed to be seen in
public.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Mon, 13 Oct 2008 09:10:24 -0400Morten Reistad <first@last.name> writes:
in the wake of the S&L crisis, one of the critisms was that in highly regulated, stable environment, there was no real requirement for competence to do the job, bankers could get by just performing their jobs by rote (and so much of the profession became populated by a large number of people that didn't really know what they were doing). when faced with new circumstances/conditions ... they didn't have the understanding to deal with it (somewhat economic surival of the fittest, where so many had grown up fat, dumb & happy). there is some relationship to our critism with the (then new) qualitative section nearly disappearing from original basel-ii draft. This is also somewhat references to the "winnie-the-pooh" metaphor.
besides the (triple-A rated) toxic mortgage-backed securities (fueled by
the rating agencies giving out all these triple-A ratings) ... there are
all these institutions playing unregulated, risky investment banks
(repeal of Glass-Steagall which was keeping the safety&soundness of
regulated banking separate from the risky unregulated investment
banking); there is the observation that lehman and bear-stearns only had
a marginal chance of survival playing the risky investment banking
long/short game
https://www.garlic.com/~lynn/2008o.html#14 Blinkylights
https://www.garlic.com/~lynn/2008o.html#27 Blinkylights
... but that also applies to a fair number of other financial institutions.
misc. past posts mentioning basel-ii qualitative:
https://www.garlic.com/~lynn/aadsm25.htm#14 Sarbanes-Oxley is what you get when you don't do FC
https://www.garlic.com/~lynn/aadsm28.htm#61 Is Basel 2 out...Basel 3 in?
https://www.garlic.com/~lynn/aadsm28.htm#66 Would the Basel Committee's announced enhancement of Basel II Framework and other steps have prevented the current global financial crisis had they been implemented years ago?
https://www.garlic.com/~lynn/2003k.html#41 An Understanding Database Theory
https://www.garlic.com/~lynn/2005k.html#23 More on garbage
https://www.garlic.com/~lynn/2005t.html#26 Dangerous Hardware
https://www.garlic.com/~lynn/2006u.html#22 AOS: The next big thing in data storage
https://www.garlic.com/~lynn/2007j.html#0 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2008.html#71 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008.html#78 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008n.html#15 Blinkylights
misc. past posts mentioning Wall Street Fix PBS program on repeal
of Glass-Steagall:
https://www.garlic.com/~lynn/2008f.html#13 independent appraisers
https://www.garlic.com/~lynn/2008f.html#46 independent appraisers
https://www.garlic.com/~lynn/2008f.html#71 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#97 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#2 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#51 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
https://www.garlic.com/~lynn/2008k.html#36 dollar coins
https://www.garlic.com/~lynn/2008k.html#41 dollar coins
https://www.garlic.com/~lynn/2008l.html#67 dollar coins
https://www.garlic.com/~lynn/2008l.html#70 dollar coins
https://www.garlic.com/~lynn/2008m.html#16 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008n.html#78 Isn't it the Federal Reserve role to oversee the banking system??
https://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
https://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
https://www.garlic.com/~lynn/2008o.html#19 What's your view of current global financial / economical situation?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#37 The human plague
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Signposts on the US Government's Trail of IT Failures Newsgroups: alt.folklore.computers Date: Mon, 13 Oct 2008 12:17:14 -0400t-bone@address.invalid (Stan Barr) writes:
most of the ID cards are by factions that start out the view that such things are profit ... and then compromises are made to reduce the costs ... but usually not in the area of profits ... frequently in the area of security (trying to preserve profit).
we approached it from the inception that it was costs ... in the mid-90s we made semi-facetious claims that we would take a $500 milspec part and aggresively cost reduce by 2-3 orders of magnitude at the same time increasing the integrity and security.
misc. related to aads chip strawman
https://www.garlic.com/~lynn/x959.html#aads
one of the other issues was that the "card" programs tended to be driven
by purely "card" myopic faction (possibly also as part of maximizing
card profit) ... which nominally failed to bother with detailed,
end-to-end, threat & vulnerability analysis (and where cards might
reasonably fit into overall infrastructure). one such was payment
infrastructure that started in europe in the mid-90s ... that managed to
create the yes card fraud opportunity (i.e. in one meeting somebody
made the comment that they managed to spend billions of dollars to prove
that chips are less secure than magstripe)
https://www.garlic.com/~lynn/subintegrity.html#yescard
there was one large deployment where the yes card vulnerability was explained and they interpreted it as a characteristic of the distributed cards ... and took action to modify some of the options on the distributed cards. However, that had absolutely no effect on the threat ... since it involved counterfeit cards "attacking" valid terminals (not attacks on valid cards).
one of the other problems, we had got on similar technology track that affected the EPS/UPS RFID chips (make chips smaller and less complex) ... but with (aads chip strawman) maximizing purposeful security characteristics (rather than purely least expensive as possible). a significant issue was that chip manufacturing costs are basically per wafer ... so cost per chip is number/yield of chips per wafer. wafers went from 8in to 12in ... to increase chips/wafer. circuits got smaller ... so chips (with same number of circuits) got smaller. the problem was that there was technology circuits/wafer bump for a period where the area for the slicing&dicing of the wafer started to exceed the chip area (for small chips). it took the introduction of new slicing&dicing technology ((that consumed much less wafer area) to get to the next major increment in chips/wafer.
misc. past posts mentioning slicing&dicing wafers:
https://www.garlic.com/~lynn/aadsm20.htm#21 Qualified Certificate Request
https://www.garlic.com/~lynn/aadsm24.htm#29 DDA cards may address the UK Chip&Pin woes
https://www.garlic.com/~lynn/aadsm24.htm#49 Crypto to defend chip IP: snake oil or good idea?
https://www.garlic.com/~lynn/2003i.html#29 electronic-ID and key-generation
https://www.garlic.com/~lynn/2003j.html#30 How is a smartcard created?
https://www.garlic.com/~lynn/2006.html#14 Would multi-core replace SMPs?
https://www.garlic.com/~lynn/2007l.html#13 My Dream PC -- Chip-Based
https://www.garlic.com/~lynn/2007m.html#27 nouns and adjectives
https://www.garlic.com/~lynn/2007m.html#31 nouns and adjectives
https://www.garlic.com/~lynn/2007q.html#34 what does xp do when system is copying
https://www.garlic.com/~lynn/2007q.html#35 what does xp do when system is copying
https://www.garlic.com/~lynn/2007u.html#70 folklore indeed
https://www.garlic.com/~lynn/2008i.html#61 Could you please name sources of information you trust on RFID and/or other Wireless technologies?
https://www.garlic.com/~lynn/2008j.html#44 What is "timesharing" (Re: OS X Finder windows vs terminal window weirdness)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Mon, 13 Oct 2008 13:37:44 -0400Morten Reistad <first@last.name> writes:
it was in large part gov. litigation that resulted in 23jan69 unbundling
announcement that started charging for application software, se
services, maintenance, etc. they did manage to make the case that kernel
software wasn't part of it.
https://www.garlic.com/~lynn/submain.html#unbundle
i had done tty/ascii terminal support at the univ for cp67. then
somewhat because the (2702) terminal controller wouldn't do exactly what
i wanted ... the univ. started a clone terminal controller project
... initially using interdata/3, reverse engineering the mainframe
channel interface ... and building a channel interface board for the
interdata/3. four of us got written up for being responsible for
initiating the clone controller business.
https://www.garlic.com/~lynn/submain.html#360pcm
later, in the 70s, the company started future system project:
https://www.garlic.com/~lynn/submain.html#futuresys
... in large part motivated by clone controller business, an old
quote in this recent post:
https://www.garlic.com/~lynn/2008d.html#16 more on (the new 40+ yr old) virtualization
the distraction of future system project contributed significantly to
letting clone processors get a foothold in the industry ... quotes
from fergus/morris book:
https://www.garlic.com/~lynn/2001f.html#33
in the wake of the future system project failure ... and the mad rush to get (hardware & software) products back into the 370 product pipeline ... contributed to picking up a lot of (370) stuff (for product release) that i had been doing all during the future system period.
some related old email about shipping product releases internally
during the period:
https://www.garlic.com/~lynn/2006v.html#email731212
https://www.garlic.com/~lynn/2006w.html#email750102
https://www.garlic.com/~lynn/2006w.html#email750430
however, the foothold by clone processors also contributed to change
policy and to start charging for kernel software ... and my resource
manager was selected as the guinea pig. as a result i had to spend quite
a bit of time with lawyers and business planning people regarding kernel
software charging policy and practices. misc. past posts related to
resource manager
https://www.garlic.com/~lynn/subtopic.html#fairshare
the internal network
https://www.garlic.com/~lynn/subnetwork.html#internalnet
(as well as virtual machines, gml, bunch of other stuff), originated at
the science center
https://www.garlic.com/~lynn/subtopic.html#545tech
and was larger than the internet/arpanet from just about the beginning
until possibly summer of 85. misc. old internal network related
email
https://www.garlic.com/~lynn/lhwemail.html#vnet
sjr finally put up a gateway between the internal network and csnet in
the fall of '82 ... old email ref:
https://www.garlic.com/~lynn/98.html#email821022
https://www.garlic.com/~lynn/internet.htm#email821022
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Mon, 13 Oct 2008 14:13:26 -0400Morten Reistad <first@last.name> writes:
funding 30yr ARM mortgage-backed toxic CDOs with 30day commercial paper
... implies that you were making the bet, not once ... but every 30
days. just about guaranteed that there is problem at some point
... Kamakura quote that there is no more than marginal chance of
survival (for the parties taking part, not just lehman and bear-stearns,
but also all the banks)
https://www.garlic.com/~lynn/2008o.html#14 Blinkylights
analogous scenario in long-winded, decade old post mentioning citibank
totally getting out of the mortgage business
https://www.garlic.com/~lynn/aepay3.htm#riskm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Tue, 14 Oct 2008 10:35:32 -0400jmfbahciv <jmfbahciv@aol> writes:
there was claim that freddie/fannie also didn't do toxic mortgages. that is one of the scenarios of CDOs and investment banking.
it use to be that home owner market was somewhat indirectly regulated because regulated financial institutions would make the loans using deposits and keep the loans on their books. this provided significant motivation to pay attention to loan quality (terms & conditions, borrowers ability to repay, etc).
with the repeal of Glass-Steagall (Glass-Steagall had been passed in the wake of the crash of '29 to keep the safety and soundness of regulated banking separate from the highly risky activity of unregulated investment banking).
now an investment banking unit of a regulated bank could buy triple-A rated highly toxic CDOs ... playing the long/short game ... using funds from issuing 30day commercial paper. Long time past history as well as kamakura financial modeling demonstrates that institutions playing such a long/short came have very little chance of surviving.
unregulated mortgage originators could leverage triple-A rated toxic CDOs to fund their operation and unload all the mortgages they could write (write a mortgage, sell it as part of a toxic CDO and have the funds to write more mortgages). The obfuscation of the triple-A rating and being able to unload any mortgage they could write, pretty much eliminates any motivation to having to pay attention to loan quality. Effectively there is now little motivation not to write no-documentation, no down payment 1-2 percent introductory rate ARMs with possibly interest only payments. Ideal for speculators that would snap them up like mad (buy $1m property, keep it for two yrs and sell for $1.3m, clear $300k, cost of 1% ARM for two yrs is $20k, figure a deal with real estate agent for $20k, net nearly 1000 percent profit).
speculators move in on the home owner market and treat it like the unregulated 1920s stock market. There is enormous ugly inflation pimple/boil in the home owners market ... also the speculation activity makes it look like there is significantly more demand than there actually is. The ugly speculation pimple/boil bursts and prices are deflating back to 2001 level ... and the over supply further depresses the market.
besides investment banking arms possibly playing long/short game with buying up triple-A rated toxic CDOs (using 30day commercial paper) ... banks are making construction loans to builders (as part of trying to meet the speculation demand). The builders start to default (on what would otherwise appear to be good loans) because the homes are taking much longer to sell. consumers have also been encouraged to take out 100 percent equity loans on grossly inflated home values.
A major cornerstone of the whole process is being able to unload mortgages w/o regard to quality as toxic CDOs (obfuscating underlying value) ... signficiantly further contributing factor is being able to get triple-A rating on those toxic CDOs.
The triple-A rated toxic CDOs, in turn enables huge numbers of mortgages for speculators being able to treat the home owners market like the unregulated 1920s stock market.
The ugly speculation demand pimple/boil results in overbuilding ... after the ugly pimple/boil bursts, the oversupply not only further depresses home prices (potentially past reset when the speculation started), it also contributes to defaults on other kinds of loans like construction loans.
Repeal of Glass-Steagall results in safety&soundness of regulated banks being contaminated by risk behavior of investment banking arms ... like playing the long/short game (with the corresponding marginal chance of surviving), buying triple-A rated toxic CDOs with 30 day commercial paper.
other recent posts in thread:
https://www.garlic.com/~lynn/2008o.html#12 The human plague
https://www.garlic.com/~lynn/2008o.html#31 The human plague
https://www.garlic.com/~lynn/2008o.html#34 The human plague
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008o.html#37 The human plague
https://www.garlic.com/~lynn/2008o.html#38 The human plague
https://www.garlic.com/~lynn/2008o.html#39 The human plague
https://www.garlic.com/~lynn/2008o.html#41 The human plague
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Tue, 14 Oct 2008 10:40:23 -0400jmfbahciv <jmfbahciv@aol> writes:
past references to PBS program discussing the Wall Street Fix repeal
of Glass-Steagall:
https://www.garlic.com/~lynn/2008f.html#13 independent appraisers
https://www.garlic.com/~lynn/2008f.html#46 independent appraisers
https://www.garlic.com/~lynn/2008f.html#71 Bush - place in history
https://www.garlic.com/~lynn/2008f.html#97 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#2 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#51 IBM CEO's remuneration last year ?
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
https://www.garlic.com/~lynn/2008k.html#36 dollar coins
https://www.garlic.com/~lynn/2008k.html#41 dollar coins
https://www.garlic.com/~lynn/2008l.html#67 dollar coins
https://www.garlic.com/~lynn/2008l.html#70 dollar coins
https://www.garlic.com/~lynn/2008m.html#16 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008n.html#78 Isn't it the Federal Reserve role to oversee the banking system??
https://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
https://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
https://www.garlic.com/~lynn/2008o.html#19 What's your view of current global financial / economical situation?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#37 The human plague
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The human plague Newsgroups: alt.folklore.computers Date: Tue, 14 Oct 2008 11:02:42 -0400re:
besides what ugly speculation pimple/boil and resulting burst ... did in general to home owner market ... and prospects of things like defaults on construction loans ... because the homes in the overbuilt market are taking longer to sell ... the ugly effects spreads out into lots of other areas.
municipalities are selling muni bonds (during the speculation pimple/boil) to fund services (water, sewer, etc) for new housing developments ... anticipating revenue from the real estate sales and taxes to cover the bond payments. with the burst in the ugly speculation pimple/boil ... all the anticipated tax revenue isn't materializing ... and there are huge pressures on all these muni bonds.
Also the contamination and loss of trust in the rating services ... associated with all the triple-A ratings given out to (morgage-backed) toxic CDOs ... froze up the bond market for a period ... creating a problem for all bonds ... including muni bonds. Warren Buffett stepped in to loosen up the muni bond market ... but municipalities were still having to pay more to fund the projects (in part because uncertainty and loss of trust in rating service) which would further exacerbate problems with lower than anticipated tax revenues.
some passed posts mentioning muni bonds:
https://www.garlic.com/~lynn/2008j.html#9 dollar coins
https://www.garlic.com/~lynn/2008j.html#20 dollar coins
https://www.garlic.com/~lynn/2008j.html#23 dollar coins
https://www.garlic.com/~lynn/2008k.html#16 dollar coins
https://www.garlic.com/~lynn/2008k.html#23 dollar coins
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Anyone still have access to VMTOOLS and TEXTTOOLS? Date: October 14, 2008 Blog: Greater IBMwow, TOOLSRUN EXEC ... one of the outcomes/suggestions of the taskforce investigating (& blaming me for) computer conferencing on the internal network.
started w/support VMTOOLS and later added PCTOOLS.
misc. past posts mentioning TOOLSRUN EXEC
https://www.garlic.com/~lynn/2001c.html#5 what makes a cpu fast
https://www.garlic.com/~lynn/2002d.html#33 LISTSERV(r) on mainframes
https://www.garlic.com/~lynn/2003i.html#18 MVS 3.8
https://www.garlic.com/~lynn/2004o.html#48 Integer types for 128-bit addressing
https://www.garlic.com/~lynn/2005q.html#5 What ever happened to Tandem and NonStop OS ?
https://www.garlic.com/~lynn/2005r.html#22 z/VM Listserv?
https://www.garlic.com/~lynn/2006h.html#9 It's official: "nuke" infected Windows PCs instead of fixing them
https://www.garlic.com/~lynn/2006r.html#11 Was FORTRAN buggy?
https://www.garlic.com/~lynn/2006r.html#16 Was FORTRAN buggy?
https://www.garlic.com/~lynn/2006w.html#35 Top versus bottom posting was Re: IBM sues maker of Intel-based Mainframe clones
https://www.garlic.com/~lynn/2006y.html#10 Why so little parallelism?
https://www.garlic.com/~lynn/2007.html#23 How to write a full-screen Rexx debugger?
https://www.garlic.com/~lynn/2007b.html#7 information utility
https://www.garlic.com/~lynn/2007b.html#31 IBMLink 2000 Finding ESO levels
https://www.garlic.com/~lynn/2007b.html#32 IBMLink 2000 Finding ESO levels
https://www.garlic.com/~lynn/2007b.html#55 IBMLink 2000 Finding ESO levels
https://www.garlic.com/~lynn/2007j.html#54 Using rexx to send an email
https://www.garlic.com/~lynn/2007j.html#70 Using rexx to send an email
https://www.garlic.com/~lynn/2007k.html#20 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007p.html#30 Newsweek article--baby boomers and computers
https://www.garlic.com/~lynn/2008i.html#48 Anyone know of some good internet Listserv's?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Will cards with PayPass (from MasterCard) be using CHIP & PIN in the future? Date: October 14, 2008 Blog: Credit Card ProfessionalsWe had been called in to participate in the x9a10 financial standard working group in the mid-90s. It had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments (i.e. ALL, POS, face-to-face, unattended, internet, low-value, high-value, transit, etc) and resulted in the x9.59 financial standard
As part of coming up with a framework for ALL, we developed what we called parameterised risk management ... this required a chip at least or much more secure than any chips in current use ... but much less expensive than the cheapest chips in current use ... and a mechanism somewhat similar to the current credit card operation not requiring signature for low-value transactions. The standard works identical whether or not a PIN is entered ... but it is possible for the amount of the transaction to dictate whether a PIN is required or not (in fact the standard parameterised risk management framework even allows that for really high values ... that both a PIN and a biometric might be required ... or that transaction may be only possible from certain types of locations or devices).
Another characteristic of ALL and parameterised risk management framework was not only being able to use the same token for authenticating all kinds of transactions across a broad range of values and integrity requirements .... but to be able to use the identical operation for authenticating non-payment transactions ... i.e. login, access control, approval/agreement etc.
misc. past posts mentioning parameterised risk management:
https://www.garlic.com/~lynn/aadsmore.htm#bioinfo2 QC Bio-info leak?
https://www.garlic.com/~lynn/aadsmore.htm#bioinfo3 QC Bio-info leak?
https://www.garlic.com/~lynn/aadsmore.htm#biosigs biometrics and electronic signatures
https://www.garlic.com/~lynn/aadsm2.htm#stall EU digital signature initiative stalled
https://www.garlic.com/~lynn/aadsm2.htm#strawm3 AADS Strawman
https://www.garlic.com/~lynn/aadsm3.htm#cstech3 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech4 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech5 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech9 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech10 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp-00.txt))
https://www.garlic.com/~lynn/aepay3.htm#x959risk1 Risk Management in AA / draft X9.59
https://www.garlic.com/~lynn/aepay6.htm#x959b X9.59 Electronic Payment standard issue
https://www.garlic.com/~lynn/aadsm12.htm#17 Overcoming the potential downside of TCPA
https://www.garlic.com/~lynn/aadsm19.htm#15 Loss Expectancy in NPV calculations
https://www.garlic.com/~lynn/aadsm19.htm#44 massive data theft at MasterCard processor
https://www.garlic.com/~lynn/aadsm19.htm#46 the limits of crypto and authentication
https://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards?
https://www.garlic.com/~lynn/aadsm21.htm#8 simple (&secure??) PW-based web login (was Re: Another entry in the internet security hall of shame....)
https://www.garlic.com/~lynn/aadsm23.htm#1 RSA Adaptive Authentication
https://www.garlic.com/~lynn/aadsm23.htm#27 Chip-and-Pin terminals were replaced by "repairworkers"?
https://www.garlic.com/~lynn/aadsm25.htm#1 Crypto to defend chip IP: snake oil or good idea?
https://www.garlic.com/~lynn/aadsm25.htm#2 Crypto to defend chip IP: snake oil or good idea?
https://www.garlic.com/~lynn/aadsm25.htm#14 Sarbanes-Oxley is what you get when you don't do FC
https://www.garlic.com/~lynn/aadsm26.htm#35 Failure of PKI in messaging
https://www.garlic.com/~lynn/aadsm27.htm#61 Linus: Security is "people wanking around with their opinions"
https://www.garlic.com/~lynn/aadsm28.htm#37 Attack on Brit retail payments -- some takeways
https://www.garlic.com/~lynn/99.html#235 Attacks on a PKI
https://www.garlic.com/~lynn/99.html#238 Attacks on a PKI
https://www.garlic.com/~lynn/2000.html#46 question about PKI...
https://www.garlic.com/~lynn/2000.html#57 RealNames hacked. Firewall issues.
https://www.garlic.com/~lynn/2001.html#73 how old are you guys
https://www.garlic.com/~lynn/2003j.html#33 A Dark Day
https://www.garlic.com/~lynn/2003p.html#26 Sun researchers: Computers do bad math ;)
https://www.garlic.com/~lynn/2004h.html#38 build-robots-which-can-automate-testing dept
https://www.garlic.com/~lynn/2005k.html#23 More on garbage
https://www.garlic.com/~lynn/2006g.html#40 Why are smart cards so dumb?
https://www.garlic.com/~lynn/2006o.html#20 Gen 2 EPC Protocol Approved as ISO 18000-6C
https://www.garlic.com/~lynn/2007t.html#8 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2007u.html#5 Public Computers
https://www.garlic.com/~lynn/2007u.html#76 folklore indeed
https://www.garlic.com/~lynn/2008i.html#1 Do you belive Information Security Risk Assessment has shortcoming like
https://www.garlic.com/~lynn/2008i.html#70 Next Generation Security
https://www.garlic.com/~lynn/2008l.html#52 Payments Security in RFS
https://www.garlic.com/~lynn/2008o.html#13 What risk of possible data leakage do you see for your organization?
https://www.garlic.com/~lynn/2008o.html#17 what will be a wow feature in a credit card
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The Univac 110x Architecture Still Lives Newsgroups: alt.folklore.computers Date: Wed, 15 Oct 2008 13:13:33 -0400"Del Cecchi" <delcecchiofthenorth@gmail.com> writes:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Discussions areas, private message silos, and how far we've come since 199x Date: October 15, 2008 Blog: Greater IBMI got blamed for computer conferencing on the internal network in the late 70s and early 80s ... the internal network was larger than the arpanet/internet from just about the beginning until possibly summer of '85.
there was then a taskforce investigating this "new" phenomena ... one of the outcomes was "TOOLSRUN EXEC" which was used for things like VMTOOLS and later PCTOOLS.
Also there was a researcher paid to sit in the back of my office for nine months to take notes on how I communicated; telephone, face-to-face, email, instant messages, etc ... they also got copies of all my incoming and outgoing email as well as logs of all instant messages. The material was used for a research report, a number of papers and books ... including stanford phd thesis in the area of computer mediated communication (joint between computer AI and language).
misc past posts mentioning computer mediated communication
https://www.garlic.com/~lynn/subnetwork.html#cmc
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old XDS Sigma stuff Newsgroups: alt.folklore.computers Date: Wed, 15 Oct 2008 21:49:33 -0400Peter Flass <Peter_Flass@Yahoo.com> writes:
os/360 was real storage, images out on disk had "RLD" values which were resolved at the time things were fetched into real storage (i.e. lots of modification to executable images after fetched into real storage). it was "shared" in the sense that it was a single (real) storage address space (stuff like "shared" in real memory address space, for resident linklib modules).
cp67/cms was done at the science center for 360/67 also using virtual memory support. however, cms' ran in single virtual address spaces ... and used lots of applications and code borrowed from os/360. cp67/cms beat out tss/360 because 1) had significantly better performance and 2) it provided virtual machine support for running other types of operating sysetms.
cp67/cms with 30 cms (emulating) users doing mixed-mode fortran program, edit, compile and execution ... had better performance that 4 tss/360 emulated users doing the same workload. Big part was that tss/360 was a (relatively) big storage hog (512kbyte, 768kbyte, 1mbyte real storage configuration machines).
this was in spring of '68 ... even before i started doing a lot of my performance, pathlength optimization, fastpath, and dynamic adaptive algorithm work on cp67&cms.
later at the science center
https://www.garlic.com/~lynn/subtopic.html#545tech
in the early 70s, for cp67/cms i did (cms) page mapped filesystem
some old posts
https://www.garlic.com/~lynn/submain.html#mmap
as well as a bunch of shared memory/segment enhancements ...
and then started work converting from cp67 to vm370 ... old
email reference
https://www.garlic.com/~lynn/2006v.html#email731212
https://www.garlic.com/~lynn/2006w.html#email750102
https://www.garlic.com/~lynn/2006w.html#email750430
I did implementations analogous to tss/360 that allowed executable
images on disk to be page mapped to arbitrary address locations in
virtual memory. It was constant uphill battle to compensate for all the
os/360 oriented applications that was designed to swizzle all the stuff
after it had been fetched into memory. Further complicating was that I
was trying to allow same exact shared image to simultaneously appear at
different virtual addresses in different virtual address spaces. lots
of past posts mentioning all the problems i had to fiddle all these
location dependencies
https://www.garlic.com/~lynn/submain.html#adcon
i was having fun at the science center on the 4th flr of 545 tech sq. ... sometimes joking that i was attempted to do as much as the multics group was doing on the 5th flr.
as initial part of os/360 migration to virtual memory on 370 ... os/vs2 SVS (single virtual storage) ... started out with MVT (from os/360) moved into a single 16mbyte virtual address space and a little bit of relocation hardware support cobbled into the side of MVT (most of MVT acted as if it was running on a real machine with 16mbyte real storage machine).
the other part of that transition involved channel program translation. 360,370,etc i/o channel programs used real addresses. cp67 supporting virtual machine address spaces ... had to "scan" the channel program from the virtual machine, make a complete copy ... and substitute "real" addresses for the virtual machine's virtual addresses.
the transition from MVT to SVS faced a similar problem ... standard os/360 MVT i/o involved applications creating channel programs ... including application addresses and then invoking the supervisor (EXCP/SVC0) for executing the channel program. In the transition to SVC ... the EXCP/SVC supervisor handling had to perform the same translation/copy function. The initial prototypes for SVS involved modified version of MVT running on 360/67 with a copy of the cp67 (channel program translation) CCWTRANS cobbled into the side of MVT.
In any case, the MVT "sharing" convention was preserved in SVS since the single real storage was traded for a single virtual address space. I actually "lost" a technology battle with the OS/VS2 group ... initially for SVS ... but carried into MVS. I tried to convey to the group the concept of least recently used page replacement algorithm. the VS2 group had modeled that selecting a non-changed page for replacement ... involved less work and less latency (didn't require first writing the page out to make the real storage slot available). My argument was that perverted the principle of least recently used page replacement (since a changed page might be much lower usage than a non-changed page).
The resident linklib modules easily carried over directly from MVT to os/vs2 svs. In the migration from os/vs2 SVS to MVS (multiple virtual storage, basically a unique virtual address space per application) ... the long history of single address space (real and virtual) left a legacy of large amounts of code that was dependent on pointer-passing. For MVS, the kernel and resident linklib was combined into a 8mbyte area that appeared in every application 16mbyte (i.e. half) virtual address space. It was well into the MVS product cycle before they realized that they were selecting, for replacement, high-usage, shared non-changed executable (like shared linklib) before private (possibly low usage) application changed pages.
Tne distinction for resident (shared) linklib started out (mvt, svs, mvs) being initialized at kernel boot.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Why are some banks failing, and others aren't? Date: October 15, 2008 Blog: Risk ManagementRegulated commercial banks have pretty much been held to standards ... like lending from deposits. Some of these are going to have problems with economy downturn.
Unregulated investment banks are suppose to be able to do whatever they want ... and were suppose to be allowed to fail based on their actions.
In the wake of the crash of '29, Glass-Steagall was passed to keep the
safety&soundness of regulated banking separate from the risky
unregulated investment banking. A decade ago Glass-Steagall was
repealed ... PBS program discussing the wall street fix:
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet
So besides the independent unregulated investment banks ... other regulated institutions started showing up with investment banking units.
Recent comment about some of the practices of investment banking units
(not just bears-stearn and lehman)
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
....
There was a separate issue about the 30yr subprime mortgages having
been packaged as toxic CDOs and then got triple-A ratings. However,
funding long term purchases with short-term borrowing has a long
history of bringing down institutions ... related article from sf fed
(not just institutions, but countries also)
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
and a related yr old article talking about a lot of financial
institutions carrying a lot of such transactions offbalance (and may
be still lurking):
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Why is sub-prime crisis of America called the sub-prime crisis? Date: October 16, 2008 Blog: Corporate DebtThere were two sides of this ... with toxic CDOs getting triple-A credit ratings, sitting in the middle.
Toxic CDOs were used two decades ago (during S&L crisis) to package up low-value mortgages, obfuscate the underlying value ... and sell the toxic CDOs at much higher value than warranted by the underlying properties. In the current scenario, the obfuscated, toxic CDO underlying value was further obfuscated by triple-A credit ratings.
It used to be that home owner market was indirectly regulated, loans would be by regulated financial institutions using deposits ... and they would keep the mortgages on their books ... so there was significant motivation to pay attention to loan quality.
With triple-A rated, toxic CDOs, unregulated mortgage originators could fund their operations as well as unload mortgages off their books almost immediately. As a result there was little motivation to pay attention to loan quality. Sub-prime mortgages were normally targeted at low-income, first time home buyers. However, no-documentation, no downpayment, 1-2 percent introductory rate ARMs, possibly with interest only payments ... started to be picked up by speculators. Speculators were able to treat the home owners market like the unregulated 1920s stock market with these sub-prime mortgages. As a result of the speculation, there was a huge, ugly pimple/boil inflation in the home owner market (a lot of market segments where you wouldn't ever find low-income, first time home owners).
Plot avg. home prices as well as avg. home prices as percent of avg. salary going back to 1970. There is start of huge, ugly speculation pimple/boil inflation in the home owner market starting in the early part of this decade and has only about halfway deflated (boil is much more appropriate than bubble since the underlying factors are a lot more putrid than what would be found in bubble).
The speculation also created the impression that demand was much larger than it actually was. As a result there were a lot of institutions doing "normal" borrowing as part of meeting this demand; builder getting construction loans putting up housing projects, strip malls, etc ... to meet this (apparent) big spike in demand. The boil bursts and the real estate isn't selling, and they are getting into trouble paying off loans.
There were also municipalities selling bonds as part of putting in utilities (sewer, water, roads, etc) for all these new developments. They are running into problems because the real estate hasn't sold, and therefor the tax revenue is slow to materialize to make payments on the bonds. Earlier this year the bond market also froze up because loss of confidence in the rating agencies (after they had given out all those triple-A rating on toxic CDOs, which created a lot of ambiguity in value of the bonds). Warren Buffett stepped in to at least unfreeze the municipal bond market.
On the institutional side of the triple-A rated toxic CDOs, there are unregulated investment banks and/or investment banking arms of regulated banks heavily leveraged buying up these (subprime motrage backed) triple-A rated toxic CDOs (some cases leveraged 50-80 times).
There are also institutions using short term 30day commercial paper to
buy these (30yr sub-prime mortgage backed) triple-A rated toxic
CDOs ... recent quote:
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
... there are examples dating back centuries of institutions and
countries going under, playing the game using short term borrowing to
fund long term investments.
on the institution side (of triple-A rated toxic CDOs) playing
long/short mismatch .... recent related answer
http://www.linkedin.com/answers/management/organizational-development/MGM_ODV/343639-20737334
along with a couple URLs discussing institutions/countries playing the
long/short mistmatch
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old XDS Sigma stuff Newsgroups: alt.folklore.computers Date: Thu, 16 Oct 2008 09:10:44 -0400Peter Flass <Peter_Flass@Yahoo.com> writes:
when i was undergraduate and doing a lot of os/360 performance
optimization (first mft and then mvt), I was doing some heuristic stuff
about what went in BLDL list (resident memory) as well as carefully
ordering other stuff on disk (to optimize disk avg. arm seek). Along
the way, IBM provided me an internal trace/use tool that gave count of
linklib member usage. I used this to further refine BLDL list as well
as careful placement of stuff on disk. For the typical univ. workload, I
could get a 300percent thruput improvement. Old post with reference to
share presentationa about the os/360 improvements as well as os/360
thruput under cp67
https://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14
there was memory shared stuff, in the sense there was single address space ... real address for mvt, and single virtual address space for os/vs2 svs. it wasn't until os/vs2 mvs that there was multiple virtual address spaces (i.e. Multiple Virtual Storage).
The single address space promoted the extensive use of pointer-passing convention. this legacy resulted in the common segment in mvs. there were some number of "subsystems" that resided outside the kernel, used by applications. in the move to mvs ... kernel (and related stuff) occupied 8mbyte of every (application) 16mbyte virtual address space (kernel code could take passed parameters and directly address application space parameters). However "subsystems" moved into their own virtual adddress space ... but still had a requirement to take application passed pointers and directly access parameters in the application virtual address space.
The solution was the "common segment" that started out as one mbyte ... also in every virtual address space ... where applications could stuff parameters and pass pointers ... which subsystems could directly address. Over time, as subsystems proliferated, the size of "common segment" grew until it wasn't unusual to be five mbytes (and growing on some systems). Out of every 16mbyte application virtual address space, 8mbytes was taken up by the "kernel" and five mbytes was being taken by the "common segment" ... leaving only three mbytes for actual application use.
This problem ("common segment" size growing out of control) was getting so bad, that "dual-address" space mode was introduced for 3033. This allowed for pointers to be passed to semi-privileged subsysetms (running in different virtual address space) and use dual-address space mode to directly address parameters in the application virtual address space (w/o requiring them to be in common segment).
"dual-address" space was later generalized with access registers and program call/return instructions. "dual-address" space required kernel call to change the virtual address space pointers before switching address spaces. program call/return instructions referenced a kernel table that specified the rules for changing address space pointers. among other things it enabled all sorts of library code to be moved into their own virtual address space ... which could be then directly called w/o having the overhead of passing thru kernel. this sort of represents a form of "shared memory" stuff ... except the "shared memory" no longer exists inside the application virtual address space.
past posts mentioning "dual-address" space:
https://www.garlic.com/~lynn/2008c.html#33 New Opcodes
https://www.garlic.com/~lynn/2008c.html#35 New Opcodes
https://www.garlic.com/~lynn/2008d.html#69 Regarding the virtual machines
https://www.garlic.com/~lynn/2008e.html#14 Kernels
https://www.garlic.com/~lynn/2008e.html#33 IBM Preview of z/OS V1.10
https://www.garlic.com/~lynn/2008g.html#60 Different Implementations of VLIW
https://www.garlic.com/~lynn/2008h.html#29 DB2 & z/OS Dissertation Research
https://www.garlic.com/~lynn/2008i.html#52 Microsoft versus Digital Equipment Corporation
https://www.garlic.com/~lynn/2008l.html#45 z/OS BIND9 DNS Vulnerable to Cache Poisoning Attack Problem?
https://www.garlic.com/~lynn/2008l.html#83 old 370 info
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Discussions areas, private message silos, and how far we've come since 199x Date: October 16, 2008 Blog: Greater IBMThe internal network passed 1000 nodes in 1983 (much larger than arpanet/internet which was around 255 nodes); these were mainframe nodes with hundreds and/or thousands of individuals per node.
Old post with some references to the internal network in 1983
... including list of all worldwide locations that added one or more
network nodes in 1983:
https://www.garlic.com/~lynn/2006k.html#8
Somewhere on the computer history site, the inventor of REXX has story of effectively being able to use the world wide internal network as an aide to distributed development in the late 70s (send out new versions, get almost immediate feedback, suggestions for further enhancements, etc).
One of the problems the internal network had was corporate requirement that all links that left corporate property had to be encrypted. At one point in the mid-80s, there was claim that the internal network had more than half of all link encryptors in the world. Part of the problem were govs. restrictions on the use of encryption. This showed up with links that were between sites in the same country. It really got complex, when it involved links between sites in different countries ... and there were different govs. involved.
For other drift, picture of desk ornament commemorating 1000th node on
the internal network
https://www.garlic.com/~lynn/2008m.html#35
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Virtual Newsgroups: bit.listserv.ibm-main Date: Thu, 16 Oct 2008 11:59:07 -0400PaulGBoulder@AIM.COM (Paul Gilmartin) writes:
dating back to original cp67 & cms ... CKD disks had been treated as logical block devices ... with simplified, stylized CKD channel programs. But the lines-of-code to meet error recovery and EREP requirements was significantly larger than the much simpler and smaller inline device driver code.
Part of the past FBA wasn't so much about the complexity of the inline device driver code ... but as part of the FBA simplification, significant amount of device physical characteristics were abstracted. This eliminated a lot of release-to-release transitions and significant new device driver support code that came with every small change in CKD product.
In the middle of the FBA wars ... i had offered driver support to the MVS device support group. They replied that even fully tested and integrated code ... there was still a $26m bill for documentation and training ... which I needed a business case for. At the time, the simplified scenario was that a business case required incremental, new product sales (as opposed to long term infrastructure cost savings). Their scenario was that FBA support would just result in the same amount of disk being sold as FBA rather than CKD ... resulting in no incremental business case to cover the $26m cost for MVS supporting FBA.
misc. past posts mentioning CKD and/or FBA issues
https://www.garlic.com/~lynn/submain.html#dasd
I was also allowed to play disk engineer in bldg. 14 (disk engineering)
and bldg 15 (disk product test). One of the issues was that they were
doing mainframe "stand-alone", dedicated machine testing (i.e. each test
required prescheduled, dedicated machine time). They had tried running
MVS on the machines (looking to possibly being able to perform multiple
concurrent tests and eliminated the dedicated machine time test
bottleneck). However, standard MVS product had 15min MTBF in that
enviroment. I undertook to rewrite i/o supervisor to create bullet proof
error recovery and operation ... enabling multiple concurrent testing to
be done in operating system environment (and eliminating the dedicated
machine time scheduling development bottlenecks). misc. past posts
mentioning getting to play disk engineer
https://www.garlic.com/~lynn/subtopic.html#disk
I had originally done simplified "block i/o" interface for CMS & CP67 as pathlength reduction as an undergraduate in the 60s.
Later in the early 70s, for CP67/CMS, I did a much more powerful,
flexible, lower overhead, and higher thruput API that supported page
mapped operations (even more simplified than FBA channel programs, much
lower pathlength, and much more opportunity for thruput optimization).
On the CMS side of the API, I then implementated a paged mapped
filesystem. Later I migrated the changes to vm370 ... some
old email from the period
https://www.garlic.com/~lynn/2006v.html#email731212
https://www.garlic.com/~lynn/2006w.html#email750102
https://www.garlic.com/~lynn/2006w.html#email750430
Later tests on 3380s, with light to moderate disk intensive CMS
applications, I could get something like three times the thruput than
best case with standard block I/O. The thruput advantage increased
further as applications became more & more disk intensive. misc.
past posts mentioning page mapped filesystem work
https://www.garlic.com/~lynn/submain.html#mmap
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Virtual Newsgroups: bit.listserv.ibm-main Date: Thu, 16 Oct 2008 14:08:19 -0400joarmc@SWBELL.NET (John McKown) writes:
at least one of the implementations was by one of the co-op students
mentioned in this old email
https://www.garlic.com/~lynn/2006v.html#email731212
that helped me with migrating several enhancements from cp67 to vm370.
he had graduated and joined one of the timesharing service bureaus
and re-implemented some of the stuff from scratch ... including several
things that I only distributed internal (and never made it out in
customer products) ... old email references:
https://www.garlic.com/~lynn/2006w.html#email750102
https://www.garlic.com/~lynn/2006w.html#email750430
along with some enhancements to the mechanism that migrated kernel virtual machine control blocks to secondary storage.
An analogous set of loosely-coupled enhancements were done later for the
internal (virtual machine based) HONE system ... which provided
world-wide sales & marketing support ... misc. past posts mentioning
HONE
https://www.garlic.com/~lynn/subtopic.html#hone
The virtual machine based commercial timesharing service bureaus had been moving into 7x24 operation with customers around the world. In this period there was still significantly monthly preventive maintenance activity, which required removing systems from service. Being able to transparently migrate virtual machines across complexes in loosely-coupled environment ... allowed maintenance activity to occur while totally masking the associated system outages.
Minor topic drift ... in this period, my wife had been con'ed into going
to POK to be in charge of loosely-coupled architecture. while there she
had originated Peer-Coupled Shared Data architecture ... which, except
for IMS hot-standby, saw very little uptake until sysplex (contributed
to her not staying very long in the position) ... misc. past posts
https://www.garlic.com/~lynn/submain.html#shareddata
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Virtual Newsgroups: bit.listserv.ibm-main Date: Thu, 16 Oct 2008 14:40:27 -0400Thomas.Kern@HQ.DOE.GOV (Thomas Kern) writes:
Separate from the virtual machine based commercial timesharing service
bureaus
https://www.garlic.com/~lynn/submain.html#timeshare
As part of consolidating the several US HONE datacenters in a single
location (northern cal) in the mid-70s ... there was work on supporting
single-system image.
https://www.garlic.com/~lynn/subtopic.html#hone
By 78/79 there was front-end load balancing and other single-system-image support ... across multiple multiprocessor machines in large loosely-coupled environment (at the time, possibly the largest single-system-image operation anywhere). Then because of natural disaster considerations ... the load-balancing was extended to a replicated 2nd HONE datacenter in Dallas and then a replicated 3rd HONE datacenter in Boulder (there were approaching 40k defined userid on the US HONE system complex ... and mainframe orders couldn't even be submitted w/o first having been processed by HONE).
Note that while the HONE support provided load balancing across the complex and various other single-system-image transparency ... it didn't support process (virtual machine) migration between different machines in loosely-coupled complex.
In the very early 80s, SJR started a 4341 vm-based cluster project using 3088/trotter (this was before moving up the hill to almaden). One of the big problems before being released as a product, they had to migrate the implementation to standard SNA protocol. This had disastrous effects on the cluster operation efficiency. For instance, the original cluster synchronization process that took very small subsecond elapsed time, increased two orders of magnitude when migrated to standard SNA protocol (over 30 seconds elapsed time).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Everyone is getting same deal out of life: babyboomers can't retire but they get SS benefits intact Date: October 16, 2008 Blog: Equity MarketsThe big baby boomer bubble is coming up for retirement ... increasing the number of retired by something like four times.
There are articles that the following generation is only a little over half as large as the baby boomers. This changes the ratio of retirees to workers by a factor of eight times. It is the workers that are paying all the taxes that are being used to provide the retiree benefits (the current paradigm is a lot more palatable with the ratio of workers per retirees being eight times larger, but all that is likely to change when the full effect of the baby boomer retirements starts to kick in).
The are also issues claiming that the avg skill level of the following generation is a lot lower (besides there being only about half as many) ... with all the statistics about education levels, proficiency tests, math/science scores, etc being in steady decline for the past 30 yrs (and therefor likelyhood of lower earning power).
The are numerous unanticipated effects.
A year ago, there was a show looking at number of oil field development projects ... and the claim was that given the demand, the number of projects are only about 2/3rds what would normally be expected. The explanation was that the typical oil field development project took 7-8 yrs and there weren't going to be enough people available to complete more projects.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Virtual Newsgroups: bit.listserv.ibm-main Date: Fri, 17 Oct 2008 08:46:02 -0400re:
and from long ago and far away
Date: 05/19/82 10:33:28
To: wheeler
Lynn,
The Endicott Prog Center has a proposal to support a collection of VM
systems with Single System Image and Continuous Availability for CMS and
VM Subsystem users. The proposal is called VMC, for VM Clusters.
XXXX, SPD High Availability Systems Project Office Manager, and I will
be in San Jose on 6/8/82 to (among other things) present VMC to
Research. YYYY is hosting the meeting. I hope you can attend. If not
I'd like to make other arrangements to show you this proposal.
... snip ... top of post, old email index
for other drift ... later in the decade, my wife & I started on the
ha/cmp (High Availability Cluster Multi-Processing) product ... but
rs/6000 based ...
https://www.garlic.com/~lynn/subtopic.html#hacmp
some old email on ha/cmp cluster scale-up
https://www.garlic.com/~lynn/lhwemail.html#medusa
old post with mention of effort
https://www.garlic.com/~lynn/95.html#13
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Biometric Credit cards Date: October 17, 2008 Blog: Credit Card Professionalsone of the things we did as part of x9.59 financial transaction standard was to delineate to both generalize the kinds of transactions as well as the kinds of authentication .... after having been called into to consult with a small client/server startup that wanted to do payments on their server (they also had this technology called SSL and the results is now frequently referred to as electronic commerce), we were asked to participate in the x9a10 financial standard working group in the mid-90s. X9A10 had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments. This was all in all kinds of environments, POS, face-to-face, unattended, internet, metro .... as well as all kinds of values, low-value, high-value, etc. Part of this generalized solution was a framework that we called parameterised risk management.
From 3-factor authentication paradigm ... misc. past posts
https://www.garlic.com/~lynn/subintegrity.html#3factor
The issue with respect to biometric authentication and parameterised risk management ... is the integrity evaluation of the particular biometric being used ... and whether or not it is only single factor authentication or multiple factor authentication.
A trivial example is a hardware token that might be used both in contact mode as well as contactless mode ... and might be used in single factor authentication operation in contactless mode at transit turnstyle (for low-value transaction) ... but same hardware token could be used in contactless mode in conjunction with PIN (or biometric) at POS (or internet) for higher value transactions requiring multi-factor authentication. For even higher value transactions ... there could be provisions for the transaction environment/terminal to also authenticate.
x9.59 financial transaction standard reference
https://www.garlic.com/~lynn/x959.html#x959
also, as part of x9a10 financial standard effort, there was detailed end-to-end, threat and vulnerability study. One of the issues was the enormous vulnerability of much of the existing infrastructure to data breaches (evesdropping, harvesting, etc ... being able to use information from valid transaction to perform fraudulent transactions).
The x9.59 financial standard didn't do anything to eliminate the data breaches ... but it slightly tweaked the paradigm ... so that the crooks couldn't use information from existing/valid transactions for fraudulent transactions.
For instance, the dominant use of SSL in the world is this earlier work we did for electronic commerce ... as part of hiding transaction information. X9.59 eliminates that as a threat & vulnerability ... so also eliminates the major use of SSL in the world today.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Discussions areas, private message silos, and how far we've come since 199x Date: October 17, 2008 Blog: Greater IBMre:
Note that later (mid-80s), LISTSERV facility (somewhat analogous to
TOOLSRUN) was developed on BITNET/EARN ... misc. past posts
https://www.garlic.com/~lynn/subnetwork.html#bitnet
basically university network using similar technology to that used for
the internal network ... misc. past posts
https://www.garlic.com/~lynn/subnetwork.html#internalnet
for some example, recent (archived) posts to the ibm-main listserv
discussion group:
https://www.garlic.com/~lynn/2008o.html#55 Virtual
https://www.garlic.com/~lynn/2008o.html#56 Virtual
https://www.garlic.com/~lynn/2008o.html#57 Virtual
even earlier ... one of the virtual machine based time-sharing
commercial service bureaus had developed a computer conferencing
facility and provided the VMSHARE service free to (the IBM mainframe
user group) SHARE starting in August 1976. The VMSHARE archives can be
accessed here:
http://vm.marist.edu/~vmshare/
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Would anyone like to draw a diagram of effects or similar for the current "credit crisis"? Date: October 18, 2008 Blog: Systems ThinkingRelated discussion in an answer here:
Part of the issue (that has periodically froze parts of the market) was all the triple-A ratings that had been given the (subprime mortgage backed) toxic CDOs. This led to confidence crisis in the ratings organizations. A couple weeks ago, one of the business news show had on a guest from one of the ratings organization to discuss ratings downgrade given some companies. The host spent much of the interview trying to get the guest to admit to being responsible for the current credit crisis (huge amount of money was spent on triple-A rated toxic CDOs ... and then when it all started to fall apart and lots of confidence & trust paralysis).
A lot of the unregulated investment banks &/or unregulated investment
banking arms of other institutions were heavily leverage borrowing to
buy these triple-A rated toxic CDOs. The heavy borrowing was also
large mismatch between short term commercial paper and long term
triple-A rated toxic CDOs ... recent quote:
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
....
Using short term borrowing to finance long term projects has been
recognized as systemic mismatch for centuries ... having downside for
both countries and institutions; related San Fran FRB article from
2000:
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
More recent article from last year about practice in current situation.
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
Besides all the other side-effects of the triple-A rated toxic CDOs ... both on the home owner market, the investment institutions, and propagating out into the rest of the economy .... there is also the potential that the heavy borrowing activity by financial institutions in short term commercial paper ... represents severe competition and downside on traditional players in short-term commercial paper borrowing.
past posts mentioning short/long mismatch
https://www.garlic.com/~lynn/2008o.html#14 Blinkylights
https://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#27 Blinkylights
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008o.html#37 The human plague
https://www.garlic.com/~lynn/2008o.html#39 The human plague
https://www.garlic.com/~lynn/2008o.html#51 Why are some banks failing, and others aren't?
https://www.garlic.com/~lynn/2008o.html#52 Why is sub-prime crisis of America called the sub-prime crisis?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Discussions areas, private message silos, and how far we've come since 199x Date: October 18, 2008 Blog: Greater IBMre:
and
http://vm.marist.edu/~vmshare/
Comment from the VMSHARE archive site:
For many users, access to VMSHARE using 3270 fullscreen would have
been a dream come through. Many never got further than 300 bps
TeleType access or reading Melinda's Daily Distribution (or one of the
several copies derived from those).
... snip ...
Before Melinda ever started her distribution ... I was getting monthly tape of VMSHARE files and putting them up on various machines on the internal network.
One such complex that I made the VMSHARE files available was on HONE. HONE (Hands-On Network Environment) started out as a few CP67 virtual machine datacenters in the wake of the 23Jun69 unbundling announcement; not only did unbundling mark starting to charge for application software but also SE time. This eliminated a major educational mechanism for new SEs (effectively apprentice type activity as part of a team at the customer site). With unbundling, most of the "hands-on" learning experience was eliminated for new SEs (couldn't justify charging the customer, but would have been required by new circumstances).
Because of a number of factors, HONE transitioned away from hands-on experience for SEs into major world-wide sales & marketing support infrastructure (by mid-70s, mainframe orders couldn't be submitted w/o having first being processed by HONE applications).
One of my other hobbies was providing highly enhanced production operating systems for internal locations ... and HONE was one of my long-time major customers. As a result, it wasn't all that difficult to convince HONE to also deploy VMSHARE files for world-wide branch office and field access.
Misc past emails, some mentioning HONE
https://www.garlic.com/~lynn/lhwemail.html#hone
some mentioning VMSHARE
https://www.garlic.com/~lynn/lhwemail.html#vmshare
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: In your experience which is a superior debit card scheme - PIN based debit or signature debit? Date: October 18, 2008 Blog: Credit Card Professionalsre:
As in other recent answers ... one of the other areas from the X9A10 financial standard working group (given the requirement to preserve the integrity of the financial infrastructure for *ALL* retail payments) for x9.59 standard ... wasn't just looking at all kinds of payments (credit, debit, stored-value, etc), in all kinds of environments (POS, internet, face-to-face, unattended, transit gate, contact, contactless, etc), but also all kinds of values from very low to very high.
So in addition to detailed, end-to-end threat and vulnerability studies in the mid-90s, we also created a framework we called parameterised risk management (for x9.59 financial standard protocol).... where the same hardware token (and/or secure PDA/cellphone, possible with embedded secure chip) and ( x9.59 ) protocol could be used, possibly in both contact and contactless environments as well as with and w/o PINs (analogous to credit guidelines not requiring signatures for low-value transactions).
It is even possible within the parameterised risk management framework, that for really high value transations, that the participating terminal also provide authentication information (and transactions might even be restricted to specific environments).
From 3-factor authentication paradigm ... misc. past posts
https://www.garlic.com/~lynn/subintegrity.html#3factor
recent references to parameterised risk management
https://www.garlic.com/~lynn/2008o.html#13 What risk of possible data leakage do you see for your organization?
https://www.garlic.com/~lynn/2008o.html#17 what will be a wow feature in a credit card
https://www.garlic.com/~lynn/2008o.html#47 Will cards with PayPass (from MasterCard) be using CHIP & PIN in the future?
https://www.garlic.com/~lynn/2008o.html#60 Biometric Credit cards
older references to parameterised risk management
https://www.garlic.com/~lynn/aadsmore.htm#bioinfo2 QC Bio-info leak?
https://www.garlic.com/~lynn/aadsmore.htm#bioinfo3 QC Bio-info leak?
https://www.garlic.com/~lynn/aadsmore.htm#biosigs biometrics and electronic signatures
https://www.garlic.com/~lynn/aadsm2.htm#stall EU digital signature initiative stalled
https://www.garlic.com/~lynn/aadsm2.htm#strawm3 AADS Strawman
https://www.garlic.com/~lynn/aadsm3.htm#cstech3 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech4 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech5 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech9 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#cstech10 cardtech/securetech & CA PKI
https://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp-00.txt))
https://www.garlic.com/~lynn/aepay3.htm#x959risk1 Risk Management in AA / draft X9.59
https://www.garlic.com/~lynn/aepay6.htm#x959b X9.59 Electronic Payment standard issue
https://www.garlic.com/~lynn/aadsm12.htm#17 Overcoming the potential downside of TCPA
https://www.garlic.com/~lynn/aadsm19.htm#15 Loss Expectancy in NPV calculations
https://www.garlic.com/~lynn/aadsm19.htm#44 massive data theft at MasterCard processor
https://www.garlic.com/~lynn/aadsm19.htm#46 the limits of crypto and authentication
https://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards?
https://www.garlic.com/~lynn/aadsm21.htm#8 simple (&secure??) PW-based web login (was Re: Another entry in the internet security hall of shame....)
https://www.garlic.com/~lynn/aadsm23.htm#1 RSA Adaptive Authentication
https://www.garlic.com/~lynn/aadsm23.htm#27 Chip-and-Pin terminals were replaced by "repairworkers"?
https://www.garlic.com/~lynn/aadsm25.htm#1 Crypto to defend chip IP: snake oil or good idea?
https://www.garlic.com/~lynn/aadsm25.htm#2 Crypto to defend chip IP: snake oil or good idea?
https://www.garlic.com/~lynn/aadsm25.htm#14 Sarbanes-Oxley is what you get when you don't do FC
https://www.garlic.com/~lynn/aadsm26.htm#35 Failure of PKI in messaging
https://www.garlic.com/~lynn/aadsm27.htm#61 Linus: Security is "people wanking around with their opinions"
https://www.garlic.com/~lynn/aadsm28.htm#37 Attack on Brit retail payments -- some takeways
https://www.garlic.com/~lynn/99.html#235 Attacks on a PKI
https://www.garlic.com/~lynn/99.html#238 Attacks on a PKI
https://www.garlic.com/~lynn/2000.html#46 question about PKI...
https://www.garlic.com/~lynn/2000.html#57 RealNames hacked. Firewall issues.
https://www.garlic.com/~lynn/2001.html#73 how old are you guys
https://www.garlic.com/~lynn/2003j.html#33 A Dark Day
https://www.garlic.com/~lynn/2003p.html#26 Sun researchers: Computers do bad math ;)
https://www.garlic.com/~lynn/2004h.html#38 build-robots-which-can-automate-testing dept
https://www.garlic.com/~lynn/2005k.html#23 More on garbage
https://www.garlic.com/~lynn/2006g.html#40 Why are smart cards so dumb?
https://www.garlic.com/~lynn/2006o.html#20 Gen 2 EPC Protocol Approved as ISO 18000-6C
https://www.garlic.com/~lynn/2007t.html#8 Translation of IBM Basic Assembler to C?
https://www.garlic.com/~lynn/2007u.html#5 Public Computers
https://www.garlic.com/~lynn/2007u.html#76 folklore indeed
https://www.garlic.com/~lynn/2008i.html#1 Do you belive Information Security Risk Assessment has shortcoming like
https://www.garlic.com/~lynn/2008i.html#70 Next Generation Security
https://www.garlic.com/~lynn/2008l.html#52 Payments Security in RFS
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Can the financial meltdown be used to motivate sustainable development in order to achieve sustainable growth and desired sustainability? Date: October 18, 2008 Blog: EconomicsToxic CDOs were used two decades ago (during S&L crisis) to obfuscate and inflate the underlying values ... and being able to sell at much higher than would otherwise be possible.
Decade old post discussing many of the current problems, including
needing visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm
Buyers of these toxic CDOs were heavily leveraged and frequently using
short-term commercial paper to make long-term purchases ... the
short/long mismatch has been recognized as systemic problem dating
back centuries. recent quote:
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
...
Decade old article from SF FRB about fragility of short/long mismatch
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
More recent article from last year about short/long systemic effects
in current situation:
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
past posts mentioning short/long mismatch
https://www.garlic.com/~lynn/2008o.html#14 Blinkylights
https://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#27 Blinkylights
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008o.html#37 The human plague
https://www.garlic.com/~lynn/2008o.html#39 The human plague
https://www.garlic.com/~lynn/2008o.html#51 Why are some banks failing, and others aren't?
https://www.garlic.com/~lynn/2008o.html#52 Why is sub-prime crisis of America called the sub-prime crisis?
https://www.garlic.com/~lynn/2008o.html#62 Would anyone like to draw a diagram of effects or similar for the current "credit crisis"?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Open Source, Unbundling, and Future System Date: October 18, 2008 Blog: Greater IBMstarting even before joining IBM, (virtual machine) cp67 delivered to univ. jan68 was full open-source so ... 40+yrs virtualization ... plus 40+yrs open source.
it was in large part gov. litigation that resulted in 23jan69
unbundling announcement that started charging for application
software, SE services, maintenance, etc. however, they managed to make
the case that kernel software wasn't part of it.
https://www.garlic.com/~lynn/submain.html#unbundle
i had done tty/ascii terminal support at the univ for cp67. then
somewhat because the (2702) terminal controller wouldn't do exactly
what i wanted ... the univ. started a clone terminal controller
project ... initially using interdata/3, reverse engineering the
mainframe channel interface ... and building a channel interface board
for the interdata/3. four of us got written up for being responsible
for initiating the clone controller business.
https://www.garlic.com/~lynn/submain.html#360pcm
later, in the 70s, the company started future system project:
https://www.garlic.com/~lynn/submain.html#futuresys
... in large part motivated by clone controller business, recent post
with an old quote:
https://www.garlic.com/~lynn/2008d.html#16
from article here:
https://www.ecole.org/en/session/49-the-rise-and-fall-of-ibm
https://www.ecole.org/en/session/49-the-rise-and-fall-of-ibm
the distraction of future system project contributed significantly to
letting clone processors get a foothold in the industry ... quotes
from fergus/morris book:
https://www.garlic.com/~lynn/2001f.html#33
in the wake of the future system project failure ... and the mad rush to get (hardware & software) products back into the 370 product pipeline ... contributed to picking up a lot of (370) stuff (for product release) that i had been doing all during the future system period.
some related old email about shipping product releases internally during the period:
https://www.garlic.com/~lynn/2006v.html#email731212
https://www.garlic.com/~lynn/2006w.html#email750102
https://www.garlic.com/~lynn/2006w.html#email750430
however, the foothold by clone processors also contributed to change
policy and to start charging for kernel software ... and my resource
manager was selected as the guinea pig. as a result i had to spend
time with lawyers and business planning people regarding kernel
software charging policy and practices. misc. past posts related to
resource manager
https://www.garlic.com/~lynn/subtopic.html#fairshare
In addition to other internal locations, I also provided custom kernels and support to HONE during cp67 and vm370 period, well into the 80s. HONE had originally been created in the wake of 23jun69 unbundling announcement ... which had taken away a major method of new SE training ("apprentice" as part of a team onsite at customer sites which went away with starting to charge for SE services). HONE started out with several CP67 datacenters to provide Hands-On Network Environment for SEs running various operating systems in virtual machines.
The science center had also ported apl\360 to CMS for cms\apl and
there started to be several sales & marketing cms\apl applications
deployed on HONE. Eventually the sales & marketing applications
came to dominate HONE usage and the original use for SEs withered
away. By the mid-70s, HONE datacenters had been replicated at a number
of places around the world. HONE had also been so integrated into
sales & marketing that mainframe orders had to be first processed by
HONE applications. misc. old email mentioning HONE
https://www.garlic.com/~lynn/lhwemail.html#hone
and past posts mentioning HONE
https://www.garlic.com/~lynn/subtopic.html#hone
As part of moving EMEA hdqtrs from NY to Paris in the early 70s, I got to go over as part of installing a HONE clone in Paris for EMEA hdqtrs.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Invitation to Join Mainframe Security Guru Group Date: October 19, 2008 Blog: Corporate GovernanceAs part of the future system project ... misc. past posts
the future system documentation was kept in software copy on special internal vm370 systems with lots of security enhancements. once some of them even made the statements that even if Lynn Wheeler was in the same room with the machine, even he wouldn't be able to access the information. it was one of the few times that I took the bait. I replied that it would take less than five minutes ... but it 1st required disabling all outside connections to the machine and then flipping one bit in machine storage from the console.
as undergraduate, i would periodically get requests from the vendor to
make specific enhancements to cp67. i didn't became aware of these
users until many years later:
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml
but i subsequently conjectured that some of the enhancement requests may have been of the type that originated from that customer set
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blinkenlights Newsgroups: alt.folklore.computers Date: Sun, 19 Oct 2008 16:41:22 -0400Morten Reistad <first@last.name> writes:
from above:
December 2007 Soon after Merrill Lynch disclosed its $8.4 billion
write-down because of problems with collateralized debt obligations
(CDOs) and other financial instruments relating to subprime mortgages,
the credit rating agencies started downgrading the securities. But, this
is like the proverbial soldier who watches a raging battle from afar;
when the war is over, he proceeds to bayonet the wounded.
... snip ...
the above article makes a point that rating agencies were paid quite a bit of money for giving triple-A rating to the toxic CDOs ... also drawing parallel with it took quite awhile for ENRON downgrade.
there is (somewhat jaundice) reference to report by SEC:
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
comment on the above:
Third, on page 42 of the report, the SEC promises to explore whether
these credit rating agencies "should implement procedures to manage
potential conflicts of interest that arise when issuers [pay] for
ratings." Either the SEC did not keep its promise or such actions are
inadequate. Clearly, the credit rating agencies have not responded any
differently to the CDO problem than they did with Enron's circumstances.
... snip ...
long winded, decade old post mentioning several of current problems,
including needing visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm
as to bayonet the wounded ... we've had a similar definition for
auditors ... from long ago and far away (from file of random quotes
that printed on 6670/sherpa separator page):
[Business Maxims:] Signs, real and imagined, which belong on the walls of the nation's offices:
1) Never Try to Teach a Pig to Sing; It Wastes Your Time and It Annoys the Pig.
2) Sometimes the Crowd IS Right.
3) Auditors Are the People Who Go in After the War Is Lost and Bayonet the Wounded.
4) To Err Is Human -- To Forgive Is Not Company Policy.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blinkenlights Newsgroups: alt.folklore.computers Date: Sun, 19 Oct 2008 19:46:31 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
for other (research started installing 6670s in the late 70s) bayonet the wounded drift .... i had sponsored Boyd's briefings at ibm in the 80s ... one of his references was to Guderian's directive about verbal orders only for the blitzkrieg (soldiers on the spot not having to worry about after action reviews by people that weren't there).
lots of past posts mentioning Boyd:
https://www.garlic.com/~lynn/subboyd.html#boyd
past references to Guderian's verbal orders only:
https://www.garlic.com/~lynn/99.html#120 atomic History
https://www.garlic.com/~lynn/2001.html#29 Review of Steve McConnell's AFTER THE GOLD RUSH
https://www.garlic.com/~lynn/2001.html#30 Review of Steve McConnell's AFTER THE GOLD RUSH
https://www.garlic.com/~lynn/2001m.html#16 mainframe question
https://www.garlic.com/~lynn/2002d.html#36 Mainframers: Take back the light (spotlight, that is)
https://www.garlic.com/~lynn/2002d.html#38 Mainframers: Take back the light (spotlight, that is)
https://www.garlic.com/~lynn/2002q.html#33 Star Trek: TNG reference
https://www.garlic.com/~lynn/2002q.html#43 Star Trek: TNG reference
https://www.garlic.com/~lynn/2003h.html#51 employee motivation & executive compensation
https://www.garlic.com/~lynn/2003p.html#27 The BASIC Variations
https://www.garlic.com/~lynn/2004k.html#24 Timeless Classics of Software Engineering
https://www.garlic.com/~lynn/2004q.html#86 Organizations with two or more Managers
https://www.garlic.com/~lynn/2005e.html#3 Computerworld Article: Dress for Success?
https://www.garlic.com/~lynn/2006f.html#14 The Pankian Metaphor
https://www.garlic.com/~lynn/2006g.html#9 The Pankian Metaphor
https://www.garlic.com/~lynn/2006q.html#41 was change headers: The Fate of VM - was: Re: Baby MVS???
https://www.garlic.com/~lynn/2007b.html#37 Special characters in passwords was Re: RACF - Password rules
https://www.garlic.com/~lynn/2007b.html#52 Special characters in passwords was Re: RACF - Password rules
https://www.garlic.com/~lynn/2007c.html#25 Special characters in passwords was Re: RACF - Password rules
https://www.garlic.com/~lynn/2008c.html#26 Current Officers
https://www.garlic.com/~lynn/2008g.html#34 WWII supplies
https://www.garlic.com/~lynn/2008h.html#8a Using Military Philosophy to Drive High Value Sales
https://www.garlic.com/~lynn/2008h.html#61 Up, Up, ... and Gone?
https://www.garlic.com/~lynn/2008h.html#63 how can a hierarchical mindset really ficilitate inclusive and empowered organization
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What happened in security over the last 10 years? Date: October 19, 2008 10:19 PM Blog: Financial Cryptographyre:
can you say (old thread) "naked transactions" ... my archived posts
https://www.garlic.com/~lynn/subintegrity.html#payments
reference to threads here:
https://financialcryptography.com/mt/archives/000745.html
https://financialcryptography.com/mt/archives/000744.html
https://financialcryptography.com/mt/archives/000747.html
https://financialcryptography.com/mt/archives/000749.html
... referenced blog
http://1raindrop.typepad.com/1_raindrop/2008/07/the-network-firewall-is-a-consensual-hallucination.html
talks about safety of the enterprise domain and use of firewalls and SSL for dealing with outside the safety zone.
the biggest items in the press regarding breach scenarios (and protecting information) have involved information from financial transactions that crooks can use for (other) fraudulent financial transactions.
we had been called into consult with small client/server company that
wanted to do payment transactions on their servers and had this thing
they had invented called SSL they wanted to use. it is frequently now
called electronic commerce. part of that was something called payment
gateway
https://www.garlic.com/~lynn/subnetwork.html#gateway
then in the mid-90s, we were asked to play in the x9a10 financial
standard working group that had been given the requirement to preserve
the integrity of the financial infrastructure for ALL retail
payments. Part of the effort involved detailed end-to-end, threat and
vulnerability studies. The result was x9.59 protocol
https://www.garlic.com/~lynn/x959.html#x959
part of x9.59 meeting the ALL requirement, ALL types of retail payments: credit, debit, stored-value, etc; ALL environments: POS, internet, unattended, contact, contactless, face-to-face, transit turnstyle, etc; and ALL values: low-value, high-value, very high-value, etc.
Part of it involved tweaking the paradigm so that information from previous transactions couldn't be used by crooks for fraudulent transactions (didn't do anything to eliminate breaches, just eliminated the threat from breaches). As it turns out, it also eliminates the major use of SSL in the world (hiding information in financial transactions).
Part of addressing ALL values involved a framework we called
parameterised risk management. Some recent references:
https://www.garlic.com/~lynn/2008o.html#13 What risk of possible data leakage do you see for your organization?
https://www.garlic.com/~lynn/2008o.html#17 what will be a wow feature in a credit card
https://www.garlic.com/~lynn/2008o.html#47 Will cards with PayPass (from MasterCard) be using CHIP & PIN in the future?
https://www.garlic.com/~lynn/2008o.html#60 Biometric Credit cards
https://www.garlic.com/~lynn/2008o.html#64 In your experience which is a superior debit card scheme - PIN based debit or signature debit?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Why is sub-prime crisis of America called the sub-prime crisis? Date: October 20, 2008 Blog: Corporate Deptre:
recent answer about the agencies giving out triple-A ratings to those toxic CDOs.
A couple weeks ago, one of the TV business news shows had a guest from one of the credit rating agencies on to discuss downrating of some companies. The host spent quite a bit of the time attempting to get the guest to taking responsibility for the current crisis.
Poor Performance of Credit Rating Agencies
http://accounting.smartpros.com/x60011.xml
from above:
December 2007 Soon after Merrill Lynch disclosed its $8.4 billion
write-down because of problems with collateralized debt obligations
(CDOs) and other financial instruments relating to subprime mortgages,
the credit rating agencies started downgrading the securities. But,
this is like the proverbial soldier who watches a raging battle from
afar; when the war is over, he proceeds to bayonet the wounded.
... snip ...
the above article makes a point that rating agencies were paid quite a
bit of money for giving triple-A rating to the toxic CDOs ... the
article makes the following point:
Third, on page 42 of the report, the SEC promises to explore whether
these credit rating agencies "should implement procedures to manage
potential conflicts of interest that arise when issuers [pay] for
ratings." Either the SEC did not keep its promise or such actions are
inadequate. Clearly, the credit rating agencies have not responded any
differently to the CDO problem than they did with Enron's
circumstances.
... snip ...
regarding this SEC report:
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Euro value Newsgroups: alt.folklore.computers Date: Tue, 21 Oct 2008 07:31:54 -0400pltrgyst <pltrgyst@spamlessxhost.org> writes:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Addressing Scheme with 64 vs 63 bits Newsgroups: bit.listserv.ibm-main Date: Tue, 21 Oct 2008 07:52:03 -0400hal9001@PANIX.COM (Robert A. Rosenberg) writes:
on return, not only could the calling/return address be restored, but
SPM instruction would also be used to restore the program mask ... aka
from principle of ops SPM programming notes:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dz9zr003/7.5.113?DT=20040504121320
1. Bits 34-39 of the general register may have been loaded from the PSW
by execution of BRANCH AND LINK in the 24-bit addressing mode or by
execution of INSERT PROGRAM MASK in either the 24-bit or 31-bit
addressing mode.
2. SET PROGRAM MASK permits setting of the condition code and the mask
bits in either the problem state or the supervisor state.
3. The program should take into consideration that the setting of the
program mask can have a significant effect on subsequent execution of
the program. Not only do the four mask bits control whether the
corresponding interruptions occur, but the exponent-underflow and
significance masks also determine the result which is obtained.
... snip ...
BAS/BASR were introduced on 360/67 as part of supporting 32bit virtual addressing mode.
retrenching to 370 ... not only was 360/67 32bit virtual addressing dropped ... but also the channel controller for multiprocessor support ... standard 360/67 multiprocessor not only allowed all processors to address all real storage but also all channels.
standard 360 (and later 370) multiprocessor support only allowed two processors to address all of the (same) real storage ... but each processor was limited to only addressing their own, dedicated channels.
some of the 360/67 control registers were also used to "sense" the switches on the channel controller (which governed the multiprocessor configuration settings ... not only for channels but also for real storage) ... these control register definitions were later taken over for "access registers"
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Would anyone like to draw a diagram of effects or similar for the current "credit crisis"? Date: October 29, 2008 Blog: Systems Thinkingre:
One of the problems with being able to unload apparently unlimited amount of subprime loans as triple-A rated toxic CDOs ... was that speculators could pick up a large number of subprime loans. They were "subprime" supposedly because they were suppose to go to low-income, first time home owners .... but no-documentation, no down payment, 1% ARM, with interest only payments made them ideal for speculators (who would plan on flipping the property before the rate adjusted).
These "subprime" mortgages were subpime also in the sense that the introductory interest rate was decoupled from the feds "prime" rate.
Not only did the fed loose their indirect regulatory control of the home owner market i.e. in the past, regulated financial institutions would make the loans from deposits and keep the mortgages on the books (significant incentive to manage the loan quality). Unregulated mortgage originators could use triple-A rated toxic CDOs to fund their operation as well as unload the mortgages nearly as fast as they could be written (eliminating motivation to pay any attention to loan quality).
The introductory rate that would be charged by these subprime mortgages were also "subprime" in the sense that they were decoupled from anything that the FED was doing with the "prime" rate (further distancing what was going on in the home market from any of the standard controls available to the FED).
oh ... in the past, I've drawn the parallel between the use of triple-A rated toxic CDOs to bypass traditional infrastructure mechanisms (attempting to prevent things from running wild and eventually self-destructing) ... with work i started as undergraduate in the 60s on dynamic adaptive feedback resource controls (my undergraduate work even shipping in the virtual machine vendor product).
example is archived post from last summer in the financial
cryptography blog:
https://www.garlic.com/~lynn/2008k.html#10 Why do Banks lend poorly in the sub-prime market?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: In light of the recent financial crisis, did Sarbanes-Oxley fail to work? Date: October 21, 2008 Blog: Equity MarketsTwo parts
1) toxic CDOs being given triple-A rating 2) financials that institutions were using to buy these triple-A rated toxic CDOs.
recent answer here
http://www.linkedin.com/answers/financial-markets/equity-markets/MKT_EQU/346092-4671342
about SOX requiring SEC to evaluate the credit rating agencies
(reference to Jan2003 SEC study) .... and possibly whether or not SEC
followed through as required by SOX. other recent references:
https://www.garlic.com/~lynn/2008o.html#68 Blinkenlights
https://www.garlic.com/~lynn/2008o.html#71 Why is sub-prime crisis of America called the sub-prime crisis?
A couple weeks, one of the TV business news shows had a guest from one of the rating agencies on to discuss downgrading some companies. The host spent much of the program trying to get the guest to take responsibility for the current crisis.
On the side of institutions purchasing these triple-A rated toxic CDOs
... there is this recent observation:
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
....
similar discussion by SanFran FED in 2000 about short/long mismatch
funding:
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
and discussion from a year ago about short/long mismatch in the
current crisis:
http://www.forbes.com/entrepreneursfinance/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.htm
similar recent references:
https://www.garlic.com/~lynn/2008o.html#51 Why are some banks failing, and others aren't?
https://www.garlic.com/~lynn/2008o.html#52 Why is sub-prime crisis of America called the sub-prime crisis?
https://www.garlic.com/~lynn/2008o.html#62 Would anyone like to draw a diagram of effects or similar for the current "credit crisis"?
https://www.garlic.com/~lynn/2008o.html#65 Can the financial meltdown be used to motivate sustainable development in order to achieve sustainable growth and desired sustainability?
Toxic CDOs were used two decades ago during the S&L crisis to obfuscate underlying values and unload properties that probably wouldn't sell otherwise.
The part of SOX that is more familiar is financial statements of public companies. GAO has been doing database of increasing number of financial restatements (in spite of SOX). Basically the financials are inflated and the executives take bonuses based on the inflated financials. Later, the financials may be restated ... but the bonuses aren't forfeited. Example was that in 2004, freddie was fined $400m for $10b inflation in statements; the CEO was replaced, but kept tens (hundred?) million in bonuses. A few weeks ago, Warren Buffett had commented that he had been the largest freddie shareholder in 2000-2001 ... but got completely out because of their accounting practices.
A couple years ago, I talked at a european financail conference that SOX wasn't going to affect such determined financial fiddling.
somewhat related articles:
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Blinkenlights Newsgroups: alt.folklore.computers Date: Tue, 21 Oct 2008 14:08:20 -0400Morten Reistad <first@last.name> writes:
one of the big problems in much of the current retail transaction environment is that knowledge of the account number is needed for push transactions ... but is also sufficient for a pull transactions (one of the nigerian scams, tjeu need your account number in order to transfer you $25m ... they then drain your account).
I've mentioned before work in x9a10 financial standard working group which in the mid-90s, had been given the requirement to preserve the integrity of the financial infrastructure for ALL retail payments. This is ALL retail , as in ALL credit, debit, stored-value, check, ACH, etc; as in ALL POS, internet, unattended, face-to-face, mobile, transit, contract, contactless, etc; and as in ALL low-value, medium-value, high-value, etc.
Part of this invovled detailed, end-to-end threat and vulnerability
studies of the environments ... which eventually resulted in x9.59
financial transaction standard
https://www.garlic.com/~lynn/x959.html#x959
Along the way, we even wrote a couple paragraphs for early drafts of what, at the time, was called SWIFT-2.
We also talked to FEDWIRE. Turns out that FEDWIRE had 100percent availability for several yrs and attributed it primarily to:
which, except for IMS hot-standby (at the time), didn't see a lot of uptake unitl sysplex.
In much of the current infrastructure, knowing the account number is sufficient for a crook to perform a fraudulent transaction. We've tried using a number of metaphors to describe the current infrastructure (fixed by x9.59):
• dual-use vulnerability metaphor
account number is required in a large number of different business processes and is required to be readily available. at the same time the account number has to be kept strictly confidential and never divulged to anybody (not even those needing it for business processes, since insiders have repeatedly been shown to be the major source of insider theft). we've claimed that even if the planet was buried under miles of information hiding encryption, that it wouldn't be sufficient to prevent information leakage.
• security proportional to risk metaphor
to the merchant, knowledge of the account number is worth some percent of the profit off the transaction; that same knowledge for the crook, is worth the account balance/credit-limit. as a result, the crook may be able to outspend by a factor of 100 times attacking the system (as the merchant can afford to spend protecting the system).
• naked transaction metaphor
lots of archived blog activity & posts
https://www.garlic.com/~lynn/subintegrity.html#payments
===
One of the biggest issues with x9.59 financial standard is that it commoditicises much of the payment transaction business
... being a single comprehensive protocol that is lightweight enough for very low-value transactions but with super strong integrity for the highest-value transactions ... while also eliminating most of the current threats and vulnerabilities ... and applicable to all environments and types of payments.
For instance, x9.59 doesn't do anything about preventing all the data breaches that have been in the news over the past several years ... but it eliminates the threats of fraudulent transactions from such data breaches (which also eliminates most of the crook's motivation for making data breaches).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: PDP-1 Spacewar! program internals Newsgroups: alt.folklore.computers,rec.games.video.arcade.collecting Date: Tue, 21 Oct 2008 14:36:11 -0400later on in the 60s, somebody at the science center (4th flr, 545 tech sq) ported it to 2250-4 (i.e. 1130 with 2250). my kids (pre-teen) would play sometimes on weekends ... keyboard split left/right for two players. I don't know of where any versions might be.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Who murdered the financial system? Date: October 22, 2008 Blog: Currency MarketsIn real time, congressional hearings are putting the blame on credit rating agencies.
long-winded, decade old post discussing some of the current problems
... including needing (accurate) visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm
Toxic CDOs were used two decades ago during the S&L crisis to obfuscate underlying value and unload.
Subprime mortgages were supposedly targeted at low-income home buyers. However, mortgage originators found that when they were able to get triple-A ratings on toxic CDOs ... they basically could unload all the mortgages they could possibly write at a very nice premium. The use of triple-A rated toxic CDOs significantly expanded the funding for writing subprime loans, far beyond the orignal intended markets. Speculators found that they could pick up (subprime) no-documentation, no-down payment, 1-2percent interest rate ARM with interest only payments .... and treat the home owner market like the unregulated 1920s stock market.
The claim is that the subprime mortgage orginators would never have been able to write all those subprime mortgages w/o nearly unlimited funding by getting triple-A rating on those toxic CDOs.
Say a speculator picks up a $500k home with one of those loans and plans on flipping it in a year for $600k. The carrying cost with a 1% subprime is $5k, possibly get a real estate agent to handle the flip for 3% total ... total out of pocket is around $20k for $100k return ... 500 percent ROI. The speculation and the huge inflation is bad ... but it wouldn't have been possible w/o the unregulated mortgage originators being able to fund the subpime mortgage mill using triple-A rated toxic CDOs.
A few weeks ago, one of the TV business shows had on a guest from one of the rating agencies to talk about down rating of some companies. The host spent much of the show trying to get the guest to admit to being responsible for the current crisis.
On the other side (speculators buying all the subprime loans), there
was the financial methods all the investment banks (and/or intestment
banking arms of regulated financial i institutions) buying up all
these triple-A rated toxic CDOs ... recent comment:
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
actually $5k mortgage payments over a year ... is more like $2.5k avg
out-of-pocket for the period of the year. rather than treating the
$15k real estate agent fee as part of investment ... treat as cost
... so only clears $85k after a year. So for an avg. investment of
$2.5k for the year ... have a $85k ROI on the $2.5k investment.
For pathological speculation case, have the speculator even borrow the mortgage payments ... so there is only the interest payments on the borrowing of mortgage interest payments. This is getting into "heavy leveraged" analogous to what the institutions were doing on the other side of the toxic CDOs and their triple-A ratings.
recent question/answer referencing the two sides with triple-A rating
on toxic CDOs in the middle; unregulated mortgage originators and
speculations treating home owner martket like the 1920s unregulated
stock market on one side ... and the unregulated investment banks (and
investment banking arms of regulated banking ... courtesy of the
Glass-Steagall repeal) heavily leveraged and playing long/short game
on the other side.
http://www.linkedin.com/answers/finance-accounting/corporate-debt/FIN_CDT/344064-28994563
and
https://www.garlic.com/~lynn/2008o.html#52 Why is sub-prime crisis of America called the sub-prime crisis?
One can claim that there are a variety of individual areas that all contributed to the current financial crisis. For decades/centuries, the individual areas have been understood to be their separate areas of greed and corruption (toxic CDOs, real estate speculation, heavy leveraged borrowing, long/short mismatch, etc).
The current issue is a combination of
• regulation relaxing (both repeal of regulations like Glass-Steagall
and in other cases failing to enforce regulations)
• toxic CDOs getting triple-A ratings
the relaxing of regulations allowed all the individual (greed and
corruption) brush fires to combine into one large fire (another
analogy is eliminating bulkheads in ships). the triple-A ratings (for
toxic CDOs) then provided huge amounts of accelerant to turn the blaze
into an enormous firestorm (think Dresden ... but spanning much of the
country).
there was a report about fires in cal. state mountain valleys. the claim was that policy of putting out all fires allowed excessive amounts of undergrowth to accumulate; to the point that it would fuel environmental disastrous fires. the claim was that there was evidence that prior to Europeans, the local inhabitants would purposefully start fires in these valleys every couple generations ... when the undergrowth became too thick (small fires wouldn't take out the trees, but letting too much undergrowth accumulate would result in fire that destroyed everything).
the somewhat loose corollary was that in the wake of the S&L crisis, the claim was made that strongly regulated financial industry became very vulnerable when regulations were relaxed. the issue supposedly was the strong regulation allows the financial industry to become populated by large number of (greedy) individuals that weren't required to know what they were doing ... they just did what the regulations told them to do. then when regulations were relaxed, they became fat prey for predators (who did "understand").
relaxing of regulations enabled all the small greed & corruption fires to combine into single fire. however, that still wouldn't have resulted in a firestorm without the triple-A ratings on toxic CDOs.
recent threads mentioning credit rating agencies:
https://www.garlic.com/~lynn/2008j.html#68 lack of information accuracy
https://www.garlic.com/~lynn/2008j.html#71 lack of information accuracy
https://www.garlic.com/~lynn/2008o.html#52 Why is sub-prime crisis of America called the sub-prime crisis?
https://www.garlic.com/~lynn/2008o.html#68 Blinkenlights
https://www.garlic.com/~lynn/2008o.html#71 Why is sub-prime crisis of America called the sub-prime crisis?
https://www.garlic.com/~lynn/2008o.html#75 In light of the recent financial crisis, did Sarbanes-Oxley fail to work?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What emerging risks are exposed with a shift from paper to electronic retail payments? Date: October 22, 2008 Blog: Risk ManagementElectronic data breaches will frequently involve significantly more records than paper data breaches.
After having been called in to work with small client/server startup that wanted to payments on their server (& they had invented this technology SSL, they wanted to use), in the mid-90s, we were asked to participate in the x9a10 financial standard working group which had been given the requirement to preserve the integrity of the financial infrastructure for ALL retail payments.
This was ALL retail , as in ALL credit, debit, stored-value, check, ACH, etc; as in ALL POS, internet, unattended, face-to-face, mobile, transit, contract, contactless, etc; and as in ALL low-value, medium-value, high-value, etc.
Part of the effort involved doing detailed, end-to-end, threat and
vulnerability studies and the effort resulted in x9.59 financial
standard
https://www.garlic.com/~lynn/x959.html#x959
The majority of data breaches that have been in the news have involved respositories of retail financial transaction information. The threat from the data breaches involve crooks being able to use the information from financial transactions to perform fraudulent transactions. The x9.59 financial standard protocol did nothing about preventing the data breaches ... but it does slightly change the paradigm, eliminating the threat of using data breach information for fraudulent transactions (and therefor the value of the information to crooks).
Recent post discussing the existing electronic retail payment data
breach threat and the x9.59 protocol eliminating the threat (doesn't
address breaches, but the threat from the breaches)
https://www.garlic.com/~lynn/2008o.html#76
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Can we blame one person for the financial meltdown? Date: October 23, 2008 Blog: Financial RegulationYesterday, congressional hearings are putting the blame on credit rating agencies.
long-winded, decade old post discussing some of the current problems
... including needing (accurate) visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm
Toxic CDOs were used two decades ago during the S&L crisis to obfuscate underlying value and unload at premium
Subprime mortgages were supposedly targeted at low-income home buyers. However, mortgage originators found that when they were able to get triple-A ratings on toxic CDOs ... they basically could unload all the mortgages they could possibly write at a premium. The use of triple-A rated toxic CDOs significantly expanded the funding for writing subprime loans, far beyond the original intended markets. Speculators found that they could pick up (subprime) no-documentation, no-down payment, 1-2percent interest rate ARM with interest only payments .... and treat the home owner market like the unregulated 1920s stock market.
The claim is that the subprime mortgage originators would never have been able to write all those subprime mortgages w/o nearly unlimited funding that became possible with getting triple-A rating on the toxic CDOs.
A few weeks ago, one of the TV business shows had on a guest from one of the rating agencies to talk about down rating of some companies. The host spent much of the show trying to get the guest to admit to being responsible for the current crisis.
On the other side (speculators buying all the subprime loans), there
was the financial methods all the investment banks (and/or intestment
banking arms of regulated financial i institutions) buying up all
these triple-A rated toxic CDOs ... recent comment:
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
related answers here:
http://www.linkedin.com/answers/finance-accounting/corporate-debt/FIN_CDT/344064-28994563
http://www.linkedin.com/answers/financial-markets/currency-markets/MKT_CUR/348304-31790229
also here:
https://www.garlic.com/~lynn/2008o.html#52 Why is sub-prime crisis of America called the sub-prime crisis?
https://www.garlic.com/~lynn/2008o.html#78 Who murdered the financial system?
There was business school article from last spring that estimated approx. 1000 executives are responsible for 80% of the current credit crisis and it would go a long way to fixing the problem if the gov. could figure out how they could loose their jobs.
Greenspan testimony in real-time also says triple-A ratings on (subprime mortgage backed) toxic CDOs.
In the past, home owner market was somewhat indirectly regulated because regulated financial institutions would originate the mortgages using deposits. They would also retain the mortgages so there was significant motivation to pay attention to mortgage quality.
Unregulated mortgage originators could leverage the triple-A rating on toxic CDOs to both fund their operations as well as immediately unload all the mortgages nearly as fast as they could write them. This eliminated nearly all motivation to pay any attention to quality.
The use of toxic CDOs two decades ago during the S&L crisis had much smaller market ... and so use as funding source and impact was much smaller. It was still viewed as problem ...as per the long-winded decade old post. Being able to get triple-A ratings on toxic CDOs greatly expanded the market.
One can claim that there are a variety of individual areas that all contributed to the current financial crisis. For decades/centuries, the individual areas have been understood to be their separate areas of greed and corruption (toxic CDOs, real estate speculation, heavy leveraged borrowing, long/short mismatch, etc).
The current issue is a combination of
• regulation relaxing (both repeal of regulations like Glass-Steagall
and in other cases failing to enforce regulations)
• toxic CDOs getting triple-A ratings
the relaxing of regulations allowed all the individual (greed and
corruption) brush fires to combine into one large fire (another
analogy is eliminating bulkheads in ships). the triple-A ratings (for
toxic CDOs) then provided huge amounts of accelerant to turn the blaze
into an enormous firestorm (think Dresden ... but spanning the whole
country).
there was a report about fires in cal. state mountain valleys. the claim was that policy of putting out all fires allowed excessive amounts of undergrowth to accumulate; to the point that it would fuel environmental disastrous fires. the claim was that there was evidence that prior to Europeans, the local inhabitants would purposefully start fires in these valleys every couple generations ... when the undergrowth became too thick (small fires wouldn't take out the trees, but letting too much undergrowth accumulate would result in fire that destroyed everything).
the somewhat loose corollary was that in the wake of the S&L crisis, the claim was made that strongly regulated financial industry became very vulnerable when regulations were relaxed. the issue supposedly was the strong regulation allows the financial industry to become populated by large number of (greedy) individuals that weren't required to know what they were doing ... they just did what the regulations told them to do. then when regulations were relaxed, they became fat prey for predators (who did "understand").
relaxing of regulations enabled all the small greed & corruption fires to combine into single fire. however, that still wouldn't have resulted in a firestorm without the triple-A ratings on toxic CDOs.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: How security audits, vulnerability assessments and penetration tests differ? Date: October 23, 2008 Blog: AuditingOne of the things I use our knowledge tools for is doing merged taxonomies and glossaries.
one is merged security taxonomy and glossary
https://www.garlic.com/~lynn/secure.htm
"penetration testing" (from NIST 800-115):
Security testing in which evaluators mimic real-world attacks to
attempt to identify methods for circumventing the security features of
an application, system, or network. Penetration testing often involves
issuing real attacks on real systems and data, using the common tools
and techniques used by attackers. Most penetration tests involve
looking for combinations of vulnerabilities on a single system or
multiple systems that can be used to gain more access than could be
achieved through any single vulnerability.
"security audit" (from NIST 800-82):
Independent review and examination of a system's records and
activities to determine the adequacy of system controls, ensure
compliance with established security policy and procedures, detect
breaches in security services, and recommend any changes that are
indicated for countermeasures.
"vulnerability assessment" (GAO report 06-691):
The identification of weaknesses in physical structures, personal
protection systems, processes or other areas that may be exploited. A
vulnerability assessment identifies inherent states and the extent of
their susceptibility to exploitation relative to the existence of any
countermeasures.
....
penetration testing & vulnerability assessment are more focused on identifying weaknesses. security audit includes looking at compensating procedures and countermeasures (for weaknesses)
Somewhat example in this QA:
What emerging risks are exposed with a shift from paper to electronic
retail payments?
http://www.linkedin.com/answers/finance-accounting/risk-management/FIN_RMG/348646-17020110
also here:
https://www.garlic.com/~lynn/2008o.html#79 What emerging risks are exposed with a shift from paper to electronic
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Greenspan testimony and securization Date: October 23, 2008 Blog: Derivatives MarketsGreenspan, Cox tell Congress that bad data hurt Wall Street's computer models
somewhat glosses over whether or not it was done on purpose ...
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
related answers here
http://www.linkedin.com/answers/financial-markets/currency-markets/MKT_CUR/348304-31790229
http://www.linkedin.com/answers/finance-accounting/financial-regulation/FIN_FRG/344874-2322797
and archived here:
https://www.garlic.com/~lynn/2008o.html#78 Who murdered the financial system?
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
long winded, decade old post discussing some of the current problems,
including requirement for visibility into CDO-like instruments
https://www.garlic.com/~lynn/aepay3.htm#riskm
Toxic CDOs had been used two decades ago in the S&L crisis to obfuscate the underlying values .... so it wasn't like the problem wasn't understood and known.
Nearly all the individual parts of the current crisis had been well
known ... some even for centuries. For instance recent quote about
short/long mismatch:
Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
....
article from 2000 by san fran FED about short/long mismatch problems
in the 90s.
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
To great extent, regulations had kept all the individual hot beds of greed and corruption separated. Relaxation of regulations contributed significantly to the separate/isolated problems turning into systemic firestorm.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> To: cryptography@xxxxxxx Subject: Re: Chip-and-pin card reader supply-chain subversion 'has netted millions from British shoppers' Date: Fri, 24 Oct 2008 10:22:43 -0400re:
some of the strategies to obfuscate fraudulent terminal clones, as the
source of information, get more sophisticated than mentioned in article
(as countermeasures to industry techniques to identify patterns to
track back to compromised/counterfeit terminals that are skimming
info). fraudulent clones have not only be used to skim for magstripe
for counterfeit magstripe cards ... but also for counterfeit yes
cards. misc. past posts mentioning chip yes cards
https://www.garlic.com/~lynn/subintegrity.html#yescards
some of the comments may be misdirection. there was large scale counterfeit POS terminal case in europe in mid-90s involving a couple million investment and a couple unemployed scientists ... more expertise/resources than available to most highschool dropouts .. but well within the capability of small to medium sized criminal organization.
....
now, doesn't seem likely that (our own) gov. agencies need to manipulate the market in that way ... just have the printing presses run a little longer.
a more likely scenario is the people on wallstreet (and/or other gov) ... chasing bonuses, commissions, illegal short sales, etc.
recent temporary ban on short sales ... somewhat ignored huge amount of illegal short sales not being prosecuted (somewhat analogous to the penny stock pump&dump scams that are periodically shutdown, except all the hype/rumors/fabrication is downward pressure rather than upward pressure). following claims that the illegal activity is widespread ...
CRAMER REVEALS A BIT TOO MUCH
http://nypost.com/2007/03/20/cramer-reveals-a-bit-too-much/
from above:
He added that the strategy - while illegal - was safe enough because,
"the Securities and Exchange Commission never understands this."
... snip ...
recent testimony by Greenspan and Cox used the term "bad data" fed to
computers
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117961
... which sort of glosses over whether it was done on purpose; one of the least critical articles about wallstreet practices:
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
A couple weeks ago, CSPAN had on guest that mentioned that during the congressional session that repealed Glass-Steagall, the financial industry had contributed $250m to congress ... but that had increased to $2B in the most recent session that approved the $700B wallstreet bailout (supposedly those that voted for the bill received 45% more in contributions than those that voted against).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70