From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: comp.sys.sun.hardware,alt.folklore.computers Date: Thu, 01 Jan 2009 12:55:27 -0500re:
i've mentioned before the HONE system
https://www.garlic.com/~lynn/subtopic.html#hone
... which started out after 23jun69 unbundling announcement as "Hands-On
Network Environment" ... virtual machine cp67 systems in a number of
(U.S.) datacenters to provide "hands-on" operating system experience for
system engineers in branch offices. the science center
https://www.garlic.com/~lynn/subtopic.html#545tech
had also ported apl\360 to cp67/cms for cms\apl ... and a number of APL-based applications were developed for sales & marketing support ... which were deployed on HONE. The sales & marketing support applications quickly came to dominate all HONE use and the "hands-on" aspect withered away.
HONE datacenter (sales & marketing) fairly early started to be cloned in other parts of the world (more from the stand-point of local connectivity) ... in the early 70s I got to do some of them ... when EMEA hdqtrs moved from the U.S. to Paris ... and when local national operation in Japan created one in Tokyo.
In the mid-70s, the various U.S. HONE datacenters were consolidated at one location in Cal. ... and a high-availability (aka mainframe loosely-coupled) installation evolved (multiple loosely-coupled SMP processors sharing large common pool of disks) ... supporting load-balancing and fall-over across the systems in the complex (I've commented before that it was possibly the largest single-system-image operation at the time in the late 70s ... which had nearly 40,000 defined "users" at the time).
In the early 80s ... the Cal. HONE datacenter was first replicated in Dallas then with a 3rd in Boulder ... with load-balancing and fall-over. This was for disaster survivability ... for various kinds of natural disasters (including Cal. earthquakes).
Later when we were doing HA/CMP and cluster scale-up ... old post
mentioning meeting in Jan92
https://www.garlic.com/~lynn/95.html#13
two of the people at the Jan92 meeting later left and joined a small client/server startup responsible for something called "commerce server". We were called in to consult because they wanted to do payment transactions on the server ... the startup also had invented this technology called SSL they wanted to us. The activity is now frequently referred to as "electronic commerce".
Part of the effort involved deploying something called a "payment
gateway" ... that handled payment transactions between (web) servers and
financial transaction infrastructure.
https://www.garlic.com/~lynn/subnetwork.html#gateway
The effort included defining a lot of compensating processes and procedures for internet environment ... trying to approximate what large commercial companies got with having multiple private telco links into financial transaction processor i.e. approx. telco provisioning, diverse routing, etc.
Also lots of these operations were use to having SLA ... aka service level agreements ... which weren't available from ISPs of the period ... so part of the compensating procedures was high levels of redundancy, diverse routing, etc. A typical SLA for commercial customer with dedicated link into financial processor would include continuous, active monitoring with trouble desk being able to do first level problem determination within five minutes (i.e. the financial processor service center would be polling the commerical customer transaction box every couple minutes).
Early in pilot with the "payment gateway", a merchant reported problem with webserver not being able to contact the "payment gateway". After, 3hrs, the trouble desk reported "no trouble found" (NTF). Part of compensating procedures for migrating to internet environment was additional software logging, as well as redundant operation and diagnostic procedures (attempting to reach objective of trouble desk being able to do first level problem determination within five minutes). In that period, we would periodically make the claim that taking a well designed, tested and debugged application and turning it into a "service" requires 4-10 times the original effort.
For some recent "electronic commerce" topic drift ... a couple recent
posts regarding SSL infrastructure integrity:
https://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
... and past posts mentioning 4-10 times effort for turning application
into a "service":
https://www.garlic.com/~lynn/aadsm9.htm#cfppki10 CFP: PKI research workshop
https://www.garlic.com/~lynn/aadsm25.htm#37 How the Classical Scholars dropped security from the canon of Computer Science
https://www.garlic.com/~lynn/aadsm27.htm#48 If your CSO lacks an MBA, fire one of you
https://www.garlic.com/~lynn/2001f.html#75 Test and Set (TS) vs Compare and Swap (CS)
https://www.garlic.com/~lynn/2001n.html#91 Buffer overflow
https://www.garlic.com/~lynn/2001n.html#93 Buffer overflow
https://www.garlic.com/~lynn/2002b.html#59 Computer Naming Conventions
https://www.garlic.com/~lynn/2002n.html#11 Wanted: the SOUNDS of classic computing
https://www.garlic.com/~lynn/2003g.html#62 IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM
https://www.garlic.com/~lynn/2003j.html#15 A Dark Day
https://www.garlic.com/~lynn/2003p.html#37 The BASIC Variations
https://www.garlic.com/~lynn/2004b.html#8 Mars Rover Not Responding
https://www.garlic.com/~lynn/2004b.html#48 Automating secure transactions
https://www.garlic.com/~lynn/2004k.html#20 Vintage computers are better than modern crap !
https://www.garlic.com/~lynn/2004l.html#49 "Perfect" or "Provable" security both crypto and non-crypto?
https://www.garlic.com/~lynn/2004m.html#51 stop worrying about it offshoring - it's doing fine
https://www.garlic.com/~lynn/2004p.html#23 Systems software versus applications software definitions
https://www.garlic.com/~lynn/2004p.html#63 Systems software versus applications software definitions
https://www.garlic.com/~lynn/2004p.html#64 Systems software versus applications software definitions
https://www.garlic.com/~lynn/2005b.html#40 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005i.html#42 Development as Configuration
https://www.garlic.com/~lynn/2005n.html#26 Data communications over telegraph circuits
https://www.garlic.com/~lynn/2006n.html#20 The System/360 Model 20 Wasn't As Bad As All That
https://www.garlic.com/~lynn/2007f.html#37 Is computer history taught now?
https://www.garlic.com/~lynn/2007g.html#51 IBM to the PCM market(the sky is falling!!!the sky is falling!!)
https://www.garlic.com/~lynn/2007h.html#78 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007n.html#10 The top 10 dead (or dying) computer skills
https://www.garlic.com/~lynn/2007n.html#76 PSI MIPS
https://www.garlic.com/~lynn/2007n.html#77 PSI MIPS
https://www.garlic.com/~lynn/2007o.html#23 Outsourcing loosing steam?
https://www.garlic.com/~lynn/2007p.html#54 Industry Standard Time To Analyze A Line Of Code
https://www.garlic.com/~lynn/2007v.html#53 folklore indeed
https://www.garlic.com/~lynn/2008e.html#41 IBM announced z10 ..why so fast...any problem on z 9
https://www.garlic.com/~lynn/2008e.html#50 fraying infrastructure
https://www.garlic.com/~lynn/2008e.html#53 Why Is Less Than 99.9% Uptime Acceptable?
https://www.garlic.com/~lynn/2008i.html#33 Mainframe Project management
https://www.garlic.com/~lynn/2008n.html#20 Michigan industry
https://www.garlic.com/~lynn/2008n.html#35 Builders V. Breakers
https://www.garlic.com/~lynn/2008p.html#48 How much knowledge should a software architect have regarding software security?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: comp.sys.sun.hardware,alt.folklore.computers Date: Thu, 01 Jan 2009 13:21:10 -0500Morten Reistad <first@last.name> writes:
there were single-site "availability" configurations from the 60 & 70s ... but geographic distributed operations didn't really come into being until high bandwidth, long-haul became more practical & economically feasible.
there were various loosely-coupled/cluster configurations from the 60s &
70s ... and some specialized software ... like the FAA air traffic
control system ... recent mention
https://www.garlic.com/~lynn/2008s.html#71 Is SUN going to become x86'ed ??
another was ACP (airline control program) which were used for world-wide reservation systems. In the late 70s, there started to be some uptake of ACP by some financial transaction networks ... and as part of that move into new market segment resulted in renaming ACP to TPF (transaction processing facility). But these were frequently (high availability, bunkered, telco provisioned) single-site.
geographic disaster/recovery is where SBS attempted to move in the very late 70s and early 80s with (higher bandwidth) satellite communication.
somewhat implied here ... IMS (also heavily used in financial arena)
moved into more formal hot-standby in the early 80s (as opposed to more
manual fall-over)
https://www.garlic.com/~lynn/2007.html#email801016
in this post
https://www.garlic.com/~lynn/2007.html#1 "The Elements of Programming Style"
however, it was more into this century that started to see geographic
dispersed parallel sysplex ... which also accounted for objections to
our contribution for corporation continuous availability strategy
document more than a decade earlier. as previously mentioned here
https://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??
we had coined the terms geographic survivability and disaster
survivability when we were out marketing HA/CMP in the early 90s (as
differentiation with disaster/recovery).
https://www.garlic.com/~lynn/submain.html#available
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: comp.sys.sun.hardware,alt.folklore.computers Date: Thu, 01 Jan 2009 14:31:33 -0500Morten Reistad <first@last.name> writes:
somewhat the differentiation between high availability systems of the 60s, 70s, and early 80s ... with later systems ... were that the earlier HA systems tended to have a lot of custom, RYO (roll-your-own) ... i.e. customized implementations ... it was later that started to see its move into standard commercial offerings. part of this was wider availability of economical higher bandwidth connections.
Earlier operations tended to be high availability in local datacenter ... and any remote datacenters tended to be disaster/recovery most commonly done with backup tapes.
another aspect was hardware becoming much more reliable ... so the
remaining types of failure modes & outages were due to software,
environmental factors and human errors ... as mentioned in comment about
100% availability
https://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??
one of the first published studies of this change was by Jim while
he was at Tandem ... this was one of the things discussed at the
celebration for Jim held last May (i.e. Tandem backing the study
... even though their business was predicated on replicated hardware):
https://www.garlic.com/~lynn/2008i.html#50 Microsoft versus Digital Equipment Corporation
https://www.garlic.com/~lynn/2008i.html#51 Microsoft versus Digital Equipment Corporation
https://www.garlic.com/~lynn/2008l.html#88 Book: "Everyone Else Must Fail"
https://www.garlic.com/~lynn/2008p.html#6 SECURITY and BUSINESS CONTINUITY
https://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: alt.folklore.computers Date: Thu, 01 Jan 2009 17:22:04 -0500Morten Reistad <first@last.name> writes:
HA/CMP scale-up ... as mentioned here
https://www.garlic.com/~lynn/95.html#13
and this old email
https://www.garlic.com/~lynn/lhwemail.html#medusa
got transferred and announced specifically for numerical intensive scale-up ... so it had less immediate impact on commercial.
in the mid-90s, there were number of cluster manager and distributed lock manager activities ... so it might be hard to show direct descendent vis-a-vis just influences (i.e. how much RS/6000 AIX HA/CMP was directly copied or just used HA/CMP as an example).
there is folklore that one of the RDBMS vendors (that we worked with) ... did reverse-engineer the HA/CMP distributed lock manager and started offering their high-availability (& cluster, aka concurrent execution, not just simple fall-over) RDBMS on other vendor unix platforms.
there are also cases of (corporate) people that we worked with in HA/CMP showing up on other (availability) projects ... including at other vendors.
i had tried to make nearly all the ha/cmp pieces "posix" complient ... so it would have been relatively straight-foward to port &/or translate into other environments.
ha/cmp project also "outsourced" and/or used external consultants for a
lot of the work, for instance, one of the "consultants" that was hired
to do some work on HA/CMP geographically distributed file system was
from Harvard (at the time) ... but had earlier been at Berkeley and
worked on unix fast file system and log structure file system. for
topic drift, outsourcing mentioned in other parts of this thread:
https://www.garlic.com/~lynn/2008s.html#71 Is SUN going to become x86'ed ??
in the mainframe arena there has been lots of RAS work down through the yrs ... hardware as well as software ... including both VM and MVS systems. In the 90s there was also big uptake of Linux in mainframe VM virtual machines ... so there were corporate Linux product on both mainframe platforms as well as RISC platforms (which reasonably could assume for there to be influence from both traditional mainframe RAS as well as HA/CMP).
one of the things I had worked on in the early 90s as part of HA/CMP distirbuted lock manager scale-up ... was piggy-backing direct cache-to-cache transfer of records ... w/o first writing to disk "home" location. The issue was that each member of a cluster had their own private transaction logs. In the case of power-outage and then restart ... a DBMS record might have several committed transactions that appeared in multiple different log records, in order to correctly recover required that the log records be replayed in the original temporal sequence (i.e. single logs can be replayed sequentially, but merging multiple logs in original temporal sequence during recovery can be trickier ... w/o fine-resolution global clock mechanism across the whole infrastructure). a lot of organizations were apprehensive about such implementation ... so didn't see much deployment until a decade later.
old post mentioning 40,000 linux virtual machine images running under
vm ... with vm running in relatively "small", test LPAR:
https://www.garlic.com/~lynn/2002b.html#36 windows XP and HAL: The CP/M way still works in 2002
an older linux under VM post:
https://www.garlic.com/~lynn/99.html#191 Merced Processor Support at it again
for other RAS topic drift ... past posts about getting to play
disk engineer in bldgs. 14 & 15.
https://www.garlic.com/~lynn/subtopic.html#disk
part of that was rewriting operating system I/O subsystem to make it bullet proof for the disk engineering development & test environment. They were running stand-alone, mainframe "bare" machine dedicated time ... with primitive tools (one device testing at a time). They had tried operating under MVS ... but found it to have 15mins MTBF (test & development devices did all sorts of "bad" things). I got things so they could "on-demand" test several devices concurrently in operating system environment (significantly improving productivity).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: comp.sys.sun.hardware,alt.folklore.computers Date: Fri, 02 Jan 2009 10:23:00 -0500Morten Reistad <first@last.name> writes:
in the decade earlier incident at the wtc, there was a disaster/recovery datacenter (on lower floor) that was taken out. by itself that wasn't too bad ... but then there was a major financial transaction datacenter in NJ (included handling large number of ATM machines in the US) was taken out when its roof collapse from snow loading ... and its disaster/recovery site was no longer there; instead of hrs recovery ... it was days.
misc. past posts mentioning the early 90s incident:
https://www.garlic.com/~lynn/99.html#145 Q: S/390 on PowerPC?
https://www.garlic.com/~lynn/2001j.html#43 Disaster Stories Needed
https://www.garlic.com/~lynn/2002.html#44 Calculating a Gigalapse
https://www.garlic.com/~lynn/2008i.html#17 Does anyone have any IT data center disaster stories?
old post mentioning bunkered, hardened datacenter
https://www.garlic.com/~lynn/2002m.html#5 Dumb Question - Hardend Site ?
and a couple old posts discussing systemic risk issues
with certain kinds of facilities:
https://www.garlic.com/~lynn/98.html#41 AADS, X9.59, & privacy
https://www.garlic.com/~lynn/aadsm2.htm#availability A different architecture? (was Re: certificate path
which included consideration of this most recent activity
https://www.garlic.com/~lynn/2008s.html#76 Boofins bust web authentication with game consoles
https://www.garlic.com/~lynn/2008s.html#78 Boofins bust web authentication with game consoles
including countermeasures for both above ground (black helicopters above the roof) and below ground approaches.
other trivia & topic drift ... large (customer) mainframe datacenter
that footed the R&D costs of the major PDU vendor to get enhancements
(i.e. handles switching when there is power failure to batteries until
the generators are up and then switch to the generators):
https://www.garlic.com/~lynn/2000b.html#85 Mainframe power failure
https://www.garlic.com/~lynn/2001.html#61 Where do the filesystem and RAID system belong?
https://www.garlic.com/~lynn/2002g.html#62 ibm icecube -- return of watercooling?
I've periodically mentioned security proportional to risk and a
industrial espionage legal case in silicon valley in the early 80s. The
claim was for several billion in damages ... based on theft of
unannounced product info. The amount was additional revenue a clone
controller might earn by having a product ready to ship on same day as
availability of the "original" ... vis-a-vis the delay having to obtain
an original product and reverse engineer it in order to come up with a
clone. The court effectively said that if the information was so
valuable ... had to show/demonstrate security measures proportional
to value/risk (trivial analogy are fences around swimming pools to keep
out minors). Lots of past posts with references .... while some amount of
countermeasures are against outsiders ... the majority of
really serious attacks have been always been insiders ... including a
lot of activity that plays significant role in the current financial
crisis:
https://www.garlic.com/~lynn/aepay7.htm#netbank net banking, is it safe?? ... power to the consumer
https://www.garlic.com/~lynn/aepay7.htm#netbank2 net banking, is it safe?? ... security proportional to risk
https://www.garlic.com/~lynn/aepay7.htm#netsecure some recent threads on netbanking & e-commerce security
https://www.garlic.com/~lynn/aadsm10.htm#cfppki13 CFP: PKI research workshop
https://www.garlic.com/~lynn/aadsm10.htm#bio6 biometrics
https://www.garlic.com/~lynn/aadsm11.htm#45 Web site exposes credit card fraud
https://www.garlic.com/~lynn/aadsm12.htm#14 Challenge to TCPA/Palladium detractors
https://www.garlic.com/~lynn/aadsm12.htm#15 Challenge to TCPA/Palladium detractors
https://www.garlic.com/~lynn/aadsm12.htm#18 Overcoming the potential downside of TCPA
https://www.garlic.com/~lynn/aadsm14.htm#1 Who's afraid of Mallory Wolf?
https://www.garlic.com/~lynn/aadsm14.htm#4 Who's afraid of Mallory Wolf?
https://www.garlic.com/~lynn/aadsm14.htm#28 Maybe It's Snake Oil All the Way Down
https://www.garlic.com/~lynn/aadsm14.htm#33 An attack on paypal
https://www.garlic.com/~lynn/aadsm15.htm#27 SSL, client certs, and MITM (was WYTM?)
https://www.garlic.com/~lynn/aadsm16.htm#20 Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else before
https://www.garlic.com/~lynn/aadsm17.htm#2 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)
https://www.garlic.com/~lynn/aadsm17.htm#32 visa cards violated, BofA reissuing after hack attack
https://www.garlic.com/~lynn/aadsm17.htm#46 authentication and authorization (was: Question on the state of the security industry)
https://www.garlic.com/~lynn/aadsm17.htm#47 authentication and authorization ... addenda
https://www.garlic.com/~lynn/aadsm17.htm#53 Using crypto against Phishing, Spoofing and Spamming
https://www.garlic.com/~lynn/aadsm18.htm#6 dual-use digital signature vulnerability
https://www.garlic.com/~lynn/aadsm18.htm#35 Credit card leaks continue at a furious pace
https://www.garlic.com/~lynn/aadsm18.htm#45 Banks Test ID Device for Online Security
https://www.garlic.com/~lynn/aadsm19.htm#1 Do You Need a Digital ID?
https://www.garlic.com/~lynn/aadsm19.htm#15 Loss Expectancy in NPV calculations
https://www.garlic.com/~lynn/aadsm19.htm#25 Digital signatures have a big problem with meaning
https://www.garlic.com/~lynn/aadsm19.htm#45 payment system fraud, etc
https://www.garlic.com/~lynn/aadsm19.htm#47 the limits of crypto and authentication
https://www.garlic.com/~lynn/aadsm20.htm#12 the limits of crypto and authentication
https://www.garlic.com/~lynn/aadsm21.htm#18 'Virtual Card' Offers Online Security Blanket
https://www.garlic.com/~lynn/aadsm21.htm#27 X.509 / PKI, PGP, and IBE Secure Email Technologies
https://www.garlic.com/~lynn/aadsm22.htm#2 GP4.3 - Growth and Fraud - Case #3 - Phishing
https://www.garlic.com/~lynn/aadsm22.htm#3 GP4.3 - Growth and Fraud - Case #3 - Phishing
https://www.garlic.com/~lynn/aadsm22.htm#25 FraudWatch - Chip&Pin, a new tenner (USD10)
https://www.garlic.com/~lynn/aadsm22.htm#36 Unforgeable Blinded Credentials
https://www.garlic.com/~lynn/aadsm23.htm#9 PGP "master keys"
https://www.garlic.com/~lynn/aadsm23.htm#27 Chip-and-Pin terminals were replaced by "repairworkers"?
https://www.garlic.com/~lynn/aadsm23.htm#31 JIBC April 2006 - "Security Revisionism"
https://www.garlic.com/~lynn/aadsm23.htm#54 Status of SRP
https://www.garlic.com/~lynn/aadsm24.htm#5 New ISO standard aims to ensure the security of financial transactions on the Internet
https://www.garlic.com/~lynn/aadsm24.htm#6 Securely handling credit card transactions earns Blackboard kudos
https://www.garlic.com/~lynn/aadsm24.htm#38 Interesting bit of a quote
https://www.garlic.com/~lynn/aadsm24.htm#46 More Brittle Security -- Agriculture
https://www.garlic.com/~lynn/aadsm25.htm#2 Crypto to defend chip IP: snake oil or good idea?
https://www.garlic.com/~lynn/aadsm25.htm#21 Identity v. anonymity -- that is not the question
https://www.garlic.com/~lynn/aadsm25.htm#24 DDA cards may address the UK Chip&Pin woes
https://www.garlic.com/~lynn/aadsm25.htm#33 Mozilla moves on security
https://www.garlic.com/~lynn/aadsm25.htm#34 Mozilla moves on security
https://www.garlic.com/~lynn/aadsm25.htm#39 How the Classical Scholars dropped security from the canon of Computer Science
https://www.garlic.com/~lynn/aadsm25.htm#41 Why security training is really important (and it ain't anything to do with security!)
https://www.garlic.com/~lynn/aadsm26.htm#6 Citibank e-mail looks phishy
https://www.garlic.com/~lynn/aadsm26.htm#11 What is the point of encrypting information that is publicly visible?
https://www.garlic.com/~lynn/aadsm26.htm#24 News.com: IBM donates new privacy tool to open-source Higgins
https://www.garlic.com/~lynn/aadsm26.htm#25 EV - what was the reason, again?
https://www.garlic.com/~lynn/aadsm26.htm#54 What to do about responsible disclosure?
https://www.garlic.com/~lynn/aadsm27.htm#3 Solution to phishing -- an idea who's time has come?
https://www.garlic.com/~lynn/aadsm28.htm#3 Why Security Modelling doesn't work -- the OODA-loop of today's battle
https://www.garlic.com/~lynn/aadsm28.htm#60 Seeking expert on credit card fraud prevention - particularly CNP/online transactions
https://www.garlic.com/~lynn/aadsm28.htm#70 VCs have a self-destruction gene, let's tweak it
https://www.garlic.com/~lynn/aadsm28.htm#71 Paypal -- Practical Approaches to Phishing -- open white paper
https://www.garlic.com/~lynn/aadsm28.htm#73 "Designing and implementing malicious hardware"
https://www.garlic.com/~lynn/aadsm28.htm#74 Visa and MasterCard mandated PCI compliance as of Jan 1, 2008. I would like to get a feel or opinion on this subject
https://www.garlic.com/~lynn/aadsm28.htm#75 Fun with Data Theft/Breach Numbers
https://www.garlic.com/~lynn/2002d.html#7 IBM Mainframe at home
https://www.garlic.com/~lynn/2002d.html#8 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002d.html#9 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002d.html#10 IBM Mainframe at home
https://www.garlic.com/~lynn/2002d.html#11 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002d.html#23 Mainframers: Take back the light (spotlight, that is)
https://www.garlic.com/~lynn/2002d.html#24 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002d.html#25 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002d.html#27 iAPX432 today?
https://www.garlic.com/~lynn/2002d.html#28 Security Proportional to Risk (was: IBM Mainframe at home)
https://www.garlic.com/~lynn/2002f.html#23 Computers in Science Fiction
https://www.garlic.com/~lynn/2002i.html#72 A Lesson In Security
https://www.garlic.com/~lynn/2002j.html#14 Symmetric-Key Credit Card Protocol on Web Site
https://www.garlic.com/~lynn/2002j.html#63 SSL integrity guarantees in abscense of client certificates
https://www.garlic.com/~lynn/2002l.html#11 IEEE article on intelligence and security
https://www.garlic.com/~lynn/2002l.html#12 IEEE article on intelligence and security
https://www.garlic.com/~lynn/2002l.html#35 Cryptography
https://www.garlic.com/~lynn/2002m.html#14 fingerprint authentication
https://www.garlic.com/~lynn/2002m.html#19 A new e-commerce security proposal
https://www.garlic.com/~lynn/2002n.html#20 Help! Good protocol for national ID card?
https://www.garlic.com/~lynn/2002n.html#25 Help! Good protocol for national ID card?
https://www.garlic.com/~lynn/2002n.html#26 Help! Good protocol for national ID card?
https://www.garlic.com/~lynn/2002o.html#67 smartcard+fingerprint
https://www.garlic.com/~lynn/2003l.html#64 Can you use ECC to produce digital signatures? It doesn't see
https://www.garlic.com/~lynn/2003m.html#11 AES-128 good enough for medical data?
https://www.garlic.com/~lynn/2003m.html#51 public key vs passwd authentication?
https://www.garlic.com/~lynn/2003o.html#46 What 'NSA'?
https://www.garlic.com/~lynn/2004.html#29 passwords
https://www.garlic.com/~lynn/2004b.html#39 SSL certificates
https://www.garlic.com/~lynn/2004b.html#48 Automating secure transactions
https://www.garlic.com/~lynn/2004f.html#8 racf
https://www.garlic.com/~lynn/2004f.html#36 MITM attacks
https://www.garlic.com/~lynn/2004j.html#0 New Method for Authenticated Public Key Exchange without Digital Certificates
https://www.garlic.com/~lynn/2004j.html#15 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento
https://www.garlic.com/~lynn/2004l.html#19 FW: Looking for Disk Calc program/Exec (long)
https://www.garlic.com/~lynn/2004l.html#40 "Perfect" or "Provable" security both crypto and non-crypto?
https://www.garlic.com/~lynn/2004m.html#9 REVIEW: "Biometrics for Network Security", Paul Reid
https://www.garlic.com/~lynn/2004m.html#28 Shipwrecks
https://www.garlic.com/~lynn/2005f.html#60 Where should the type information be: in tags and descriptors
https://www.garlic.com/~lynn/2005g.html#51 Security via hardware?
https://www.garlic.com/~lynn/2005g.html#54 Security via hardware?
https://www.garlic.com/~lynn/2005i.html#1 Brit banks introduce delays on interbank xfers due to phishing boom
https://www.garlic.com/~lynn/2005i.html#22 technical question about fingerprint usbkey
https://www.garlic.com/~lynn/2005j.html#53 Banks
https://www.garlic.com/~lynn/2005k.html#23 More on garbage
https://www.garlic.com/~lynn/2005l.html#22 The Worth of Verisign's Brand
https://www.garlic.com/~lynn/2005l.html#35 More Phishing scams, still no SSL being used
https://www.garlic.com/~lynn/2005l.html#36 More Phishing scams, still no SSL being used
https://www.garlic.com/~lynn/2005o.html#2 X509 digital certificate for offline solution
https://www.garlic.com/~lynn/2005p.html#6 Innovative password security
https://www.garlic.com/~lynn/2005p.html#24 Hi-tech no panacea for ID theft woes
https://www.garlic.com/~lynn/2005t.html#32 RSA SecurID product
https://www.garlic.com/~lynn/2005t.html#34 RSA SecurID product
https://www.garlic.com/~lynn/2005u.html#33 PGP Lame question
https://www.garlic.com/~lynn/2005v.html#4 ABN Tape - Found
https://www.garlic.com/~lynn/2006c.html#34 X.509 and ssh
https://www.garlic.com/~lynn/2006d.html#26 Caller ID "spoofing"
https://www.garlic.com/~lynn/2006e.html#26 Debit Cards HACKED now
https://www.garlic.com/~lynn/2006e.html#44 Does the Data Protection Act of 2005 Make Sense
https://www.garlic.com/~lynn/2006h.html#15 Security
https://www.garlic.com/~lynn/2006k.html#4 Passwords for bank sites - change or not?
https://www.garlic.com/~lynn/2006k.html#16 Value of an old IBM PS/2 CL57 SX Laptop
https://www.garlic.com/~lynn/2006k.html#23 Value of an old IBM PS/2 CL57 SX Laptop
https://www.garlic.com/~lynn/2006o.html#20 Gen 2 EPC Protocol Approved as ISO 18000-6C
https://www.garlic.com/~lynn/2006o.html#35 the personal data theft pandemic continues
https://www.garlic.com/~lynn/2006p.html#18 19,000 Accounts Compromised
https://www.garlic.com/~lynn/2006q.html#36 Was FORTRAN buggy?
https://www.garlic.com/~lynn/2006s.html#4 Why not 2048 or 4096 bit RSA key issuance?
https://www.garlic.com/~lynn/2006s.html#5 Why not 2048 or 4096 bit RSA key issuance?
https://www.garlic.com/~lynn/2006t.html#5 Are there more stupid people in IT than there used to be?
https://www.garlic.com/~lynn/2006v.html#49 Patent buster for a method that increases password security
https://www.garlic.com/~lynn/2007b.html#33 security engineering versus information security
https://www.garlic.com/~lynn/2007c.html#6 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#8 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#9 Decoding the encryption puzzle
https://www.garlic.com/~lynn/2007c.html#11 Decoding the encryption puzzle
https://www.garlic.com/~lynn/2007c.html#37 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#38 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007c.html#40 Point-of-Sale security
https://www.garlic.com/~lynn/2007c.html#44 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007e.html#2 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007e.html#26 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007f.html#31 Is that secure : <form action="https" from a local HTML page ?
https://www.garlic.com/~lynn/2007f.html#36 Silly beginner questions
https://www.garlic.com/~lynn/2007f.html#68 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2007g.html#20 T.J. Maxx data theft worse than first reported
https://www.garlic.com/~lynn/2007h.html#56 T.J. Maxx data theft worse than first reported
https://www.garlic.com/~lynn/2007j.html#15 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007l.html#35 My Dream PC -- Chip-Based
https://www.garlic.com/~lynn/2007l.html#40 My Dream PC -- Chip-Based
https://www.garlic.com/~lynn/2007v.html#87 Data Breaches Soar In 2007
https://www.garlic.com/~lynn/2007v.html#90 folklore indeed
https://www.garlic.com/~lynn/2008.html#2 folklore indeed
https://www.garlic.com/~lynn/2008.html#4 folklore indeed
https://www.garlic.com/~lynn/2008.html#5 folklore indeed
https://www.garlic.com/~lynn/2008c.html#47 Data Erasure Products
https://www.garlic.com/~lynn/2008i.html#21 Worst Security Threats?
https://www.garlic.com/~lynn/2008i.html#55 Is data classification the right approach to pursue a risk based information security program?
https://www.garlic.com/~lynn/2008i.html#101 We're losing the battle
https://www.garlic.com/~lynn/2008j.html#48 dollar coins
https://www.garlic.com/~lynn/2008m.html#71 TJ Maxx - why are they still in business?
https://www.garlic.com/~lynn/2008m.html#72 What are security areas to be addressed before starting an e-commerce transaction or setting up a portal?
https://www.garlic.com/~lynn/2008n.html#75 Should online transactions be allowed on credit cards without adequate safeguards?
https://www.garlic.com/~lynn/2008n.html#90 Credit Card Security
https://www.garlic.com/~lynn/2008o.html#16 Is Information Security driven by compliance??
https://www.garlic.com/~lynn/2008o.html#76 Blinkenlights
https://www.garlic.com/~lynn/2008p.html#5 Privacy, Identity theft, account fraud
https://www.garlic.com/~lynn/2008p.html#7 Dealing with the neew MA ID protection law
https://www.garlic.com/~lynn/2008p.html#65 Barbless
https://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
https://www.garlic.com/~lynn/2008s.html#4 Expanding U.S. Tactical Aviation's "Approved Belief"
https://www.garlic.com/~lynn/2008s.html#5 Greed - If greed was the cause of the global meltdown then why does the biz community appoint those who so easily succumb to its temptations?
https://www.garlic.com/~lynn/2008s.html#10 Data leakage - practical measures to improve Information Governance
https://www.garlic.com/~lynn/2008s.html#24 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#28 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: comp.sys.sun.hardware,alt.folklore.computers Date: Fri, 02 Jan 2009 16:13:57 -0500Morten Reistad <first@last.name> writes:
well, there was (mainframe) ACP (airline control program) using loosely-coupled for reservation systems (and other functions) in the 60s.
lots of various kinds of HA and cluster scale-up continues through the 70s & 80s.
Tandem does HA. vax/cluster does HA. IMS doing hot-standby. TPF (renamed from ACP) doing HA.
The Austin Tandem group doing UNIX based platform ... did a lot of work removing panics from the Unix kernel and other Unix RAS work ... and contributing their work back.
what we started trying to do in late 80s with HA/CMP ... was using commodity parts (effectively taking advantage of what Jim Gray had earlier observed about basic hardware had become significantly more reliable and failure/outages were more frequently from software, environment, people). for a little topic drift ... news item from today:
Why Mirroring Is Not a Backup Solution
http://hardware.slashdot.org/article.pl?sid=09/01/02/1546214
before we started on HA/CMP ... we had also come up with 3tier
architecture (and was out pitching to customer executives). For at least
some customers (possibly even gov), 3tier included supporting services
at multiple different locations.
https://www.garlic.com/~lynn/subnetwork.html#3tier
for small topic drift, we were also on the XTP technical advisery board
... I've posted before about difficulty pitching XTP as HSP (high-speed
protocol) to ANSI (ISO) x3s3.3 ... and getting turned down since
ANSI/ISO standards had to conform to OSI. A major driving force behind
XTP was Chesson ... then at SGI ... but may be recognized as responsible
for UUCP when at belllabs. ... various past xtp/hsp posts:
https://www.garlic.com/~lynn/subnetwork.html#xtphsp
however, XTP also was low-latency and had support for reliable multicast. this was being looked at for military fire control systems (where there were assumptions about continued operation in the face of extremely high damage/failure ... and where there may still be surviving XTP implementations).
one of the reasons we were doing ha/cmp for rs/6000 ... was there wasn't
a SMP 801/risc hardware platform at the time ... so in addition to
high-availability ... cluster was the only way to get rs/6000 scale-up.
https://www.garlic.com/~lynn/subtopic.html#hacmp
A lot of kernel work was attempting to get SMP thruput scale-up for large number of processors (not necessarily primarily HA). a major Oracle reference platfrom was Sequent ... which had migrated to intel processors for large SMP scale-up (and was selling into mainframe datacenter market ... and so was also heavily into RAS). There were lots of cross-fertulization between Sequent & Oracle about thruput and (kernel) locking (for Seuquent's Dynix). Sequent also made claims about doing most of the early SMP locking work for NT kernel. Sequent then started SCI-based SMP project (moving from 32-processor SMP snoopy bus for cache coherency ... to 256-processor SMP NUMA-Q with SCI). This required significant more work on various kinds of fine-grain locking ... both for Dynix SMP scale-up as well as Oracle SMP scale-up. Sequent was also a major reference platform for Informix.
There was lot of kernel RAS work in conjunction with SMP kernel scale-up work ... SMP kernel scale-up looking to move into commercial dataprocessing ... but then effectively found that they also needed commercial RAS. Much of this was complimentary to cluster high-availability work.
IBM then buys Sequent mid-99:
http://news.cnet.com/IBM-buys-Sequent-for-810-million/2100-1001_3-228275.html
and then buys Informix 2001:
http://www.itworld.com/IDG010424informix
some search engine turns up linux/sequent item (just before the IBM purchase):
http://www.linuxhq.com/lnxlists/linux-smp/lm_9905/msg00110.html
and this item:
http://www.knowledgerush.com/kr/encyclopedia/Sequent_Computer_Systems/
from above:
In 1996 they released the first of a new series of machines based on
this new architecture. Known internally as STiNG, an abbreviation for
Sequent: The Next Generation (with Intel inside), it was productized as
NUMA-Q and was the last of the systems released before the company was
purchased by IBM for over $800 million. In 2002, after Sun Microsystems
began a public discussion of IBM's silence on their NUMA-based x430
system, IBM had a reduction-in-force, announced that it had no further
plans to market the x430 and would eventually drop support for the
over-10,000 systems that Sequent and IBM had deployed.
... snip ...
We had been involved with SCI and SMP scale-up at various times in the 90s ... but didn't directly have a product using it.
for other topic drift, old posts about SMP and/or compare&swap
instruction
https://www.garlic.com/~lynn/subtopic.html#smp
and for even more topic drift:
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml
for other drift ... we did some consulting work for Steve Chen when he
was CTO at sequent ... prior to IBM purchase ... past posts mentioning
Steve Chen:
https://www.garlic.com/~lynn/2001n.html#68 CM-5 Thinking Machines, Supercomputers
https://www.garlic.com/~lynn/2001n.html#70 CM-5 Thinking Machines, Supercomputers
https://www.garlic.com/~lynn/2002h.html#42 Looking for Software/Documentation for an Opus 32032 Card
https://www.garlic.com/~lynn/2003d.html#57 Another light on the map going out
https://www.garlic.com/~lynn/2004b.html#19 Worst case scenario?
https://www.garlic.com/~lynn/2006q.html#9 Is no one reading the article?
https://www.garlic.com/~lynn/2006v.html#12 Steve Chen Making China's Supercomputer Grid
https://www.garlic.com/~lynn/2006y.html#38 Wanted: info on old Unisys boxen
https://www.garlic.com/~lynn/2007n.html#1 Is Parallel Programming Just Too Hard?
https://www.garlic.com/~lynn/2008e.html#4 Migration from Mainframe to othre platforms - the othe bell?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: mvs preemption dispatcher Newsgroups: bit.listserv.ibm-main,alt.folklore.computers Date: Fri, 02 Jan 2009 20:03:37 -0500rfochtman@YNC.NET (Rick Fochtman) writes:
as an undergraduate in the 60s ... i modified cp67 dispatch/scheduler to support dynamic adaptive resource management. in the morph from cp67 to vm370, much of the dynamic adaptive was dropped ... but preemptive dispatching and time-slicing continued to exist.
there were some number of ("conversational" &/or "time-sharing")
subsystems done under os/360 that also would do time-slicing ... like
cps ... recent posts mentioning CPS
https://www.garlic.com/~lynn/2008s.html#69
https://www.garlic.com/~lynn/2008s.html#71
this reference describes apl\360 supporting time slicing
http://hopl.murdoch.edu.au/showlanguage2.prx?exp=18
above mentions that apl\360 work was being done by 10 people in a period when tss\360 (the "strategic" operating system for 360/67) had hundreds. i've guessed that tss\360 had possibly 1200 at a time when the science center had 12 working on cp67 and cms. the science center also did port of apl\360 to cp67/cms for cms\apl. The above article mentions that cms\apl ran 20% slower than apl\360. This probably refers to 360/67 running in 360/65 mode (real addressing) had memory cycle of 750ns. Running virtual memory mode added 150ns to the memory cycle time (20%).
Note however, apl\360 typically was limited to 16kbyte (or 32kbyte) real workspaces. cms\apl opened this up to virtual address space size ... as well as adding functions where apl applications could invoke cms system functions (like reading/writing files). apl was frequently used for modeling and/or kinds of applications currently done with spreadsheets, however these applications were severely limited in apl\360. with cms\apl it was possible to start doing real-world applications. One such was that the business planning people in Armonk loading customer business information on the science center cp67 system and were using cms\apl (remotely from armonk) to do customer and business modeling.
i've periodically claimed that part of the reason i got to do the
"resource manager" for vm370 (being again able to ship again much of the
stuff that i had done nearly a decade earlier as undergraduate) ....
was first little 370 work went on during the future system days
(assumption was that future system would replace all 370)
https://www.garlic.com/~lynn/submain.html#futuresys
then when future system project was killed ... there was mad rush to get products back into the 370 hardware & software product pipeline (i had somewhat pan'ed future system and continued to focus on 360/370).
recent post with reference about joke built into the resource
manager:
https://www.garlic.com/~lynn/2008p.html#1
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Swedish police warn of tampered credit card terminals Date: Jan 03, 2009 Blog: Payment Systems NetworkSwedish police warn of tampered credit card terminals
from above:
The case is similar to one revealed earlier this year affecting
several U.K. retailers, where point-of-sale devices were hacked to
record debit and credit card details for use in frauds. It also
demonstrates the increasing technical knowledge cybercriminals have
gained in order to perpetuate card fraud.
... snip ...
we had been called in to consult with a small client/server startup
that wanted to do payment transactions on their server ... and had
this technology they had invented called SSL they wanted to use
.... effort is now frequently called "electronic commerce". Some
recent problems with the implementation ... including references to
little new has been done since 1995 (which we have referred to the
effort as "comfort" as opposed to "security")
https://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
lots of past posts mentioning SSL certificates (including threads that
refer to them as "comfort")
https://www.garlic.com/~lynn/subpubkey.html#sslcert
in the mid-90s, we were then asked to participate in the x9a10
financial standard working group which had been given the requirement
to preserve the integrity of the financial infrastructure for all
retail payments. the result was the x9.59 financial transaction
standard
https://www.garlic.com/~lynn/x959.html#x959
X9.59 didn't do anything about data breaches, skimming, evesdropping, etc expoits (i.e. crooks being able to harvest information from valid transactions for the purpose of performing fraudulent financial transactions). However, x9.59 did tweak the paradigm so that crooks could no longer use the information for fraudulent transactions (they could still "steal" credit card details ... but they could no longer use that information for other fraudulent transactions, aka x9.59 included countermeasure to various kinds of replay attacks).
Now the largest use of SSL in the world today is this thing we had worked on now commonly referred to as "electronic commerce" ... as part of hiding credit card details. X9.59 changes the paradigm so it is no longer necessary to hide credit card details ... and therefor eliminates the major use for SSL.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: alt.folklore.computers Date: Sun, 04 Jan 2009 10:17:26 -0500jmfbahciv <jmfbahciv@aol> writes:
One of the processes ... was normally a cp67 (card-image) kernel deck
was built to tape (although there for a time at the start there was card
tray of the "current deck"). The "BPS" loader could IPL the deck off
tape (as well as from the card reader). The loader would pull all the
card decks into memory and build a core-image of the program ... and
then transfer to the program. The "start" of cp67 kernel deck ... was
actually some code that wrote the core-image to disk ... where cp67 was
normally IPL'ed from. Recent thread discussing "BPS" loader used for
cp67:
https://www.garlic.com/~lynn/2008s.html#56 Computer History Museum
https://www.garlic.com/~lynn/2008s.html#64 Computer History Museum
https://www.garlic.com/~lynn/2008s.html#65 Computer History Museum
The tapes for "stable" systems were kept for some period (as fall-back in case of reliability issues with "new" systems). The card-image on tape also occupied very little of the tape ... so I added to the procedure, processes that would "dump" everything (source, procedures, etc) necessary to recreate the card-image. Over the yrs, I had kept some number of these tapes ... including migrating to newer tape technology as necessary (starting from 9trk 800bpi).
In the mid-80s, when Melinda
https://www.leeandmelindavarian.com/Melinda/
https://www.leeandmelindavarian.com/Melinda#VMHist
was looking for original copies of the cp67 multi-level source update
procedures ... I was able to provide her with the files that I pulled
off one such tape ... past references:
https://www.garlic.com/~lynn/2003e.html#66 History of project maintenance tools -- what and when?
https://www.garlic.com/~lynn/2004b.html#59 A POX on you, Dennis Ritchie!!!
https://www.garlic.com/~lynn/2004m.html#30 Shipwrecks
https://www.garlic.com/~lynn/2005i.html#30 Status of Software Reuse?
https://www.garlic.com/~lynn/2006e.html#7 About TLB in lower-level caches
https://www.garlic.com/~lynn/2006q.html#45 Was FORTRAN buggy?
https://www.garlic.com/~lynn/2006w.html#42 vmshare
https://www.garlic.com/~lynn/2006w.html#48 vmshare
This was before the period in Almaden when quite a few of my tapes (and
others) were wiped out ... there were problems where randomly selected
tapes were being mounted for scratch. misc. past references:
https://www.garlic.com/~lynn/2003j.html#14 A Dark Day
https://www.garlic.com/~lynn/2006w.html#42 vmshare
https://www.garlic.com/~lynn/2007l.html#51 Scholars needed to build a computer history bibliography
However, shortly after the tapes being wiped out ... I was contacted by corporate lawyers looking for some cp67 source that I had done as an undergraduate (before becoming an employee). They were attempting to show prior art in a patent dispute regarding monitoring computer activity (basically technology that produced performance & activity reports). My stuff from undergraduate days was slightly different since my monitoring was use by dynamic adaptive resource management (but the monitoring methodology was effectively the same for the purpose of the patent dispute). The issue was my undergraduate work predated the patent application, but the later work didn't.
For additional drift ... I had done CMSBACK which was deployed
internally for a couple generations, morphed into workstation datasave
and released as a product, morphed into ADSM ... which was subsequently
renamed TSM (Tivoli Storage Manager). Some old email
https://www.garlic.com/~lynn/lhwemail.html#cmsback
and misc. past posts referencing archived &/or backup
https://www.garlic.com/~lynn/submain.html#backup
There have been some facetious comments about blaming me for the backup paranoia in PROFS and incident involving the executive branch in the early 80s and using PROFS backup files in evidence.
For even more topic drift ... lots of old email snippets:
https://www.garlic.com/~lynn/lhwemail.html
some of the backups did include performance monitoring data ... which
allowed for making comparisons of 360/67 cp67 performance against 3081
vm370 performance for highlighting that relative disk system thruput had
declined by an order of magnitude (disks had increased thruput but
processors thruput had increased by an order of magnitude more).
https://www.garlic.com/~lynn/93.html#31 Big I/O or Kicking the Mainframe out the Door
https://www.garlic.com/~lynn/94.html#43 Bloat, elegance, simplicity and other irrelevant concepts
https://www.garlic.com/~lynn/94.html#55 How Do the Old Mainframes Compare to Today's Micros?
https://www.garlic.com/~lynn/95.html#10 Virtual Memory (A return to the past?)
https://www.garlic.com/~lynn/98.html#46 The god old days(???)
https://www.garlic.com/~lynn/99.html#4 IBM S/360
https://www.garlic.com/~lynn/2001d.html#66 Pentium 4 Prefetch engine?
https://www.garlic.com/~lynn/2001f.html#62 any 70's era supercomputers that ran as slow as today's supercomputers?
https://www.garlic.com/~lynn/2001l.html#40 MVS History (all parts)
https://www.garlic.com/~lynn/2001l.html#61 MVS History (all parts)
https://www.garlic.com/~lynn/2001m.html#23 Smallest Storage Capacity Hard Disk?
https://www.garlic.com/~lynn/2002.html#5 index searching
https://www.garlic.com/~lynn/2002b.html#11 Microcode? (& index searching)
https://www.garlic.com/~lynn/2002b.html#20 index searching
https://www.garlic.com/~lynn/2002e.html#8 What are some impressive page rates?
https://www.garlic.com/~lynn/2002e.html#9 What are some impressive page rates?
https://www.garlic.com/~lynn/2004p.html#39 100% CPU is not always bad
Misc. past posts about joke that I put in the resource manager
with regard to manually tuning (based on performance & activity reports)
vis-a-vis direct dynamic adaptive resource management:
https://www.garlic.com/~lynn/2001b.html#18 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
https://www.garlic.com/~lynn/2001l.html#9 mainframe question
https://www.garlic.com/~lynn/2002c.html#16 OS Workloads : Interactive etc
https://www.garlic.com/~lynn/2002c.html#54 Swapper was Re: History of Login Names
https://www.garlic.com/~lynn/2002i.html#53 wrt code first, document later
https://www.garlic.com/~lynn/2004o.html#10 Multi-processor timing issue
https://www.garlic.com/~lynn/2005p.html#31 z/VM performance
https://www.garlic.com/~lynn/2006b.html#21 IBM 3090/VM Humor
https://www.garlic.com/~lynn/2006h.html#22 The Pankian Metaphor
https://www.garlic.com/~lynn/2006y.html#17 The Future of CPUs: What's After Multi-Core?
https://www.garlic.com/~lynn/2007g.html#56 The Perfect Computer - 36 bits?
https://www.garlic.com/~lynn/2007i.html#43 Latest Principles of Operation
https://www.garlic.com/~lynn/2007i.html#77 Sizing CPU
https://www.garlic.com/~lynn/2008.html#16 No Glory for the PDP-15
https://www.garlic.com/~lynn/2008.html#88 folklore indeed
https://www.garlic.com/~lynn/2008g.html#35 Does TCP Need an Overhaul?
https://www.garlic.com/~lynn/2008p.html#1 My Funniest or Most Memorable Moment at IBM
https://www.garlic.com/~lynn/2008p.html#4 Strings story
https://www.garlic.com/~lynn/2008p.html#41 Automation is still not accepted to streamline the business processes... why organizations are not accepting newer technologies?
https://www.garlic.com/~lynn/2009.html#6 mvs preemption dispatcher
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: alt.folklore.computers Date: Sun, 04 Jan 2009 10:31:56 -0500Bernd Felsche <berfel@innovative.iinet.net.au> writes:
from part of thread mentioned in above
https://www.garlic.com/~lynn/2008s.html#64 Computer History Museum
looking for copy of the original BPS loader source. The above discusses full source and executable infrastructure for vm370 release 6 (a little less than 30yrs old) ... for running under hercules. "aws" is file image of mainframe tapes ... in EBCDIC. It doesn't take a whole lot to extract all the vm370 release 6 source files as linux, ascii files.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Swedish police warn of tampered credit card terminals Date: Jan 04, 2009 Blog: Payment Systems Networkre:
X9.59 financial standard approach it slightly different ... the standard stated that account numbers used in X9.59 transactions could only be used in appropriately authenticated transactions. X9.59 didn't do anything about preventing non-X9.59 transactions ... it just eliminated evesdropping/harvesting as an exploit for x9.59 transactions ... basically a form of replay attack (using the information from previous transactions for fraudulent transactions).
Part of the approach came from security proportional to risk paradigm philosophy and co-existing with legacy operations while also offering increased integrity.
Basically x9.59 and EMV originated in approx. the same period ... and
in the EMV deployment period involving the yes card exploit ... lots
of past posts mentioning the yes card exploit
https://www.garlic.com/~lynn/subintegrity.html#yescard
it was demonstrated that a trivial software tweak, downloaded from the
acquiring operations (that any existing chip-accepting card interface
was connected to) could easily perform several different kinds of
transactions ... including x9.59 transactions.
https://www.garlic.com/~lynn/x959.html#x959
oh ... and for the fun of it ... this recent post mentioning the
invention and archeology of magstripe ... in thread about web security
hasn't moved since 1995:
https://www.garlic.com/~lynn/2008s.html#25
The bldg. mentioned in the above post related to magstripe ... was also involved in developing early ATM machines. As mentioned, for a period ... I had part of a wing and several labs in the same bldg.
Also mentioned in the above post regarding NACHA trials
https://www.garlic.com/~lynn/x959.html#aadsnacha
and a more recent post referencing infrastructure about major
technologies and some amount of archeology regarding evolution of ATM
processing (more oriented towards the networks & backends ... which is
claimed to involve the majority of ATM transactions in the world today
at some point)
https://www.garlic.com/~lynn/2008s.html#77
also discussed in this post
https://www.garlic.com/~lynn/2009.html#1
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Swedish police warn of tampered credit card terminals Date: Jan 04, 2009 Blog: Payment Systems NetworkAs mentioned earlier in this thread
... and many others, x9.59 avoided that problem by making the
information in x9.59 transactions not usable in non-x9.59 (and/or
magstripe) transactions.
https://www.garlic.com/~lynn/x959.html#x959
Part of this was the result of the requirement given the x9a10 financial standard working group to preserve the integrity of the financial infrastructure for ALL retail payments. That made x9.59 financial standard transaction protocol that right out of the starting gate, from day-one, had to support ALL kinds of payment methods; i.e. debit, credit, ATM, stored-value, ACH, etc ... as well as ALL kinds of payment environments, point-of-sale, cash machines, internet, face-to-face, unattended, transit gates, contact, contactless, proximity, wireless
It wasn't allowed for the x9a10 financial standard effort to myopically focus on just some narrow slice.
One of the issues in some of the other kinds of solutions in the US
market is that there were some earlier false starts ... that then had
to regroup for some period of time. For instance in the early part of
this decade there was a large deployment of POS chipcards ... which
turned out to be vulnerable to the yes card exploit
https://www.garlic.com/~lynn/subintegrity.html#yescard
It isn't so much the cost of a "single" deployment in the US market ... after some of the earlier failures ... it is the prospect of the cost for large number of repeated deployments ... hoping eventually that one of them will get it correct.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: why stopped? Date: Jan 04, 2009 Blog: Facebook ConcordeI worked for boeing computer services in 1969 ... they had mockups of both SST and 747 (and a 747 was flying skys of seattle getting FAA certification).
this is wiki page for SST
https://en.wikipedia.org/wiki/Boeing_2707
and talks about it being canceled ... in part because of environmental issues.
This is BOEING history
http://www.boeing.com/history/chronology/chron10.html
Above has some mention of SST. It also mentions that BCS wasn't formed until May 25, 1970. I was undergraduate in 60s ... and had been talked into teaching one week class to the (small) BCS technical staff (during '69 spring break, more than a yr earlier) and then worked for BCS during summer '69 (as a full time mid-level employee that was still student). My memory was that there were ongoing problems with the executive that headed up BCS getting executives of the large corporate datacenters to recognize his authority (which may account for listing BCS not being formed until May 25, 1970).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: alt.folklore.computers Date: Sun, 04 Jan 2009 19:45:08 -0500Peter Flass <Peter_Flass@Yahoo.com> writes:
as per the last part of the previous post ... i had consolidated several of the 800bpi & 1600bpi 9trk tapes from cp67 era ... first on to 6250bpi tapes ... which then were consolidated to 3480 cartridges.
The request from melinda for copy of source update procedures from cp67 days .... came while the tapes were still intact ... complete copies of source, updates and all the processes for recreating specific executable (cp67) kernel. later the problems in the almaden datacenter with random tapes being mounted for scratch ... managed to obliterate large number of my tapes ... including all the ones with cp67 source.
small part of list of tapes "lost" during the period of troubles at
alamden datacenter ... note "FILES" (in following) refers to number of
"tape" files, separated by tape marks ... as opposed to cms files:
001018 01/01/99 IUO 10FILES, CP/67 SOURCE & SYSTEM 001381 01/01/99 IUO CAMB. WHEELER ARCHIVE 001642 01/01/99 UNCL SL-8FILE CMS SYSTEM & MY FILES ABOUT 5/ 001720 01/01/99 UNCL ALL SL-8FILE PRPQ3.7, CMS, MISC 002090 12/31/99 UNCL SL-10FILES, CP/67 SOURCE & SYSTEM 002826 01/01/99 UNCL SL-1FILE CP2.0 SOURCE 004376 01/01/99 IUO ALL SL-5FILE VM2.15 + LOCAL 004789 01/01/99 UNCL ALL SL-8FILE CAMBRIDG ARCHIVE
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What are the challenges in risk analytics post financial crisis? Date: Jan 05, 2009 Blog: Risk ManagementLenders (especially often unregulated mortgage originators) were able to unload the loans through securitized instruments.
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
A couple months ago, in the congressional hearings into securitized instruments, it was mentioned that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers were paying the rating agencies for the triple-A ratings (the word "fraud" was used several times). Just now on one of the TV business news programs, there was discussion about how to replace the current rating agency infrastructure (in order to correct the problems). There was comment that the current paradigm really was a change-over that happened in the early 70s (when there was switch to the instrument issuers paying for the ratings).
The triple-A ratings for toxic CDOs greatly increased the institutions that would deal in toxic CDOs ... as well as greatly increasing the amount money available to the lenders (who were unloading their loans as toxic CDOs). In the congressional hearings there was also discussions that having the toxic CDOs sellers paying for the ratings, "mis-aligned" the business interests (i.e. the ratings were being done in the interest of those selling the toxic CDOs, not in the interest of those buying the toxic CDOs).
Then there were a lot of the institutions that were buying up these triple-A rated toxic CDOs .... that even with the triple-A ratings there was still indications of the actual quality ... and the institutions were buying them anyway.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
and
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
a recent article:
Computer Models and the Global Economic Crash
http://news.slashdot.org/article.pl?sid=08/12/16/2048235&tid=98
Axioms, downturns, and a global (computer?) crash
http://arstechnica.com/news.ars/post/20081215-axioms-downturns-and-a-global-computer-crash.html
Some number of the institutions buying triple-A rated toxic CDOs were
playing long/short mismatch ... even tho that has been known for
centuries to take down institutions. Comment was that Bear-Stearn and
Lehman had marginal chance surviving (playing long/short mismatch)
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
The recent washington post series about CDS ... basically talked about
CDS being sold on instruments that were totally unrelated to the
original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html
related thread in comp.arch
https://www.garlic.com/~lynn/2008s.html#23 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#24 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#27 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#28 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#33 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#57 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#59 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#60 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#62 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#63 Gargbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#70 Gargbage in, garbage out trampled by Moore's law
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What are the challenges in risk analytics post financial crisis? Date: Jan 05, 2009 Blog: Risk Managementre:
TV business news show just finished segment with a repeated refrain that the regulatory agencies are more interested in protecting wall street than protecting the investor (which is going to have to significantly change)... semi-related article here:
The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php
from above:
Markets need regulation to stay stable. We have had thirty years of
financial deregulation. Now we are seeing chickens coming home to
roost. This is the key argument of Professor Nick Bingham, a
mathematician at Imperial College London, in an article published
today in Significance, the magazine of the Royal Statistical Society.
... snip ...
With regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
long winded, decade old post discussing some of the current issues
https://www.garlic.com/~lynn/aepay3.htm#riskm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Date arithmetic and Zune bug Newsgroups: comp.arch Date: Mon, 05 Jan 2009 14:14:46 -0500"Ken Hagan" <K.Hagan@thermoteknix.com> writes:
in these old threads:
https://www.garlic.com/~lynn/99.html#24 BA Solves Y2K (Was: Re: Chinese Solve Y2K)
https://www.garlic.com/~lynn/99.html#233 Computer of the century
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Magnetic tape storage Newsgroups: alt.folklore.computers Date: Mon, 05 Jan 2009 14:56:30 -0500Morten Reistad <first@last.name> writes:
as part of doing CMSBACK (which was used internal and then went thru
some product versions eventually morphing into the current TSM)
... misc. old email
https://www.garlic.com/~lynn/lhwemail.html#cmsback
I started out modifying the standard cms tape-based maintenance utility VMFPLC. VMFPLC in turn was a modified version of the cms utility TAPE. TAPE would write the FST (file descriptor) as a tape record followed by the file data blocked as one or more 800-byte tape records.
VMFPLC added some number of additional function and changed the 800-byte tape record blocking to 4k-bytes. However, for small files, there were still a minimum of two tape records (and two inter-record gaps).
I creating VMXPLC from VMFPLC by adding some more function for backup/archive, combined the FST tape record with the first/only file tape data record ... and allowed file data to be blocked as multiple 4k-byte records (minimum of one inter-record gap for small files, instead of two ... and multiple 4k data block tape records for larger files).
I also made sure that buffers were 4k-byte page allowed ... which
enabled various kinds of performance & thruput tricks when dealing with
page-mapped filesystem ... misc. past posts mentioning having done
page-mapped filesystem for CMS. Part of this was standard CMS operation
was synchronous ... but with paged-mapped filesystem it was possible to
do a fair amount of asynchronous, overlapped operations ... with paging
infrastructure providing the appropriate serialization. vmxplc would
setup for things like multiple asynchronous, overlapped buffering
... which would be purely synchronous with normal filesystems ... but
become asynchronous if page-mapped filesystem was involved:
https://www.garlic.com/~lynn/submain.html#mmap
IBM tape channel (I/O) programming tended to have tape records limited to length of what could be done with single channel command word ... which only had a half-word (16bit) length field ... common practice further limited things to 32k ... so that half-word signed operations worked correctly.
misc. past posts referring to (mostly tape) backup/archive:
https://www.garlic.com/~lynn/submain.html#backup
misc. past posts mentioning vmfplc &/or vmxplc:
https://www.garlic.com/~lynn/99.html#149 OS/360 (and descendants) VM system?
https://www.garlic.com/~lynn/2001n.html#92 "blocking factors" (Was: Tapes)
https://www.garlic.com/~lynn/2002h.html#35 Computers in Science Fiction
https://www.garlic.com/~lynn/2002h.html#36 Computers in Science Fiction
https://www.garlic.com/~lynn/2003b.html#42 VMFPLC2 tape format
https://www.garlic.com/~lynn/2003b.html#43 VMFPLC2 tape format
https://www.garlic.com/~lynn/2003b.html#44 filesystem structure, was tape format (long post)
https://www.garlic.com/~lynn/2003k.html#47 Slashdot: O'Reilly On The Importance Of The Mainframe Heritage
https://www.garlic.com/~lynn/2004e.html#39 Candle support from Los Delhi
https://www.garlic.com/~lynn/2005j.html#56 Q ALLOC PAGE vs. CP Q ALLOC vs ESAMAP
https://www.garlic.com/~lynn/2005p.html#42 VMFPLC2 to load EREP PTFs
https://www.garlic.com/~lynn/2006.html#8 How to restore VMFPLC dumped files on z/VM V5.1
https://www.garlic.com/~lynn/2006.html#9 How to restore VMFPLC dumped files on z/VM V5.1
https://www.garlic.com/~lynn/2006.html#10 How to restore VMFPLC dumped files on z/VM V5.1
https://www.garlic.com/~lynn/2006t.html#24 CMSBACK
https://www.garlic.com/~lynn/2006w.html#25 To RISC or not to RISC
https://www.garlic.com/~lynn/2008j.html#72 tape blocking
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Magnetic tape storage Newsgroups: alt.folklore.computers Date: Mon, 05 Jan 2009 15:21:20 -0500Andre Majorel <cheney@halliburton.com> writes:
which includes tape CCW command codes
https://www.garlic.com/~lynn/gcard.html#25
7track from above:
Magnetic-Tape Density--Parity---DC----Trans---Cmd
Mode-Set-1 200 odd on off 13
(7-Track) off off 33
on 3B
even off off 23
on 2B
556 odd on off 53
off off 73
on 7B
even off off 63
on 6B
800 odd on off 93
off off B3
on BB
even off off A3
on AB
Density--Parity---DC----Trans---Cmd
... snip ...
my first student programming job was porting 1401 MPIO program to 360. MPIO was used for card->tape and tape->printer/punch ... using the 1401 as unit-record front-end for the university's 709. (7trk) tapes were manually moved back and forth between 1401 (7trk) tape drive and 709 (7trk) tape drive.
the university got a 360/30 to replace the 1401 (as part of evolution eventually getting a 360/67 to replace both the 1401 & 709). 360/30 had 1401 hardware emulation mode ... so that MPIO could run unmodified ... but redoing MPIO in 360 was possibly an exercise in using 360.
I got to design & implement my own stand-alone monitor, interrupt handlers, storage management, device drivers, dispatching, etc. I believe all the 7trk tapes I dealt with were 200bpi.
726 magnetic tape drive (1952 for 701) 100bpi
http://www-03.ibm.com/ibm/history/exhibits/storage/storage_726.html
2401 magnetic tape unit (1964 for 360) 9trk 800bpi (models 1,2,3) & both
800bpi & 1600bpi (models 4,5,6). there was option option to handle 7trk
200/556/800bpi
http://www-03.ibm.com/ibm/history/exhibits/storage/storage_2401.html
3420 magnetic tape drive ... initial models shipped (1971) only support
800 & 1600 bpi ... two yrs later (1973), three new models added 6250
bpi.
http://www-03.ibm.com/ibm/history/exhibits/storage/storage_3420.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Magnetic tape storage Newsgroups: alt.folklore.computers Date: Tue, 06 Jan 2009 10:29:55 -0500jmfbahciv <jmfbahciv@aol> writes:
and reference to getting univ. data center from 8am sat until
8am mon:
https://www.garlic.com/~lynn/2008s.html#51 Computer History Museum
one of the things that was normally done at shift change was to clean the tape drive heads. one of the first things that i learned was to start off the weekend by doing standard maintenance, cleaning the tape drives (and repeat a couple times during the weekend) ... as well as disassembling the 2540 reader and punch and cleaning the brushes, punches, chip box, card paths, etc.
in the tape device driver ... read error recovery standard procedure was to read backward & forward (up to ten times) ... and then write error message (possibly getting the drive cleaned and then retried).
not all that different from using cotton q-tips on audio open real. as drives got more compact and enclosed ... they came up with the idea of a "cleaning cassette".
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Data losses set to soar Date: Jan 03, 2009 Blog: Financial Crime Risk, Fraud and SecurityData losses set to soar
from above:
Last year stands as the worst for reported data loss incidents, and
researchers with KPMG have warned that the trend is set to increase
through 2009.
... snip ...
also
Data Breaches Up Almost 50 Percent
http://www.washingtonpost.com/wp-dyn/content/article/2009/01/05/AR2009010503046.html
and recent related article & discussion in "Payment Systems Network"
re: "Swedish police warn of tampered credit card terminals":
https://www.garlic.com/~lynn/2009.html#7
https://www.garlic.com/~lynn/2009.html#10
https://www.garlic.com/~lynn/2009.html#11
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Banks to embrace virtualisation in 2009: survey Newsgroups: alt.folklore.computers Date: Tue, 06 Jan 2009 11:51:48 -0500Banks to embrace virtualisation in 2009: survey
two of the original (virtual machine) cp67 ("spin-offs") commercial time-sharing service bureaus in the 60s, were NCSS and IDC.
A couple recent posts mentioning NCSS:
https://www.garlic.com/~lynn/2008s.html#54 Computer History Museum
https://www.garlic.com/~lynn/2008s.html#56 Computer History Museum
https://www.garlic.com/~lynn/2008s.html#66 Computer History Museum
Both NCSS and IDC got into offering financial data (moving up the value stream for online computer services). NCSS was bought up by D&B and absorbed into their data processing unit.
IDC still exists ... but delivering the financial information over the
web ... recent IDC news release:
http://www.finextra.com/fullpr.asp?id=25305
IDC website:
http://www.interactivedata.com/
IDC timeline ... mentions in '72 IDC purchases the "Pricing Services"
division of Standard & Poors.
http://www.interactivedata.com/overview/timeline.htm
recent posts mentioning that current problems with giving triple-A
rating to toxic CDOs ... a major factor in the current financial crisis
... has it seeds in the early 70s when the rating agencies changed their
business model (to issuers paying for the ratings ... which created
opening for significant conflict of interest)
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
https://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
"NCSS Sold to Dun & Bradstreet"
http://staging.computerhistory.org/corphist/view.php?s=events&id=338&PHPSESSID=ae88c1a68115c7bf4fe76fb79ca1aa97
lots of past posts mentioning (virtual machine) timesharing commercial
service bureaus
https://www.garlic.com/~lynn/submain.html#timeshare
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Need Your Advice Newsgroups: alt.folklore.computers Date: Tue, 06 Jan 2009 12:22:03 -0500Quadibloc <jsavard@ecn.ab.ca> writes:
above has little cross-over to a.f.c. mentioning
https://www.garlic.com/~lynn/2008s.html#37 Is SUN going to become x86'ed?
with reference to "the network is the computer" & information utility.
as mentioned, netbooks then start to be more analogous to portable terminals and obtain the computing over some sort of network/telecom connection
post with home office photo showing "portable" miniterm from the
70s (after replacing standard 2741 terminal at home):
https://www.garlic.com/~lynn/2008m.html#38 Baudot code direct to computers?
https://www.garlic.com/~lynn/2008m.html#51 Baudot code direct to computers?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: NPR Asks: Will Cloud Computing Work in the White House? Date: Jan 06, 2009 Blog: Greater IBM ConnectionNPR Asks: Will Cloud Computing Work in the White House?
Recent posts referring to cloud computing looking more & more like
old-time online time-sharing
https://www.garlic.com/~lynn/2009.html#21
https://www.garlic.com/~lynn/2009.html#22
and this recent post that makes reference to long ago & far away the
executive branch using vm370 (online virtual machine time-sharing) and
profs (email):
https://www.garlic.com/~lynn/2009.html#8
and x-over with another cloud computing news article also posted here:
https://www.garlic.com/~lynn/2008s.html#38
https://www.garlic.com/~lynn/2008s.html#42
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: A New Web of Trust Date: Jan 06, 2009 Blog: Greater IBM ConnectionA New Web of Trust
from above:
A protocol that could make the Internet more secure is finally being
implemented.
... snip ...
Lots of past posts mentioning that improving DNS integrity can result
in negating much of the original requirements for SSL:
https://www.garlic.com/~lynn/subpubkey.html#catch22
There have been a lot of news recently about flaw in SSL ... which
impacts the integrity of lots of internet operations. Recent post
discussing some aspects of the SSL flaw (along with a large number of
URL pointers to news articles):
https://www.garlic.com/~lynn/2008s.html#76
Note that because of the nature of SSL validation ... it isn't
sufficient to correct some of the flawed deployments ... it is
necessary to correct *ALL* flawed deployments (since an attacker can
leverage any flawed implementation to impersonate any internet entity
.... including SSL entities totally unrelated to the flawed
implementation). discussed more in this follow-up post
https://www.garlic.com/~lynn/2008s.html#78
The posts also reference some of the overlap between DNS weaknesses and SSL weaknesses ... as well as references to a thread from last fall about "web security hasn't moved since 1995"
Note that both DNS & SSL integrity problems and flaws have impact on
lots of internet things ... including cloud computing. For a little
more topic drift, some recent comment about similarity between cloud
computing and old-time, online, time-sharing
https://www.garlic.com/~lynn/2009.html#23
recent posts with some x-over between availability, network
infrastructure and electronic commerce
https://www.garlic.com/~lynn/2009.html#0
https://www.garlic.com/~lynn/2009.html#7
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Wrong Instrument for Recurring Payments Date: Jan 06, 2009 Blog: Payment Systems Networkafter having been involved in this thing that is now frequently called "electronic commerce" ... in the mid-90s, we were asked to participate in the x9a10 financial standard working group ... which had been given the requirement to preserve the integrity of the financial infrastructure for ALL retail payments. the result was x9.59 financial transaction protocol
x9.59 had to be payment method agnostic ... i.e. works with credit, debit, ach, point-of-sale, face-to-face, unattended, internet, wireless, etc ... as well as super secure as well as super lightweight (both in payload and processing).
Nominally payment expense has been related to merchant "discount" based on 1) fraud and 2) loan costs vis-a-vis available balance. For instance there are studies that "signature debit" fraud is comparable to credit and 15-times that of "PIN-debit" ... where there is correlation between level of fraud and infrastructure costs. Credit also has the implied expense of advancing funds (basically loan) vis-a-vis debit/ACH which accesses funds directly.
Note that the FSTC e-check project looked at two different deployments ... one via the debit network and the other was via the ACH network. While they were both direct access to existing funds ... the ACH network settlement typically took longer and represented additional "float" income to the financial institutions.
The NACHA internet deployment was using debit network (as opposed to
ACH network) ... reference to the NACHA RFI and results:
https://www.garlic.com/~lynn/x959.html#aadsnacha
For a x9.59 transaction ... it is equally secure regardless of the network carrying the transaction .. credit network, debit network or ACH network.
One of the side-effects of x9.59 transaction standard was it eliminated the fraudulent transactions that can result from data breaches, skimming, harvesting, and/or evesdropping exploits ( x9.59 didn't do anything about preventing data breaches, skimming, harvesting and/or evesdropping, it just eliminated the fraudulent transactions that could result from such activity).
We had been involved in using SSL for hiding transaction information as part of deployment of what is now frequently referred to as "electronic commerce" (which is the largest use of SSL in the world today) ... before working on x9.59 financial standard transaction protocol. One of the side-effects of x9.59 financial standard is that it is no longer necessary to hide financial transaction information (as countermeasure to fraudulent transactions) and so eliminates the major SSL use in the world today.
For a little x-over ... recent post in another linkedin group
discussing both (recent) DNS (network) flaws as well as (recent) SSL
flaws
https://www.garlic.com/~lynn/2009.html#24 A New Web of Trust
other recent posts/discussions in linkedin Payment Systems Network:
https://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing
https://www.garlic.com/~lynn/2008p.html#69 ATM PIN through phone or Internet. Is it secure? Is it allowed by PCI-DSS?, Visa, MC, etc.?
https://www.garlic.com/~lynn/2008p.html#74 2008 Data Breaches: 30 Million and Counting
https://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
https://www.garlic.com/~lynn/2008r.html#54 PCI needs to address virtualization, experts say
https://www.garlic.com/~lynn/2008r.html#59 Stolen credit-card boom
https://www.garlic.com/~lynn/2008s.html#1 PCI's Bob Russo: Data loss hurts brand more than a fine
https://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#10 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#11 Swedish police warn of tampered credit card terminals
and a few recent posts/discussions in linkedin Financial Crime Risk,
Fraud and Security
https://www.garlic.com/~lynn/2008q.html#25 Cybercrime Could Be As Destructive As Credit Crisis
https://www.garlic.com/~lynn/2008q.html#32 I was wondering what types of frauds the audience think will increase?
https://www.garlic.com/~lynn/2008r.html#0 ATM Skimmers: Watch Out for Electronic Theft Devices
https://www.garlic.com/~lynn/2008r.html#52 Cheap Hack - Domain Name Market - Stolen Domains for Sale
https://www.garlic.com/~lynn/2008s.html#50 Perfect MITM Attacks With No-Check SSL
https://www.garlic.com/~lynn/2008s.html#58 DNS flaw is 2008's biggest web blunder
https://www.garlic.com/~lynn/2008s.html#72 CA issues no-questions asked Mozilla cert
https://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2009.html#20 Data losses set to soar
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Date arithmetic and Zune bug Newsgroups: comp.arch Date: Tue, 06 Jan 2009 16:58:59 -0500re:
for a little other topic drift (leap "seconds" rather than "year"):
'Leap Second' Snafu Affects Oracle Clusterware
http://www.pcworld.com/article/156453/leap_second_snafu_affects_oracle_clusterware.html
back circa 1970 ... i spent 3months with a number of other people discussing what to do about "leap seconds" (that and what does the "start of the century" mean ... i.e. did the century start in 1900 or 1901?) ... this was for the 370 TOD clock.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: NPR Asks: Will Cloud Computing Work in the White House? Date: Jan 06, 2009 Blog: Greater IBM Connectionthen there is this:
A crack in the madness of clouds
http://www.theregister.co.uk/2009/01/06/year_ahead_clouds/
from above:
Few people define "the cloud" or "cloud computing" the same way,
leading to market noise and a wealth of misinformation. "The cloud" as
a term really started as a metaphor for the "internet" and has since
been bastardized to mean pretty much anything that isn't on-premise
computing.
... snip ...
again somewhat the description of old-time time-sharing service
bureaus ...
https://www.garlic.com/~lynn/2009.html#23
and lots of past posts
https://www.garlic.com/~lynn/submain.html#timeshare
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: the Z/10 and timers. Newsgroups: bit.listserv.ibm-main,alt.folklore.computers To: <ibm-main@bama.ua.edu> Date: Wed, 07 Jan 2009 10:57:20 -0500timothy.sipples@US.IBM.COM (Timothy Sipples) writes:
360/65 multiprocessor had processors sharing all the same memory ... but each processor had its own "private" channels. To simulate a multiprocessor I/O configuration ... multi-channel controllers were used ... with the channels from the different processors connecting into "shared" controllers (usually with the same address configuration).
360/67 multiprocessor had a lot more to it, including a "channel controller" box ... and in multiprocessor operation ... all processors addressed all channels. part of the control registers were used to address the switch settings in the channel controller (which controlled the configuration of the channels as well as the memory banks). In at least one three-way 360/67 multiprocessor shipped, the control registers were not only used to sense the "channel controller" switch settings ... but were also able to change the hardware configuration settings.
Originally there was 360/60 (and 360/70) with slower memory ... and a model with virtual memory added. I remember seeing an early virtual memory reference manual describing standard multiprocessor architecture was for 4-way (which was reflected in the control register and channel control description). All the processors were renumbered when 750mic memory replaced the slower speed memory. Howerver, I don't remember anything about 360/65 multiprocessor was for anything other than two-way.
copy of the 360/67 function characteristics (including description
of the channel controller box, control register values, etc)
http://www.bitsavers.org/pdf/ibm/360/functional_characteristics/GA27-2719-2_360-67_funcChar.pdf
the corporate "official" operating system for the 360/67 was tss/360
... directory with various TSS/360 documents:
http://www.bitsavers.org/pdf/ibm/360/tss/
some amount of 360/67 features weren't seen again until 370xa.
the science center had started a project to do a virtual machine
implementation ... and first attempted to get a 360/50 to modify with
virtual memory hardware ... but because so many 360/50s were going to
the FAA air traffic control project ... had to settle for a 360/40. this
was used to develop cp/40. when the science center was able to obtain a
360/67, cp/40 morphed into cp/67. ... directory with at least one
manual:
http://www.bitsavers.org/pdf/ibm/360/cp67/
cp67 was very much a skunk works project ... with numerous corporate
attempts from various quarters, at various times, to periodically
terminate it. slightly related recent post
https://www.garlic.com/~lynn/2009.html#6 mvs preemption dispatcher
lots of the early 360/67 lore can be found in Melinda's VM history
document ... a number of versions in various formats can be found here:
https://www.leeandmelindavarian.com/Melinda/
https://www.leeandmelindavarian.com/Melinda#VMHist
os/360 mp/65 smp implementation basically had a single global system "spin-lock" ... applications could run concurrently on both processors, but at entry to the supervisor ... TEST&SET instruction was used in attempt to obtain the global lock. If the other processor had the lock, it would just branch back to TEST&SET and repeat the operation until the other processor released the lock (basically only a single processor executing in the supervisor at a time).
charlie was doing fine-grain multiprocessor locking work on cp67 at the
science center ... lots of past post mentioning science center
https://www.garlic.com/~lynn/subtopic.html#545tech
when he invented the compare&swap instruction (chosen because CAS are
charlie's initials) ... lots of past posts mentioning SMP and/or
compare&swap
https://www.garlic.com/~lynn/subtopic.html#smp
there was then discussions with the 370 hardware architecture group to
have them include compare&swap instruction ... however it was initially
rejected ... with the comment that the "favorite son operating system"
people saw no need for anything more than the "test&set" instruction
(see above comment about global system spin-lock). The architecture
group said that in order to justify compare&swap instruction for 370 ...
other than SMP system lock use was needed. Thus was born the description
(still in principles of operation) for using compare&swap instruction in
coordinating application multithreaded/multiprogramming operation
(whether or not running in multiprocessor environment).
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DZ9ZR003/A.6?SHELF=DZ9ZBK03&DT=20040504121320
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Data losses set to soar Date: Jan 07, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
well then ... here are a sample of a few over the past two yrs:
https://www.garlic.com/~lynn/2007v.html#87 Data Breaches Soar In 2007
https://www.garlic.com/~lynn/2007v.html#88 Data Breaches Soar In 2007
https://www.garlic.com/~lynn/2008.html#11 Information security breaches quadrupled in 2007
https://www.garlic.com/~lynn/2008f.html#88 Has Banking Industry Overlooked Its Biggest Breach Ever?
https://www.garlic.com/~lynn/2008g.html#17 Hannaford breach illustrates dangerous compliance mentality
https://www.garlic.com/~lynn/2008i.html#42 Security Breaches
https://www.garlic.com/~lynn/2008j.html#35 Data Breach Reports Up 69 Percent in 2008
https://www.garlic.com/~lynn/2008p.html#74 2008 Data Breaches: 30 Million and Counting
As I've mentioned before ... we were tangentially involved in the Cal. state breach notification legislation (similar legislation has since shown up in other jurisdictions). We had been called in for some word-smithing on the Cal. state electronic signature legislation. Some of the organizations involved in electronic signature were also heavily involved in privacy issues. They had done detailed, in-depth, consumer privacy surveys and found the number one issue was "identity theft" ... and one of the most common types of "identity theft" was fraudulent financial transactions resulting from varies kinds of information compromises. At the time, there appeared to be little being done about the situation ... and they seemed to believe that the publicity (resulting from the breach notifications) would motivate improvements in the situation.
for other topic drift, lots of past references to electronic signature
legislation
https://www.garlic.com/~lynn/subpubkey.html#signature
some recent related linkedin discussions either in Payment Systems Network
or Financial Crime Risk, Fraud and Security:
https://www.garlic.com/~lynn/2008s.html#1 PCI's Bob Russo: Data loss hurts brand more than a fine
https://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
https://www.garlic.com/~lynn/2008s.html#50 Perfect MITM Attacks With No-Check SSL
https://www.garlic.com/~lynn/2008s.html#58 DNS flaw is 2008's biggest web blunder
https://www.garlic.com/~lynn/2008s.html#72 CA issues no-questions asked Mozilla cert
https://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#10 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#11 Swedish police warn of tampered credit card terminals
https://www.garlic.com/~lynn/2009.html#25 Wrong Instrument for Recurring Payments
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: the Z/10 and timers. Newsgroups: bit.listserv.ibm-main,alt.folklore.computers Date: Wed, 07 Jan 2009 14:59:25 -0500tzha1@ATTGLOBAL.NET (Tony Harminc) writes:
360/67 smp had a programmable prefix register similar to 370 (reference the 360/67 functional specification mentioned in previous post) ... i.e. references to "real" page zero were remapped to the page address in the prefix register ... as a result ... each processor could have its own, unique "page zero" (when otherwise all other addresses on all processors mapped to the same storage locations).
for 370 smp prefix register, "reverse" mapping was added ... i.e. references to the real page address (specified in the prefix register) were mapped back to the "common" page zero.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Banks to embrace virtualisation in 2009: survey Newsgroups: alt.folklore.computers Date: Thu, 08 Jan 2009 10:10:32 -0500Anne & Lynn Wheeler <lynn@garlic.com> writes:
TV business news show this morning had segment on pricing & purchasing mortgage-backed securities (formally triple-A rated toxic CDOs) ... and mentioned that IDC was helping the gov.
IDC wiki page
https://en.wikipedia.org/wiki/Interactive_Data_Corporation
IDC (along with NCSS) was one of the original (virtual machine) cp67
commercial timesharing service bureaus ... lots of past posts:
https://www.garlic.com/~lynn/submain.html#timeshare
for other topic drift ... recent posts mentioning triple-A rated toxic
CDOs
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008r.html#67 What is securitization and why are people wary of it ?
https://www.garlic.com/~lynn/2008s.html#8 Top financial firms of US are eyeing on bailout. It implies to me that their "Risk Management Department's" assessment was way below expectations
https://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
https://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#24 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?
https://www.garlic.com/~lynn/2008s.html#59 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#60 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#15 What are the challenges in risk analytics post financial crisis?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What are the challenges in risk analytics post financial crisis? Date: Jan 05, 2009 Blog: Risk Managementre:
TV business show this morning had segment on gov. buying mortgage-backed securities (toxic CDOs) and mentioning that IDC was helping the gov price the securities.
recent post from Tuesday mentioning IDC had bought Standards & Poors
pricing services in 1972 (about the time the congressional hearings
claimed the rating agencies business model became "mis-aligned"
... with the change issuers/sellers paying for the ratings).
https://www.garlic.com/~lynn/2009.html#21 Banks to embrace virtualization in 2009: survey
and followup
https://www.garlic.com/~lynn/2009.html#31 Banks to embrace virtualization in 2009: survey
also mentioned was in the 60s, IDC was one of the commercial (virtual machine) cp67 timesharing service bureaus.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: European Payments Council calls for action on counterfeit cards Date: Jan 08, 2009 Blog: Financial Crime Risk, Fraud and SecurityEuropean Payments Council calls for action on counterfeit cards
from above:
The banking industry standards body says that ATM operators and
schemes should consider the introduction of more safeguards to protect
cardholders from a crime that resulted in losses of ov EURO438 million
in Europe alone in 2007, according to figures from the European ATM
Security Team.
... snip ...
Article also mentions requirement & certification for anti-skimming
devices. Skimming is a form of data loss ... mentioned in other
recent news article about data loses continuing to soar ... also
archived here:
https://www.garlic.com/~lynn/2009.html#20
https://www.garlic.com/~lynn/2009.html#29
Counterfeiting hasn't just been limited to magstripe ... reference to
magstripe invention/history in this recent post
https://www.garlic.com/~lynn/2008s.html#25
.. but has also included chipcards ... reference to past threads &
discussions regarding the (counterfeit) yes card
https://www.garlic.com/~lynn/subintegrity.html#yescard
reference to yes card presentation at cartes 2002:
https://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Swedish police warn of tampered credit card terminals Date: Jan 08, 2009 Blog: Payment Systems Networkre:
X9.59 provided for end-to-end integrity ... including eliminating the
fraudulent transactions (and counterferit cards) that can result from
data breaches, skimming, harvesting, evesdropping, etc.
https://www.garlic.com/~lynn/x959.html#x959
The issue then was whether the integrity of the end-point was trusted (POS terminal, personal computer, etc) ... namely is the transaction you "see" the same as the transaction you are authorizing?
The EU finread terminal standard was a countermeasure to such personal
computer compromises ... basically a smartcard reader with its own
display (and keypad) ... the finread display could be trusted to
display the transaction being authorized ... regardless of any
compromises in the PC it was connected to.
https://www.garlic.com/~lynn/subintegrity.html#finread
There was an unrelated, unfortunate attempted deployment of personal
computer smartcard reader in the 2000 timeframe that suffered from
significant shortcomings that resulted in large number of consumer
problems ... to the extent that it was aborted and gave rise to a
rapidly spreading opinion that smartcards weren't viable in the
consumer market. It turned out the actual problems weren't related to
hardware tokens ... but the smartcard reader (being deployed) having
various shortcomings resulting in things like BSOD and consumers
required to reinstall their systems. This resulted in nearly all the
consumer oriented hardware token programs from the period being
suspended (including the EU finread standard effort). Note this was
unrelated to the deployments that were subject to the yes card
compromise that happened in the same time period
https://www.garlic.com/~lynn/subintegrity.html#yescard
there was presentation regarding yes card compromise at Cartes
2002
https://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html
There is an analogous issue with POS terminal compromises and whether the transaction it displays are the same as the transactions being authorized. There is countermeasure to this problem, analogous to the EU finread terminal standard ... but involving a personally trusted cellphone &/or PDA ... which displays and performs the actual transactions and communicates with the merchant POS terminal via some wireless mechanism.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Perfect MITM Attacks With No-Check SSL Certs Date: Jan 08, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
Again ... this news item wasn't about the MD5 flaw ... it was about (valid) CAs issuing valid SSL digital certificates to imposters w/o adequately checking (or in some cases apparently no checking).
as per countermeasure to the MD5 flaw ... one might first check if it is a MD5 certificate ... i.e. survey has 1/7th of the certificates are MD5
Survey: One in seven SSL certificates are weak
http://www.securityfocus.com/brief/880
Weak sigs found on one in seven SSL sites
http://www.theregister.co.uk/2009/01/07/ssl_security_survey/
there has been suggestion that there then is a check if it actually correspond to known certificate for that website.
basically the SSL digital certificate is to provide a binding between
a domain name and a public key. If there is going to be a real-time
lookup of the public key against the corresponding domain name
... then it is possible to just eliminate the digital certificate all
together (they become redundant and superfluous). this is the
certificate-less public key scenario ... lots of past posts
https://www.garlic.com/~lynn/subpubkey.html#certless
It is also effectively the DNSSEC issue ... to address several
perceived integrity issues in the DNS infrastructure ... not just that
being addressed by the whole SSL scheme .... which potentially (also)
has the prospect of making SSL certificates redundant and superfluous
... discussed in these past postings
https://www.garlic.com/~lynn/subpubkey.html#catch22
and a couple posts about MD5 flaw:
https://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: DECWriter APL Font Newsgroups: alt.folklore.computers,comp.sys.dec,comp.lang.apl Date: Fri, 09 Jan 2009 09:27:55 -0500legalize+jeeves@mail.xmission.com (Richard) writes:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Graphics on a Text-Only Display Newsgroups: alt.folklore.computers Date: Fri, 09 Jan 2009 09:42:13 -0500krw <krw@att.zzzzzzzzz> writes:
for something different ... recent post about los gatos, magstripe,
and ATM machines:
https://www.garlic.com/~lynn/2008s.html#25 Web Security hasn't moved since 1995
a few past posts mentioning calmas:
https://www.garlic.com/~lynn/2005r.html#24 What ever happened to Tandem and NonStop OS ?
https://www.garlic.com/~lynn/2006e.html#9 terminals was: Caller ID "spoofing"
https://www.garlic.com/~lynn/2006n.html#41 Tek 4010, info and prices
https://www.garlic.com/~lynn/2007f.html#70 Is computer history taught now?
https://www.garlic.com/~lynn/2007m.html#58 Is Parallel Programming Just Too Hard?
calma wiki page (sunnyvale, ca company ... just up the road a bit from
los gatos)
https://en.wikipedia.org/wiki/Calma
was acquired by GE in 80, sold to Valid in 88, which was acquired by Cadence in 91.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Flashy Botnet is Flashy Date: Jan 09, 2009 Blog: UK Information Securitysome x-over from a col. john boyd blog ... which had pointer to a pointer. this is a world map animation of a botnet infection.
Flashy Botnet is Flashy
https://www.clarifiednetworks.com/Blog/2009-01-01%2018-15
from above:
Some time ago fellows from F-Secure collected a bunch of neat log data
on botnet IRC channel joins. They then asked us to visualize the joins
on a world map, much akin to what we did with the Kaminsky DNS
patching logs. We gleefully agreed.
... snip ...
for other topic drift ... some recent posts referring to the MD5
vulnerability
https://www.garlic.com/~lynn/2009.html#24 A New Web of Trust
https://www.garlic.com/~lynn/2009.html#35 Perfect MITM Attacks With No-Check SSL Certs
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: repeat after me: RAID != backup Newsgroups: alt.folklore.computers Date: Fri, 09 Jan 2009 18:04:36 -0500Joe Pfeiffer <pfeiffer@cs.nmsu.edu> writes:
besides doing ha/cmp ... in late 80s and early 90s ... we would be brought in to review various RAID (hardware) design and implementations (both corporate projects as well as other vendors). frequent glitch that we would find is some "single point of failure" ... someplace in the design (and remind them that everything had to be no single point of value).
past reference to gathering honoring Jim last May
https://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing
part of the gathering focused on his effort formalizing transaction & ACID properaties ... especially for financial infrastructure.
this afternoon i was going thru some boxes in storage and came up with
hardcopy "Approaches To Fault Tolerance" dated Summer 1984 (with some
other stuff that I got from Jim the summer of 1984). Its 28 "foils"
printed two per page ... on some conventional printer (boxes are done
with "-" and "|" so they aren't solid line) ... which was duplex copied
(so came out front & back) on some standard IBM copier (it has the
corporate copier "id" on each page). pdf file is
https://www.garlic.com/~lynn/grayft84.pdf
for other drift ... past post discussing incident that led to having
those little IDs put on the underside of the glass of all corporate
copiers ... so it shows up on all pages produced by that copier.
https://www.garlic.com/~lynn/2000e.html#15
https://www.garlic.com/~lynn/2000f.html#55
which involved leaking a copy of 370 virtual memory description (before virtual memory for 370 was announced) and the information showing up in trade journals.
recent post mentioning being brought in after a dbms corurption of early
"gift-card" pilot (now they can be seen all over the place and all sorts
of checkout counters) because of a high availability configuration
hardware failure
https://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??
it was some other vendor .. not ha/cmp
https://www.garlic.com/~lynn/subtopic.html#hacmp
for other topic drift ... gift-cards are conventional "magstripe"
payment cards ... basically nearly identical to credit & debit cards
... and can be processed by the same POS terminals. recent post
regarding magstripe invention and encoding management ... as
well as early ATM (cash) machines
https://www.garlic.com/~lynn/2008s.html#25
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: How many layers exist in a TCP/IP model? Date: Jan 11, 2009 Blog: Computer Networkingnote that the internetworking layer in tcp/ip doesn't exist in the OSI 7layer model ... it is one of the problems with OSI (internetworking is a non-existent OSI layer between OSI layer3 & OSI layer4)
one of the differences between ISO standards (responsible for OSI) and IETF (responsible for tcp/ip & internet) was that ISO didn't require a workable implementation for a standard while IETF required two interoperable implementations for progressing in the standards process. ISO networking standards body also had an issue when they had requirement that no standards work could be done on work item that didn't conform to OSI.
I had been involved in trying to get HSP (high-speed protocol) work item in X3S3.3 (US ISO standards body for OSI layer 3&4). The work item was rejected since it didn't conform to OSI because:
1) HSP supported LAN/MAC interface ... which also doesn't exist in OSI ... LAN/MAC interface covers part of layer 3 and has interface not at 2/3 or 3/4 boundary ... but in the middle of layer 3.
2) HSP supported internetworking ... a layer that doesn't exist in the OSI model.
3) HSP supported going directly from transport to MAC (bypassing layer 3/4 interface)
lots of past posts mentioning HSP and/or difficulties in the ISO
standards body with work items that didn't conform to OSI
https://www.garlic.com/~lynn/subnetwork.html#xtphsp
I've commented that one of the reasons that the internal network
https://www.garlic.com/~lynn/subnetwork.html#internalnet
was larger than the arpanet/internet
https://www.garlic.com/~lynn/subnetwork.html#internet
from just about the beginning until possibly sometime in the period md-85 to early-86 ... was that the internal network implementation had a form of gateway in every node (i.e. aspect of internetworking) from the beginning. arpanet/internet didn't get that until the great switchover to internetworking on 1/1/83.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: New machine code Newsgroups: alt.folklore.computers Date: Sun, 11 Jan 2009 10:02:18 -0500jmfbahciv <jmfbahciv@aol> writes:
recent posts with some web references:
https://www.garlic.com/~lynn/2008p.html#67 Web Security hasn't moved since 1995
misc. past posts mentioning gml, sgml, etc
https://www.garlic.com/~lynn/submain.html#sgml
misc. past posts mentioning science center
https://www.garlic.com/~lynn/subtopic.html#545tech
industries supporting early, large, online "information utilities" ... were
financial ... including IDC&NCSS move into that segment ... recent
references
https://www.garlic.com/~lynn/2009.html#21 Banks to embrace virtualization in 2009: survey
https://www.garlic.com/~lynn/2009.html#31 Banks to embrace virtualization in 2009: survey
medicine ... national library of medicine ... which was interesting use
of BDAM with its own query transaction processing ... recent reference:
https://www.garlic.com/~lynn/2008m.html#6 Yet another squirrel question - Results (very very long post)
https://www.garlic.com/~lynn/2008m.html#74 Speculation ONLY
and legal ... lexis/nexis ... a couple old references:
https://www.garlic.com/~lynn/2001m.html#51 Author seeks help - net in 1981
https://www.garlic.com/~lynn/2002g.html#3 Why are Mainframe Computers really still in use at all?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Lets play Blame Game...? Date: Jan 11, 2009 Blog: EconomicsThere was a business school article last spring that estimated something like 1000 executives are responsible for 80% of the current crisis ... and it would go a long way to correcting the situation if the gov. could figure out how to loose their jobs.
In congressional hearings last fall there was discussion that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth the triple-A ratings ... but the issuers were paying for triple-A ratings (the word "fraud" was periodically used). They also mentioned that there was a switch in the early 70s from the "buyers" paying for the ratings to the "sellers" paying for the ratings ... which misaligned the business process. The triple-A ratings enormously increased the institutions that would deal in toxic CDOs and the amount of money available to loan (frequently unregulated) originators.
related article:
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
Then there were some of number of the institutions buying the
triple-A rated toxic CDOs ... which were playing long/short mismatch
... even tho it has been known for centuries to take down
institutions. Comment was that Bear-Stearn and Lehman had marginal
change surviving (playing long/short mismatch):
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
The recent washington post series about CDS ... basically talked about
CDS being sold on instruments that were totally unrelated to the
original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html
In large part, deregulation and/or failing to enforce regulations ... allowed a lot of isolated (greed/corrupt) hot-spots to combine into economic fire storm.
There was a recent news item that IDC is now helping the gov. evaluate
these securitized instruments ... as part of gov. purchase plan. A
recent reference about IDC from the 60s&70s ... including IDC
purchasing Standard & Poors "pricing services" division in the
early 70s ... about the time the hearings mentioned that rating
agencies' business processes becoming mis-aligned:
https://www.garlic.com/~lynn/2009.html#21
misc. past posts mentioning item about securitization eliminating
incentive for the loan originator to be credit sensitive:
https://www.garlic.com/~lynn/2008q.html#68 Obama, ACORN, subprimes (Re: Spiders)
https://www.garlic.com/~lynn/2008q.html#69 if you are an powerful financial regulator , how would you have stopped the credit crunch?
https://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
https://www.garlic.com/~lynn/2008s.html#18 What next? from where would the Banks be hit?
https://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Evil weather Newsgroups: alt.folklore.computers Date: Sun, 11 Jan 2009 15:22:37 -0500krw <krw@att.bizzzzzzzzzzz> writes:
misc. past posts mentioning getting to play engineer in bldgs. 14&15
https://www.garlic.com/~lynn/subtopic.html#disk
Col. Boyd's biographies mentions that one of the most pleasant places at spook base was the computer facility (also mentions that it was a $2.5B windfall for IBM).
misc. past posts mentioning Boyd (and/or OODA-loops)
https://www.garlic.com/~lynn/subboyd.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Lawyers & programming (x-over from a.f.c discussion) Date: Jan 12, 2009 Blog: Greater IBM Connectionre:
a decade or so ago, we had opportunity to spend some time looking at the NLM (IBM mainframe) implementation and two of the people that had done the initial implementation in the 60s were still there. we had some discussion because in the late 60s at the univ ... the univ library had an ONR grant to do digital catalogue and was selected to be beta-test for (original) CICS (and I was tasked to support & shoot bugs).
past posts mentioning CICS &/or BDAM:
https://www.garlic.com/~lynn/submain.html#bdam
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Security experts identify 25 coding errors Date: Jan 12, 2009 Blog: International Association of Software ArchitectsSecurity experts identify 25 coding errors
from above:
Experts release list of the top 25 most dangerous coding errors,
hoping to demand higher coding standards and secure software
development.
... snip ...
a few other articles in the same thread:
25 Most Dangerous Programming Errors Exposed
http://www.informationweek.com/news/security/management/232500683
NSA helps name most dangerous programming mistakes
http://www.infoworld.com/article/09/01/12/NSA_helps_name_most_dangerous_programming_mistakes_1.html
NSA helps name most dangerous programming mistakes
http://www.networkworld.com/news/2009/011209-nsa-helps-name-most-dangerous.html?t51hb
http://www.networkworld.com/news/2009/011209-nsa-helps-name-most-dangerous.html
NSA Helps Name Most Dangerous Programming Mistakes
http://www.pcworld.com/article/156894/nsa_helps_name_most_dangerous_programming_mistakes.html
Top 25 software screw-ups
http://www.networkworld.com/news/2009/011509-bgp.html?t51hb
http://www.networkworld.com/news/2009/011209-top-25-programming-errors.html
and some past collected threads & posts regarding buffer length
exploits
https://www.garlic.com/~lynn/subintegrity.html#overflow
oh and some specific past posts about taking CVE data and trying to
categorize exploits and suggesting to Mitre to add information to the
description to aid in categorizing:
https://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
https://www.garlic.com/~lynn/2005d.html#0 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005d.html#67 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005k.html#3 Public disclosure of discovered vulnerabilities
and something a little different, from long ago and far away:
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Lawyers & programming (x-over from a.f.c discussion) Date: Jan 12, 2009 Blog: Greater IBM Connectionre:
SCRIPT was CMS (back when CMS stood for "cambridge monitor system",
before becoming "conversational monitor system") document formating
application done in the mid-60s (at the science center) ... it was
similar to a document formating application on CTSS .... description
of CTSS runoff
http://web.mit.edu/Saltzer/www/publications/CC-244.html
GML was later invented at the science center in '69 and GML tag processing added to script application.
An early major IBM publication to be moved to CMS script was the "principles of operation" ... a major motivation was the conditional/macro processing capability. The "principles of operation" was actually sections of the internal "architecture manual" that included significant more detail. Command line specification would control whether the whole architecture manual was output ... or just the principles of operation subset.
one of the other commercial (virtual machine based) time-sharing
service bureaus was Tymshare. Besides standard CMS features (editing,
document management, email, etc), Tymshare also developed on online
computer conferencing facility on their CMS platform (sort of 35yr old
linkedin precursor) ... and in Aug76 ... offered free use of the
service to the (ibm user group) SHARE ... VMSHARE archives
http://vm.marist.edu/~vmshare/
lots of past posts mentioning (virtual machine based) commercial
time-sharing service bureaus
https://www.garlic.com/~lynn/submain.html#timeshare
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: repeat after me: RAID != backup Newsgroups: alt.folklore.computers Date: Mon, 12 Jan 2009 21:23:12 -0500Al Kossow <aek@spies.com> writes:
i did some additional cleanup of the grayft84.pdf document
https://www.garlic.com/~lynn/grayft84.pdf
I've also got a (1979) 100+ page SHARE (ibm user group) LSRAD report that i scanned at 600bpi with SANE on linux.
The PNM files and the converted TIFF files look fine. Using convert to go from PNM to PS & then PS to PDF ... both the PS & PDF look much worse (seems to show up mostly during the translation to PS).
TUMBLE doesn't work because the PNM (& TIFF) files are 8bit. If I use "pamdepth 1" to reduce the PNM files to 1bit ... things look a lot worse ... which carries thru in going from PNM to TIFF & TUMBLE to pdf.
Can you suggest any other way of getting from PNM to pdf ... w/o loosing a lot of quality.
... from LSRAD:
Preface
This is a report of the SHARE Large Systems Requirements for Application
Development (LSRAD) task force. This report proposes an evolutionary
plan for MVS and VM/370 that will lead to simpler, more efficient and
more useable operating systems. The report is intended to address two
audiences: the uses of IBM's large operating systems and the developers
of those systems.
... snip ...
and
Acknowledgements
The LSRAD task force would like to thank our respective employers for
the constant support they have given us in the form of resources and
encourgement. We further thank the individuals, both within and outside
SHARE Inc., who reviewed the various drafts of this report. We would
like to acknowledge the contribution of the technical editors, Ruth
Ashman, Jeanine Figur, and Ruth Oldfield, and also of the clerical
assistants, Jane Lovelette and Barbara Simpson
Two computers systems proved invaluable for producing this report. Draft
copies were edited on the Tymshare VM system. The final report was
produced on the IBM Yorktown Heights experimental printer using the
Yorktown Formatting Language under VM/CMS.
... snip ...
low-quality jpg front cover
https://www.garlic.com/~lynn/lsradcover.jpg
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: repeat after me: RAID != backup Newsgroups: alt.folklore.computers Date: Tue, 13 Jan 2009 00:52:49 -0500Al Kossow <aek@spies.com> writes:
finally after some playing around, I settled on gimp "levels" with gama levels to .4 ... which increase the darkness of the letters in the pnm file ... before doing the "pamdepth 1" on the pnm file and then converted to tiff.
the resulting tiff file (after gimp processing) is a lot better (although still not quite as good as the tiff file w/o the 8->1 bit change).
tumble now works and the resulting pdf file looks a lot more legible ... but black and white are now inverted. any idea why???
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The 25 Most Dangerous Programming Errors Date: Jan 13, 2009 Blog: International Association of Software ArchitectsThe 25 Most Dangerous Programming Errors
from above:
Security Experts Unveil List of Common Vulnerabilities and How to Fix
Them
... snip ...
comment from yesterday in "International Association of Software
Architects"
https://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors
and lots of past collected threads & posts regarding buffer length
exploits
https://www.garlic.com/~lynn/subintegrity.html#overflow
oh and some specific past posts about (also) taking CVE data and
trying to categorize/classifying explots and suggesting to Mitre to
add information to the description to aid in categorizing:
https://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
https://www.garlic.com/~lynn/2005d.html#0 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005d.html#67 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005k.html#3 Public disclosure of discovered
part of the motivation was to enhanced my merged security taxonomy and
security glossary
https://www.garlic.com/~lynn/secure.htm
additional description here
https://www.garlic.com/~lynn/index.html#glosnote
and for something slightly different:
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml
and lots of other similar news URLs:
NSA helps name most dangerous programming mistakes
http://www.networkworld.com/news/2009/011209-software-security-effort.html
Error correcting software from the beginning
http://gcn.com/articles/2009/01/12/coding-errors.aspx
Experts trumpet '25 most dangerous' programming errors
http://www.theregister.co.uk/2009/01/13/top_25_programming_errors/
SANS Releases List Of Top 25 Most Dangerous Programming Errors In
Software
http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212800202
Security Experts ID Top 25 Programming Errors
http://www.csoonline.com/article/475620/Security_Experts_ID_Top_Programming_Errors
Update: Group details 25 most dangerous coding errors hackers exploit
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125678&source=rss_topic17
Security experts name top 25 programming screw-ups
http://www.arnnet.com.au/article/272735/security_experts_name_top_25_programming_screw-ups?fp=4194304&fpid=1
Avoiding the Most Common Programming Errors
http://www.internetnews.com/security/article.php/3795796/Avoiding+the+Most+Common+Programming+Errors.htm
Exploits & Vulnerabilities: Security Wonks List Coders' Top 25 Worst
Flubs
http://www.technewsworld.com/story/65792.html
Will Top 25 list of software errors rescue you from rotten software?
http://www.networkworld.com/news/2009/011209-top-25-programming-errors.html
Security experts name top 25 programming screw-ups
http://www.techworld.com.au/article/272735/security_experts_name_top_25_programming_screw-ups
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Greed Is... Date: Jan 13, 2009 Blog: Boyd (related)recent post in linkedin "economics" Lets play Blame Game
about business school article that estimated about 1000 executives are responsible for 80% of the current crisis (and it would go a long way to fixing the problem if the gov. could figure out how they could loose their jobs)
older linkedin thread mentioning
https://www.garlic.com/~lynn/2008s.html#5
related greed to some things Col. John Boyd mentioned.
Another tie-in to aspect of greed and something Col. Boyd would
mention in briefings
https://www.garlic.com/~lynn/2008s.html#41
There was a study that claimed that the ratio of executive compensation to worker compensation had exploded to 400:1 after being 20:1 for a long time (and 10:1 in most of the rest of the world). This might be related to (Col Boyd's observations about) growing pervasiveness of the orientation & training that US Army used going into WW2 ... to quickly deploy large numbers of inexperienced and untrained soldiers, an extremely rigid, top-down command&control structure was used to leverage the few experienced resources available. Propagating this into civilian arena ... it is only the few at the very top that are responsible for successful operation.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: repeat after me: RAID != backup Newsgroups: alt.folklore.computers Date: Tue, 13 Jan 2009 17:34:53 -0500Al Kossow <aek@spies.com> writes:
I'm using pamtotiff to convert from pbm to tiff format (before using
tumble to generate pdf file) ... it is part of netpbm package
http://netpbm.sourceforge.net/
all the (pbm & tiff) files (but the tumble generated pdf file), show black letters on white. turns out i was using pamtotiff w/o any compression. I finally found if I specify "-g4" compression for the generated tiff files, then tumble generates pdf file with black letters (on white) rather than white letters (on black).
if i can get agreement from (ibm user group) share.org
http://www.share.org
which holds the copyright ... is this something that can go up on bitsavers.org? 109 pages, pdf file is 4+mbyte.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The Credit Crunch: Why it happened? Date: Jan 13, 2009 Blog: Payment Systems Networkreferenced article:
Securitized loans (toxic CDOs) were used two decades ago in the S&L
crisis to obfuscate the underlying values. decade old, long-winded
post discussing some of the current problems
https://www.garlic.com/~lynn/aepay3.htm#riskm
A couple months ago, in the congressional hearings, it was mentioned that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers were paying the rating agencies for the triple-A ratings (the word "fraud" was used several times). It was also mentioned that there was a switch in the early 70s from "buyers" paying for the ratings to the "sellers" paying for the ratings ... which created mis-aligned business interests and opened the way for conflict of interest. The triple-A ratings enormously increased the institutions that would deal in toxic CDOs and the amount of money available for the loan (often unregulated) orginators.
and then there is:
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
Then there were some of number of the institutions buying these
triple-A rated toxic CDOs ... which were playing long/short mismatch
... even tho it has been known for centuries to take down
institutions. Comment was that Bear-Stearn and Lehman had marginal
change surviving (playing long/short mismatch).
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
The long/short mismatch was further aggravated by the heavy leveraging.
The recent washington post series about CDS ... basically talked about
CDS being sold on instruments that were totally unrelated to the
original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html
In large part, deregulation and/or failing to enforce regulations ... allowed a lot of isolated (greed/corrupt) hot-spots to combine into economic fire storm.
There was a recent news item that IDC is now helping the gov. evaluate
these securitized instruments ... as part of gov. purchase plan. A
recent reference about IDC from the 60s&70s ... including IDC
purchasing S&Ps "pricing services" division in the early 70s ... about
the time the claims about rating agencies business becoming
mis-aligned
https://www.garlic.com/~lynn/2009.html#31
The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php
from above:
Markets need regulation to stay stable. We have had thirty years of
financial deregulation. Now we are seeing chickens coming home to
roost. This is the key argument of Professor Nick Bingham, a
mathematician at Imperial College London, in an article published
today in Significance, the magazine of the Royal Statistical Society.
... snip ...
With regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
There was a business school article last spring that estimated 1000 executives were responsible for approx. 80% of the current mess and it would go a long way to fixing the current problems if they could loose their jobs
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 13, 2009 Blog: Disciples of Boyd's StrategyLong ago somebody pointed out that business ethics is an oxymoron (akin to "military intelligence" being an oxymoron).
post from today in payment systems network discussion:
https://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?
I took the position in european executive financial conference in 2004 that SOX wouldn't be able to make any difference (modulo possibly the last section about whistle blowers/snitches). See above post for reference to SOX requirements and rating agencies. A big issue highlighted during congressional hearings was that business interest became mis-aligned ... which enormously increases the regulation task.
This is post (also from today) in another blog (that was recently
highlighted by the Boyd Conference website) ... which ties a lot of
the greed to an example that Boyd would use in briefings (stemming
from US army ww2 officer training):
https://www.garlic.com/~lynn/2009.html#50 Greed Is ....
and a couple slightly older posts on the same subject:
https://www.garlic.com/~lynn/2008s.html#44
and
https://www.garlic.com/~lynn/2008s.html#5
https://www.garlic.com/~lynn/2008s.html#41
and a couple slightly older comments about (world financial
regulations) BASEL
https://www.garlic.com/~lynn/2008r.html#4 Basel Committee outlines plans to strengthen Basel II
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Business Science Date: Jan 12, 2009 Blog: Greater IBM Connectionold post about when we were looking at copyrighting the term "business science"
trying to relate data, information, knowledge, wisdom & understanding. within the last decade we've seen simplified versions used by others.
the above is also referenced in this long-winded, decade old post
mentioning discussing some of the current problems in the
financial infrastructure.
https://www.garlic.com/~lynn/aepay3.htm#riskm
and for some other drift ... part a thread from last year discussing a
news article about "KPO identified as the next wave of outsourcing"
https://www.garlic.com/~lynn/2008d.html#38 outsourcing moving up the value chain
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Graphics on a Text-Only Display Newsgroups: alt.folklore.computers Date: Wed, 14 Jan 2009 16:00:48 -0500krw <krw@att.zzzzzzzzz> writes:
one of the MVS problems that corporate design applications were starting to run into by the late 70s were hitting max. application size. while every application was given its own (16mbyte) virtual address space .... because of extensive pointer-passing paradigm (inherited from real storage & os/360 days) an 8mbyte MVS kernel image occupied every address space. Also from pointer-passing paradigm, there was also a "common segment" defined in every virtual address space ... which started at a minimum of 1mbytes ... but was somewhat proportional to size of installation. by late 70s, numerous MVS installations had 4-5mbyte common segments ... leaving only 3-4mbytes for application.
Lots of large design applications were hitting 7mbyte limitation (running in customed configured MVS systems with minimum sized common segment). It was possible to get 3033 machines with 32mbytes of real storage ... but the largest application (under MVS) was frequently limited to 3-4mbytes ... and had hard limit at 7mbytes.
The available address space limitation was starting to be major motivation for some of these locations to migrate from MVS to VM ... so that application space was opened up to nearly the whole virtual address space size 16mbytes (minus maybe 196kbytes). This was all pending availability of 31bit addressing with 3081s, 370-xa, operating system supporting 31bit virtual, and application support to execute in 31bit mode.
misc. old email regarding migration of some of the internal tools from
mvs to vm ... frequently motivated by the available address space size
"problem"
https://www.garlic.com/~lynn/2006v.html#email800310
https://www.garlic.com/~lynn/2006v.html#email800310b
https://www.garlic.com/~lynn/2006v.html#email800624
https://www.garlic.com/~lynn/2006v.html#email800717
https://www.garlic.com/~lynn/2006v.html#email800903
https://www.garlic.com/~lynn/2006p.html#email810128
in these posts
https://www.garlic.com/~lynn/2006p.html#40
https://www.garlic.com/~lynn/2006v.html#19
https://www.garlic.com/~lynn/2006v.html#23
https://www.garlic.com/~lynn/2006v.html#15
there was a separate issue for things like trivial editing ... typical "trivial" MVS 3270 teminal response was 1second or greater ... while equivalent operations in VM were on the order of .2seconds. The poor MVS response was also used as an excuse that it wasn't necessary to improve 3274 (3270 terminal) controller thruput ... since it would have little overall aggregate difference. The change from 3272/3277 (controller/terminal) to 3274/327x (controller/terminal) had the 3274 processing overhead greater than the VM trivial response time (MVS users never noticed the difference, while VM users were very vocal).
for something completely different ... old email mentioning that after
a VM pitch i gave at SLAC ... it prompted people at Amdahl to spend a
month rewriting VMPE
https://www.garlic.com/~lynn/2006v.html#email800319
in this post
https://www.garlic.com/~lynn/2006v.html#22
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Data losses set to soar Date: Jan 14, 2009 Blog: Financial Crime Risk, Fraud and Securitysomewhat security related, not so much coding errors ... but more of problems with underlying paradigm ... recent thread:
I had done a (mainframe) problem determination application in the
early 80s ... and did a lot of research on what caused failures
... some old posts
https://www.garlic.com/~lynn/submain.html#dumprx
when we started our high availability HA/CMP product in the late 80s,
we did lots of in-depth threat & vulnerability analysis ... not
specifically oriented to security breaches ... but anything
that might affect service. We identified several weaknesses in tcp/ip
implementations ... but also determined that the common storage use
paradigm in C language would result in enormous buffer length related
problems. I had done a major portion of tcp/ip stack implementation in
pascal ... some old references
https://www.garlic.com/~lynn/subnetwork.html#1044
and I hypothesized that difference between C & PASCAL would see a
major number of buffer storage problems in C language (as far as I
know there was never a buffer storage problem in the PASCAL
implementation). Through-out much of the 90s, C-language related
buffer problems were the major source of exploits &
vulnerabilities in internet & tcp/ip ... lots of old threads
https://www.garlic.com/~lynn/subintegrity.html#overflow
This post references a HA/CMP meeting in 1992
https://www.garlic.com/~lynn/95.html#13
sometime after that meeting ... two of the people mentioned in the
meeting left and joined a small client/server startup responsible for
something called the "commerce server". We were called in to consult
because the startup wanted to do payment transactions on the server
... the startup also had invented this technology they called SSL they
wanted to use. We had to do detailed end-to-end look at not only the
SSL technology ... but various of the business processes ... including
these new operations calling themselves Certification Authorities that
were issuing these things called SSL domain name digital
certificates ... some past posts
https://www.garlic.com/~lynn/subpubkey.html#sslcert
one kind of infrastructure problem that have shown up in the news
since the above thread
https://www.garlic.com/~lynn/2008s.html#50 Perfect MITM Attacks With No-Check SSL
https://www.garlic.com/~lynn/2009.html#35 Perfect MITM Attacks With No-Check SSL
and a different kind of infrastructure problem that has also shown up
in the news since the above thread:
https://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
https://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
and for an older view of security
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 14, 2009 Blog: Disciples of Boyd's Strategyre:
Note that part of what allowed the current financial disaster to get out of control (also mentioned in congressional hearings) was that (in the early 70s) the rating agencies had switched from "buyers" paying for the ratings to the "sellers" paying for the ratings ... this resulted in the business process becoming "mis-aligned" and opened the way for conflict of interest. Trying to then "regulate" mis-aligned business process can be almost impossible ... since it is in so many people's interest to do the wrong thing. The whole implication about using the label "mis-aligned" ... is that if things were aligned ... it would be in most of the people's best interest to do the right thing (as opposed to encourage them to do the wrong thing) ... which also significantly simplifies the regulation task.
This also shows up in the explosion in executive compensation as well as the fiddling of public company financial statements (going on in-spite of SOX legislation, in seems that GAO took it upon itself to document the instances ... even when SEC and other agencies weren't actually doing anything about it). This is also the basis of the study of 270 public companies that redid their executive compensation plan ... specifically to try and eliminate the provisions that seemed to encourage executives to do the wrong thing.
For a look at how Boyd would likely view of some of the other current
gov. specific things .... see these items from the Boyd conference
website:
http://boyd2008.ning.com/profiles/blogs/chuck-spinneys-rebuttal-to-the
http://boyd2008.ning.com/profiles/blogs/andrew-cockburns-interview
Some amount of Boyd's briefings were taking military activity as
examples of competitive operations and generalizing to other
situations ... including civilian competitive environments. However I
think that with regard to:
http://www.dtra.mil/
there was some line about .... Trust, But Verify--And Verify First.
http://www.dtra.mil/about/seal.cfm
which can be applied to all sort of situations. In theory the rating agencies were supposed to be some part of that ... but things became misaligned when their business interests changed from the buyers to the sellers (even though the purpose of the ratings were an aspect of verify first supposedly for the buyers).
wiki reference ...
https://en.wikipedia.org/wiki/Trust,_but_Verify
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: HONEY I LOVE YOU, but please cut the cards Date: Jan 15, 2009 Blog: Disciples of Boyd's Strategyre:
there was some old discussion about past some point, the greater the fraud ... the better the treatment .... at some point when the fraud is at the level it would take down govs. ... there frequently is *star* treatment and attempts made to not even divulge the activity.
from a different perspective, a lot of institutions bread&butter is trust .... and when that is compromised ... they would prefer to not even have it made public.
we were tangentially involved in the cal. data breach notification legislation. we had been brought in to help word-smith the electronic signature legislation. Some of the organizations involved were also involved in privacy issues and had done detailed, in-depth consumer privacy surveys. The number one issue was "identity theft" ... and the top of the list was crooks performing fraudulent transactions based on information gathered in various kinds of compromises. There was little being done about it and/or even publicized. There appeared to a feeling that the publicity from breach notification would promote countermeasures. Since then a lot of other jurisdictions have enacted similar legislation. At the federal level ... the legislation attempts have fallen into two categories ... those that are equivalent to the cal. state legislation ... and breach notification "bills" that would eliminate notification requirement (sometimes referred to as "federal preemption").
PBS series wall street fix discussing (older) financial fraud
(enron, worldcom, etc) and various contributing factors ... including
the repeal of Glass-Steagall:
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
There was recently CSPAN program that during the congressional session that repealed Glass-Steagall, the financial industry contributed $250m to congress ... and in the most recent session that passed the $700b bail-out bill, there were $2b in contributions.
some recent posts mentioning repeal of Glass-Steagall:
https://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
https://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?
misc. recent posts mentioning the breach/compromise problems:
https://www.garlic.com/~lynn/2008p.html#5 Privacy, Identity theft, account fraud
https://www.garlic.com/~lynn/2008p.html#7 Dealing with the neew MA ID protection law
https://www.garlic.com/~lynn/2008p.html#59 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#67 Web Security hasn't moved since 1995
https://www.garlic.com/~lynn/2008p.html#76 Multi-Factor Authentication - Moving Beyond Passwords for Security of Online Transactions
https://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
https://www.garlic.com/~lynn/2008s.html#10 Data leakage - practical measures to improve Information Governance
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 14, 2009 Blog: Disciples of Boyd's Strategyre:
I had gotten blamed for computer conferencing on the internal network
in the late 70s and early 80s ... the internal network was larger than
the arpanet/internet from just about the beginning until sometime in
the period mid-85 to spring-86. Lots of past posts mentioning internal
network
https://www.garlic.com/~lynn/subnetwork.html#internalnet
Somewhat as a result, a researcher was paid to sit in the back of my office for nine months and take notes on how I communicated. They also got copies of all my incoming and outgoing email as well as logs of all my instant messages. The information was used for a corporate research report and a Stanford PHD thesis (joint between language and computer AI), as well as some number of papers and books. One of the books was "Knowledge machines: Language and information in a technological society", which I think is still available on Amazon.
During part of this period, I was also sponsoring Boyd's briefings.
This is a recent reference to a post in another blog ... referring to
when we were looking at relating data, information, knowledge, and
wisdom ... and considering copyrighting the term "business science":
https://www.garlic.com/~lynn/2009.html#54 Business Science
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The 25 Most Dangerous Programming Errors Date: Jan 15, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
We've used some metaphors regarding much of the information having to
be repeatedly exposed/used and therefor even if the planet was buried
under miles of information hiding encryption ... it still wouldn't
prevent information leakage: a few recent threads:
https://www.garlic.com/~lynn/2008p.html#5 Privacy, Identity theft, account fraud
https://www.garlic.com/~lynn/2008p.html#7 Dealing with the neew MA ID protection law
https://www.garlic.com/~lynn/2008p.html#59 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
https://www.garlic.com/~lynn/2008s.html#10 Data leakage - practical measures to improve Information Governance
for other topic drift ... lots of past post regarding having been
involved in the original relational/sql implementation:
https://www.garlic.com/~lynn/submain.html#systemr
and for total topic drift ... past post mentioning Jim talked me into
considering taking position of "chief security architect"
https://www.garlic.com/~lynn/2007o.html#7 Hypervisors May Replace Operating Systems As King Of The Data Center
https://www.garlic.com/~lynn/2008b.html#5 folklore indeed
https://www.garlic.com/~lynn/2008b.html#37 Tap and faucet and spellcheckers
https://www.garlic.com/~lynn/2008p.html#80 Making tea
as per above ... the issue isn't so much the encryption of the data when it is not being used ... it is that the much of the data has to be used & decrypting for so many business processes that it is nearly impossible to prevent leakage.
In the x9.59 financial standard protocol discussions
https://www.garlic.com/~lynn/x959.html#x959
the approach was to tweak the parapdigm and make the information useless to crooks. part of the issue (highlighted in some of the metaphor discussions) is that much of the information has a "dual-use" vulnerability ... it is required for 1) authentication (something you know) and 2) integral to large number of business process. an approach is to totally separate what is used for authentication and what is required for standard business processes.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Does IBM host guest speakers? Date: Jan 15, 2009 Blog: Greater IBMI had hosted Boyd briefings a number of times at IBM in the 80s. Lots of past posts mentioning Boyd and/or OODA-loops
A couple yrs ago, somebody hosted me for a talk at YKT/Hawthorne on
security, authentication, and AADS ... some related AADS references
https://www.garlic.com/~lynn/x959.html#aads
When Tymshare was being bought by M/D ... some of the people were
looking for other positions and I got asked to try and help. recent
post
https://www.garlic.com/~lynn/2008s.html#3 New machine code
with this Seminar announcement (SJR, bldg. 28 cafeteria A):
https://www.garlic.com/~lynn/2008s.html#email840720
above related to this post
https://www.garlic.com/~lynn/2008g.html#23 Doug Engelbart's "Mother of All Demos"
https://www.garlic.com/~lynn/2008r.html#57 PC premiered 40 years ago to awed crowd
https://www.garlic.com/~lynn/2008r.html#62 PC premiered 40 years ago to awed crowd
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: IRS Mainframe Not Secure Enough Newsgroups: bit.listserv.ibm-main Date: Thu, 15 Jan 2009 12:45:46 -0500rfochtman@YNC.NET (Rick Fochtman) writes:
for past decade or two, there have a number of major (unsuccessful) modernization projects at the IRS ... attempting to update the (60s) legacy infrastructures.
a lot of machines may not even be connected to the outside world ... but there is major issue with privacy (which can also be construed as security) regarding employees that may have legitimate access to the machines (and have ingrained operation that dates back decades).
i was one of the co-authors of the x9.99 financial industry privacy standard and we talked to a number of organizations ... including federal gov ... like hipaa people. Of the fed. gov. organizations that we dealt with, the one that had by far, done the most in PIAs (privacy impact assessements) was IRS (the extensive documentation from their PIAs may skew the data against the IRS vis-a-vis other organizations that may not have studied the problem as much).
There are very stringent requirements ... not with regard to whether an employee accesses tax returns ... but whether each employee only accesses the tax returns that have been assigned to them (in an environment where some of the applications may be 40yrs old).
for other topic drift ... as part of the x9.99 effort ... I had done a
"privacy" subset
https://www.garlic.com/~lynn/privacy.htm
of our merged security taxonomy & glossary
https://www.garlic.com/~lynn/index.html#glosnote
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 15, 2009 Blog: Disciples of Boyd's Strategyre:
Many of the articles are that most of the current crisis is because (mostly business) people purposefully ignored and/or manipulated the risk analysis ... (mostly to inflate their personal compensation ... this is related to CEOs fiddling public company financial statements) ... some references:
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
this long-winded, decade old post
https://www.garlic.com/~lynn/aepay3.htm#riskm
includes discussion of how a "new" risk analysis (in the S&L crisis) showed that financial institution dealing in ARM mortgages could take down the institution ... resulting in Citibank totally getting out of the mortgage market (and nearly taking down the institution in the process).
In current situation, there has been some obfuscation attempting to
blame faulty risk analysis ... which doesn't hold up. For instance,
the recent washington post series on AIG & CDS business ... went
into detail that the AIG business unit dealing in CDS got into trouble
(and has nearly taken down the whole company) when they started
selling CDS on instruments for which no risk analysis had been
performed (the original business justification risk analysis for CDS
were not for toxic CDO mortgage backed securities).
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html
Circa 1990, a new risk analysis product company was formed ... I
believe with some of the people that had produced the ARM analysis in
the S&L crisis. They have repeatedly raised alarms about the current
situation. For instance, playing long/short mismatch has been known
for centuries to take down institutions. They had commented that
Bear-Stearns and Lehman had only a marginal chance of surviving
playing long/short mismatch (in funding their toxic CDO purchases
... even if the toxic CDOs had been deserved the triple-A ratings)
related article
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
Fed reserve article from decade ago:
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
One might conclude there were a lot of individuals putting institutions significantly at risk for purely personal compensation (personal gain in conflict with institution viability).
past posts mentioning "fed is to easy on wall street" article:
https://www.garlic.com/~lynn/2008f.html#76 Bush - place in history
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
https://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#31 The human plague
https://www.garlic.com/~lynn/2008o.html#32 How much is 700 Billion Dollars??
https://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
https://www.garlic.com/~lynn/2008r.html#61 The vanishing CEO bonus
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008s.html#32 How Should The Government Spend The $700 Billion?
https://www.garlic.com/~lynn/2008s.html#33 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2008s.html#41 Executive pay: time for a trim?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: An bit of an aside: Re: Magnetic tape storage Newsgroups: alt.folklore.computers Date: Thu, 15 Jan 2009 15:26:26 -0500Morten Reistad <first@last.name> writes:
disclaimer: i never heard the elephant story from boyd.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The 25 Most Dangerous Programming Errors Date: Jan 16, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
... oh and recent reference to Jim
https://www.garlic.com/~lynn/2008p.html#27 Father of Financial Dataprocessing
and I recently scanned an '84 presentation of his on things failing
https://www.garlic.com/~lynn/grayft84.pdf
and reference to Jim and I being keynotes at NASA dependable computing
workshop:
https://web.archive.org/web/20011004023230/http://www.hdcc.cs.cmu.edu/may01/index.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What's missing in security: business Date: Jan 16, 2009 Blog: Financial Cryptographyre:
there is recent thread in linkedin "Financial Crime, Risk, Fraud and Security" group that started with recent news item "The 25 Most Dangerous Programming Errors" ... but got into using encryption to "hide" financial transaction information (as part of preventing crooks from harvesting the information and using it to perform fraudulent transactions). One of the questions was about new RDBMS support for being able to do various kinds of queries against encrypted data (w/o having to 1st decrypt the data to perform the query).
A fundamental issue is dual-use of the account number ... the account number has dual-use vulnerability because it is being used for both something you know authentication and part of a large number of transaction business processes.
This creates diametrically opposing requirements ... the something you know authentication requires that the information be kept confidential and never divulged (especially to "insiders" which account for the majority of the related exploits) ... while the business transaction operations require it to be readily available.
The "encryption" solution attempts to apply pixie dust magic to both simultaneously never divulge the account number and at the same time make it widely available.
ref:
https://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#65 The 25 Most Dangerous Programming Errors
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: In the beginning: The making of the Mac Newsgroups: alt.folklore.computers Date: Fri, 16 Jan 2009 08:12:32 -0500In the beginning: The making of the Mac
from above:
Luck may have played as big a role as planning in the creation of the
first Apple Macintosh
...
The most enduring result of this quest was the Macintosh computer, which
on Jan. 24 celebrates its 25th anniversary.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 14, 2009 Blog: Disciples of Boyd's Strategyre:
There was a business school article last spring estimating that 1000 executives are responsible for 80% of the current mess and that it would go a long way to fixing the situation if the gov. could figure out how they could loose their jobs.
This morning, the tv business news shows were focusing heavily on these guys aren't getting fired but are getting enormous compensation ... supposedly for "getting it right" ... but actually getting it wrong. There was several references to there having been enormous risk taken that showed big paper profits which in turn, resulted in big bonuses ... but later turned to be more like the "emperor's new clothes" parable.
past posts mentioning the above:
https://www.garlic.com/~lynn/2008j.html#40 dollar coins
https://www.garlic.com/~lynn/2008j.html#60 dollar coins
https://www.garlic.com/~lynn/2008j.html#69 lack of information accuracy
https://www.garlic.com/~lynn/2008k.html#10 Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
https://www.garlic.com/~lynn/2008k.html#16 dollar coins
https://www.garlic.com/~lynn/2008k.html#27 dollar coins
https://www.garlic.com/~lynn/2008l.html#42 dollar coins
https://www.garlic.com/~lynn/2008m.html#12 Fraud due to stupid failure to test for negative
https://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
https://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008n.html#74 Why can't we analyze the risks involved in mortgage-backed securities?
https://www.garlic.com/~lynn/2008n.html#95 Blinkylights
https://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
https://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008q.html#16 realtors (and GM, too!)
https://www.garlic.com/~lynn/2008q.html#18 A few months of legislative vacuum - is this a good thing?
https://www.garlic.com/~lynn/2008q.html#51 Obama, ACORN, subprimes (Re: Spiders)
https://www.garlic.com/~lynn/2008q.html#58 Obama, ACORN, subprimes (Re: Spiders)
https://www.garlic.com/~lynn/2008r.html#10 Blinkylights
https://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
https://www.garlic.com/~lynn/2009.html#50 Greed Is
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Double authentification for internet payment Date: Jan 16, 2009 Blog: Financial Crime Risk, Fraud and SecurityFrom the 3-factor authentication paradigm ... lots of past post
straight credit card has presumed to be something you have authentication ... but starting a couple a decades ago ... it became relatively straight-forward to "evesdrop" the magnetic stripe information to produce a counterfeit card. Basically the "evesdropping" is the same kind of attack that is used for something you know. There has been encryption technology ... like SSL that attempts to hide the something you know information ... but there are a couple of different problems: 1) long standing statistics have found that "insiders" are involved in the majority of exploits involving something you know authentication information and 2) there are quite extensive social engineering and phishing attacks that attempt to trick users into divulging the "authentication" information.
This is further complicated by the "dual-use" vulnerability in many existing infrastructures ... i.e. the account number is effectively both something you know authentication (requiring it to be kept confidential and never divulged to anybody) and required to be readily available as part of scores of standard business processes (at least exposing it to numerous "insiders").
There was an effort at the start of this decade to deploy something
you have chipcards for Internet authentication ... however, the
"readers" provided as part of the program, resulted in enormous number
of installation and consumer support problems ... to the extent the
program was aborted and there was a rapidly spreading opinion that
chipcards weren't viable in the consumer/internet market place (the
actual problem wasn't with the chipcards ... but with the readers
provided as part of the specific deployment). The net was that not
only was the specific project aborted ... but numerous other chipcard
oriented efforts also were terminated. A trivial example was the NACHA
Internet effort ... RFI and project description mentioned here:
https://www.garlic.com/~lynn/x959.html#aads
Another example of activity that appeared to totally evaporate was the
whole EU FINREAD activity ... large number of past posts on the
subject mentioned here:
https://www.garlic.com/~lynn/subintegrity.html#finread
various aspects appear in this recent news item discussion (in this
linkedin group):
https://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#65 The 25 Most Dangerous Programming Errors
there is also this much longer discussion regarding paper from the
Kansas City Fed
https://www.garlic.com/~lynn/2008p.html#11 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#14 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#15 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#18 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#19 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#22 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#28 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#32 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#44 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#55 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#59 Can Smart Cards Reduce Payments Fraud and Identity Theft?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: A New Role for Old Geeks... Date: Jan 16, 2009 Blog: Greater IBMor
Old technology still may be the best
There was recent news item about "The 25 Most Dangerous Programming Errors" . The number one source of exploits on the internet during the 90s was buffer overflow vulnerabilities in (internet, tcp/ip) C language programs. This has dropped in the rankings ... not so much because the number of buffer exploits has improved but that there have been significant increases in other kinds of exploits (other buffer exploits continues to be a significant problem).
Some recent posts in discussions of the news item:
https://www.garlic.com/~lynn/2009.html#45
https://www.garlic.com/~lynn/2009.html#49
https://www.garlic.com/~lynn/2009.html#56
https://www.garlic.com/~lynn/2009.html#60
https://www.garlic.com/~lynn/2009.html#65
I mention in the above post having done part of a tcp/ip implementation in Pascal ... which had none of the buffer problems that are common in C language implementations.
these old posts
https://www.garlic.com/~lynn/2002l.html#42
https://www.garlic.com/~lynn/2002l.html#44
reference "Thirty Years Later: Lessons from the Multics Security Evaluation" ... one of the points was that Multics was implemented in PLI and had none of the buffer related exploits that are common in C language implementations.
In a recent forum item, I mention that I'm trying to get copyright
permission to make the 1979 SHARE LSRAD (making /ibm mainframe/
systems more useable) report, available on bitsaver. In the report, it
takes some Multics features as examples of more useable features.
https://www.garlic.com/~lynn/2009.html#47
For some digression, Multics was done on the 5th flr of 545 tech sq ... and the science center was on the 4th flr of 545 tech sq ... which was responsible for the virtual machine cp67 system (precursor to vm370), invention of gml in 1969 (precursor to sgml, html, xml, etc), the internal networking technology and several other contributions.
recent SGML reference:
https://www.garlic.com/~lynn/2009.html#41
misc. past posts mentioning science center
https://www.garlic.com/~lynn/subtopic.html#545tech
misc. past posts mentioning internal network
https://www.garlic.com/~lynn/subnetwork.html#internalnet
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 17, 2009 Blog: Disciples of Boyd's Strategyre:
Note that Boyd's Patterns of Conflict briefing was filled with examples of military conflict ... but they were used in the context of any competitive human activity. This was somewhat the reference to DTRA and trust, but verify.
An (non-Boyd) example was some court case in the early 80s involving industry espionage and some information that an employee took to a competitor (in return for significant compensation). The litigation was claiming multiple billions in damages. The court basically stated that given significant temptation, all humans are vulnerable ... and that security proportional to value (or security proportional to risk) had to be demonstrated ... in order to collect damages (otherwise it is simple human nature). My corollary is courts requiring fences around swimming pools because minors can't be held responsible being tempted to use the pool.
Courts were basically saying that all humans are tempted by financial reward (may also be called greed) and unless there are sufficient countermeasures proportional to the temptation ... all humans can be considered vulnerable.
A lot of the individual hot-spots of greed & corruption had existed prior to the current mess ... but it was a deregulation and/or lack of regulation enforcement that resulted in them being able to combine together into economic firestorm.
misc. past references to firestorm:
https://www.garlic.com/~lynn/2008o.html#78 Who murdered the financial system?
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
https://www.garlic.com/~lynn/2008o.html#82 Greenspan testimony and securization
https://www.garlic.com/~lynn/2008p.html#60 Did sub-prime cause the financial mess we are in?
https://www.garlic.com/~lynn/2008q.html#20 How is Subprime crisis impacting other Industries?
https://www.garlic.com/~lynn/2008s.html#57 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#62 Garbage in, garbage out trampled by Moore's law
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Double authentification for internet payment Date: Jan 17, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
Another side of the authentication issue is the threat model. A lot of
implementations are a form of shared-secret ... lots of past posts
https://www.garlic.com/~lynn/subintegrity.html#secret
and the threat model is leaking the secret and replay attacks (i.e. imposters presenting the secret). One of the issues in a shared-secret paradigm is that frequently a unique shared-secret is required for every unique security domain as a countermeasure to x-domain attacks (secret obtain in one security domain, possibly with lower security, can be used to attack another security domain ... possibly one that has higher security).
something you know authentication
is frequently a shared-secret like PIN or password ... or date-of-birth or mothers-maiden-name (or sometimes a "dual-use" account number). the attacker is attempting to obtain the secret for impersonation and/or performing fraudulent transactions.
something you have authentication
may also be a shared-secret ... where the device presents some type
of static data. the static data can be evesdropped and/or obtained and
used to impersonate the device ... and therefor impersonate the person
(that is supposed to be in possession of the device). Magstripes cards
"skimming" to produce counterfeit card has been going on for at least
a couple decades. for a little topic drift recent post discussing
invention and early days of magstripe:
https://www.garlic.com/~lynn/2008s.html#25
various kinds of chipcards have also had "static data" (effectively
share-secret) implementations that are also trivially vulnerable to
counterfeiting ... in some cases obtaining the "static data" using
nearly the same technology as in magstripe compromises. An example was
the yes card exploits ... lots of past posts
https://www.garlic.com/~lynn/subintegrity.html#yescard
and this archived post mentioned the yes card exploit was discussed
in a presentation at cartes2002
https://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html
another class of chipcards are RFID that had been originally developed as replacement for barcode inventory ... that respond with purely static data (originally EPC as upgrade to UPC). sometimes these are configured to respond with the same (static) data that appears on magstripe.
something you are authentication
can even be implemented as shared-secret ... where the authentication server has a copy of the biometric template stored. the attacker obtains a copy of the template and uses that reproduce same/similar value. One scenario requires duplicating the biometric physical characteristics (use at "trusted" biometric readers). In remote (possibly internet environments), an attacker might just spoof biometric reader and reproduce the electronic representation. One of the downsides of a "thumb" secret ... vis-a-vis a "password" secret ... in a compromise, it is much easier to issue a new "password" than it is to issue a new "thumb".
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 17, 2009 Blog: Disciples of Boyd's Strategyre:
The estimate about 1000 executives responsible for 80% of the current
crisis was a UofPenn Wharton paper ...
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
CRA predated the current crisis by quite a bit. There was an enormous explosion in amount of money available for lending via securitization ... and that was further enormously increased with the triple-A ratings given the toxic CDOs. In the past, banks were typically the primary source of lending ... using deposits as source of funds. Securitization allowed just about anybody (often unregulated) to get into the lending business.
A month ago, there was a panel from the mortgage industry on CSPAN. They appeared to be somewhat torn between claiming the problems are because the people in the mortgage industry are ignorant and totally incompetent vis-a-vis they just ignored all prudent business processes. They also mentioned that only about 10% of the subprime, no-documentation, no-down, 1% interest only ARM loans could be considered falling into the CRA category. A large number of the loans went to people that realized that the carrying cost for buying property (during the introductory period) was significantly less than the appreciation/inflation. As mentioned in the following, the people making those loans "no longer cared" (since the use of triple-A rated toxic CDOs allowed them to get rid of any possible problem ... so every loan made was "profit")
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
In the wake of ENRON, SOX was suppose to rectify some of the problems ... however nothing actually appeared to happen. Part of that supposedly included doing something about the rating agencies ... but there doesn't appear to have been anything except:
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
Also, GAO has started doing a database of executives fiddling public company financial reports (in spite of SOX). The executives get a boost in compensation based on the fiddled numbers. Later the financials may be restated ... but the compensation not forfeited. One example was in 2004 Freddie was fined $400m for $10b fiddling of financials and the CEO replaced ... but allowed to keep tens of millions (hundred?).
GAO references:
http://www.gao.gov/products/GAO-03-138
and
http://www.gao.gov/new.items/d06678.pdf
Part of the issue is that there may be extreme downside to the business operation ... but it appears that the executives still believe that they can come out ahead.
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).
... and more recent update
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
from above:
Goldman Sachs, which accepted $10 billion in government money, and
lost $2.1 billion last quarter, announced Tuesday that it handed out
$10.93 billion in benefits, bonuses, and compensation for the year.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 17, 2009 Blog: Disciples of Boyd's Strategyre:
as mentioned in other refs ... securitization ... and especially triple-A ratings on toxic CDOs, enormously increased the funds for lending ... even unregulated non-depository non-financial institations could get into loan origination ... since there was no longer a dependency on deposits for funds.
at the same time, the triple-A ratings on toxic CDOs ... pretty much eliminated any motivation by the loan originators to having to pay attention to loan quality & prudent lending practices ... they no longer had to care ... every loan was a profit.
for a little topic drift ... here is a thread in financial cryptography blog wondering what has happened to "risk management". One of the quotes is about the auto industry being notorious for not improving theft countermeasures ... since "every car stolen resulted in a sale".
What's missing in security: business
https://financialcryptography.com/mt/archives/001128.html
Getting the business into security, or is it...
https://financialcryptography.com/mt/archives/001129.html
there were analogous threads a couple years ago ("a fraud is a sale") about banks not having a lot of motivation to improve credit/debit card security ... since they were able to charge the cost of the fraud against the "merchant discount" (what merchants had to pay for transactions) ... and even making a profit on the extra fees in the process. one article (at the time) pointed out that nearly 40% of those (US) financial institutions bottom line was coming from these fees. There was some comparison that the fees involing "secure" transactions is about 1/10th the fees for less secure transactions. Any major transition from current environment to significantly more secure operations might result in that 40% being reduced by a factor of ten.
slightly related recent discussion in linkedin "Financial Crime Risk,
Fraud and Security" group
https://www.garlic.com/~lynn/2009.html#69 Double authentication for internet payment
https://www.garlic.com/~lynn/2009.html#72 Double authentication for internet payment
this is related to mis-aligned business process theme that was brought up in the congressional hearings about the rating agencies giving triple-A ratings to toxic CDOs.
misc past posts mentioning mis-aligned business process
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
https://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#32 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
The mess in the home owner market is enormous speculation and inflation "pimple/boil" (more applicable than "bubble") across the market (in market segments that would never be involved in CRAs). Plot the avg. home price since 1970 ... as well as plot the ratio of avg. home prices to avg. income. There is a unique, large pimple/boil that starts to spike in the early part of this decade ... which has yet to fully correct (and has no correlation with CRA).
one of the problems in a speculation market ... is that the speculation tends to mask the fundamental demand ... the obfuscation results in over production ... and when the speculation pimple/boil/bubble bursts ... numerous economic factors can contribute to downward spiral continuing past the original starting point (including needing to absorb the over production and excess supply).
In the past, I've related the speculation obfuscation to undermining Boyd's OODA-loop (not being able to clearly determine underlying fundamentals) ... and the indirect consequences of securitization and giving triple-A ratings to toxic CDOs ... starts to spread out and encompass several other portions of the economy.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Delays in DNS security baffling: Mockapetris Date: Jan 17, 2009 Blog: (UK) Information securityre:
U.S. plots major upgrade to Internet router security
http://www.networkworld.com/news/2009/012009-heartland-security-breach.html
from above:
DHS says its routing security effort will prevent routing hijack
attacks as well as accidental misconfigurations of routing data. The
effort is nicknamed BGPSEC because it will secure the Internet's core
routing protocol known as the Border Gateway Protocol (BGP). (A
separate federal effort is under way to bolster another Internet
protocol, DNS, and it is called DNSSEC.)
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Alternative approaches for bailing out the auto industry Date: Jan 17, 2009 Blog: Wealth Managementit might not have the anticipated results ....
Dumbest People' Industry Image May Cost Wagoner Job
http://www.bloomberg.com/apps/news?pid=20601109&sid=ap8pS2oslvn0&refer=home
a couple quotes from above:
"There's the feeling that next to financial services, automotive execs
are the dumbest people in the world"
"It's pretty clear that management has made some pretty bad decisions
over the last 20 years"
"Toyota generated pretax profit of $922 per vehicle on North American
sales in 2007, while GM lost $729"
... snip ...
Honda reports record profit
http://www.foxnews.com/story/2008/07/25/honda-reports-record-profit-after-ford-suffers-huge-loss
There are claims that some of the cars with the highest "US" content aren't necessarily from of the "big 3". Also, if there is a loss on every auto sold ... just selling more ... doesn't correct the problems.
past posts also referencing the bloomberg article:
https://www.garlic.com/~lynn/2008p.html#82 Tell me why the taxpayer should be saving GM and Chrysler (and Ford) managers & shareholders at this stage of the game?
https://www.garlic.com/~lynn/2008q.html#10 realtors (and GM, too!)
https://www.garlic.com/~lynn/2008q.html#18 A few months of legislative vacuum - is this a good thing?
https://www.garlic.com/~lynn/2008q.html#22 Is Pride going to decimate the auto Industry?
https://www.garlic.com/~lynn/2008q.html#39 What do you think needs to happen with the auto makers to make them viable?
https://www.garlic.com/~lynn/2008s.html#17b What do you think needs to happen with the auto makers to make them viable
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: CROOKS and NANNIES: what would Boyd do? Date: Jan 18, 2009 Blog: Disciples of Boyd's Strategyre:
... as an aside ... the Wharton article was from last April
The estimate about 1000 executives responsible for 80% of the current
crisis was a UofPenn Wharton paper ...
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
was before the hearings last fall on the rating agencies, which discussed that both the issuers/sellers of toxic CDOs and the rating agencies knew that the toxic CDOs weren't worth triple-A ratings ... but the issuers/sellers were paying the rating agencies for the triple-A ratings. This mis-aligned business process showed up in the early 70s when the rating agencies switched from buyers paying for the ratings to the sellers paying for the ratings.
For other topic drift, post about IDC buying S&P pricing services
division in '72 ... and news show commenting that IDC is currently
helping the gov. price toxic assets.
https://www.garlic.com/~lynn/2009.html#31
some other recent comments about IDC archeology
https://www.garlic.com/~lynn/2009.html#21
and misc. past posts referencing the Wharton article
https://www.garlic.com/~lynn/2008g.html#32 independent appraisers
https://www.garlic.com/~lynn/2008g.html#44 Fixing finance
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/aadsm28.htm#57 Who do we have to blame for the mortgage crisis in America?
https://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
https://www.garlic.com/~lynn/2008i.html#4 A Merit based system of reward -Does anybody (or any executive) really want to be judged on merit?
https://www.garlic.com/~lynn/2008i.html#67 Do you have other examples of how people evade taking resp. for risk
https://www.garlic.com/~lynn/2008k.html#71 Cormpany sponsored insurance
https://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
https://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008n.html#74 Why can't we analyze the risks involved in mortgage-backed securities?
https://www.garlic.com/~lynn/2008n.html#95 Blinkylights
https://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
https://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
https://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
https://www.garlic.com/~lynn/2008o.html#35 The human plague
https://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
https://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008q.html#16 realtors (and GM, too!)
https://www.garlic.com/~lynn/2008q.html#18 A few months of legislative vacuum - is this a good thing?
https://www.garlic.com/~lynn/2008q.html#51 Obama, ACORN, subprimes (Re: Spiders)
https://www.garlic.com/~lynn/2008r.html#10 Blinkylights
https://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
https://www.garlic.com/~lynn/2009.html#50 Greed Is
https://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Double authentification for internet payment Date: Jan 17, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
We had been working with a couple people on large dbms cluster scale-up
... post mentioning a jan92 meeting on the subject
https://www.garlic.com/~lynn/95.html#13
two of the people (mentioned in the above meeting) later left and joined a small client/server startup responsible for something called the commerce server ... and we were brought in as consultants because they wanted to do payment transactions on the server (and the startup had this technology they had invented called SSL they wanted to use). The result is now frequently referred to as "electronic commerce".
Then in the mid-90s, we were asked to participate in the x9a10 financial standard working group, which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments (i.e. debit, credit, ach, check, gift, prepaid, POS, internet, face-to-face, unattended, wireless, ... i.e. ALL). Part of the effort involved doing detailed, in-depth, end-to-end threat and vulnerability studies of the various payment methods and environments.
The result was the X9.59 financial standard protocol for ALL retail
payments ... misc. references
https://www.garlic.com/~lynn/x959.html#x959
which provided end-to-end transaction integrity and also slightly tweaked the paradigm so it separated the transaction details (something you know authentication) from the authentication mechanism. This eliminated the vulnerability of "knowing" the account number (and/or other transaction details) as a threat/vulnerability. It didn't do anything about crooks doing skimming, harvesting, data breaches, phishing, evesdropping, or other kinds of attacks ... it just eliminated the usefulness of the information to the crooks.
A side-effect was that the earlier "electronic commerce" effort, using SSL to hide transaction detail (still the largest use of SSL in the world today), became redundant and superfluous.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: The Credit Crunch: Why it happened? Date: Jan 18, 2009 Blog: Payment Systems Networkre:
This is business school article
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)
... that includes discussion of the problems with toxic CDOs getting triple-A ratings ... and tarnishing reputation of the rating agencies. The article was before the congressional hearings claiming that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth the triple-A ratings.
The above article also makes reference to estimate that possibly 1000 executives are responsible for 80% of the current mess and it would go a long way to correcting the problem if the gov. could figure out how they would loose their job.
Part of the congressional hearings was that the rating agencies business process becaming mis-aligned in the early 70s when they switched from the buyers paying for the ratings to the issuers/sellers paying for the ratings.
oh ... and I finger-fumbled the URL reference to IDC currently helping
the gov. price the toxic assets ... and also having purchased S&Ps
pricing services division in '72
https://www.garlic.com/~lynn/2009.html#31
and some other IDC archeology
https://www.garlic.com/~lynn/2009.html#21
some number of post from last spring mentioning the Wharton article
https://www.garlic.com/~lynn/2008g.html#32 independent appraisers
https://www.garlic.com/~lynn/2008g.html#44 Fixing finance
https://www.garlic.com/~lynn/2008g.html#66 independent appraisers
https://www.garlic.com/~lynn/aadsm28.htm#57 Who do we have to blame for the mortgage crisis in America?
https://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
https://www.garlic.com/~lynn/2008i.html#4 A Merit based system of reward -Does anybody (or any executive) really want to be judged on merit?
https://www.garlic.com/~lynn/2008i.html#67 Do you have other examples of how people evade taking resp. for risk
https://www.garlic.com/~lynn/2008k.html#71 Cormpany sponsored insurance
https://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
https://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Are reckless risks a natural fallout of "excessive" executive compensation ? Date: Jan 18, 2009 Blog: Compensation and BenefitsIt possibly is more a case of mis-written compensation plans. There was a recent study of 270 public companies that redid their executive compensation plans to better align them with the business viability (after having various kinds of problems with executives attempting to manipulate things to enhance their compensation).
GAO has been doing database of restatements of public company financial reports (in spite of SOX). Basically the executives are fiddling the reports to enhance their compensation. Later the reports may be restated, but the compensation is not forfeited. One example, was in 2004, Freddie was fined $400m for $10b fiddling in their public financial statements and the CEO replaced ... but the tens (hundred?) of millions bonus wasn't forfeited.
Part of the issue is that there may be extreme downside to the business operation ... but it appears that the executives still believe that they (personally) can come out ahead.
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).
... recent update
Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others
Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1
from above:
Goldman Sachs, which accepted $10 billion in government money, and
lost $2.1 billion last quarter, announced Tuesday that it handed out
$10.93 billion in benefits, bonuses, and compensation for the year.
... snip ...
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
and
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
other recent articles:
Computer Models and the Global Economic Crash
http://news.slashdot.org/article.pl?sid=08/12/16/2048235&tid=98
Axioms, downturns, and a global (computer?) crash
http://arstechnica.com/news.ars/post/20081215-axioms-downturns-and-a-global-computer-crash.html
Some number of the institutions buying triple-A rated toxic CDOs were
playing long/short mismatch ... even tho that has been known for
centuries to take down institutions. Comment was that Bear-Stearn and
Lehman had marginal change surviving (playing long/short mismatch)
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
The recent washington post series about CDS ... basically talked about
CDS being sold on instruments that were totally unrelated to the
original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html
There was a study last year that claimed that the ratio of avg executive compensation to avg worker compensation had recently exploded to 400:1 after having been 20:1 for a long time ... and 10:1 in most of the rest of the world.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Is SUN going to become x86'ed ?? Newsgroups: comp.sys.sun.hardware,alt.folklore.computers Date: Sun, 18 Jan 2009 15:06:09 -0500Elliott Roper <nospam@yrl.co.uk> writes:
now as part of the original work (adding tty/ascii terminal support to
the 2741 & 1052 support) ... i had tried to make the 2702 (mainframe)
terminal controller that it couldn't quite do. this somewhat was behind
the motivation for the univ. to start a clone controller project
... reverse engineering the mainframe channel interface to build a
channel board for an (initially) Interdata/3 ... and programming the
Interdata/3 to emulate 2702 (plus what I wanted it to do). Some past
posts ... including reference to some article blaming four of us for the
mainframe clone controller project
https://www.garlic.com/~lynn/submain.html#360pcm
note that clone/pcm controllers were then blamed for the motivation
behind the future system project ... some past posts
https://www.garlic.com/~lynn/submain.html#futuresys
recent specific quote ... in thread about clones:
https://www.garlic.com/~lynn/2008s.html#17 IBM PC competitors
and then the distraction of the future system (which was going to
replace all 360/370) suspended much of the activity on new 360/370
products ... which contributed to allowing 370 processor cloans to
gain a foothold ... another old reference:
https://www.garlic.com/~lynn/2001f.html#33 IBM's "VM for the PC" c.1984??
and as mentioned in the "IBM PC competitors" post ... after future system project was killed, there was a mad rush to get new software and hardware items back into the 370 product pipeline.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Evil weather Newsgroups: alt.folklore.computers Date: Sun, 18 Jan 2009 15:12:31 -0500bbreynolds <bbreynolds@aol.com> writes:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: F111 related discussion x-over from Facebook Date: Jan 18, 2009 Blog: Disciples of Boyd's Strategyfollowing reposted from John Boyd FB group
....
I did recent post in "Concorde" group
http://www.facebook.com/pages/Concorde/7940669913?ref=s
in the thread about "Why stopped?" ... where I mentioned being one of
the original BCS employees at Boeing for a short time. Part of the
answer references the wiki boeing SST web page:
https://en.wikipedia.org/wiki/Boeing_2707
the SST wiki page also mentions the F-111. This is a plane that Boyd repeatedly paned ... one of the main items was the weight penalty to support the swing-wing mechanism ... more than offset any benefit of the swing-wing. The "weight" topic also comes up in some of the bios ... when he was head of light-weight fighter plane design ... he removed significant weight from both F15 & F18 designs ... and then did F16 (Boyd had tales of the organization behind the F15 viewed his F16 as competition and even attempted to have him thrown in Leavenworth for his F16 activity)
Aussie air zealot savages prêt-à-porter stealth fighter
http://www.theregister.co.uk/2009/01/16/f35_controversy_kopp_latest/
from above:
Pulse-bomb prophet fears Russian tech dominance
... snip ...
above really savages the f35 .... although it does go on to say they should just stick with their F111s.
I visited the National Electronics Museum yesterday (near BWI airport)
http://www.hem-usa.org/
and they had display about Australian program doing upgrades for F111s in 98.
For other info ... the F111 wiki page:
https://en.wikipedia.org/wiki/General_Dynamics_F-111
I assume that Australian reference to sticking with F111s that the airframe can be upgraded with latest electronics and missiles at substantially lower cost than replacing them with F35. The F111 wiki page mentions Australia scheduled to replace F111 in 2010 with F18s (interim to moving to F35?).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup? Date: Jan 19, 2009 Blog: Equity MarketsCitigroup's Pandit Tries to Save the Little That's Left to Lose
A year ago there was betting that citi was going to "win" the bank
"write-down" sweepstakes (i.e. declare the largest losses). This
refers to even after citi had won the "write-down" sweepstakes for
assets on their books ... citi still had $1.1T of toxic assets carried
off-balance.
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
and
http://www.nakedcapitalism.com/2008/07/wither-citigroups-11-trillion-of-off.html?showComment=1216055460000
and would eventually have to come back on the balance sheet (and the associated losses declared).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Banks' Demise: Why have the Governments hired the foxes to mend the chicken runs? Date: Jan 19, 2009 Blog: Equity MarketsHere is an article from last spring that estimated something like 1000 executives are responsible for 80% of the current mess and that it would go a long way to correcting the problem if the gov. could figure out how they loose their job.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: F111 related discussion x-over from Facebook Date: Jan 18, 2009 Blog: Disciples of Boyd's Strategyre:
This mentions the Boeing effort for F16 flight simulator/trainer (that was targeted reuse for F18 & F35):
DARTS: A DOMAIN ARCHITECTURE FOR REUSE IN TRAINING SYSTEMS
http://www.crispen.org/Bob/darts.pdf
We were on the technical advisery board for the XTP protocol effort. It was a high-speed protocol that supported reliable transactions, reliable multicast, rate-based pacing, and some number of other advanced features.
Participants in the XTP protocol effort included people from the Boeing F16 flight simulator group, NSWC, NOSC, SAFENET, SPAWAR.
SAFENET lightweight protocol
http://www.ccii.co.za/products/xtp.html
An Ada Binding to the SAFENET Lightweight Application Services
http://www.sei.cmu.edu/pub/documents/93.reports/pdf/tr19.93.pdf
and from above:
It is assumed that the reader has a general understanding of
distributed systems as well as the SAFENET standard [NGCR92a]. The
specification of the xpress transfer protocol (XTP) [PE92] on which
the SAFENET lightweight protocol is based, is not required. However,
readers who are interested in underlying details may wish to consult
the references contained in the SAFENET standard, particularly the
specification for XTP [PE92]. It is important to note that the Ada
binding is not to XTP per se. Rather, it is a binding to services for
which XTP is the intended underlying protocol.
... snip ...
for some topic drift ... a lot of National Electronics Museum was
taken up with military radar systems (going back to ww2)
http://www.hem-usa.org/
and more topic drift, reference XTP for use in fire control system (radar information distribution):
SSC San Diego Command History
http://www.spawar.navy.mil/sti/publications/pubs/td/2985/td2985.pdf
from above:
The radar processing, control, and interfacing to LANs and CIFF is
accomplished by Versa Module EuroCard (VME) circuit cards collocated
in the radar signal users and distribution signal converter
CV--3989. With the incorporation of DRVDD modifications, it becomes an
analog-to-digital converter/converter cabinet that already has
connectivity to all radar sources. This joint use of the cabinet
reduces cost for installation and ongoing logistic support. This part
of the DRVDD is called the radar broadcast equipment (RBE) and
consists of commercial off-the-shelf central processing unit and FDDI
LAN boards. The FDDI LAN has specialized express transfer protocol
(XTP) firmware and driver and specialized radar processing boards.
Crucial to the success of this program was the analysis, design,
development, implementation, and testing of the four FDDI LANs. These
networks consist of dual-attached, dual-homed, VME-based,
fiber-distributed data interface network boards running XTP,
transmission control protocol (TCP) over the Internet protocol
(IP). To sustain the high data rates for the digitized radar and map
server, it was necessary to interface four fiber optic networks to
each console. The network team was led by Charles Suggs, Engineering,
D4121. Technical team members were Harry Gold, Mark Zabriskie, Merle
Neer, Jim Morrow, and Bob Laughlin. The card cage supporting the
tactical data computer includes the corresponding FDDI LAN boards, a
RSC, and a VME-to-VME bus bridge. The bridge connects the TDC' master
VME backplane with a secondary slave VME backplane that supports radar
data being transferred from the FDDI boards to the RSC. This approach
assures the radar system does not affect other console VME bus access
activities.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Cleaning Up Spaghetti Code vs. Getting Rid of It... Date: Jan 19, 2009 Blog: Software DevelopmentSpaghetti Code frequently starts from reasonably designed and coded implementation ... and then, over the years, fixes/features/functions are added on here and there ... w/o bothering to do a re-architecture/re-design ... just slightly tweaking here & there ... until the original is no longer recognizable.
Usually, it was never felt that any, single individual tweak justified a re-architecture/re-design/re-implementation ... until the accumulation of all the individual tweaks overwhelms the original implementation.
Over the past couple decades, there have been quite an astonishing number of failed re-engineering projects involving major legacy implementations from the 60s&70s. A frequent failure ... is that somewhere in the middle of the spaghetti there is fundamental sound design & implementation ... that is no longer discernible by the re-engineering effort (and the people responsible for the original are long gone). As a result of the magnitude of some of these re-engineering failures, the approach has come into disrepute.
A contributing factor is a number of multi-billion dollar re-engineering failures in the financial industry during the 90s. Basically, there are a lot of financial operations that started as batch implementations during the 60s & 70s. During the 70s, there started to appear "online" frontends to several of these implementations (frequently almost appearing as if it was a real-time transactions). However, the actual operation continued to be completed in the batch processed ... which were being moved to 3rd-shift/overnight operation.
With the increase in the amount of business and globalization in the late 80s and early 90s, there started to be extreme pressure being placed on the overnight batch window (more & more work needed to be done in shorter & shorter period of time). A re-engineering solution was straight-through processing ... actually run every transaction to completion ... even the parts that were currently being done in the overnight batch window.
Real-time, straight-through processing was going to offset its inefficiency (compared to the legacy batch implementations) with the use of large number of parallel "killer micros" supported by various object-oriented technologies. The issue was that the speeds&feeds of the object-oriented technologies typically represented one hundred times more overhead (compared to the batch legacy implementations), which totally swamped any anticipated throughput improvements (from using large number of "killer micros"). This was frequently compounded by lack of any speeds&feeds measurements and only discovered during scaling up initial deployments (at which point, the project would be declared a success and canceled).
For other drift ... post with regard to enabling technology during the
70s & 80s for online transactions:
https://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing
and a few related references
https://www.garlic.com/~lynn/2008p.html#28 Can Smart Cards Reduce Payments Fraud and Identity Theft?
https://www.garlic.com/~lynn/2008p.html#30 Automation is still not accepted to streamline the business processes... why organizations are not accepting newer technolgies?
https://www.garlic.com/~lynn/2008s.html#25 Web Security hasn't moved since 1995
Not necessarily spagetti code ... but x-over from (linkedin) Financial
Crime Risk, Fraud and Security
https://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors
https://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
https://www.garlic.com/~lynn/2009.html#65 The 25 Most Dangerous Programming Errors
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Slow down to go faster! Date: Jan 19, 2009 Blog: Payment Systems NetworkSlow down to go faster!
Boyd's OODA-loop paradigm (which is started to show up in some MBA programs) with emphasis iterating the loop faster than your competition. However, an issue in OODA-loop is "observe and orient" before "decide and act".
Frequently "faster" these days implies lots of distractions and inability to focus. That would defeat the "observe and orient" aspect of OODA-loop, something that is required before "decide and act".
It is necessary to focus (observe & orient) to be more efficient ... within the OODA-loop paradigm the scenario is to go as fast as possible while still being able to observe and orient.
lots of past posts & URLs from around the WEB mentioning Boyd &
OODA-loops.
https://www.garlic.com/~lynn/subboyd.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70