From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Windowed Interfaces 1981-2009 Newsgroups: alt.folklore.computers Date: Sat, 25 Apr 2009 16:05:03 -0400Larry__Weiss <lfw@airmail.net> writes:
i've mentioned before ... cp67 had support for dynamic terminal type recognition for 1052 & 2741 ... and so when I went to add TTY ... I wanted to make it consistent ... even to allowing single dial-in number for rotary pool of lines. turned out to almost work ... except for problem with 2702 actually being able to allow any terminal to connect to any port.
this difficiency somewhat was the motivation for the univ to start clone
controller project ... starting out with interdata/3, reverse
engineering channel interface, building channel interface board for
interdata/3, programming interdata/3 to emulate 2702 functions ...
misc. past posts
https://www.garlic.com/~lynn/submain.html#360pcm
there was some article that blamed four of us for the clone controller business.
for slight drift, a major motivation for FS project
https://www.garlic.com/~lynn/submain.html#futuresys
was clone controllers ... old quote:
https://www.ecole.org/en/session/49-the-rise-and-fall-of-ibm
https://www.ecole.org/en/session/49-the-rise-and-fall-of-ibm
from above:
IBM tried to react by launching a major project called the 'Future
System' (FS) in the early 1970's. The idea was to get so far ahead
that the competition would never be able to keep up, and to have such
a high level of integration that it would be impossible for
competitors to follow a compatible niche strategy. However, the
project failed because the objectives were too ambitious for the
available technology. Many of the ideas that were developed were
nevertheless adapted for later generations. Once IBM had acknowledged
this failure, it launched its 'box strategy', which called for
competitiveness with all the different types of compatible
sub-systems. But this proved to be difficult because of IBM's cost
structure and its R&D spending, and the strategy only resulted in a
partial narrowing of the price gap between IBM and its rivals.
... snip ...
and the distraction of the future system project contributed to clone
processors gaining foothold in the marketplace, old quotation from
fergus/morris book
https://www.garlic.com/~lynn/2001f.html#33
(somebody else's) fergus/morris quote (cited in above)
... that so much energy went into FS that s370 was neglected, hence
Japanese plug-compatibles got a good foothold in the market; after
FS's collapse a tribe of technical folks left IBM or when into
corporate seclusion; and perhaps most damaging, the old culture under
Watson Snr and Jr of free and vigorous debate was replaced with
sycophancy and make no waves under Opel and Akers. It's claimed that
thereafter, IBM lived in the shadow of defeat (by the FS failure),
hence, while still agressive in business practices, IBM faltered at
being aggressive in technology.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Future of Financial Mathematics? Date: Sat, 25 Apr 2009 Blog: Greater IBMFuture of Financial Mathematics?
Evil Wall Street Exports Boomed With 'Fools' Born to Buy Debt
https://www.bloomberg.com/news/articles/2008-10-27/evil-wall-street-exports-boomed-with-fools-born-to-buy-debt
from above:
The bundling of consumer loans and home mortgages into packages of
securities -- a process known as securitization -- was the biggest
U.S. export business of the 21st century. More than $27 trillion of
these securities have been sold since 2001, according to the
Securities Industry Financial Markets Association, an industry trade
group. That's almost twice last year's U.S. gross domestic product of
$13.8 trillion.
.... snip ...
a couple of long-winded, decade old posts mentioning some of the
current problems
https://www.garlic.com/~lynn/aepay3.htm#riskm
https://www.garlic.com/~lynn/aepay3.htm#riskaads
also mentions in 1989 that citigroup (largest player in the market at the time) figured out that ARM mortgage portfolio could take down the institution (and nearly did) ... and got out of the business. Much of the $27 trillion (triple-A rated) toxic CDOs are a flavor of ARM portfolio.
role forward to the current time ... and the institutional knowledge from 1989 seems to have evaporated ... in ability to evaluate large ARM portfolios packaged as toxic CDOs.
Citigroup's Place on a Roll of Shame
http://money.cnn.com/2009/04/10/news/citigroup_loomis.fortune/index.htm?postversion=2009041014
from above:
But neither competitors nor Congress liked open-bank assistance,
wondering why the institutions getting it shouldn't just be allowed to
fail. So a 1991 banking law called FDICIA, and a subsequent amendment
to a related law, essentially barred the FDIC from granting such
assistance -- except in instances of systemic risk.
... snip ...
Stay away from Citigroup
http://www.bloggingstocks.com/2008/11/28/stay-away-from-citigroup-c/
from above:
Using household terms such as "QSPEs" and "VIEs," Pandit revealed that
Citi has more than $1.2 trillion dollars in off-balance sheet
assets. These off-balance sheet entities are similar in structure to
Enron's SPVs (special purpose vehicles)
... snip ...
and/or problems with toxic CDOs valuation wasn't lack of expertise
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
and
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
related event:
The Economic Crisis and its Implications for The Science of Economics
http://www.perimeterinstitute.ca/en/Events/The_Economic_Crisis_and_Implications_for_Science/The_Economic_Crisis_and_its_Implications_for_The_Science_of_Economics/
from above:
May 1 - 4, 2009
Perimeter Institute
Concerns over the current financial situation are giving rise to a
need to evaluate the very mathematics that underpins economics as a
predictive and descriptive science. A growing desire to examine
economics through the lens of diverse scientific methodologies -
including physics and complex systems - is making way to a meeting of
leading economists and theorists of finance together with physicists,
mathematicians, biologists and computer scientists in an effort to
evaluate current theories of markets and identify key issues that can
motivate new directions for research.
... snip ...
On the other side ... there have lots of reports of business people overruling the risk department and/or instructing that the inputs be fiddled until they risk managers came up with the outputs that the business people wanted.
misc. past posts mentioning How Wall Street Lied to Its Computers
https://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#63 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009.html#80 Are reckless risks a natural fallout of "excessive" executive compensation ?
https://www.garlic.com/~lynn/2009b.html#36 A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut"
https://www.garlic.com/~lynn/2009b.html#53 Credit & Risk Management ... go Simple ?
https://www.garlic.com/~lynn/2009b.html#54 In your opinion, which facts caused the global crise situation?
https://www.garlic.com/~lynn/2009b.html#65 What can agencies such as the SEC do to insure us that something like Madoff's Ponzi scheme will never happen again?
https://www.garlic.com/~lynn/2009c.html#4 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#28 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009d.html#16 The Formula That Killed Wall Street
https://www.garlic.com/~lynn/2009d.html#18 HSBC is expected to announce a profit, which is good, what did they do differently?
https://www.garlic.com/~lynn/2009d.html#30 I need insight on the Stock Market
https://www.garlic.com/~lynn/2009d.html#36 Bernanke Says Regulators Must Protect Against Systemic Risks
https://www.garlic.com/~lynn/2009d.html#40 Bernanke Says Regulators Must Protect Against Systemic Risks
https://www.garlic.com/~lynn/2009d.html#59 Quiz: Evaluate your level of Spreadsheet risk
https://www.garlic.com/~lynn/2009e.html#8 The background reasons of Credit Crunch
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Just posted third article about toxic assets in a series on the current financial crisis. Date: 26 Apr 2009 Blog: Greater IBMre:
some additional background on electronic commerce
a little x-over with above, when we were doing our ha/cmp product,
recent post discussing some details
https://www.garlic.com/~lynn/2009f.html#66
current webpage
http://www-03.ibm.com/systems/p/software/hacmp/index.html
one of the organizations that we talked to was SIAC (since absorbed by
NYSE), part of the discussion was with regard to ha/cmp scale-up
... some old email references to ha/cmp scale-up
https://www.garlic.com/~lynn/lhwemail.html#medusa
this old post mentions an ha/cmp scale-up meeting in jan92
https://www.garlic.com/~lynn/95.html#13
as noted in the above, shortly after the above meeting, the effort was transferred and we were told we couldn't work on anything with more than four processors (not long after that we chose to leave, taking one of the early-out offers).
two of the other people (mentioned in the jan92 meeting), later show up at small client/server startup responsible for something called "commerce server" (and we were brought in to consult about doing payment transactions on their server; effort is now frequently called electronic commerce).
for a little other topic drift ... old post mentioning financial
dataprocessing
https://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing
and related:
https://www.garlic.com/~lynn/2009e.html#6 ATMs At Risk
other posts mentioning original relational/sql effort
https://www.garlic.com/~lynn/submain.html#systemr
and somewhat related post in this news item
https://www.garlic.com/~lynn/2009g.html#1 Future of Financial Mathematics?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Do the current Banking Results in the US hide a grim truth? Date: 26 Apr 2009 Blog: Equity MarketsMF: Banks Need Billions More
Bernanke Says Crisis Damage Likely to Be Long-Lasting
http://www.bloomberg.com/apps/news?pid=20601087&sid=arpJXeelvfY4&refer=home
from above (something of an understatement):
Bernanke said the packaging and sale of mortgages into securities
"appears to have been one source of the decline in underwriting
standards" because originators have less stake in the risk of a loan.
... snip ...
Bank's Hidden Junk Menaces $1 Trillion Purge
>http://www.bloomberg.com/apps/news?pid=newsarchive&sid=akv_p6LBNIdw&refer=home
from above:
So investors betting for quick solutions to the financial crisis could
be disappointed. The tangled web that banks wove over the years will
take a long time to undo.
At the end of 2008, for example, off-balance-sheet assets at just the
four biggest U.S. banks -- Bank of America Corp., Citigroup Inc.,
JPMorgan Chase & Co. and Wells Fargo & Co. -- were about $5.2
trillion, according to their 2008 annual filings.
... snip ...
The Quiet Coup
http://www.theatlantic.com/doc/200905/imf-advice
from above:
But there's a deeper and more disturbing similarity: elite business
interests -- financiers, in the case of the U.S. -- played a central
role in creating the crisis, making ever-larger gambles, with the
implicit backing of the government, until the inevitable
collapse. More alarming, they are now using their influence to prevent
precisely the sorts of reforms that are needed, and fast, to pull the
economy out of its nosedive. The government seems helpless, or
unwilling, to act against them.
... snip ...
The audacity of hope; Optimism that banks' fortunes have reached
bottom may be premature
http://www.economist.com/finance/displayStory.cfm?story_id=13496794&source=hptextfeature
from above:
More blows are coming. Banks worldwide have written down their assets
by $1.1 trillion. The final tally is expected to be double that, or
more. The pain is only now starting to spread through commercial
property and commercial loans. As a result, the first-quarter reprieve
will turn out to be a "head fake", says Chris Whalen of Institutional
Risk Analytics.
... snip ...
misc. past posts mentioning off-balance:
https://www.garlic.com/~lynn/2009.html#84 what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes?
https://www.garlic.com/~lynn/2009c.html#55 Who will give Citigroup the KNOCKOUT blow?
https://www.garlic.com/~lynn/2009c.html#61 Accounting for the "greed factor"
https://www.garlic.com/~lynn/2009c.html#65 is it possible that ALL banks will be nationalized?
https://www.garlic.com/~lynn/2009c.html#67 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009d.html#0 PNC Financial to pay CEO $3 million stock bonus
https://www.garlic.com/~lynn/2009d.html#7 Are Ctibank's services and products so vital to global economy than no other banks can substitute it?
https://www.garlic.com/~lynn/2009d.html#22 Is it time to put banking executives on trial?
https://www.garlic.com/~lynn/2009d.html#59 Quiz: Evaluate your level of Spreadsheet risk
https://www.garlic.com/~lynn/2009d.html#64 Should AIG executives be allowed to keep the bonuses they were contractually obligated to be paid?
https://www.garlic.com/~lynn/2009d.html#73 Should Glass-Steagall be reinstated?
https://www.garlic.com/~lynn/2009d.html#77 Who first mentioned Credit Crunch?
https://www.garlic.com/~lynn/2009e.html#8 The background reasons of Credit Crunch
https://www.garlic.com/~lynn/2009e.html#23 Should FDIC or the Federal Reserve Bank have the authority to shut down and take over non-bank financial institutions like AIG?
https://www.garlic.com/~lynn/2009e.html#36 Architectural Diversity
https://www.garlic.com/~lynn/2009e.html#53 Are the "brightest minds in finance" finally onto something?
https://www.garlic.com/~lynn/2009e.html#70 When did "client server" become part of the language?
https://www.garlic.com/~lynn/2009e.html#79 Are the "brightest minds in finance" finally onto something?
https://www.garlic.com/~lynn/2009f.html#25 Is FINANCE the institutionalized form whereby (smart?) elites exact payment for the rest's being...?
https://www.garlic.com/~lynn/2009f.html#31 What is the real basis for business mess we are facing today?
https://www.garlic.com/~lynn/2009f.html#35 US banking Changes- TARP Proposl
https://www.garlic.com/~lynn/2009f.html#38 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#41 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#43 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#47 TARP Disbursements Through April 10th
https://www.garlic.com/~lynn/2009f.html#49 Is the current downturn cyclic or systemic?
https://www.garlic.com/~lynn/2009f.html#65 Just posted third article about toxic assets in a series on the current financial crisis
https://www.garlic.com/~lynn/2009g.html#1 Future of Financial Mathematics?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Windowed Interfaces 1981-2009 Newsgroups: alt.folklore.computers Date: Sun, 26 Apr 2009 12:34:49 -0400Peter Flass <Peter_Flass@Yahoo.com> writes:
tty 33/35 keys were much more like mechanical typewriter ... distance that the keys had to be depressed and the force needed to depress them
2741 was effectively a higher duty-cycle (heavy duty) selectric (although not as heavy duty as 1050 or 1052 operator's console) ... but they were similar to current pc keyboards in that keys needed to be depressed very little (and took very little force to depress them).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Do the current Banking Results in the US hide a grim truth? Date: 26 Apr 2009 Blog: Equity Marketsre:
25 People to Blame for the Financial Crisis; Phil Gramm
http://content.time.com/time/specials/packages/article/0,28804,1877351_1877350_1877330,00.html
from above:
He played a leading role in writing and pushing through Congress the
1999 repeal of the Depression-era Glass-Steagall Act, which separated
commercial banks from Wall Street. He also inserted a key provision
into the 2000 Commodity Futures Modernization Act that exempted
over-the-counter derivatives like credit-default swaps from regulation
by the Commodity Futures Trading Commission. Credit-default swaps took
down AIG, which has cost the U.S. $150 billion thus far.
... snip ...
a couple long-winded posts from a decade ago that discusses some of the current isssues
https://www.garlic.com/~lynn/aepay3.htm#riskm
https://www.garlic.com/~lynn/aepay3.htm#riskaads
I've been doing some amount of work "cleaning" the OCR of scan of the
Glass-Steagall (Pecora) hearings ... from the hearings (pg. 7281):
BROKERS' LOANS AND INDUSTRIAL DEPRESSION
For the purpose of making it perfectly clear that the present
industrial depression was due to the inflation of credit on brokers'
loans, as obtained from the Bureau of Research of the Federal Reserve
Board, the figures show that the inflation of credit for speculative
purposes on stock exchanges were responsible directly for a rise in
the average of quotations of the stocks from sixty in 1922 to 225 in
1929 to 35 in 1932 and that the change in the value of such Stocks
listed on the New York Stock Exchange went through the same identical
changes in almost identical percentages.
... snip ...
there is a correspondence between the speculation in the real-estate market leveraging (ARM) loans from non-depository institutions (which used securitization as source of funds) and the speculation in the '20s stock market using brokers' loans.
Following from author of "The Quiet Coup"
The Next Big Hearing?
http://baselinescenario.com/2009/04/24/the-next-big-hearing-bill-moyers-tonight/
from above:
Bill Moyers asked me to join his conversation this week with Michael
Perino - a law professor and expert on securities law - who is working
on a detailed history of the 1932-33 "Pecora Hearings," which
uncovered wrongdoing on Wall Street and laid the foundation for major
legislation that reformed banking and the stock market.
... snip ...
other references in above:
Bill Moyers
http://www.pbs.org/moyers/journal/04242009/profile2.html
U.S. Senate backs panel to probe financial fraud
http://uk.reuters.com/article/burningIssues/idUKTRE53L77020090422
A Commission on the Economic Crisis?
http://voices.washingtonpost.com/hearing/
... and
Evil Wall Street Exports Boomed With 'Fools' Born to Buy Debt
https://www.bloomberg.com/news/articles/2008-10-27/evil-wall-street-exports-boomed-with-fools-born-to-buy-debt
from above:
The bundling of consumer loans and home mortgages into packages of
securities -- a process known as securitization -- was the biggest
U.S. export business of the 21st century. More than $27 trillion of
these securities have been sold since 2001, according to the
Securities Industry Financial Markets Association, an industry trade
group. That's almost twice last year's U.S. gross domestic product of
$13.8 trillion.
.... snip ...
a few past posts mentioning the above article:
https://www.garlic.com/~lynn/2009d.html#7 Are Ctibank's services and products so vital to global economy than no other banks can substitute it?
https://www.garlic.com/~lynn/2009d.html#9 HSBC is expected to announce a profit, which is good, what did they do differently?
https://www.garlic.com/~lynn/2009d.html#16 The Formula That Killed Wall Street
https://www.garlic.com/~lynn/2009d.html#30 I need insight on the Stock Market
https://www.garlic.com/~lynn/2009d.html#36 Bernanke Says Regulators Must Protect Against Systemic Risks
https://www.garlic.com/~lynn/2009d.html#40 Bernanke Says Regulators Must Protect Against Systemic Risks
https://www.garlic.com/~lynn/2009d.html#59 Quiz: Evaluate your level of Spreadsheet risk
https://www.garlic.com/~lynn/2009d.html#62 Is Wall Street World's Largest Ponzi Scheme where Madoff is Just a Poster Child?
https://www.garlic.com/~lynn/2009d.html#64 Should AIG executives be allowed to keep the bonuses they were contractually obligated to be paid?
https://www.garlic.com/~lynn/2009d.html#73 Should Glass-Steagall be reinstated?
https://www.garlic.com/~lynn/2009d.html#77 Who first mentioned Credit Crunch?
https://www.garlic.com/~lynn/2009e.html#8 The background reasons of Credit Crunch
https://www.garlic.com/~lynn/2009e.html#23 Should FDIC or the Federal Reserve Bank have the authority to shut down and take over non-bank financial institutions like AIG?
https://www.garlic.com/~lynn/2009f.html#31 What is the real basis for business mess we are facing today?
https://www.garlic.com/~lynn/2009f.html#35 US banking Changes- TARP Proposl
https://www.garlic.com/~lynn/2009f.html#38 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#41 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#49 Is the current downturn cyclic or systemic?
https://www.garlic.com/~lynn/2009f.html#53 What every taxpayer should know about what caused the current Financial Crisis
https://www.garlic.com/~lynn/2009f.html#56 What's your personal confidence level concerning financial market recovery?
https://www.garlic.com/~lynn/2009f.html#65 Just posted third article about toxic assets in a series on the current financial crisis
https://www.garlic.com/~lynn/2009g.html#1 Future of Financial Mathematics?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Cobol hits 50 and keeps counting Newsgroups: alt.folklore.computers Date: Sun, 26 Apr 2009 16:13:03 -0400TrailingEdgeTechnologies <bbreynolds@aol.com> writes:
I was in europe, especially paris a number of times in the early 70s (related to doing various computer installations); the closest i could come up with is in '74 in paris
was walking Champs-Elysess, the evening that election returns were being
posted on the outside of the Le Figaro bldg.
https://en.wikipedia.org/wiki/French_presidential_election,_1974
Les Halles was still big hole in the ground
https://en.wikipedia.org/wiki/Les_Halles
was also there later in the summer, including bastille day.
https://en.wikipedia.org/wiki/Bastille_Day
and went to local cinema to very popular recently released (in france,
June 26, 74) movie ... some recollection it being rated interdit treize ans,
although that isn't a currently listed rating
https://en.wikipedia.org/wiki/Motion_picture_rating_system#France
... i think it was something like
Interdit aux moins de <- smaller font 13 <- larger font ansbut was given an X-rating when later released in the US:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Just posted third article about toxic assets in a series on the current financial crisis. Date: 27 Apr 2009 Blog: Greater IBMre:
It wasn't so much CDS ... it was that they were unregulated and no provisions were made for payout ... effectively treating all incoming funds as profits (made for enormous commissions and bonuses; in a regulated insurance environment, such activity would have been viewed quite harshly)
25 People to Blame for the Financial Crisis; Phil Gramm
http://content.time.com/time/specials/packages/article/0,28804,1877351_1877350_1877330,00.html
from above:
He played a leading role in writing and pushing through Congress the
1999 repeal of the Depression-era Glass-Steagall Act, which separated
commercial banks from Wall Street. He also inserted a key provision
into the 2000 Commodity Futures Modernization Act that exempted
over-the-counter derivatives like credit-default swaps from regulation
by the Commodity Futures Trading Commission. Credit-default swaps took
down AIG, which has cost the U.S. $150 billion thus far.
... snip ...
In the session that repealed Glass-Steagall, the financial industry contributed $250M to Congress, and in the recent session that passed TARP, they contributed $2B. More recent was comment that financial industry contributed a total of $5B during the period.
Gramm and the 'Enron Loophole'
http://www.nytimes.com/2008/11/17/business/17grammside.html
from above:
Enron was a major contributor to Mr. Gramm's political campaigns, and
Mr. Gramm's wife, Wendy, served on the Enron board, which she joined
after stepping down as chairwoman of the Commodity Futures Trading
Commission.
... snip ...
Phil Gramm's Enron Favor
https://web.archive.org/web/20080711114839/http://www.villagevoice.com/2002-01-15/news/phil-gramm-s-enron-favor/
from above:
A few days after she got the ball rolling on the exemption, Wendy
Gramm resigned from the commission. Enron soon appointed her to its
board of directors, where she served on the audit committee, which
oversees the inner financial workings of the corporation. For this,
the company paid her between $915,000 and $1.85 million in stocks and
dividends, as much as $50,000 in annual salary, and $176,000 in
attendance fees, according to a report by Public Citizen
... snip ...
Greenspan Slept as Off-Books Debt Escaped Scrutiny
http://www.bloomberg.com/apps/news?pid=20601109&refer=home&sid=aYJZOB_gZi0I
from above:
That same year Greenspan, Treasury Secretary Robert Rubin and SEC
Chairman Arthur Levitt opposed an attempt by Brooksley Born, head of
the Commodity Futures Trading Commission, to study regulating
over-the-counter derivatives. In 2000, Congress passed a law keeping
them unregulated.
... snip ...
one of the articles from the period mentioned that House passed the bill ... and even before the copy of the bill was distributed in the Senate, the Senate passed it unanimously. Also Born (as chairman) must have been fairly quickly replaced by Gramm's wife (before she resigned the position to join Enron).
In the wake of ENRON, congress passed Sarbanes-Oxley, but didn't do much about the underlying problem. SOX put much of the responsibility on SEC ... but as mentioned in the Madoff hearings, SEC was quite lax in enforcement.
SOX also supposedly had SEC doing something about the rating agencies ... but there doesn't seem to have done anything but:
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
Possibly because GAO also didn't think SEC was doing anything, it
started doing a database of financial filings with problems (increased
something like 300% in period after SOX was passed)
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
misc. past posts referencing Gramm:
https://www.garlic.com/~lynn/2009c.html#38 People to Blame for the Financial Crisis
https://www.garlic.com/~lynn/2009c.html#53 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#55 Who will give Citigroup the KNOCKOUT blow?
https://www.garlic.com/~lynn/2009c.html#65 is it possible that ALL banks will be nationalized?
https://www.garlic.com/~lynn/2009d.html#10 Who will Survive AIG or Derivative Counterparty Risk?
https://www.garlic.com/~lynn/2009d.html#28 I need insight on the Stock Market
https://www.garlic.com/~lynn/2009d.html#61 Quiz: Evaluate your level of Spreadsheet risk
https://www.garlic.com/~lynn/2009d.html#62 Is Wall Street World's Largest Ponzi Scheme where Madoff is Just a Poster Child?
https://www.garlic.com/~lynn/2009d.html#63 Do bonuses foster unethical conduct?
https://www.garlic.com/~lynn/2009d.html#73 Should Glass-Steagall be reinstated?
https://www.garlic.com/~lynn/2009e.html#0 What is swap in the financial market?
https://www.garlic.com/~lynn/2009e.html#8 The background reasons of Credit Crunch
https://www.garlic.com/~lynn/2009e.html#13 Should we fear and hate derivatives?
https://www.garlic.com/~lynn/2009e.html#23 Should FDIC or the Federal Reserve Bank have the authority to shut down and take over non-bank financial institutions like AIG?
https://www.garlic.com/~lynn/2009e.html#35 Architectural Diversity
https://www.garlic.com/~lynn/2009f.html#29 What is the real basis for business mess we are facing today?
https://www.garlic.com/~lynn/2009f.html#38 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#51 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#53 What every taxpayer should know about what caused the current Financial Crisis
https://www.garlic.com/~lynn/2009g.html#5 Do the current Banking Results in the US hide a grim truth?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Just posted third article about toxic assets in a series on the current financial crisis. Date: 27 Apr 2009 Blog: Greater IBMre:
They're All Too Big to Fail
http://www.fool.com/investing/dividends-income/2009/04/08/theyre-all-too-big-to-fail.aspx
from above:
Too big to fail, too ignorant to think
Accordingly, you'd think we'd be taking steps to dramatically reduce
commercial banks' derivative exposure, right?
Wrong. Here's how the Office of the Comptroller of the Currency opened
its latest quarterly derivatives report:
The notional value of derivatives held by U.S. commercial banks
increased $24.5 trillion in the fourth quarter, or 14%, to $200.4
trillion, due to the migration of investment bank derivatives business
into the commercial banking system.
...
To put this in perspective, AIG nearly blew up the universe with
derivatives notionally worth about $2.7 trillion -- a fraction of some
of our largest banks
... snip ...
also from article: Chase: $87.4T, BofA: $38.3T, Citi: $31.9T, Goldman: $30.2T, Wells $1.5T.
FDIC's Bair: We must end too big to fail
http://money.cnn.com/2009/04/27/news/companies/fdic_bair/?postversion=2009042715
Research: No Evidence for Too Big to Fail Policy
http://www.gantdaily.com/news/11/ARTICLE/49731/2009-04-27.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Architectural Diversity Newsgroups: alt.folklore.computers,comp.arch Date: Tue, 28 Apr 2009 12:09:48 -0400Walter Bushell <proto@panix.com> writes:
bit 12 was defined to be microsecond and bit 32 was 1024/1000 second (or if counting from the other direction bit 31 was 1024/1000 second and bit 51 was microsecond).
the original definition has been extended:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dz9zr003/4.6.1.1?DT=20040504121320
from above:
____________________ _ ____ _________________ | | | | | |____________________|_|____|_________________| 0 51 64 103 The TOD clock nominally is incremented by adding a one in bit position 51 every microsecond. In models having a higher or lower resolution, a different bit position is incremented at such a frequency that the rate of advancing the clock is the same as if a one were added in bit position 51 every microsecond. The resolution of the TOD clock is such that the incrementing rate is comparable to the instruction-execution rate of the model.... snip ...
and:
from above:
The TOD clock can be inspected by executing STORE CLOCK, which causes bits 0-63 of the clock to be stored in an eight-byte operand in storage, or by executing STORE CLOCK EXTENDED, which causes bits 0-103 of the clock to be stored in bytes 1-13 of a 16-byte operand in storage. STORE CLOCK EXTENDED stores zeros in the leftmost byte, byte 0, of its storage operand, and it obtains the TOD programmable field from bit positions 16-31 of the TOD programmable register and stores it in byte positions 14 and 15 of the storage operand. The operand stored by STORE CLOCK EXTENDED has the following format: _____ _____________________________ __________ | | |Programm- | |Zeros| TOD Clock |able Field| |_____|_____________________________|__________| 0 8 112 127... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Top 10 Cybersecurity Threats for 2009, will they cause creation of highly-secure Corporate-wide Intranets? Date: 28 Apr 2009 Blog: Greater IBMslightly related to this recent discussion "Just posted third article about toxic assets in a series on the current financial crisis" ... also archived here:
we've used a number of metaphors to describe the current environment
... archived discussed in "PCI security rules may require
reinforcements" .... also archived here
https://www.garlic.com/~lynn/2009f.html#36
dual-use vulnerability metaphor
security proportional to risk metaphor
naked transaction metaphor
part of the stuff like TJX (merchant) and more recent Heartland (processor) are extremely vulnerability to insiders (since the vulnerable information is required in numerous business processes). Also part of the metaphor is that the value of the information to the merchant is some part of profit on transaction (possibly a dollar or two), and the value of the information to the processor is possibly a couple cents per transaction. The value of the information to the attackers/crooks is the credit limit or account balance .... at least a couple hundred dollars. As a result, the attackers/crooks can spend hundred times to thousand times more attacking the system as the defenders can spend protecting the system.
As mentioned, part of the x9.59 financial standard work
https://www.garlic.com/~lynn/x959.html#x959
was addressing such vulnerabilities. However, x9.59 didn't do anything about countermeasures against evesdropping, skimming, sniffing, data breaches, etc ... what X9.59 did was slightly tweak the paradigm and eliminate the usefulness of the information to the crooks (didn't prevent the crooks from getting the information, just eliminate the usefulness of the information to the crooks).
Also, the early work involving "electronic commerce" use the technology they had invented called "SSL" to hide the transaction information. This is likely the largest use of "SSL" in the world today. X9.59 eliminates the need to hide the information ... so it eliminates the need of SSL in this earlier work we had done for "electronic commerce".
As part of the "electronic commerce" activity we looked at the vulnerabilities of webserver end-points. We drew up a list of things that should be mandated for all "electronic commerce" webservers that included things like only equipment with at least EAL4 certification and all individuals with any sort of access having indepth FBI background checks and processes setup so that all human events required multi-party operations (and some amount of more checks & balances).
There were going to be millions of these ... and everyone required that level of setup. We basically got overruled. Another major vulnerability we identified was that a lot of these electronic commerce servers were using RDBMS backends. There was starting to be an alarming number of RDBMS backend exploits ... basically human mistakes, The problem was that RDBMS activity was high-skill and human intensive operations. Maintenance especially was a vulnerability point ... since it required taking down the business operations ... and the people were under constant time-pressure to get it back up as fast as possible ... that in turn contributed to frequent mistakes.
In the dual-use vulnerability metaphor, we point out that the information needs to be kept confidential and never divulged to anyone (including NEVER swiping a payment card at pos terminal) ... while at the same time the information needs to be readily available for numerous business processes. Because of the confliciting requirements, we claim that even if the planet was buried under miles of information hiding encryption ... it would still be unable to prevent information leakage.
Note that RDBMS vulnerabilities from the early 90s in electronic commerce ... didn't get a lot of press ... but they were there. Now they hare starting to get more press with things like the SQL x-system problems (a lot of it because the complexity and ease which mistakes can be made)
While lots of the exploits and vulnerabilities are well documented ... it isn't general knowledge for tens of millions of people ... which would be required to cover the hundreds of millions of possible vulnerabiles.
misc. past posts mentioning fraud, risks, threats, exploits and/or
vulnerabilities
https://www.garlic.com/~lynn/subintegrity.html#fraud
there have been some examples even where everything has been done absolutely perfectly in the current paradigm ... and it still wouldn't be enough. Given the 100-1000 times difference in the resources between the defenders (between a couple cents to a couple dollars per transactions) and the attackers (couple hundred to couple thousand per transaction) ... having done everything perfectly wouldn't be enough. For instance there have been some number of instances where backdoors were built into the boxes at manufacturing plant (at one time, in some world market segment, it may have been a significant percentage of boxes sold).
As mentioned, x9.59 didn't do anything to try and increase the protection of the information by factors of 100-1000 times at no increase in cost (to try and level the playing field between what the defenders could afford to spend and the value of the information to the attackers), what x9.59 did was eliminate the usefulness of the information to the attackers (instead of a paradigm where the information was worth 100-1000 times more to the crooks/attackers compared to the defenders ... it eliminated the value of the information to the crooks/attackers ... and therefor most of the financial motivation for the crooks to attack the system).
We also were tangentially involved in the cal. state breach notification law (which has been copied since by some number of states ... however there has been quite a bit of conflict at the federal level with breach notification legislation that is similar to cal. and breach notification legislation that eliminates the requirement for notification).
we had been brought in to help word-smith the ca. state electronic signature legislation and several of the parties were heavily involved in privacy issues. there had been in-depth, detailed privacy surveys and the number one item turned up was identity theft ... and a major component of that identity theft was various kinds of financial information breaches that resulted in fraudulent financial transactions ... which had no publicity and little or nothing was being done about it. They appeared to believe that any publicity from breach notification might provide motivation for correcting the situation.
misc. past posts related to electronic signature legislation
https://www.garlic.com/~lynn/subpubkey.html#signature
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Top 10 Cybersecurity Threats for 2009, will they cause creation of highly-secure Corporate-wide Intranets? Date: 29 Apr 2009 Blog: Greater IBMre:
The point of the security proportional to risk metaphor about the current paradigm is that the value to the crooks is worth 100-1000 times more than it is to the merchants or the processors ... i.e that the crooks/attackers can afford to outspend by 2-3 orders of magnitude attacking the system as the defenders can spend defending the system. The value of the information to the merchants and the processors is a few cents to a few dollars per account ... the value of the information to the crooks is the account balance &/or credit limit.
The analogy is that each mud hut has lots of something that is worth relatively little to each inhabitant ... but the value to the crook is that it would require for each mud hut, a massive bank vault with six foot bank thick vault doors to keep them out. What we did in X9.59 was not to try and come up of ways to turn every mud hut into a bank vault ... but instead to eliminate the value to the crooks.
When we started ha/cmp
https://www.garlic.com/~lynn/subtopic.html#hacmp
we did detailed end-to-end vulnerability study of tcp/ip ... not specifically for security ... but to try and eliminate all points of failure (regardless of kind ... nature, human mistakes, accidents, done on purpose, threats, vulnerabilities, risks, etc) ... and created a list of some number of items. I gave a presentation on it for the IETF RFC editors (internet standards organizations) at ISI combined with graduate students in security at USC.
There was an incident in the mid-90s involving the largest online service provider at the time ... where some of their internet connected boxes were failing. For two months they had nearly every internet specialist in to look at it (while it continued to fail). 60 days after it started happening, one of people flew out to buy me a hamburger after work. While I ate the hamburger, they explained the symptoms. When I was done eating, I mentioned it was several things we had identified in the late 80s, and explained a Q&D dirty fix that they applied later that night. I then tried to interest the major vendors in the problem ... but apparently since it wasn't in the press (and the largest online service provider wasn't interested in it getting into the press) ... they weren't interested in addressing it. Exactly 12 months later a small service provider started experiencing almost the same symptoms ... this time it made the press and this time, all the traditional vendors rushed to do something. After a month or so all the major vendors were patting themselves on the back on how quickly they had reacted (to that single symptom).
As an aside, the internal network ... some past posts
https://www.garlic.com/~lynn/subnetwork.html#internalnet
was larger than the arpanet/internet from just about the beginning until possibly late 85 or early 86. One of the differences with the internal network was that all links (leaving corporate premise) required encrypted links. One of the comments in the mid-80s was that the internal network had over half of all link encryptors in the world.
Also during that period, I had HSDT project that included a high-speed
backbone
https://www.garlic.com/~lynn/subnetwork.html#hsdt
that NSF was interested in using (what we were doing) for the NSFNET
backbone (tcp/ip was technology basis for modern internet, NSFNET
backbone was operational precursor to the modern internet, and CIX was
the business basis for the modern internet). However, corporate
politics got in the way and we were prohibited from participation. The
head of NSF tried to help by sending a letter to the company (copying
the CEO) but that just aggravated the internal politics (it included
things like what we were already running was at least five yrs ahead
of all bid submissions to build something new for NSF). ... misc. old
NSF related email from the period
https://www.garlic.com/~lynn/lhwemail.html#nsfnet
Infosec 2009: Poor application security causes 62% of data breaches, study finds
http://www.computerweekly.com/Articles/2009/04/29/235816/infosec-2009-poor-application-security-causes-62-of-data-breaches-study.htm
In the naked transaction metaphor ... with regard to the existing payment paradigm ... we discuss that the transactions are vulnerable everywhere they exist ... and they exist in billions of places. as a result there are enormous number of different opportunities for exploits of all kinds. The enormous difference in the value of the information to the defenders vis-a-vis attackers (security proportional to risk metaphor) ... further aggravates the circumstances.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Cobol hits 50 and keeps counting Newsgroups: alt.folklore.computers Date: Wed, 29 Apr 2009 10:36:19 -0400Confessions of a Cobol programmer; Don't laugh. Intrepid young programmers are using dusty old Cobol to boost their careers. Some of them even like it
from above:
Some 75% of the world's businesses data is still processed in Cobol, and
about 90% of all financial transactions are in Cobol, according to Arunn
Ramadoss, head of the academic connections program at Micro Focus
International PLC, which provides software to help modernize Cobol
applications.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Wed, 29 Apr 2009 10:42:08 -0400Old-school programming techniques you probably don't miss
from above:
11 skills and tactics that every programmer once needed to master
... and today can blissfully forget
... snip ...
items from article:
Sorting algorithms and other hand-code fiddly stuff
Creating your own graphical user interfaces
Go To and spaghetti code
Manual multithreading and multitasking
Self-modifying code
Memory Management
Punch cards and other early development environments
Pointer math and date conversions
Hungarian notation and other language limitations
Doing strange things to make code run faster
Being Patient
...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Top 10 Cybersecurity Threats for 2009, will they cause creation of highly-secure Corporate-wide Intranets? Date: 29 Apr 2009 Blog: Greater IBMre:
One of the problems with HSDT was getting encryption to support "high speed" links ... which was non-trivial at the time. I like to use the following example from the mid-80s. I had gotten blamed for online computer conferencing on the internal network in the late 70s & early 80s. TOOLSRUN somewhat grew out of corporate investigation into what I was doing (started out with IBMVM, then IBMPC, then lots of other things). One friday before I left for a business trip to the other side of the pacific (to talk to vendors about getting high-speed hardware for HSDT project), somebody in the communication group sent out announcement for a new online computer conference to discuss networking. As part of the announcement, they included the following definition:
low-speed <9.6kbits medium-speed 19.2kbits high-speed 56kbits very high-speed 1.5mbitsthe following monday on the wall of a conference room in the far east:
low-speed <20mbits medium-speed 100mbits high-speed 200-300mbits very high-speed >600mbitsmisc. past posts mentioning the above:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Confessions of a Cobol programmer Date: Wed, 29 Apr 2009 Blog: Payment Systems NetworkConfessions of a Cobol programmer
from above:
Some 75% of the world's businesses data is still processed in Cobol,
and about 90% of all financial transactions are in Cobol,
... snip ...
Long ago and far away, my wife had been con'ed into going to POK to be
in charge of loosely-coupled architecture. While there, she created
the Peer-Coupled Shared Data architecture ... but except for IMS
hot-standby, saw little uptake (until much more recently with
SYSPLEX), which contributed to her not staying in the position very
long.
https://www.garlic.com/~lynn/submain.html#shareddata
More recently we had some discussions with a major financial
transaction system and they attributed their 100% availability over an
extended number of years to
1) IMS hot-standby
2) automated operator
IMS is another legacy technology (originated in 1960s NASA program)
... but is also being extensively used in financial processing ... IMS
wiki page
https://en.wikipedia.org/wiki/Information_Management_System
above makes references that "chances are that withdrawing money from an automated teller machine (ATM) will trigger an IMS transaction".
Old email mentioning Gray trying to hand-off consulting to IMS
development group when he left SJR:
https://www.garlic.com/~lynn/2007.html#email801016
in this post:
https://www.garlic.com/~lynn/2007.html#1 "The Elements of Programming Style"
as well as picking up contacts with banking institutions (like BofA)
that were starting to get interested in relational databases
(System/R) ... misc. posts mentioning original relational/SQL
https://www.garlic.com/~lynn/submain.html#systemr
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: USAF officers slammed for pranging Predators on manual Newsgroups: alt.folklore.computers Date: Wed, 29 Apr 2009 13:07:48 -0400for the fun of it ...
USAF officers slammed for pranging Predators on manual
http://www.theregister.co.uk/2009/04/29/young_usaf_predator_pilot_officer_slam/
from the above:
A senior Pentagon official has delivered a stinging attack on the US Air
Force, saying that its philosophy of using fully qualified human pilots
to handle unmanned aircraft at all times has resulted in unnecessary,
expensive crashes. By contrast, US Army drones with auto-landing
equipment and cheaply-trained operators have an enviable record
... snip ...
... and ...
The US Army has a differing philosophy: it's "Sky Warrior" variant of
the Predator is intended to land itself automatically, and the
present-day Shadow has such kit already. Army drones are controlled by
noncomissioned tech specialists who, while fully trained and qualified
for their job, have no airborne stick time in regular aircraft. They are
always in theatre with the rest of the troops.
... snip ...
almost a Boyd'ism
https://www.garlic.com/~lynn/subboyd.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: 20 Years of AOL Annoyances and Foul-Ups Newsgroups: alt.folklore.computers Date: Wed, 29 Apr 2009 14:20:42 -040020 Years of AOL Annoyances and Foul-Ups
from above ...
Once upon a time--two decades ago this year, actually--a startup called
Quantum Computer Services changed the name of its moderately popular
online service to America Online and added a cheery e-mail notification
recorded by an employee's husband: "You've got mail!"
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Top 10 Cybersecurity Threats for 2009, will they cause creation of highly-secure Corporate-wide Intranets? Date: 29 Apr 2009 Blog: Greater IBMre:
See latest post/addition to thread. note the reference to the internal
network.
https://www.garlic.com/~lynn/subnetwork.html#internalnet
the univ network "BITNET" was originated and supported by the
corporation in the early 80s ... as for a period was also larger than
the arpanet/internet
https://www.garlic.com/~lynn/subnetwork.html#bitnet
with a watered down version of the technology used in the internal network. Almost exactly 12 months prior to the morris worm ...there was a worm on bitnet (which didn't get the same amount of press)
I mentioned that we did detailed threat and vulnerability study as
part of ha/cmp project in the late 80s
https://www.garlic.com/~lynn/subtopic.html#hacmp
besides tcp/ip specific threats and vulnerabilities (malicious attacks
was just a small subset of what we considered to be threats and
vulnerabilities) ... we also looked at the general environment. One of
the things we identified was implementation characteristics of the C
language would result in larger number of buffer overflows ... not
just in past code ... but ongoing nearly forever as long was existing
C language was being use. Lots of past posts in buffer overflow
https://www.garlic.com/~lynn/subintegrity.html#overflow
The original mainframe tcp/ip implementation was done in
vs/pascal. This is past posts mentioning the base implementation only
getting about 44kbytes/sec thruput and using nearly a full 3090 cpu
doing. I added rfc 1044 support and in tuning tests at cray research
between a cray and 4341, I hit channel thruput limitations
(1mbyte/sec) using only a modest amount of 4341 processor.
https://www.garlic.com/~lynn/subnetwork.html#1044
Note that none of the vs/pascal implementations were prone to the buffer overflow exploits that are found everywhere in C language implementations.
This is past post mentioning a couple yrs ago, Jim Gray badgering me
into interviewing for position of Chief Security Architect in redmond
... the interview went on for a couple weeks ... but couldn't come to
agreement regarding moving to redmond (we had been there in the past
on temp. assignment in seattle area and my wife had a bad case of
SAD).
https://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Top 10 Cybersecurity Threats for 2009, will they cause creation of highly-secure Corporate-wide Intranets? Date: 29 Apr 2009 Blog: Greater IBMre:
vs/pascal had lots of enhancements ... it was originally developed at
the Los Gatos VLSI lab for VLSI tools and was used in many industrial
strength applications ... including original mainframe TCP/IP
... again reference to work I did for rfc 1044
https://www.garlic.com/~lynn/subnetwork.html#1044
which had none of the buffer overflow problems common in
implementations using C language
https://www.garlic.com/~lynn/subintegrity.html#overflow
the above includes references to some analysis that I've done of the
CVE database and also badgering Mitre & NIST to improve classification
of entries ... so it was easier to classify vulnerabilities &
exploits.
https://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
https://www.garlic.com/~lynn/2004j.html#58 Vintage computers are better than modern crap !
https://www.garlic.com/~lynn/2004q.html#74 [Lit.] Buffer overruns
as an aside, vs/pascal was also ported to workstation platform ... in addition to its original mainframe implementation.
PLI had similar characteristics to Pascal from the standpoint of
handling buffers and storage ... and major difference from C. Multics
was implemented in PLI and here is reference to study that it didn't
have any overflow problems (either) ... aka it was about as hard to
have overflows in PLI or Pascal ... as it was easy to have them in C.
https://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation
https://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from the Multics Security Evaluation
https://www.garlic.com/~lynn/2002l.html#45 Thirty Years Later: Lessons from the Multics Security Evaluation
study was at
http://domino.watson.ibm.com/library/cyberdig.nsf/papers/FDEFBEBC9DD3E35485256C2C004B0F0D/$File/RC22534.pdf
but is now at:
http://www.acsac.org/2002/papers/classic-multics.pdf
now after I left, as part of IBM moving to COTS VLSI tools ... several of the internal VLSI tools were being made available to outside VLSI tool company. One of these was a >50,000 statement vs/pascal tool. I got a contract to port it to another vendor platform with their own Pascal. This other platform appeared to have pascal implementation that had never been used for other than student & teaching activities. To make it worse, the vendor had outsourced their pascal product to a operations that was located 12 times zones away (so every problem interaction i had with the vendor required minimum of 24hr turnaround).
Turns out that group (12 time zones away) was a spinoff of a
former gov. organization. A relative recently visited there and
brought me back some souvenirs ... reference here:
https://www.garlic.com/~lynn/2006r.html#48
there are all sorts of explanation regarding why people could avoid
making mistakes in C ... but there have constantly continued to be an
enormous number of such mistakes ... which can be contrasted to PASCAL
& PLI where such mistakes are extremely rare. My frequent analogy is
that when a section of highway has had as many accidents as there have
been C language buffer overflow accidents ... such highway sections
are redesigned to drastically reduce the accidents (and there are lots
of examples of other languages where such accidents are nearly
non-existent).
https://www.garlic.com/~lynn/subintegrity.html#overflow
I wasn't responsible for the 1st generation of tcp/ip on os/390.
However, that implementation had (at least) two issues:
1) as I mentioned, the original implementation had some serious performance implementation issues. that is why it got only 44kbytes/sec thruput using a full 3090 processor ... and why I was able to do the RFC 1044 support that got channel thruput (1mbyte/sec) between a cray and a 4341 ... using only small amount of 4341 processor (almost a factor of 1000 times improvement in the number of bytes moved per instruction executed).
The really slow performance and high processor utilization of the original implementation wasn't an attribute of vs/pascal (example was that with relatively little effort I was able to get a improvement of one thousand times ... still all done in vs/pascal)
2) the original implementation was done on vm/370 using a diagnose instruction into the vm kernel for some functions. For the original implementation to os/390, they effectively took the unmodified vm370 code and moved it to os/390 by writing a diagnose simulation for the vm/370 functions. This suffered from both the enormous pathlength inefficiency of the original, base vm370 implementation ... plus the relatively ugly way that it was crafted into os/390.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: IBM forecasts 'new world order' for financial services Date: 29 Apr 2009 Blog: Greater IBMIBM forecasts 'new world order' for financial services
from above:
An IBM survey of over 2750 banking executives worldwide forecasts a
new world order for the financial services industry, characterised by
a shift to specialisation, more transparency and lower overall
returns.
... snip ...
some reference to this post
https://www.garlic.com/~lynn/2009g.html#15
related thread from a.f.c. news group in thread about "Cobol hits 50
and keeps counting"
https://www.garlic.com/~lynn/2009f.html#60
one aspect is that payment fees have avg. nearly 40% of revenue for financial institutions (and possibly 60% for some institutions) ... and the whole battle over interchange fees .... which have tended to be related to level of fraud. There have been some issues that technologies that significantly reduced fraud ... might also then significantly reduce such revenue. a little of that is slightly touched on here:
How the Banks Plan to Limit Credit-Card Protections
http://www.time.com/time/politics/article/0,8599,1894041,00.html
from above:
the real fight begins this week, and it's about to get ugly, as
Democrats enter negotiations with banks and both sides test the
resilience of each other's initial, aggressive postures.
... snip ...
An earlier post in the same thread:
https://www.garlic.com/~lynn/2009f.html#55
discusses that there were some very large financial re-engineering efforts in the 90s that were major failures (contributing to why there are still so much cobol legacy application code still running).
This post discusses some of the issues regarding the transition of the
80s dial-up online banking to internet online banking (in the 90s) and
some of those implications (in linkedin payment system network
thread):
https://www.garlic.com/~lynn/2009f.html#7
with regard to the "new world order" it mentions financial industry possibly moving to more outsourcing. also mentions too big to fail related effectively to lots of rogue activity during the last decade of deregulation and lax regulation enforcement.
for other topic drift ... recent reference to doing some tuning work
on a >450k statement cobol application that runs every night on 40+
max configured mainframe systems
https://www.garlic.com/~lynn/2009e.html#76
a for something really different ... the wiki ims page had a pointer
this:
http://www.youtube.com/watch?v=x98hgieE08o
if you play the above ... there is something about IMS doing 50 million transactions per day. However, in the blog comments, somebody comments that it may be more like 50 billion ... since they work for a company that does over 40+ million IMS transactions/day (so all IMS should be a lot larger)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: IBM forecasts 'new world order' for financial services Date: 30 Apr 2009 Blog: Greater IBMre:
on the outsourcing side of the question ... some of the issue is whether it represents a competitive and institutional differentiation.
a couple yrs ago, i took a proposal to FSTC to do a industry project
for a new payment system implemtation.
http://www.fstc.org/
FSTC talked the proposal over with the members and turned it down with the comments that the major members felt that payment systems were institutional differentiation and didn't want to have a shared industry standard implementation. This is somewhat analogous to difference between COTS (commercial off the shelf) and RYO (roll your own).
Note, FSTC was outgrowth of some legislation change in the early 90s to promote national competitiveness ... which included promoting technology transfer programs from gov. agencies (we had done some consulting with one of the people responsible when it was being set up)
Possibly related to BI technology ... there is this profile/article
over in greaterIBM ibmconnection.com ... that I've duplicated here
(for those not registered on ibmconnection)
https://www.garlic.com/~lynn/ibmconnect.html
We've used the technology for complex information like "cleaning" legacy databases that may have evolved over a period of decades (looking for dirty data as exceptions to required patterns).
Simpler demonstration is that we use it to manage repository of
internet standards information. as standards changes, the information
is loaded and then checked against a whole lot of consistency rules
that are represented as patterns. Then a set of static HTML pages are
generated which can be found here:
https://www.garlic.com/~lynn/rfcietff.htm
We also use it for managing various "merged" taxonomies and glossaries
in a number of areas (security, payments, financial, privacy) where an
attempt is made to organize how to "think" about the subject. What is
available on the website are generated static HTML pages
https://www.garlic.com/~lynn/index.html#glosnote
this is long-winded, decade old post discussing some of the current
financial problems ... along with reference to having looked at
copyrighting the term "business science"
https://www.garlic.com/~lynn/aepay3.htm#riskm
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: PGP Extends Encryption To IBM i For Power Systems Date: 30 Apr 2009 Blog: Greater IBMPGP Extends Encryption To IBM i For Power Systems
from above:
PGP Command Line for IBM Power Systems helps enterprises integrate and
automate business information security with end-to-end encryption
... snip ...
PGP originally started out with public key encryption for email. from
long ago and far away some email discussing doing a PGP-like
public-key implementation
https://www.garlic.com/~lynn/2007d.html#email810506
https://www.garlic.com/~lynn/2006w.html#email810515
for email on the internal network ... misc. past posts mentioning
internal network
https://www.garlic.com/~lynn/subnetwork.html#internalnet
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Architectural Diversity Newsgroups: alt.folklore.computers,comp.arch Date: Thu, 30 Apr 2009 13:25:14 -0400Walter Bushell <proto@panix.com> writes:
we had been called in to consult with small client/server startup that
wanted to do payment transactions on their server and they had invented
this technology called SSL they wanted to use. part of the
infrastructure was something called a payment gateway ... misc. past
posts
https://www.garlic.com/~lynn/subnetwork.html#gateway
which had internet on one side and the payment network on the other side ... handling transactions from webservers on the internet side and payment processing on the payment network side (and then returning responses).
somewhat as a result, in the mid-90s, we were invited to participate in
the x9a10 financial standard working group which had been given the
requirement to preserve the integrity of the financial infrastructure
for ALL retail payments (ALL, debit, credit, stored-value, giftcard,
internet, POS, attended, unattended, contract, contractless, wireless,
transit turnstyle, low-value, high-value, ALL). the result was
x9.59 standard ... some reference
https://www.garlic.com/~lynn/x959.html#x959
about the same time there were some other industry activity to do a payment specification that was internet specific. when it was initially published ... we did a crypto operations profile and a business operation profile. we then got somebody to do benchmark for the crypto operations profile on a number of platforms. turns out that they used a crypto BSAFE library that they had enhanced to run 4* faster. When I reported the numbers, there was a claims that they were 100 times too slow (when they should have commented that they were 4* too fast). About six months later ... when there was prototype code available (and the BSAFE speedups had been given back to RSA), the profile benchmarks were within a couple percent of measured. It turns out that the actual processor use of being 100 times larger than expected ... was a major inhibitor for the uptake of the specification.
The other issue was the way that the specification made use of public key infrastructure and the specification that all transactions not only required public keys operations but also that things called "public key certificates" be appended to each transaction. These appended data typically ranged from 4kbytes to 12kbytes.
"certificates" effectively have design point to address the first-time communication between strangers ... i.e. the electronic equivalent of the letters of credit/introduction from sailing ship days (when there was no other sources of information about who was being dealt with).
the issue in payments, was that there is already an established
relationship between a cardholder and the cardholders financial
institution ... and so any appended certificates were redundant and
superfluous ... in addition represented a factor of 100 times bloat in
payload size (besides the processor 100 times in processing) ...
some past posts
https://www.garlic.com/~lynn/subpubkey.html#bloat
so the issue about saving a byte or two in payment transaction payload ... sort of was drawfed by effort to add 4k-12k bytes of useless, redundant, and superfluous information to every transaction.
later there was an effort in standardization committee to try and come up with a defintion for compressed certificates ... recognizing that trying to add 4k-12k bytes of useless, redundant and superfluous information to every (60-80 byte) payment transaction would be a problem ... so the objective was to try and reduce the amount of useless, redundant and superfluous information to only 300 bytes.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Top 10 Cybersecurity Threats for 2009, will they cause creation of highly-secure Corporate-wide Intranets? Date: 30 Apr 2009 Blog: Greater IBMre:
In the past, we viewed dealing with malicious and/or attacks as just part of industrial strength dataprocessing ... along with natural disasters, human mistakes, software &/or hardware failures.
A lot of the current infrastructure is low-end, consumer products (that were never designed or built for handling industrial strength dataprocessing) being pushed into industrial and commercial environments.
During ha/cmp product ... we had done detailed threat & vulnerability
of tcp/ip protocol/implementation as part of looking at how systems
might fail (not limited to malicious behavior and/or attacks). Some
past posts mentioning ha/cmp
https://www.garlic.com/~lynn/subtopic.html#hacmp
product website
http://www-03.ibm.com/systems/p/software/hacmp/index.html
Also, as part of ha/cmp activity, I was asked to write a section for
the corporate continuous availability strategy document
... however, both Rochester and POK complained that (at the time) they
couldn't meet the specification and that section was pulled. When we
were out marketing HA/CMP, I coined the terms disaster survivability
and geographic survivability to differentiate from disaster/recovery
https://www.garlic.com/~lynn/submain.html#available
I've periodically mentioned having done such stuff even as an
undergraduate ... some even involved in this (but never found out
about until much later).
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml
Sometime later, after joining the company, a new CSO was hired (that had been head of presidential detail in former life), I got assigned to run around with him for some time providing information about computer security ... and some amount of physical security rubbed off on me.
As an aside, i do a number of merged taxonomies and glossaries
... trying to help organize how to think about a subject ... reference
here
https://www.garlic.com/~lynn/index.html#glosnote
including security ... reference from above:
Security
Terms merged from: AFSEC, AJP, CC1, CC2, CC21, CIAO, FCv1, FFIEC, FJC,
FTC, GAO reports, GSA, IATF V3, IEEE610, ITSEC, Intel, JTC1/SC27,
KeyAll, MSC, NIST 800-30, 800-33, 800-37, 800-53, 800-60, 800-61,
800-63, 800-77, 800-82, 800-83, 800-94, 800-103, 800-115, FIPS140,
NIST IR 7298 Glossary (containing terms from the following FIPS
documents: 140-2, 181, 185, 188, 191, 196, 197, 198, 200, 201; and the
following 800 documents: 12, 15, 16, 18, 19, 21, 24, 26, 27, 28, 30,
32, 33, 34, 35, 36, 37, 38, 40, 41, 44, 46, 47, 48, 49, 50, 53, 55,
56, 57, 58, 59, 61, 64, 65, 66, 67, 72, 79, 83, 88, 90, 94, 103),
NASA, NCSC/TG004, NIAP (& CC), NSA Intrusion, CNSSI 4009, online
security study, RFC1983, RFC2504, RFC2647, RFC2828, TCSEC, TDI, TNI,
vulnerability testing and misc.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: New standard for encrypting card data in the works; backers include Heartland Date: 30 Apr 2009 Blog: Financial Crime Risk, Fraud and SecurityNew standard for encrypting card data in the works; backers include Heartland
from above:
ASC X9 standards body launching encryption initiative with breached
payment processor Heartland Payment Systems playing a big role
... snip ...
and ...
Merchant Group Pushes Card-Security Standard in Parallel to PCI
http://www.digitaltransactions.net/newsstory.cfm?newsid=2198
from above:
MAG concerns itself with everything from interchange and pricing to
member education, but the group's first high-profile initiative is
data security. MAG is the prime force behind an effort by the
Accredited Standards Committee X9 (ASC X9) to develop a new standard
to protect cardholder data. ASC X9 is accredited by the American
National Standards Institute (ANSI), a body that sets voluntary
standards for members of a broad range of industries. For example, ASC
X9 helped develop standards for credit card magnetic stripes and ATM
systems.
... snip ...
note that the magstripe and ATM system work was earlier at Los Gatos
lab ... reference here in item from last month about ATMs At Risk
... also archived here
https://www.garlic.com/~lynn/2009e.html#6
along with wiki reference about ATM machine
https://en.wikipedia.org/wiki/IBM_3624
and magstripe
https://en.wikipedia.org/wiki/Magnetic_stripe
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Architectural Diversity Newsgroups: alt.folklore.computers,comp.arch Date: Fri, 01 May 2009 08:26:17 -0400jmfbahciv <jmfbahciv@aol> writes:
for payment cards transaction ... was also bandwith and misc. other x9.15 (merchant to acquiring standard) and then incorporated into iso8513 ... transaction size could be down to almost 40 bytes.
most of those terminals are 1200 baud (from 80s). at one point there was some look upgrading to 28kbit modems ... but the "sync" time for initial connect turned out to be longer than total elapsed time using 1200 baud modems (in fact 1200 baud sync time is usually longer than the rest of the transaction).
things like this that had to be considered by the x9a10 financial standard working group when doing x9.59 (having been given the requirement to preserve the integrity of the financial infrastructure for ALL retail payments).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Flawed Credit Ratings Reap Profits as Regulators Fail Investors Date: 1 May 2009 Blog: Greater IBMFlawed Credit Ratings Reap Profits as Regulators Fail Investors
in the congressional hearings into the rating agencies last fall, several times it was mentioned that the rating agencies' business model had become mis-aligned in the early 70s when they changed from the buyers paying for the ratings to the sellers paying for the ratings (opening things up for conflict of interest). It was also mentioned several times that both the sellers/issuers of toxic CDOs and the rating agencies knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers/sellers were paying for the triple-A ratings.
Toxic CDOs (securitized mortgages) date back to at least the S&L crisis ... but getting triple-A ratings significantly increased the institutions that would deal in the instruments ... as well as the money available to the issuers. Unregulated, non-depository loan originators were using toxic CDOs as a source of funds ... so getting triple-A ratings significantly increased the amount of money they had for lending.
The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html
from above:
Watsa's only sin was in being a little too early with his prediction
that the era of credit expansion would end badly. This is what he said
in Fairfax's 2003 annual report: "It seems to us that securitization
eliminates the incentive for the originator of [a] loan to be credit
sensitive. Prior to securitization, the dealer would be very concerned
about who was given credit to buy an automobile. With securitization,
the dealer (almost) does not care."
... snip ...
Bernanke Says Crisis Damage Likely to Be Long-Lasting
http://www.bloomberg.com/apps/news?pid=20601087&sid=arpJXeelvfY4&refer=home
from above (something of an understatement):
Bernanke said the packaging and sale of mortgages into securities
"appears to have been one source of the decline in underwriting
standards" because originators have less stake in the risk of a loan.
... snip ...
And per above ... with securitization (and triple-A ratings), the unregulated, non-depository loan originators no longer had to pay attention to loan quality/qualification (they only had to worry about how fast they could write the loans). Speculators found no-down, no-documentation, 1% interest only payment ARMs extremely attractive, since the carrying cost was much less than real-estate inflation in many parts of the country.
With the repeal of Glass-Steagall, regulated depository institutions were actually providing lots of the funding for such lending, with their investment banking arms buying up a lot of the toxic CDOs.
Evil Wall Street Exports Boomed With 'Fools' Born to Buy Debt
https://www.bloomberg.com/news/articles/2008-10-27/evil-wall-street-exports-boomed-with-fools-born-to-buy-debt
from above:
The bundling of consumer loans and home mortgages into packages of
securities -- a process known as securitization -- was the biggest
U.S. export business of the 21st century. More than $27 trillion of
these securities have been sold since 2001, according to the
Securities Industry Financial Markets Association, an industry trade
group. That's almost twice last year's U.S. gross domestic product of
$13.8 trillion.
... snip ...
Interactive Data launches Options Volatility Service
http://enterpriseapplications.cbronline.com/news/interactive_data_launches_options_volatility_service_010509
In January, there was some news items that gov. was using Interactive Data to value the toxic CDOs/assets being held by regulated, depository institutions.
Interactive Data had started as a (virtual machine) CP67 commercial time-sharing service bureau (disclaimer: I had interviewed with them in the late 60s, but didn't join). They relatively quickly moved up the value stream providing financial information on their service. Their website mentions that in the early 70s, they bought the pricing service division from one of the rating agencies (about the time the congressional testimony said that the rating agencies business process became mis-aligned and were opened up to conflict of interest.).
Long-winded, decade old post (jan 1999) that discuss some of the current issues:
https://www.garlic.com/~lynn/aepay3.htm#riskm
https://www.garlic.com/~lynn/aepay3.htm#riskaads
misc. recent posts mentioning Bernanke's comment about damage
likely to be long-lasting:
https://www.garlic.com/~lynn/2009f.html#43 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#47 TARP Disbursements Through April 10th
https://www.garlic.com/~lynn/2009f.html#49 Is the current downturn cyclic or systemic?
https://www.garlic.com/~lynn/2009f.html#53 What every taxpayer should know about what caused the current Financial Crisis
https://www.garlic.com/~lynn/2009f.html#56 What's your personal confidence level concerning financial market recovery?
https://www.garlic.com/~lynn/2009f.html#65 Just posted third article about toxic assets in a series on the current financial crisis
https://www.garlic.com/~lynn/2009g.html#3 Do the current Banking Results in the US hide a grim truth?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Halifax faces legal challenge on chip-and-pin security Date: 1 May, 2009 Blog: Greater IBre:
more coverage:
Chip-and-PIN security goes on trial
http://www.securecomputing.net.au/News/143759,chipandpin-security-goes-on-trial.aspx
'Phantom' withdrawal case concludes in U.K. court; A Halifax bank
defends chip-and-PIN, while the plaintiff argues his cash card could
have been cloned
http://www.networkworld.com/news/2009/050209-lexisnexis-says-its-data-was.html
from above:
A one-day trial that raises questions about the security of cash cards
used in the U.K. and Europe concluded Thursday, with a decision
expected in about a month.
...
The liability rules are different for phantom withdrawal cases in the
U.K. than in the U.S., where banks must directly prove fraud in order
to reject a claim. In the U.K., that responsibility is on the
customer, and banks tend to steadfastly maintain there are no security
issues with their systems.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Transparency and Visibility Date: 1 May 2009 Blog: Greater IBMre:
In the congressional Madoff hearings, the person that tried unsuccessfully for a decade to get the SEC to do something about Madoff, had a repeated theme that crooks and fraud thrive where there is a lack of transparency and visibility. They mentioned that there is requirement for new regulation, but much more important is transparency and visibility.
Also related to the congressional hearings into the rating agencies, there were side comments that regulation is much easier when business processes are aligned (i.e. regulation is much easier when people are incented to do the right thing ... but becomes much harder when the business processes are misaligned and people are incented to do the wrong thing).
We had been brought in to consult with a small client/server startup
that wanted to do payment transactions on their server (and they had
invented this technology called SSL they wanted to use). The result of
that effort is now frequently called "electronic commerce". Somewhat
as a result, in the mid-90s we were asked to participate in the x9a10
financial standard working group, which had been given the requirement
to preserve the integrity of the financial infrastructure for all
retail payments. the result was the x9.59 financial standard
https://www.garlic.com/~lynn/x959.html#x959
Somewhat as a result of the x9.59 standards work, we were invited into NSCC (since merged with DTC to become DTCC) to look at doing something similar for trader operations. That effort was suspended after it appeared that a side-effect of the integrity work would have been significant increase in transparency and visibility of trader operations (which appears to not be part of the trader culture).
misc. recent references to NSCC/DTCC:
https://www.garlic.com/~lynn/2009b.html#35 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#65 What can agencies such as the SEC do to insure us that something like Madoff's Ponzi scheme will never happen again?
https://www.garlic.com/~lynn/2009b.html#80 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#1 Audit II: Two more scary words: Sarbanes-Oxley
https://www.garlic.com/~lynn/2009d.html#47 Bernard Madoff Is Jailed After Pleading Guilty -- are there more "Madoff's" out there?
https://www.garlic.com/~lynn/2009e.html#15 The background reasons of Credit Crunch
https://www.garlic.com/~lynn/2009e.html#36 Architectural Diversity
https://www.garlic.com/~lynn/2009e.html#53 Are the "brightest minds in finance" finally onto something?
https://www.garlic.com/~lynn/2009f.html#45 Artificial Intelligence to tackle rogue traders
https://www.garlic.com/~lynn/2009f.html#67 Just posted third article about toxic assets in a series on the current financial crisis
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Fri, 01 May 2009 21:41:35 -0400"Chris Burrows" <cfbsoftware@hotmail.com> writes:
problems were that 370 instructions could generate 4 state conditions ... and some highly optimized kernel sequences made use of capability ... conversion to if/then/else type sequences sometimes looked significantly less understandable and convoluted than the original highly optimized branch instruction sequences.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: OODA-loop obfuscation Date: 2 May 2009 Blog: Greater IBMre:
a lot of this seems quite straight forward ... of course, one of the things that i did as an undergraduate in the 60s, was dynamic adaptive resource management. this required re-engineering operating system kernels with instrumentation to provide the necessary visibility to correctly make resource management decisions.
later, I was taken with Boyd & OODA-loops and sponsored his briefings at IBM in the early 80s. I've pontificated how CDOs obfuscate the "observe" in Boyd's Observe, Orientate, Decide, Act paradigm.
misc. past posts mentioning Boyd
https://www.garlic.com/~lynn/subboyd.html#boyd
misc. URLs from around the web mentioning Boyd
https://www.garlic.com/~lynn/subboyd.html#boyd2
there have been a few articles trying to lay the blame on inadequate and/or incorrect risk models. However, that also seems to be obfuscation. there have been quite a bit more articles about business people overriding &/or ignoring the risk managers in the last decade. there have also been stories about the business people instructing the risk department to fiddle the inputs until they got the desired outputs (i.e. the GIGO scenario; garbage-in, garbage-out), exp:
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
and
Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
securitised ARM toxic CDOs effectively can be treated like an ARM
portfolio. long-winded, decade old post
https://www.garlic.com/~lynn/aepay3.htm#riskm
mentions in 1989, citibank doing the analysis that their ARM portfolio (largest in the business at the time) could take down the institution (and nearly did). This motivated them to get out of the business. Roll forward to the current period and all that institutional knowledge appeared to have evaporated (and/or the part of institution dealing in triple-A rated, toxic CDOs had no experience in the underlying components).
another way of viewing the whole infrastructure (besides triple-A rated, toxic CDOs obfuscating what was going on) was that it created a whole lot of additional transactions ... some analogy to stock portfolio managers "churning" accounts with transactions to inflate commissions.
The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice
from above:
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
the obfuscated transactions appears to have spiked the wall street bonuses by something like a factor of four times during the period (over and above the additional fees and commissions generated).
Another example is that it is claimed that Bear-Stearns and Lehman had
only slight chance of surviving playing long/short mismatch (which has
been known for centuries to take down institutions, independent of the
heavy leveraging and dealing in toxic CDOs).
http://www2.marketwire.com/mw/mmframe?prid=441535&attachid=850879
from above:
"In 1973, Wm. Mack Terry and his colleagues at the Bank of America in
San Francisco introduced the world's first matched maturity transfer
pricing system," added Dr. Donald R. van Deventer, Kamakura Chairman
and Chief Executive Officer. Over the last 35 years, the concept has
been increasingly refined and modified to incorporate the best
practice calculations embedded in KRM Version 7.0. Best practice
transfer pricing calculations would have made it clear that neither
Bear Stearns nor Lehman Brothers had more than a marginal chance of
survival when funding 30 year sub-prime mortgage loans with thirty day
borrowings. Board members can and should demand clarity of disclosure
on the total risk of an institution and the contribution of each
business unit and transaction to total risk.
... snip ...
Decade old article from SF FRB about fragility of playing short/long
mismatch
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/
other (Kamakura) references:
How Conventional CDO Analytics Missed the Mark
http://www.bobsguide.com/guide/news/2007/Dec/20/Kamakura_Releases_Study:_How_Conventional_CDO_Analytics_Missed_the_Mark.html
from above:
"Two years ago the Wall Street Journal in a page 1 story pointed out
the dangers in relying on the copula approach for CDO valuation, but
investors were slow to realize the magnitude of their model risk"
... snip ...
CDO Correlation: Reversal of Fortune; New Kamakura Study Proves Common
CDO Assumptions Can Lead to Serious Valuation Errors
http://www.marketwire.com/mw/release.do?id=811168
misc. past posts mentioning Kamakura:
https://www.garlic.com/~lynn/2007v.html#25 Newsweek article--baby boomers and computers
https://www.garlic.com/~lynn/2008.html#66 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008.html#70 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008b.html#12 Computer Science Education: Where Are the Software Engineers of Tomorrow?
https://www.garlic.com/~lynn/2008c.html#21 Toyota Sales for 2007 May Surpass GM
https://www.garlic.com/~lynn/2008c.html#87 Toyota Sales for 2007 May Surpass GM
https://www.garlic.com/~lynn/2008g.html#64 independent appraisers
https://www.garlic.com/~lynn/2008j.html#29 dollar coins
https://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
https://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
https://www.garlic.com/~lynn/2008o.html#14 Blinkylights
https://www.garlic.com/~lynn/2008o.html#27 Blinkylights
https://www.garlic.com/~lynn/2008o.html#42 The human plague
https://www.garlic.com/~lynn/2008o.html#43 The human plague
https://www.garlic.com/~lynn/2009d.html#40 Bernanke Says Regulators Must Protect Against Systemic Risks
https://www.garlic.com/~lynn/2009d.html#45 Bernanke Says Regulators Must Protect Against Systemic Risks
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Sat, 02 May 2009 07:58:50 -0400"Chris Burrows" <cfbsoftware@hotmail.com> writes:
there were cases of spaghetti code, but there were other cases where the branch logic was actually quite clear and understandable ... one problem was trying to take something that actually leveraged 4-state operations and represent it with 2-state/binary.
i've claimed in the past it was somewhat analogous in relational
over nulls and 3-value logic resulting in lots of confusion ... old
posts:
https://www.garlic.com/~lynn/2003g.html#40 How to cope with missing values - NULLS?
https://www.garlic.com/~lynn/2004f.html#2 Quote of the Week
https://www.garlic.com/~lynn/2004l.html#75 NULL
https://www.garlic.com/~lynn/2005.html#15 Amusing acronym
https://www.garlic.com/~lynn/2005b.html#17 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005i.html#35 The Worth of Verisign's Brand
https://www.garlic.com/~lynn/2005m.html#19 Implementation of boolean types
https://www.garlic.com/~lynn/2005r.html#15 Intel strikes back with a parallel x86 design
https://www.garlic.com/~lynn/2005t.html#20 So what's null then if it's not nothing?
https://www.garlic.com/~lynn/2005t.html#23 So what's null then if it's not nothing?
https://www.garlic.com/~lynn/2005t.html#33 What ever happened to Tandem and NonStop OS ?
https://www.garlic.com/~lynn/2005u.html#12 3vl 2vl and NULL
https://www.garlic.com/~lynn/2006e.html#34 CJ Date on Missing Information
https://www.garlic.com/~lynn/2006q.html#22 3 value logic. Why is SQL so special?
https://www.garlic.com/~lynn/2006q.html#23 3 value logic. Why is SQL so special?
https://www.garlic.com/~lynn/2006q.html#29 3 value logic. Why is SQL so special?
https://www.garlic.com/~lynn/2006s.html#27 Why these original FORTRAN quirks?
https://www.garlic.com/~lynn/2006x.html#21 "The Elements of Programming Style"
https://www.garlic.com/~lynn/2006x.html#30 "The Elements of Programming Style"
https://www.garlic.com/~lynn/2006y.html#1 "The Elements of Programming Style"
https://www.garlic.com/~lynn/2009c.html#34 Is the Relational Database Doomed?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Treating the Web As an Archive Date: 2 May 2009 Blog: Greater IBMre:
part of "The yin yang of financial disruption" discussion at:
https://www.ibmconnection.com/network/forums/151
Treating the Web As an Archive
http://tech.slashdot.org/article.pl?sid=09/05/02/1354255
example cited in the above is:
CONGRESS PASSES WIDE-RANGING BILL EASING BANK LAWS
http://www.nytimes.com/1999/11/05/business/congress-passes-wide-ranging-bill-easing-bank-laws.html
from above:
Senator Paul Wellstone, Democrat of Minnesota, said that Congress had
"seemed determined to unlearn the lessons from our past mistakes."
... snip ...
Note that while a decade ago, the Glass-Steagall (Pecora) hearings weren't online, they were available. A copy of the hearings were scanned by archive.org last fall at Boston Public Library and put online. I've mentioned before that I spent some time working with the OCR'ed copies of the hearings ... creating HTML files.
Also mentioned in the above article:
"The world changes, and we have to change with it," said Senator Phil
Gramm of Texas, who wrote the law that will bear his name along with
the two other main Republican sponsors, Representative Jim Leach of
Iowa and Representative Thomas J. Bliley Jr. of Virginia. "We have a
new century coming, and we have an opportunity to dominate that
century the same way we dominated this century. Glass-Steagall, in the
midst of the Great Depression, came at a time when the thinking was
that the government was the answer. In this era of economic
prosperity, we have decided that freedom is the answer."
... snip ...
25 People to Blame for the Financial Crisis; Phil Gramm
http://content.time.com/time/specials/packages/article/0,28804,1877351_1877350_1877330,00.html
from above:
He played a leading role in writing and pushing through Congress the
1999 repeal of the Depression-era Glass-Steagall Act, which separated
commercial banks from Wall Street. He also inserted a key provision
into the 2000 Commodity Futures Modernization Act that exempted
over-the-counter derivatives like credit-default swaps from regulation
by the Commodity Futures Trading Commission. Credit-default swaps took
down AIG, which has cost the U.S. $150 billion thus far.
... snip ...
from above:
Enron was a major contributor to Mr. Gramm's political campaigns, and
Mr. Gramm's wife, Wendy, served on the Enron board, which she joined
after stepping down as chairwoman of the Commodity Futures Trading
Commission.
... snip ...
Phil Gramm's Enron Favor
https://web.archive.org/web/20080711114839/http://www.villagevoice.com/2002-01-15/news/phil-gramm-s-enron-favor/
from above:
A few days after she got the ball rolling on the exemption, Wendy
Gramm resigned from the commission. Enron soon appointed her to its
board of directors, where she served on the audit committee, which
oversees the inner financial workings of the corporation. For this,
the company paid her between $915,000 and $1.85 million in stocks and
dividends, as much as $50,000 in annual salary, and $176,000 in
attendance fees, according to a report by Public Citizen
... snip ...
Greenspan Slept as Off-Books Debt Escaped Scrutiny
http://www.bloomberg.com/apps/news?pid=20601109&refer=home&sid=aYJZOB_gZi0I
from above:
That same year Greenspan, Treasury Secretary Robert Rubin and SEC
Chairman Arthur Levitt opposed an attempt by Brooksley Born, head of
the Commodity Futures Trading Commission, to study regulating
over-the-counter derivatives. In 2000, Congress passed a law keeping
them unregulated.
... snip ...
one of the articles from the period mentioned that House passed the bill ... and even before the copy of the bill was distributed in the Senate, the Senate passed it unanimously. Also Born (as chairman) must have been fairly quickly replaced by Gramm's wife (before she resigned the position to join Enron).
In the wake of ENRON, congress passed Sarbanes-Oxley, but didn't do much about the underlying problem. SOX put much of the responsibility on SEC ... but as mentioned in the Madoff hearings, SEC was quite lax in enforcement.
SOX also supposedly had SEC doing something about the rating agencies ... but there doesn't seem to have done anything but:
Report on the Role and Function of Credit Rating Agencies in the
Operation of the Securities Markets; As Required by Section 702(b) of
the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf
Possibly because GAO also didn't think SEC was doing anything, it
started doing a database of financial filings with problems (increased
something like 300% in period after SOX was passed)
https://www.gao.gov/products/gao-06-1079sp
from above:
The database consists of two files: (1) a file that lists 1,390
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
July 1, 2002, and September 30, 2005, and (2) a file that lists 396
restatement announcements that we identified as having been made
because of financial reporting fraud and/or accounting errors between
October 1, 2005, and June 30, 2006.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Board Visibility Into The Business Date: 3 May 2009 Blog: Greater IBMre:
more of "The yin yang of financial disruption" discussion at:
https://www.ibmconnection.com/network/forums/151
other references to comments "In 1973, Wm. Mack Terry and his colleagues at the Bank of America in San Francisco introduced the world's first matched maturity transfer pricing system" and neither Bear Stearns nor Lehman had more than marginal chance of survival:
Kamakura Expands Transaction-Level Views of Liquidity Risk, Credit Risk, and Market Risk
http://www.reuters.com/article/pressRelease/idUS175147+07-Jan-2008+BW20080107
from above:
Board members can and should demand clarity of disclosure on the total
risk of an institution and the contribution of each business unit and
transaction to total risk.
... snip ...
There have been periodic references about the Enron board head of the audit committee should have had awareness of what was going on there.
Kamakura Expands Risk Manager
http://www.risk-management-world.co.uk/2008_10_09_archive.html
from above:
"Similarly, Merrill Lynch and UBS both admitted that their Boards did
not have appropriate visibility on the home price risk of those
institutions, allowing the exposure to grow too large and making
appropriate hedging a shot in the dark. Modern transfer pricing
technology like that embedded in KRM version 7.0 eliminates the fog
around risk positions to give perfect visibility to the total risk of
the institution, both in aggregate and at the transaction level."
... snip ...
One could make the claim that the people in financial institutions, who had the expertise to correctly evaluate the components of (triple-A rated) toxic CDOs, where not in the loop when all the components were packaged (and bought) as toxic CDOs.
Note that the original draft of Basel II, included a new qualitative
section to compliment the traditional quantitative sections ... which
basically required top management and the board to have end-to-end
awarenesss of what went on in the business. During the Basel II review
process, much of the qualitative section was eliminated ... Basel II
reference
http://www.bis.org/publ/bcbsca.htm
there were some disparaging comments (about what was done to the Basel II qualitative section), that obviously top management and boards of financial institutions shouldn't be required to understand what goes on (just be able to go thru a set of motions).
2003 post with article about what Basel II should be able to do
https://www.garlic.com/~lynn/aepay11.htm#29 CIOs Must Be Involved In Controlling Risk In Financial Services
in congressional testimony, Bernanke was asked why Basel II wasn't
effective
https://www.garlic.com/~lynn/2008e.html#42 Banks failing to manage IT risk - study
past posts mentioning Enron board audit committee head:
https://www.garlic.com/~lynn/2009c.html#48 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#53 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#55 Who will give Citigroup the KNOCKOUT blow?
https://www.garlic.com/~lynn/2009c.html#65 is it possible that ALL banks will be nationalized?
https://www.garlic.com/~lynn/2009d.html#10 Who will Survive AIG or Derivative Counterparty Risk?
https://www.garlic.com/~lynn/2009d.html#28 I need insight on the Stock Market
https://www.garlic.com/~lynn/2009d.html#61 Quiz: Evaluate your level of Spreadsheet risk
https://www.garlic.com/~lynn/2009d.html#62 Is Wall Street World's Largest Ponzi Scheme where Madoff is Just a Poster Child?
https://www.garlic.com/~lynn/2009d.html#63 Do bonuses foster unethical conduct?
https://www.garlic.com/~lynn/2009d.html#73 Should Glass-Steagall be reinstated?
https://www.garlic.com/~lynn/2009e.html#0 What is swap in the financial market?
https://www.garlic.com/~lynn/2009e.html#13 Should we fear and hate derivatives?
https://www.garlic.com/~lynn/2009f.html#29 What is the real basis for business mess we are facing today?
https://www.garlic.com/~lynn/2009f.html#51 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009g.html#7 Just posted third article about toxic assets in a series on the current financial crisis
& some past posts mentioning Basel II:
https://www.garlic.com/~lynn/aepay11.htm#29 CIOs Must Be Involved In Controlling Risk In Financial Services
https://www.garlic.com/~lynn/aadsm25.htm#14 Sarbanes-Oxley is what you get when you don't do FC
https://www.garlic.com/~lynn/aadsm25.htm#15 Sarbanes-Oxley is what you get when you don't do FC
https://www.garlic.com/~lynn/aadsm28.htm#61 Is Basel 2 out...Basel 3 in?
https://www.garlic.com/~lynn/aadsm28.htm#63 Is Basel 2 out...Basel 3 in?
https://www.garlic.com/~lynn/aadsm28.htm#65 Would the Basel Committee's announced enhancement of Basel II Framework and other steps have prevented the current global financial crisis had they been implemented years ago?
https://www.garlic.com/~lynn/aadsm28.htm#66 Would the Basel Committee's announced enhancement of Basel II Framework and other steps have prevented the current global financial crisis had they been implemented years ago?
https://www.garlic.com/~lynn/aadsm28.htm#67 Would the Basel Committee's announced enhancement of Basel II Framework and other steps have prevented the current global financial crisis had they been implemented years ago?
https://www.garlic.com/~lynn/aadsm28.htm#70 VCs have a self-destruction gene, let's tweak it
https://www.garlic.com/~lynn/2003k.html#41 An Understanding Database Theory
https://www.garlic.com/~lynn/2006u.html#22 AOS: The next big thing in data storage
https://www.garlic.com/~lynn/2007j.html#0 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2008.html#71 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008.html#78 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008e.html#42 Banks failing to manage IT risk - study
https://www.garlic.com/~lynn/2008e.html#65 Banks failing to manage IT risk - study
https://www.garlic.com/~lynn/2008h.html#12 independent appraisers
https://www.garlic.com/~lynn/2008h.html#90 subprime write-down sweepstakes
https://www.garlic.com/~lynn/2008j.html#64 lack of information accuracy
https://www.garlic.com/~lynn/2008o.html#39 The human plague
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008r.html#4 Basel Committee outlines plans to strengthen Basel II
https://www.garlic.com/~lynn/2008r.html#51 Blinkenlights
https://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009c.html#67 How to defeat new telemarketing tactic
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Sun, 03 May 2009 11:13:45 -0400Peter Flass <Peter_Flass@Yahoo.com> writes:
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Sun, 03 May 2009 11:22:21 -0400Peter Flass <Peter_Flass@Yahoo.com> writes:
Lots of application would code an abnormal return "*+4" address ... where return was always to the same place (abnormal or normal) and then the application would have inline code that would test return code condition in a register.
misc. past posts mentioning cms svc202
https://www.garlic.com/~lynn/2002o.html#25 Early computer games
https://www.garlic.com/~lynn/2003f.html#32 Alpha performance, why?
https://www.garlic.com/~lynn/2003g.html#27 SYSPROF and the 190 disk
https://www.garlic.com/~lynn/2003l.html#4 S/360 Engineering Changes
https://www.garlic.com/~lynn/2004b.html#56 Oldest running code
https://www.garlic.com/~lynn/2004f.html#23 command line switches [Re: [REALLY OT!] Overuse of symbolic
https://www.garlic.com/~lynn/2004f.html#62 before execution does it require whole program 2 b loaded in
https://www.garlic.com/~lynn/2004f.html#64 before execution does it require whole program 2 b loaded in
https://www.garlic.com/~lynn/2004n.html#36 Shipwrecks (dynamic linking)
https://www.garlic.com/~lynn/2004p.html#22 need a firewall
https://www.garlic.com/~lynn/2004q.html#49 creat
https://www.garlic.com/~lynn/2007c.html#45 SVCs
https://www.garlic.com/~lynn/2008g.html#63 Machine-Level Assembly Language
https://www.garlic.com/~lynn/2008l.html#72 Error handling for system calls
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Future of Financial Mathematics? Date: 3 May 2009 Blog: Greater IBMre:
There is also this post in the (ibmconnection.com) yin yang of
financial disruption discussion at
https://www.ibmconnection.com/network/forums/151
also archived here:
https://www.garlic.com/~lynn/2009g.html#34 Board Visibility Into The Business
There has been a lot about using "copula" approach for CDO valuation was incorrect ... but that argument appears to be more obfuscation & misdirection.
As mentioned, there has been a lot more written about businessmen overruling risk managers and/or having the risk department fiddle the inputs until they got the desired outputs (i.e. GIGO, garbage-in, garbage-out).
Also there has been some references that the lending people in commercial banks still knew how to value the components of toxic CDOs, but with courtesy of Glass-Steagall repeal, the investment arms were now handling loan portfolios (packaged as toxic CDOs) and they had no idea what-so-ever.
in this post from the "yin yang of financial disruption" discussion:
https://www.garlic.com/~lynn/2009g.html#31 OODA-loop obfuscation
it references that the rating agencies knew that the toxic CDOs weren't worth triple-A ratings but they were giving triple-A ratings because the issuers/sellers of the toxic CDOs were paying for triple-A ratings.
the post about "Board Visibility Into The Business" references a post
from 2003 about what was Basel II suppose to accomplish (i.e. prevent
crisis like this one) ... but also references this post from last
year:
https://www.garlic.com/~lynn/2008e.html#42 Banks failing to manage IT risk - study
where Bernanke was asked in congressional testimony why Basel II didn't help (prevent the current crisis) and his reply was that numbers used in Basel II were from the rating agencies (which nearly everybody knew were open to question).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Top 10 Cybersecurity Threats for 2009, will they cause creation of highly-secure Corporate-wide Intranets? Date: 3 May 2009 Blog: Greater IBMre:
a little x-over from (facebook) Greater IBM thread
https://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors
Security experts identify 25 coding errors
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1344645,00.html
from above:
Experts release list of the top 25 most dangerous coding errors,
hoping to demand higher coding standards and secure software
development.
... snip ...
a few other articles in the same thread:
25 Most Dangerous Programming Errors Exposed
http://www.informationweek.com/news/security/management/232500683
NSA helps name most dangerous programming mistakes
http://www.infoworld.com/article/09/01/12/NSA_helps_name_most_dangerous_programming_mistakes_1.html
NSA helps name most dangerous programming mistakes
http://www.networkworld.com/news/2009/011209-nsa-helps-name-most-dangerous.html?t51hb
http://www.networkworld.com/news/2009/011209-nsa-helps-name-most-dangerous.html
NSA Helps Name Most Dangerous Programming Mistakes
http://www.pcworld.com/article/156894/nsa_helps_name_most_dangerous_programming_mistakes.html
Top 25 software screw-ups
http://www.networkworld.com/news/2009/011509-bgp.html?t51hb
http://www.networkworld.com/news/2009/011209-top-25-programming-errors.html
and some past collected threads & posts regarding buffer length
exploits
https://www.garlic.com/~lynn/subintegrity.html#overflow
oh and some specific past posts about taking CVE data and trying to
categorize/classifying exploits and suggesting to Mitre (& NIST) to
add information to the description to aid in categorizing:
https://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
https://www.garlic.com/~lynn/2005d.html#0 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005d.html#67 [Lit.] Buffer overruns
https://www.garlic.com/~lynn/2005k.html#3 Public disclosure of discovered
and for something a little bit different (from long ago and far away):
... www.nsa.gov/selinux/list-archive/0409/8362.cfm
... moved to:
https://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml
some more articles ... and comments:
Security is just broken
http://www.cio-weblog.com/50226711/security_is_just_broken.php
somewhat related
https://www.garlic.com/~lynn/2009.html#60
What's missing in security: business
https://financialcryptography.com/mt/archives/001128.html
Security issues in ubiquitous computing
http://www.lightbluetouchpaper.org/2009/01/15/security-issues-in-ubiquitous-computing/
and some comment
https://www.garlic.com/~lynn/2009.html#66
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: How did the monitor work under TOPS? Newsgroups: alt.folklore.computers Date: Sun, 03 May 2009 17:28:00 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
for the fun of it ... old email
https://www.garlic.com/~lynn/2007.html#email900618
in this post
https://www.garlic.com/~lynn/2007.html#32 V2X2 vs. Shark (SnapShot v. FlashCopy)
which talks about getting Kerberos source from MIT (project athena) and providing it to Austin (for 6000 aix) and also providing it to the aix/370 group.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What's your personal confidence level concerning financial market recovery? Date: 4 May, 2009 Blog: Greater IBMre:
The Crash Of 2008: A Mathematician's View
http://www.sciencedaily.com/releases/2008/12/081208203915.htm
The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php
from above:
Markets need regulation to stay stable. We have had thirty
years of financial deregulation. Now we are seeing chickens coming
home to roost. This is the key argument of Professor Nick Bingham, a
mathematician at Imperial College London, in an article published
today in Significance, the magazine of the Royal Statistical Society.
There is no such thing as laying off risk if no one is able to insure
it. Big new risks were taken in extending mortgages to far more people
than could handle them, in the search for new markets and new
profits. Attempts to insure these by securitisation -- aptly described
in this case as putting good and bad risks into a blender and selling
off the results to whoever would buy them -- gave us toxic debt, in
vast quantities.
... snip ...
in this previously mentioned post ... there is some mention of Basel
II and what role it should have played in preventing the current
crisis:
https://www.garlic.com/~lynn/2009g.html#34 Board Visibility Into The Business
past posts mentioning "the crash of 2008" article:
https://www.garlic.com/~lynn/2008r.html#58 Blinkenlights
https://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
https://www.garlic.com/~lynn/2008r.html#67 What is securitization and why are people wary of it ?
https://www.garlic.com/~lynn/2008s.html#5 Greed - If greed was the cause of the global meltdown then why does the biz community appoint those who so easily succumb to its temptations?
https://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
https://www.garlic.com/~lynn/2008s.html#18 What next? from where would the Banks be hit?
https://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
https://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
https://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
https://www.garlic.com/~lynn/2009.html#15 What are the challenges in risk analytics post financial crisis?
https://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?
https://www.garlic.com/~lynn/2009b.html#37 A great article was posted in another BI group: "To H*** with Business Intelligence: 40 Percent of Execs Trust Gut"
https://www.garlic.com/~lynn/2009b.html#53 Credit & Risk Management ... go Simple ?
https://www.garlic.com/~lynn/2009b.html#54 In your opinion, which facts caused the global crise situation?
https://www.garlic.com/~lynn/2009b.html#80 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#39 'WHO IS RESPONSIBLE FOR THE GLOBAL MELTDOWN'
https://www.garlic.com/~lynn/2009c.html#42 How to defeat new telemarketing tactic
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Storing MIT-Kerberos authentication data in an LDAP backend Date: 4 May, 2009 Blog: Greater IBMStoring MIT-Kerberos authentication data in an LDAP backend
old email about making kerberos source available to internal
development groups:
https://www.garlic.com/~lynn/2007.html#email900618
lots of past posts mentioning kerberos and/or kerberos pk-init
https://www.garlic.com/~lynn/subpubkey.html#kerberos
some of LDAP was re-action to original x.50x, at sigmod conference in early 90s ... somebody asked what it was all about ... and the reply was a bunch of networking engineers attempting to re-invent 1960s database technolgy.
my rfc index
https://www.garlic.com/~lynn/rfcietff.htm
in RFCs listed by section, click on Term (term->RFC#) and then
scroll down to "kerberos"
kerberos
see also authentication , generic security service , security
5387 5349 5179 5021 4757 4752 4559 4557 4556 4537 4430 4402 4121 4120
3962 3961 3244 3129 2942 2712 2623 1964 1510 1411
clicking on RFC number will bring up RFC summary in lower frame,
clicking on the ".txt=nnn" field (in a summary) fetches the actual RFC
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Microsoft challenges IBM to Websphere duel Date: 5 May, 2009 Blog: Greater IBMMicrosoft challenges IBM to Websphere duel
from above:
Microsoft is trying to get under IBM's skin with some benchmarks run
in its Redmond labs using Big Blue's own Java-based test, Trade, and a
variant of it ported to C#, which Microsoft calls .NET
StockTrader. But as Microsoft throws down the benchmarking gauntlet,
IBM is ignoring the calls for a WebSphere duel at the Middleware
Corral.
... snip ...
Lots of past posts about having come up with 3-tier architecture and
out pitching to customer execs and taking all sorts of heat from the
T/R and SAA crowds
https://www.garlic.com/~lynn/subnetwork.html#3tier
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Tue, 05 May 2009 08:26:53 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
similar thread from a couple yrs ago ... with some examples:
https://www.garlic.com/~lynn/2006p.html#4 Greatest Software Ever Written?
misc. other posts in that thread:
https://www.garlic.com/~lynn/2006o.html#56 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006o.html#57 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006o.html#58 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006o.html#60 Greatest Software?
https://www.garlic.com/~lynn/2006o.html#62 Greatest Software, System R
https://www.garlic.com/~lynn/2006o.html#63 Greatest Software, System R
https://www.garlic.com/~lynn/2006p.html#1 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006p.html#28 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006p.html#29 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006p.html#30 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006q.html#14 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006r.html#1 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006r.html#17 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006r.html#19 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006r.html#28 Greatest Software Ever Written?
https://www.garlic.com/~lynn/2006s.html#6 Greatest Software Ever Written?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What TARP means for the future of executive pay Date: 5 May, 2009 Blog: Greater IBMWhat TARP means for the future of executive pay
from above:
Although TARP companies now must comply with new and significant
restrictions on executive compensation, our focus is on the potential
impact of the legislation on the broader universe of companies.
... snip ...
last year there was article claiming that ratio of executive compensation to worker compensation had exploded to 400:1 after having been 20:1 for a long time and 10:1 in much of the rest of the world.
some amount of evidence is that risky behavior includes fiddling SEC financial filings to boost compensation ... and then later possibly refiling ... but increased compensation is not forfeited (might represent some downside to the institution, but little effect on the individual). last fall there was a study of some 270 institutions that redid their executive compensation plans to better align with the interests of the corporation (after having problems with executives personal interest not aligned with institutional interest)
misc. recent posts mentioning 400:1 ratio:
https://www.garlic.com/~lynn/2009.html#50 Greed Is
https://www.garlic.com/~lynn/2009.html#80 Are reckless risks a natural fallout of "excessive" executive compensation ?
https://www.garlic.com/~lynn/2009b.html#25 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#41 The subject is authoritarian tendencies in corporate management, and how they are related to political culture
https://www.garlic.com/~lynn/2009d.html#3 Congress Set to Approve Pay Cap of $500,000
https://www.garlic.com/~lynn/2009e.html#73 Most 'leaders' do not 'lead' and the majority of 'managers' do not 'manage'. Why is this?
https://www.garlic.com/~lynn/2009f.html#2 CEO pay sinks - Wall Street Journal/Hay Group survey results just released
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Netbooks: A terminal by any other name Date: 5 May, 2009 Blog: Greater IBMNetbooks: A terminal by any other name
from above:
One thing that the Vaio had, though, was a completely usable
keyboard. The current crop of netbooks seem to have some significant
problems in that regard. Perhaps the most usable keyboard I've seen on
a recent netbook was the 10-inch Eee.
... snip ...
I've had terminal at home since March 1970 ... starting with a AJ(?)
"portable" 2741 (two large 40lb suitcases). Which was replaced with a
"real" 2741 after a month or so. I'm still looking for pictures of
2741 ... but have pictures of the miniterm that replaced the 2741
... which was then replaced with a 3101 ... and finally an ibm/pc
... some old pictures
https://www.garlic.com/~lynn/lhwemail.html#oldpicts
The univ. had 2741s that they got with 360/67 to go with tss/360. tss/360 never took off and the 360/67 spent most of its time running as a 360/65 with os/360. As undergraduate in the 60s, I did get to play some with (virtual machine) cp67 on the weekends. The univ. got some ascii/TTY terminals and I did the design and coding to add tty terminal support to cp67.
cp67 native support would dynamically figure out whether it was dealing with a 1052 or 2741. when I went to add tty support, I wanted to be able to preserve the dynamic identification ... in theory could have a common ("rotary") base phone number of all terminals. The dynamic identification worked correctly ... but being able to dynamically use any terminal on any port ran into a short-coming in the 2702 telecommunication controller.
that was part of the motivation of the univ. to start a clone controller project, reverse engineer the channel interface and build a channel interface board that went into (initially) interdata/3, programmed to eliminate 2702. four of us got written up for being responsible for clone controller business. The interdata/3 was upgraded to interdata/4 (for handling channel interface) in a "cluster" with multiple interdata/3s supporting port/line-scanner interface.
interdata was eventually bought by perkin/elmer and the product continued to be sold under the perkin/elmer brand (ran into somebody in the 90s, who claimed that the channel interface board in the product may still have been the original design from the 60s).
misc. old posts mentioning working on clone controller project as
undergraduate
https://www.garlic.com/~lynn/submain.html#360pcm
re: columbia 2741 picture; I've referenced it many times ... what i'm
looking for is a picture of my 2741. I've posted pictures of my other
terminals at home ... some of the terminal pictures show my IBM
tie-line phone ... rotary phone in this picture (along with a compact
microfiche viewer)
https://www.garlic.com/~lynn/miniterm.jpg
this picture of my (personal) pc (used as home terminal) ... the IBM
tie-line phone had been upgraded to push-button
https://www.garlic.com/~lynn/homepc.jpg
2741 had no flat surface to lay paper. science center had formica covered plywood pieces that fit on the edge of the surface surrounding the typewriter housing of the 2741 ... and provided flat surface for paper (which for some reason sat in the garage a long time after I no longer had a 2741) ... it also provided surface in the back for tray for fan-fold paper to feed the 2741. I typically had the tray ... but actually had box of fan-fold paper on the floor behind the 2741 ... that fed thru the space on the bottom part of the tray ... and printed output collected on the top part of the tray.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: What's your personal confidence level concerning financial market recovery? Date: 5 May, 2009 Blog: Greater IBMre:
one of the analysis in the wake of the S&L crisis was that in a heavily regulated environment ... there is very little natural selection for people that understand what they are doing ... just selection for people that are able to go through the prescribed processes day after day. The issue is that when regulations are relaxed ... there can be a large group of people that are at a loss to know what to do (since they weren't originally selected for knowing what they are doing). They are also vulnerable to being preyed on by others.
this was somewhat raised with regard to most of the qualitative
section in original Basel II draft being eliminated (not measuring
that people know what they are doing ... just that they are able to go
through the prescribed motions) ... recent references
https://www.garlic.com/~lynn/2009g.html#34 Board Visibility Into The Business
https://www.garlic.com/~lynn/2009g.html#37 Future of Financial Mathematics
the other facet is that there have been lots of hotspots of greed and corruption but were somewhat kept under control with various regulations and controls ... relaxing those controls allowed the individual hotspots of greed and corruption to combine together into economic firestorm.
misc. recent posts/threads mentioning the economic firestorm metaphor:
https://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009b.html#1 Are Both The U.S. & UK on the brink of debt disaster?
https://www.garlic.com/~lynn/2009b.html#30 The recently revealed excesses of John Thain, the former CEO of Merrill Lynch, while the firm was receiving $25 Billion in TARP funds makes me sick
https://www.garlic.com/~lynn/2009b.html#53 Credit & Risk Management ... go Simple ?
https://www.garlic.com/~lynn/2009b.html#79 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009b.html#80 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#32 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#39 'WHO IS RESPONSIBLE FOR THE GLOBAL MELTDOWN'
https://www.garlic.com/~lynn/2009c.html#51 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009f.html#43 On whom or what would you place the blame for the sub-prime crisis?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: You're Fired -- but Stay in Touch Date: 5 May, 2009 Blog: Greater IBMYou're Fired -- but Stay in Touch
They did this article (if you are registered, it is on the front page,
if not I have copy here):
https://www.garlic.com/~lynn/ibmconnect.html
of course, I had gotten blamed for online computer conferencing on the
internal network in the late 70s and early 80s ... misc. past posts
mentioning the internal network (larger than the arpanet/internet from
just about the beginning until sometime late '85 or early '86)
https://www.garlic.com/~lynn/subnetwork.html#internalnet
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Inventor: SSL security woes are really the fault of browser design Date: 5 May, 2009 Blog: Information Security NetworkInventor: SSL security woes are really the fault of browser design
from above:
In a recent interview at the RSA Conference, Elgamal explained how SSL
man-in-the-middle attacks and the interception of session cookies are
really related to browser design. The most revealing information from
the interview came from Elgamal's response to the question: Would you
have done things differently, with the knowledge of the security
landscape as it is today?
... snip ...
We had been brought in to consult with small client/server startup
that wanted to do payment transactions on their server ... and they
had invented this technology called SSL they wanted to use. They had
two people in charge of something called "commerce server", who we had
worked with in prior life ... reference in this post about meeting
from jan92
https://www.garlic.com/~lynn/95.html#13
as part of the effort, we had to look at the "end-to-end" business
processes ... including these new things calling themselves
certification authorities. Part of the effort including something
called a payment gateway ... some past references
https://www.garlic.com/~lynn/subnetwork.html#gateway
which handled SSL payment transactions between webservers and the gateway (that acted as middleman between the internet and financial payment network).
A big part of the justification for SSL was making sure that the webserver the user thought they were talking to ... was, in fact, the webserver they were talking to (countermeasure to things like man-in-the-middle attacks). Part of the ground-rules was that the user understood the relationship between URL they entered into the browser and the webserver that the browser was talking to (using SSL).
Almost immediately, several of the basic security ground-rules related to SSL use were violated. Part of this was merchant webservers found that use of SSL cut their throughput by 85-95%. As a result, they dropped back to just using SSL for check-out/paying (with a URL provided by the "unauthenticated" webserver, typically with a check-out/pay button). No longer was the initial webserver connection being validated ... so the user could not really be sure there wasn't some sort of compromise. The pay/checkout button was typically providing the SSL URL (not the user) ... so instead of
1) SSL making sure that the webserver that the user thought they were talking to, was the webserver that they were talking to.
2) SSL was making sure that the webserver was the webserver that it claimed to be (by the SSL URL provided by webserver)
This isn't solely an attribute of the browser design ... but the whole way that URLs are handled and whether they are provided by the user ... or provided by (possibly unauthenticated) webservers on the network.
misc. past posts mentioning SSL and/or SSL digital certificates
https://www.garlic.com/~lynn/subpubkey.html#sslcert
The other issue that is in question was the whole PKI & digital certificate model.
Part of the justification for SSL was things like man-in-the-middle attacks and related questions about the integrity of the domain name infrastructure.
Web merchants applied to Certification Authorities for a digital
certificate that certified they were the owner of the corresponding
domain name/URL. The certification authorities then had to cross-check
the supplied documentation from the applicant with the authoritative
agency for domain name ownership ... aka the domain name
infrastructure (which has integrity issues that motivates requirement
for having SSL digital certificates). There are proposals backed by
the certification authority industry to improve the integrity of the
domain name infrastructure (because certification authorities have to
rely on that integrity when doing verification as part of certifying
information for SSL digital certificates). That represents a catch-22
for the industry, since improving the integrity of the domain name
infrastructure also lessens the original motivation for having SSL
digital certificates ... misc. past posts mentioning catch-22 bind for
the SSL digital certificate industry
https://www.garlic.com/~lynn/subpubkey.html#catch22
Basically PKI digital certificates are the electronic analog of letters of credit/introduction for first time communication between two strangers. The browser validates that the URL it uses to contact the webserver corresponds with the URL in the SSL digital certificate supplied by the webserver.
As mentioned this can be subverted at many points. It turns out in the
SSL connection between the webserver and the payment gateway ... we
required that SSL implementation support mutual authentication (which
didn't exist originally). The information about the payment gateway
was registered with each webserver and information about each
(authorized) webserver was registered at the payment gateway. This
resulted in the digital certificates being redundant and superfluous (from
a paradigm standpoint, it wasn't first time communication between two
strangers). The resulting use of digital certificates still being
used, was then an artificial side-effect of the SSL software library
that was used. However, since the business process was dependent on
having existing registered information for both parties, it wasn't
vulnerable to the PKI/certificate vulnerabilities that exist in many
browser/webserver interactions. Misc. past posts mentioning digital
certificates are redundant and superfluous in situations that aren't
first time communication between two parties where they have no other
mechanism to obtain information about each other.
https://www.garlic.com/~lynn/subpubkey.html#certless
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Tue, 05 May 2009 18:44:39 -0400Larry__Weiss <lfw@airmail.net> writes:
this is a URL for description ... but says that documents are now
available online for a "fee"
http://www.research.ibm.com/journal/rd/261/ibmrd2601B.pdf
google has a HTML flavor:
http://74.125.95.132/search?q=cache:YUMSgUFLs1UJ:www.research.ibm.com/journal/rd/261/ibmrd2601B.pdf+pageable+microcode+ibm+3081&cd=4&hl=en&ct=clnk&gl=us&lr=lang_en
we effectively did load custom instructions into microcode starting with
138/148 for virtual machine microcode assist. entry/mid-range 370s (and
many 360s) were microcode ... tended to avg. about 10 microcode
instructions per 370 instruction. criteria we were given was that there
was 6k bytes of loadable microcode space for our use. the idea was
to design new instructions that moved the highest used portion of
the vm370 kernel into native microcode (getting approx 10:1 thruput
improvement for those pathlengths). old post given some of the
measurement effort to identify 6k bytes highest executed kernel
pathlengths (there being approx same number of bytes in microcode
instructions as in 370 kernel instructions)
https://www.garlic.com/~lynn/94.html#21 370 ECPS VM microcode assist
for other topic drift ... the company had a whole lot of different,
custom developed microprocessors used in a wide range of different
projects. In the late 70s, there was an effort to converge majority of
these microprocessors to 801/risc (Iliad) processor. misc. past posts
mentioning 801/risc, Iliad, ROMP, RIOS, power/pc, etc
https://www.garlic.com/~lynn/subtopic.html#801
and old email mentioning various 801 related things
https://www.garlic.com/~lynn/lhwemail.html#801
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@xxxxxxxx> Date: Tue, 05 May 2009 17:06:10 -0400 Subject: Has any public CA ever had their certificate revoked? MailingList: cryptographyOn 05/05/09 14:01, wrote:
we've periodically commented that there may be some cognitive dissonance because both terms contain the word "signature".
slightly related pontification
https://www.garlic.com/~lynn/2009g.html#48
regarding this recent article mentioning SSL
Inventor: SSL security woes are really the fault of browser design
http://www.fiercecio.com/techwatch/story/inventor-ssl-security-woes-really-fault-browser-design/2009-05-05
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Thu, 07 May 2009 07:58:02 -0400cstacy@news.dtpq.com (Christopher C. Stacy) writes:
related to reference about converging to 801/risc for internal corporate
microprocessors ... old email about attempts made to obtain 801/risc for
lisp machine ... but being offered 8100 instead:
https://www.garlic.com/~lynn/2006c.html#email790711
in this post
https://www.garlic.com/~lynn/2006c.html#3 Architectural support for programming languages
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Future of Financial Mathematics? Date: 7 May, 2009 Blog: Greater IBMrelated to past comments that neither Bear-Stearns nor Lehman had more than marginal chance of surviving playing long-short mismatch ... related to "Future of Financial Mathematics" news article discussion and recent Kamakura references
recent article ...
Barney Frank Backs Off
http://www.forbes.com/2009/05/04/barney-frank-defers-opinions-contributors-regulation.html
from above:
The crisis did not begin when Lehman failed; it began in the summer of
2007 with the markets' sudden realization that the triple-A ratings on
asset-backed securities were not accurate.
... snip ...
with something like $27T of this stuff out there ... being bought up by people that didn't really know what they were buying/doing ... just going through the motions and relying on the rating agencies for the numbers that they were to plug in to the process that they went through.
All of a sudden, it was an Emperor's New Clothes "moment" ... when the community had to face the fact that it was possible to pay the rating agencies for a rating ... and they had no real idea what they were dealing in.
Some of this is all those playing "long/short" mismatch ... borrowing with 30day paper to fund buying 30yr ARM mortgages (as mortgage-backed, triple-A rated, toxic CDOs), and finding their market for 30day paper had dried up ... a situation that has been known for centuries to take down institutions.
also from article
The resulting loss of confidence in ratings was a powerful external
shock to the market, causing a collapse in trading of all asset-backed
securities. That market is still frozen, and the Fed's efforts to
revive it through TALF have not borne fruit.
... snip ...
Part of the point was that Lehman's failure was a symptom of the credit market freezing ... not the cause.
One of the items in the article mentions that the current crisis is not quite as pervasive as the 1930s ... however in some ways it is actually more pervasive. The 1930s was a result of the speculation in the stock market (relying on brokers' loans as source of funds). The current situation is the speculation in the home & real estate market (using things like no-documentation, no-down, 1% interest only payment ARMs from unregulated non-depository lenders ... which relied on selling off the loans as triple-A rated, toxic CDOs to the tune of $27T as source of funds).
In the current crisis ... there is the collapse of the real-estate market (because of speculation bubble collapsing), the freeze up in the credit market (because of the Emperor's New Clothes "moment"), and all the institutions holding that $27T in securitized, triple-A rated, toxic CDOs (and not having any idea what it is really worth).
It is possible to argue about what exactly that $27T is worth ... but it is not possible to argue that it is actually worth $27T ... with recent stories like 1/5th of mortgages under water and property values resetting to where they started in the early part of this decade (before all the speculation frenzy).
The article refers to regulation need and interconnection of the financial market. The simpler view is that loans had been relatively straight-forward handled by loan departments of regulated financial institutions who had incentive and experience to correctly value loans. The current scenario is the obfuscation and lack of visibility of lending by unregulated non-depository institutions with no motivation for paying attention to loan quality.
The circuitous route of the transactions allowed individuals to extract huge fees, commissions and bonuses w/o actually having to understand the underlying characteristics of the instruments they were dealing in. (a lot of the triple-A rated, toxic CDOs finding their way to the books of regulated depository institutions that were traditionally source of loans).
misc. past posts mentioning the Emperor's New Clothes metaphor
https://www.garlic.com/~lynn/2009b.html#8
https://www.garlic.com/~lynn/2009b.html#65
https://www.garlic.com/~lynn/2009f.html#31
https://www.garlic.com/~lynn/2009f.html#35
even at the time, the circuitous transactions weren't that really hard to follow ... but ...
DARPA to develop anti-Credit Crunch software
http://www.theregister.co.uk/2009/05/07/darpa_vs_credit_crunch/
from above:
"Complex interdependent systems and networks" might as easily describe
global financial markets, and DARPA's desired new calculus might -
when assessing the "survivability" of balance sheets based on complex
derivative bits of paper - be quite a handy thing to have.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: We Can't Subsidize the Banks Forever Date: 7 May, 2009 Blog: Greater IBMWe Can't Subsidize the Banks Forever
from above:
For example, the first quarter's unemployment rate of 8.1% is higher
than the regulators' "worst case" scenario of 7.9% for this same
period. At the rate of job losses in the U.S. today, we will surpass a
10.3% unemployment rate this year -- the stress test's worst possible
scenario for 2010.
... snip ...
Statement of Sheila C. Bair Chairman, Federal Deposit Insurance
Corporation on Regulating and Resolving Institutions Considered Too
Big To Fail; before the Committee on Banking, Housing and Urban
Affairs, U.S. Senate; Room 538, Dirksen Senate Office Building
http://www.fdic.gov/news/news/speeches/chairman/spmay0609.html
from above:
Indeed many of these concepts were inherent in the Basel II Advanced
Approaches, resulting in reduced capital requirements. In hindsight,
it is now clear that the international regulatory community
over-estimated the risk mitigation benefits of diversification and
risk management when they set minimum regulatory capital requirements
for large, complex financial institutions.
Notwithstanding expectations and industry projections for gains in
financial efficiency, the academic evidence suggests that benefits
from economies of scale are exhausted at levels far below the size of
today's largest financial institutions. Also, efforts designed to
realize economies of scope have not lived up to their promise. In some
instances, the complex institutional combinations permitted by the
Gramm-Leach-Bliley (GLB) Act were unwound because they failed to
realize anticipated economies of scope. Studies that assess the
benefits produced by increased scale and scope find that most banks
could improve their cost efficiency more by concentrating their
efforts on improving core operational efficiency.
.... snip ...
Much of the G-L-B act was the repeal of Glass-Steagall
As referenced in recent comment in "Future of Financial Mathematics" thread https://www.garlic.com/~lynn/2009g.html#52 Future of Financial Mathematics?
.... a lot of it was result of circuitous set of transactions starting with loans by (mostly) unregulated non-depository institutions using securitization (triple-A rated, toxic CDOs) as source of funds for loans (to the tune of $27T), which also eliminated their motivation to pay any attention to loan quality. Finally ending up with lots of regulated depository institutions (traditionally source of loans) ending up with all those triple-A rated toxic CDOs on their books. Along the circuitous route, there were individuals taking enormous fees, commissions and bonuses out of the infrastructure (possible to use the stock portfolio transaction churn as an analogy why so much of the industry became involved).
Slightly different view regarding Basel II ... was Bernanke's response in congressional testimony in 2008 to a question why Basel II didn't prevent the current crisis (i.e. Basel II calculations were also using the information provided by the rating agencies ... see "Future of Financial Mathematics" reference regarding the Emperor's New Clothes "moment" with regard to the rating agencies)
... old post from Feb2008 (and Bernanke's comment about Basel II
calculations using values from rating agencies)
https://www.garlic.com/~lynn/2008e.html#42 Banks failing to manage IT risk - study
misc. recent posts mentioning Basel II
https://www.garlic.com/~lynn/2008.html#71 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008.html#78 As Expected, Ford Falls From 2nd Place in U.S. Sales
https://www.garlic.com/~lynn/2008e.html#42 Banks failing to manage IT risk - study
https://www.garlic.com/~lynn/2008e.html#65 Banks failing to manage IT risk - study
https://www.garlic.com/~lynn/2008h.html#12 independent appraisers
https://www.garlic.com/~lynn/2008h.html#90 subprime write-down sweepstakes
https://www.garlic.com/~lynn/2008j.html#64 lack of information accuracy
https://www.garlic.com/~lynn/2008o.html#39 The human plague
https://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
https://www.garlic.com/~lynn/2008r.html#4 Basel Committee outlines plans to strengthen Basel II
https://www.garlic.com/~lynn/2008r.html#51 Blinkenlights
https://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
https://www.garlic.com/~lynn/2009c.html#67 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009g.html#34 Board Visibility Into The Business
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Windowed Interfaces 1981-2009 Newsgroups: alt.folklore.computers Date: Thu, 07 May 2009 11:07:34 -0400"Charlie Gibbs" <cgibbs@kltpzyxm.invalid> writes:
One of the things I mentioned to them is being annoyed by the internet/web waiting, whenever clicking on URLs ... and having started using background tabs ... some of this coming from having done a lot of work on subsecond system response in the 70s.
for a little topic drift ... recent post about browser security news
item from interview of the SSL inventor:
https://www.garlic.com/~lynn/2009g.html#48 Inventor: SSL security woes are really the fault of browser design
misc. past posts mentioning use of background tab browsing
https://www.garlic.com/~lynn/2005e.html#50 Mozilla v Firefox
https://www.garlic.com/~lynn/2005n.html#8 big endian vs. little endian, why?
https://www.garlic.com/~lynn/2005n.html#41 Moz 1.8 performance dramatically improved
https://www.garlic.com/~lynn/2005o.html#13 RFC 2616 change proposal to increase speed
https://www.garlic.com/~lynn/2006d.html#28 Caller ID "spoofing"
https://www.garlic.com/~lynn/2006q.html#51 Intel abandons USEnet news
https://www.garlic.com/~lynn/2007m.html#8 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2008b.html#32 Tap and faucet and spellcheckers
https://www.garlic.com/~lynn/2008b.html#35 Tap and faucet and spellcheckers
https://www.garlic.com/~lynn/2008h.html#10 What would be a future of technical blogs ? I am wondering what kind of services readers except to get from a technical blog in next 10 years
https://www.garlic.com/~lynn/2008k.html#67 Intel: an expensive many-core future is ahead of us
https://www.garlic.com/~lynn/2008l.html#31 Authentication in the e-tailer / payment gateway / customer triangle
https://www.garlic.com/~lynn/2008l.html#32 Authentication in the e-tailer / payment gateway / customer triangle
https://www.garlic.com/~lynn/2008p.html#29 How were you using the internet 10 years ago and how does that differ from how you use it today?
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Thu, 07 May 2009 13:10:31 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
the referenced topic (website now starting to charge for articles ... but they still are available for free via google) has also been recently getting some amount of play in postings on the ibm-main mailing list (also gatewayed to usenet as bit.listserv.ibm-main).
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Thu, 07 May 2009 17:02:56 -0400Charles Richmond <frizzle@tx.rr.com> writes:
later at exit interview ... I was told that they could have forgiven me for being wrong, but they never would forgive me for being right.
past references:
https://www.garlic.com/~lynn/2002k.html#61 arrogance metrics (Benoits) was: general networking
https://www.garlic.com/~lynn/2002q.html#16 cost of crossing kernel/user boundary
https://www.garlic.com/~lynn/2003i.html#71 Offshore IT
https://www.garlic.com/~lynn/2004k.html#14 I am an ageing techy, expert on everything. Let me explain the
https://www.garlic.com/~lynn/2007.html#26 MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
https://www.garlic.com/~lynn/2007e.html#48 time spent/day on a computer
https://www.garlic.com/~lynn/2007k.html#3 IBM Unionization
https://www.garlic.com/~lynn/2007r.html#6 The history of Structure capabilities
https://www.garlic.com/~lynn/2008c.html#34 was: 1975 movie "Three Days of the Condor" tech stuff
https://www.garlic.com/~lynn/2008m.html#30 Taxes
https://www.garlic.com/~lynn/2008m.html#41 IBM--disposition of clock business
https://www.garlic.com/~lynn/2009e.html#27 Microminiaturized Modules
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: LexisNexis says its data was used by fraudsters Date: 8 May, 2009 Blog: Financial Crime Risk, Fraud and SecurityLexisNexis says its data was used by fraudsters
from above:
LexisNexis acknowledged Friday that criminals used its information
retrieval service for more than three years to gather data that was
used to commit credit card fraud.
... snip ...
We had been tangentially involved with the ca. state breach notification law. We had been brought in to help wordsmith the ca. electronic signature legislation and several of the institutions involved were also heavily involved with privacy issues and had done indepth consumer surveys about privacy issues. they found the number one (privacy) issue was identity theft and a major form of identity theft were breaches were information acquired was used to perform fraudulent financial transactions (account fraud) and there was little or nothing being done about the cases. There seemed to be some hope that the (breach notification) publicity would motivate corrective action..
Some number of agencies have had efforts to differentiate various forms of identity theft like account fraud (fraudulent transactions against existing accounts) from other forms of identity theft.
There have been some articles written accusing financial institutions making profit off of account fraud (with interchange fees being much higher for transactions that have higher fraud rates). These articles conjecture that if there was a serious effort to eliminate account fraud type of identity theft ... it could shift the crooks effort to the kind of identity theft involving opening new accounts. This form of identity theft becomes purely a financial institution liability (including getting into various gov. "know your customer" mandates) ... as opposed to something that can be laid off against merchants using interchange fees.
We had been brought in to consult with small client/server startup
that wanted to do payment transactions on their server ... they had
also invented this technology called SSL they wanted to use. The
result is frequently now called electronic commerce. Somewhat as a
result, in the mid-90s we were asked to participate in the x9a10
financial standard working group which had been given the requirement
to preserve the integrity of the financial infrastructure for ALL
retail payments. Part of this involved detailed, end-to-end threat &
vulnerability studies of wide variety of different kinds of retail
payments. Part of the study identified the extreme (account fraud)
threat that information from existing transactions represented and the
millions of places around the world where such information was
exposed. The result was x9.59 financial transaction standard
https://www.garlic.com/~lynn/x959.html#x959
X9.59 didn't do anything about preventing the leakage of information from existing transactions, what X9.59 did was slightly tweak the paradigm and eliminated the usefulness of the information to crooks for the purposes of account fraud.
Now, the major use of SSL in the world today is for this earlier effort (now called electronic commerce) to hide payment transaction information. A side effect of x9.59 eliminates the need to hide that information ... and therefor also eliminates the major use of SSL in the world today.
oh, a little SSL x-over from item in (linkedin) Information Security Network
Inventor: SSL security woes are really the fault of browser design
http://www.fiercecio.com/techwatch/story/inventor-ssl-security-woes-really-fault-browser-design/2009-05-05
comments also archived here:
https://www.garlic.com/~lynn/2009g.html#48
also raised in crypto mailing list thread "Has any public CA ever had
their certificate revoked?", also archived here
https://www.garlic.com/~lynn/2009g.html#50
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Fri, 08 May 2009 13:38:57 -0400Charles Richmond <frizzle@tx.rr.com> writes:
As part of improving problem determination ... I started adding a half-word unique failure code following the SVC0 instruction (since execution never return to that location). This was institutionalized in vm370 and the unique codes documented in the vm370 "messages & codes" manual.
later when I was doing dumprx (problem determination facility
implemented in rexx) ... misc. past posts:
https://www.garlic.com/~lynn/submain.html#dumprx
I reformated a softcopy of the vm370 "messages & codes" manual so the code could be directly looked up (and included it as part of dumprx).
I also started a library of executable procedures that would (automatically) examine storage for signatures of known/common failure modes.
URL for current cp messages & codes manual:
http://publib.boulder.ibm.com/infocenter/zvm/v5r3/topic/com.ibm.zvm.v53.hcpw0/hcsb4b21.htm
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: We Can't Subsidize the Banks Forever Date: 8 May, 2009 Blog: Greater IBMre:
A couple years ago, I had opportunity to examine a periodic report that compared detailed financial & operational statistics of regional financial institutions against national institutions (avg. values for 20 regional institutions compared to avg. values for 10 national institutions). There was no analysis ... just raw data ... 60 items per page ... one column for regional, one column for national ... couple hundred pages.
The regional & national profiles were effectively identical for all items ... except regionals had higher profit margin than nationals (which seemed to imply that larger national institutions were less efficient in some manner).
After examining the report for 15-30 minutes ... the only significant item that was different between regional and national was for some (unexplained) reason, regional institutions had higher percentage of electronic transactions.
The cost to process an electronic transaction is less than the cost to process a non-electronic transaction (and the processing costs for the different kinds of transactions are effectively the same for both regional and national) ... the difference was that regionals had higher percentage of electronic transactions ... which lowered their aggregate processing costs.
a couple past posts mentioning the above:
https://www.garlic.com/~lynn/2007e.html#65 Securing financial transactions a high priority for 2007
https://www.garlic.com/~lynn/2008p.html#25 How do group members think the US payments business will evolve over the next 3 years?
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Old-school programming techniques you probably don't miss Newsgroups: alt.folklore.computers Date: Fri, 08 May 2009 16:36:49 -0400"Charlie Gibbs" <cgibbs@kltpzyxm.invalid> writes:
when we were doing ha/cmp ... some amount of it was specifically about
looking for all the things that couldn't happen.
https://www.garlic.com/~lynn/subtopic.html#hacmp
there was some activity to call it ha/6000 (instead of ha/cmp) ... but i
kept referring to it as ha/cmp because of all the work I was doing on
cluster scale-up ... even before medusa ("cluster-in-a-rack", specific
physical packaging effort to crame more into smaller footprint) ... old
email referring to medusa
https://www.garlic.com/~lynn/lhwemail.html#medusa
then ... not long after this mentioned jan92 meeting
https://www.garlic.com/~lynn/95.html#13
... the effort was transferred and we were told we weren't to work on
anything with more than four processors. however, even tho it wasn't
suppose to involve more than four processors, the momentium referring to
it as ha/cmp continued. current product reference:
http://www-03.ibm.com/systems/power/software/availability/aix/index.html
earlier email related to 801/risc based clusters ... having to
decide between a NSF (NSFNET) meeting in washington with the head
of NSF and a 801/risc cluster meeting in YKT
https://www.garlic.com/~lynn/2007d.html#email850315
in this post
https://www.garlic.com/~lynn/2007d.html#47 Is computer history taugh now?
above refers to this earlier 801/risc email
https://www.garlic.com/~lynn/2007c.html#email841015
https://www.garlic.com/~lynn/2007c.html#email841016
in this post
https://www.garlic.com/~lynn/2007c.html#50 How many 36-bit Unix ports in the old days?
other 801/risc related old email
https://www.garlic.com/~lynn/lhwemail.html#801
other NSFNET related old email
https://www.garlic.com/~lynn/lhwemail.html#nsfnet
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Prosecute Bank Execs Date: 9 May, 2009 Blog: Greater IBManother take on how triple-A rated toxic CDOs could be used to fuel bonuses
Prosecute Bank Execs
http://www.forbes.com/2009/05/07/bank-earnings-chanos-markets-equity-wall-street.html
from above:
In effect, by booking assets at a higher price than the market would
offer, the banks reported earnings that never existed, he argued. The
earnings wound up in the bonus pool and were then paid out. "There's
no doubt in my mind that this is fraud," he said. "This was the
bezzle," he added, using the late economist John Kenneth Galbraith's
term for the hidden embezzled inventory that piles up in boom times.
... snip ...
related posts in this thread:
https://www.garlic.com/~lynn/2009g.html#27 Flawed Credit Ratings Reap Profits as Regulators Fail Investors
https://www.garlic.com/~lynn/2009g.html#29 Transparency and Visibility
https://www.garlic.com/~lynn/2009g.html#31 OODA-loop obfuscation
https://www.garlic.com/~lynn/2009g.html#33 Treating the Web As an Archive
https://www.garlic.com/~lynn/2009g.html#37 Future of Financial Mathematics?
https://www.garlic.com/~lynn/2009g.html#52 Future of Financial Mathematics?
https://www.garlic.com/~lynn/2009g.html#53 We Can't Subsidize the Banks Forever
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
Subject: Re: Solving password problems one at a time, Re: The password-reset paradox Date: Sat, 09 May 2009 14:26:51 -0400 From: Anne & Lynn Wheeler <lynn@garlic.com> MailingList: cryptographyOn 05/09/09 07:33, Jerry Leichter wrote:
note that there has been big push to "signature debit" (similar
interchange fees and fraud as "signature credit") with 15 times the
fraud of PIN-debit (which has significantly lower interchange fees
compared to signature debit) reference
http://www.digitaltransactions.net/newsstory.cfm?newsid=73
mentioned in this post from 2006
https://www.garlic.com/~lynn/2006e.html#21
there has been some articles about "unsafe" cards being a profit item
for financial institutions ... since they charge merchants a
significantly higher interchange fee. there have been references that
there can be as much as a order of magnitude difference in fees
between "unsafer" transactions and "safer" transactions ... with
"unsafe" transaction fees contributing significantly to reports that
payment fees have represented as much as 40% of bottom line for US
consumer financial institutions (an order of magnitude reduction would
be a big hit). part of thread on this subject in this mailing list
from two years ago
https://www.garlic.com/~lynn/aadsm27.htm#31
https://www.garlic.com/~lynn/aadsm27.htm#32
https://www.garlic.com/~lynn/aadsm27.htm#33
https://www.garlic.com/~lynn/aadsm27.htm#34
https://www.garlic.com/~lynn/aadsm27.htm#35
https://www.garlic.com/~lynn/aadsm27.htm#37
https://www.garlic.com/~lynn/aadsm27.htm#38
https://www.garlic.com/~lynn/aadsm27.htm#39
https://www.garlic.com/~lynn/aadsm27.htm#40
https://www.garlic.com/~lynn/aadsm27.htm#41
https://www.garlic.com/~lynn/aadsm27.htm#42
https://www.garlic.com/~lynn/aadsm27.htm#43
In the 90s, one of the proposals for some "safer" (PKI-based) internet
transactions, as part of offsetting cost of PKI deployment, was
changing the burden of proof (instead of bank/merchant proving
consumer did it, consumer has to prove that they didn't do it)
... something more akin to what was done in the UK. some recent
references:
https://www.garlic.com/~lynn/2009f.html#61
http://www.computerworlduk.com/management/security/data-control/news/index.cfm?RSS&newsid=14437
https://www.garlic.com/~lynn/2009g.html#28
http://www.securecomputing.net.au/News/143759,chipandpin-security-goes-on-trial.aspx
http://www.networkworld.com/news/2009/050209-lexisnexis-says-its-data-was.html
that PKI effort floundered for a number of reasons ... some discussed
in this recent post (besides the digital certificates being redundant
and superfluous):
https://www.garlic.com/~lynn/2009g.html#23
in the early part of this decade/century, related to attempt to
introduce some "safer" internet payment technologies, there was an
attempt to justify even higher merchant interchange fees ... than the
"unsafe" fees. this resulted in some amount of cognitive dissonance
... since merchants had been accustomed to their interchange fees
being proportional to amount of fraud ... aka as the amount of fraud
goes up ... so does the interchange fees ... but this change would
have created two domains ... one where the interchange fees go up
proportional to fraud ... and then a point where interchange fees
continue to climb as fraud is reduced. related post
https://www.garlic.com/~lynn/2009f.html#60
In the 90s (as part of AADS chip strawman), I semi-facetiously
commented about taking a $500 milspec part, cost reducing by 2-3
orders of magnitude while improving the integrity.
https://www.garlic.com/~lynn/x959.html#aadsstraw
Another part of the AADS chip strawman was enabling a shift from an institutional-centric hardware token paradigm to a person-centric hardware token paradigm ... i.e. the same AADS chip could be used for contact, contactless, proximity, transit turnstyle, single-factor authentication, multi-factor authentication, low value transactions, high value transactions, payment transactions, point-of-sale transactions, internet transactions, login authentication, etc. It wasn't just that the same kind of chip could be used for all these different purposes ... but provide the individual the option of being able to register their personal chip(s) for a broad range of applications. Part of the challenge was documenting all the issues that were raised justifying a institutional-centric hardware token paradigm ... and addressing each issue.
Part of it was the x9.59 financial transaction standard
https://www.garlic.com/~lynn/x959.html#x959
part of it was demonstrating an AADS (certificate-less) Kerberos
solution
https://www.garlic.com/~lynn/subpubkey.html#kerberos
and part of it was demonstrating an AADS (certificate-less) RADIUS
solution
https://www.garlic.com/~lynn/subpubkey.html#radius
lots of the stuff shows up in the AADS patent portfolio (all assigned
patents)
https://www.garlic.com/~lynn/aadssummary.htm
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: New standard for encrypting card data in the works; backers include Heartland Date: 11 May, 2009 Blog: Financial Crime Risk, Fraud and Securityre:
some more articles:
Organization aims to develop encryption standard for card data
http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1355834,00.html?track=NL-102&ad=702088&asrc=EM_NLN_6841855&uid=1308899
Post-breach, Heartland plans aggressive encryption project
http://www.networkworld.com/news/2009/051409-financial-institutions-demand-risk-management.html
Post-breach, Heartland plans aggressive encryption project
http://www.itworld.com/security/67551/post-breach-heartland-plans-aggressive-encryption-project
another view of some of the issues
PCI: A Brand, Not a Security Standard
http://attrition.org/security/rants/pci/heartland01.html
...
A slightly different approach in the X9A10 financial standard working group for X9.59 was recognition that transaction information can be harvested by crooks for fraudulent transactions ... that the transaction information is available at millions of places around the world ... and the transaction information is frequently required to be readily available as part of the business processes involved in execution of the transaction (one reason that it is frequently referred to as transaction information).
the X9.59 approach was to slightly tweak the paradigm and make the
transaction information useless to the crooks (as opposed to constant,
ever increasing cycle of making it harder and harder to access
transaction information ... until at some point it becomes impossible
to actually execute the transaction because it is not possible to make
transaction information available).
https://www.garlic.com/~lynn/x959.html#x959
recent related items:
RBS WorldPay validates PCI DSS compliance
http://www.finextra.com/fullpr.asp?id=27498
Heartland Data Breach: Is End-to-End Encryption the Answer?; Experts
Say New Measure is a Start, but Industry Standards are Needed
http://www.bankinfosecurity.com/articles.php?art_id=1455
... and with regard to "transactions" ... reference to stricter
definition of (financial) "transaction"
https://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: What happened to X9.59? Date: Mon, 11 May 2009 13:11:17 -0400 Mailing List: cryptographyOn 05/11/09 06:06, Peter wrote:
"find & buy standards" URL from above:
http://www.techstreet.com/x9gate.tmpl
x9 series have passed "100" ... but no longer lists x9.59. to some
extent x9.59 went the way of some other payment technologies in the
late 90s and early part of this decade ... when there was a big
retrenching from hardware tokens and other more secure technologies
for one reason or another ... some of it touched on in this recent post
https://www.garlic.com/~lynn/2009g.html#62
my x9.59 related information
https://www.garlic.com/~lynn/x959.html#x959
there was this NACHA RFI from 1998
https://www.garlic.com/~lynn/nacharfi.htm
and report mentioned here
https://web.archive.org/web/20070706004855/http://internetcouncil.nacha.org/News/news.html
declaring success and then evaporating
in large part because of the rapidly spreading opinion that hardware
tokens weren't practical in consumer market. I've discussed this more
recently (although cognitive dissonance with merchants & interchange
fees played a role).
https://www.garlic.com/~lynn/2009f.html#7
hardware token issue also discussed in thread on this mailing list from two yrs ago:
https://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
https://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
https://www.garlic.com/~lynn/aadsm27.htm#38 The bank fraud blame game
and for slight topic drift ... this thread on "new standard for
encrypting card data"
https://www.garlic.com/~lynn/2009g.html#25
https://www.garlic.com/~lynn/2009g.html#63
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The coming death of all RISC chips. Newsgroups: comp.arch Date: Tue, 12 May 2009 06:47:15 -0400nmm1 writes:
For various reasons they floundered ... and 4381 went with (traditional) cisc microprocessor (although it was starting to get closer & closer to executing 370 instructions natively ... instead of microcode emulation). as/400 had crash program for cisc processor (instead of 801).
part of the iliad 370 effort, included looking at JIT translation 370->native 801, as boost to traditional emulation (something similar can be found in some of the current generation of 370 emulators that run on i86 platforms).
misc. posts with old email mentioning 801, iliad, romp, etc
https://www.garlic.com/~lynn/lhwemail.html#801
in the wake of killing off iliad related projects ... some number of 801/risc engineers left the company ... and showed up at emerging risc efforts at other vendors.
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Mainframe articles Newsgroups: bit.listserv.ibm-main Date: Tue, 12 May 2009 07:14:32 -0400scottyt.harder@GMAIL.COM (Scott T. Harder) writes:
traditional 370 cache machines slowed the processing cycle down by 10% to allow for cross-cache chatter in a two-processor configuration (and four-processor was even slower) ... that is addition to the actual cache processing overhead of handling cross-cache signals (two-way met that there was signals from one other cache, four-way resulted in signals from three other caches).
TPF/ACP was an important market segment at the time ... but didn't have SMP (tightly-coupled, shared memory, multiprocessor) support. 3083 was 3081 with some of the hardware removed for a single processor and the single machine running nearly 15% faster (cross-cache chatter slowdown disabled). Prior to 3083, TPF/ACP operation on 3081 was under vm/370 (handling multiprocessor hardware) providing multiple (single processor) virtual machines for TPF/ACP operator (TPF/ACP did have loosely-coupled, cluster support ... so the multiple TPF/ACP virtual machines could be coordinated ... as opposed to say, production vis-a-vis test). Although there were some TPF/ACP 3081 operations where the 2nd processor would sit mostly idle. 3083 was primarily introduced to address TPF/ACP market.
web reference:
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP3081.html
prior to 308x, a 370 multiprocessor had fully replicated hardware ... and a two processor system could be split and run as two independent single processors. for the 3081, the term "dyadic" was introduced to differentiate that while it had two execution processors ... all the hardware was not fully duplicated and so a 3081 couldn't be split and operated as two independent uniprocessors (although a 4-processor 3084 could be split into two 3081s).
3082 was the "service processor". One of the issues was that field engineering required a "boot-strap" diagnostic process ... which started with scoping failed components and going up from there. TCMs in 308x were not "scope'able" ... so things started with a service processor that was simpler technology and was scope'able ... then a "working" service processor had all sorts of diagnostices instrumentation into the TCMs.
There were lots of issues with developing a roll-your-own operating system and diagnostic applications for the service processor in the 308x ... so for the 3090 ... it was decided to go with a standard (low-end, "scope' able") 370 for the service process. The 3090 effort started out with 4331 running a customized version of vm370 release six and all the service screens implemented in cms ios3720. by the time, the 3090 shipped, the "service processor" had been upgraded to a pair of 4361s (effectively replicated units in lieu of having to scope the service processor for diagnostic process).
misc. past posts mentioning 3083:
https://www.garlic.com/~lynn/99.html#103 IBM 9020 computers used by FAA (was Re: EPO stories (was: HELP IT'S HOT!!!!!))
https://www.garlic.com/~lynn/2000b.html#65 oddly portable machines
https://www.garlic.com/~lynn/2000d.html#9 4341 was "Is a VAX a mainframe?"
https://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
https://www.garlic.com/~lynn/2001b.html#37 John Mashey's greatest hits
https://www.garlic.com/~lynn/2001c.html#13 LINUS for S/390
https://www.garlic.com/~lynn/2001j.html#17 I hate Compaq
https://www.garlic.com/~lynn/2002c.html#9 IBM Doesn't Make Small MP's Anymore
https://www.garlic.com/~lynn/2002i.html#83 HONE
https://www.garlic.com/~lynn/2002m.html#67 Tweaking old computers?
https://www.garlic.com/~lynn/2002o.html#28 TPF
https://www.garlic.com/~lynn/2002p.html#58 AMP vs SMP
https://www.garlic.com/~lynn/2003g.html#30 One Processor is bad?
https://www.garlic.com/~lynn/2003p.html#45 Saturation Design Point
https://www.garlic.com/~lynn/2004.html#7 Dyadic
https://www.garlic.com/~lynn/2004c.html#35 Computer-oriented license plates
https://www.garlic.com/~lynn/2004e.html#44 Infiniband - practicalities for small clusters
https://www.garlic.com/~lynn/2005.html#22 The Soul of Barb's New Machine (was Re: creat)
https://www.garlic.com/~lynn/2005j.html#16 Performance and Capacity Planning
https://www.garlic.com/~lynn/2005m.html#55 54 Processors?
https://www.garlic.com/~lynn/2005o.html#44 Intel engineer discusses their dual-core design
https://www.garlic.com/~lynn/2005s.html#7 Performance of zOS guest
https://www.garlic.com/~lynn/2005s.html#38 MVCIN instruction
https://www.garlic.com/~lynn/2006d.html#5 IBM 610 workstation computer
https://www.garlic.com/~lynn/2006l.html#30 One or two CPUs - the pros & cons
https://www.garlic.com/~lynn/2006n.html#16 On the 370/165 and the 360/85
https://www.garlic.com/~lynn/2007.html#44 vm/sp1
https://www.garlic.com/~lynn/2007g.html#16 What's a CPU second?
https://www.garlic.com/~lynn/2007o.html#37 Each CPU usage
https://www.garlic.com/~lynn/2008c.html#83 CPU time differences for the same job
https://www.garlic.com/~lynn/2008e.html#40 Fantasy-Land_Hierarchal_NUMA_Memory-Model_on_Vertical
https://www.garlic.com/~lynn/2008g.html#14 Was CMS multi-tasking?
https://www.garlic.com/~lynn/2008i.html#38 American Airlines
https://www.garlic.com/~lynn/2008i.html#57 Microsoft versus Digital Equipment Corporation
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Mainframe articles Newsgroups: bit.listserv.ibm-main Date: Tue, 12 May 2009 07:27:59 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
also from 3081 web page:
3081 Segment Protection: Improves 3081 VM/CMS performance.
... snip ...
"segment protection" had been part of the original 370 virtual memory architecture and had been implemented on several machines and was supported in (pre-release) vm370.
when the engineering retrofit of virtual memory hardware support to 370/165 started running into schedule delays, there was decision to eliminate several parts of the full 370 virtual memory architecture (to gain back six months in the schedule). this required that other machines that had already implemented the full 370 virtual memory architecture to remove those dropped features ... and for vm370 to come up with a real kludge/hack to "protect" cms shared segments ... w/o actually having hardware segment protection support.
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: IT Infrastructure Slideshow: The IBM Mainframe: 50 Years of Big Iron Innovation Newsgroups: alt.folklore.computers Date: Tue, 12 May 2009 08:28:00 -0400IT Infrastructure Slideshow: The IBM Mainframe: 50 Years of Big Iron Innovation
jumps from ibm 1400 (1962) to 303x (1977) to 3083 (1982)
recent comment about "3083" in ibm-main mailing list
https://www.garlic.com/~lynn/2009g.html#66 Mainframe articles
https://www.garlic.com/~lynn/2009g.html#67 Mainframe articles
then slide shows starts to jump back & forth in time
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: The coming death of all RISC chips. Newsgroups: comp.arch Date: Tue, 12 May 2009 08:40:48 -0400Anne & Lynn Wheeler <lynn@garlic.com> writes:
at least one such ... shows up even later on itanium, misc. past
references/posts
https://www.garlic.com/~lynn/2006.html#39 What happens if CR's are directly changed?
https://www.garlic.com/~lynn/2006e.html#1 About TLB in lower-level caches
https://www.garlic.com/~lynn/2006o.html#67 How the Pentium Fell Short of a 360/195
https://www.garlic.com/~lynn/2008g.html#60 Different Implementations of VLIW
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Mainframe articles Newsgroups: bit.listserv.ibm-main Date: Tue, 12 May 2009 09:20:15 -0400re:
the pre-occupation with future system (which was going to replace all
370 ... in much the way 360 replaced all the stuff before it)
... resulted in the 370 software & hardware pipeline to drain.
https://www.garlic.com/~lynn/submain.html#futuresys
when future system was killed, there was mad rush to get stuff back in 370 product pipeline ... and basically a 308x & 370-xa effort was kicked off (expected to take 6-8 yrs) ... in parallel with crash 303x, Q&D stop-gap effort until 308x.
303x channel director was basically 158-3 processor engine with just the integrated channel microcode and the 370 microcode removed
3031 was 158-3 with the integrated channel microcode removed (only 370
microcode) and reconfigured to work with 303x channel director
(i.e. 158-3 bascially multiplexed integrated channel microcode on 370
microcode on single engine, 3031 had two processor engines, one
dedicated to integrated channel microcode and one dedicated to 370
microcode)
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_2423PH3031.html
3032 was 168-3 reconfigured to work with 303x channel director(s)
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_2423PH3032.html
3033 started out as 168-3 wiring diagram mapped to faster chip
technology ... originally only going to be 20% faster than 168-3. the
chips were 20% faster ... the chips also had about ten times the
circuits per chip ... but using the 168-3 wiring diagrams would have
left all the additional circuits unused. during the 3033 development,
there were some critical path redesign that took advantage of the
higher onchip circuit density resulting in 3033 being closer to 50%
faster than 168-3.
http://www-03.ibm.com/ibm/history/exhibits/3033/3033_album.html
as soon as the 3033 was out the door ... that group started on 3090
(overlapped with 3081 activity).
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_2423PH3090.html
initial 3081 ... was 3081D where each processor was about five mips ... not a whole lot faster than 3033 two-processor. fairly quickly after that, 3081K shipped with each processor about seven mips (14mips aggregate).
3083 was bascially single 3081k processor with x-cache slowdown removed
so it ran about 15% faster or approx. 8mips
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_2423PH3083.html
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Fw: Re: 308x Processors - was "Mainframe articles" Newsgroups: bit.listserv.ibm-main Date: Tue, 12 May 2009 13:39:52 -0400patrick.falcone7@VERIZON.NET (Patrick Falcone) writes:
3033 and 3081 in 370 mode were 24bit (16mbyte) addressing (real & virtual).
issue was that disk thruputs weren't keeping pace with the rest of the system infrastructure ... i.e. processing & memory performance was increasing faster than disk performance.
I had started pontificating in the 70s about the growing performance mismatch. what was happening was that increasing amounts of electronic storage (starting with real memory on the processor and then disk controller cache) was being used to cache disk information to compensate for the increasing disk thruput bottleneck.
this is referencing comparing 360/67 to 3081k (separated by almost 15
yrs) running similar (virtual machine) CMS workload ... and claiming
that relative system disk thruput had declined by a factor of ten times
in the period.
https://www.garlic.com/~lynn/93.html#31 Big I/O or Kicking the Mainframe out the Door
some disk division executives took some offense with the claims and
assigned the division performance group to refute my statements. after a
few weeks, the group came back and effectively said that I had slightly
understated the problem. That study eventually turned into a SHARE (63)
presentation (B874) recommending how to configure/manage disks to
improve system thruput. old post with reference:
https://www.garlic.com/~lynn/2006f.html#3 using 3390 mod-9s
https://www.garlic.com/~lynn/2006o.html#68 DASD Response Time (on antique 3390?)
in any case, it was starting to become a real issue in the 3033 time-frame. it was possible to configure vm clusters of 4341s with higher aggregate thruput than 3033 at a lower cost. furthermore, each 4341 could have 16mbytes (and six i/o channels) compared to 3033's with 16mbytes (and 16 i/o channels).
to somewhat address/compensate ... there was a hardware hack to have 3033 configured with 32mbytes of real storage (even though the processor was restricted to both real & virtual 16mbytes addressing).
the hack involved
1) using (31bit) IDALs to being able to do I/O for real addresses above 16mbyte "line" (most importantly being able to read/write pages above the line)
2) page table entry was defined as 16bits, 12bit page number (4096 4096byte pages or 16mbytes), 2 defined bits and 2 undefined bits. the two undefined bits were re-allocated for prepending to the page number allowing up to 16384 4096byte pages or up to 64mbytes real storage, but only max. of 16mbytes per virtual address space).
...
lots of things would require virtual pages, that were above the (16mbyte) line, to be brought into the first 16mbytes of real storage. initially there was a definition where the software would write the (above the line) virtual page out to disk and then read it back into real storage (below the line). I generated some example code that involved special virtual address space and fiddling the real page numbers in two page table entries ... allowing 4k of real storage above the line to be "copied/moved" to 4k of real storage below the line (avoiding having to write to disk and read back in).
this hack (for real storage >16mbytes) was carried forward for 3081s operating in 370 (24bit, 16mbyte) addressing mode.
a few past posts discussing (3033/3081) >16mbyte
https://www.garlic.com/~lynn/2004o.html#59 Integer types for 128-bit addressing
https://www.garlic.com/~lynn/2006m.html#27 Old Hashing Routine
https://www.garlic.com/~lynn/2006t.html#15 more than 16mbyte support for 370
https://www.garlic.com/~lynn/2006w.html#23 Multiple mappings
https://www.garlic.com/~lynn/2006y.html#9 The Future of CPUs: What's After Multi-Core?
https://www.garlic.com/~lynn/2007b.html#34 Just another example of mainframe costs
https://www.garlic.com/~lynn/2007g.html#59 IBM to the PCM market(the sky is falling!!!the sky is falling!!)
https://www.garlic.com/~lynn/2008f.html#12 Fantasy-Land_Hierarchal_NUMA_Memory-Model_on_Vertical
https://www.garlic.com/~lynn/2009d.html#48 Mainframe Hall of Fame: 17 New Members Added
and some number of past posts mentioning vm/4341 clusters
https://www.garlic.com/~lynn/2001m.html#15 departmental servers
https://www.garlic.com/~lynn/2004o.html#57 Integer types for 128-bit addressing
https://www.garlic.com/~lynn/2005.html#34 increasing addressable memory via paged memory?
https://www.garlic.com/~lynn/2005n.html#11 Code density and performance?
https://www.garlic.com/~lynn/2005p.html#1 Intel engineer discusses their dual-core design
https://www.garlic.com/~lynn/2005q.html#30 HASP/ASP JES/JES2/JES3
https://www.garlic.com/~lynn/2005q.html#38 Intel strikes back with a parallel x86 design
https://www.garlic.com/~lynn/2005u.html#44 POWER6 on zSeries?
https://www.garlic.com/~lynn/2006b.html#39 another blast from the past
https://www.garlic.com/~lynn/2006i.html#41 virtual memory
https://www.garlic.com/~lynn/2006l.html#2 virtual memory
https://www.garlic.com/~lynn/2006l.html#4 Google Architecture
https://www.garlic.com/~lynn/2006p.html#0 DASD Response Time (on antique 3390?)
https://www.garlic.com/~lynn/2006r.html#4 Was FORTRAN buggy?
https://www.garlic.com/~lynn/2006s.html#41 Ranking of non-IBM mainframe builders?
https://www.garlic.com/~lynn/2006s.html#42 Ranking of non-IBM mainframe builders?
https://www.garlic.com/~lynn/2006t.html#15 more than 16mbyte support for 370
https://www.garlic.com/~lynn/2007f.html#44 Is computer history taught now?
https://www.garlic.com/~lynn/2007g.html#59 IBM to the PCM market(the sky is falling!!!the sky is falling!!)
https://www.garlic.com/~lynn/2007j.html#71 John W. Backus, 82, Fortran developer, dies
https://www.garlic.com/~lynn/2007n.html#20 The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
https://www.garlic.com/~lynn/2007o.html#10 IBM 8000 series
https://www.garlic.com/~lynn/2007o.html#56 360/30 memory
https://www.garlic.com/~lynn/2007o.html#72 FICON tape drive?
https://www.garlic.com/~lynn/2007r.html#56 CSA 'above the bar'
https://www.garlic.com/~lynn/2008b.html#8 on-demand computing
https://www.garlic.com/~lynn/2008d.html#64 Interesting ibm about the myths of the Mainframe
https://www.garlic.com/~lynn/2008d.html#71 Interesting ibm about the myths of the Mainframe
https://www.garlic.com/~lynn/2008e.html#73 Convergent Technologies vs Sun
https://www.garlic.com/~lynn/2008k.html#60 recent mentions of 40+ yr old technology
https://www.garlic.com/~lynn/2008o.html#57 Virtual
https://www.garlic.com/~lynn/2009d.html#48 Mainframe Hall of Fame: 17 New Members Added
https://www.garlic.com/~lynn/2009d.html#54 mainframe performance
https://www.garlic.com/~lynn/2009e.html#45 Mainframe Hall of Fame: 17 New Members Added
https://www.garlic.com/~lynn/2009f.html#50 what IBM 360/370/etc. model was their best seller?
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Mainframe articles Newsgroups: bit.listserv.ibm-main Date: Tue, 12 May 2009 14:04:53 -0400re:
for totally unrelated 3081k topic drift ....
I was also doing HSDT (high-speed data transport) project and connecting
it to the internal network running high-speed links (full duplex T1 and
faster).
https://www.garlic.com/~lynn/subnetwork.html#hsdt
The internal network was larger than the arpanet/internet from just
about the beginning until possibly late '85 or early '86. The internal
network also required all links leaving physical corporate property to
be encrypted. Somebody commented in '85 time-frame that the internal
network had over half of all link encryptors in the world.
https://www.garlic.com/~lynn/subnetwork.html#internalnet
This was not bad for 56kbit links ... but it started to become much more of problem when running at (full-duplex) T1 (1.5mbits/sec in each direction) and higher speeds.
old email mentioning internal network approaching 2000 nodes and
needing a whole lot of (DES) link encryptors
https://www.garlic.com/~lynn/2006t.html#email850625
in this post
https://www.garlic.com/~lynn/2006t.html#50
old email complaing that (370) software DES was taking about 1 sec.
of 3081K processor time per 150kbytes ... which would require full,
dedicated 3081K to handle sustained full-duplex T1
https://www.garlic.com/~lynn/2006n.html#email841115
in this post
https://www.garlic.com/~lynn/2006n.html#36
for other drift, one friday (in that time-frame), somebody from the communication group sent out an announcement for a new "networking" discussion conference on the internal network ... which included the following definition:
low-speed >9.6kbits medium-speed 19.2kbits high-speed 56kbits very high-speed 1.5mbitsthat weekend I left on business trip to the other side of the pacific to look at getting some hardware for HSDT project ... and monday morning on a wall of a conference room there was the following:
low-speed >20mbits medium-speed 100mbits high-speed 200-300mbits very high-speed >600mbits--
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Fw: Re: 308x Processors - was "Mainframe articles" Newsgroups: bit.listserv.ibm-main Date: Tue, 12 May 2009 14:13:01 -0400Steve_Thompson@STERCOMM.COM (Thompson, Steve) writes:
... the 3033 had special page table entry definition for 14-bit real page number (16384 4096byte real pages or 64mbytes).
the internal 3033 hardware could address more than 16mbites ... but instructions (both real and virtual) were limited to 24bits.
3033 hardware hack for >16mbytes ... supported >16mbyte "effective" addresses from (31bit) IDALs or as output of virtual address translation (using 14bit page number in the page number entry).
however instruction addressing (whether running in virtual addressing mode or running w/o virtual address translation turned on) was still limited to 24bit addressing.
the "32mbyte" option was independent of 3033mp.
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Re: Fw: Re: 308x Processors - was "Mainframe articles" Newsgroups: bit.listserv.ibm-main Date: Tue, 12 May 2009 14:41:01 -0400eamacneil@YAHOO.CA (Ted MacNEIL) writes:
from virtual paging standpoint ... all space (below and above 16mbyte line) was available for paging. there was some additional overhead that could be involved when a virtual page above the line had to be brought down below the line.
the big problem was that some of the page replacement algorithm implementations messed up in how they treated below the line and above the line (reducing the effectiveness of the above the line space). all other things being equal, a virtual page above the line and a virtual page below the line should have equal probability of being replaced (unfortunately because of some of the implementation glitches ... this wasn't always the case ... resulting in non-optimal page replacement and less effective thruput).
i had done a lot of work on how virtual page replacement algorithms should work and maintaining optimal selection strategy ... as undergraduate in the 60s working on (virtual machine) cp67.
there were sometimes relatively trivial appearing code changes that actually resulted in significant difference in how effective the replacement strategy worked. There was some amount of this in original VS2/SVS implementation that continued well thru MVS releases ... that I got to use the "I told you so" line.
misc. past posts mentioning page replacement strategies
https://www.garlic.com/~lynn/subtopic.html#wsclock
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Radius Server Or AAA Server Date: 15 May, 2009 Blog: Telecommunicationsmy rfc index
in RFCs listed by section, select Term (term->RFC#)
in Acronym fastpath section, select "RADIUS"
remote authentication dial in user service (RADIUS )
see also authentication , network access server , network services
5176 5090 5080 5030 4849 4818 4679 4675 4673 4672 4671 4670 4669 4668
4603 4590 4372 4014 3580 3579 3576 3575 3162 2882 2869 2868 2867 2866
2865 2809 2621 2620 2619 2618 2548 2139 2138 2059 2058
clicking on RFC number brings up that summary in lower
frame. selecting ".txt" field in summary, fetches the actual RFC.
original RADIUS implementation was authentication for particular vendor's modem pool manager. Since then, RADIUS has become an internet standard and RADIUS servers extended to handle authentication, authorization, and accounting. Found in lots of ISP and webhosting operations. Basically some sort of userid is supplied and the appropriate record for that userid is retrieved. That userid record then has information regarding at least authentication, but may also contain authorization/permissions as well as for accounting.
RFCs by the "Authentication, Authorization and Accounting" working
group:
Authentication, Authorization and Accounting
see also accounting , authentication , authorization
5224 4740 4072 4005 4004 3589 3588 3539 3127 2989 2977 2906 2905 2904
2903
disclaimer ... long ago and far away I did configuration for original
vendor RADIUS product.
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: Undoing 2000 Commodity Futures Modernization Act Date: 15 May, 2009 Blog: Greater IBMfrom earlier article reference about people to blame for current crisis
25 People to Blame for the Financial Crisis; Phil Gramm
http://content.time.com/time/specials/packages/article/0,28804,1877351_1877350_1877330,00.html
from above:
2000 Commodity Futures Modernization Act that exempted
over-the-counter derivatives like credit-default swaps from regulation
by the Commodity Futures Trading Commission. Credit-default swaps took
down AIG, which has cost the U.S. $150 billion thus far.
... snip ...
Undo previous legislation as well as hopefully improving visibility and transparency
Geithner Urges Electronic OTC Derivatives Trading
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=aXT_cLUZMwsU&refer=home
Obama Takes On Shadow Banking System
http://www.forbes.com/2009/05/13/derivatives-regulation-otc-business-washington-obama-geithner.html
U.S. regulators propose OTC derivatives crackdown
http://www.forbes.com/feeds/reuters/2009/05/13/2009-05-13T212300Z_01_N13414280_RTRIDST_0_FINANCIAL-DERIVATIVES-UPDATE-4.html
Treasury asks for control of derivatives market
http://www.forbes.com/feeds/ap/2009/05/14/ap6420660.html
Obama To Crack Down On Derivatives
http://www.forbes.com/2009/05/13/derivatives-regulation-otc-business-washington-obama.html
US regulatory reforms to drive automation in OTC trading
http://www.finextra.com/fullstory.asp?id=20033
U.S. Regulators Seek Trace-like Reporting for OTC Derivatives
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=a.e5Xpc90Q0Q&refer=home
and past posts mentioning 2000 Commodity Futures Modernization Act:
https://www.garlic.com/~lynn/2009c.html#38 People to Blame for the Financial Crisis
https://www.garlic.com/~lynn/2009c.html#39 'WHO IS RESPONSIBLE FOR THE GLOBAL MELTDOWN'
https://www.garlic.com/~lynn/2009c.html#46 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#48 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#49 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#53 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#55 Who will give Citigroup the KNOCKOUT blow?
https://www.garlic.com/~lynn/2009c.html#65 is it possible that ALL banks will be nationalized?
https://www.garlic.com/~lynn/2009d.html#10 Who will Survive AIG or Derivative Counterparty Risk?
https://www.garlic.com/~lynn/2009d.html#16 The Formula That Killed Wall Street
https://www.garlic.com/~lynn/2009d.html#18 HSBC is expected to announce a profit, which is good, what did they do differently?
https://www.garlic.com/~lynn/2009d.html#28 I need insight on the Stock Market
https://www.garlic.com/~lynn/2009d.html#42 Bernard Madoff Is Jailed After Pleading Guilty -- are there more "Madoff's" out there?
https://www.garlic.com/~lynn/2009d.html#61 Quiz: Evaluate your level of Spreadsheet risk
https://www.garlic.com/~lynn/2009d.html#62 Is Wall Street World's Largest Ponzi Scheme where Madoff is Just a Poster Child?
https://www.garlic.com/~lynn/2009d.html#63 Do bonuses foster unethical conduct?
https://www.garlic.com/~lynn/2009d.html#73 Should Glass-Steagall be reinstated?
https://www.garlic.com/~lynn/2009e.html#0 What is swap in the financial market?
https://www.garlic.com/~lynn/2009e.html#8 The background reasons of Credit Crunch
https://www.garlic.com/~lynn/2009e.html#13 Should we fear and hate derivatives?
https://www.garlic.com/~lynn/2009e.html#23 Should FDIC or the Federal Reserve Bank have the authority to shut down and take over non-bank financial institutions like AIG?
https://www.garlic.com/~lynn/2009e.html#31 Should FDIC or the Federal Reserve Bank have the authority to shut down and take over non-bank financial institutions like AIG?
https://www.garlic.com/~lynn/2009e.html#35 Architectural Diversity
https://www.garlic.com/~lynn/2009f.html#29 What is the real basis for business mess we are facing today?
https://www.garlic.com/~lynn/2009f.html#38 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#51 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009g.html#5 Do the current Banking Results in the US hide a grim truth?
https://www.garlic.com/~lynn/2009g.html#7 Just posted third article about toxic assets in a series on the current financial crisis
https://www.garlic.com/~lynn/2009g.html#33 Treating the Web As an Archive
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
From: Anne & Lynn Wheeler <lynn@garlic.com> Subject: A new global system is coming into existence Date: 15 May, 2009 Blog: Greater IBMButtonwood; Birth pains; A new global system is coming into existence
from above:
Now it seems to be recognised that inflation targeting is not
enough. Given the explicit government guarantee behind the banking
system, central banks need to monitor both financial stability and
asset prices. At the same time, some central banks have adopted (via
quantitative easing) a policy of creating money to boost markets that
also has the convenient side-effect of funding budget deficits. That
is just what opponents of fiat money feared would happen in the long
run.
... snip ...
also ...
Three trillion dollars later... There is no single big remedy for the
banks' flaws. But better rules -- and more capital -- could help
http://www.economist.com/opinion/displayStory.cfm?story_id=13648968&source=hptextfeature
from above:
The bonanza is intentional. Governments and regulators want the banks
to make profits so that they regain their health faster after roughly
$3 trillion of write-downs. It is part of the monstrous bargain that
bankers have extracted from the state (see our special report this
week).
... snip ...
article also mentions the two evils of excessive risk and excessive reward can poison capitalism and ravage the country .... as in other articles ... it was the top business executives ... intent on excessive reward ... that overruled the risk managers (sacrificing the institution and economy for personal gain)
Financial institutions demand risk management overhaul
http://www.networkworld.com/news/2009/052109-interop-virtualization-security-ibm.html
from above:
More than half of the survey's respondents said they had either
already conducted, or plan to conduct an overhaul of their
enterprise's risk management strategy.
... snip ...
however, it is much more of an organizational problem than a technical problem.
misc. past posts mentioning write-downs &/or magnitude of securitization
problem:
https://www.garlic.com/~lynn/2009.html#84 what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
https://www.garlic.com/~lynn/2009b.html#8 Do emperors from the banks have new clothes?
https://www.garlic.com/~lynn/2009b.html#79 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#29 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#32 How to defeat new telemarketing tactic
https://www.garlic.com/~lynn/2009c.html#55 Who will give Citigroup the KNOCKOUT blow?
https://www.garlic.com/~lynn/2009c.html#65 is it possible that ALL banks will be nationalized?
https://www.garlic.com/~lynn/2009d.html#0 PNC Financial to pay CEO $3 million stock bonus
https://www.garlic.com/~lynn/2009d.html#22 Is it time to put banking executives on trial?
https://www.garlic.com/~lynn/2009d.html#59 Quiz: Evaluate your level of Spreadsheet risk
https://www.garlic.com/~lynn/2009d.html#62 Is Wall Street World's Largest Ponzi Scheme where Madoff is Just a Poster Child?
https://www.garlic.com/~lynn/2009e.html#8 The background reasons of Credit Crunch
https://www.garlic.com/~lynn/2009e.html#23 Should FDIC or the Federal Reserve Bank have the authority to shut down and take over non-bank financial institutions like AIG?
https://www.garlic.com/~lynn/2009f.html#41 On whom or what would you place the blame for the sub-prime crisis?
https://www.garlic.com/~lynn/2009f.html#49 Is the current downturn cyclic or systemic?
https://www.garlic.com/~lynn/2009f.html#56 What's your personal confidence level concerning financial market recovery?
https://www.garlic.com/~lynn/2009f.html#65 Just posted third article about toxic assets in a series on the current financial crisis
https://www.garlic.com/~lynn/2009g.html#1 Future of Financial Mathematics?
https://www.garlic.com/~lynn/2009g.html#5 Do the current Banking Results in the US hide a grim truth?
https://www.garlic.com/~lynn/2009g.html#27 Flawed Credit Ratings Reap Profits as Regulators Fail Investors
https://www.garlic.com/~lynn/2009g.html#52 Future of Financial Mathematics?
https://www.garlic.com/~lynn/2009g.html#53 We Can't Subsidize the Banks Forever
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970