List of Archived Posts
2007 Newsgroup Postings (01/01 - 01/07)
- Securing financial transactions a high priority for 2007
- "The Elements of Programming Style"
- "The Elements of Programming Style"
- The Future of CPUs: What's After Multi-Core?
- DOS C prompt in "Vista"?
- Securing financial transactions a high priority for 2007
- Securing financial transactions a high priority for 2007
- SSL info
- "The Elements of Programming Style"
- "The Elements of Programming Style"
- moving on
- vm/sp1
- "The Elements of Programming Style"
- "The Elements of Programming Style"
- vm/sp1
- SSL info
- How many 36-bit Unix ports in the old days?
- SSL info
- IBM sues maker of Intel-based Mainframe clones
- NSFNET (long post warning)
- MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
- DOS C prompt in "Vista"?
- MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
- How to write a full-screen Rexx debugger?
- How to write a full-screen Rexx debugger?
- The History of Computer Role-Playing Games
- MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
- Securing financial transactions a high priority for 2007
- Securing financial transactions a high priority for 2007
- Just another example of mainframe costs
- V2X2 vs. Shark (SnapShot v. FlashCopy)
- V2X2 vs. Shark (SnapShot v. FlashCopy)
- V2X2 vs. Shark (SnapShot v. FlashCopy)
- Just another example of mainframe costs
- SSL info
- V2X2 vs. Shark (SnapShot v. FlashCopy)
- How many 36-bit Unix ports in the old days?
- How many 36-bit Unix ports in the old days?
- How many 36-bit Unix ports in the old days?
- Just another example of mainframe costs
- How many 36-bit Unix ports in the old days?
- RTFM - IETF RFCs
- The logic of privacy
- SSH protocol analyzer
- vm/sp1
- Just another example of mainframe costs
- How many 36-bit Unix ports in the old days?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Securing financial transactions a high priority for 2007
Newsgroups: alt.folklore.computers
Date: Mon, 01 Jan 2007 13:15:45 -0700
krw <krw@att.bizzzz> writes:
Yep. Google "Check-21". I've gone into stores where they took my
check, scanned it, and handed it back to me. Scary, but no more so
than having a hundred clerks handle my check. With the routing and
account numbers the account is wide open. ...always has been.
No, I'm not afraid of debit cards, though I never use them on-line.
re:
http://www.garlic.com/~lynn/2006y.html#7 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2006y.html#8 Securing financial transactions a high priority for 2007
most debit cards can now be used in either PIN-mode or signature-mode
(i.e. if they have the association "bug" or "logo" on the card). the
vulnerability is if the magstripe is skimmed ... then the counterfeit
card can be used in signature-mode (similar to credit card) w/o
requiring pin (and typically w/o some of the same protections that
credit cards have). same applies if such a debit card is lost or
stolen. you typically have to specially request a debit card that can
only be used in pin-mode (and not also be usable in PIN-less
signature debit mode).
also credit card magstripe technology had gone thru something of an
evolution. early exploit was to take an account number (or even guess
at an account number using some known rules about account number
validity checking) and generate a counterfeit magstripe from scratch.
a secure hash code was added to credit card magstripes as a
countermeasure for such exploits (basically combination of a bank
secret plus account number and misc. other details ... not obviously
derivable from having an account number).
to large extent, the original PIN-debit didn't view it really
necessary to do similar magstripe protection because they had "real"
two-factor authentication: card/magstripe as something you have and
PIN as something you know. Generating a magstripe from scratch with
some account number wasn't sufficient to do a fraudulent transaction
since a PIN was also required.
in the past year or so, there have been some association articles
deploring the lack of secure hash on debit magstripes ... since
PIN-less signature-debit operation are now subject to some of the
similar vulnerabilities as credit ... and to some extent the
associations had promoted the PIN-less, signature-debit ... w/o
requiring that (PIN-less) debit card magstripe technology was at least
equivalent to credit (originally believing that PIN requirement was
sufficient countermeasure to such exploits).
as previously mentioned a number of times, we were asked to consult
with small client/server startup that wanted to do payment
transactions.
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
which has since come to be called e-commerce. existing consumer
protection credit card rules were leveraged related to
"card-not-present" and "cardholder-not-present" (i.e. remote
not-face-to-face transactions that had original been created for
"MOTO" ... aka mail-order/telephone-order).
after that we did some work in the X9A10 financial standard working
group which had been given the requirement (for a protocol) in the
mid-90s to preserve the integrity of the financial infrastructure for
all retail payments.
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959
one of the things that we looked at was the growing "skimming"
vulnerabilities ... valid magstripes were recorded and used to create
counterfeit cards with correct magstripes (and since the secure hash
was static data, it was being recorded right along with the rest of a
valid magstripe information for use in creating duplicate magstripes).
http://www.garlic.com/~lynn/subintegrity.html#harvest
http://www.garlic.com/~lynn/subintegrity.html#secrets
about the same time the X9A10 work began ... there was a different
effort begun specifically for a chip-based payment card. the
deployments so far have basically had the chip regurgitate effectively
a slightly enhanced version of the information on a magstripe. This
chip also required the entry of an associated PIN ... supposedly
resulting in two-factor authentication ... chip as something you
have authentication and PIN as something you know authentication.
However, these deployments resulted in the yes card
exploit/vulnerability
http://www.garlic.com/~lynn/subintegrity.html#yescard
The chip authentication is static data that is very similar to what
might be found on a magstripe. Some of the infrastructure used for
skimming/recorded magstripe information turned out to also be able to
skim/record chip authentication information.
The attackers then installed the authentication information in
counterfeit yes cards. The terminal/chip protocols have been such
that once the terminal had authenticated a chip ... the terminal would
then asked the chip a number of questions:
a) was the correct PIN entered,
b) should the transaction be performed offline,
c) is the transaction with the account's credit limit
The counterfeit yes cards are programmed to always answer YES
(given rise to the yes card label). Theoretically a valid PIN was
required for such an operation (resulting in two factor
authentication), but since counterfeit yes cards always answered
YES (regardless of what PIN is entered) ... any assumptions about
multi-factor authentication is negated (it is not necessary to know
the correct PIN to use a counterfeit yes card for fraudulent
transactions).
Furthermore, one of the countermeasures to various card exploits has
been doing "online" transactions and reporting account problems and
having the card's number flagged/de-activated. However, that is
dependent on the transactions being done online. In the yes card
case, the terminal is always instructed to perform an "offline"
transaction, negating the benefit of online transaction account
flagging.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: "The Elements of Programming Style"
Newsgroups: alt.folklore.computers
Date: Mon, 01 Jan 2007 15:37:22 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
there was some attempt to do a cms-like implementation on PCs in the
early 80s ... as well as straight vm/cms as xt/370 ... both the
cms-like and xt/370 suffered greatly on the PC platforms in the early
to mid-80s. cms-like and xt/370 tended to be much more disk intensive
than the PC applications of the period ... and the disks were 10-20
times slower than their mainframe counterparts. the interactive pc
applications of the period were usually carefully tailored to the
available PC resources/hardware. as a result, cms-like and xt/370
genre failed to catch on (although some number of the cms personal
applications were rewritten for pc environment and found uptake).
re:
http://www.garlic.com/~lynn/2006y.html#29 "The Elements of Programming Style"
reference to some CMS applications adapted to pc environment by
"XXXXXX" (in the following old email), he adapted flavors of some CMS
applications for the TRS80 ... which later were available on
IBM/PC. misc. related posts:
http://www.garlic.com/~lynn/2002o.html#66 Defeating telemarketers
http://www.garlic.com/~lynn/2004.html#5 The BASIC Variations
http://www.garlic.com/~lynn/2004l.html#74 Specifying all biz rules in relational data
http://www.garlic.com/~lynn/2004m.html#20 Whatever happened to IBM's VM PC software?
and topic drift with respect to original relational/sql System/R,
misc. posts
http://www.garlic.com/~lynn/subtopic.html#systemr
slightly related:
http://www.garlic.com/~lynn/2006w.html#46 The Future of CPUs: What's After Multi-Core?
From: wheeler
Date: 10/16/80 12:57:51
I don't know about what XXXXXX (if anything) has written. XXXXXX
was an SE in LA who was also responsible for VMAP. He has left
the company and formed his own VM consulting company.
I do know many of his opinions are somewhat similar to MIPENVY,
although he worked in a very different environment. MIPENVY was
written by Jim Gray who worked here at research. He was very
instrumental in System/R and somewhat of an authority on data base in
general and distributed data bases in particular. He has gone to work
for Tandem. While he was here he did a lot of consulting with the
STL/IMS design people. MIPENVY was a short piece of a much longer
letter that he wrote at the request of his manager detailing numerous
things about with IBM in general & IBM research in particular. I have
not gotten any feedback on how far up his letter has gone so far.
Jim Gray has had a high degree of exposure both inside of IBM &
outside. For whatever reason he has been telling people (with respect
to IBM questions) to call me in his place. Just before he left, I had
lunch with him & STL/IMS design people. He suggested that they should
now come to me (IMS must be in deep hurt, what I really about O/S
in-depth, is 10 years old). I've also gotten calls from BofA
management about System/R, VM, & data base stuff.
BofA now has one of the original IMS design people as head of
computing. They are hiring a number of the good IMS people out of STL
(or where ever they can get them -- rumor is they have or will have
larger IMS development group than IBM). STL also is feeling very
pressured by the Japanese. Claim is that the Japanese IMS is much
better than IBM's. STL has crash program to implement enhancements to
IMS to bring it up to the current Japanese level. Only problem is
that FCS is targeted for 1985 (although there are some number of bets
out that it will slip).
I was down in LA in June for a customer call at LA Times & spent most
of the evening with XXXXXX. He was very unhappy with the way he saw
IBM going at that time. Too much pressure from the branch to sell MVS
among other things. He has a Radio Shack computer at home & believes
that there ought to be a crash program to get most of the CMS function
into a user's terminal. Other companies are getting very close. In the
next couple of years there is going to be a lot of pressure from that
direction.
... snip ... top of post, old email index
and ...
From: wheeler
Date: 10/06/80 09:33:41
re: MIPENVY script; while I was in POK last week teaching a
performance and scheduling class to the VM development group and
change team, Jim Gray departed IBM for Tandem. He left a goodbye note on
my terminal. There was a cryptic remark about some new project that
will seriously affect IBM. Knowing Jim Gray, it was not just sour grapes
leaving this company. Considering all the proto-type projects that
lots of people have been doing for several years with multiple
(relatively) "small" processors, both tightly & loosely coupled it is
surprising that nobody has come out with something sooner to seriously
impact glasshouse, mainframe market.
... snip ... top of post, old email index
misc. past posts mentioning MIPENVY
http://www.garlic.com/~lynn/2002k.html#39 Vnet : Unbelievable
http://www.garlic.com/~lynn/2002o.html#73 They Got Mail: Not-So-Fond Farewells
http://www.garlic.com/~lynn/2002o.html#75 They Got Mail: Not-So-Fond Farewells
http://www.garlic.com/~lynn/2004c.html#15 If there had been no MS-DOS
http://www.garlic.com/~lynn/2004l.html#31 Shipwrecks
http://www.garlic.com/~lynn/2005u.html#41 Mainframe Applications and Records Keeping?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: "The Elements of Programming Style"
Newsgroups: alt.folklore.computers
Date: Mon, 01 Jan 2007 16:12:49 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
they had tried running MVS on processors used for "testcell" testing
(engineering and development devices) and MTBF was on the order of
15-minutes (crashes and/or hangs) ... and they had been doing the testing
with machines in scheduled "stand alone" time (with simple, custom
written stand-alone monitors).
re:
http://www.garlic.com/~lynn/2006y.html#25 "The Elements of Programming Style"
In the past, I've made reference to earlier attempts using MVS for
"testcell" operation ... being able to test engineering hardware under
development in an MVS operating system environment ... and MVS
experiencing a 15min MTBF.
I had done a I/O supervisor redesign and rewrite to provide an
operating system environment for on-demand, concurrent testing of
engineering and development hardware (in bldg. 14 & bldg. 15):
http://www.garlic.com/~lynn/subtopic.html#disk
following is simple reference to preparing to release product
3380 hardware and testing their operation under MVS.
From: wheeler
Date: 10/15/80 13:29:38
fyi; ref: I/O Reliability Enhancement; After running under VM for
almost two years in the engineering labs, the 3380 hardware engineers
recently did some live MVS testing.
They have a regression bucket of 57 hardware errors (hardware problems
that are likely to occur & the FE must diagnose from the SCP error
information provided).
It turns out that for 100% of the hardware errors, the MVS system
hangs & must be re-IPL'ed. Also in 66% of the cases there is no
indication of what the problem was that forced the re-IPL.
... snip ... top of post, old email index
even tho the above email was purely internal and never was avail.
outside the corporation ... it still resulted in the manager of MVS
RAS generating quite a bit of uproar (something along the line of
trying to kill the messenger?)
a few other, recent posts mentioning the i/o reliability work
http://www.garlic.com/~lynn/2006x.html#12 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2006x.html#15 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2006x.html#27 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2006y.html#34 "The Elements of Programming Style"
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Future of CPUs: What's After Multi-Core?
Newsgroups: alt.folklore.computers
Date: Mon, 01 Jan 2007 16:48:22 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
We had added a new facility to the SJR/VM in 1979 (module DMKCOL)
enabling capturing all disk record accesses. This information was then
used in modeling various kinds of caching strategies. It was run on a
number of systems in the san jose area (including some having batch
operating systems running in virtual machine).
One of the findings was that a system global cache (i.e. with global
LRU replacement policy) outperformed any partitioned cache strategy
(aka effectively local LRU replacement strategy) ... where the
aggregate amount of electronic cache was the same in the two cases.
One of the other pieces of information that started to emerge from the
modeling work was finding some amount of meta-activity ... that
specific collections of records were frequently accessed in longer
term cyclic pattern (once-a-day, weekly, monthly, etc). This started
to have implications as CMSBACK morphed and added much more
sophisticated filesystem management strategies.
some work was also done about being able to use the real-time capture
characteristic of DMKCOL to aid with real-time record allocation.
re:
http://www.garlic.com/~lynn/2006y.html#35 The Future of CPUs: What's After Multi-Core?
other old email about DMKCOL disk record activity tracing/collection
facility:
To: wheeler
Date: 08/07/80 08:24:58
Lynn:
I work in Aids Development in Poughkeepsie in VM modeling &
measurement areas (VMPR, SMART, VMAP). Recently, we have been
investigating cache dasd and heard about some mods you made
(presumably to IOS) which collects and logs 'mbbcchhr' information.
We have received a hit ratio analysis program from XXXXXX who informed
us of your work. The point is that we would like to make a package
available to the field, prior to fcs, which would project the effect
of adding a cache of a given size. Can you give me your opinion on the
usability of such a package. I am presuming that most of the work
involves updating and re-loading cp...I would like to take the code
and try it myself...can it be run second level?? Appreciate your
response...
... snip ... top of post, old email index
From: wheeler
Date: 08/07/80 07:22:34
re: collect mods;
CP mods. include a new module (DMKCOL), a new bit definition in the
trace flags, a couple new diagnose codes, a new command, and a hit to
DMKPAG (so code can distinguish between cp paging and other I/O) and
a hook in dmkios. no problem running code 2nd level.
1) collected data is useful for general information about I/O
characteristics but there are a lot of other data gatherers which
provide almost as much info (seek information, but not down to the
record level).
2) I guess I don't understand the relative costs for an installation
to justify cache. I would think in most cases a ballpark estimate can
be made from other data gatherers. It would seem that unless the cache
is going to be relatively expensive this may be something of an
overkill.
3) From the stand point of impressing a customer with IBM's technical
prowess the hit-ratio curves is a fantastic 'gimmick' for the
salesman. Part of my view point may be based on having made too many
customer calls, I've seen very few decisions really made on technical
merit.
4) Hit-ratio curves may be in several cases a little too concrete. An
account team will need additional guidelines (fudge factors) to take
into account changing load (/growth).
Will send code. The updates are currently against a sepp 6.8/csl19
system. dmkios update should go in w/o problems. updates for
new diagnose and command you will have to adapt to your own system
(command & diagnose tables have been greatly changed).
... snip ... top of post, old email index
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: DOS C prompt in "Vista"?
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 09:05:20 -0700
Pascal Bourguignon <pjb@informatimago.com> writes:
The next change had something esoteric to do with save-area chaining
conventions -- again, for the sake of conventions and to keep the dump
analysis tools happy.
Note that the "null program" has tripled in size: both in terms of the
number of source statements and in terms of the number of instructions
executed!
there was APAR/fix that had to do with attributes specified in the
linkedit step (there was recently long thread in mainframe n.g. on
various meanings of rent, serial reusable, etc). if a copy of the
program was already loaded ... could it be directly used or did it
have to be reloaded from disk.
recent posts in the mainframe thread that wandered into the
(real?) meanings of various linkedit options:
http://www.garlic.com/~lynn/2006s.html#53 Is the teaching of non-reentrant HLASM coding practices ever defensible?
http://www.garlic.com/~lynn/2006s.html#55 Is the teaching of non-reentrant HLASM coding practices ever defensible?
http://www.garlic.com/~lynn/2006s.html#61 Is the teaching of non-reentrant HLASM coding practices ever defensible?
http://www.garlic.com/~lynn/2006s.html#64 Is the teaching of non-reentrant HLASM coding practices ever defensible?
http://www.garlic.com/~lynn/2006t.html#1 Is the teaching of non-reentrant HLASM coding practices ever
http://www.garlic.com/~lynn/2006t.html#2 Is the teaching of non-reentrant HLASM coding practices ever defensible?
http://www.garlic.com/~lynn/2006t.html#16 Is the teaching of non-reentrant HLASM coding practices ever defensible?
misc. past threads mentioning iefbr14
http://www.garlic.com/~lynn/99.html#81 Perfect Code
http://www.garlic.com/~lynn/99.html#85 Perfect Code
http://www.garlic.com/~lynn/99.html#96 IEFBR14 cookie from www.ibm.com
http://www.garlic.com/~lynn/2001e.html#60 Estimate JCL overhead
http://www.garlic.com/~lynn/2001n.html#48 The demise of compaq
http://www.garlic.com/~lynn/2003m.html#15 IEFBR14 Problems
http://www.garlic.com/~lynn/2003m.html#31 SR 15,15 was: IEFBR14 Problems
http://www.garlic.com/~lynn/2003m.html#32 SR 15,15 was: IEFBR14 Problems
http://www.garlic.com/~lynn/2003m.html#34 SR 15,15 was: IEFBR14 Problems
http://www.garlic.com/~lynn/2003m.html#35 SR 15,15 was: IEFBR14 Problems
http://www.garlic.com/~lynn/2004.html#52 AMD/Linux vs Intel/Microsoft
http://www.garlic.com/~lynn/2005r.html#38 IEH/IEB/... names?
http://www.garlic.com/~lynn/2005r.html#40 IEH/IEB/... names?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Securing financial transactions a high priority for 2007
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 09:53:24 -0700
jmfbahciv writes:
Someday just watch the guy ahead of you play with the swipe
machines. Notice when something goes wrong. Invariably,
the card ends up getting swiped again, and sometimes a third
time. You don't need to manufacture a fake.
re:
http://www.garlic.com/~lynn/2006y.html#7 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2006y.html#8 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#0 Securing financial transactions a high priority for 2007
if the compromise is really with the swipe machine ... then such
behavior is frequently quickly traced to the offending terminal and it
is "caught" and removed.
in skimming scenarios ... the attackers can go to great lengths to
disguise the point of compromise (i.e. compromised machine that is
recording magstripes and possibly pins) ... in some cases being able
to garner several tens of millions before the authorities are able to
trace back enuf possible common factors to the point of compromise
http://www.garlic.com/~lynn/subintegrity.html#harvest
http://www.garlic.com/~lynn/subintegrity.html#secrets
misc. past posts mentioning attackers attempting to maximize
fraud ROI (return-on-investment)
http://www.garlic.com/~lynn/aadsm10.htm#bio6 biometrics
http://www.garlic.com/~lynn/aadsm14.htm#4 Who's afraid of Mallory Wolf?
http://www.garlic.com/~lynn/aadsm17.htm#2 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)
http://www.garlic.com/~lynn/aadsm17.htm#47 authentication and authorization ... addenda
http://www.garlic.com/~lynn/aadsm17.htm#60 Using crypto against Phishing, Spoofing and Spamming
http://www.garlic.com/~lynn/aadsm18.htm#45 Banks Test ID Device for Online Security
http://www.garlic.com/~lynn/aadsm19.htm#13 What happened with the session fixation bug?
http://www.garlic.com/~lynn/aadsm19.htm#17 What happened with the session fixation bug?
http://www.garlic.com/~lynn/aadsm19.htm#26 Trojan horse attack involving many major Israeli companies, executives
http://www.garlic.com/~lynn/aadsm19.htm#45 payment system fraud, etc
http://www.garlic.com/~lynn/aadsm23.htm#34 Chip-and-Pin terminals were replaced by "repairworkers"?
http://www.garlic.com/~lynn/2001c.html#42 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2001c.html#44 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2003o.html#35 Humans
http://www.garlic.com/~lynn/2004.html#29 passwords
http://www.garlic.com/~lynn/2004b.html#39 SSL certificates
http://www.garlic.com/~lynn/2005p.html#25 Hi-tech no panacea for ID theft woes
lots of past posts mentioning fraud, exploits, vulnerabilities, threats,
etc
http://www.garlic.com/~lynn/subintegrity.html#fraud
the data breach and security breach operations frequently basically
use the similar scenario ... but instead of attacker doing real-time
recording from a compromised terminal ... collect the recorded
information from transaction logs. frequently there is quite a bit of
effort to disguise the fact that the transaction logs have been copied
... since when it is discovered, all the affected account numbers are
frequently deactivated and cards re-issued (which may be a $10-$20
expense per account, aka not just mailing the new card but all the
associated data-processing, administrative and notification activity).
there have been a number of recent "new year" stories about having
recently hit 100million in the aggregate number of accounts that have
been involved in recent breaches. Phishing and various computer Trojans
have been other mechanisms for harvesting information that enables
fraudulent transactions.
some of the "new year" breach stories:
Encryption a perfect response to the Year of the Breach
http://scmagazine.com/us/news/article/623768/encryption-perfect-response-year-breach
Bots, breaches and bugs plague 2006
http://www.securityfocus.com/news/11432
By the numbers: A dismal year for data breaches
http://blogs.zdnet.com/BTL/?p=4169
VanBokkelen: 2006: The year of the breach
http://www.fcw.com/article97098-12-18-06-Print
Personal data security breaches hit 100 million milestone in US
http://www.finextra.com/fullstory.asp?id=16296
An Ominous Milestone: 100 Million Data Leaks (data breach)
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=22030
100m US records exposed by security blunders
http://www.theregister.com/2006/12/18/data_breach_milestone/
100 Million Victims of Data Theft (data breach)
http://it.slashdot.org/it/06/12/17/2214219.shtml
Boeing laptop theft puts U.S. data breach tally over 100M
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9006140&intsrc=hm_list
Gift Cards have a different kind of skimming vulnerability ... where
crooks record numbers of unsold cards at stores and then return later
to see which ones have been activated (which they promptly attempt to
empty). there have been some recent stories that this is a new exploit
just this year ...
Three gift card scams take value from your presents
http://www.twincities.com/mld/twincities/living/16267723.htm
however, it has been around for some time, story from
a year ago about observing one possible such event:
http://www.garlic.com/~lynn/aadsm22.htm#10
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Securing financial transactions a high priority for 2007
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 10:15:17 -0700
jmfbahciv writes:
Someday just watch the guy ahead of you play with the swipe
machines. Notice when something goes wrong. Invariably,
the card ends up getting swiped again, and sometimes a third
time. You don't need to manufacture a fake.
re:
http://www.garlic.com/~lynn/2006y.html#7 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2006y.html#8 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#0 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#5 Securing financial transactions a high priority for 2007
& fraud roi addenda
in traditional credit card scenario ... there is a merchant financial
institution that is financially responsible for the merchant (acquirer)
and a consumer financial institution that is financially responsible
for the consumer (issuer). the transaction goes from the merchant
terminal to the acquirer and then to the issuer.
the issuer processing frequently includes various kinds of account
specific fraud detection patterns ... like calling you up if
particularly suspicious transactions are going on for an account.
in similar manner, the acquiring processing will also be looking for
merchant (and/or merchant terminal) fraud patterns. a terminal doing
duplicate transactions (a really simple replay attack scenario)
and/or multiple transactions against accounts might not last a day
... and the fraudulent transactions not even get posted for
processing. A duplicate transaction (in a merchant terminal scenario)
can be fairly easily recognized ... and the processing would
eventually result in duplicate credit being posted to the merchant
bank account. depending on when the fraud is recognized ... such a
credit might not even get scheduled ... or if it is performed, it may
be reversed in straight-forward manner. furthermore depending on
relationship and standing between the acquiring financial institution
and the merchant ... postings might actually be delayed several days
(and/or go into some sort of impounded account).
some of the reasons that a compromised terminal is frequently simply
used for recording data ... and the actual fraudulent transactions
happen as far away and widely dispersed as possible.
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: SSL info
Newsgroups: alt.computer.security
Date: Tue, 02 Jan 2007 11:37:06 -0700
"UKuser" <spidercc21@yahoo.co.uk> writes:
I'm going to be working with some SSL pages (php) and wondered if there
were any good design/development sites for security tips etc so I miss
out on making the "obvious" blunders - whatever they may be.
I've found: http://blogs.msdn.com/ie/archive/2005/04/20/410240.aspx
which is very good and lists two possible problems. Here then is the
newbie question.
If a form is hosted on a HTTP (non secure) site and points to a HTTPS
in the action tag, does this mean that the page has already made the
SSL connection/handshake? Does the browser recognize the potential for
a HTTPS connection and therefore do the same as if it was a full SSL
page?
Secondly, why is mixed content so bad (any sites would be great)? I
appreciate various elements could be secure/unsecure but how would that
pose a risk?
originally SSL was suppose to address two issues 1) are you really
talking to the server that you think you are talking to and 2)
encryption (hiding) of transmitted information.
for #1, the user typed in the URL of the server they wanted to talk
to, the server returned a SSL domain name server digital certificate,
the browser validated the digital certificate and then compared the
domain name in the user supplied URL with the domain name in the
digital certificate.
some posts about working on this long ago and far away with a
small client/server startup that wanted to do payment transactions
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
they had this technology called SSL ... and the payment transaction
processing has since come to be called e-commerce. some number
of past posts mentioning SSL processing
http://www.garlic.com/~lynn/subpubkey.html#sslcert
fairly quickly a problem cropped up ... merchants discovered that
using SSL for the complete processing cut their processing thruput by
80-90percent ... so they restricted SSL for just the checkout/payment
processing. So now a user enters a non-SSL URL ... which doesn't check
to see that the server that the user is talking to, is really the
server that the user thinks they are talking to.
the users click on a server provided button ... which supplies the
(SSL) URL. In this situation ... rather than checking that the server
is the server the user thinks they are talking to ... the only thing
it does is checks that the server is whoever they claim to be
(i.e. the server provides both the URL with a domain name as well as
the digital certificate with the domain name). it would take a fairly
inexperienced to claim to be one server and not be able to provide a
digital certificate that substantiates that claim. this is also what
is behind some of the Phishing emails that can provide (SSL) URLs to
click-thru on ... where the attacker provides both the URL and any
digital certificate that supports that they are who they claim to be.
there is separate catch-22 scenario that certification authorities
are looking at for improving the integrity of the domain name digital
certificates that they issue. currently they require a lot of
identification information as to the applicant for the digital
certificate. they then go thru a time-consuming, costly, and error
prone processing of cross-checking that the provided information (by
the digital certificate applicant) matches the information on-file
with the domain name infrastructure as to the owner of the specific
domain.
the proposal is for having domain name owners provide a public key to
the domain name infrastructure when they register the domain name.
now the certification authorities can require that digital certificate
applications be digitally signed. Now the certification authorities
can do a real-time retrieval of the on-file public key (from the
domain name infrastructure ... analogous to what they do now when they
do real-time retrieval of information as to the owner of the domain
name for matching) ... and use it to validate the digital
signature. This turns a time-consuming, error prone, and costly
identification matching process into a much more reliable, simple, and
less expensive authentication process.
the catch-22 is that if the certification authority can do a
real-time retrieval of the on-file public key for digital certificate,
then potentially the rest of the world can also ... eliminating
the need for the digital certificates ... misc. past posts mentioning
the catch-22
http://www.garlic.com/~lynn/subpubkey.html#catch22
that can result in transition to certificate-less public key operation.
misc. past posts mentioning certificate-less operation
http://www.garlic.com/~lynn/subpubkey.html#certless
and reference to old email from 1981 with a suggestion for a
certificate-less public key operation:
http://www.garlic.com/~lynn/2006w.html#12 more secure communication over the network
http://www.garlic.com/~lynn/2006w.html#15 more secure communication over the network
http://www.garlic.com/~lynn/2006w.html#18 more secure communication over the network
some number of references to account-based public key operation
(as opposed to digital certificate public key operation)
http://www.garlic.com/~lynn/x959.html#aads
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: "The Elements of Programming Style"
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 12:22:23 -0700
Justa Lurker <JustaLurker@att.net> writes:
The 'PC' platform has put useful computing power in the hands of
millions more people and organizations than your beloved PDP-10,
Lynn's beloved VM/CMS, etc. ever did or could have. Those were fine
systems in their own right, but like fishing stories and old
girlfriends, recollections and perceptions automagically improve with
age.
re:
http://www.garlic.com/~lynn/2006y.html#29 "The Elements of Programming Style"
http://www.garlic.com/~lynn/2006y.html#34 "The Elements of Programming Style"
http://www.garlic.com/~lynn/2007.html#1 "The Elements of Programming Style"
and from wiki
http://en.wikipedia.org/wiki/History_of_CP/CMS
and
http://en.wikipedia.org/wiki/CP/CMS
in the above ... mention of IDC
http://en.wikipedia.org/wiki/History_of_CP/CMS#1964.3F.E2.80.9372.3F:_IDC.27s_use_of_CP.2FCMS
and
http://en.wikipedia.org/wiki/Interactive_Data_Corporation
recent thread referencing IDC:
http://www.garlic.com/~lynn/2006y.html#20 moving on
http://www.garlic.com/~lynn/2006y.html#21 moving on
http://www.garlic.com/~lynn/2006y.html#23 moving on
http://www.garlic.com/~lynn/2006y.html#26 moving on
and NCSS reference in history article
http://en.wikipedia.org/wiki/History_of_CP/CMS#1968.E2.80.9386.3F:_VP.2FCSS
and
http://en.wikipedia.org/wiki/VP/CSS
http://en.wikipedia.org/wiki/National_CSS
some various past posts mentioning ncss
http://www.garlic.com/~lynn/99.html#10 IBM S/360
http://www.garlic.com/~lynn/2001h.html#59 Blinkenlights
http://www.garlic.com/~lynn/2001m.html#51 Author seeks help - net in 1981
http://www.garlic.com/~lynn/2001m.html#55 TSS/360
http://www.garlic.com/~lynn/2002c.html#44 cp/67 (coss-post warning)
http://www.garlic.com/~lynn/2002i.html#63 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#64 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#69 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002l.html#56 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002m.html#61 The next big things that weren't
http://www.garlic.com/~lynn/2002p.html#37 Newbie: Two quesions about mainframes
http://www.garlic.com/~lynn/2003d.html#15 CA-RAMIS
http://www.garlic.com/~lynn/2003d.html#17 CA-RAMIS
http://www.garlic.com/~lynn/2003d.html#68 unix
http://www.garlic.com/~lynn/2003d.html#72 cp/67 35th anniversary
http://www.garlic.com/~lynn/2003i.html#15 two pi, four phase, 370 clone
http://www.garlic.com/~lynn/2003k.html#10 What is timesharing, anyway?
http://www.garlic.com/~lynn/2003l.html#22 Secure OS Thoughts
http://www.garlic.com/~lynn/2003l.html#34 Thoughts on Utility Computing?
http://www.garlic.com/~lynn/2003m.html#33 MAD Programming Language
http://www.garlic.com/~lynn/2003n.html#15 Dreaming About Redesigning SQL
http://www.garlic.com/~lynn/2003o.html#23 Tools -vs- Utility
http://www.garlic.com/~lynn/2004d.html#33 someone looking to donate IBM magazines and stuff
http://www.garlic.com/~lynn/2005.html#5 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#45 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2006b.html#39 another blast from the past
http://www.garlic.com/~lynn/2006k.html#35 PDP-1
http://www.garlic.com/~lynn/2006k.html#36 PDP-1
http://www.garlic.com/~lynn/2006k.html#37 PDP-1
http://www.garlic.com/~lynn/2006k.html#39 PDP-1
http://www.garlic.com/~lynn/2006m.html#50 The System/360 Model 20 Wasn't As Bad As All That
http://www.garlic.com/~lynn/2006n.html#13 Not Your Dad's Mainframe: Little Iron
http://www.garlic.com/~lynn/2006o.html#49 The Fate of VM - was: Re: Baby MVS???
===
and lots of past posts mentioning cp-based time-sharing operations
http://www.garlic.com/~lynn/subtopic.html#timeshare
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: "The Elements of Programming Style"
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 12:50:45 -0700
stanb45@dial.pipex.com (Stan Barr) writes:
Hardware Forth implementations typically provide only a CALL/RET and
some sort of IF, ELSE, NEXT construct for loops - forms of JMP - but
not usually any programmer useable JMP, although it's normally possible
to simulate one if you feel the need.
Forth is an example of a low-level goto-less language. It's easy enough
to write a GOTO but I've never seen it used except as a JMP in assembler
for conventional processors.
from long ago and far away
To: distribution
Date: Mon 26 Nov 84 08:51:42-PST
Subject: Hewlett Packard Laboratories-Computer Colloquium-November 29, 1984
CHUCK MOORE
Computer Cowboys
The Silicon Cowboy Rides FORTH
"I have been a maverick programmer for 25 years, constantly at odds with
conventional wisdom. I developed the FORTH programming language to express
the creativity of the expert. It remains unparalleled in efficiency, brevity
and versatility."
"Countless applications and thousands of FORTH programmers later, we finally
obtain hardware that can match the software. The FORTHchip boasts an elegantly
simple architecture for the ultimate in programmability and throughput."
Thursday, November 29, 1984 4:00 p.m.
5M Conference Room
1501 Page Mil Road
Palo Alto, CA 94304
NON-HP EMPLOYEES: Welcome! Please come to the lobby on time so that you may
be escorted to the conference room.
... snip ... top of post, old email index
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: moving on
Newsgroups: bit.listserv.vmesa-l,alt.folklore.computers
Date: Tue, 02 Jan 2007 13:04:17 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
For relocate shared segment support, a shared segment may appear
anywhere within a virtual machine's address space (it does not need to
be at the position specified in the VMABLOK). The way I handled it in
DMKVMA was to use the PTO pointers in the VMABLOK to check the shared
segments, rather than using the segment index number to displace into
the segment table and pick-up the STE.
One of the co-op students that helped me write the original shared
segment support for release 2 VM (included the sub-set that is now in
the product DCSS) is now with Interactive Data Corporation (IDC). They
have taken the idea and put a whole group on expanding the idea. They
now call it Floating segments (instead of relocating segments). They
have a modified assembler for generating adcon free code and are
working on the compilers. All this work they have done has greater
significance than they realize. It would greatly simplify conversion
to an increased address space size.
re:
http://www.garlic.com/~lynn/2006y.html#20 moving on
http://www.garlic.com/~lynn/2006y.html#21 moving on
http://www.garlic.com/~lynn/2006y.html#23 moving on
http://www.garlic.com/~lynn/2006y.html#26 moving on
"XXXXXX" was one of the two original people at the Los Gatos lab.
responsible for mainframe pascal. He went on to be vp of
software development at MIPs and later showed up as general
manager of the SUN business unit responsible for the fledgling
JAVA.
misc. collected posts about difficulty with positioning
executables (that followed standard os/360 conventions)
http://www.garlic.com/~lynn/subtopic.html#adcon
From: wheeler
Date: 10/08/80 16:51:57
re: relocating shared code; XXXXXX thinks that he can have Pascal/VS
not using relative adcons and also "compile" code that doesn't have
relative adcons. Adcons are generated as absolute, the target address
minus the base address of the module. The loader supports both
positive and negative displacements. When it comes time to transfer
control the routine picks up the absolute adcon and adds in the value
of the base register to resolve the relocated address. Code can then
be generated in shared modules (ref: shared modules, RJ2928) and the
CMS loadmod upgraded to load code into available segments (of course
the same procedure works for non-shared modules also).
... snip ... top of post, old email index
other references to mips/sun things long ago and far away:
http://www.garlic.com/~lynn/2000.html#15 Computer of the century
http://www.garlic.com/~lynn/2004c.html#25 More complex operations now a better choice?
http://www.garlic.com/~lynn/2004q.html#35 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#14 something like a CTC on a PC
http://www.garlic.com/~lynn/2005r.html#20 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2006u.html#31 To RISC or not to RISC
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: vm/sp1
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 15:35:59 -0700
I have an old t-shirt that some people at Amdahl were distributing
when vm/sp initially came out; it has a particularly gory looking
vulture labeled vm/sp and a line underneath it says vm/sp is
waiting for you.
To: wheeler
Date: 10/15/80 14:04:55
lynn,
i have been working on bringing up vm/sp rel 1 on a 4331 processor
here at the sci. center. i spoke with XXXXX this morning and he
mentioned your name and your feelings about sp. i felt i should tell
you about some of our problems etc.
first of all, they changed the rbloks copy and redefined redevstat
to rdevsta4. that proved to be devastating to us because we run some
software that used the field.
there's a ctca bug in sp1.
pvm gets into infinite loops
the system never was able to stay up one night !!
as you know, the nuc has grown to well over 240-260k for a large
system. that is intolerable on 4300 processors. i cut out
parts of cp and i have it down to 196k. (up from 170k)
about the only thing that works right is XXXXX's SPM stuff!
i am going to go back to release 6 plc 11 tonight. i am putting vm/sp
aside for awhile until a few plcs are out.
well, thats about it......
... snip ... top of post, old email index
some past references to SPM
http://www.garlic.com/~lynn/2006k.html#51 other cp/cms history
http://www.garlic.com/~lynn/2006t.html#47 To RISC or not to RISC
http://www.garlic.com/~lynn/2006w.html#8 Why these original FORTRAN quirks?
http://www.garlic.com/~lynn/2006w.html#12 more secure communication over the network
http://www.garlic.com/~lynn/2006w.html#16 intersection between autolog command and cmsback (more history)
http://www.garlic.com/~lynn/2006w.html#52 IBM sues maker of Intel-based Mainframe clones
======
vm/sp release 1 was sometimes referred to as sp1. this was different
than the sp1 announced by kingston in spring of 92:
http://www.garlic.com/~lynn/97.html#5 360/44 (was Re: IBM 1130 (was Re: IBM 7090--used for business or
http://www.garlic.com/~lynn/99.html#54 Fault Tolerance
http://www.garlic.com/~lynn/2000d.html#2 IBM's "ASCI White" and "Big Blue" architecture?
after we were told we could not work on anything with more than
four processors ... recent reference:
http://www.garlic.com/~lynn/2006x.html#3 Why so little parallelism?
=====
misc. past posts mentioning vm/sp1 (and/or the vm/sp1 changes to
multiprocessor support for single TPF guest running on otherwise idle
3081; which resulted in degrading thruput for nearly every other
customer multiprocessor installation)
http://www.garlic.com/~lynn/2001f.html#57 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2002c.html#9 IBM Doesn't Make Small MP's Anymore
http://www.garlic.com/~lynn/2003.html#27 vax6k.openecs.org rebirth
http://www.garlic.com/~lynn/2003g.html#32 One Processor is bad?
http://www.garlic.com/~lynn/2004f.html#21 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2005h.html#22 Today's mainframe--anything to new?
http://www.garlic.com/~lynn/2005j.html#17 Performance and Capacity Planning
http://www.garlic.com/~lynn/2005n.html#4 54 Processors?
http://www.garlic.com/~lynn/2005n.html#47 Anyone know whether VM/370 EDGAR is still available anywhere?
http://www.garlic.com/~lynn/2005s.html#7 Performance of zOS guest
http://www.garlic.com/~lynn/2006d.html#5 IBM 610 workstation computer
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: "The Elements of Programming Style"
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 15:52:51 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
and from wiki
http://en.wikipedia.org/wiki/History_of_CP/CMS
and
http://en.wikipedia.org/wiki/CP/CMS
re:
http://www.garlic.com/~lynn/2007.html#8 "The Elements of Programming Style"
and recent historical reference here:
An Overview of Virtualization
http://linux.slashdot.org/linux/07/01/02/1917205.shtml
Virtual Linux
http://www-128.ibm.com/developerworks/linux/library/l-linuxvirt/?ca=dgr-lnxw01Virtual-Linux
in the wiki article,
http://en.wikipedia.org/wiki/History_of_CP/CMS#1967.E2.80.9368:_CP-67
they mentioned that science center
http://www.garlic.com/~lynn/subtopic.html#545tech
making cp67 available to lincoln labs in apr67 ... and then it was
released to customers in may68. however, between apr67 and may68 it
was also installed the last week in jan68 at the univ. where i was
undergraduate (and already responsible for the production os/360
system). i then got to play with cp67 (mostly on weekends). I was
asked to participate at the product announcement at the spring share
meeting in houston.
there was a product education meeting scheduled first of jun68 at ibm
center on wilshire (down from hollywood). one of the primary people
that was scheduled to teach the class had just given notice the
friday before that they were leaving for ncss
http://en.wikipedia.org/wiki/History_of_CP/CMS#1968.E2.80.9386.3F:_VP.2FCSS
and that monday morning i got roped into teaching part of the class.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: "The Elements of Programming Style"
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 16:17:27 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
From: wheeler
Date: 10/06/80 09:33:41
re: MIPENVY script; while I was in POK last week teaching a
performance and scheduling class to the VM development group and
change team, Jim Gray departed IBM for Tandem. He left a goodbye note on
my terminal. There was a cryptic remark about some new project that
will seriously affect IBM. Knowing Jim Gray, it was not just sour grapes
leaving this company. Considering all the proto-type projects that
lots of people have been doing for several years with multiple
(relatively) "small" processors, both tightly & loosely coupled it is
surprising that nobody has come out with something sooner to seriously
impact glasshouse, mainframe market.
re:
http://www.garlic.com/~lynn/2007.html#1 "The Elements of Programming Style"
for other topic drift, additional reference to the class in POK ... i.e.
http://www.garlic.com/~lynn/2007.html#email801006
From: endicott
To: wheeler
Date: 10/06/80 15:51:24
Lynn, SPD mgmt. has agreed to pursue your generalized solution
to the Q-DROP problem described in apar vm11293 per your suggestion
at our meeting in Pok. on 10/1. We look to you to provide the following:
1) a general description of the function including problem
description and proposed solution
2) list of modules/macros impacted with a brief
description and an estimate on LOC to be added/changed
3) unit tested code on an SP1 base.
Endicott will run regression and performance tests and coordinate a plan
to XMIT the code to the field.
We also enlist your aid in diagnosing problems that may occur during our
tests (normally remotely, but on site if required), reviewing our perf.
runs, and assisting with any Pubs changes.
Please call me on tie line xxx-xxxx as soon as possible in order that I
may understand any requirements you have to provide the above. We would
like to have items 1 and 2 by 10/10 and 3 by 10/17 if possible.
Thank you for your support and I await your call.
... snip ... top of post, old email index
From: wheeler
To: endicott
Date: 10/08/80 10:22:48
re: loagwait fix; will have code & a couple paragraphs either today or
tomorrow. Will be against a release 6, ltr 11 system. Have updates for
sp system but they were prior to permanent application to base and
resequencing. May be sometime next week (or later) before I can get
ahold of SP source for modules affected and have sequence nos.
converted. VMBLOK hit is immaterial, should be able to do it there,
all that is required is space obtain out of currently reserved fileds.
... snip ... top of post, old email index
recent post referring to vm/sp1
http://www.garlic.com/~lynn/2007.html#11 vm/sp1
a couple posts referring to longwait and various q-drop related
issues
http://www.garlic.com/~lynn/2001f.html#57 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2006y.html#10 Why so little parallelism?
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: vm/sp1
Newsgroups: alt.folklore.computers
Date: Tue, 02 Jan 2007 16:50:01 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
I have an old t-shirt that some people at Amdahl were distributing
when vm/sp initially came out; it has a particularly gory looking
vulture labeled "vm/sp" and a line underneath that says "vm/sp is
waiting for you".
re:
http://www.garlic.com/~lynn/2007.html#11 vm/sp1
http://www.garlic.com/~lynn/2007.html#13 "The Elements of Programming Style"
old xmas day "sp1" email
From: wheeler
Date: 12/25/81 12:41:11
been checking latest vmshare on SP1.07 & sp1.08 problems. While i was
at it thot to go back and check the SP1.05 & SP1.06 comments that we
have already from our distributed vmshare (almost month old). Listed
is recommendations to pull 11780 & 12111 to dmkcns which lead to prg5s
(updates are 1.02). Also listed are recommendations to pull 11439,
118841, 12448. Finally is comment to pull 13311 (1.06) to QCN which
leads to bad problems with attached graphics on 3277. Finally is
description of problem in DMKRGA which leads to PSA004 abend because
code runs off the end of NICBLOK and uses bad area for VMBLOK (this
last is open APAR 14???).
... snip ... top of post, old email index
and for topic drift, x-mas day email from a year later
From: wheeler
Date: 12/25/82 17:18:43
re: sjr system; have SJR 3081 up and running at the SCH level ... I've
slightly re-arraigned the SJC2 muxfile to group the Group fair share
changes with the rest of the SCH changes. Also have fixed misc. bugs
in other updates. Started the process of enabling the majority of the
SJC2 updates up thru the SPOOLMAX updates (there is a complete TODO
level assembly console log with filename TODO5B already out on the 109
disks). A whole slew of files are waiting at SJRL destined for LSGVMB
... but the connectivity between bldgs 28 & 29 is down at the
moment. Hopefully those will make it thru on Monday. Still have some
hardware problems with this 3081 (which will have to be cleared up on
Monday). Reasonably good chance of getting majority of the rest of the
updates activated by January 1st.
By the way Merry Christmas & Happy Holidays.
... snip ... top of post, old email index
"attached graphics on 3277" is the 3277ga ... i.e. tektronics tube
that plugs into side of 3277 terminal.
http://www.garlic.com/~lynn/2001f.html#49 any 70's era supercomputers that ran as slow as today's supercompu
http://www.garlic.com/~lynn/2001i.html#51 DARPA was: Short Watson Biography
http://www.garlic.com/~lynn/2002p.html#29 Vector display systems
http://www.garlic.com/~lynn/2004l.html#27 Shipwrecks
http://www.garlic.com/~lynn/2004l.html#32 Shipwrecks
http://www.garlic.com/~lynn/2004m.html#8 Whatever happened to IBM's VM PC software?
http://www.garlic.com/~lynn/2006e.html#9 terminals was: Caller ID "spoofing"
http://www.garlic.com/~lynn/2006e.html#28 MCTS
http://www.garlic.com/~lynn/2006n.html#24 sorting was: The System/360 Model 20 Wasn't As Bad As All That
http://www.garlic.com/~lynn/2006q.html#16 what's the difference between LF(Line Fee) and NL (New line) ?
http://www.garlic.com/~lynn/2006v.html#19 Ranking of non-IBM mainframe builders?
============
and more topic drift, posts in 2006 mentioning vmshare:
http://www.garlic.com/~lynn/2006b.html#39 another blast from the past
http://www.garlic.com/~lynn/2006d.html#2 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006h.html#9 It's official: "nuke" infected Windows PCs instead of fixing them
http://www.garlic.com/~lynn/2006n.html#3 Not Your Dad's Mainframe: Little Iron
http://www.garlic.com/~lynn/2006p.html#29 Greatest Software Ever Written?
http://www.garlic.com/~lynn/2006r.html#11 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006r.html#37 REAL memory column in SDSF
http://www.garlic.com/~lynn/2006r.html#43 REAL memory column in SDSF
http://www.garlic.com/~lynn/2006s.html#65 Paranoia..Paranoia..Am I on the right track?.. any help please?
http://www.garlic.com/~lynn/2006v.html#22 vmshare
http://www.garlic.com/~lynn/2006v.html#30 vmshare
http://www.garlic.com/~lynn/2006v.html#34 vmshare
http://www.garlic.com/~lynn/2006v.html#38 vmshare
http://www.garlic.com/~lynn/2006v.html#40 vmshare
http://www.garlic.com/~lynn/2006w.html#16 intersection between autolog command and cmsback (more history)
http://www.garlic.com/~lynn/2006w.html#25 To RISC or not to RISC
http://www.garlic.com/~lynn/2006w.html#42 vmshare
http://www.garlic.com/~lynn/2006w.html#48 vmshare
http://www.garlic.com/~lynn/2006w.html#52 IBM sues maker of Intel-based Mainframe clones
http://www.garlic.com/~lynn/2006x.html#6 Multics on Vmware ?
http://www.garlic.com/~lynn/2006x.html#7 vmshare
http://www.garlic.com/~lynn/2006x.html#8 vmshare
http://www.garlic.com/~lynn/2006x.html#19 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2006x.html#33 NSFNET (long post warning)
http://www.garlic.com/~lynn/2006y.html#7 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2006y.html#11 Multiple mappings
http://www.garlic.com/~lynn/2006y.html#14 Why so little parallelism?
http://www.garlic.com/~lynn/2006y.html#18 The History of Computer Role-Playing Games
http://www.garlic.com/~lynn/2006y.html#19 The History of Computer Role-Playing Games
http://www.garlic.com/~lynn/2006y.html#29 "The Elements of Programming Style"
http://www.garlic.com/~lynn/2006y.html#35 The Future of CPUs: What's After Multi-Core?
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: SSL info
Newsgroups: alt.computer.security
Date: Tue, 02 Jan 2007 23:16:01 -0700
Ertugrul Soeylemez <never@drwxr-xr-x.org> writes:
That also helps exploiting the full potential of SSL. For example, you
can't just authenticate the server, you can also authenticate the client
or anything else via a certificate. So no more username/password pairs
are needed. Users don't need to login manually, they just present their
certificate, which is straightforward in today's modern browsers.
actually, client authentication/authorization can be done straight
forwardly using registered public keys and digital signatures w/o
requiring any digital certificate what-so-ever. misc. past posts
mentioning certificate-less operation
http://www.garlic.com/~lynn/subpubkey.html#certless
the first place that became especially evident was when we were
brought in to do some consulting with this small client/server startup
that had this technology called SSL and wanted to do payment
transactions ... for something that has since come to be called
e-commerce. previous post in this thread:
http://www.garlic.com/~lynn/2007.html#7 SSL info
at the time SSL didn't have mutual authentication ... but we required
it for the payment gateway (the webservers authenticated the payment
gateway using installed public key ... and the payment gateway
authenticate the webservers using on-file public keys). The addition
code had to be added to SSL to do mutual authentication and since it
was already heavily certificate-based orientation there still were
digital certificates that were passed back-and-forth ... but in
actuality ... each authorized webserver had the information about the
payment gateway preloaded as part of the payment processing software
... and the payment gateway had onfile information about each
authorized webserver. it quickly became strikingly apparent that
the digital certificates were redundant and superfluous. misc.
other posts mentioning ssl digital certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcert
so the dominant forms of client authentication in the world wide web
environments are KERBEROS and RADIUS. These started out being
userid/password. However, both KERBEROS and RADIUS have had
definitions and implementations were client public keys are registered
(in lieu of passwords), servers transmit some random information (as
countermeasure to replay attacks), and the clients (using their
private key) digitally sign and return the digital signature ... which
the server than verifies with the onfile public key.
The original KERBEROS PKINIT (public key) draft initially just
specified certificate-less operation ... but under a great deal
of lobbying, certificate-mode operation was also added.
One of the scenarios for various webserver software is that client
authentication has frequently just been a stub model ... although
there are plugins for webserver software that provide KERBEROS and
radius interfaces for client authentication. In many of these typical
implementations ... the KERBEROS and radius implementations are done
in such a way that it is possible to specify password or digital
signature operation on a account by account basis ... again
certificate-less operation. misc. past posts about KERBEROS operation
http://www.garlic.com/~lynn/subpubkey.html#kerberos
and radius operation
http://www.garlic.com/~lynn/subpubkey.html#radius
sort of the original idea for certificate-mode of operation was that
there was interaction between two parties that had no prior knowledge
of each other. it was necessary for the certificates to carry all the
necessary information. this also sort of gave rise to the x.509
identity certificates from the early 90s.
however, by the mid-90s it was realized that x.509 identity
certificates, typically heavily overloaded with personal information
represented significant privacy and liability issues. as a result,
you saw many institutions dropping back to what they called
relying-party-only certificates ... misc. past posts mentioning
RPO certificates:
http://www.garlic.com/~lynn/subpubkey.html#rpo
the issue here is that an RPO-certificate basically just carries a
public key and some sort of account number. the relying party, takes
the account number and retrieves the appropriate account record
... where the actual personal information including any authorization
information is kept. however, since the public key originally had to
be registered and stored in an account record before any digital
certificate was issued, it was trivial to show that the relying party
retrieving the account record can include the registered public key.
Again, the digital certificate becomes redundant and superfluous.
basically the kerberos and radius PKI implementations with digital
certificates typically have done something similar as RPO-certificate,
the permission/authorization information is stored in an onfile
account record. if any of the client PKI digital certificates
authentication operations (kerberos, radius, or roll-your-own) at some
point have to retrieve any sort of account record as part of
permissions and authorizations ... it is then trivial to also show
(again) that the digital certificates are redundant and superfluous.
The digital certificate actually only has meaningful role ... when the
server never has to resort to really knowing who the client is and/or
anything about the client ... other than what is presented in the
digital certificates. No additional information related to things like
permissions, authorizations, billing, accounts, etc is required.
its like anybody with valid digital certificate can log into your
system and have all permissions regardless of who they are ... and
there is no userid account record for the system that is required to
provide any additional information related to the user and/or what the
user is allowed to do or not do.
as soon as the process has to resort to any additional information
(than what is provided in the digital certificate) for doing any
operation what-so-ever for the client ... then it is trivial to
show that the digital certificate is redundant and superfluous.
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How many 36-bit Unix ports in the old days?
Newsgroups: alt.folklore.computers
Date: Wed, 03 Jan 2007 08:49:01 -0700
Lawrence Statton XE2/N1GAK <yankeeinexile@gmail.com> writes:
In fact, until quite recently ( late 80s to early 90s ) nobody would
have considered any Unix system as "powerfully built, sturdy".
early 90s? (i suppose i should find a reference) there was a big deal
made of tandem lab in austin donating a large number of
integrity/reliability fixes (thousand?) to the unix kernel source
base.
we were somewhat watching such stuff since we were building ha/cmp on
aix kernel
http://www.garlic.com/~lynn/subtopic.html#hacmp
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: SSL info
Newsgroups: alt.computer.security
Date: Wed, 03 Jan 2007 11:47:07 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
however, by the mid-90s it was realized that x.509 identity
certificates, typically heavily overloaded with personal information
represented significant privacy and liability issues. as a result,
you saw many institutions dropping back to what they called
relying-party-only certificates ... misc. past posts mentioning
RPO certificates:
http://www.garlic.com/~lynn/subpubkey.html#rpo
for a little drift ... these are a couple of posts that draw the
comparison between some of the current electronic chip passports and
the x.509 identity certificates from the early 90s.
http://www.garlic.com/~lynn/aadsm25.htm#46 Flaw exploited in RFID-enabled passports
http://www.garlic.com/~lynn/aadsm26.htm#0 Flaw in RFID-enabled passports (part 2?)
using that comparison, then there is the possibility that all personal
information would be eliminated from the passport chips ... for
similar privacy and liability reasons that resulted in change-over to
relying-party-only certificates in the mid-90s (and away from x.509
identity certificates frequently overloaded with personal information)
http://www.garlic.com/~lynn/subpubkey.html#rpo
after having worked on SSL-based infrastructure ... that has since come
to be called e-commerce ... previous posts in this thread
http://www.garlic.com/~lynn/2007.html#7 SSL info
http://www.garlic.com/~lynn/2007.html#15 SSL info
we had participated in the x9a10 financial standard working group. In the
mid-90s, x9a10 had been given the requirement to preserve the integrity
of the financial infrastructure for all retail payments
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959
it was in this period that we had coined the term certificate
manufacturing to differentiate the commoningly deployed SSL digital
certificate infrastructure (of the period) from "real" PKI:
http://www.garlic.com/~lynn/subpubkey.html#manufacture
it was also in this period that several people made claims that
upgrading financial transactions with client/consumer digital
certificates would bring retail financial transactions in the modern
era.
the issue here (as in the passport case) is that credentials and
certificates are constructs developed for providing trusted
information for an offline environment. in the 70s, electronic payment
networks made the transition from the offline environment to the
online environment ... and supported real-time information regarding
authentication and authorization. digital certificate-based offline
paradigm for financial transactions, rather than representing any
modernization, would result to reverting to pre-70s paradigm.
it was in this period that we also coined the term comfort
certificates ... the redundant and superfluous use of stale, static
digital certificates (an offline paradigm construct) in an online
environment. The comfort certificates provided familiarity and
comfort to mindsets that were stuck in the old fashion offline
paradigm (which required credentials and certificates to provide
trusted information distribution) ... and had difficulty making the
transition to an trusted online integrity paradigm.
our repeated observations about the offline digital certificate model
actually regressing effective operation by several decades (rather
than representing any modernization) was some of the motivation behind
OCSP (online certificate status protocol). However, our observation
was that it was really a rube goldberg fabrication ... given any
operation ... what is more valuable: ... 1) a real time transaction
involving real time authentication and authorization information
... or 2) a real time transaction providing status indication about
stale, static digital certificate information.
this was also the period that spawned the infrastructure that enabled
the yes card exploits
http://www.garlic.com/~lynn/subintegrity.html#yescard
i.e. adding chips to payment cards for use in retail transactions.
there were some number of claims that adding the chips even increased
the vulnerabilities ... compared to a similar magstripe card w/o a
chip.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM sues maker of Intel-based Mainframe clones
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Wed, 03 Jan 2007 11:58:33 -0700
lynn@GARLIC.COM (Anne & Lynn Wheeler) writes:
i.e. "3090" service processor was a modified version of vm370
release 6 running on a pair of 4361 processors, most of the
screens/menus written in IOS3270. Part of this was the result of the
experience with the 3081 service processor where all of the software
was totally written from scratch (trying to get to some amount of
off-the-shelf stuff).
minor folklore ... my dumprx was selected for use as diagnostic
support for the 3090 service processor ... in the early 80s, i had
(re-)implemented large superset of IPCS function totally in rexx
http://www.garlic.com/~lynn/subtopic.html#dumprx
re:
http://www.garlic.com/~lynn/2006x.html#24 IBM sues maker of Intel-based Mainframe clones
note (in the following) the name rex was changed to "REXX" before
shipping as product.
From: wheeler
Date: 03/23/82 19:44:00
re: dumprx; experimental exec . . . Planning on writing nucxload'ing
routine to access PRB files. Then same DUMPRX can be used for both cp
core & PRB files.
... snip ... top of post, old email index
and next day
From: wheeler
Date: 03/24/82 10:44:27
re: dumprx; DUMPRX is an experimental IPCS written in rex. It
currently supports only CP storage and makes use of local S.J.
research extensions to the COMMON 'LOCATE CP' command (for live
system). Currently being planed is an exec to extract label & format
information from a specified MACLIB.
... snip ... top of post, old email index
the extensions to the "LOCATE CP" command was to include the
(DMKLDR00E) loader tables as part of the pageable kernel (at initial
system build) ... so all external symbols were available.
other postings mentioning dumprx
http://www.garlic.com/~lynn/subtopic.html#dumprx
and a couple hours later
From: wheeler
Date: 03/24/82 18:47:10
re: latest dumprx; dumprx will now format storage if a maclib is
available with appropriate dsects for description.
... snip ... top of post, old email index
and a week later ...
From: wheeler
Date: 04/01/82 13:28:53
re: dumprx exec; does anybody know where the machine copy of the CP
abend codes are? &/or how to obtain them?? SP HELP appears to have the
"messages" portion of the MESSAGES & CODES manual ... but i didn't see
the abend codes anywhere.
I have got the interface for processing PRB files nearly done. Have
the LOCATE, RIO, & VIO commands yet to go. I also need to improve its
interface to the REX interpreter for returning information. The
program is called DMPRXX & is NUCXLOADed.
Except for FSX & MOVEFILE, DUMPRX will completely run in subset mode.
I haven't tried pre-NUCXLOADing FSX, which may solve that problem.
MOVEFILE is used to extract a member from a maclib for doing a
formated control block display. If IOX had a BLDL function, it would
be possible to extract a member with FCOPY using the BLDL values. I
could resort to dummying up a standard EXEC & calling EXSERV BLDL.
One of the major features that DUMPRX will have over the standard
DUMPSCAN is the ease of writing new dump analysis extensions &/or
formating routines (example is DUMPRXB EXEC which does a formated
display of storage giving instruction op-codes). It will be possible
to invoke the editor from DUMPRX, write a new EXEC (&/or modify an
existing one), return to DUMPRX ... & then invoke the procedure.
Simplest method to "extend" the DUMPRX command language is to require
the user to type:
'CMS EXEC filename anyargs'
which would then invoke the new EXEC. That would loose the symbolic
name capability tho. Anybody have suggestions for a command language
syntax solution?
... snip ... top of post, old email index
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: NSFNET (long post warning)
Newsgroups: alt.folklore.computers
Date: Wed, 03 Jan 2007 16:06:37 -0700
re:
http://www.garlic.com/~lynn/2006x.html#33 NSFNET (long post warning)
misc. past postings mentioning hsdt activity
http://www.garlic.com/~lynn/subnetwork.html#hsdt
additional background leading up to
http://www.garlic.com/~lynn/2005d.html#13 Cerf and Kahn receive Turing award
http://www.garlic.com/~lynn/2006u.html#56 Ranking of non-IBM mainframe builders?
From: wheeler
Date: 04/28/86 20:54:51
I can give the same talk that has been given to Berkeley and several
others and includes some of the stuff on the joint-study proposal for
the NSF super computer backbone.
I can talk some on the phone, not sure about when I might be able to
get down to UCLA. Welcome to come-up to San Jose to see some of the
hardware & software.
... snip ...
some past references to some earlier Berkeley discussions (especially
with respect to the 10m telescope being planned for Hawaii)
http://www.garlic.com/~lynn/2004h.html#7 CCD technology
http://www.garlic.com/~lynn/2004h.html#8 CCD technology
http://www.garlic.com/~lynn/2006t.html#12 Ranking of non-IBM mainframe builders?
as mentioned before
http://www.garlic.com/~lynn/2006s.html#50 Ranking of non-IBM mainframe builders?
http://www.garlic.com/~lynn/2006t.html#6 Ranking of non-IBM mainframe builders?
http://www.garlic.com/~lynn/2006w.html#43 IBM sues maker of Intel-based Mainframe clones
Eric Bloch was director of the national science foundation for much of
the 80s.
From: wheeler
Date: 04/28/86 21:02:39
... oh yes, Eric Bloch suggested that I contact Klinerock at UCLA for
some discussions about high-speed network support.
... snip ... top of post, old email index
and ... aaaaargh ... way too much sna, vtam, ncp, etc.
To: wheeler
Date: 30 April 1986, 16:59:50 EST
Lynn,
I am in the process of changing jobs from Charlotte to the
IBM/ACIS and Cornell Supercomputer Facility at Cornell. I understand
that there will be an overview of HSDT to the Cornell staff tomorrow
as a possible additional project for T2-T3 speed connections to NSFnet
etc. My new job will be to understand the Cornell etc Network
environment as it relates to the Supercomputer facility (including
WISCNET , TCP/IP , CSNET, etc etc).
My background has been system support for MVS/Jes2 , VM/SP, RSCS,
PVM, ACF/VTAM, 3705 EP/NCP etc. I was in the VNET TSG. Background
mainly networking for the last 7 years.
With all the intro done, Could you send me any documentation on
HSDT that you might have. While I was in Hursley you sent several
documents to XXXXXX, but my copies were lost when my Hursley ID was
cancelled.
... snip ... top of post, old email index
of course, as mentioned before, all the people scheduled for the
followup meeting were contacted and told the meeting was canceled.
after that ... there were some number of activities pushing SNA/VTAM
for NSFNET activity.
http://www.garlic.com/~lynn/2006w.html#21 SNA/VTAM for NSFNET
and other somewhat related activities
http://www.garlic.com/~lynn/2006x.html#7 vmshare
we had layed a lot of the ground work from hsdt activity for NSFNET
being T1 ... ref
http://www.garlic.com/~lynn/internet.htm#nsfnet
with the NSFNET program announcement 28apr86
http://www.garlic.com/~lynn/2002k.html#12
but weren't allowed to bid ... reference to 24nov97 NSFNET award
http://www.garlic.com/~lynn/2000e.html#10
and as per above email 30apr86, we were already working towards T2 &
T3.
also as noted elsewhere, initial NSFNET deployment wasn't actually T1
network links (by winning bid) ... but T1 trunks over which were
multiplexed 440kbit network links.
http://www.garlic.com/~lynn/99.html#146 Dispute about Internet's origins
http://www.garlic.com/~lynn/2000.html#49 IBM RT PC (was Re: What does AT stand for ?)
http://www.garlic.com/~lynn/2000c.html#78 Free RT monitors/keyboards
http://www.garlic.com/~lynn/2001.html#4 Sv: First video terminal?
http://www.garlic.com/~lynn/2001e.html#76 Stoopidest Hardware Repair Call?
http://www.garlic.com/~lynn/2002j.html#67 Total Computing Power
http://www.garlic.com/~lynn/2003c.html#46 diffence between itanium and alpha
http://www.garlic.com/~lynn/2003c.html#77 COMTEN- IBM networking boxes
http://www.garlic.com/~lynn/2003c.html#79 COMTEN- IBM networking boxes
http://www.garlic.com/~lynn/2003d.html#13 COMTEN- IBM networking boxes
http://www.garlic.com/~lynn/2003d.html#59 unix
http://www.garlic.com/~lynn/2004l.html#1 Xah Lee's Unixism
http://www.garlic.com/~lynn/2004l.html#7 Xah Lee's Unixism
http://www.garlic.com/~lynn/2006e.html#38 The Pankian Metaphor
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
Newsgroups: alt.folklore.computers
Date: Wed, 03 Jan 2007 17:01:29 -0700
jmfbahciv writes:
Honey, some of the smartest people I know today are in the luser
category. That's because they are not paid to be computer user
experts.
a different kind of Boyd reference:
http://www.garlic.com/~lynn/2000e.html#35 War, Chaos, & Business (web site), or Col John Boyd
citing web page
http://www.belisarius.com/modern_business_strategy/mie/mie_33.htm
which has since morphed:
http://www.belisarius.com/
from above:
"There are two career paths in front of you, and you have to choose
which path you will follow. One path leads to promotions, titles, and
positions of distinction.... The other path leads to doing things that
are truly significant for the Air Force, but the rewards will quite
often be a kick in the stomach because you may have to cross swords
with the party line on occasion. You can't go down both paths, you
have to choose. Do you want to be a man of distinction or do you want
to do things that really influence the shape of the Air Force? To be
or to do, that is the question." Colonel John R. Boyd, USAF 1927-1997
From the dedication of Boyd Hall, United States Air Force Weapons
School, Nellis Air Force Base, Nevada. 17 September 1999
... snip ...
misc. past posts mentioning John Boyd
http://www.garlic.com/~lynn/subboyd.html#boyd
and various URLs from around the web mentioning John Boyd
http://www.garlic.com/~lynn/subboyd.html#boyd2
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: DOS C prompt in "Vista"?
Newsgroups: alt.folklore.computers
Date: Wed, 03 Jan 2007 22:52:26 -0700
Eric Sosman <Eric.Sosman@sun.com> writes:
Not a clue. Atex still exists as a company, but has gone
through multiple changes of ownership and focus and apparently
has little resemblance to its 1970's and 1980's self. I doubt
that they're still selling systems based on PDP-11 hot-rods.
at some point atex had been bought by kodak.
in this period, atex was running w/ingres on vax/vms platforms
To: distribution
Date: 06/15/90 12:06:37
KODAK AND IBM TO FORM PUBLISHING ALLIANCE
ROCHESTER and WHITE PLAINS, NY, June 15 . . . Eastman Kodak
Company and IBM Corporation today announced an alliance to develop an
open publishing systems architecture and a new generation of
integrated, enterprise-wide publishing systems for newspapers and
magazines worldwide.
Under this alliance, Kodak's Electronic Pre-Press Systems,
Inc. (EPPS) subsidiary, particularly its Atex Publishing Systems
units, and IBM's Media Industry Marketing intend to combine their
technological expertise to establish and support a publishing systems
architecture based on open industry standards.
This architecture will enable publishers to integrate their
pre-press and business operations into an enterprise-wide publishing
solution. Pre-press operations include the editorial, advertising and
production activities that go into creating a newspaper or magazine.
Business systems include circulation, finance, management reporting,
and credit checking and billing for advertising.
IBM will provide technical, marketing, development and financial
resources to this endeavor and will play an active role in strategic
and operational activities. EPPS will provide its publishing-industry
and applications-software expertise. Other terms of the agreement
were not disclosed.
Kodak's John White, vice president and general manager,
Integration and Systems Products Division, said, "The alliance with
IBM will enable us to focus on imaging and publishing systems
software, which is where we can add value for our customers. It's
clear we both bring much to this alliance and have a lot to gain from
the partnership."
Mark Elliott, vice president, General and Public Sector
Industries at IBM, said, "Marrying IBM and Atex technologies clearly
positions us to build on our international presence with newspaper and
magazine customers by delivering state-of-the-art publishing systems
and participating with the industry in the development of open
standards."
EPPS President David Monks said, "What publishers are looking for
are ways to integrate their pre-press and business operations to
better manage growth and change."
"Through this new alliance, we will offer the architecture on
which those enterprise-wide solutions can be based, and a variety of
systems to meet specific pre-press and business requirements," Monks
said.
Jonathan Seybold, a leading observer of publishing systems
technology, said, "The industry has been looking for this kind of
leadership around open systems architecture to stimulate new creative
publishing solutions. This Atex/IBM alliance should be able to
deliver the key products and solutions needed by the industry."
... snip ... top of post, old email index
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
Newsgroups: alt.folklore.computers
Date: Thu, 04 Jan 2007 09:08:31 -0700
jmfbahciv writes:
Yes. I understand completely. It is very difficult to choose
the todo path because nobody who has their standing in society
in mind will allow you to keep doing. Rewards for doing a good
job is invariably a promotion which moves you out of the pay
level where the real work is done.
re:
http://www.garlic.com/~lynn/2007.html#20 MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
actually the line i heard was more like "the best you can hope for is
to not be fired and be allowed to do it again"
the other line .. is "heads roll uphill" ... or the reward for taking
credit for a good job is a promotion.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to write a full-screen Rexx debugger?
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Thu, 04 Jan 2007 09:21:34 -0700
Binyamin Dissen wrote:
By CP, I was referring to VM CP. Not TSO CP.
VM CP is a hypervisor which runs MVS as a client.
from long ago and far away, I had done IPCS superset written in rexx
(when it was still called rex and hadn't been release as a product)
... which was initially line-mode CMS commands ... recent post
mentioning dumprx (and old email from 1982)
http://www.garlic.com/~lynn/2007.html#18 IBM sues maker of Intel-based Mainframe clones
Relatively early, I enhanced dumprx to run as XEDIT macro ... using
XEDIT fullscreen support to provide fullscreen operation. collected
posts mentioning dumprx
http://www.garlic.com/~lynn/subtopic.html#dumprx
In 1976, the vm development group in the old SBC bldg. in Burlington
Mall were told that they had to all move to POK to work on supporting
MVS/XA development and there would be no more/new VM releases.
The (old) vm development group would be responsible for a new internal
only virtual machine tool ("VMTOOL", that would never ship as a
product) which was purely dedicated to MVS/XA development. Apparently
corporate hdqtrs had been convinced that it was necessary to kill off
vm370 in order for mvs/xa to be developed.
Endicott managed to salvage some of the situation and continue with VM
product releases.
NOTE: "VMTOOL" is different from "VMTOOLS" ... "VMTOOL" was the
internal only virtual machine facility supporting MVX/XA development;
"VMTOOLS" was an network information and software distribution
facility as well as computer conferencing, available on the internal
network (implemented using TOOLSRUN)
http://www.garlic.com/~lynn/subnetwork.html#internalnet
supporting operations that included "mailing list" type operation as
well as mechanism more akin to "usenet" news.
From: wheeler
Date: 07/26/82 07:39:46
re: UofM per; oh yes, the person who wrote the UofM per joined the
VMTOOL group about 2-3 yrs ago. He wrote new PER support for the
VMTOOL that has all the functions of OET. A major enhancement is that
the VMTOOL has what is called CP EXEC files. Since the major purpose
of the VMTOOL was going to be a MVS development vehicle ... the
delivery of computing services had to be done primarily within the CP
environement. The result was that an EXEC type processor and a new
type of spool file was created. Valid CP commands now can be one of
these CP EXEC files & as a result the type of things that can be
invoked when a PER event occurs is much more sophisticated (i.e. a PER
event can be the execution of any CP command ... which in the case of
VMTOOL may be a CPEXEC file with lots of conditional testing logic).
re: page migration; I've significantly rewritten the logic in DMKPGM
... to include among other things the use of multiple page buffers.
Biggest problems with the current implementation are 1) release 4 AP
upgrade was incorrectly done, resulting in DMKPGM execution be serial,
rather than concurrent (i.e. possible to have several invokations of
PGM execution going on at the same time) and 2) only one physical page
buffer is used per invokation (i.e. I/O is done sequentially one drum
I/O followed by one disk I/O, and then the next drum I/O ... elapsed
time to perform migration on large system can exceed 20 minutes).
... snip ... top of post, old email index
A similar vm370 extended PER implementation had been done in 1980 (for
internal vm370 installations) "DMKHSL" ... by the same person that had
done parasite & story.
From: somebody at WINH5
To: wheeler
Date: 06/09/80 14:43:07
You can try this DMKHSL if like living dangerously -
The source is set up to use
VMUSER1
as a pointer to an IFBLOK chain but any spare word in the VMBLOK
will do - it's only referanced in PRG and DMKHSL.
You will need to add a new entry to CFC for
"IF" and "WHEN" calling DMKHSLEN --- class G
It hooks into the existing PER mods
There is one mod to DMKPRG to call DMKHSLIH if there are active
IFBLOK's.
There is an entry point DMKHSLRL which will release the IFBLOK
Chain - but havn't got round to sorting out who should call it yet
on things like logoff force etc....
... snip ... top of post, old email index
One of the issues was to take a flavor of dumprx that had access to
symbolic definitions and use it for converting symbolic references to
absolute addressed used by CP PER command.
misc. past posts mentioning parasite:
http://www.garlic.com/~lynn/2001k.html#35 Newbie TOPS-10 7.03 question
http://www.garlic.com/~lynn/2003i.html#73 Computer resources, past, present, and future
http://www.garlic.com/~lynn/2003j.html#24 Red Phosphor Terminal?
http://www.garlic.com/~lynn/2004e.html#14 were dumb terminals actually so dumb???
http://www.garlic.com/~lynn/2005r.html#12 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2006.html#3 PVM protocol documentation found
http://www.garlic.com/~lynn/2006c.html#14 Program execution speed
http://www.garlic.com/~lynn/2006f.html#37 Over my head in a JES exit
http://www.garlic.com/~lynn/2006m.html#35 Draft Command Script Processing Manual
http://www.garlic.com/~lynn/2006n.html#23 sorting was: The System/360 Model 20 Wasn't As Bad As All That
http://www.garlic.com/~lynn/2006p.html#31 "25th Anniversary of the Personal Computer"
http://www.garlic.com/~lynn/2006w.html#16 intersection between autolog command and cmsback (more history)
page migration was one of the features of my resource manager
(implemented in module DMKPGM). misc. collected posts mentioning
various aspects of resource management
http://www.garlic.com/~lynn/subtopic.html#fairshare
and/or paging management
http://www.garlic.com/~lynn/subtopic.html#wsclock
misc. past posts mentioning VMTOOL and/or killing off of vm370 product
in 1976.
http://www.garlic.com/~lynn/2001m.html#38 CMS under MVS
http://www.garlic.com/~lynn/2001m.html#47 TSS/360
http://www.garlic.com/~lynn/2001n.html#67 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2002e.html#27 moving on
http://www.garlic.com/~lynn/2002m.html#9 DOS history question
http://www.garlic.com/~lynn/2002p.html#14 Multics on emulated systems?
http://www.garlic.com/~lynn/2003g.html#22 303x, idals, dat, disk head settle, and other rambling folklore
http://www.garlic.com/~lynn/2004g.html#38 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004k.html#23 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of
http://www.garlic.com/~lynn/2004k.html#66 Question About VM List
http://www.garlic.com/~lynn/2004n.html#7 RISCs too close to hardware?
http://www.garlic.com/~lynn/2005d.html#3 IBM Acronyms
http://www.garlic.com/~lynn/2005f.html#58 Where should the type information be: in tags and descriptors
http://www.garlic.com/~lynn/2005f.html#59 Where should the type information be: in tags and descriptors
http://www.garlic.com/~lynn/2005j.html#25 IBM Plugs Big Iron to the College Crowd
http://www.garlic.com/~lynn/2005j.html#54 Q ALLOC PAGE vs. CP Q ALLOC vs ESAMAP
http://www.garlic.com/~lynn/2005s.html#35 Filemode 7-9?
http://www.garlic.com/~lynn/2006h.html#30 The Pankian Metaphor
http://www.garlic.com/~lynn/2006j.html#27 virtual memory
http://www.garlic.com/~lynn/2006l.html#25 Mainframe Linux Mythbusting (Was: Using Java in batch on z/OS?)
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to write a full-screen Rexx debugger?
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Thu, 04 Jan 2007 09:36:12 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
from long ago and far away, I had done IPCS superset written in rexx
(when it was still called rex and hadn't been release as a product)
... which was initially line-mode CMS commands ... recent post
mentioning dumprx (and old email from 1982)
http://www.garlic.com/~lynn/2007.html#18 IBM sues maker of Intel-based Mainframe clones
Relatively early, I enhanced dumprx to run as XEDIT macro ... using
XEDIT fullscreen support to provide fullscreen operation. collected
posts mentioning dumprx
http://www.garlic.com/~lynn/subtopic.html#dumprx
and more old dumprx topic drift ... in the following, DUMPRX tended to
be distributed to unique individual per (internal corporate) location
... since it was primarily used by system support personal.
using rex(x) as implementation language for DUMPRX aided in making it
possible for other people to provide enhancements.
the following 8 (person) months estimate had at least 50percent
contingency in the estimate. while DUMPRX was used extensively inside
the company and more than justified any costs ... they were still
looking for package price to completely cover all costs that had ever
been associated with the effort.
From: wheeler
Date: 06/16/86 10:27:43
re: dumprx; IBM Canada is currently putting together a "canned" VM
system that will have several features and be charged for. They have
requested that DUMPRX be included in the canned system. They have
requested total development resources for DUMPRX (for estimating
price) ... I've estimated a total, maximum effort of DUMPRX at less
than 8 months spread over the past 5 years ... including all
development, test, distribution, production support, and release to
release conversions ... that is for everybody, not just me, but
everyone that has contributed any changes, fixes, &/or enhancements to
DUMPRX. My direct distribution list for DUMPRX peaked at 130 people a
couple of years ago ... prior to its availability on VMTOOLS ... that
distribution list is now down to 108 people ... with an unknown number
of people obtaining DUMPRX from VMTOOLS.
... snip ... top of post, old email index
recent post with old email from 1982 with some sequence of originally
creating dumprx, also mentioning dumprx was used as problem
determination supporting the 3090 service processor (pair of 4361
machines running customized version of vm370 release 6)
http://www.garlic.com/~lynn/2007.html#18 IBM sues maker of Intel-based Mainframe clones
and slightly related recent mentioning dumprx (also some description
of "VMTOOLS" facility)
http://www.garlic.com/~lynn/2007.html#23 How to write a full-screen Rexx debugger?
lots of past posts mentioning dumprx
http://www.garlic.com/~lynn/subtopic.html#dumprx
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The History of Computer Role-Playing Games...
Newsgroups: bit.listserv.vmesa-l,alt.folklore.computers
Date: Thu, 04 Jan 2007 09:57:21 -0700
previous posts in this thread:
http://www.garlic.com/~lynn/2006y.html#18 The History of Computer Role-Playing Games
http://www.garlic.com/~lynn/2006y.html#19 The History of Computer Role-Playing Games
old email mentioning ZORK
From: wheeler
Date: 03/31/80 19:57:00
re: ZORK; Barry Gold is not at MIT but at SHARE installation code RL
(i'll have to look it up sometime), sorry about the wild goose chase
around MIT. His statement on VMSHARE of 6/27/79, said he was going to
have 370 ZORK available shortly. I've contacted him via VMSHARE and he
has gotten caught up in a multitude of other VM activities. He is
working from the DEC user group's FORTRAN version but claims that he
had to get MIT approval to work on the source and would also require
MIT approval to allow other installations to work on it (while he is
busy with his other tasks). He isn't too hopeful since he has several
other communications with MIT group that have gone unanswered for a
long time and are still outstanding.
... snip ... top of post, old email index
Melinda used to have source and executable on her home page ... re:
http://listserv.uark.edu/scripts/wa.exe?A2=ind9707&L=ibmvm&D=0&T=0&P=9631
but it no longer seems to be there.
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
Newsgroups: alt.folklore.computers
Date: Thu, 04 Jan 2007 10:02:39 -0700
Anne & Lynn Wheeler <lynn@garlic.com> writes:
actually the line i heard was more like "the best you can hope for is
to not be fired and be allowed to do it again"
the other line .. is "heads roll uphill" ... or the reward for taking
credit for a good job is a promotion.
re:
http://www.garlic.com/~lynn/2007.html#20 MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
http://www.garlic.com/~lynn/2007.html#22 MS to world: Stop sending money, we have enough - was Re: Most ... can't run Vista
the other line used was they could have forgiven me for being
wrong, but they were never going to forgive me for being right.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Securing financial transactions a high priority for 2007
Newsgroups: alt.folklore.computers
Date: Thu, 04 Jan 2007 10:25:45 -0700
jmfbahciv writes:
So it takes a day to sort out the error. Who gets the float?
not so much the error ... but countermeasures to possible fraud.
previous posts
http://www.garlic.com/~lynn/2007.html#5 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#6 Securing financial transactions a high priority for 2007
however ... somewhat related posts
http://www.garlic.com/~lynn/2006k.html#23 Value of an old IBM PS/2 CL57 SX Laptop
http://www.garlic.com/~lynn/2006l.html#37 Google Architecture
http://www.garlic.com/~lynn/2006v.html#42 On sci.crypt: New attacks on the financial PIN processing
http://www.garlic.com/~lynn/2006w.html#4 Patent buster for a method that increases password security
and some discussion about who is getting what ...
Interchange Fees: The tipping point
http://www.csnews.com/csn/search/article_display.jsp?vnu_content_id=1002425619
from above
Fed up with out-of-control interchange fees, retailers are fighting back
with concerted legal and educational tactics -- and, in some cases,
proactive offensives of their own.
... snip ...
http://www.epaynews.com/newsletter/epaynews322.html
from above:
Convenience store operators can make more money on a 12-ounce cup of
coffee than they can on a 12-gallon tank of gas. Credit card fees now
account for almost half of a typical store's expenses - more than labor.
... snip ...
Payments Technologies Vie For Banks' IT Dollars
http://www.epaynews.com/index.cgi?survey=&ref=browse&f=view&id=1147439455861413176&block=
from above:
Payments revenues at European banks typically represent 10 per cent of
annual revenues, while in the US, this figure is nearer to 40 per cent
... snip ...
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Securing financial transactions a high priority for 2007
Newsgroups: alt.folklore.computers
Date: Thu, 04 Jan 2007 10:44:18 -0700
previous posts in thread:
http://www.garlic.com/~lynn/2007.html#5 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#6 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#27 Securing financial transactions a high priority for 2007
for other topic drift
Faster payments should not result in weaker authentication
http://www.securitypark.co.uk/article.asp?articleid=26294&CategoryID=1
from above:
The 11 faster payments member banks are progressing rapidly with their
implementation projects ahead of the November 2007 deadline. However,
as the systems being developed will enable a payment to be processed
in less than 15 seconds, there is no time to stop a payment, and
adequate authentication of the transactions becomes critical.
... snip ...
when we did the payment gateway as part of this stuff that came to be
called e-commerce ... we had some stats on how fast a transaction
turned around at the payment gateway; thru the payment network and
back (that was separate from any transit delays thru the Internet
between the webservers and the payment gateway) ... the avg. ran
between 200-300 milliseconds.
recent post mentioning payment gateway
http://www.garlic.com/~lynn/2007.html#15 SSL info
one of the early aads chip strawman objectives (in the 90s) was to be
able to meet the transit 200millisecond requirement in contactless
form factor and contactless power profile
http://www.garlic.com/~lynn/x959.html#aads
for x9.59 like transaction
http://www.garlic.com/~lynn/x959.html#x959
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Just another example of mainframe costs.
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Thu, 04 Jan 2007 14:01:57 -0700
John.Mckown@ibm-main.lst (McKown, John) writes:
Our SAN boxes do this on Fibre Channel as well. Hum, I am not sure
about the multipathing. From some discussion on the z/Linux forum
about FCP (Fibre Channel) I think it is supported. In any case, the
"open" DASD are still cheaper per megabyte that the exact same boxes
which are Ficon (with ECKD emulation).
in part because of our work on ha/cmp product
http://www.garlic.com/~lynn/subtopic.html#hacmp
and having been asked to author section in corporate continuous
strategy document,
http://www.garlic.com/~lynn/subtopic.html#available
i also got called into design walkthru on various raid product designs
... looking for gatcha's that they had overlooked (from integrity
standpoint).
recent post mentioning fcs, hippi, escon, ficon, etc:
http://www.garlic.com/~lynn/2006b.html#14 Expanded Storage
http://www.garlic.com/~lynn/2006c.html#1 Multiple address spaces
http://www.garlic.com/~lynn/2006c.html#40 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006i.html#34 TOD clock discussion
http://www.garlic.com/~lynn/2006l.html#43 One or two CPUs - the pros & cons
http://www.garlic.com/~lynn/2006m.html#52 TCP/IP and connecting z to alternate platforms
http://www.garlic.com/~lynn/2006p.html#46 "25th Anniversary of the Personal Computer"
http://www.garlic.com/~lynn/2006q.html#24 "25th Anniversary of the Personal Computer"
http://ww