List of Archived Posts

2007 Newsgroup Postings (10/06 - 10/25)

A question for the Wheelers - Diagnose instruction

what does xp do when system is copying

Windows Live vs Kerberos

Virtualization: Don't Ask, Don't Tell

Horrid thought about Politics, President Bush, and Democrats

Windows Live vs Kerberos

what does xp do when system is copying

what does xp do when system is copying

GETMAIN/FREEMAIN and virtual storage backing up

Computing Change: Researcher Traces History Of The Personal Computer

Horrid thought about Politics, President Bush, and Democrats

what does xp do when system is copying

ANT Censuses of the Internet Address Space

Does software life begin at 40? IBM updates IMS database

Does software life begin at 40? IBM updates IMS database

The SLT Search LisT instruction - Maybe another one for the Wheelers

History dictates future of virtualization

The SLT Search LisT instruction - Maybe another one for the Wheelers

Fixing our fraying Internet infrastructure

Fixing our fraying Internet infrastructure

Hackers Attack Apps While Still in Development

Horrid thought about Politics, President Bush, and Democrats

Enterprise: Accelerating the Progress of Linux

GETMAIN/FREEMAIN and virtual storage backing up

what does xp do when system is copying

VMware: New King Of The Data Center?

Does software life begin at 40? IBM updates IMS database

Does software life begin at 40? IBM updates IMS database

what does xp do when system is copying

what does xp do when system is copying

what does xp do when system is copying

what does xp do when system is copying

what does xp do when system is copying

Google And IBM Take Aim At Shortage Of Distributed Computing Skills

what does xp do when system is copying

what does xp do when system is copying

what does xp do when system is copying

what does xp do when system is copying

what does xp do when system is copying

Oracle Raises Stakes With BEA Offer

Astrophysicist Replaces Supercomputer with a Cluster of Eight PlayStation 3s

Newsweek article--baby boomers and computers

Newsweek article--baby boomers and computers

what does xp do when system is copying

what does xp do when system is copying

Are there tasks that don't play by WLM's rules

Are there tasks that don't play by WLM's rules

Anniversaries

IBM System/3 & 3277-1

Slimmed Down Windows Offers Glimpse Into Microsoft's Virtualization Ambitions

US or China?

The history of Structure capabilities

Ancient Apple

Damn

The history of Structure capabilities

IBM Z6 processor

Ancient Apple

IBM Z6 processor

Direction of Stack Growth

Virtualization: Everybody's Doing It, but Few Know How

Fixing our fraying Internet infrastructure

Horrid thought about Politics, President Bush, and Democrats

Fixing our fraying Internet infrastructure

The history of Structure capabilities

Virtual Browsers: Disposable Security

Direction of Stack Growth

Direction of Stack Growth

does memory still have parity?

Direction of Stack Growth

IBM System/3 & 3277-1

IBM System/3 & 3277-1

IBM System/3 & 3277-1

Value of SSL client certificates?

Value of SSL client certificates?

A question for the Wheelers - Diagnose instruction

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: A question for the Wheelers - Diagnose instruction
Newsgroups: alt.folklore.computers
Date: Sat, 06 Oct 2007 15:48:14 -0400

Peter Flass <Peter_Flass@Yahoo.com> writes:

I was just reading the Bitsavers' stuff on CPS.  Apparently the first
implementation was on a 360/50 with custom microcode.  The documented
microinstruction was "eval" which evaluated an expression from an
encoded list.

CPS as in conversational programming system? It supported conversational
basic and pli as subsystem running under os/360 ... done by the boston
programming center on 3rd flr of 545 tech sq
http://www.garlic.com/~lynn/subtopic.html#545tech

they also did some microcode performance enhancements for cps on the
360/50. later as the main cp67 group was expanding, splitting off from
the science center and turning into vm370 ... it moved to the 3rd flr
and absorbed the boston programming center; moving the cps developers to
cms. later as the group continued to expand, it outgrow the space on the
3rd flr and moved out to the old SBC bldg. in burlington mall.

one of the (previous) cps developers even did a port of conversational
cps basic pli running under cms.

misc. past posts mentioning CPS
http://www.garlic.com/~lynn/2000d.html#37 S/360 development burnout?
http://www.garlic.com/~lynn/2000f.html#66 360 Architecture, Multics, ... was (Re: X86 ultimate CISC? No.)
http://www.garlic.com/~lynn/2001b.html#42 John Mashey's greatest hits
http://www.garlic.com/~lynn/2001l.html#24 mainframe question
http://www.garlic.com/~lynn/2001m.html#47 TSS/360
http://www.garlic.com/~lynn/2002.html#48 Microcode?
http://www.garlic.com/~lynn/2002d.html#31 2 questions: diag 68 and calling convention
http://www.garlic.com/~lynn/2002h.html#59 history of CMS
http://www.garlic.com/~lynn/2002j.html#17 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002j.html#19 ITF on IBM 360
http://www.garlic.com/~lynn/2002o.html#78 Newsgroup cliques?
http://www.garlic.com/~lynn/2002p.html#58 AMP  vs  SMP
http://www.garlic.com/~lynn/2003c.html#0 Wanted: Weird Programming Language
http://www.garlic.com/~lynn/2003h.html#34 chad... the unknown story
http://www.garlic.com/~lynn/2003k.html#0 VSPC
http://www.garlic.com/~lynn/2003k.html#55 S/360 IPL from 7 track tape
http://www.garlic.com/~lynn/2004.html#20 BASIC Language History?
http://www.garlic.com/~lynn/2004.html#32 BASIC Language History?
http://www.garlic.com/~lynn/2004d.html#42 REXX still going strong after 25 years
http://www.garlic.com/~lynn/2004e.html#37 command line switches [Re: [REALLY OT!] Overuse of symbolic
http://www.garlic.com/~lynn/2004g.html#4 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004g.html#47 PL/? History
http://www.garlic.com/~lynn/2004m.html#54 Shipwrecks
http://www.garlic.com/~lynn/2004n.html#0 RISCs too close to hardware?
http://www.garlic.com/~lynn/2004p.html#37 IBM 3614 and 3624 ATM's
http://www.garlic.com/~lynn/2004q.html#18 PR/SM Dynamic Time Slice calculation
http://www.garlic.com/~lynn/2004q.html#72 IUCV in VM/CMS
http://www.garlic.com/~lynn/2005.html#8 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#28 Relocating application architecture and compiler support
http://www.garlic.com/~lynn/2005d.html#74 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005f.html#58 Where should the type information be: in tags and descriptors
http://www.garlic.com/~lynn/2005h.html#37 Software for IBM 360/30
http://www.garlic.com/~lynn/2005i.html#32 Improving Authentication on the Internet
http://www.garlic.com/~lynn/2005j.html#25 IBM Plugs Big Iron to the College Crowd
http://www.garlic.com/~lynn/2005q.html#12 What ever happened to Tandem and NonStop OS ?
http://www.garlic.com/~lynn/2005s.html#35 Filemode 7-9?
http://www.garlic.com/~lynn/2006j.html#44 virtual memory
http://www.garlic.com/~lynn/2006m.html#28 Mainframe Limericks
http://www.garlic.com/~lynn/2006o.html#51 The Fate of VM - was: Re: Baby MVS???
http://www.garlic.com/~lynn/2006r.html#41 Very slow booting and running and brain-dead OS's?
http://www.garlic.com/~lynn/2006s.html#1 Info on Compiler System 1 (Univac, Navy)?
http://www.garlic.com/~lynn/2007g.html#39 Wylbur and Paging
http://www.garlic.com/~lynn/2007g.html#43 Wylbur and CRBE
http://www.garlic.com/~lynn/2007l.html#58 Scholars needed to build a computer history bibliography

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Sat, 06 Oct 2007 16:31:36 -0400

"Jukka Aho" <jukka.aho@iki.fi> writes:

As Steve suggested, advanced techniques, such as VPNs (Virtual Private
Networking), can be used for connecting to your home network securely
from the outside world. This would allow you to see and access your
home computers, printers, files, etc. remotely, from a friend's house
or a hotel room (even from abroad), even though these resources are
otherwise hidden and protected behind your router/firewall. It is also
possible to control your computer and the programs running on it from
another computer, graphically, so that you see the screen of your
computer from a remote location. But if you want to use these kind of
features you need to set them up separately.

it seemed that ipsec and ipng were having trouble making headway in the
early 90s ... where it basically required replacing the existing network
stack ... which at the time essentially met getting a new operating
system distribution from your vendor and installing it.

i've commented before that barrier to uptake was somewhat behind the
rise of both SSL and VPN ... while ipsec would provide end-to-end
encryption but (essentially) required replacing your installed system
and kernel ... SSL and VPN required neither of these things.

SSL could be deployed just by installing an application ... and it
provided "end-to-end" encryption between a new browser application (and
some webserver) w/o requiring all the parties involved to install new
systems.

the original VPN was introduced at the fall '94 ietf meeting in san jose
in the gateway committee by a friend that we had worked on and off with
since 1980. he had originally developed it for him and his wife to work
at home ... with software update for his home router and the routers at
his and his wife's places of work. the state of the art at the time was
somewhat link encryptors ... i've commented before about some comment
in the mid-80s about the internal network having over half of all
the link encryptors in the world
http://www.garlic.com/~lynn/subnetwork.html#internalnet

the couple worked for different companies in a distant city.  rather
than having two separate 56kbit links from their house to their
respective companies in the remote city ... they had a single link from
their house to the husband's corporate location with a "tail-circuit"
from the husband's company location to the wife's company location.  The
husband's operated with vpn encrypted link from the house to his
corporate location. The wife operated with a vpn encrypted link
... first tunneled thru the husband's vpn encrypted link (to his
corporate location) and then via the "tail-circuit" to her corporate
location.

my view was all of this caused some amount of heart burn among the ipsec
aficionados ... somewhat mitigated when they started calling it
"lightweight ipsec" (then others could start calling ipsec, "heavyweight
ipsec").

there was also somewhat of a split among the router vendors when vpn
was introduced ... because some of the vendors had boxes with powerful
enuf processors to perform the required vpn encryption ... but some of
the router vendors had very much slower processors that had extreme
difficulty performing the required cryptographic operations. As a
result, the router vendors with the slower processors appeared to put
up all sort of delaying actions and roadblocks.

much later there were vpn implementations that could be deployed in
end-user computers (rather than intermediate routers) ... with encrypted
sessions tunneled through standard internet connections.  however, many
of these deployments created serious corporate risks ... in much the
same way that having internal, secured corporate personal computers
(connected on internal, secured corporate networks) ... when a user
might activate a dial-up modem to the standard internet ... and
attackers would attack corporate networks thru these unauthorized
backdoor dial-up connections. many of the early personal computer vpn
implementations had similar difficiencies ... that attackers would
compromise the home pc thru the standard internet connection and then
gain access to the corporate network via the tunneled vpn connection.

misc. past posts mentioning VPNs
http://www.garlic.com/~lynn/aadsm11.htm#24 Proxy PKI. Was: IBM alternative to PKI?
http://www.garlic.com/~lynn/aadsm12.htm#66 Subpoena Sidelines PKI Project
http://www.garlic.com/~lynn/aadsm15.htm#2 Is cryptography where security took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#17 New authentication protocol, was Re: Tinc's response to "Linux's answer to MS-PPTP"
http://www.garlic.com/~lynn/aadsm16.htm#20 Ousourced Trust (was Re: Difference between TCPA-Hardware  and a smart card and something else before
http://www.garlic.com/~lynn/aadsm23.htm#18 Security Soap Opera - (Central) banks don't (want to) know, MS prefers Brand X, airlines selling your identity, first transaction trojan
http://www.garlic.com/~lynn/aadsm25.htm#19 Hamiltonian path as protection against DOS
http://www.garlic.com/~lynn/aadsm27.htm#20 307 digit number factored
http://www.garlic.com/~lynn/2001g.html#18 VPN solution for school district
http://www.garlic.com/~lynn/2002j.html#40 Beginner question on Security
http://www.garlic.com/~lynn/2002l.html#60 Handling variable page sizes?
http://www.garlic.com/~lynn/2003b.html#53 Microsoft worm affecting Automatic Teller Machines
http://www.garlic.com/~lynn/2003e.html#34 Use of SSL as a VPN
http://www.garlic.com/~lynn/2003e.html#40 IETF meeting (Re: editors/termcap)
http://www.garlic.com/~lynn/2003l.html#23 Why more than 1 hole in FW for IPSec
http://www.garlic.com/~lynn/2003m.html#16 OSI not quite dead yet
http://www.garlic.com/~lynn/2004k.html#29 CDC STAR-100
http://www.garlic.com/~lynn/2004p.html#32 Carrying IP over ATM networks
http://www.garlic.com/~lynn/2005h.html#39 Attacks on IPsec
http://www.garlic.com/~lynn/2005q.html#29 IPSEC wireless router ?
http://www.garlic.com/~lynn/2005u.html#46 Channel Distances
http://www.garlic.com/~lynn/2007d.html#37 MAC and SSL
http://www.garlic.com/~lynn/2007g.html#63 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007h.html#67 SSL vs. SSL over tcp/ip
http://www.garlic.com/~lynn/2007l.html#32 Virtual private networks

Windows Live vs Kerberos

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Windows Live vs Kerberos
Newsgroups: comp.protocols.kerberos
Date: Sun, 07 Oct 2007 09:00:02 -0400

royend <royend@gmail.com> writes:

Can someone tell me differences between Windows Live and Kerberos?
Is it possible for instance to sat that Windows Live uses as its basis
the Needham-Schroeder protocol, the same way as Kerberos does?

I believe that Kerberos is a more general protocol which is used in
network authentication, as Windows Live is a special service for web
sites, gathering all users at a single sign on (SSO).

how 'bout ...
http://en.wikipedia.org/wiki/Windows_Live_ID

for a little drift ... original kerberos was done with shared-secret/password
for user authentication. once that is done, then kerberos tickets can
be passed around between a lot of applications as a sso mechanism.

m'soft contracted with an outside corporation to do a kerberos
impelementation for windows ... making it the basis for windows
authentication. about the same time that was going on there was a
ietf/internet draft written called pk-init for kerberos.

in the original pk-init, the registration of password was replaced
with the registration of public keys ... and in place of entering a
password, the user generated a digital signature (with their
corresponding private key). this was not a PKI implementation which
requires something called digital certificates ... which were
nominally invented to provide some trusted information about total
strangers during first time communication ... aka in the original PKI
design point, a total stranger, that is otherwise not known to the
organization and/or for which there has never been any prior contact
... can present a digital certificate and be granted access to systems
(purely based on the information contained in the digital
certificate). in that sense, digital certificates can be considered
sort of a very long lived "tickets" ... where all the authorization
information is visible/public and targeted at being used by strangers
in first time communication (the letters of credit/introducation
scenario from sailing ship days, where relying parties had no other
recourse to information for first time interaction with total
strangers)

There was then some amount of lobbying that the pk-init drift should
support both digital signature based authentication involving known
individuals (i.e. the original public key registration scenario) as
well as the PKI-scenario with digital certificates (supposedly to
allow total strangers with no prior contact and/or authorization,
access to systems).

misc. past posts mentioning kerberos and/or pk-init
http://www.garlic.com/~lynn/subpubkey.html#kerberos

in the early 80s, we were periodically involved dropping by project
athena and reviewing various projects, including kerberos. we happened
to be there a week when the original cross-domain kerberos process was
being worked out. more recently, we sat thru a vendors description of
their SAML implementation for cross-domain authentication. While the
format of SAML messages and kerberos tickets are different, the
description of the flows were identical.

corresponding kerberos wiki page
http://en.wikipedia.org/wiki/Kerberos_(protocol)

from my rfc index
http://www.garlic.com/~lynn/rfcietff.htm

and click on Term (term->RFC#) in the RFCs listed by section

and then scroll down to kerberos, i.e.

kerberos
 see also authentication , generic security service , security
 5021 4757 4752 4559 4557 4556 4537 4430 4402 4121 4120 3962 3961 3244
 3129 2942 2712 2623 1964 1510 1411

clicking on the RFC numbers, brings up the corresponding summary
in the lower frame, for instance:

4757 I
 The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows,
 Brezak J., Jaganathan K., Zhu L., 2006/12/11 (18pp) (.txt=36562) (Refs
 1320, 1321, 1964, 2104, 3961, 3962, 4120, 4537)

clicking on the ".txt=nnnn" field, fetches the actual RFC

Virtualization: Don't Ask, Don't Tell

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Virtualization: Don't Ask, Don't Tell
Newsgroups: alt.folklore.computers
Date: Sun, 07 Oct 2007 09:31:07 -0400

recent on 40+yr old technology ... from the science center ...
first as cp40 on custom modified 360/40
http://www.garlic.com/~lynn/subtopic.html#545tech

article theme somewhat that IT departments meet SLA-aggreements and
their corporate customers don't need to be concerned if virutalization
is involved.

Virtualization: Don't Ask, Don't Tell
http://www.linuxinsider.com/story/59692.html

from above:

Such a rush to virtual servers is certainly under way at The Hartford
Life and Accident Insurance, where "the standard is that everything new
comes in on virtual servers," said Bruno Janssens, senior architect in
the company's infrastructure services group.

A dozen of the Simsbury, Conn.-based insurer's 5,000 servers are
currently virtualized, as are some 500 Windows XP client machines, he
said.

... snip ...

Horrid thought about Politics, President Bush, and Democrats

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Horrid thought about Politics, President Bush, and Democrats ...
Newsgroups: alt.folklore.computers
Date: Sun, 07 Oct 2007 10:51:39 -0400

Frank McCoy <mccoyf@millcomm.com> writes:

....  Not, like bombing us into rubble, like some more hawkish people
thought, but by outperforming us.  Somewhat like Toyota has overtaken
General Motors.  That wouldn't have been so bad for the world if true.

note that the suggestions in the 70s and 80s and even into the 90s (that
was in progress) was met with strong counter arguments that could
aboslutely never be possible. All the signs were clearly visible, but it
appeared that the majority/mainstream had enormous variety of reasons
why it wasn't happening (delusions?) ... which seemed to be totally
unrelated to observable reality.

misc. past posts mentioning automobile industry, import quotas,
C4 project and other related tidbits
http://www.garlic.com/~lynn/2000f.html#43 Reason Japanese cars are assembled in the US (was Re: American bigotry)
http://www.garlic.com/~lynn/2003i.html#61 TGV in the USA?
http://www.garlic.com/~lynn/2003l.html#29 Offshore IT
http://www.garlic.com/~lynn/2003o.html#34 Will Prescott work on Win64?
http://www.garlic.com/~lynn/2004b.html#52 The SOB that helped IT jobs move to India is dead!
http://www.garlic.com/~lynn/2004c.html#51 [OT] Lockheed puts F-16 manuals online
http://www.garlic.com/~lynn/2004h.html#22 Vintage computers are better than modern crap !
http://www.garlic.com/~lynn/2005s.html#2 Internet today -- what's left for hobbiests
http://www.garlic.com/~lynn/2006.html#23 auto industry
http://www.garlic.com/~lynn/2006.html#44 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006g.html#14 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#20 The Pankian Metaphor
http://www.garlic.com/~lynn/2006m.html#49 The Pankian Metaphor (redux)
http://www.garlic.com/~lynn/2006v.html#14 In Search of Stupidity
http://www.garlic.com/~lynn/2006x.html#32 Toyota set to lift crown from GM
http://www.garlic.com/~lynn/2007f.html#50 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#29 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#34 U.S. Cedes Top Spot in Global IT Competitiveness
http://www.garlic.com/~lynn/2007g.html#52 U.S. Cedes Top Spot in Global IT Competitiveness
http://www.garlic.com/~lynn/2007i.html#13 U.S. Cedes Top Spot in Global IT Competitiveness
http://www.garlic.com/~lynn/2007j.html#31 IBM Unionization
http://www.garlic.com/~lynn/2007j.html#33 IBM Unionization
http://www.garlic.com/~lynn/2007k.html#11 IBM Unionization
http://www.garlic.com/~lynn/2007k.html#24 IBM Unionization
http://www.garlic.com/~lynn/2007n.html#31 IBM obsoleting mainframe hardware

Windows Live vs Kerberos

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Windows Live vs Kerberos
Newsgroups: comp.protocols.kerberos
Date: Sun, 07 Oct 2007 22:08:00 -0400

Frank Siebenlist <franks@mcs.anl.gov> writes:

Ahhh, pkinit history... actually, pkinit originates from the good old
DCE efforts at OSF from the 90's.

The DCE-RFC's 68.3/4 show the evolution that Lynn talked about, where
the last 68.4 was used for the current IETF pkinit incarnation after
some heated ietf-workgroup sessions...
http://www.opengroup.org/dce/tech/pki/dce_pki_spec_08.pdf

The first versions of pkinit were purely key-based, essentially like
ssh, where the public key was matched to a Kerberos principal.

At that time we thought that X509-PKIX-PKI was going to take over the
world and X509 certs were the future... (I'm sure that Lynn has a few
references about those dreams ;-) ), so we introduced X509-cert-based
authentication for DCE/Kerberos in RFC 68.4, where the identity
management was taken over by the PKI, and Kerberos (ideally) didn't need
any user-database and would issue tickets to whoever would authenticate
with a x509-cert and the principal name would be derived from the
subject's DN.

As mentioned, there were some heated arguments in the ietf working group
- the idea that it would demote Kerberos to a credential translation
service and would take away the identity management part was probably
one reason...

In retrospect, I'm not sure if we made any real improvement with the
changes in the pkinit model... maybe we should have listened better to
Carl Ellison and Lynn ;-)

re:
http://www.garlic.com/~lynn/2007q.html#2 Windows Live vs Kerberos

one of the issues with x.509 identity (public) digital certificates from
the early 90s was "what might the necessary and sufficient information
be required in the digital certificates" (for possibly accepting relying
parties).  as a result there was some direction to include more and more
personal information ... to cover the possible requirements of any
relying parties which might be depending on the (public) digital
certificates (PKI somewhat assumed that public digital certificates were
being sprayed all over the world).

however, by the mid-90s, several organizations were starting to realize
that x.509 identity (public) digital certificate, increasing overloaded
with personal information, represented significant liability and privacy
issues. some of these organizations, attempting to salvage something of
the digital certificate infrastructure, regressed to something called
relying-party-only digital certificates
http://www.garlic.com/~lynn/subpubkey.html#rpo

where the individual information (in the digital certificate) was
restricted to some sort of account number (user identifier and/or
record locator) and a public key. The account/record allowed the
personal information to be removed from public distribution. The issue
then was that it could be trivially shown that the actual digital
certificates were redundant and superfluous ... since the
account/record would (or trivially could) typically also include the
public key (effectively regressing to the original pkinit scenario).

The trade-off (from the digital certificate design point adapted from
the letters of credit/introduction from sailing ship days) ... was
that it was necessary to include all the required information needed
by relying party in the document. Once the pertinent information moved
some place else ... then the original purpose for such documents
(credentials and/or digital certificate) became redundant and
superfluous.

There were some additional issues with various of the relying-party-only
certificates ... besides becoming redundant and superfluous. Even with
relying-party-only digital certificates eliminating all
personal specific information (except record-locator/account-record
and public key) ... they could still be quite enormous and require
significant processing overhead. This was especially apparent in
payment transactions ... where the overhead of a relying-party-only
digital certificates could represent an 100-fold payload size increase
http://www.garlic.com/~lynn/subpubkey.html#bloat

that issue was so significant (in payment infrastructure) that the x9
financial standards body started a work item for "compressed" digital
certificates ... with objective of attempting to reduce the payload
bloat increase to possibly only 5-fold (again for something effectively
redundant and superfluous).

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Mon, 08 Oct 2007 07:31:29 -0400

"Jukka Aho" <jukka.aho@iki.fi> writes:

Corporate VPN clients are usually designed to prevent one from routing
between the tunnel and the local networks, and they resort to all
sorts of nannying when trying to uphold that policy. But where there's
a will, there's always a way... I can assure you from my own
experience that trying to prevent someone's personal computer from
doing things is doomed to fail if the user is the administrator of
that machine, and _wants_ circumvent those restrictions. :)

many of the early corporate vpn client implementations lacked a lot of
integrity implementations to counter allowing attackers from standard
internet to compromise corporate intranets via vpn clients. the
countermeasures for these kinds of attacks somewhat evolved over time.

the simple was to make sure that the client ip-stack had ip-routing
turned off ... but then there are various kinds of trojan horses
... somewhat similar to the botnet compromises that effectively can
operate somewhat like application level proxy to use the client as
platform for corporate attacks.

for other drift, misc. past posts mentioning interop '88.
http://www.garlic.com/~lynn/subnetwork.html#interop88

the four floor nets was one of the first, large scale multiple net
installations. on sunday before the show ... the whole infrastructure
started crashing and burning ... which continued into the wee hours of
monday morning. subsequently there was a default configuration
recommendation regarding ip-forwarding appeared in rfc1122
(i.e. std-3), "Requirements for Internet Hosts - commuincations
layers"

and recent post including mention of some ipsec related technology
(digital certificates, pkix) from the early/mid 90s
http://www.garlic.com/~lynn/2007q.html#5 Windows Live vs Kerberos
kicked off with this post
http://www.garlic.com/~lynn/2007q.html#2 Windows Live vs Kerberos

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Mon, 08 Oct 2007 10:16:15 -0400

jmfbahciv writes:

Medicare, Medicaid and the insurance companies have set
prices for what they will reimburse for each and every
charge, including toilet paper usage.  The medical care
providers lose money so they charge higher and higher
rates to the private patients...those who aren't using
insurance as their payment adminstrators.  Now consider
a law that forces everybody to have insurance.  It exists.
We have it in this state.  The next health bill passed will
have that edict.

Now where are the health care providers supposed to get the
monies to run the businesses?

i think it was 60 minutes(?) a few months ago had a segment on
medicaid drug bill legislation. the major pt was that the bill excluded
negotiated prescription prices ... and gave some comparison of VA
prescription drug prices (which allows negotiated prescription prices)
being much less than medicaid (which precludes negotiated prescription
prices) ... for even the same identical drug.

there was one bit on an initial GAO report estimating annual costs
(which was supposedly used to decide whether to vote in favor or against
the bill) ... then GAO came out with more accurate estimate that was
something like twice the earlier estimate ... supposedly the committee
chairman was able to block dissemination of the updated estimate until
after the bill had passed.

finally there were something like 12-18 people ... either elected
officials, aids, and/or staffers responsible for shepherding the
legislation thru ... and supposedly over short period after the bill
passing, all had left their positions and working in one way or another
for the drug industry.

some of this was behind the comptroller general's comments about nobody
in congress for the past 50 yrs, has been capable of doing simple middle
school arithmatic

yesterday, cspan carried small portion of talk claiming that federal
legislation unfunded mandates now amounts to $400k for every man, woman,
and child (this isn't current federal debt, this is cost of existing
legislation mandated programs for which there hasn't been funding
... presumably requiring future borrowing/debt and/or additional tax
burden).

old long-winded post reference to the 80s gov. savings&loan bail-out
claiming that the obligation was carried off fed. books since it
represented $100k for every man, woman, and child.
http://www.garlic.com/~lynn/aepay3.htm#riskm

a few other posts mentioning unfunded obligations of various kinds:
http://www.garlic.com/~lynn/2004b.html#9 A hundred subjects: 64-bit OS2/eCs, Innotek Products,
http://www.garlic.com/~lynn/2004e.html#19 Message To America's Students: The War, The Draft, Your Future
http://www.garlic.com/~lynn/2007j.html#91 IBM Unionization
http://www.garlic.com/~lynn/2007j.html#93 IBM Unionization

and various other posts mentioning comptroller general's comments
http://www.garlic.com/~lynn/2006f.html#41 The Pankian Metaphor
http://www.garlic.com/~lynn/2006f.html#44 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#9 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#14 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#27 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#2 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#3 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#4 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#17 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#19 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#33 The Pankian Metaphor
http://www.garlic.com/~lynn/2006o.html#61 Health Care
http://www.garlic.com/~lynn/2006p.html#17 Health Care
http://www.garlic.com/~lynn/2006r.html#0 Cray-1 Anniversary Event - September 21st
http://www.garlic.com/~lynn/2006t.html#26 Universal constants
http://www.garlic.com/~lynn/2007j.html#20 IBM Unionization
http://www.garlic.com/~lynn/2007j.html#91 IBM Unionization
http://www.garlic.com/~lynn/2007k.html#19 Another "migration" from the mainframe
http://www.garlic.com/~lynn/2007o.html#74 Horrid thought about Politics, President Bush, and Democrats
http://www.garlic.com/~lynn/2007p.html#22 U.S. Cedes Top Spot in Global IT Competitiveness

GETMAIN/FREEMAIN and virtual storage backing up

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: GETMAIN/FREEMAIN and virtual storage backing up
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 08 Oct 2007 10:53:12 -0400

peter.hunkeler@ibm-main.lst (Hunkeler Peter  , KIUK 3) writes:

Fixed storage is not only to support diabled users but much more often
used in the ubiquituos I/O processing. The channel subsystem (the I/O
part of System z hardware) does not use DAT. Channel commands transfer
data blocks data from and to real storage to and from I/O devices,
resp.  Before the I/O can be initiated, MVS's I/O supervisor code has
to make sure the virtual storage allocated for the I/O buffers is not
being paged out while the channel subsystem is working on the I/O
request.  Therefore, the pages will be fixed before the I/O supervisor
passes the I/O request to the channel subs

this was part of the technology that was borrowed from cp67 in the
original os/vs2 work ... discussed earlier in this thread
http://www.garlic.com/~lynn/2007p.html#69 GETMAIN/FREEMAIN and virtual storage backing up
http://www.garlic.com/~lynn/2007p.html#70 GETMAIN/FREEMAIN and virtual storage backing up

one of the uses for "fixed" storage was allowing applications to build
channel programs with the (previously) "fixed", real storage addresses
... then the application channel program could be directly executed
... w/o requiring the supervisor having to scan ... building a
shadow/duplicate channel program with the "real" addresses

for instance, lookup various discussions about EXCPVR compared to EXCP

... this redbook has some discussion of the differences between EXCPVR
and EXCP (although most of the discussion is about support for using
storage about 2GB line)
http://www.redbooks.ibm.com/abstracts/SG245976.html

from 2.10.3 Using EXCP and EXCPVR

Programs using EXCPVR have the responsibility to page fix all I/O area
and build real channel programs.

... snip ...

Computing Change: Researcher Traces History Of The Personal Computer

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Computing Change: Researcher Traces History Of The Personal Computer
Newsgroups: alt.folklore.computers
Date: Mon, 08 Oct 2007 11:36:38 -0400

Computing Change: Researcher Traces History Of The Personal Computer
http://www.sciencedaily.com/releases/2007/10/071008080207.htm

from above:

Thomas Haigh, assistant professor of information studies at the
University of Wisconsin-Milwaukee (UWM), is among a very small number of
computer experts in the world who are also historians, studying the role
of technology in broader social change. These new experts are tracing
how computers have changed business and society.

... snip ...

Horrid thought about Politics, President Bush, and Democrats

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Horrid thought about Politics, President Bush, and Democrats ...
Newsgroups: alt.folklore.computers
Date: Tue, 09 Oct 2007 10:25:35 -0400

Walter Bushell <proto@oanix.com> writes:

And with Churchill, who wasn't much of an improvement. He was and out
and out imperialist and thought it was proper, for example, for a small
island to run a continent for the islands benefit. We revolted from
England for exactly the that. Maybe the repression was not as severe in
India, as in Russia, but if so, that was because the English had left to
justify their rule.

past references to history books/lectures claiming that the
country/constitution would have been significantly different if it had
been less heavily influenced by the scots/descendants from virginia and
more heavily influenced by the english/descendants from new england
area.
http://www.garlic.com/~lynn/2006b.html#30 Empires and Imperialism
http://www.garlic.com/~lynn/2006r.html#47 Mickey and friends
http://www.garlic.com/~lynn/2007o.html#51 EZPass: Yes, Big Brother IS Watching You!

within the past couple yrs we had a side-trip to Edinburgh and had
chance to visit some number of military museums that extolled the
bravery of all the scots that joined the military.

about the same time, we saw a (wwi) blackadder segment that had a line
(from english officer, mr bean's character) about if they saw a man in a
skirt, they run him thru and nic all his lands. we had also got a BBC DVD
multi-part series, a history of britain ... in it there was a
comment about after the english had slaughtered so many scotts and took
their lands, the only opportunity for young male scotts was to join the
military.
http://www.garlic.com/~lynn/2006u.html#57 Pedantry (was RE: Shane's antipodes)

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Tue, 09 Oct 2007 16:55:44 -0400

Greg Menke <gusenet@comcast.net> writes:

I'd be inclined to wonder if the redundant layers of crypto might become
problematic.  A crypto expert I ain't but isn't the usual line that
redundant crypto presents a diminishing returns scenario and might tend
to reduce overall effectiveness (by which I mean the aggregate effect of
the algorithms may weaken the overall cipher, at least in theory) ?

one of the scenarios is about security "in-depth" .... multiple layers
of defense ... so that if one is broken, there are still additional
layers.

well designed crypto isn't suppose to yield/leak information ...  so
that attacks aren't any better than brute force attack on the key
(i.e. attempting all possible keys).

good encryption should result in bit patterns indistinquishable from
noise (or close to it).  well designed layered encryption, theoritically
requires brute force "key" attack to peal away each layer. however, if
the result of the outer layer only yields an inner layer that looks like
noise ... it may require an aggregate brute force attack on combination
of all possible layered keys ... before it is possible to recognize
something other than noise.

"3-des" with 2 56-bit (des) keys achieves this ... there is a DES
"encrypt" with the first key ... followed by a DES "decrypt" with the
2nd key (i.e. decrypting something with the wrong key can also look like
noise), followed by encryption with the first key again. This is
considered to be equivalent of 2*56=112 bit key (requiring a brute force
attack of 2**112 rather than brute force of 2**56). 3-des "decryption"
then reverses the process; DES "decrypt" with the 1st key, followed by
DES "encrypt" with the 2nd key, and finally DES "decrypt" with the 1st
key.

one of the other security scenarios is that increasing complexity tends
to weaken security ... because complexity increases the chance that
things won't be done correctly everytime ... which attackers can take
advantage of.

since no specific (well-designed) encryption is suppose to leak
information .... multiple application of independent encryption
shouldn't ever "increase" the amount of information leaked (ideally, the
amount of useful information leaked should decrease with additional,
independent encryption).

one of the principles of diminishing returns ... frequently has to do
with total end-to-end security ... as opposed to just specific
encryption process. nominally end-point attacks have been demonstrated
to be easier than much of the communication encryption measures.
Doubling the amount of communication encryption just encourages
attackers to ignore transmissions and even further increase end-point
attack efforts (and has little or no effect on protecting the weakest
points ...  i.e. the principle that security is only as strong as the
weakest link).

An possible exception to communication encryption tending to be one of
the strongest part of security, has been the wifi encryption that has
been implicated in the tjx breach .. i.e.

WLAN Security Blamed for TJX Payment Card Breach
http://itmanagement.earthweb.com/secu/article.php/3704061

however, the weakness in the wifi encryption has been known for quite
some time. there were even early apoligies by the individuals
responsible for the design, also claiming that trade-offs were made
because of the target wifi devices didn't have capability to perform
more complex encryption. although there is some evidence that by the
time the encryption was actually deployed, all of the wifi devices
being shipped were capable of much more powerful encryption.

we had been brought in to consult with a small client/server startup
that wanted to do payment transactions on their server ... some
past posts mentioning something called a payment gateway
http://www.garlic.com/~lynn/subnetwork.html#gateway

they had this technology called SSL ... and the effort is now frequently
referred to as "electronic commerce". a few recent posts
http://www.garlic.com/~lynn/aadsm27.htm#0 H6.2 Most Standardised Security Protocols are Too Heavy
http://www.garlic.com/~lynn/aadsm27.htm#1 H6.2 Most Standardised Security Protocols are Too Heavy
http://www.garlic.com/~lynn/aadsm27.htm#15 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#19 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#20 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#21 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#47 If your CSO lacks an MBA, fire one of you
http://www.garlic.com/~lynn/aadsm27.htm#50 If your CSO lacks an MBA, fire one of you
http://www.garlic.com/~lynn/aadsm27.htm#54 Security can only be message-based?
http://www.garlic.com/~lynn/aadsm27.htm#60 Retailers try to push data responsibilities back to banks
http://www.garlic.com/~lynn/2007o.html#23 Outsourcing loosing steam?
http://www.garlic.com/~lynn/2007o.html#25 LAX IT failure: leaps of faith don't work
http://www.garlic.com/~lynn/2007o.html#27 EZPass: Yes, Big Brother IS Watching You!
http://www.garlic.com/~lynn/2007o.html#28 EZPass: Yes, Big Brother IS Watching You!
http://www.garlic.com/~lynn/2007o.html#52 Virtual Storage implementation
http://www.garlic.com/~lynn/2007p.html#54 Industry Standard Time To Analyze A Line Of Code
http://www.garlic.com/~lynn/2007p.html#67 what does xp do when system is copying

lots of past posts about ssl and ssl domain name digital certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

we then got involved in the x9a10 financial standard working group that
had been given the requirement to preserve the integrity of the
financial infrastructure for all retail payments. this required
some detailed vulnerability studies and threat models in support
of x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959

part of this was that by far the greatest leakage of account numbers
resulting in fraudulent transactions was the transaction repositories
which were needed for a large number of business processes. there was
the eventual observation that the account numbers were needed in so many
processes ... that there was no amount of security that would prevent
account number leakage (in part studies showing that up to seventy
percentage of such leakage involve insiders). from a policy standpoint,
the circumstance could claim that account number was overloaded ...
effectively being used for (something you know) authentication as well
as being instrumental for large number of business processess.

the eventual tjx 40million account number breach, may have started with
information obtained via the wifi encryption breach but was then
leveraged in being able to access the transaction/business repositories
(it wasn't using the encryption break to obtain the large number of
account numbers thru evesdropping actual transactions).

so the x9.59 financial standard approach was to create a totally
separate operation for transaction authentication, independent of the
account number. this eliminated the ability of attackers to perform
fraudulent transactions having either evesdropped transactions (during
transmission) or from copying large business process repositories.  this
is discussed in more detail in a series of posts about "naked
transaction metaphor" (i.e. transactions where the account number is
overloaded serving both as means of something you know authentication
and for numerous other business processes)
http://www.garlic.com/~lynn/subintegrity.html#payment

x9.59 preventing crooks from performing fraudulent transactions with
information gatthered by evesdropping on electronic commerce
transmissions ... also effectively eliminates one of the main purposes
of SSL.
http://www.garlic.com/~lynn/2007.html#0 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#5 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#6 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#27 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007.html#28 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007b.html#60 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007b.html#61 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007b.html#62 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007b.html#64 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#6 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#8 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#10 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#15 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#17 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#18 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#22 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#26 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#27 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#28 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#30 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#31 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#32 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#33 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#35 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#36 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#37 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#38 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#39 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#43 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#44 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#46 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#51 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#52 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#53 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#0 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#5 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#11 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#26 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#68 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#70 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#2 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#12 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#20 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#23 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#24 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#26 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#28 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#29 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#58 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#61 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#62 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#65 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#8 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#58 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#68 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#72 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#75 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007g.html#8 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007h.html#48 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007h.html#51 Securing financial transactions a high priority for 2007

ANT Censuses of the Internet Address Space

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: ANT Censuses of the Internet Address Space
Newsgroups: alt.folklore.computers
Date: Tue, 09 Oct 2007 17:30:24 -0400

ANT Censuses of the Internet Address Space
http://www.isi.edu/ant/address/

Does software life begin at 40? IBM updates IMS database

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Does software life begin at 40? IBM updates IMS database
Newsgroups: alt.folklore.computers
Date: Tue, 09 Oct 2007 20:20:35 -0400

Does software life begin at 40? IBM updates IMS database
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9041719

from above:

IMS, which stores data in a tree structure rather than in the tables
used in relational databases, was first used in 1968 for the NASA's
Apollo space program.

...

Bernie Spang, director of data servers at IBM, added that the database
remains vigorous despite its age. It still runs in the back rooms of
over 95% of Fortune 1,000 companies, and, Spang claimed, 80% of large
retail banks in the United States, Germany and Japan.

... snip ...

a couple postings with old email mentioning IMS
http://www.garlic.com/~lynn/2007.html#email801016
http://www.garlic.com/~lynn/2007c.html#email830125

some recent posts mentioning IMS:
http://www.garlic.com/~lynn/2007.html#39 Just another example of mainframe costs
http://www.garlic.com/~lynn/2007b.html#9 Mainframe vs. "Server" (Was Just another example of mainframe
http://www.garlic.com/~lynn/2007b.html#48 6400 impact printer
http://www.garlic.com/~lynn/2007c.html#42 Keep VM 24X7 365 days
http://www.garlic.com/~lynn/2007d.html#24 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007e.html#1 Designing database tables for performance?
http://www.garlic.com/~lynn/2007e.html#14 Cycles per ASM instruction
http://www.garlic.com/~lynn/2007e.html#16 Attractive Alternatives to Mainframes
http://www.garlic.com/~lynn/2007e.html#31 Quote from comp.object
http://www.garlic.com/~lynn/2007e.html#36 Quote from comp.object
http://www.garlic.com/~lynn/2007e.html#37 Quote from comp.object
http://www.garlic.com/~lynn/2007e.html#41 IBM S/360 series operating systems history
http://www.garlic.com/~lynn/2007f.html#56 Is computer history taught now?
http://www.garlic.com/~lynn/2007f.html#64 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007f.html#66 IBM System z9
http://www.garlic.com/~lynn/2007g.html#25 Bidirectional Binary Self-Joins
http://www.garlic.com/~lynn/2007g.html#26 Bidirectional Binary Self-Joins
http://www.garlic.com/~lynn/2007h.html#35 sizeof() was: The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007h.html#76 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007k.html#71 The top 10 dead (or dying) computer skills
http://www.garlic.com/~lynn/2007l.html#62 Friday musings on the future of 3270 applications
http://www.garlic.com/~lynn/2007m.html#36 Future of System/360 architecture?
http://www.garlic.com/~lynn/2007m.html#47 Capacity and Relational Database
http://www.garlic.com/~lynn/2007m.html#55 Capacity and Relational Database
http://www.garlic.com/~lynn/2007n.html#49 VLIW pre-history
http://www.garlic.com/~lynn/2007o.html#53 Virtual Storage implementation
http://www.garlic.com/~lynn/2007o.html#57 ACP/TPF
http://www.garlic.com/~lynn/2007o.html#59 ACP/TPF
http://www.garlic.com/~lynn/2007p.html#13 IBM Releases Office Desktop Software at No Charge to Foster Collaboration
http://www.garlic.com/~lynn/2007p.html#20 64 gig memory
http://www.garlic.com/~lynn/2007p.html#58 what does xp do when system is copying

Does software life begin at 40? IBM updates IMS database

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Does software life begin at 40? IBM updates IMS database
Newsgroups: alt.folklore.computers
Date: Wed, 10 Oct 2007 16:54:50 -0400

hancock4 writes:

We still use it to power a massive database.  Apparently it (at least
in earlier years) able to handle very large data volumes so our data
is split into multiple databases.  An I/O module decides which
database to go to to fetch or update the data.

IMS also had an online component, but we use CICS.

They want to rewrite the application in modern web-based, but
replacing a massive application isn't so easy.

re:
http://www.garlic.com/~lynn/2007q.html#13 Does software life begin at 40? IBM updates IMS database

CICS is approx. same vintage as IMS. The folklore is that it
was developed at a mid-west utility company ... and then picked
up to offer as general product. The univ. library had a ONR grant
to do some library automation and got selected to be beta-test
for the original CICS product. I got tasked to do some of the
support/debugging for the installation.

misc. past posts mentioning CICS &/or BDAM
http://www.garlic.com/~lynn/subtopic.html#bdam

CICS history site
http://www.yelavich.com/history/toc.htm

wiki CICS page
http://en.wikipedia.org/wiki/CICS

and the wiki IMS page
http://en.wikipedia.org/wiki/IBM_Information_Management_System

the above wiki page mentions Vern Watts
http://www.vcwatts.org/ibm_story.html

as well as IMS availability options.

my wife had been con'ed into going to pok to be in charge of (mainframe)
loosely-coupled architecture. while there she came up with peer-coupled
shared data architecture
http://www.garlic.com/~lynn/subtopic.html#shareddata

which didn't see a lot of takeup until sysplex (one of the reasons she
didn't stay there long) ... except for IMS hot-standby.

this CICS history page mentions the transition of CICS from
"Type II Application Program" to program product
http://www.yelavich.com/history/ev196901.htm

and also mentions transition to program product in 1969 in relationship
to the 23jun69 unbundling announcement
http://www.garlic.com/~lynn/subtopic.html#unbundle

and starting to charge for (application) software.

The SLT Search LisT instruction - Maybe another one for the Wheelers

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The SLT Search LisT instruction - Maybe another one for the Wheelers
Newsgroups: alt.folklore.computers
Date: Wed, 10 Oct 2007 18:38:14 -0400

Paul Hinman <paul.hinman@shaw.ca> writes:

The Search List Instruction SLT was an RPQ for the 360/67, as I
remember it used about 4 implicit registers in addition to the regular
operands.  It would search up to 256 members of a linked list
performing a logical comparison and a bit test on each table entry.
If my failing mind is correct the table entries had to be double word
aligned, and you had to provide the displacement for the byte to be
bit tested, the bit map to test for, the displacement for the logical
comparison and the length of the logical field, and the displacement
for the pointer to the next table entry.

I believe that MTS used it for managing page tables ore something of
the like.  It was a problem state instruction so it could be used by
anyone.  I even used it once.  For me it was a solution looking for a
problem.  I never heard if any of the  MTS shops asked for the RPQ for
later series machines and I doubt that the ones who used V6-8 Amdahl's
could have had the instruction added because they were hardwired.  It
did do a lot for a single instruction fetch.  It had to be
interuptible because of the possibility of page faults, even multiple
page faults during the execution of the instruction.

Does anyone have a description of the SLT instruction?

listed on the 360/67 blue card ... blue card ref:
http://www.garlic.com/~lynn/2001c.html#15 OS/360 (was LINUS for S/390)
http://www.garlic.com/~lynn/2003m.html#35 SR 15,15 was: IEFBR14 Problems

was defined by lincoln labs and found on many 360/67

extract from cp67 describing SLTSIM implementation/operation:
http://www.garlic.com/~lynn/2001h.html#71 IBM 9020 FAA/ATC Systems from 1960's

it was used in in cp67 kernel to search kernel dynamic storage for
allocating block. cp67 frequently searched several hundred blocks that
had used half-dozen instruction loop ... which the SLT instruction was
more efficient. However SLT still required a couple storage fetches per
block searched. For 360/67 w/o SLT instruction, there would be a invalid
op-code program interrupt ... which would be checked and sent off to
SLTSIM for simulation.

With the change to supporting "subpools" for cp67 dynamic kernel storage
allocation ... the use of SLT was eliminated. subpool logic created LIFO
push/pop list for most frequently used kernel storage sizes. The LIFO
implementation took 14-20 instructions (total, depending on whether
tracing was turned on or off). The subpool change handled nearly all
storage requests and drastically reduced the kernel storage management
overhead.

The kernel storage management subpool logic carried over in the morph to
vm370. Even with subpool logic ... the LIFO process still showed up
fairly high on the ECPS analysis (percent of total kernel overhead):
http://www.garlic.com/~lynn/94.html#21 370 ECPS VM microcode assist

not because the pathlength was large ... but it so frequently
invoked ("FRET" is deallocate/push, "FREE" is allocate/pop):

         path                count   time    percent
                                    (mics)     cp
fre+5a8                      73628   132     3.77
   'FRET'
fre+8                        73699   122     3.47
   FREE

misc. past posts mentioning SLT instruction:
http://www.garlic.com/~lynn/93.html#26 MTS & LLMPS?
http://www.garlic.com/~lynn/98.html#20 Reviving the OS/360 thread (Questions about OS/360)
http://www.garlic.com/~lynn/2000d.html#47 Charging for time-share CPU time
http://www.garlic.com/~lynn/2001d.html#23 why the machine word size is in radix 8??
http://www.garlic.com/~lynn/2001d.html#33 Very CISC Instuctions (Was: why the machine word size ...)
http://www.garlic.com/~lynn/2002.html#14 index searching
http://www.garlic.com/~lynn/2002.html#48 Microcode?
http://www.garlic.com/~lynn/2002f.html#54 WATFOR's Silver Anniversary
http://www.garlic.com/~lynn/2002h.html#87 Atomic operations redux
http://www.garlic.com/~lynn/2004l.html#17 IBM 3090 : Was (and fek that) : Re: new computer kits
http://www.garlic.com/~lynn/2005b.html#28 Relocating application architecture and compiler support
http://www.garlic.com/~lynn/2005c.html#35 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2006e.html#40 transputers again was: The demise of Commodore
http://www.garlic.com/~lynn/2006j.html#21 virtual memory

History dictates future of virtualization

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: History dictates future of virtualization
Newsgroups: alt.folklore.computers
Date: Wed, 10 Oct 2007 19:19:25 -0400

History dictates future of virtualization
http://www.regdeveloper.co.uk/2007/10/10/virtualization_bigot/

from above:

Even in the 1970s anyone with any sense could see the advantages
virtualization offered. It separates applications and operating systems
from the hardware. With VM/370 you could even run MVS on top - along
with other operating systems such as Unix. The irony was it took a long
time for VM/370 - now called z/VM - to overtake MVS and take its place
in IBM's product range. By the time it did, it was largely hidden from
view - as such "deep" technology ought to be.

... snip ...

... even if some of the stuff was slightly garbled

The SLT Search LisT instruction - Maybe another one for the Wheelers

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The SLT Search LisT instruction - Maybe another one for the Wheelers
Newsgroups: alt.folklore.computers
Date: Thu, 11 Oct 2007 11:33:19 -0400

"Sarr J. Blumson" <sarr@rygar.gpcc.itd.umich.edu> writes:

The GE-6x5 (and presumably the Honeywell/Bull descendants) had a similar
instruction, RePeatLink, that would execute a target instruction (which
could be a test but didn't have to be) for every element of the list. My
failing mind says it also uses a bunch of registers but I don't remember
any alignment restrictions. But then it was a word addressed machine.

re:
http://www.garlic.com/~lynn/2007q.html#15 The SLT Search LisT instruction - Maybe another one for the Wheelers

sltsim description
http://www.garlic.com/~lynn/2001h.html#71 IBM 9020 FAA/ATC Systems from 1960's

mentions that the elements in the list had to be double word aligned
... aka

from cp/67 reference (pg. 252):

Module name: SLTSIM

Entry point: SLTSIM

Purpose: Simulation of the SLT (search list) instruction on those
360/67s which do not have the RPQ.

Entry conditions:

gpr 0, bits 16-23, contains the key mask.
       bits 24-31, contains the count of the number of elements to be searched
gpr2:  contains the address of the first element (which must be on a doubleword
       boundary)
gpr3:  contains the number of bytes to be compared for the data match (1 through 4)
gpr4:  contains the value of the offset for the data check
gpr5:  contains the value of the offset for the key check
gpr14: contains a pointer to the instruction being simulated

exit conditions

0     - unsuccessful comparion and key test with completion due to count
1     - succesful comparison and unsuccesful key test
2     - unsuccesful comparison and succesful key test
3     - succesful comparison and key test

gpr0:  contains the number of elements unchecked
gpr1:  contains the predecessor element
gpr2:  contains the matched element

...

Fixing our fraying Internet infrastructure

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Thu, 11 Oct 2007 12:21:30 -0400

past couple months seems like there has been barrage of articles on all
sorts of fraying infrastructure ... lots of milking the infrastructure
for whatever can be extracted ... frequently with little or no attention
given to care and maintenance; transportation, roads, bridges, power,
water, etc. There was even a news item the past couple days that a major
overhaul of the nations traffic light system could save 10-12 percent in
energy use ... but the money hasn't been spent for that either.

Fixing our fraying Internet infrastructure
http://news.zdnet.com/2010-1035_22-6212819.html

from above:

The broadband infrastructure in the United States is largely invisible
to all but a few engineers. Were it as visible as a road system it would
appear to be excellent in some places, but riddled with potholes in
others; heavily congested at many times and locations; and in need of
massive redesign.

... snip ...

lots of posts mentioning arpanet/internet
http://www.garlic.com/~lynn/subnetwork.html#internet

and misc. posts specifically about original nsfnet backbone effort
http://www.garlic.com/~lynn/subnetwork.html#nsfnet

Fixing our fraying Internet infrastructure

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Fri, 12 Oct 2007 06:09:59 -0400

Morten Reistad <first@last.name> writes:

The "next generation" internet, ipv6, is almost non-existant in the US,
except from some visionary ISPs. It is growing fast in the far east, and
getting acceptance in europe; this development will be "backwards".

re:
http://www.garlic.com/~lynn/2007q.html#18 Fixing our fraying Internet infrastructure

some of it is addressing ... ala ipv6 ... but there are other things
like physical infrastructure ... ala internet2

Blazingly fast Internet2 gets 10x boost
http://news.yahoo.com/s/ap/faster_internet
Blazingly Fast Internet2 Gets 10x Boost
http://www.redorbit.com/news/technology/1097295/blazingly_fast_internet2_gets_10x_boost/index.html
Blazingly Fast Internet2 Gets 10x Boost
http://www.physorg.com/news111253284.html
Internet2 finishes its nationwide network infrastructure
http://www.networkworld.com/news/2007/100907-internet2.html
100 Gb/s Internet2 completed
http://www.tgdaily.com/content/view/34284/118/

for some archeological drift ... back to nsfnet backbone ... some old email
http://www.garlic.com/~lynn/lhwemail.html#nsfnet
and other posts
http://www.garlic.com/~lynn/subnetwork.html#nsfnet

when we were prevented from bidding on nsfnet backbone ... director of
nsf wrote a letter ... part of which referenced what we already had
deployed (internally) was at least five yrs ahead of all (nsfnet
backbone) bid submissions (to build something new). some of the stuff,
like rate-based pacing didn't really show up until after internet2
started.

Hackers Attack Apps While Still in Development

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Hackers Attack Apps While Still in Development
Newsgroups: alt.folklore.computers
Date: Fri, 12 Oct 2007 06:50:57 -0400

Hackers Attack Apps While Still in Development
http://www.darkreading.com/document.asp?doc_id=136139

from above:

Chess and his fellow researchers at Fortify recently dubbed this class
of vulnerabilities as "cross-build injection." Attackers insert
vulnerabilities and malware into code during the software development
process, rather than the more common approach of finding holes after
the software is operational.

... snip ..

Fortify finds Trojan devs in open source
http://www.cbronline.com/article_news.asp?guid=35137085-5D15-4D62-89A3-BE1F9A486FF5

from above:

Fortify has written a paper documenting the exploit and release a new
rule pack to its tooling to help developers identify and eliminate the
threat. The update to the rule pack also includes support for CWE, an
emerging standard that specifies a common language for identifying
software vulnerabilities.

... snip ...

for other drift

Common Weakness Enumeration
http://cwe.mitre.org/about/index.html

from above:

MITRE began working on the issue of categorizing software weaknesses
as early 1999 when it launched the CVE List. As part of the
development of CVE during the last 5+ years MITRE's CVE Team developed
a preliminary classification and categorization of vulnerabilities,
attacks, faults, and other concepts to help define common software
weaknesses. However, while sufficient for CVE those groupings are too
rough to be used to identify and categorize the functionality offered
within the offerings of the code security assessment industry.

... snip ...

I had complained to MITRE and others about classification difficulty
(using CVE and other similar repositories) ...  past posts mentioning
attempts at classification using CVE
http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
http://www.garlic.com/~lynn/2004f.html#20 Why does Windows allow Worms?
http://www.garlic.com/~lynn/2005b.html#20 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005c.html#28 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005c.html#32 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005d.html#0 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005d.html#67 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005k.html#3 Public disclosure of discovered vulnerabilities
http://www.garlic.com/~lynn/2006x.html#29 "The Elements of Programming Style"

Horrid thought about Politics, President Bush, and Democrats

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Horrid thought about Politics, President Bush, and Democrats  ...
Newsgroups: alt.folklore.computers
Date: Fri, 12 Oct 2007 07:21:02 -0400

jmfbahciv writes:

Hitler couldn't decide between two areas in Russia, so he went
after both:  Moscow and the oil fields southeast of Germany.
That made three fronts.  Hitler didn't have enough men, gear
or supplies to do all three.  From what I've been told, and read,
having two fronts east and west was a bad idea.

internal transportion infrastructure within the country was supposedly
what helped make that even attempted. lessons learned from that
transportation infrastructure supposedly also contributed significantly
to the interstate highway system act. however, that required that the
highway system be built to sustain fairly heavyweight transports.
possibly in the guise of dual-use cost justification ... that then would
require promoting quite a bit of commercial heavyweight traffic.

as been discussed in past posts, it is the commercial heavyweight
traffic that causes nearly all the wear&tear on the transportation
infrastructure ... to the point that highways are designed for axle
ton-mile heavy truck traffic (use by lighter weight vehicles has nearly
no infrastructure wear&tear impact).

recent topic drift:
http://www.garlic.com/~lynn/2007q.html#18 Fixing our fraying Internet infrastructure
http://www.garlic.com/~lynn/2007q.html#19 Fixing our fraying Internet infrastructure

post posts mentioning axle ton-mile wear&tear
http://www.garlic.com/~lynn/2002j.html#41 Transportation
http://www.garlic.com/~lynn/2002j.html#42 Transportation
http://www.garlic.com/~lynn/2004c.html#20 Parallel programming again (Re: Intel announces "CT" aka
http://www.garlic.com/~lynn/2006g.html#5 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#6 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#10 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#12 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#15 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#19 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#24 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#26 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#32 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#35 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#46 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#48 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#49 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#50 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#51 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#52 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#53 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#54 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#56 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#57 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#59 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#60 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#61 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#62 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#0 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#5 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#6 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#11 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#23 The Pankian Metaphor
http://www.garlic.com/~lynn/2006p.html#2 Overweight truckers stopped by tech checks
http://www.garlic.com/~lynn/2006r.html#25 Computer Artifacts
http://www.garlic.com/~lynn/2007n.html#97 Loads Weighing Heavily on Roads

Enterprise: Accelerating the Progress of Linux

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Enterprise: Accelerating the Progress of Linux
Newsgroups: alt.folklore.computers
Date: Fri, 12 Oct 2007 07:37:54 -0400

another item on the new, 40+ yr old technology

Enterprise: Accelerating the Progress of Linux
http://www.linuxinsider.com/story/59781.html

from above ...

To enable the next generation data center and make sure it's built on
Linux, we all need to focus on two key areas --  virtualization and
management. We believe the future of  virtualization lies in
hardware-assisted paravirtualization. People will be using
virtualization for server consolidation, test and development
environments, rapid application deployment, business continuity and
application isolation.

... snip ...

effectively same old song dating back to the 60s (golden oldies).

other recent posts mentioning the new 40+ yr old technology
http://www.garlic.com/~lynn/2007.html#39 Just another example of mainframe costs
http://www.garlic.com/~lynn/2007b.html#23 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007b.html#26 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007d.html#34 Mixed Case Password on z/OS 1.7 and ACF 2 Version 8
http://www.garlic.com/~lynn/2007e.html#20 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#30 Health Care
http://www.garlic.com/~lynn/2007f.html#36 Silly beginner questions
http://www.garlic.com/~lynn/2007f.html#39 Silly beginner questions
http://www.garlic.com/~lynn/2007h.html#77 Linux: The Completely Fair Scheduler
http://www.garlic.com/~lynn/2007j.html#43 z/VM usability
http://www.garlic.com/~lynn/2007k.html#47 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007k.html#52 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007l.html#23 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007m.html#15 Patents, Copyrights, Profits, Flex and Hercules
http://www.garlic.com/~lynn/2007m.html#53 Is Parallel Programming Just Too Hard?
http://www.garlic.com/~lynn/2007m.html#64 Operating systems are old and busted
http://www.garlic.com/~lynn/2007m.html#66 Off Topic But Concept  should be Known To All
http://www.garlic.com/~lynn/2007n.html#27 What if phone company had developed Internet?
http://www.garlic.com/~lynn/2007n.html#29 Programmable TLB management?
http://www.garlic.com/~lynn/2007n.html#30 How would a relational operating system look like?
http://www.garlic.com/~lynn/2007n.html#55 computerworld 40 yr articles
http://www.garlic.com/~lynn/2007n.html#93 How old are you?
http://www.garlic.com/~lynn/2007o.html#31 EZPass: Yes, Big Brother IS Watching You!
http://www.garlic.com/~lynn/2007o.html#36 It's No Secret: VMware to Develop Secure Systems for NSA
http://www.garlic.com/~lynn/2007o.html#38 It's No Secret: VMware to Develop Secure Systems for NSA
http://www.garlic.com/~lynn/2007o.html#39 It's No Secret: VMware to Develop Secure Systems for NSA
http://www.garlic.com/~lynn/2007p.html#7 what does xp do when system is copying
http://www.garlic.com/~lynn/2007p.html#28 Newsweek article--baby boomers and computers
http://www.garlic.com/~lynn/2007p.html#59 Translation of IBM Basic Assembler to C?
http://www.garlic.com/~lynn/2007q.html#3 Virtualization: Don't Ask, Don't Tell

GETMAIN/FREEMAIN and virtual storage backing up

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: GETMAIN/FREEMAIN and virtual storage backing up
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Fri, 12 Oct 2007 08:30:18 -0400

Anne & Lynn Wheeler <lynn@garlic.com> writes:

The first operational 370 hardware supporting virtual memory was a
370/145 engineering processor. However, cp67h with cp67i running in a
370 virtual machine was in regular operation a year before the 370/145
engineering box was operational. In fact, cp67i system was used as
initial software brought up on the 370/145 engineering box.

re:
http://www.garlic.com/~lynn/2007p.html#74 GETMAIN/FREEMAIN and virtual storage backing up

for additional topic drift, another internal project that drew on some
of the cp67h activity was the inciption of the internal HONE
project. lots of past posts mentioning HONE (and/or APL)
http://www.garlic.com/~lynn/subtopic.html#hone

this is at least partially motivated by the 23jun69 unbundling
announcement ... a little topic drift here
http://www.garlic.com/~lynn/2007q.html#13 Does software life begin at 40? IBM updates IMS database
http://www.garlic.com/~lynn/2007q.html#14 Does software life begin at 40? IBM updates IMS database

misc. other posts mentioning unbundling and starting to charge
for application software
http://www.garlic.com/~lynn/subtopic.html#unbundle

the other aspect of unbundling was that it also started to charge for SE
time/services. prior to that, (young/new) SEs picked up a lot of their
experience via "on the job training" ... working with more experienced
SEs on the customer machine. with unbundling and charging customers for
SE services/time, this "hands-on" learning experience evaporated.

somewhat as a substitute, HONE (Hands-On Network Experience) was created
... with a number of 360/67 running a clone of the science centers
http://www.garlic.com/~lynn/subtopic.html#545tech

cp67 system were installed around the country. the idea was that SEs (at
branch offices) could pickup ("hands-on") experience running/testing
operating systems remotely in the HONE cp67 virtual machines.

for slightly other, topic drift ... this recent post
http://www.garlic.com/~lynn/2007q.html#22 Enterprise: Accelerating the Progress of Linux

When initial 370 was announced, virtual memory still wasn't available
... but there were a few new instructions ... and the operating systems
were updated to make use of the new instructions. that is somewhat where
a subset of the "cp67h" enhancements came into play (at HONE) ... it was
possible to run the latest (370) operating systems in cp67 virtual
machines ... with cp67 kernel simulating the latest, new 370
instructions.

Another activity by the science center, effectively resulted in the
direction of HONE completely changing. The science center had also did a
port of apl\360 to cms as cms\apl. Among other things ... APL "work
spaces" could now be 16mbytes ... instead of the 16kbyte-32kbytes
typical of apl\360 ... and an API for operating system functions was
added (things like being able to do file i/o). This allowed APL to start
being used for real-world applications (instead of toy demos that were
frequently the result of the 16k limitation). In this period, APL was
frequently used for lots of things that spreadsheets are used for today.

Quite a few APL applications (like configurators) in support of sales
and marketing were deployed on HONE ... and overtime these started to
consume all available HONE processing ... and the original use for SE
"hands-on" withered and disappeared. After vm370 became available, HONE
upgraded from cp67 to vm370 (and HONE clones started to sprout up around
the world).  Also by the mid-70s, it was no longer possible for
computing system orders to be submitted w/o first having been processed
through some number of HONE APL applications (like configurators).

other posts in this thread:
http://www.garlic.com/~lynn/2007p.html#69 GETMAIN/FREEMAIN and virtual storage backing up
http://www.garlic.com/~lynn/2007p.html#70 GETMAIN/FREEMAIN and virtual storage backing up
http://www.garlic.com/~lynn/2007p.html#73 GETMAIN/FREEMAIN and virtual storage backing up
http://www.garlic.com/~lynn/2007q.html#8 GETMAIN/FREEMAIN and virtual storage backing up

In the 70s, the various (US) HONE datacenters were consolidated in
cal.  with possibly largest "single system image" operation. This
involved quite a few operational and functional enhancements to vm370
supporting load-balancing and fall-over ... that allowed a large
number of loosely-coupled (tightly-coupled) multiprocessors to
effectively operate as single large timesharing service (in part
driven by the significant processing requirements because of using
APL) ... somewhat reminiscent of some modern day advanced
operations. Then because of business continuity considerations,
the california datacenter was replicated first in Dallas, and then a
3rd in Boulder (supporting geographic load-balancing and fall-over).

for even more topic drift ... misc. posts mentioning cp67 and
vm370 based commercial timesharing services
http://www.garlic.com/~lynn/subtopic.html#timeshare

and for some unbundling topic drift ... the original unbundling and
starting to charge for (application) software was motivated by various
litigation activities ... however (at the time), is was justified that
the kernel/supervisor software should still be free (or bundled,
depending on your view).

with the rise of clone processors (and their customers being able to
obtain "free" kernel software), the opinion about charging for kernel
software started to change.

as an undergraduate, i had done a lot of work on dynamic adaptive
resource management for cp67 ... a lot of which shipped in various cp67
releases. however, as part of the morph from cp67 to vm370, a lot of the
dynamic adaptive resource management features disappeared. numerous
customers lobbied thatthe features should be re-introduced in vm370
and eventually i was allowed to put together a large product update
to the vm370 kernel
http://www.garlic.com/~lynn/subtopic.html#fairshare
http://www.garlic.com/~lynn/subtopic.html#wsclock

and i was chosen to be the guinea pig for charging for kernel software
(which met spending a lot of time with lawyers and business people
working out policies/principles for kernel software charging).

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Fri, 12 Oct 2007 13:58:32 -0400

Charlton Wilbur <cwilbur@chromatico.net> writes:

You can consult something like _Applied Cryptography_ for more
details, but the basic approach to authentication is that both sides
have a shared-secret, which they use to authenticate each other and
then to exchange a one-time key that will be used to encrypt traffic.

So no, since both ends need to communicate, it can't be local to
either end.  But it doesn't necessarily need a third party to
participate in the actual exchange, so if there's a power outage for
the entire country where the hardware you're talking to lives, your
problem is not authentication but operation at all.

in public key ... a known public key is "bound" to you. basically
asymmetric key cryptography is some technology. public/private key is
a business process application of asymmetric key technology where one
key is designated as private, kept confidential and never divulged
... and the other key (of the pair) is designated public and made
widely available.

now, anybody can encrypt something for you, with your public key and
they know it can only be decrypted with your private key. this
addresses one of the problems with symmetric key cryptography
involving getting the secret keys distributed (i.e. public keys can be
widely distributed w/o impacting evesdroppers from being able to
impersonate you).

in a lot of common implementations, like SSL, public key cryptography
is viewed as very expensive ... so a layered approach is used. A
random "secret" key is generated and used to encrypt the message; the
secret key is then encrypted with the recipient's public key; the
encrypted random secret key and the encrypted message is then
transmitted. The sender still knows that only the designated recipient
can decrypt the message (since only the designated recipient will be
able to decrypt the random secret key which is then required to
decrypt the rest of the message). Any responses (from the original
recipient) would be encrypted with the original random secret key (you
know that it could only come from them ... since only the original
recipient would be able to discover the random secret key).

In the late 80s and early 90s, there was work on PKIs and x.509
identity digital certificates ... to address the opportunity involving
first time communication between complete strangers ... basically an
electronic analog to the letters of credit/introduction from sailing
ship days.  The issue was in this situation, relying parties had no
other recourse to timely information about complete strangers in first
time communication. The target scenario was left-over from offline
email from the early 80s ... i.e. dial-up your local electronic
post-office, download email, hang-up ... and potentially be faced with
having to process first time email from complete strangers. "digital
certificates" could be appended to these types of communications
... which originated from comingly trusted third parties and could be
verified.

There were a couple issues going into the mid-90s.

First, numerous institutions were starting to realize that x.509
identity digital certificates, frequently overloaded with increasing
amounts of personal information, represented significant liability and
privacy issues. These organizations started retrenching to something
called relying-party-only certificates
http://www.garlic.com/~lynn/subpubkey.html#rpo

which limited the individual information to the individual's public
key and some sort of account number, record locator, and/or userid
that would be used for repository lookup ... where all the necessary
personal information was actually stored. However, in all operations
involving relying-party-only certificates, it was trivial to
demonstrate that the digital certificates were redundant and
superfluous ... since all the actual information would be
retrieved from the repository.

Another issue, was that the digital certificate paradigm involved
stale, static information (originally justified as better than
nothing in a purely offline enviornment for first time interaction
between total strangers). For many operations, access to timely,
aggregated and/or locally-stored historical information represented
significant more value. This started to relegate digital certificate
paradigm to "no-value" operations (that couldn't justify online and/or
local repositories) and/or offline environments.

As the cost of online access dropped and became more ubiquitous
... and the cost of dataprocessing (for repositories) continued to
drop, the "no-value" market niche for digital certificates continued
to shrink (i.e. those "no-value" operations that couldn't justify
their own historical information and/or online access to timely
information).

This unnecessary introduction of digital certificates was recently
replayed in this discussion about public keys for kerberos
http://www.garlic.com/~lynn/2007q.html#2 Windows Live vs Kerberos
http://www.garlic.com/~lynn/2007q.html#5 Windows Live vs Kerberos

VMware: New King Of The Data Center?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: VMware: New King Of The Data Center?
Newsgroups: alt.folklore.computers
Date: Sat, 13 Oct 2007 08:49:39 -0400

more on the new 40+ yr old technology

VMware: New King Of The Data Center?
http://www.informationweek.com/news/showArticle.jhtml?articleID=202401578

from above:

Usually the bully kicks sand in the little guy's face, but VMware is
switching that story. In a speech at LinuxWorld in August, VMware chief
scientist Mendel Rosenblum talked up application-specific operating
systems provided by ISVs that would run on a hypervisor--no
general-purpose OS needed. You can bet Microsoft took notice.

... snip ...

this is somewhat the virtual appliance (or called service virtual
machine from earlier virtual machine environments).

CMS was possibly the original ... started out as "cambridge monitor
system" from the mid-60s,
http://www.garlic.com/~lynn/subtopic.html#545tech

the name changed to "conversational monitor system" in the cp67 to
vm370 morph

Another example was the implementation that was the basis for the
internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet

a couple past posts referencing the original author discovering a nearly
exact conversion of some vnet/rscs code from 360 assembler to C in one
of the major real-time operating systems.
http://www.garlic.com/~lynn/2004q.html#56 CAS and LL/SC (was Re: High Level Assembler for MVS & VM & VSE)
http://www.garlic.com/~lynn/2006y.html#32 "The Elements of Programming Style"
http://www.garlic.com/~lynn/2007p.html#51 Translation of IBM Basic Assembler to C?

other past posts mentioning virtual appliance and/or service
virtual machine:
http://www.garlic.com/~lynn/2002m.html#26 Original K & R C Compilers
http://www.garlic.com/~lynn/2003c.html#77 COMTEN- IBM networking boxes
http://www.garlic.com/~lynn/2004q.html#72 IUCV in VM/CMS
http://www.garlic.com/~lynn/2005.html#59 8086 memory space
http://www.garlic.com/~lynn/2005j.html#58 Q ALLOC PAGE vs. CP Q ALLOC vs ESAMAP
http://www.garlic.com/~lynn/2006p.html#10 What part of z/OS is the OS?
http://www.garlic.com/~lynn/2006t.html#45 To RISC or not to RISC
http://www.garlic.com/~lynn/2006t.html#46 To RISC or not to RISC
http://www.garlic.com/~lynn/2006v.html#22 vmshare
http://www.garlic.com/~lynn/2006w.html#16 intersection between autolog command and cmsback (more history)
http://www.garlic.com/~lynn/2006w.html#25 To RISC or not to RISC
http://www.garlic.com/~lynn/2006w.html#52 IBM sues maker of Intel-based Mainframe clones
http://www.garlic.com/~lynn/2006x.html#6 Multics on Vmware ?
http://www.garlic.com/~lynn/2006x.html#8 vmshare
http://www.garlic.com/~lynn/2007i.html#21 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#36 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007k.html#26 user level TCP implementation
http://www.garlic.com/~lynn/2007k.html#48 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007m.html#67 Operating systems are old and busted
http://www.garlic.com/~lynn/2007m.html#70 Is Parallel Programming Just Too Hard?
http://www.garlic.com/~lynn/2007o.html#3 Hypervisors May Replace Operating Systems As King Of The Data Center

Does software life begin at 40? IBM updates IMS database

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Does software life begin at 40? IBM updates IMS database
Newsgroups: alt.folklore.computers
Date: Sat, 13 Oct 2007 21:21:49 -0400

Paul Hinman <paul.hinman@shaw.ca> writes:

If I remember correctly CICS was single threaded and so did not take
advantage of tightly coupled multi-processors, in our shop we ran
multiple copies of CICS for that reason.  Or is this grandfather just
suffering from creative recall.

re:
http://www.garlic.com/~lynn/2007q.html#14 Does software life begin at 40? IBM updates IMS database

and misc. past posts mentioning cics &/or bdam (access method used
in original/early cics implementation)
http://www.garlic.com/~lynn/subtopic.html#bdam

i.e. CICS did its own multithreading under single operating system
TCB ... limiting it to single processor operation.

The Evolution of CICS: CICS/VS 1.5 Continues CICS' Rapid Growth (1979)
http://www.yelavich.com/history/ev197901.htm

i.e. 1.5 introduced multiple region operation ... each region had
their own TCB ... so could be dispatched concurrently on multiple
different processors. however, one of the reasons for multiple region
operations was each region got its own address space ... which was
(initially) still limited to 16mbytes; however, mvs kernel took
8mbytes in each address space, and the common segment started out
taking 1mbyte out of each address space ... but eventually, for large
operations common segment could be 5-6 mbytes ... leaving possibly
only 2-3mbytes for actual application (i.e. total available for cics
region operation).

The Evolution of CICS: CICS and Multi-region Operation (1980)
http://www.yelavich.com/history/ev198001.htm

later some "large" installations might have in excess of 120 CICS
regions.

The Evolution of CICS: CICS and Multiprocessor Exploitation (2004)
http://www.yelavich.com/history/ev200402.htm

i.e. having more than one "operating system" TCB per region to enable
multithreaded, multiprocessor operation.

other CICS history information
http://www.yelavich.com/history/toc.htm

for instance

The Evolution of CICS: CICS - State of the Art (1992)
http://www.yelavich.com/history/ev199203.htm

and for other drift, from above:

In the early 1990s, IBM acquired Transarc, a company which had its own
support offerings for transaction processing on UNIX-based
systems. Encina would now be offered on MVS-based systems, and some of
its components would satisfy prerequisites for the newly announced CICS
for AIX on RISC System/6000 (CICS/6000). Most notable were the Encina
components, Structure File Server (SFS), Peer-to-peer Executive and
Peer-to-peer Gateway. SFS provided a VSAM-like facility on UNIX and the
Executive and Gateway enabled intersystem communications with TCP and
SNA network.

... snip ...

i've mentioned before that ibm had equally split mit athena funding
with DEC ($25m each) ... but had provided $50m funding for cmu
andrew. andrew included things liked widgets, distributed file system,
microkernel (MACH), and transaction processing (Camelot). it then
provided some of the seed funding when Camelot was split off into
independent company, transarc ... and then bought transarc outright
(which might be considered paying for the same thing three different
times).

mach showed up in number of places ... and still around as apple's
kernel

misc. past posts mentioning transarc
http://www.garlic.com/~lynn/2000.html#64 distributed locking patents
http://www.garlic.com/~lynn/2000e.html#20 Is Al Gore The Father of the Internet?^
http://www.garlic.com/~lynn/2001.html#49 Options for Delivering Mainframe Reports to Outside Organizat ions
http://www.garlic.com/~lynn/2001f.html#59 JFSes: are they really needed?
http://www.garlic.com/~lynn/2001i.html#49 Withdrawal Announcement 901-218 - No More 'small machines'
http://www.garlic.com/~lynn/2002o.html#32 I found the Olsen Quote
http://www.garlic.com/~lynn/2003.html#50 Origin of Kerberos
http://www.garlic.com/~lynn/2004c.html#53 defination of terms: "Application Server" vs. "Transaction Server"
http://www.garlic.com/~lynn/2004h.html#42 Interesting read about upcoming K9 processors
http://www.garlic.com/~lynn/2004n.html#9 RISCs too close to hardware?
http://www.garlic.com/~lynn/2005b.html#1 Foreign key in Oracle Sql
http://www.garlic.com/~lynn/2005q.html#49 What ever happened to Tandem and NonStop OS ?
http://www.garlic.com/~lynn/2006b.html#8 Free to good home: IBM RT UNIX
http://www.garlic.com/~lynn/2007b.html#16 V2X2 vs. Shark (SnapShot v. FlashCopy)

misc. past posts mentioning mach
http://www.garlic.com/~lynn/2000e.html#27 OCF, PC/SC and GOP
http://www.garlic.com/~lynn/2001b.html#14 IBM's announcement on RVAs
http://www.garlic.com/~lynn/2001f.html#23 MERT Operating System & Microkernels
http://www.garlic.com/~lynn/2001n.html#35 cc SMP
http://www.garlic.com/~lynn/2002i.html#73 Unisys A11 worth keeping?
http://www.garlic.com/~lynn/2003.html#46 Horror stories: high system call overhead
http://www.garlic.com/~lynn/2003.html#50 Origin of Kerberos
http://www.garlic.com/~lynn/2003c.html#45 Early attempts at console humor?
http://www.garlic.com/~lynn/2003e.html#25 A Speculative question
http://www.garlic.com/~lynn/2003e.html#33 A Speculative question
http://www.garlic.com/~lynn/2003i.html#66 TGV in the USA?
http://www.garlic.com/~lynn/2003j.html#72 Microkernels are not "all or nothing". Re: Multics Concepts For
http://www.garlic.com/~lynn/2004c.html#53 defination of terms: "Application Server" vs. "Transaction Server"
http://www.garlic.com/~lynn/2004k.html#50 Xah Lee's Unixism
http://www.garlic.com/~lynn/2005b.html#22 The Mac is like a modern day Betamax
http://www.garlic.com/~lynn/2005c.html#44 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005j.html#13 Performance and Capacity Planning
http://www.garlic.com/~lynn/2005j.html#26 IBM Plugs Big Iron to the College Crowd
http://www.garlic.com/~lynn/2005q.html#49 What ever happened to Tandem and NonStop OS ?
http://www.garlic.com/~lynn/2005r.html#43 Numa-Q Information
http://www.garlic.com/~lynn/2006b.html#8 Free to good home: IBM RT UNIX
http://www.garlic.com/~lynn/2006c.html#42 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006c.html#43 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006l.html#43 One or two CPUs - the pros & cons
http://www.garlic.com/~lynn/2006m.html#14 The AN/FSQ-31 Did Exist?!
http://www.garlic.com/~lynn/2007d.html#16 "The Elements of Programming Style"
http://www.garlic.com/~lynn/2007g.html#70 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007i.html#26 Latest Principles of Operation

Does software life begin at 40? IBM updates IMS database

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Does software life begin at 40? IBM updates IMS database
Newsgroups: alt.folklore.computers
Date: Sun, 14 Oct 2007 10:27:11 -0400

Justa Lurker <JustaLurker@att.net> writes:

The individual articles that Lynn linked still seem to be there, but
are there any plans to archive this stuff and maintain its
availability ? It's good !

the wayback machine can be your friend
http://web.archive.org/web/*/http://www.yelavich.com/history/toc.htm

other posts in this thread:
http://www.garlic.com/~lynn/2007q.html#13 Does software life begin at 40? IBM updates IMS database
http://www.garlic.com/~lynn/2007q.html#14 Does software life begin at 40? IBM updates IMS database
http://www.garlic.com/~lynn/2007q.html#26 Does software life begin at 40? IBM updates IMS database

and for some wayback folklore
http://www.archive.org/index.php

wiki article
http://en.wikipedia.org/wiki/Internet_Archive

and more wiki articles
http://en.wikipedia.org/wiki/Brewster_Kahle
http://en.wikipedia.org/wiki/Wide_area_information_server
http://en.wikipedia.org/wiki/Thinking_Machines

misc. past posts mentioning brewster, wais, and/or thinking machines
http://www.garlic.com/~lynn/2000d.html#64 "all-out" vs less aggressive designs
http://www.garlic.com/~lynn/2001c.html#67 What ever happened to WAIS?
http://www.garlic.com/~lynn/2001n.html#17 CM-5 Thinking Machines, Supercomputers
http://www.garlic.com/~lynn/2001n.html#68 CM-5 Thinking Machines, Supercomputers
http://www.garlic.com/~lynn/2001n.html#70 CM-5 Thinking Machines, Supercomputers
http://www.garlic.com/~lynn/2001n.html#83 CM-5 Thinking Machines, Supercomputers
http://www.garlic.com/~lynn/2003.html#44 Will Apple ever offer a newsreader?
http://www.garlic.com/~lynn/2003c.html#29 Will Apple ever offer a newsreader?
http://www.garlic.com/~lynn/2007.html#29 Just another example of mainframe costs

one morning, i happened to be walking (along the charles) from hotel on
the way to a meeting and stopped to watch a worker prying the corporate
letters off the face of the building.

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Sun, 14 Oct 2007 11:19:42 -0400

jmfbahciv writes:

That is because people no longer pay their own bills.  Payments
for medical services have become invisible, and thus, are
considered an infinite pool of money.

one of the issues is what are the fully loaded costs ... for instance,
while salaried workers "see" social security + medicare tax as 7.65
percent ...  it is actually 15.3 percent ... with employers
effectively having to pay the other 7.5 percent before calculating the
salary the individual sees.  this can be more readily seen for
self-employeed individuals which have to pay the full amount.
http://www.ssa.gov/OACT/ProgData/taxRates.html

fully loaded costs also can show up in contracts where the employer
pays employee benefits ... as opposed to it coming out of individuals
"paycheck" (aka it still shows up as part of fully loaded total cost
of having employees ... whether it appears as part of paycheck or
not).

cspan had program this morning with congressman talking about (hidden)
total costs of programs (passed by congress ... making the programs
sound like the subprime teaser rates in the mortgage industry) ...
and if things continue as-is, ... that US will have significantly
higher tax rate than all other industrial countries.

other recent posts related to figuring out fully loaded costs
http://www.garlic.com/~lynn/2007i.html#18 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007q.html#7 what does xp do when system is copying

one of the scenarios from the 90s is projections about combination of
dropping competitiveness of the US workers ... and drastically
increasing taxes (because of projected runaway gov. program costs)
... would result in nearly all high-value jobs/industries moving to
other countries (the very jobs/industries that are required to
generate revenue on which the taxes would need to come from)

what does xp do when system is copying

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Sun, 14 Oct 2007 14:21:00 -0400

Charlton Wilbur <cwilbur@chromatico.net> writes:

This is called a "man in the middle" attack.  Once the two ends have a
shared-secret, it can be used to eliminate this.

there are some issues with man-in-the-middle (MITM) attacks ... lots
of past posts
http://www.garlic.com/~lynn/subintegrity.html#mitm

which can be succesful ... even with various kinds of shared-secrets.

one of the issues is very careful examination of sequence that various
kinds of operations occurs ... this is also somewhat related to
comment that too much complexity can contribute to insecurity ...
recent comments
http://www.garlic.com/~lynn/2007q.html#11 what does xp do when system is copying

there have been some phishing attacks ... where attackers have created a
static copy of valid websites ... then convinced victims to click on
urls taking them to the counterfeit websites ... and then extracted
necessary personal information allowing them to mount various kinds
of account and/or identity fraud.

there have been some countermeasures to such exploits by creating a
shared-secret that the clients use to recognize a valid website.
however, long before such countermeasures were created ... there was a
another kind of much more sophisticated ... but actually much simpler to
deploy ... man-in-the-middle attack ... which subsequently sometimes
been called an "active" mitm-attack (possibly trying to imply that it is
new ... even tho it has been around for a long time).

this involves a bogus website ... that purely acts in much the same way
as widely deployed application proxies ... the actual bogus website is
transparent to the end-user ... other than for the initial URL ... aka
the bogus website has a session with the actual client/user and creates
a separate session with the real website ... pairs the two sessions and
forwards transmissions back&forth transparently between the two
sessions. other than some code borrowed from widely available proxy
technology ... the bogus websites don't actually require any local
files/data in attempt to emulate the valid website (but can still
harvest the personal information necessary for account and/or identity
fraud).

some number of the more recently deployed shared-secret
countermeasures against the static-kind of bogus (phishing) websites
... are still quite vulnerable to the (active) bogus websites that can
relatively trivially borrow from application proxy technology.

what does xp d