List of Archived Posts
2007 Newsgroup Postings (10/25 - 11/07)
- IBM System/3 & 3277-1
- IBM System/3 & 3277-1
- IBM System/3 & 3277-1
- instruction sets, was Direction of Stack Growth
- The history of Structure capabilities
- The history of Structure capabilities
- The history of Structure capabilities
- IBM System/3 & 3277-1
- IBM System/3 & 3277-1
- IBM System/3 & 3277-1
- IBM System/3 & 3277-1
- The history of Structure capabilities
- How to tell a fake SSL certificate from a real one
- What do ATMS and card readers use?
- what does xp do when system is copying
- The history of Structure capabilities
- VM TSM server support
- How to tell a fake SSL certificate from a real one
- How to tell a fake SSL certificate from a real one
- How to tell a fake SSL certificate from a real one
- Abend S0C0
- Is the media letting banks off the hook on payment card security
- Abend S0C0
- Abend S0C0
- How to tell a fake SSL certificate from a real one
- Fixing our fraying Internet infrastructure
- The new urgency to fix online privacy
- Default Search Engines are dangerous, Especially Google <- Domain Name Stealers
- complicated address generation unit?
- The new urgency to fix online privacy
- Is the media letting banks off the hook on payment card security
- Is the media letting banks off the hook on payment card security
- Is the media letting banks off the hook on payment card security
- Students mostly not ready for math, science college courses
- Is the media letting banks off the hook on payment card security
- Is the media letting banks off the hook on payment card security
- Students mostly not ready for math, science college courses
- Translation of IBM Basic Assembler to C?
- Students mostly not ready for math, science college courses
- Translation of IBM Basic Assembler to C?
- Is the media letting banks off the hook on payment card security
- Translation of IBM Basic Assembler to C?
- New 'virtual IT job' could be very real
- does memory still have parity?
- complicated address generation unit?
- Translation of IBM Basic Assembler to C?
- Students mostly not ready for math, science college courses
- Translation of IBM Basic Assembler to C?
- Half a Century of Crappy Computing
- How to tell a fake SSL certificate from a real one
- Translation of IBM Basic Assembler to C?
- Translation of IBM Basic Assembler to C?
- Translation of IBM Basic Assembler to C?
- Fixing our fraying Internet infrastructure
- The new urgency to fix online privacy
- Translation of IBM Basic Assembler to C?
- CSA 'above the bar'
- Translation of IBM Basic Assembler to C?
- Fixing our fraying Internet infrastructure
- Fixing our fraying Internet infrastructure
- Fixing our fraying Internet infrastructure
- The new urgency to fix online privacy
- CSA 'above the bar'
- Translation of IBM Basic Assembler to C?
- CSA 'above the bar'
- CSA 'above the bar'
- The new urgency to fix online privacy
- CSA 'above the bar'
- High order bit in 31/24 bit address
- CSA 'above the bar'
- Latest OECD broadband data puts US in middle of the pack on speed, price
- The new urgency to fix online privacy
- Translation of IBM Basic Assembler to C?
- Translation of IBM Basic Assembler to C?
- System 360 EBCDIC vs. ASCII
- Real storage usage - a quick question
IBM System/3 & 3277-1
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Thu, 25 Oct 2007 20:49:56 -0400
ArarghMail710NOSPAM writes:
Although there might have been an option to the assign.
Besides, a lot of shops used Hasp or some such, and program had no
control of the card reader.
re:
http://www.garlic.com/~lynn/2007q.html#48 IBM System/3 & 3277-1
http://www.garlic.com/~lynn/2007q.html#69 IBM System/3 & 3277-1
http://www.garlic.com/~lynn/2007q.html#70 IBM System/3 & 3277-1
http://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1
for this student class registration app ... it run w/o hasp.
green card reader/punch command codes:
http://www.garlic.com/~lynn/gcard.html#23
from above:
Command Binary Hex
Sense 0000 0100 04
Feed, Select Stacker SS10 F011
Read Only 11D0 F010
Diagnostic Read 1101 0010 D2
Read, Feed, Select Stacker SSD0 F010
there was read, feed, and select stacker in single command
this had the minimum overhead, if you already knew
what stacker the card was going into ... i.e.
SSD0 F010 .... or 1100 0010 ... C2
would do ebcdic read, feed and select stacker 3.
or you could do read separately from feed, select stacker.
for student class registration app ... just do read, feed, select
stacker 3 ... process the information ... and if there was a problem, do
a write, feed, select stacker three ... writing a totally blank card
(idea was just to put a blank colored card behind registration cards
that needed more work).
i had mentioned that i had done port of 1401 mpio application (unit
record frontend for 709) to 360/30. I would do separate read from
feed/select stacker ... not to dynamically select stacker ... but i
wouldn't know before hand whether it was bcd or binary. I would do bcd
read ... and if it got an error, i would reread with binary read
... before doing feed, select stacker.
past posts mentioning hasp
http://www.garlic.com/~lynn/submain.html#hasp
i had done highly optimized os/360 system that included hasp. i got
nearly three times thruput compared to vanilla os/360 plus hasp
(for standard university student job stream).
this is part of presentation i gave at fall '68 share meeting in boston
... mentioning the just os/360 system thruput and performance work
(running on real hardware) ... a lot of cp67 system thruput and
performance work ... and os/360 system thruput in virtual machine.
http://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14
recent posts mentioning doing 1401 mpio port
http://www.garlic.com/~lynn/2007d.html#51 IBM S/360 series operating systems history
http://www.garlic.com/~lynn/2007h.html#52 ANN: Microsoft goes Open Source
http://www.garlic.com/~lynn/2007m.html#73 Operating systems are old and busted
http://www.garlic.com/~lynn/2007n.html#59 IBM System/360 DOS still going strong as Z/VSE
http://www.garlic.com/~lynn/2007p.html#2 what does xp do when system is copying
IBM System/3 & 3277-1
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Thu, 25 Oct 2007 21:22:26 -0400
hancock4 writes:
How did you control routing the cards to the appropriate stacker? My
yellow card has a chart for the 3504/3505 card reader with Commands
for Sense, feed-select stacker, read,feed, select stacker. Tere's a
binary code for a byte, but where does this byte go--the channel
control word (CCW)? Could this be done in COBOL or was assembler
required? (There are other "I/O Command Codes" listed as well.)
original post
http://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1
recent post that discusses part of 2540/3505 ccw op-code format
http://www.garlic.com/~lynn/2007r.html#0 IBM System/3 & 3277-1
the discussion that covered the 2540/3505 ccw op-code (command-code)
format ...
http://www.garlic.com/~lynn/gcard.html#23
was just the "command code" field of the ccw (first byte). here is
format of channel command word (8 bytes, double world)
http://www.garlic.com/~lynn/gcard.html#12
the full 8-byte CCW (from above) is
Format-0 Channel Command Word
0---------------1---------------2---------------3---------------+
| Command code | Data address |
0---------------1---------------2---------------3---------------+
4---------------5---------------6---------------7---------------+
| Flags |///////////////| Byte count |
4---------------5---------------6---------------7---------------+
Standard Command codes Flags
xxxx 0000 Invalid Bit 32 (80) - Chain data
++++ ++01 Write 33 (40) - Chain command
++++ 0100 Sense 34 (20) - Suppress incorrect length
++++ ++10 Read 35 (10) - Suppress data transfer
xxxx 1000 Transfer in Channel 36 (08) - Program controlled interrupt
++++ ++11 Control 37 (04) - Use Indirect Data Address Word
++++ 1100 Read Backward 38 (02) - Suspend
0000 0011 Control No-op 39 (01) - Must be 0
1110 0100 Sense ID
x - Bit Ignored + - Modifier Bit for Specific Type of Device
....
so operating system "access methods" ... effectively i/o libraries were
the same for both cobol and assembler. these "access methods" generated
channel programs (sequences of channel command words) and invoked
kernel/system call for it to be executed. access methods would have some
number of options that could allow various kinds of control
... including things like stacker (however, most systems ran with hasp
or other "spooling" function that handled all the unit record ... and
stored the records as intermediary disk files. by the time an
application got around to executing, the physical cards normally had
long since been processed.
misc. past posts mentioning hasp
http://www.garlic.com/~lynn/submain.html#hasp
"access methods" were library routines typically written in
assembler. it would be possible for application programmers to implement
their own equivalent "access method" code that generated their own
channel programs and directly invoked the kernel/system call to do the
actual i/o operation.
i believe most of the student registration app was in cobol ... but i
wrote some assembler for doing the card reader/punch scenario and some
glue code that it allowed to be called from cobol.
IBM System/3 & 3277-1
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Thu, 25 Oct 2007 21:38:50 -0400
hancock4 writes:
I didn't know the 2540 could read mark-sense spots, was that a
standard or optional feature? I thought mark-sense cards had to be
run through a Reproducer which would read, translate, and punch the
card for the fields coded.
I think the old Reproducers read the marks by touch and conductivity
testing (pencil lead is graphite which conducts), while the 2540 used
photocells to read cards. I believe the pioneer IBM test scoring
machine 'tabulated' the final score merely by checking the current
flow from touching the answer sheet. The more correct answers, the
more current would flow and the further the dial would move on the
meter.
original post:
http://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1
misc. other responses
http://www.garlic.com/~lynn/2007r.html#0 IBM System/3 & 3277-1
http://www.garlic.com/~lynn/2007r.html#1 IBM System/3 & 3277-1
i remember the 2540 having brushes ... and my recollection was that
the 2540 had option to directly read sense marks ... but this was over
40yrs ago ... so i could be wrong (but i have no recollection of the
sense mark cards being preprocessed and generating a "real"
hole-punched equivalent ... for processing by the student class
registration application).
when i was doing the 1401 mpio port ... they would let me have the
machine room for the weekend ... i would pull a 48hr shift from 8am
sat until 8am mon ... and then drag myself off to some monday classes.
after a couple weekends, i learned that the first thing needed doing
was standard operator shift maintenance ... before doing anything
else clean all the tape heads ... and take the 2540 reader/punch apart
and clean all the components (especially the reader read brushes) and
put it back together.
instruction sets, was Direction of Stack Growth
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: instruction sets, was Direction of Stack Growth
Newsgroups: comp.arch.embedded,comp.arch,comp.realtime,comp.dsp
Date: Fri, 26 Oct 2007 07:15:03 -0400
"robertwessel2@yahoo.com" <robertwessel2@yahoo.com> writes:
Amusingly that issue made a reappearance with the z990, where a split
L1 cache (I and D) was introduced. Basically a store into the same
256 byte cache line that that had instructions in it (and was in the
L1I), introduced a significant slow down while a whole lotta flushing
happened.
this is analogous but different to the significant rewrite effort for
both MVS and VM in the 3084 time-frame (four-way multiprocessor) for
kernel storage ... trying to force storage to cache lines and
multiples of cache lines ... so that different storage allocations
didn't overlap in common cache line ... which had the possibility that
different processors were simultaneously operating on different
storage areas sharing common cache line (resulting in significant
cache thrashing).
The history of Structure capabilities
From: Anne & Lynn Wheeler <spamtrap@crayne.org>
Subject: Re: The history of Structure capabilities
Newsgroups: comp.lang.asm.x86,alt.folklore.computers
Date: Fri, 26 Oct 2007 07:41:30 -0400
Frank McCoy <spamtrap@crayne.org> writes:
But ... I figured a way to do both with the same counter.
Supposedly impossible if you read the specifications for the machine.
There's not the slightest possibility in the world that I could have
programmed a HLL language to do either one.
The second relied on *knowing* that no possible routine I could execute
would overflow the counter.
i had a bug report submitted for my resource manager ... i was doing
some calculations using the TOD clock ... 64 bits ... with bit 32 equal
to 1024/1000 of a second. the calculations were happening every 5-10
seconds ... so i did some shifting to fit saved time values into single
(32bit) word. The shifting gave the result a period of approx. 30
minutes. The problem was that the customer had hit the processor stop
button while processor happening to be executing my little bit of code
(couple thousand instructions) ... and left the processor in stop state
for more than 30 minutes. When they hit start, the kernel failed. I
then had divide instruction that resulted in overflow program check
(which the kernel wasn't set up to handle).
There wouldn't have been a problem if
the stop had happened when the processor was executing any other code
.... than the couple thousand instructions that happened every 5-10
seconds on a processors with execution rates of at least several MIPS
.... probability something on the order of 5x10**3/5x10**7 (or less)
.... maybe .0001,
or if they had restarted the processor before 30 minutes was up,
or if the kernel had been prepared to handle a divide overflow.
....
The history of Structure capabilities
From: Anne & Lynn Wheeler <spamtrap@crayne.org>
Subject: Re: The history of Structure capabilities
Newsgroups: comp.lang.asm.x86,alt.folklore.computers
Date: Fri, 26 Oct 2007 08:58:54 -0400
Frank McCoy <spamtrap@crayne.org> writes:
It was the only way though to fit the resulting code in the available
space. Unlike today where if a program needs 16 megabytes of code
space, (Not counting even larger data-spaces) nobody winces or even
hardly notices at all.
recent post (in comp.arch) about growing difficulty (in the past) being
able to fit 2mbyte application into 16mbyte virtual address space
http://www.garlic.com/~lynn/2007q.html#68 Direction of Stack Growth
there was a different problem in the port of apl\360 to cms for
cms\apl.
apl\360 was subsystem that supported 16kbyte workspaces in real memory
environment ... with apl\360 providing its own infrastructure for
timesharing, terminal support, and swapping workspaces.
in port to cms\apl ... all the timesharing and terminal support was
being provided by the underlying cp67 (virtual machine) infrastructure.
the problem then was the garbage collection (storage management)
strategy in apl\360. apl was interpreted with all (interpreted) code and
data in the 16kbyte workspace. part of apl was to always allocate new
storage location on every assignment (even if it involved a variable
that already existed). storage allocation started low (in the workspace)
and proceeded upwards until it hit the top of the workspace ... and
which time it would garbage collect ... collecting all allocated
variables/data into contiguous area of low storage and repeat. Storage
allocation rate was proportional to frequency of assignments (somewhat
independent of the aggregate size of the allocated variables). This
strategy would frequently & repeatedly touch all available storage in
the workspace ... which wasn't too bad with workspace being swapped as
single 16kbyte area.
in the transition to cms\apl ... it moved from single 16kbyte real
storage swapped area ... to potentially 16mbyte virtual address space
that was paged in 4k pages. an application that ran comfortably in
apl\360 16k workspace ... moved to cms\apl running in 16mbyte virtual
address space could cause severe page thrashing (attempting to
frequently and repeatedly touching every virtual page in the address
space). so as part of port to cms\apl and (relatively large) virtual
address spaces ... the whole apl storage and garbage collection
mechanism had to be reworked.
lots of past posts mentioning apl ... and/or HONE ... a large
(cp67-based and later vm370) timesharing service that delivered a lot of
applications, most of which had been implemented in apl
http://www.garlic.com/~lynn/subtopic.html#hone
The history of Structure capabilities
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The history of Structure capabilities
Newsgroups: alt.folklore.computers
Date: Sat, 27 Oct 2007 17:42:46 -0400
paul c <toledobythesea@ooyah.ac> writes:
I met many people in those days who had wildly inflated opinions as to
the number of mainframes there actually were but I remember very
clearly from 1989 or so that there were less than 30,000 VSE active
licences and something like 6,000 MVS licences worldwide.
Even if one accepts your numbers, the point remains that the number of
people to whom mainframe decimal arithmetic is available is dwarfed by
the number who depend on Intel and clone binary arithmetic.
(In the 'old' mainframe days, say before 1990, I remember that IBM,
Amdahl and Hitachi rarely mentioned unit sales, rather dollar sales.
I guess that is because the dollar sales sounded much more impressive
to investors. There must be people on this group who have
authoritative numbers.)
43xx machines was selling into the same market as vax in similar time
period ... although it had higher unit sales ... in part because some
(large commercial) customers did volume orders of hundred(s) at a
time.
past post with decade (78-87) of vax sales sliced/diced
http://www.garlic.com/~lynn/2002f.html#0 Computers in Science Fiction
http://www.garlic.com/~lynn/2005f.html#37 Where should the type information be: in tags and descriptors
in the above, the mid-80s numbers for mid-range were starting to really
drop off ... they were incrased vax sales, but they were microvax
the issue was that this mid-range market started to move to workstations
and larger pcs starting in the mid-80s. at one point there was some
assumption that the 4341 followon ... the 4381, was going to continue
the remarkable sales volumes of 4341 ... but by that time ... the
mid-range market was starting to shift ... similarly for the 4331
following, the 4361. There has been some semi-humerous reference that
the reason that a pair of 4361s (for redundancy) were used as service
processor for 3090s was that there were so many 4361s sitting around in
warehouses
4341 announced 30jan79, withdrawn 11feb86
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP4341.html
3090 announced 12feb85, withdrawn 5may89
http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP3090.html
somewhat based on enormous growth in the early 80s ... in the mid-80s
there was projection that world-wide sales were going to continue to
grow, doubling to $120billion (which spawned massive build-out to double
manufacturing capacity). I made prediction instead that the company was
going to go into the red (unless some significant restructure happened)
... which wasn't exactly a career enhancing thing to say at the time.
When we left in '92 in an "early out" program, i had an exit interview
with an executive who commented that they could have forgiven me for
being wrong, but they were never going to be able to forgive me for
being right. '92 was also the year that the company went into the red.
past posts commenting on the situation:
http://www.garlic.com/~lynn/2005j.html#32 IBM Plugs Big Iron to the College Crowd
http://www.garlic.com/~lynn/2005s.html#16 Is a Hurricane about to hit IBM ?
http://www.garlic.com/~lynn/2006.html#21 IBM up for grabs?
http://www.garlic.com/~lynn/2006.html#22 IBM up for grabs?
http://www.garlic.com/~lynn/2006l.html#17 virtual memory
http://www.garlic.com/~lynn/2006r.html#20 50th Anniversary of invention of disk drives
IBM System/3 & 3277-1
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sat, 27 Oct 2007 18:05:00 -0400
bbreynolds <bbreynolds@aol.com> writes:
This thread started about the 3277-001 used on a System/3 Model 15
(would that be a 5415?): as 3277's relied on the 3271/3272/3275 for
the major portion of their intelligence, I would assume that there
would have had to been some pretty substantial hardware in the
System/3 to make the 3277-001 believe it was attached to a
controller. I can't think how the functions would be split out on a
3277 not on a controller; unless the 3277-001 was "gutted". Any hint
if a cable other than a simple coax connected the 3277 to the CPU?
3277 had quite a bit of local intelligence ... it was possible to do
some custom stuff in the terminal that changed the repeat start-delay
and repeat ... as well as adding fifo to handle keyboard locking up if
you happen to be typing when the system went to (re)write something on
the screen. the move to 3274 controller for 3278/3279/etc terminals ...
moved all that intelligence back into the controller ... reducing amount
of electronics and manufacturing costs. with electronics moved back into
controller ... it also degraded performance and response.
several of us complained about it ... but were told that 327x terminals
were targeted at data entry market and didn't have the requirements for
interactive response and human factors that would be needed for
something like interactive computing. as seen in some of the referenced
performance comparisons ... say
http://www.garlic.com/~lynn/2001m.html#19 3270 protocol
... it was much more difficult to achieve subsecond response with
3274/3278 vis-a-vis 3272/3277. However, for mvs/tso with system response
already on the order of a second (or much worse) ... it was pretty
negligible consideration. however, heavily loaded vm/cms systems tended
to be more on the order of a quarter second (or less, one system i had
care&feeding of ... was on the order of .11 seconds 90th percentile for
trivial interactive under heavy load).
past posts mentioning some (hardware) fixes to 3277 ... and not being
able to doing anything with later 3278/3279 because even that bit of
electronics had been moved back into the controller (and/or some other
3272/3277 issues vis-a-vis 3274/3278).
http://www.garlic.com/~lynn/94.html#23 CP spooling & programming technology
http://www.garlic.com/~lynn/98.html#49 Edsger Dijkstra: the blackest week of his professional life
http://www.garlic.com/~lynn/99.html#28 IBM S/360
http://www.garlic.com/~lynn/99.html#69 System/1 ?
http://www.garlic.com/~lynn/99.html#193 Back to the original mainframe model?
http://www.garlic.com/~lynn/99.html#239 IBM UC info
http://www.garlic.com/~lynn/2000c.html#63 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#65 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#66 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#67 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000d.html#12 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000g.html#23 IBM's mess
http://www.garlic.com/~lynn/2001b.html#12 Now early Arpanet security
http://www.garlic.com/~lynn/2001f.html#49 any 70's era supercomputers that ran as slow as today's supercompu
http://www.garlic.com/~lynn/2001i.html#51 DARPA was: Short Watson Biography
http://www.garlic.com/~lynn/2001k.html#30 3270 protocol
http://www.garlic.com/~lynn/2001k.html#33 3270 protocol
http://www.garlic.com/~lynn/2001k.html#44 3270 protocol
http://www.garlic.com/~lynn/2001k.html#46 3270 protocol
http://www.garlic.com/~lynn/2001l.html#32 mainframe question
http://www.garlic.com/~lynn/2001m.html#17 3270 protocol
http://www.garlic.com/~lynn/2001m.html#19 3270 protocol
http://www.garlic.com/~lynn/2002f.html#14 Mail system scalability (Was: Re: Itanium troubles)
http://www.garlic.com/~lynn/2002i.html#43 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#48 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#50 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002j.html#67 Total Computing Power
http://www.garlic.com/~lynn/2002j.html#74 Itanium2 power limited?
http://www.garlic.com/~lynn/2002j.html#77 IBM 327x terminals and controllers (was Re: Itanium2 power
http://www.garlic.com/~lynn/2002k.html#2 IBM 327x terminals and controllers (was Re: Itanium2 power
http://www.garlic.com/~lynn/2002k.html#6 IBM 327x terminals and controllers (was Re: Itanium2 power
http://www.garlic.com/~lynn/2002m.html#24 Original K & R C Compilers
http://www.garlic.com/~lynn/2002p.html#29 Vector display systems
http://www.garlic.com/~lynn/2002q.html#51 windows office xp
http://www.garlic.com/~lynn/2003b.html#29 360/370 disk drives
http://www.garlic.com/~lynn/2003c.html#18 Early attempts at console humor?
http://www.garlic.com/~lynn/2003c.html#69 OT: One for the historians - 360/91
http://www.garlic.com/~lynn/2003c.html#72 OT: One for the historians - 360/91
http://www.garlic.com/~lynn/2003d.html#23 CPU Impact of degraded I/O
http://www.garlic.com/~lynn/2003d.html#24 CPU Impact of degraded I/O
http://www.garlic.com/~lynn/2003e.html#43 IBM 3174
http://www.garlic.com/~lynn/2003h.html#15 Mainframe Tape Drive Usage Metrics
http://www.garlic.com/~lynn/2003i.html#30 A Dark Day
http://www.garlic.com/~lynn/2003j.html#24 Red Phosphor Terminal?
http://www.garlic.com/~lynn/2003k.html#20 What is timesharing, anyway?
http://www.garlic.com/~lynn/2003k.html#22 What is timesharing, anyway?
http://www.garlic.com/~lynn/2003o.html#14 When nerds were nerds
http://www.garlic.com/~lynn/2003o.html#36 When nerds were nerds
http://www.garlic.com/~lynn/2003p.html#44 Mainframe Emulation Solutions
http://www.garlic.com/~lynn/2004c.html#7 IBM operating systems
http://www.garlic.com/~lynn/2004c.html#30 Moribund TSO/E
http://www.garlic.com/~lynn/2004e.html#0 were dumb terminals actually so dumb???
http://www.garlic.com/~lynn/2004f.html#54 [HTTP/1.0] Content-Type Header
http://www.garlic.com/~lynn/2004g.html#11 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004g.html#24 |d|i|g|i|t|a|l| questions
http://www.garlic.com/~lynn/2004g.html#27 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004l.html#27 Shipwrecks
http://www.garlic.com/~lynn/2004l.html#32 Shipwrecks
http://www.garlic.com/~lynn/2004m.html#8 Whatever happened to IBM's VM PC software?
http://www.garlic.com/~lynn/2004q.html#35 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005e.html#13 Device and channel
http://www.garlic.com/~lynn/2005e.html#32 Stop Me If You've Heard This One Before
http://www.garlic.com/~lynn/2005e.html#33 Stop Me If You've Heard This One Before
http://www.garlic.com/~lynn/2005h.html#38 Systems Programming for 8 Year-olds
http://www.garlic.com/~lynn/2005h.html#40 Software for IBM 360/30
http://www.garlic.com/~lynn/2005r.html#12 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2005r.html#14 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2005r.html#15 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2005r.html#17 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2005r.html#20 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2005r.html#28 Intel strikes back with a parallel x86 design
http://www.garlic.com/~lynn/2005s.html#17 winscape?
http://www.garlic.com/~lynn/2005s.html#45 winscape?
http://www.garlic.com/~lynn/2005u.html#22 Channel Distances
http://www.garlic.com/~lynn/2006.html#42 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006b.html#21 IBM 3090/VM Humor
http://www.garlic.com/~lynn/2006e.html#9 terminals was: Caller ID "spoofing"
http://www.garlic.com/~lynn/2006e.html#28 MCTS
http://www.garlic.com/~lynn/2006i.html#34 TOD clock discussion
http://www.garlic.com/~lynn/2006n.html#24 sorting was: The System/360 Model 20 Wasn't As Bad As All That
http://www.garlic.com/~lynn/2006n.html#51 stacks: sorting
http://www.garlic.com/~lynn/2006n.html#56 AT&T Labs vs. Google Labs - R&D History
http://www.garlic.com/~lynn/2006q.html#10 what's the difference between LF(Line Fee) and NL (New line) ?
http://www.garlic.com/~lynn/2006q.html#16 what's the difference between LF(Line Fee) and NL (New line) ?
http://www.garlic.com/~lynn/2006q.html#58 Intel abandons USEnet news
http://www.garlic.com/~lynn/2006s.html#42 Ranking of non-IBM mainframe builders?
http://www.garlic.com/~lynn/2006t.html#34 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2006t.html#42 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2006u.html#55 What's a mainframe?
http://www.garlic.com/~lynn/2006v.html#19 Ranking of non-IBM mainframe builders?
http://www.garlic.com/~lynn/2006v.html#20 Ranking of non-IBM mainframe builders?
http://www.garlic.com/~lynn/2007.html#14 vm/sp1
http://www.garlic.com/~lynn/2007c.html#5 old productivity response time studies
http://www.garlic.com/~lynn/2007e.html#5 Is computer history taugh now?
http://www.garlic.com/~lynn/2007f.html#70 Is computer history taught now?
http://www.garlic.com/~lynn/2007h.html#39 sizeof() was: The Perfect Computer - 36 bits?
IBM System/3 & 3277-1
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sat, 27 Oct 2007 18:13:21 -0400
Anne & Lynn Wheeler <lynn@garlic.com> writes:
3277 had quite a bit of local intelligence ... it was possible to do
some custom stuff in the terminal that changed the repeat start-delay
and repeat ... as well as adding fifo to handle keyboard locking up if
you happen to be typing when the system went to (re)write something on
the screen. the move to 3274 controller for 3278/3279/etc terminals ...
moved all that intelligence back into the controller ... reducing amount
of electronics and manufacturing costs. with electronics moved back into
controller ... it also degraded performance and response.
re:
http://www.garlic.com/~lynn/2007r.html#7 IBM System/3 & 3277-1
another example of the electronics in 3277 was the 3277ga ... which was
a large tektronics tube that had special adapter to plug into the side
of 3277 terminal. system would write standard 3270 datastream, escape
characters in the datastream would divert output to the 3277ga. 3277ga
was capable of fairly high-performance graphic displays ... at much
lower price than 2250/3250.
misc. past posts mentioning 3277ga
http://www.garlic.com/~lynn/2001i.html#51 DARPA was: Short Watson Biography
http://www.garlic.com/~lynn/2002p.html#29 Vector display systems
http://www.garlic.com/~lynn/2004m.html#8 Whatever happened to IBM's VM PC software?
http://www.garlic.com/~lynn/2006e.html#9 terminals was: Caller ID "spoofing"
http://www.garlic.com/~lynn/2006e.html#28 MCTS
http://www.garlic.com/~lynn/2006q.html#16 what's the difference between LF(Line Fee) and NL (New line) ?
http://www.garlic.com/~lynn/2006v.html#19 Ranking of non-IBM mainframe builders?
http://www.garlic.com/~lynn/2007.html#14 vm/sp1
IBM System/3 & 3277-1
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sun, 28 Oct 2007 08:29:41 -0400
"Rostyslaw J. Lewyckyj" <urjlew@bellsouth.net> writes:
If memory hasn't failed me, we read mark sense cards on something that
was called a 1230. We didn't have one in the computing center. It was
in a separate laboratory somewhere in the School of Education.
We sent the decks over there. I don't remember what we got back.
I think the 1230 may have punched the marked card.
re:
http://www.garlic.com/~lynn/2007q.html#71 IBM System/3 & 3277-1
http://www.garlic.com/~lynn/2007r.html#2 IBM System/3 & 3277-1
wiki mark sense page
http://en.wikipedia.org/wiki/Mark_sense
mentions that 513, 514, 557, and 519 could handle mark sense. also
has pointer to 805 test scoring machine.
513 & 514 reproducing punches could handle mark sense ... so it is
possible that a 513/514 had preprocessed the mark sense student
registration cards ... and the 2540 was only processing the reproduced
punch cards (and i just not paying that much attention).
the wiki reference also has url for 513/514 (pdf) reference manual
IBM System/3 & 3277-1
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM System/3 & 3277-1
Newsgroups: comp.sys.ibm.sys3x.misc,alt.folklore.computers,bit.listserv.ibm-main
Date: Sun, 28 Oct 2007 08:50:54 -0400
Anne & Lynn Wheeler <lynn@garlic.com> writes:
3277 had quite a bit of local intelligence ... it was possible to do
some custom stuff in the terminal that changed the repeat start-delay
and repeat ... as well as adding fifo to handle keyboard locking up if
you happen to be typing when the system went to (re)write something on
the screen. the move to 3274 controller for 3278/3279/etc terminals ...
moved all that intelligence back into the controller ... reducing amount
of electronics and manufacturing costs. with electronics moved back into
controller ... it also degraded performance and response.
re:
http://www.garlic.com/~lynn/2007r.html#7 IBM System/3 & 3277-1
http://www.garlic.com/~lynn/2007r.html#8 IBM System/3 & 3277-1
somebody picking around in some of the referenced old postings, sent
private email asking about reference to ANR download being 2-3 times
faster than DCA download ... and what was ANR ... other than APPN
"Automatic Networking Routing".
ANR was 3272/3277 ... vis-a-vis DCA 3274/3278-9. In addition
to DCA having slower human (real terminal) response ... because
so much of the electronics had been moved back into controller,
it also affected later terminal emulation download thruput.
quicky search engine for 3277 & anr turns up
http://www.classiccmp.org/pipermail/cctech/2007-September/084640.html
misc. past posts mentioning terminal emulation
http://www.garlic.com/~lynn/subnetwork.html#emulation
as client/server started to proliferate ... the communication
group made various attempts (like SAA) to protect their
terminal emulation install base. when we came up with
3tier/multi-tier architecture ... we took lots of heat from
the sna and saa forces. misc. posts mentioning coming up with
multitier networking architecture
http://www.garlic.com/~lynn/subnetwork.html#3tier
for other drift ... APPN started out as AWP164. For a time,
the person responsible and I used to report to the same
executive. I would periodically chide him that the communication
group didn't appreciate what he was doing and that he should
instead work on real networking (like tcp/ip). In fact, the
communication group non-concurred with announcing APPN. After
some delay and escalation, the announcement letter was carefully
rewritten to not state any connection between APPN and SNA.
of course we were also running hsdt project ... misc. posts
http://www.garlic.com/~lynn/subnetwork.html#hsdt
and recent post illustrating gap between what we
were doing and what the communication group was doing
http://www.garlic.com/~lynn/2007p.html#64
part of the issue was that in early days of SNA ... my wife had
co-authored AWP39 ... peer-to-peer networking architecture
... which the communication group possibly viewed as competitive with
their communication activity. she was then con'ed into going to pok to
be in charge of loosely-coupled architecture and was frequently
battling with SNA forces that it wasn't appropriate for
loosely-coupled operation. She came up with peer-coupled shared
data architecture ... which didn't see a lot of uptake until
sysplex ... except for IMS hot-standby ... misc. past references
http://www.garlic.com/~lynn/submain.html#shareddata
recent posts mentioning AWP39
http://www.garlic.com/~lynn/2007b.html#9 Mainframe vs. "Server" (Was Just another example of mainframe
http://www.garlic.com/~lynn/2007b.html#48 6400 impact printer
http://www.garlic.com/~lynn/2007d.html#55 Is computer history taugh now?
http://www.garlic.com/~lynn/2007h.html#35 sizeof() was: The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007h.html#39 sizeof() was: The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007l.html#62 Friday musings on the future of 3270 applications
http://www.garlic.com/~lynn/2007o.html#72 FICON tape drive?
http://www.garlic.com/~lynn/2007p.html#12 JES2 or JES3, Which one is older?
http://www.garlic.com/~lynn/2007p.html#23 Newsweek article--baby boomers and computers
http://www.garlic.com/~lynn/2007q.html#46 Are there tasks that don't play by WLM's rules
The history of Structure capabilities
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The history of Structure capabilities
Newsgroups: alt.folklore.computers
Date: Sun, 28 Oct 2007 09:21:28 -0400
jmfbahciv writes:
In the auld mainframe days, IBM leased their equipment so the
units sold count would have been close to zero. I would
speculate that the reporting of dollars might have been a
habit of the way accounting worked.
also in this thread:
http://www.garlic.com/~lynn/2007r.html#6 The history of Structure capabilities
somewhat motivated by the gov. litigation ... which also contributed to
23jun69 unbundling announcement
http://www.garlic.com/~lynn/submain.html#unbundle
business moved to sales ... and leases were converted to sales.
i've also commented that leases was behind the cpu "meter" that measured
how much the processor was used per month (leases could be one, two,
three, or four shift leases ... i.e. 7x24 was four shift).
leasing and cpu "meter" also had impact on offering 7x24 timesharing
... since offshift use frequently wouldn't cover the increased lease
cost related to running the cpu "meter". somewhat breakthru was various
strategies to leave the system up&running, but idle ... and not run the
cpu "meter" ... aka the "meter" would run when the processor was
executing and/or when i/o channel programs were executing. the trick
was to get a terminal i/o channel program suspended ... to allow
response to incoming characters ... but not run the "meter" when
everything was otherwise idle.
misc. past posts mentioning timesharing
http://www.garlic.com/~lynn/submain.html#timeshare
misc. past posts mentioning cpu "meter"
http://www.garlic.com/~lynn/99.html#86 1401 Wordmark?
http://www.garlic.com/~lynn/2000b.html#77 write rings
http://www.garlic.com/~lynn/2000d.html#40 360 CPU meters (was Re: Early IBM-PC sales proj..
http://www.garlic.com/~lynn/2000d.html#42 360 CPU meters (was Re: Early IBM-PC sales proj..
http://www.garlic.com/~lynn/2002k.html#64 History of AOL
http://www.garlic.com/~lynn/2002l.html#62 Itanium2 performance data from SGI
http://www.garlic.com/~lynn/2002n.html#27 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#49 Tweaking old computers?
http://www.garlic.com/~lynn/2002n.html#52 Computing on Demand ... was cpu metering
http://www.garlic.com/~lynn/2005d.html#4 Self restarting property of RTOS-How it works?
http://www.garlic.com/~lynn/2005e.html#60 Mozilla v Firefox
http://www.garlic.com/~lynn/2005f.html#4 System/360; Hardwired vs. Microcoded
http://www.garlic.com/~lynn/2005k.html#40 IBM/Watson autobiography--thoughts on?
http://www.garlic.com/~lynn/2005o.html#30 auto reIPL
http://www.garlic.com/~lynn/2006c.html#22 Military Time?
http://www.garlic.com/~lynn/2007d.html#23 How many 36-bit Unix ports in the old days?
How to tell a fake SSL certificate from a real one
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Sun, 28 Oct 2007 09:51:34 -0400
Anonymous Sender <anonymous@remailer.metacolo.com> writes:
You're right of course. There's no shortage of inattentive or ignorant
users in the world. But this is a PEBKAC problem, not a software or
security methods issue.
we were called in to consult with this small client/server startup
that wanted to do payments on their server. this resulted in something
that is frequently now called electronic commerce ... misc.
related postings
http://www.garlic.com/~lynn/subnetwork.html#gateway
they also had invented this technology called SSL that they wanted to
use for the payments. As part of the payment transaction stuff ... we
had to do this detailed audit of the SSL protocol as well as walk thru
of this new organizations calling themselves certification authorities
... and these things that they were issuing called digital certificates.
somewhat related past postings
http://www.garlic.com/~lynn/subpubkey.html#sslcert
part of the browser/webserver interaction assumptions for SSL ... was
not only did the users understand the whole PKI gorp ... but were also
required to understand the relationship between the webserver they thot
they were talking to and the corresponding URL. SSL then would provide
for verifying the correspondance between the URL and the webserver they
were actually talking to (both are a requirement in order to result in
the webserver a user actually talks to, is the webserver that the user
thinks they are talking to).
this criteria was almost immediately compromised in actual deployments.
merchants fairly quickly found that use of SSL cut their thruput by
80-90 precent so they regressed to just using SSL for checkout/pay phase
with a CLICK button provided to enduser.
The CLICK button paradigm contributed sigificantly to obfuscating what
the user thot of as a website and the corresponding URL (they were no
longer paying attention to the actual URL used ... in part because they
were no longer actually typing it).
Now there was no longer (any SSL) verification of the initial website
contact ... and the (possibly fraudulent) website was then providing the
CLICK button URL for the SSL portion. An attacker could possibly obtain
a perfectly valid digital certificate that corresponds to the URL
provided by the CLICK button ... and effectively nearly all users would
never pay any attention.
misc. recent posts mentioning this issue:
http://www.garlic.com/~lynn/aadsm26.htm#28 man in the middle, SSL
http://www.garlic.com/~lynn/aadsm26.htm#31 man in the middle, SSL ... addenda 2
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
http://www.garlic.com/~lynn/2007k.html#79 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007q.html#72 Value of SSL client certificates?
http://www.garlic.com/~lynn/2007q.html#73 Value of SSL client certificates?
This obfuscation has also been leveraged by various phishing email
exploits ... either by taking a user to fraudulent impersonation website
(with perfectly valid SSL digital certificate) and/or using some flavor
of proxy technology for a man-in-the-middle attack (again possibly with
perfectly valid SSL digital certificate) ... recent posts discussing a
man-in-the-middle using some form of proxy technology
http://www.garlic.com/~lynn/2007q.html#6 what does xp do when system is copying
http://www.garlic.com/~lynn/2007q.html#29 what does xp do when system is copying
http://www.garlic.com/~lynn/2007q.html#31 what does xp do when system is copying
misc. posts mentioning man-in-the-middle attacks
http://www.garlic.com/~lynn/subintegrity.html#mitm
What do ATMS and card readers use?
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What do ATMS and card readers use?
Newsgroups: comp.protocols.tcp-ip
Date: Sun, 28 Oct 2007 10:27:38 -0400
ediebur writes:
I seem to remember that ATMS and card readers ( credit cards in
checkout lines) used X25, which I haven't seen in 10 years and was
only a formality then, do they still use it?
some of the larger installations ... say large hotels, casinos, etc
would have x.25 leased-line, along with active monitoring and service
level aggreements. other retail establishments with multiple stores
... might aggregate transmissions from stores (standard retail
store-fronts, c-stores, etc) to a regional or corporate concentrator
... which might be then use x.25 leased-line.
however large percentage of point-of-sale terminals ... have been psuedo
pc/xt ... in very compact form-factor and some flash in place of real
harddrive ... and doing real-time ascii modem dial-up (1200 baud) to
some 1-800 number.
we were asked to come in and do some consulting with small client/server
startup that wanted to do some payment transactions on their servers.
they had started out doing a "mall" type paradigm (that was largely
underwritten by a large telco) ... with multiple "store fronts" all
hosted on common platform ... and implemented one of the x.25
leased-line protocols out the backend of the "mall" to the financial
institution processor.
they also had this technology they had invented called SSL which they
wanted to use ... initially in the browser to webserver operations.
this was then converted to individual webservers ... using a SSL tunnel
from the webserver to a "payment gateway" ... which then had a
leased-line x.25 protocol to the financial institution processor.
various posts mentioning some of this
http://www.garlic.com/~lynn/subnetwork.html#gateway
what was carried within the webserver/gateway SSL ... was the
message/packet format that was defined for the x.25 leased-line
operation ... which the gateway could transparently passthru.
part of the issue/project back then was inventing new processes and
procedures that were equivalent to active monitoring related to the
(possibly replicated) leased-line x.25 operation ... and the associated
service level aggreements ... for use in the anarchy of the internet.
one of the issues in the early deployment of the gateway was that the
internet backbone was toing thru transition to hierarchical routing
... and therefor you could no longer advertise your own alternative
routes (as countermeasure to various kinds of outages and/or failures).
as a result we had to fall-back to purely multiple A-record operation
... and the side initiated the request would roll thru the different
listed ip-addresses ... until it got one that connected. we could
mandate this on the webserver/gateway implementation.
however, we ran into some problems with the browser/webserver part. we
claimed that a lot of large merchant websites had similar availability
requirements as the payment gateways (wanting to be able to survive
things like single-point-of-failures). the initial response from the
people implementing the browser code was that such was too complicated
and "advanced" (i.e. not taught in beginning classes) ... even after we
provided them with sample client code from 4.3 tahoe. it took a year to
get multiple a-record support into the browser client side code.
there then was some early transition ... with retail store PC
operations (i.e. vendors that provided card processing software that
ran on "normal" PCs) that would support the tcp/ip gateway operation
in addition to direct dial-up modem operation.
you are now starting to see some number of the customer point-of-sale
hardware terminals also offering tcp/ip communication option.
some of this was based on previously having done ha/cmp product
http://www.garlic.com/~lynn/subtopic.html#hacmp
and two of the people we had worked with at one of the dbms
vendors
http://www.garlic.com/~lynn/95.html#13
http://www.garlic.com/~lynn/96.html#15
had left to join the small client/server startup and were in charge of
developing this thing called a "commerce server".
what does xp do when system is copying
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: what does xp do when system is copying
Newsgroups: alt.folklore.computers
Date: Sun, 28 Oct 2007 10:42:54 -0400
krw <krw@att.bizzzz> writes:
Did you see Hillary's $1M for the "Woodstock Concert Museum"? I
loved John Mccain's retort at the debate a few days ago:
TV "pork barrel" program i saw talked about NY senators' earmark
(directed appropriations) for woodstock and the MASS senators' earmark
(amendment to homeland security bill) for improvements to small island
airports off MASS (suggesting that next time you have long wait in
some large airport security line ... just remember that the money is
going instead for improvements at nantucket airport).
The history of Structure capabilities
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The history of Structure capabilities
Newsgroups: alt.folklore.computers
Date: Sun, 28 Oct 2007 12:01:02 -0400
Anne & Lynn Wheeler <lynn@garlic.com> writes:
43xx machines was selling into the same market as vax in similar time
period ... although it had higher unit sales ... in part because some
(large commercial) customers ordered in units of hundred.
re:
http://www.garlic.com/~lynn/2007r.html#6 The history of Structure capabilities
somewhat related to recent post mentioning timesharing
http://www.garlic.com/~lynn/2007r.html#11 The history of Structure capabilities
other posts mentioning timesharing (60s, 70s, and much of 80s, vm/cms
provided "personal computing" timesharing services)
http://www.garlic.com/~lynn/submain.html#timeshare
at one point the consolidated US hone datacenter (providing online
interactive vm/cms-based service to field, sales and marketing
had upwards of 40k defined users)
http://www.garlic.com/~lynn/subtopic.html#hone
with various HONE clones in datacenters around the world providing
additional service.
in the time-frame the (worldwide) internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet
was growing from 2000 to 2500 nodes (and the internet going thru growth
spurt and finally passing the internal network in number of nodes), it
had coverage of just about all employees in the world (say on the order
of 400k).
circa 1980 the external explosion in 43xx boxes ... also saw a similar
explosion in internal boxes (lots of internal network nodes were
43xx boxes mostly providing vm/cms timesharing service). misc.
old email with 43xx references
http://www.garlic.com/~lynn/lhwemail.html#4341
internally, a lot of the 43xx boxes were going in as "departmental"
boxes ... some locations co-opting departmental conference rooms as
"machine" rooms (contributing to the scarcity of conference rooms, this
was also seen at some number of customers). later, workstations and
larger PC started performing similar capability and as technology shrank
... could even move into smaller "wiring closets"
misc. past posts mentioning departmental machine/servers
http://www.garlic.com/~lynn/2001m.html#15 departmental servers
http://www.garlic.com/~lynn/2001n.html#23 Alpha vs. Itanic: facts vs. FUD
http://www.garlic.com/~lynn/2002.html#2 The demise of compaq
http://www.garlic.com/~lynn/2002.html#7 The demise of compaq
http://www.garlic.com/~lynn/2002d.html#4 IBM Mainframe at home
http://www.garlic.com/~lynn/2002h.html#52 Bettman Archive in Trouble
http://www.garlic.com/~lynn/2002i.html#30 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002j.html#66 vm marketing (cross post)
http://www.garlic.com/~lynn/2003d.html#64 IBM was: VAX again: unix
http://www.garlic.com/~lynn/2003n.html#46 What makes a mainframe a mainframe?
http://www.garlic.com/~lynn/2003o.html#24 Tools -vs- Utility
http://www.garlic.com/~lynn/2004.html#46 DE-skilling was Re: ServerPak Install via QuickLoad Product
http://www.garlic.com/~lynn/2004j.html#57 Monster(ous) sig (was Re: Vintage computers are better
http://www.garlic.com/~lynn/2004k.html#23 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of
http://www.garlic.com/~lynn/2004q.html#71 will there every be another commerically signficant new ISA?
http://www.garlic.com/~lynn/2005f.html#30 Where should the type information be: in tags and descriptors
http://www.garlic.com/~lynn/2005m.html#12 IBM's mini computers--lack thereof
http://www.garlic.com/~lynn/2006p.html#31 "25th Anniversary of the Personal Computer"
http://www.garlic.com/~lynn/2006t.html#37 Are there more stupid people in IT than there used to be?
http://www.garlic.com/~lynn/2007j.html#7 Newbie question on table design
http://www.garlic.com/~lynn/2007m.html#72 The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
http://www.garlic.com/~lynn/2007n.html#20 The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
http://www.garlic.com/~lynn/2007n.html#21 The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
VM TSM server support
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VM TSM server support
Date: Mon, 29 Oct 2007 07:34:00 -0400
Newsgroups: bit.listserv.vmesa-l
especially since TSM was originally renamed/rebanded ADSM .... and the
runup to ADSM was workstation datasave (built on cms) and the precusor
to workstation datasave was CMSBACK.
i had originally done CMSBACK at SJR ... for SJR and the HONE systems
(which i was also provided a lot of support for) ... misc. past
posts mentioning HONE (internal vm/based timesharing service
providing online services for field, sales, and marketing worldwide)
and/or APL (large part of HONE services were implemented in APL)
http://www.garlic.com/~lynn/subtopic.html#hone
some number of past posts mentioning backup/archive systems
http://www.garlic.com/~lynn/submain.html#backup
and couple old email mentioning early CMSBACK activities
... which spread to some number of other internal installations
besides SJR and HONE
http://www.garlic.com/~lynn/lhwemail.html#cmsback
How to tell a fake SSL certificate from a real one
Refed: **, - **, - **, - **, - **
From: lynn@garlic.com
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Mon, 29 Oct 2007 05:16:16 -0700
On Oct 28, 1:22 pm, Krazee Brenda <i...@sanibleone.com> wrote:
Small?
Netscapeware?
re:
http://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL
certificate from a real one
at one time ... way back when.
slightly related archeological post
http://www.garlic.com/~lynn/2007r.html#13 What do ATMS and card readers use?
a couple of people from a large dbms vendor, that we had worked with
when we were doing ha/cmp product
http://www.garlic.com/~lynn/subtopic.html#hacmp
and scaleup for large distributed databases ... had joined the small
startup and were in charge of developing something called a commerce
server.
random post about long ago and far away meeting at the dbms vendor
where some names were mentioned
http://www.garlic.com/~lynn/95.html#13
http://www.garlic.com/~lynn/96.html#15
How to tell a fake SSL certificate from a real one
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Mon, 29 Oct 2007 18:31:07 -0400
Nomen Nescio <nobody@dizum.com> writes:
That's is a patently false statement. If a site spoofs certificates
they're not "perfectly" anything but forgeries. At which point the
problem lies squarely in the hands of the user. And education is the
only way to fix that broken wheel. The finest tools in the world placed
in the hands of the incompetent won't result in a fine family heirloom.
Again, this is in no way an SSL problem. The secure layer that can't be
misused is a myth.
re:
http://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one
the comment wasn't about an attacker spoofing a certificate ... the
comment was about spoofing a website (at a totally different URL)
... for which they might have a perfectly valid certificate.
the phishing attackers have been succesful with "click" paradigm
... claiming to be one thing and actually having duplicated the site
at a totally different website/URL (for which they have a valid
certificate).
the issue was that the original SSL deployment about the end-users
knowing the binding between the site they thought they were talking to
and the URL for that site. Almost immediately there was widely
deployment based on using "click" buttons ... and possibly for most
users, they never acquired a knowledgeable awareness of the URL for
the website they believed they were talking to.
other phishing attacks have used variation on proxy technologies ...
having valid certificate for the URL (they had convinced victims to)
click on. they would create a (SSL) session with the end-user ... and
then also create another (SSL) session with the "real" site ... and
transparently pass communication between the two sessions.
SSL was originally suppose to 1) guarentee that the website that the
user thot they were talking to, was the actual website they were
talking to and 2) encrypt/hide that communication. However, there was
somewhat implicit assumption that the end-user had to explicitly
know/provide the URL for the website they were talking to ... and the
only SSL actually did was guarentee that the website being talked to
corresponded with the provided URL. SSL was widely advertised as "1"
... which allowed attackers to take advantage of the fact that
majority of the users in the world were interacting with websites
... not by explicity entering a known URL ... but by clicking on
buttons (w/o acquiring necessary awareness of the corresponding URL).
This divergent between what SSL was frequently being claimed to solve
and how it was actually being used, started to happen very early.
Part of this was almost immediately the majority of the merchant
ecommerce sites found that use of SSL cut their thruput by
80-90percent. As a result they switched to not using SSL for the
initial connection (which may have been actually entered by a user
instead of clicking), and restricting its use for the pay/checkout
portion of the shopping experience ... which was a click operation
... for a URL provided by (potentially fraudulent) merchant website.
Almost immediately, possibly 99.999 percent of the SSL use in the
world was open to attackers being able to redirect users to a
different URL (which users become conditioned to not pay attention to)
and for which the attackers could have a perfectly valid digital
certificate.
this contributed to some my comments about "comfort" certificate,
mentioned in some of these past posts
http://www.garlic.com/~lynn/subpubkey.html#sslcert
there was a large disconnect between what most users in the world were
conditioned to believe was provided by SSL ... and what SSL was
actually providing.
How to tell a fake SSL certificate from a real one
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Mon, 29 Oct 2007 21:02:48 -0400
"Sebastian G." <seppi@seppig.de> writes:
But was recognized very lately. Wasn't it a study from the Berkeley
University that shocked all intelligent users on the web with the
simple fact that ~ 90% of the users can even read URLs and judge
websites purely by their appearance?
re:
http://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one
http://www.garlic.com/~lynn/2007r.html#13 What do ATMS and card readers use?
http://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
http://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one
no, it was realized very early ... it was built into the original
assumptions for using SSL to meet electronic commerce requirement. The
security issue was how can the user be sure that the website they
thought they were talking to, was the website they were talking to.
SSL was proposed as addressing the problem ... so long as the user had
adequate knowledge and provided the URL for the website they thought
they were talking to ... then SSL would complete the other part of
establishing that the the website being talked to corresponded to the
provided URL.
This was part of end-to-end evaluation of using SSL for electronic
commerce application. The problem was that as soon as the end-user
starting clicking on buttons (that provided the URL) ... it
invalidated the original requirements needed for meeting the
end-to-end security requirements for electronic commerce applications
and the role that SSL played in addressing it.
We saw it as soon as merchants didn't require SSL as part of the full
session (which was another requirement that we had for SSL addressing
the electronic commerce application) ... so the user no longer had
assurance that the merchant website they thought they were talking to,
was the website they were talking to. It then was further aggravated
when the merchant websites started providing the CLICK buttons for
pay/checkout. Since the initial merchant website contact wasn't being
validated ... there was no trust that the website being talked to was
the website the enduser believed they were talking to ... and therefor
could be a fraudulent website. Then the potentially fraudulent
website is providing a URL for pay/checkout ... this could be a
perfectly valid website with a perfectly valid SSL digital certificate
... but operated by fraudulent organization.
It was the small client/server startup that suggested their SSL
invention as electronic commerce solution ... assuring users that the
website that they thought they were talking to was, in fact, the
website they were talking to. This became the widest deployed and
supported purpose for SSL on the web (as well as the main source of
revenue for the entities calling themselves certification
authorities). However, we showed that SSL could only meet those
objectives if certain other criteria were met. When those criteria
were not met ... then it was no longer possible to claim that SSL was
satisfying the security requirements for electronic commerce.
The user had to provide the URL (and understand the relationship
between the website they thought they were talking to and the provided
URL) to satisfy the end-to-end security paradigm needed for
SSL. Anything that interfered with that was going to create security
exposures and vulnerabilities. It was obvious that the whole button
click paradigm would obfuscate the relationship between URL and
website. It was further obvious that security risks were especially
part of any environment where non-validated and non-trusted sources
might provide click buttons (and the corresponding URL). This was part
of the analysis that if the initial merchant website contact/URL
wasn't validated ... then it could be a potentially fraudulent
website, and therefor any click button providing a URL (originating
from a potentially fraudulent website) couldn't also be trusted (even
if it involved a valid SSL digital certificate).
It became really broken when "click" buttons started to show up in
untrusted/unvalidated "spamming" email ... taking the enduser to
fraudulent websites (potentially with valid SSL digital certificates).
However, simple end-to-end security analysis shows that clicking on
buttons (providing URLs) from sources that aren't trusted/validated,
then there isn't a lot of reason to believe the resulting session
(even with SSL) is to be trusted.
Endusers were encouraged to believe that SSL provided end-to-end
security for electronic commerce. this helped convince merchants that
they should pay for the digital certificates in support of SSL
operation. click buttons broke critical part of the end-to-end
paradigm that SSL (for electronic commerce) was dependent on.
Abend S0C0
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Abend S0C0
Newsgroups: alt.folklore.computers
Date: Mon, 29 Oct 2007 21:47:13 -0400
paul c <toledobythesea@ooyah.ac> writes:
sorry, i was way out on that one, i was indeed mis-remembering soc1
which your latest posts out was/is operation exception. maybe i never
even saw exception zero, can't be sure after all this time.
i.e. standard OCx codes started out corresponding to program interrupts.
interrupts:
http://www.garlic.com/~lynn/gcard.html#7
i.e. from above:
Program-interruption-codes (high byte is always zero)
01 - Operation 0C - Exponent overflow 1A - Page state
02 - Privelaged operation 0D - Exponent underflow 1B - Page transition
03 - Execute 0E - Significance 1C - Space-switch eve
04 - Protection 0F - Floating-point divide 1F - PC-transl spec
05 - Addressing 10 - Segment translation 20 - AFX translation
06 - Specification 11 - Page translation 21 - ASX translation
07 - Data 12 - Translation specification 22 - LX translation
08 - Fixed-point overflow 13 - Special operation 23 - EX translation
09 - Fixed-point divide 14 - VM pseudo page fault 24 - Primary auth
0A - Decimal overflow 17 - ASN-translation spec 25 - Secondary auth
0B - Decimal divide 18 - Page access 40 - Monitor event
80 - PER event bit (ORed together with any other program interruption code)
the original question was whether mvt documented/supported 0C0 abend
code for imprecise program interrupts. I don't recollect running
across a reference.
I do remember when dealing with the 370/195 people looking at doing a
dual i-stream version (basically simulating a multiprocessor machine),
they commented that a lot of the difference between 360/195 and
370/195 (besides some of the pre-virtual memory 370 instructions), was
that a lot of instruction retry logic went into 370/195.
I did run across a cms pliopt reference on the web that mentions
specifying "IMP" to generate extra code to correctly handle imprecise
interrupts on 360/91, 360/195, and 370/195).
following is on bitsavers, 1967, os (i.e. mvt) support for 360/91:
http://bitsavers.org/pdf/ibm/360/C28-6666-0_360-91_OSsupport.pdf
it has table on pg. 39 on what is precise and what is imprecise. for
standard/precise interrupts, the ILC field in the program old psw, has
the "length" of the instruction causing the interrupt. for imprecise
interrupts, the ILC field is zero.
on page 10, discussing program first-level interrupt handler, there is
and added note (bar-code from TNL update, aka Page revised by TNL
N28-2308, 1/31/68):
| Note: When an imprecise or a multiple-imprecise program interruption
| causes a task to be terminated, the completion code is "0C0" since the
| last digit reflects the decimal content of bits 26-31 in the program old
| PSW.
which is then translated to S0C0.
misc. past posts mentioning 370/195 dual i-stream investigation:
http://www.garlic.com/~lynn/95.html#3 What is an IBM 137/148 ???
http://www.garlic.com/~lynn/2001j.html#27 Pentium 4 SMT "Hyperthreading"
http://www.garlic.com/~lynn/2001n.html#63 Hyper-Threading Technology - Intel information.
http://www.garlic.com/~lynn/2002g.html#70 Pipelining in the past
http://www.garlic.com/~lynn/2003f.html#33 PDP10 and RISC
http://www.garlic.com/~lynn/2003l.html#48 IBM Manuals from the 1940's and 1950's
http://www.garlic.com/~lynn/2003m.html#60 S/360 undocumented instructions?
http://www.garlic.com/~lynn/2003p.html#3 Hyperthreading vs. SMP
http://www.garlic.com/~lynn/2004.html#27 dual processors: not just for breakfast anymore?
http://www.garlic.com/~lynn/2004e.html#1 A POX on you, Dennis Ritchie!!!
http://www.garlic.com/~lynn/2005.html#5 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#19 The Soul of Barb's New Machine (was Re: creat)
http://www.garlic.com/~lynn/2005f.html#22 System/360; Hardwired vs. Microcoded
http://www.garlic.com/~lynn/2005p.html#14 Multicores
http://www.garlic.com/~lynn/2006c.html#6 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006c.html#29 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006d.html#10 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006r.html#2 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2007.html#36 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007f.html#10 Beyond multicore
http://www.garlic.com/~lynn/2007l.html#34 Is Parallel Programming Just Too Hard?
Is the media letting banks off the hook on payment card security
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Tue, 30 Oct 2007 07:01:40 -0400
Is the media letting banks off the hook on payment card security
http://www.computerworld.com/blogs/node/6446
from above ...
The real problem isn't that some retailers are failing to adequately
secure credit card data. Sure that's an issue. But a much bigger problem
is the fact the entire payment system is decades old, archaic and in
desperate need of a complete security overhaul, she said.
... snip ...
say x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959
where the x9a10 financial standard working group had been given
the requirement to preserve the integrity of the financial
infrastructure for all retail payments ("ALL", as in credit,
debit, stored-value/gift, ach/check, point-of-sale, face-to-face,
card-present, internet, card-not-present, non-face-to-face, aka
ALL)
some of the issues have been discussed in more detail in the postings
dicussing the "naked transaction" metaphor
http://www.garlic.com/~lynn/subintegrity.html#payments
part of the x9a10 working group activity in the mid-90s, was looking at
the exploits involving various kinds of breaches ... effectively in
relationship to the vulnerability of the information (aka "naked
transaction") and numerous thread models. part of the x9.59 standard
wasn't directed at preventing access to the data ... but eliminating the
usefulness of the data to attackers (a kind of armouring every
transaction).
some of this came out of the experience having worked on what is now
commingly referred to as electronic commerce ... for some topic drift
(and archeological applicability) ... recent postings related to that
subject:
http://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real one
http://www.garlic.com/~lynn/2007r.html#13 What do ATMs and card readers use?
http://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
http://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one
http://www.garlic.com/~lynn/2007r.html#19 How to tell a fake SSL certificate from a real one
the "naked transaction" metaphor was somewhat the comment behind that
even if the planet was buried miles deep in encryption, it wouldn't
still eliminate information leakage i..e the information was required in
numerous business processes (frequently backroom operations that might
involve several different people ... and probably not apparent to the
consumer public as directly part of the original transaction) ... and
had to be kept readily available. At the same time, the "naked
transaction" metaphor met that the information had to be kept totally
unavailable and confidential and never accessed by anybody.
various posts making the comment about burying the planet
miles deep in encryption:
http://www.garlic.com/~lynn/aadsm19.htm#45 payment system fraud, etc
http://www.garlic.com/~lynn/aadsm22.htm#36 Unforgeable Blinded Credentials
http://www.garlic.com/~lynn/aadsm23.htm#54 Status of SRP
http://www.garlic.com/~lynn/aadsm24.htm#38 Interesting bit of a quote
http://www.garlic.com/~lynn/aadsm24.htm#48 more on FBI plans new Net-tapping push
http://www.garlic.com/~lynn/aadsm25.htm#13 Sarbanes-Oxley is what you get when you don't do FC
http://www.garlic.com/~lynn/aadsm26.htm#8 What is the point of encrypting information that is publicly visible?
http://www.garlic.com/~lynn/aadsm26.htm#27 man in the middle, SSL ... addenda
http://www.garlic.com/~lynn/aadsm27.htm#3 Solution to phishing -- an idea who's time has come?
http://www.garlic.com/~lynn/2005v.html#2 ABN Tape - Found
http://www.garlic.com/~lynn/2006e.html#26 Debit Cards HACKED now
http://www.garlic.com/~lynn/2006h.html#15 Security
http://www.garlic.com/~lynn/2006o.html#37 the personal data theft pandemic continues
http://www.garlic.com/~lynn/2006p.html#8 SSL, Apache 2 and RSA key sizes
http://www.garlic.com/~lynn/2006u.html#43 New attacks on the financial PIN processing
http://www.garlic.com/~lynn/2006v.html#2 New attacks on the financial PIN processing
http://www.garlic.com/~lynn/2006v.html#49 Patent buster for a method that increases password security
http://www.garlic.com/~lynn/2006y.html#25 "The Elements of Programming Style"
http://www.garlic.com/~lynn/2007b.html#8 Special characters in passwords was Re: RACF - Password rules
http://www.garlic.com/~lynn/2007b.html#20 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007c.html#10 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#33 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#43 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#34 Mixed Case Password on z/OS 1.7 and ACF 2 Version 8
http://www.garlic.com/~lynn/2007e.html#26 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#75 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007g.html#20 T.J. Maxx data theft worse than first reported
http://www.garlic.com/~lynn/2007k.html#76 My Dream PC -- Chip-Based
http://www.garlic.com/~lynn/2007n.html#85 PCI Compliance - Encryption of all non-console administrative access
http://www.garlic.com/~lynn/2007o.html#0 The Unexpected Fact about the First Computer Programmer
http://www.garlic.com/~lynn/2007o.html#28 EZPass: Yes, Big Brother IS Watching You!
Abend S0C0
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Abend S0C0
Newsgroups: alt.folklore.computers,comp.lang.asm370
Date: Tue, 30 Oct 2007 07:25:43 -0400
oops, didn't include comp.lang.asm370 in original post
http://www.garlic.com/~lynn/2007r.html#20 Abend S0C0
I wrote:
following is on bitsavers, 1967, os (i.e. mvt) support for 360/91:
http://bitsavers.org/pdf/ibm/360/C28-6666-0_360-91_OSsupport.pdf
it has table on pg. 39 on what is precise and what is imprecise. for
standard/precise interrupts, the ILC field in the program old psw, has
the "length" of the instruction causing the interrupt. for imprecise
interrupts, the ILC field is zero.
on page 10, discussing program first-level interrupt handler, there is
and added note (bar-code from TNL update, aka Page revised by TNL
N28-2308, 1/31/68):
| Note: When an imprecise or a multiple-imprecise program interruption
| causes a task to be terminated, the completion code is "0C0" since the
| last digit reflects the decimal content of bits 26-31 in the program old
| PSW.
which is then translated to S0C0.
Abend S0C0
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Abend S0C0
Newsgroups: alt.folklore.computers,comp.lang.asm370
Date: Tue, 30 Oct 2007 09:09:34 -0400
re:
http://www.garlic.com/~lynn/2007r.html#20 Abend S0C0
http://www.garlic.com/~lynn/2007r.html#22 Abend S0C0
cms script document formating command was developed at the science
center in the mid-60s (along with lots of other online & interactive
features).
http://www.garlic.com/~lynn/subtopic.html#545tech
this was originally done with "dot" commands ... somewhat descendent of
similar application on CTSS
besides the cms & cp67 publications (from the science center), one of
the early corporate publications using script was principle of
operations. this is fairly apparent from what appears to doing some sort
of photo offset printing from original image produced on 1403 printer
using TN train.
Part of the issue of using script for principle of operations was that
on the command line could specify an option that selectively printed or
not printed various material. The base document for principle of
operations was referred to as the architecture "red book" ... since it
was distributed internally in a red colored three ring binder ... and
was on the order of twice as large as the principle of operations
document. The architecture "red book" had lots of engineering notes,
much more detailed explanation of what was going on, and also included
justifications for why something was done or not done. Using script, it
was possible to have a single document ... where the whole document was
printed (architecture "red book") or just the principle of operations
subset was printed.
the referenced 369/91 document
http://bitsavers.org/pdf/ibm/360/C28-6666-0_360-91_OSsupport.pdf
appears to have been originally printed on 1403 printer with TN
train. One of the issues is whether or not this was done with
cms/script or some other application. the 360/91 document is
left justified with ragged right.
The principle of operations
http://bitsavers.org/pdf/ibm/360/poo/A22-6821-0_360PrincOps.pdf
also appears to be 1403 printer output with TN train ... but is both
left and right justified (with diagrams placed on the page with some
graphics). other principle of operations had even the diagrams from
1403 printer output.
in '69, GML (or generalized markup language) was invented
at the science center (the letters G, M, and L chosen
because of they are initials of three people at the
science center). And GML tag processing was added to the
cms/script command (it wasn't uncommon to find files with
mix of both "dot" and "tag" formatting commands)
GML then morphed into SGML ...
http://www.garlic.com/~lynn/submain.html#sgml
and spawned things like HTML, XML, etc ... originally by way of a
cms/script clone from univ. of waterllo in use at cern ... a reference
describing the morphing of SGML into HTML
http://infomesh.net/html/history/early/
old posts mentioning architecture red-book
http://www.garlic.com/~lynn/2000f.html#35 Why IBM use 31 bit addressing not 32 bit?
http://www.garlic.com/~lynn/2001m.html#39 serialization from the 370 architecture "red-book"
http://www.garlic.com/~lynn/2001n.html#43 IBM 1800
http://www.garlic.com/~lynn/2002g.html#52 Spotting BAH Claims to Fame
http://www.garlic.com/~lynn/2002h.html#69 history of CMS
http://www.garlic.com/~lynn/2002m.html#2 Handling variable page sizes?
http://www.garlic.com/~lynn/2003d.html#76 reviving Multics
http://www.garlic.com/~lynn/2003f.html#52 ECPS:VM DISPx instructions
http://www.garlic.com/~lynn/2003k.html#45 text character based diagrams in technical documentation
http://www.garlic.com/~lynn/2004b.html#57 PLO instruction
http://www.garlic.com/~lynn/2004c.html#1 Oldest running code
http://www.garlic.com/~lynn/2004c.html#6 If the x86 ISA could be redone
http://www.garlic.com/~lynn/2004c.html#51 [OT] Lockheed puts F-16 manuals online
http://www.garlic.com/~lynn/2004h.html#27 Vintage computers are better than modern crap !
http://www.garlic.com/~lynn/2004k.html#45 August 23, 1957
http://www.garlic.com/~lynn/2004p.html#50 IBM 3614 and 3624 ATM's
http://www.garlic.com/~lynn/2005.html#5 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#25 360POO
http://www.garlic.com/~lynn/2005e.html#53 System/360; Hardwired vs. Microcoded
http://www.garlic.com/~lynn/2005f.html#45 Moving assembler programs above the line
http://www.garlic.com/~lynn/2005i.html#40 Friday question: How far back is PLO instruction supported?
http://www.garlic.com/~lynn/2005j.html#39 A second look at memory access alignment
http://www.garlic.com/~lynn/2005j.html#43 A second look at memory access alignment
http://www.garlic.com/~lynn/2005k.html#1 More on garbage
http://www.garlic.com/~lynn/2005k.html#58 Book on computer architecture for beginners
http://www.garlic.com/~lynn/2005n.html#48 Good System Architecture Sites?
http://www.garlic.com/~lynn/2005p.html#45 HASP/ASP JES/JES2/JES3
http://www.garlic.com/~lynn/2006c.html#45 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006h.html#55 History of first use of all-computerized typesetting?
http://www.garlic.com/~lynn/2006o.html#59 Why no double wide compare and swap on Sparc?
http://www.garlic.com/~lynn/2006s.html#53 Is the teaching of non-reentrant HLASM coding practices ever defensible?
http://www.garlic.com/~lynn/2007d.html#32 Running OS/390 on z9 BC
http://www.garlic.com/~lynn/2007f.html#7 IBM S/360 series operating systems history
http://www.garlic.com/~lynn/2007i.html#31 Latest Principles of Operation
How to tell a fake SSL certificate from a real one
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: How to tell a fake SSL certificate from a real one
Newsgroups: alt.comp.freeware,comp.security.misc,alt.privacy.anon-server
Date: Tue, 30 Oct 2007 11:36:30 -0400
Nomen Nescio <nobody@dizum.com> writes:
The URL is still available for the user to inspect if they care to
glance at an address or status bar. So your theory fails on that fact
alone. However *most* users are still going to be providing their own
links when engaging in mission critical activities anyway, in the form
of previously stored (and working) bookmarks or such. Many will even be
typing in www.mybank.com (I do every time I visit my bank site). So
while your "theory" may hold true in select first encounter scenarios,
for the *vast* number of SSL connections it's completely irrelevant
even as a minor modification to the problem of user attentiveness.
re:
http://www.garlic.com/~lynn/2007r.html#12 How to tell a fake SSL certificate from a real on
http://www.garlic.com/~lynn/2007r.html#17 How to tell a fake SSL certificate from a real one
http://www.garlic.com/~lynn/2007r.html#18 How to tell a fake SSL certificate from a real one
http://www.garlic.com/~lynn/2007r.html#19 How to tell a fake SSL certificate from a real one
the counter example is the subsequent vast proliferation of spamming
email with "click" URL and the problem with phishing websites ... as
per previous post.
the theory behind and design point of digital certificates and PKIs
were the letters of intent/introduction from sailing ship days for
first time interaction between strangers where the relying party had
no other recourse to any information about the party they were dealing
with.
this recent post discusses some of the limitations on the actual value
of digital certificates and PKIs in SSL and other protocols for
electronic commerce
http://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game
where, in fact, the vast majority of electronic commerce transactions
involved repeated and/or well-known websites (i.e. transactions rates
quite skewed, negating the underlying justification for using PKI and
digital certificates in these applications).
original justification for using SSL for electronic commerce (by
far the most widely deployed use of SSL in the world) was
• is the website that the user think they are talking to, actually
the website they are talking to (SSL use for this was dependent
on user knowing the relationship between the website they believed
they were talking to and the corresponding URL)
• hiding information (typically transaction account numbers) for
information in transit
going to "known" websites with URLs from trusted repository easily
eliminates the justification and requirement for digital certificates
and PKI operation ... i.e. if there is a trusted respository of URLs
then it is possible to store the associated public keys in the same
repository. this is the certificate-less mode of operation
http://www.garlic.com/~lynn/subpubkey.html#certless
recent discussion about (redundant and superfluous) certificate/PKI
operation being added to the original simple public key specification
for kerberos
http://www.garlic.com/~lynn/2007q.html#2 Windows Live vs Kerberos
http://www.garlic.com/~lynn/2007q.html#5 Windows Live vs Kerberos
or old email from 1981 discussing (pgp-like) public key proposal
http://www.garlic.com/~lynn/2006w.html#email810515
even before we had finished the SSL related activity for
doing payment transactions on the internet ... something
that is frequently now referred to as electronic commerce
http://www.garlic.com/~lynn/subnetwork.html#gateway
... we had started to realize that PKIs and digital certificates were
redundant and superfluous for most applications. As part of deploying
the backend portion (between webservers and something called a payment
gateway) we had specified requirement and implementation for (first)
SSL mutual authentcation. However, both the websites and payment
gateway was registered with the other, respective party ... making the
digital certificates redundant and superfluous (other than re-using
existing SSL library with requirement to have something called a
digital certificate).
Eliminating the requirement for digital certificates ... and having
the client starting out with the server's public key (along with the
servers URL), it is possible to do a drastically simplified and lower
overhead SSL-like protocol.
The case for trusted respository of URLs ... along with the
elimination for any digital certificates ... can be extended to not
only local repositories ... but also online repositories like a
secure, trusted DNS ... where public keys are stored along with the
mapping of domain name to ip-address. Starting out with the
client-side of the protocol already having the server-side public key
... can simplify the protocol ... misc. past posts discussing how
improving the security of DNS (with registered public keys) is
important to SSL domain name certification authorities ... but also
can represent a catch-22 ... resulting in the elimination of any
requirement for PKI, certification authorities, and digital
certificates
http://www.garlic.com/~lynn/subpubkey.html#catch22
in the mid-90s, after having worked on what is now comingly referred
to as electronic commerce (and associated SSL deployments), for
some topic drift ... recent post discussing another aspect of
those deployments
What do ATMs and card readers use?
... we got involved with the x9a10 financial standard working group that
had been given the requirement to preserve the integrity of the
financial infrastructure for all retail payments (internet,
non-internet, point-of-sale, debit, credit, stored-value/gift,
check/ach, card-present, card-not-present, etc ... i.e. ALL). the
result was x9.59 financial standard protocol
http://www.garlic.com/~lynn/x959.html#x959
part of the effort was doing some detailed threat and vulnerability
analysis ... for all kinds of retail transanctions (not just the
internet ones ... represented by electronic commerce, and the largest
deployed use for SSL). A big problem was the ease that account numbers
could be used for performing fraudulent transactions. Account numbers
showed up in a wide variety of places ... things like internet
transmission (i.e. "data-in-flight") where SSL was being used to "hide"
the information ... but also things like transaction repositories
(i.e. "data-at-rest") which were required by a large number of backroom
processes (not normally apparent to customers and the general public).
This is somewhat the general "harvesting" vulnerability (skimming,
evesdropping, data breaches, security breaches, phishing, etc) ... lots
of past posts
http://www.garlic.com/~lynn/subintegrity.html#harvest
the vast number of places that account numbers existed and were
required, led to the comment that even if the planet were buried under
miles of information hiding encryption ... it still couldn't prevent
leakage. so the x9.59 financial standards approach was to eliminate
account number leakage as a vulnerability (i.e. skimming,
evesdropping, data breaches, security breaches,
phishing, etc, could still happen, but the information wouldn't be
useful to the attackers).
the side-effect is not only does it eliminate fraud from data
breaches and security breaches ... but also any
evesdropping exploits on the internet ... the type of thing that SSL
is targeted at preventing (and the major deployment purpose of SSL in
the world today).
First off, there are numerous reasons that PKI and digital
certificates for SSL have become redundant and superfluous.
Then it can be shown that a single, common protocol (x9.59) ... can
eliminate the major deployed use of SSL (for hiding accounts numbers)
at the same time eliminating much of the fraud that can arise
from data and security breaches.
Fixing our fraying Internet infrastructure
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Fixing our fraying Internet infrastructure
Newsgroups: alt.folklore.computers
Date: Tue, 30 Oct 2007 22:46:50 -0400
re:
http://www.garlic.com/~lynn/2007q.html#18 Fixing our fraying Internet infrastructure
http://www.garlic.com/~lynn/2007q.html#19 Fixing our fraying Internet infrastructure
http://www.garlic.com/~lynn/2007q.html#60 Fixing our fraying Internet infrastructure
http://www.garlic.com/~lynn/2007q.html#62 Fixing our fraying Internet infrastructure
Is U.S. Stuck in Internet's Slow Lane?
http://www.redorbit.com/news/technology/1123786/is_us_stuck_in_internets_slow_lane/index.html
from above ...
The United States is starting to look like a slowpoke on the
Internet. Examples abound of countries that have faster and cheaper
broadband connections, and more of their population connected to them.
... snip ...
The new urgency to fix online privacy
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Wed, 31 Oct 2007 09:43:43 -0400
The new urgency to fix online privacy
http://news.zdnet.com/2010-1009_22-6216061.html
from above ...
A decade ago, I started writing about online privacy issues. At the
time, legal colleagues told me that while they found the topic
interesting from an academic standpoint, it had no real world
applications. They encouraged me instead to focus on "real" upcoming
problems, like Y2K.
... snip ...
and ...
Y2K came and went without much lasting effect. But privacy protection
has become a real world industry of its own. Unfortunately, privacy and
security breaches regularly occur these days.
... snip ...
recent post about work on x9.59 financial standard protocol in
the mid-90s to take much of the sting out of data breaches
and security breaches
http://www.garlic.com/~lynn/2007r.html#24 How to tell a fake SSL certificate from a real one
other x9.59 financial standard references
http://www.garlic.com/~lynn/x959.html#x959
one of the issues related to digital certificates was that in the early
90s, there was push for x.509 identity digital certificates. part of the
issue was, what exact personal information might arbitrary relying
parties require ... so there was some direction to increasingly overload
x.509 identity digital certificates with more and more personal
information.
in the mid-90s, several institutions were starting to realize that x.509
identity digital certificates, overloaded with increasing amounts of
personal information, represented significant privacy and liability
problems. somewhat as a result, there was retrenching to digital
certificates that contain little more than a public key and an account
number or other form of record locator (possibly even a "userid")
... where the necessary information was actually located. these were
sometimes referred to as relying-party-only certificates
http://www.garlic.com/~lynn/subpubkey.html#rpo
however, we were able to trivially show that such truncated certificates
were redundant and superfluous ... it was earily possible to run the
public key operations w/o the digital certificates at all
http://www.garlic.com/~lynn/subpubkey.html#certless
part of the issue was the problem faced by some of the public key
payment transaction protocol specification efforts. that even the
truncated relying-party-only digital certificates, appended
to a standard payment transaction, could represent a factor
of 100-times payload and processing bloat (for something that
was purely redundant and superfluous) ... recent post
http://www.garlic.com/~lynn/2007q.html#72 Value of SSL client certificates?
misc. posts mentioning the enormous bloat for payment operations
http://www.garlic.com/~lynn/subpubkey.html#bloat
very similar issues (as with the personal information in the x.509
identity digital certificates) have recently been cropping up (more than
a decade later) in the form of identification cards (again with
potential for being grossly overloaded with increasing amounts of
personal information).
misc. past posts mentioning co-authoring x9.99, financial industry privacy
standard.
http://www.garlic.com/~lynn/aadsm17.htm#45 x9.99 financial PIA standard now available from ANSI e-store
http://www.garlic.com/~lynn/aadsm17.htm#47 authentication and authorization ... addenda
http://www.garlic.com/~lynn/aadsm18.htm#28 x9.99 privacy note
http://www.garlic.com/~lynn/aadsm18.htm#32 EMV cards as identity cards
http://www.garlic.com/~lynn/aadsm19.htm#35 de-identification
http://www.garlic.com/~lynn/aadsm20.htm#2 US consumers want companies fined for security breaches
http://www.garlic.com/~lynn/aadsm25.htm#21 Identity v. anonymity -- that is not the question
http://www.garlic.com/~lynn/aadsm25.htm#26 Fraudwatch - how much a Brit costs, how to be a 419-er, Sarbanes-Oxley rises as fraud rises, the real Piracy
http://www.garlic.com/~lynn/aadsm25.htm#33 Mozilla moves on security
http://www.garlic.com/~lynn/aadsm26.htm#57 Our security sucks. Why can't we change? What's wrong with us?
http://www.garlic.com/~lynn/aadsm27.htm#51 Know Your Enemy: Scott McNeally on security theater
http://www.garlic.com/~lynn/2004l.html#8 x9.99 privacy impact assessemnt (PIA) standard
http://www.garlic.com/~lynn/2005l.html#36 More Phishing scams, still no SSL being used
http://www.garlic.com/~lynn/2005t.html#9 phishing web sites using self-signed certs
http://www.garlic.com/~lynn/2005u.html#18 XBOX 360
http://www.garlic.com/~lynn/2005v.html#3 ABN Tape - Found
http://www.garlic.com/~lynn/2006e.html#44 Does the Data Protection Act of 2005 Make Sense
http://www.garlic.com/~lynn/2006o.html#37 the personal data theft pandemic continues
http://www.garlic.com/~lynn/2006q.html#25 garlic.com
http://www.garlic.com/~lynn/2006v.html#39 On sci.crypt: New attacks on the financial PIN processing
http://www.garlic.com/~lynn/2007b.html#61 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#10 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#72 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007g.html#15 T.J. Maxx data theft worse than first reported
http://www.garlic.com/~lynn/2007o.html#13 EZPass: Yes, Big Brother IS Watching You!
for other drift ... past posts mentioning y2k remediation
http://www.garlic.com/~lynn/99.html#21 Roads as Runways Was: Re: BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/99.html#22 Roads as Runways Was: Re: BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/99.html#23 Roads as Runways Was: Re: BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/99.html#24 BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/99.html#27 Roads as Runways Was: Re: BA Solves Y2K (Was: Re: Chinese
http://www.garlic.com/~lynn/99.html#44 Internet and/or ARPANET?
http://www.garlic.com/~lynn/99.html#78 Mainframes Relevant?
http://www.garlic.com/~lynn/99.html#214 Ask about Certification-less Public Key
http://www.garlic.com/~lynn/2000.html#0 2000 = millennium?
http://www.garlic.com/~lynn/2001.html#68 California DMV
http://www.garlic.com/~lynn/2001n.html#74 The demise of compaq
http://www.garlic.com/~lynn/2002.html#30 Younger recruits versus experienced veterans ( was Re: The demise of compa
http://www.garlic.com/~lynn/2002.html#45 VM and/or Linux under OS/390?????
http://www.garlic.com/~lynn/2002j.html#20 MVS on Power (was Re: McKinley Cometh...)
http://www.garlic.com/~lynn/2002k.html#14 NASA MOC (mainframe mission operations computer) being powere d
http://www.garlic.com/~lynn/2002l.html#49 Do any architectures use instruction count instead of timer
http://www.garlic.com/~lynn/2002o.html#28 TPF
http://www.garlic.com/~lynn/2003p.html#21 Sun researchers: Computers do bad math ;)
http://www.garlic.com/~lynn/2003p.html#33 [IBM-MAIN] NY Times editorial on white collar jobs going
http://www.garlic.com/~lynn/2004b.html#2 The SOB that helped IT jobs move to India is dead!
http://www.garlic.com/~lynn/2004e.html#22 Pre-relational, post-relational, 1968 CODASYL "Survey of Data Base Systems"
http://www.garlic.com/~lynn/2004e.html#48 Data Display & Modeling
http://www.garlic.com/~lynn/2004f.html#39 Who said "The Mainframe is dead"?
http://www.garlic.com/~lynn/2004m.html#51 stop worrying about it offshoring - it's doing fine
http://www.garlic.com/~lynn/2004n.html#11 XML: The good, the bad, and the ugly
http://www.garlic.com/~lynn/2004o.html#66 Integer types for 128-bit addressing
http://www.garlic.com/~lynn/2004q.html#8 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2004q.html#13 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#20 I told you ... everybody is going to Dalian,China
http://www.garlic.com/~lynn/2005c.html#6 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005s.html#16 Is a Hurricane about to hit IBM ?
http://www.garlic.com/~lynn/2006b.html#29 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006c.html#33 Military Time?
http://www.garlic.com/~lynn/2006g.html#21 Taxes
http://www.garlic.com/~lynn/2006h.html#49 Mainframe vs. xSeries
http://www.garlic.com/~lynn/2006k.html#50 TSO and more was: PDP-1
http://www.garlic.com/~lynn/2006o.html#9 Pa Tpk spends $30 million for "Duet" system; but benefits are unknown
http://www.garlic.com/~lynn/2006q.html#54 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006r.html#16 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006s.html#40 Ranking of non-IBM mainframe builders?
http://www.garlic.com/~lynn/2006u.html#13 Year-end computer bug could ground Shuttle
http://www.garlic.com/~lynn/2006u.html#35 Friday fun - Discovery on the pad and the software's not done
http://www.garlic.com/~lynn/2007b.html#26 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007g.html#7 U.S. Cedes Top Spot in Global IT Competitiveness
http://www.garlic.com/~lynn/2007g.html#39 Wylbur and Paging
http://www.garlic.com/~lynn/2007h.html#10 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007l.html#18 Non-Standard Mainframe Language?
http://www.garlic.com/~lynn/2007n.html#38 Is Parallel Programming Just Too Hard?
http://www.garlic.com/~lynn/2007p.html#31 Newsweek article--baby boomers and computers
http://www.garlic.com/~lynn/2007p.html#39 India is outsourcing jobs as well
Default Search Engines are dangerous, Especially Google <- Domain Name Stealers
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Default Search Engines are dangerous, Especially Google <- Domain Name Stealers.
Newsgroups: comp.protocols.tcp-ip
Date: Wed, 31 Oct 2007 11:42:11 -0400
try this instead:
Insider domain name snatching probed
http://news.yahoo.com/s/ap/20071024/ap_on_hi_te/techbit_domain_name_probe
Insider Domain Name Snatching Probed
http://www.physorg.com/news112452609.html
Insider Domain Name Snatching Probed
http://www.redorbit.com/news/technology/1115699/insider_domain_name_snatching_probed/index.html
ICANN probing "insider trading" allegations with domain name
registrations
http://arstechnica.com/news.ars/post/20071024-icann-probing-insider-trading-allegations-with-domain-name-registrations.html
complicated address generation unit?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: complicated address generation unit?
Newsgroups: comp.arch
Date: Wed, 31 Oct 2007 18:34:19 -0400
karthikbalaguru <karthikbalaguru79@gmail.com> writes:
I think modern Processors w.r..t RISC are making things less complex
in the processor level to increase the efficiency. (just as they
reduced the instructions) and making it complex at the compiler level.
I think this must be because of the RISC and other architecture models
that came into existence
i've frequently claimed that john ("father" of risc architecture)
http://domino.research.ibm.com/comm/pr.nsf/pages/news.20020717_cocke.html
efforts in 801/risc were motivated by the high complexity in the failing
future system project (canceled before even being announced)
http://www.garlic.com/~lynn/submain.html#futuresys
one of the things that help put the "nail" in "FS" coffin was evaluation
that claimed if an FS machine was made out of the fastest then available
hardware (370/195) it would have the thruput of about 370/145 (on the
order of 30 times slowdown).
in various meetings in the 70s, there were periodic comments that the
lack (and/or the simplicity) of some (801/risc) hardware feature was
purposeful hardware/software design/complexity tradeoff and would be
compensated for by either something in the cp.r operating system and/or
something in the pl.8 programming language.
various past posts mentioning 801, risc, romp. rios, pc/rt, fort knox,
somerset, power, power/pc, etc.
http://www.garlic.com/~lynn/subtopic.html#801
The new urgency to fix online privacy
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The new urgency to fix online privacy
Newsgroups: alt.folklore.computers
Date: Wed, 31 Oct 2007 21:14:34 -0400
hancock4 writes:
Another part of the problem is that personal information is collected
on us individuals without us even knowing it. Later, this information
can be used against us when we apply for a job, mortgage, credit, or
new apartment. We aren't even aware of the databases or have any way
of knowing if there's erroneous or malicious information placed in
them. There are those in the business community who make use of this
data and staunchly defend its existence and usage.
Again, the power of the Internet and monetary exchange, especially
making overseas transactions as simple as if they occured here, makes
fraud and misuse all the much easier. But people these days travel
overseas extensively and want to use their credit-cards instantly.
People want to use e-commerce easily. Businesses obviously want as
few restrictions as possible on customer transactions.
http://www.garlic.com/~lynn/2007r.html#26 The new urgency to fix online privacy
one of the main reasons that there is name on credit or debit card
... is to allow people at point of sale to check the card name against
matching name on some sort of gov. issued card that has picture (and
check the picture against what the person doing the transaction looks
like). this basically turns something that should have been simply
authentication into effectively identification.
in the mid-90s, EU had made statement that all electronic payment cards
at point-of-sale ... should be as anonymous as cash ... with at least
the name coming off the cards. this implied that the transaction needed
better/stronger form of authentication. this is somewhat the theme of
this slightly earlier post yesterday
http://www.garlic.com/~lynn/2007r.html#21 Is the media letting banks off the hook on payment card security
one of the issues looked at in the mid-90s by the x9a10 financial
standards working group ... given the requirement to preserve the
integrity of the financial infrastructure for all retail payments
... was improving authentication of transaction as well as meeting
various EU privacy directives (for the x9.59 retail transaction
financial standard).
http://www.garlic.com/~lynn/x959.html#x959
some this was also considered in the work on x9.99 privacy financial
standard (while both x9.59 and x9.99 were in the US x9 standards group,
some amount of requirements from around the world were looked at
... looking ahead that both could be moved forward to international ISO
standard).
the other issue looked at in the mid-90s for current spate of financial
transactions was that the account number was basically serving dual
purpose ... both as integral part of a large number of business
processes (not just the immediate transaction authorization transaction
apparent to consumers on the initial operation) as well as
authentication mechanism (knowing the account number was sufficient to
perform a fraudulent transaction). This created strongly diametrically
opposing requirements ... that the account number needed to be readily
and widely available and at the same time the account number had to be
kept confidential and never divulged.
some amount of work went into the x9.59 financial standard to eliminate
the dual purpose use of the account number ... creating a brand new
mechanism for strong authentication ... leaving the account number
having the sole purpose for use in the necessary business process. it
was no longer possible to originate a financial transaction just knowing
the account number ... a valid financial transaction required a totally
different authentication mechanism. with that change, it was no longer
necessary to protect, hide, encrypt, etc ... the account number. as a
side effect, it means that it is no longer necessary to use SSL (on the
internet) for payment transactions to preserve the integrity of the
financial infrastructure. It also eliminates a lot of the repercussions
from numerous data breaches and security breaches.
fundamentally, it comes down to eliminate the dual-use purpose for
account numbers (i.e. one or the other, keep it confidential and never
allow it to be divulged OR make it widely and readily available BUT
don't create a situation where there are simultaneously both
requirements for the same piece of information).
the other effort in x9a10 financial standard working group for the x9.59
was to make it as privacy agnostic as possible.
http://www.garlic.com/~lynn/subpubkey.html#privacy
as a financial standard for all retail payments ... that met it needed
to be usable for credit, debit, stored-value/gift, ach/check, etc. (as
well as point-of-sale, internet, face-to-face, cardholder-present,
cardholder-not-present, etc).
In the credit and debit scenario there is account number, that (at
least in the US) is tied to a bank account which is subject to
gov. "know your customer" mandates (aka it is possible to eliminate a
lot of public information associating a specific account number with a
specific person ... but gov. mandates require that the financial
institution have that association available somewhere). However, there
is nothing in the x9.59 financial standard that prevents it also being
used for "anonymous" accounts (aka "privacy agnostic") ... like is
possible (even in the US) with stored-value/gift cards.
so as part x9.59 ... it created a new transaction authentication
mechanism ... which it is claimed 1) allows names to be removed from
cards (in so far as that has been an implied authentication mechanism)
and 2) eliminates dual-use purpose for account numbers ... so it is no
longer necessary to hide account numbers in order to prevent fraud
... and by implication if account numbers are divulged in data breaches
and/or security breaches ... it won't result in fraud (nothing is done
to eliminate breaches, however breaches that result in fraudulent
financial transactions is largely eliminated).
recent related post & thread drift
http://www.garlic.com/~lynn/2007r.html#24 How to tell a fake SSL certificate from a real one
Is the media letting banks off the hook on payment card security
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is the media letting banks off the hook on payment card security
Newsgroups: alt.folklore.computers
Date: Wed, 31 Oct 2007 21:40:27 -0400
hancock4 writes:
I would say yes to that. Financial nitty-gritty is boring to most
people and the mass media avoids it. (If some banker is caught
sleeping with a data thief, then they'll cover it.) Sadly, it is
vital for consumers to underst