List of Archived Posts
2001 Newsgroup Postings (06/27 - 07/22)
- FREE X.509 Certificates
- distributed authentication
- Root certificates
- distributed authentication
- Extended memory error recovery
- New IBM history book out
- New IBM history book out
- New IBM history book out
- Test and Set (TS) vs Compare and Swap (CS)
- Test and Set (TS) vs Compare and Swap (CS)
- Root certificates
- FREE X.509 Certificates
- FREE X.509 Certificates
- Apple/PowerPC rumors
- Public key newbie question
- Extended memory error recovery
- Root certificates
- Root certificates
- VPN solution for school district
- Root certificates
- Golden Era of Compilers
- Root certificates
- Golden Era of Compilers
- IA64 Rocks My World
- XML: No More CICS?
- Root certificates
- distributed authentication
- Golden Era of Compilers
- Cray at Apple (was Re: Compaq confirms Intel Alpha spin-off)
- any 70's era supercomputers that ran as slow as today's supercomputers?
- Did AT&T offer Unix to Digital Equipment in the 70s?
- Root certificates
- Did AT&T offer Unix to Digital Equipment in the 70s?
- Did AT&T offer Unix to Digital Equipment in the 70s?
- Did AT&T offer Unix to Digital Equipment in the 70s?
- Did AT&T offer Unix to Digital Equipment in the 70s?
- What was object oriented in iAPX432?
- Thread drift: Coyote Union (or Coyote Ugly?)
- distributed authentication
- X.25
- Self-Signed Certificate
- IA64 Rocks My World
- X.25
- The Alpha/IA64 Hybrid
- The Alpha/IA64 Hybrid
- Did AT&T offer Unix to Digital Equipment in the 70s?
- The Alpha/IA64 Hybrid
- The Alpha/IA64 Hybrid
- The Alpha/IA64 Hybrid
- Did AT&T offer Unix to Digital Equipment in the 70s?
- Did AT&T offer Unix to Digital Equipment in the 70s?
- Did AT&T offer Unix to Digital Equipment in the 70s?
- Compaq kills Alpha
- S/370 PC board
- DSRunoff; was Re: TECO Critique
- Using a self-signed certificate on a private network
- YKYBHTLW....
- Q: Internet banking
- TECO Critique
- PKI/Digital signature doesn't work
- PKI/Digital signature doesn't work
- PKI/Digital signature doesn't work
- PKI/Digital signature doesn't work
- PKI/Digital signature doesn't work
- PKI/Digital signature doesn't work
- PKI/Digital signature doesn't work
- [OT] Root Beer (was YKYBHTLW....)
- Installing Fortran
- PKI/Digital signature doesn't work
FREE X.509 Certificates
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: FREE X.509 Certificates
Newsgroups: comp.security.firewalls,comp.security.ssh,comp.lang.java.security,alt.security.announce
Date: Wed, 27 Jun 2001 14:52:59 GMT
russfink@hotmail.com (Russ Fink) writes:
I think I understand your point; however, the intended security of the
public/private keypair should theoretically enable new kinds of
services or solutions architectures that can make use of this added
trust. For example, the DoD is currently rolling out a PKI at an
assurance level that allows certain forms of transactions (information
requests, authorizations) to occur on minimally protected networks.
Soon, their infrastructure will allow high value information to
traverse unprotected networks.
... oh yes, I was on PKI panel at
http://csrc.nist.gov/nissc/1998/index.html
pointer to copy of my part of the talk:
http://lists.commerce.net/archives/ansi-epay/199810/msg00006.html
http://web.archive.org/web/20020223114822/http://lists.commerce.net/archives/ansi-epay/199810/msg00006.html
((moved to http://www.garlic.com/~lynn/nissc21.zip))
one of the first panelists starting their talk by saying something
about everybody having heard about how hard and difficult PKIs are,
well, they really aren't that bad.
the last panelist starting out by saying they have been responsible for
the largest and longest running PKI and everybody has heard about how
hard and difficult PKIs are, well it is really much, much worse.
X9.59 supports abritrarly large financial transactions over all kinds
of networks, protected, unprotect, etc.
The charter given the X9A10 working group for the X9.59 standard was
to preserve the integrity of the financial infrastructure for all
electronic retail payment (account-based) transactions (w/o regard
to origin of the transaction and/or over what kind and/or number of
networks the transaction might flow).
One of the important issues was to achieve this level of integrity
without having to hide information. In many of the current schemes,
information is hidden/encrypted, but there are periodic points where
that information has to be revealed/decrypted. These points have
become exploit points (as can be seen in all the news about exploits
associated with account number harvesting). Achieving the X9.59 level
of integrity w/o having to hide/encrypt data eliminates the points of
exploit for things like account number harvesting (allow the
information to potentially be extracted at all points, and still not
be able to have fraudulent transactions).
random refs:
http://www.garlic.com/~lynn/
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
distributed authentication
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: distributed authentication
Newsgroups: sci.crypt
Date: Wed, 27 Jun 2001 19:55:00 GMT
wahern@25thandClement.com (William Ahern) writes:
i'm looking for information on distributed indentity authentication
(and also access authorization, but not as important right now, unless
those two are necessarily dependent on each other).
i'm interested in mechanisms for flat (non-hierarchical) models that
provide authenication of an indentity. and, more importantly (as
I can find some of these on the internet) critiques/attacks of
any of those models (i.e. like how trust relationships could be
poisoned, etc).
can anyone give me directions/pointers... ?
a more practical note: i'm looking for a system that could be used
in place of something like microsoft's passport service... so that the
only dependency is on the network (and/or some critical characteristic
of its makeup)
something like 99.99999% of the current internet "client"
authentication operations probably occur with RADIUS using
userid/password or in some cases challenge/response.
it is relatively straight-forward process to upgrade RADIUS to also
support public key authentication while preserving the existing
administrative and business process infrastructures and operations.
some discussion of RADIUS upgrade for individual public key authentication:
http://www.garlic.com/~lynn/subtopic.html#radius
references to RADIUS related standards can be found by following
http://www.garlic.com/~lynn/rfcietff.htm
and selecting term (term->RFC#)
and then in the Acronym fastpath selecting "RADIUS"
that will give you all of the current RADIUS related RFCs ... you can
also follow the "authentication" pointer to all authentication related
RFCs.
somewhat related discussions regarding the relm of identity,
authentication and privacy (i.e. blasting identity information all
over the world can come into conflict with privacy regulations and
privacy guidelines)
http://www.garlic.com/~lynn/subtopic.html#privacy
misc. discussions on 3-factor authentication
http://www.garlic.com/~lynn/aadsmore.htm#schneier Schneier: Why Digital Signatures are not Signatures
http://www.garlic.com/~lynn/aadsm5.htm#shock revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm5.htm#shock2 revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/99.html#160 checks (was S/390 on PowerPC?)
http://www.garlic.com/~lynn/2000f.html#65 Cryptogram Newsletter is off the wall?
http://www.garlic.com/~lynn/2001c.html#39 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2001d.html#19 [Newbie] Authentication vs. Authorisation?
slightly related discussion regarding server authentication:
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
if you are into security ... glossary & taxonomy (including authentication,
access control, identity, etc terms)
http://www.garlic.com/~lynn/secure.htm
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Wed, 27 Jun 2001 21:46:55 GMT
"Paul D. J. Vandenberg" writes:
The real issue is whether you can trust the certificate, and
that's very different than asking whether the certificate is
secure. By their nature, certificates are designed to be shared
with the whole world, so secure is not an issue. Trustworthy is.
Do you believe the company is who it says it is? If so, then
there's no problem. But, if you are not convinced the company is
legit because they chose not to pay the (rather stiff) fee for a
server certificate from one of the commercial services, or
because you believe they couldn't pass the certificate issuers'
screening process, then don't trust them.
Regardless of whether you trust the certificate, any SSL session
with the server will be as secure as a session with a server
using a commercially issued certificate -- assuming, that is,
that they're using a reliable server with crypto support that's
correctly implemented.
Paul V.
actually there is an interesting characteristic about SSL domain name
server certificates.
Basically ... SSL checks to see if the domain name you used for the
URL is the same as the domain name listed in the certificate.
The supposed theory behind all this is that there is some question
regarding the integrity of the domain name infrastructure as part of
resolving domain name to IP-address.
However, note that the authoritative agency for who owns a domain name
is the domain name infrastructure. When a SSL domain name server
certificate is applied for, the certification authority needs to
contact the authoritative agency with respect to the information that
it is certifying ... which happens to be the same domain name
infrastructure that supposedly has integrity issues and for which SSL
domain name server certificates are a solution for.
There has been a proposal to improve the domain name infrastructure
integrity (so that certification authorities as part of contacting the
authority agency for the information being certified can better trust
it), which involves the entity registering their domain name to also
register their public key (in the online, real-time domain name
infrastructure database).
The obvious issue here is that by improving the integrity of the
domain name infrastructure, not only is it improved for use by the
certification authorities (wishing to issue certified ssl domain name
server certificates), but the integrity is improved for everyone
(somewhat mitigating the justification of having SSL domain name
server certificates in the first place).
Furthermore, the certification authorities solution for improving the
integrity of the domain name infrastructure (i.e. registration of the
entity's public key in an online, real-time domain name infrastructure
database) would allow the domain name infrastructure to not only
server up real-time, trusted IP-addresses but also to server up
real-time, trusted public keys (w/o reguiring a certificate). The
standard domain name infrastructure already serves up various
information in addition to real-time IP-addresses, so being able to
also serve up real-time, trusted public keys is straight-forward
capability within the current infrastructure.
Now, what does it do for the SSL protocol. There already is a bunch of
chatter involving relatively large certificate objects. This is in
addition to the fact that the current infrastructure isn't a "REAL"
PKI ... but purely a certificate manufacturing and distribution
mechanism. All the questions about unimplemented PKI features like
following the trust chain, management of revoked certificates, etc.
all goes away. The SSL protocol could simply get a real-time, trusted
public key at the same time it acquires real-time, trusted IP-address.
misc. related discussion
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
distributed authentication
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: distributed authentication
Newsgroups: sci.crypt
Date: Wed, 27 Jun 2001 22:10:06 GMT
Anne & Lynn Wheeler writes:
if you are into security ... glossary & taxonomy (including authentication,
access control, identity, etc terms)
http://www.galric.com/~lynn/secure.htm
oops, finger/brain check ...
http://www.garlic.com/~lynn/secure.htm
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Extended memory error recovery
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Extended memory error recovery
Newsgroups: comp.arch
Date: Thu, 28 Jun 2001 00:17:06 GMT
at150bogomips@aol.com (At150bogomips) writes:
After reading Sun's (oldish) white paper on RAS ("Ultra(TM)Enterprise(TM)
10000 Server: SunTrust(TM) Reliability, Availability, and
Serviceability"(1997)), I wondered if any (more recent) systems have
better recovery from memory errors. E.g., Sun's white paper did not
mention the possibility of the OS treating an instruction memory error
as a page fault (presumably the code is retained on disk). The paper
also did not mention the possibility of an uncorrectable (by ECC
hardwre) memory error in cache being recoverable if the cache block is
shared. It was also not clear if a cache error would go down to main
memory if the block was not dirty (this assumes that the state bits
are available).
there has been a discussion recently about an issue in the early '70s
with compare&swap and multiprocessor operationg with regard to the 370
instruction retry (i.e. there was very extensive RAS infrastructure
that extended to fairly complex instruction error retry as part of
extensive error recovery scenerios). While these systems may have also
had better recovery from memory errors, they are hardly more recent
(being 30 years old).
part of the thread
http://www.garlic.com/~lynn/2001f.html#41 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001f.html#61 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001f.html#69 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001f.html#70 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001f.html#73 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001f.html#74 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001f.html#75 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001f.html#76 Test and Set (TS) vs Compare and Swap (CS)
misc. other ref:
http://www.garlic.com/~lynn/subtopic.html#smp
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
New IBM history book out
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: New IBM history book out
Newsgroups: alt.folklore.computers
Date: Thu, 28 Jun 2001 14:36:53 GMT
lwinson@bbs.cpcn.com (lwin) writes:
A former executive of IBM, its first women vice president, has written
a book about her experiences. It touches on the 1930s, 1940s, and
1950s.
The book is titled "Among Equals", ISBN # 0887392199, by
Ruth Leach Amonette. Avail in both hardbound and paperback.
While not a formal substantive history, the book is a pleasant
look at life in that era, and what it was like working for
Thomas J. Watson, Sr. as he expanded IBM. Some of it parallels
"Father, Son & Co."
For those interested in IBM and social conditions of that era,
I would recommend the book.
note quite so old ... but found an online copy of the "IBM JARGON"
file (from early 80s)
http://www.212.net/business/jargon.htm
http://web.archive.org/web/20020601123619/http://www.212.net/business/jargon.htm
besides getting blamed for originating the 360 PCM controller business
http://www.garlic.com/~lynn/subtopic.html#360pcm
I also got a lot of blame for "Tandem Memos", see entry in
http://www.212.net/business/jargont.htm
http://web.archive.org/web/20020601123619/http://www.212.net/business/jargont.htm
when somebody mailed off copies to all members of the executive
committee in tandem 3-ring binders.
Not in that particular edition of the jargon file was the definition
of "auditors" (i.e. the guys that go around the battlefield after a
war stabbing the wounded). When SJR/028 first deployed 6670s
(basically ibm copier-3 able to print on both sides of page, but with
computer driven interface), the "separator" page function (with
originating person) had an added function to randomly pick some entry
from the online jargon file and print it on the separator page
(i.e. the user information only occupied about 10% of the page so the
rest was blank).
That led to an unfortunate incident when there was a security audit,
and some auditors checking 6670 printer rooms around the building
found output with the definition of auditors printed on it and assumed
that it was directed specifically at them.
some random 6670 refs (specifically 99.html#52)
http://www.garlic.com/~lynn/2000b.html#29 20th March 2000
http://www.garlic.com/~lynn/2000d.html#81 Coloured IBM DASD
http://www.garlic.com/~lynn/2000e.html#1 What good and old text formatter are there ?
http://www.garlic.com/~lynn/2001b.html#50 IBM 705 computer manual
http://www.garlic.com/~lynn/99.html#42 Enter fonts (was Re: Unix case-sensitivity: how did it originate?
http://www.garlic.com/~lynn/99.html#43 Enter fonts (was Re: Unix case-sensitivity: how did it originate?
http://www.garlic.com/~lynn/99.html#52 Enter fonts (was Re: Unix case-sensitivity: how did it originate?
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
New IBM history book out
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: New IBM history book out
Newsgroups: alt.folklore.computers
Date: Thu, 28 Jun 2001 15:20:20 GMT
Anne & Lynn Wheeler writes:
I also got a lot of blame for "Tandem Memos", see entry in
http://www.212.net/business/jargont.htm
http://web.archive.org/web/20020601123619/http://www.212.net/business/jargont.htm
the above version is little dated ... since a slightly later version
had the last sentence added.
Tandem Memos n. Something constructive but hard to control; a fresh of
breath air (sic). "That's another Tandem Memos." A phrase to worry
middle management. It refers to the computer-based conference (wide-
ly distributed in 1981) in which many technical personnel expressed
dissatisfaction with the tools available to them at that time, and
also constructively criticised the way products were [are] developed.
The memos are required reading for anyone with a serious interest in
quality products. If you have not seen the memos, try reading the
November 1981 Datamation summary.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
New IBM history book out
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: New IBM history book out
Newsgroups: alt.folklore.computers
Date: Thu, 28 Jun 2001 16:01:35 GMT
Anne & Lynn Wheeler writes:
I also got blamed for "Tandem Memos", see entry in
http://www.212.net/business/jargont.htm
http://web.archive.org/web/20020601123619/http://www.212.net/business/jargont.htm
slightly related entry
[MIP envy]
n. The term, coined by Jim Gray in 1980, that began the
Tandem Memos (q.v.). MIP envy is the coveting of other's
facilities - not just the CPU power available to them, but also
the languages, editors, debuggers, mail systems and
networks. MIP envy is a term every programmer will
understand, being another expression of the proverb The
grass is always greener on the other side of the fence.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Test and Set (TS) vs Compare and Swap (CS)
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Test and Set (TS) vs Compare and Swap (CS)
Newsgroups: comp.lang.asm370
Date: Thu, 28 Jun 2001 17:26:08 GMT
Wild Bill writes:
This is all true and probably works according to spec TODAY. But in the not
so distant past (I last knew about it in 1996/97), there were documented
instances where it was not honored. The way it workED was if you put two
lock words adjacent, or even within a cache line, to each other, and you did
simultaneous (within nanoseconds of each other) CS's by two processors each
going against the other word, at some point it would fail with no indication
or retry attempted. We had it nailed to a particular vendor and system
model, even though we were not allowed to ask that question or point
fingers.
charlie discovered a hardware problem on 360/67 that never did get
fixed (Charlie invented CS ... and in fact, CS are his initials,
coming up with mnemonic for his initials was a couple month effort,
also the POK owners of POP required that a CS use in non-SMP world be
invented before it would be added, which gave rise to the invention
for thread-safe operation for non-disabled, multithreaded code that
original showed up in the CS programming notes).
turns out on the 67 there was only a single STO-stack ... so any time
you changed the STO-pointer control register (it was CR0 on 67, it
moved to CR1 for 370 relocate, in part because pre-relocate 370 had
already taken CR0 for flag bits) everything in the hardware relocate
"look-aside" was invalidated. On 370s, some models supported multiple
STOs, 168 had 3bit "id" on every entry in the look-aside buffer,
allowing each entry to be associated with one of seven STOs or
invalid).
The hardware bug charlie uncovered on the 67 was when interrupting
from relocate mode into non-relocate mode (i.e. new psw interrupt w/o
relocate flag) cleared all the entries in the look-aside buffer to
zero, but didn't turn on the invalid flag. Normal code would reload
CR0 prior to re-entering relocate mode (which would flush/invalidate
all current entries) ... but one effort by Charlie to reduce timings
in the kernel was to check if the address space had not changed, don't
reload CR0 ... in theory, saving all the existing entries in the
hardware look-aside. That was when things went south ... since all
entries in the hardware look-aside now "valid" but pointed to
real-page zero.
Dumps wouldn't show it up ... so there was no way of dumping the
values in the hardware look-aside buffer (and all the page tables look
completely valid).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Test and Set (TS) vs Compare and Swap (CS)
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Test and Set (TS) vs Compare and Swap (CS)
Newsgroups: comp.lang.asm370
Date: Thu, 28 Jun 2001 17:34:34 GMT
Anne & Lynn Wheeler writes:
charlie discovered a hardware problem on 360/67 that never did get
fixed (Charlie invented CS ... and in fact, CS are his initials,
coming up with mnemonic for his initials was a couple month effort,
also the POK owners of POP required that a CS use in non-SMP world be
invented before it would be added, which gave rise to the invention
for thread-safe operation for non-disabled, multithreaded code that
original showed up in the CS programming notes).
actually charlie's initials are CAS ... which is where Compare And Swap
comes from ... mnemonic got shortened to CS for CDS (as per early posting
in this thread)
http://www.garlic.com/~lynn/2001f.html#41
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Thu, 28 Jun 2001 18:01:03 GMT
Jim Watt writes:
The issue is not the security that the certificate confers on
the transaction, but whether the company that owns
it is genuine.
One hopes that Verisign take precautions to ensure that
someone they issue a certificate is genuinly who they
claim to be (like Microsoft)
The fact its signed by a recognised certicifate issuer should
indicate that they have established the identity, otherwise
it could be anyone you are giving your money to.
as pointed out in my other posting ... the only thing that really
happens with web server certificates ... is that the domain name
specified in the URL for the HTTPS/SSL is the same as the domain name
in the certificate.
certification authorities effecitvely have to rely on the validity of
the information by checking with the authoritative agencies that are
responsible for domain name ownership ... aka the domain name
infrastructure.
the interesting thing is that the supposed purpose of having such a
certificate in the first place is questions regarding the integrity of
the domain name infrastructure ... which the certification authorities
have to rely on for the certification of domain name ownership
information (however it is a very convoluted, complex, obscure trust
trail which allows consumers to feel more comfortable because it is
convoluted, complex and obscure compared to the consumer simply
directly dealing with domain name infrastructure).
random refs:
http://www.garlic.com/~lynn/2001g.html#2
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
FREE X.509 Certificates
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: FREE X.509 Certificates
Newsgroups: comp.security.firewalls,comp.security.ssh,comp.lang.java.security,alt.security.announce
Date: Thu, 28 Jun 2001 23:19:32 GMT
"VK" writes:
My friends,
You all are missing the real problem of the current stage of e-commerce:
any login/password or certificate based solution doesn't prove that the
client really is Mr. John Doe.
It proves only that the client knows Mr. John Doe's access info (or that it
has access to his computer). That's all! Whether it's Mr. John Doe or some
nasty hacker Mr.X - it's your own interpretation of facts.
It's OK if you are SysAdmin granting access to data (no money involved).
Here you are king and whatever you decide - it will be so.
But as long as any money involved, you automatically fall under the civil
laws of your country. And interpretation of facts goes to lawers.
And on the current stage the law stays on the side of customer, not
business.
So next time someone calls you and says "Hey, it was not me, it was my son
playing with my credit card" - you better promptly make him refund. You
might use a million bit protection, certificates signed by Lord himself - it
does not help you in the court.
(speaking from my own experience).
So in e-commerce some changes should be done first.
Either try implement the old "off-line" authentification online (reading
retina pattern, finger-prints, voice recognizion) So far nothing of above
works well and it costs times more than the computer itself.
Or impose the responsibility to the customer. "Somebody used your card? Too
bad, but nothing we can do".
Or something third...
Any way - this problem goes to legal aspect.
note that a lot of the rules are currently in place because it is
relatively simple and common to have fraudulent unauthenticated
transactions (witness all the news stories about web sites having
account number harvesting exploits).
the gole of x9a10 working group for x9.59 (electornic payment standard
for all account-based transactions) was to preserve the integrity of
the financial infrastructure (aka authenticated transactions and
eliminate the account number harvesting exploits).
a lot of cost, pain, and fraud can be eliminated from the existing
environment with simple authenticated transactions (even simple two
factor w/o requiring biometrics).
as been represented several places the issue of non-repudiation is a
whole 'nother matter.
also see discussion regarding 3-factor authentication in "distributed
authentication" thread in sci.crypt ng
http://www.garlic.com/~lynn/2001g.html#1
misc. refs:
http://www.garlic.com/~lynn/subpubkey.html#privacy
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
http://www.garlic.com/~lynn/subpubkey.html#radius
http://www.garlic.com/~lynn/2001f.html#77
http://www.garlic.com/~lynn/2001f.html#79
http://www.garlic.com/~lynn/2001g.html#0
http://www.garlic.com/~lynn/
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
FREE X.509 Certificates
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: FREE X.509 Certificates
Newsgroups: comp.security.firewalls,comp.security.ssh,comp.lang.java.security,alt.security.announce
Date: Fri, 29 Jun 2001 02:51:56 GMT
Anne & Lynn Wheeler writes:
misc. refs:
http://www.garlic.com/~lynn/subpubkey.html#privacy
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
http://www.garlic.com/~lynn/subpubkey.html#radius
finger slip ... that is
http://www.garlic.com/~lynn/subtopic.html#privacy
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
http://www.garlic.com/~lynn/subtopic.html#radius
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Apple/PowerPC rumors
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Apple/PowerPC rumors
Newsgroups: comp.arch
Date: Fri, 29 Jun 2001 13:26:34 GMT
gherbert@gw.retro.com (George William Herbert) writes:
Given the recent discussion of whether Apple was using
their Cray for CPU designs or not, this rumor is amusingly
synchronized... little birdie flying around chirps that
Apple is going to take over the PowerPC CPU development,
with IBM apparently concentrating on the newer fuller-featured
POWER side of the family. Also apparently that PowerPCs
which are much, much closer to the current high end x86
processors will be out "shortly"... 1.6 GHz anyone?
friend of mine at one point said he was programming a cray for human
factors group at apple ... (over) driving a large frame-buffer with
large display ... and investigating numerous human factors issues,
trade-offs, perception threshholds, etc.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Public key newbie question
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Public key newbie question
Newsgroups: alt.computer.security
Date: Fri, 29 Jun 2001 14:07:22 GMT
acaversh@yahoo.com (Arthur Caversham) writes:
I am new to the topic of public key encryption and cannot understand
how, if the public key is known, it cannot simply be reversed to
obtain the private key.
E.g. if a public key is to encrypt a message by increasing the ascii
of every letter by 2 then the corresponding private key would simply
be to decrease the ascii of everything by 2.
I am sure real life encryption is more complex but it must be possible
to generate the private key from the public.
I would appreciate any urls explaining this in laymans terms
there are two parts of public key cryptography ... the asymmetric
cryptography/mathematical part ... basically two different, but
related keys, not able to (easily) infer the value of one key by
knowing the other (and encryption with one key and only be decrypted
with the other key); and the "business" process part
Given asymetric cryptography with two related keys, the business
process specifies that one key can be publicly published and
distributed (the "public" key) and nobody (but possibly the
"key-owner") is allowed knowledge of the other ("private") key.
Given the public/private key business process convention use of
asymmetric cryptography, anybody encrypting something with a "public"
key is assured that only the owner of the corresponding "private" key
can decrypt the information. This addresses the problem with secure
distribution of symmetric, secret keys in more conventional
cryptography (how can I securely send somebody a secret key so they
can send back to me some securely, encrypted information).
Note that this convention of public/private key is not a cryptography
issue (like asymmetric cryptography), it is a defined business process
regarding the handling of the two different keys of the key pair.
The other business characteristic is that anything decryptable with a
particular "public" key can be known to have originated with the owner
of the corresponding "private" key. While this doesn't provide secure
communication (since anybody with access to the published "public" key
can decrypt the information), it can be used for a "business" process
authenticating the origin of the encryption (i.e. only the owner of
the "private" key could have originated the encryption).
The "authentication" business process has been further formalized into
something called a "digital signature". Given that sufficient care has
been taken to allow only the "owner" to have access and use of a
"private" key, then there is an high degree of confidence that
anything that is decryptable with the corresponding "public" key can
only have originated with the owner of the specific "private" key.
A specific implementation of such a digital signature business
process, is to calculate a secure hash of the message (say with SHA-1)
and then encrypt the resulting secure hash with the originator's
"private" key. Both the original message, and the encrypted secure
hash of the message are transmitted. The recipient decrypts the secure
hash with the corresponding public key, recalculates the secure hash
of the message and compares the two values. If the two secure hashs
are equal then the recipient knows 1) that the message hasn't been
tampered with and 2) the message originated with the owner of the
corresponding private key.
So the public key business process use of asymmetric cryptography can
be used to address two issues:
1) distribution of keys for secure communication
2) authentication of the origin of a message (along with validating
that the message hasn't been tampered with).
Business processes like PGP and SSL can combined all:
1) digitally sign a message with the sender's private key
2) randomly generate a secret key
3) encrypt the message & signature with the secret key
4) encrypt the secret key with the recipient's public key
5) transmit the secret-key encrypted message and the public-key
encrypted secret key
Typically, private key encryption of data is a very expensive and
timely process ... so it is much more efficient to encrypt large
amounts of information with secret key. Randomly generating a secret
key, and then encrypting the secret key with the recipient's public
key also achieves the objective of secure distribution of keys for
encrypting secure communication.
NIST standards for secure hash (FIPS 180) and digital signatures (FIPS 186)
http://csrc.nist.gov/publications/fips/
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Extended memory error recovery
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Extended memory error recovery
Newsgroups: comp.arch
Date: Fri, 29 Jun 2001 18:47:07 GMT
at150bogomips@aol.com (At150bogomips) writes:
Yuck! 5% seems rather high. How can do high-reliability systems
deal with such? Is a 1 in 20 trillion unrecognized error rate tolerable
while a 1 in 1 trillion recognized but unrecoverable failure rate is not
tolerable (so RAID and backups are used for recoverability)?
i thot that disk bit error rate (with various kinds of EC, FEC, etc)
was possibly somewhere in the 10-15 range and drives are somewhere
in the 800k hr MTBF.
I would expect some of the IDE (and possibly some scsi) wires and
connectors might introduce higher bit error rate.
Various kinds of "parity" RAID (4+1, 8+1, 8+2, 32+8) provide
additional redundancy both at a record/bit level and at a whole drive
level.
As to memory, there are some PC memories that provide 8+2, 8/10;
correct one bit errors and recognize two bit errors. At least some
mainframe memories sometime in the '70s or '80s went to things like
64/80 ... effectively same ratio of error correcting bits but capable
of correcting 15 bit errors and recognizing 16 bit errors.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Fri, 29 Jun 2001 19:43:49 GMT
Jim Watt writes:
Well that assumption is at varience at what they say - from the
BT website (UK verisign affiliate)
"A Server Certificate is issued by a trusted third party called
a Certification Authority (CA). A CA acts somewhat like a
passport office. CAs must take steps to establish the
identity of the people or organisations to whom they issue
certificates. Once the CA establishes an organisation's
identity, it issues a certificate that contains the
organisation's public key and signs it with the CA's private
Key."
They are talking about 'routine background checks and
getting a lot more information than that available from the
domain name infrastructure.
they can put whatever they want to into an SSL server certificate
... the practical issue is that nobody actually reads the contents of
an SSL server certificate ... for all practical purposes for millions
of certificate operations that happen around the world each day
... the only thing that happens is that the URL domain name specified
by the client in the SSL/HTTPS operation is compared to the URL domain
name specified in the certificate.
The CAs can do all the checking they want to about lots of other
random pieces of information and include all the random pieces of
information they want to in an SSL server certificate ... but it
effectively is still random, unrelated information unless somebody
actually pays attention to it.
Because, for all practical purposes, the only piece of information in
an SSL server certificate that is ever checked is the domain name ...
all that other information can be regarded as extraneous.
As to the domain name, the authoratative agency for domain name
ownership is the domain name infrastructure. The certification
authority can do all the checking they want to with regard to domain
name ownership, but if somebody has spoofed the domain name
infrastructure, the certification authority can do little else
but certify the spoofed information.
Other than that, all you need is some registered business. The CA
verifies that there is some registered business and that registered
business is listed as the domain name owner with the domain name
infrastructure. It is extremely easy to register a business and there
are reported instances of domain name take-over/spoofing.
certification authorities check that there is some registered business
and that some registered business is listed as the domain name owner
with the domain name infrastructure.
A client would actually have to examine a certification authority's
cetificate for the registered business to see if it is the business it
thinks it is. Since that is never done (for all practical purposes),
one can discount that as having any meaning. For all practical
purposes, the only thing that is examined is the whether the client
specified domain name is the same as in the certificate.
Even in the extremely unlikely event a client actually examined a
certification authority's certificate for the registered business, it
still might not mean anything (say this happens possibly once out of
every trillion uses of a SSL certificate). A business may have a
common name, a legal name, as well as a DBA (doing business as)
name. A client would probably be aware of the common name. However,
the legal name and the DBA name can be totally different and that is
probably what is listed in a D&B or other check that might be
typically done by a certification authority.
Some of this has been discussed in various threads referenced by
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
and we had to delve into this when doing due diligence as part of
doing the original work on the current infrastructure ... misc refs:
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
A trivial example in one of the threads referenced in the "sslcerts"
collection is an incident buying computer gear from a local computer
store with american express card ... and having the entry on the
american express bill list a totally unknown company.
The store name was short catchy name that was the common name, but
american express listed the company's "legal name" which was something
to the effect of "Woman's Minority Title ??? Company #17" (I forget
what the ??? was ... but something to do with eligibility for
preferences in federal contracts).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Fri, 29 Jun 2001 19:54:07 GMT
Jim Watt writes:
Well that assumption is at varience at what they say - from the
BT website (UK verisign affiliate)
"A Server Certificate is issued by a trusted third party called
a Certification Authority (CA). A CA acts somewhat like a
passport office. CAs must take steps to establish the
identity of the people or organisations to whom they issue
certificates. Once the CA establishes an organisation's
identity, it issues a certificate that contains the
organisation's public key and signs it with the CA's private
Key."
... aka, there all sorts of things that a server certificate might be
and there are all sorts of things that a trusted third party might be
and there are all sorts of things that a PKI might be ....
but I have been referring to the actual business process that goes on
millions of times each day involving SSL/HTTPS with server domain name
certificates.
If is like a "passport" ... then there is a process when going through
a line at customers where they check all the information in the
"passport" ... name, picture (see if you look like the picture),
etc. ... as well as do some real-time check regarding whether the
passport as been reported lost or stolen.
However, if it is something that only has a very cursory check
regarding the name, no check of the picture, and no check of whether
the passport has been reported lost or stolen ... then you can make
all the claims in the world as to the manufacturing of the passport
(aka certificate) ... but I don't have to worry about any of the
"business processes" normally associated with the use of a
certificate.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
VPN solution for school district
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VPN solution for school district
Newsgroups: comp.security.firewalls
Date: Fri, 29 Jun 2001 20:04:07 GMT
jayson@bcschools.net (Jayson) writes:
While I am not the head of this operation, I was asked to gather some
information about how our district can allow staff members to access
their network drives on our Novell 5.1 network from home. After
talking to a Cisco rep yesterday, I came across the idea of a VPN. I
am not quite sure exactly what this entails, but my solution involves
the Cisco 3015 VPN Concentrator. The Cisco Client, available free of
charge, will be installed on the home computers. The Cisco rep also
made reference to authenticating the users on the corporate side with
a RADIUS server to access the Novell Network. I was told that we will
not be implementing Border Manager as there are "issues" with it.
Therefore, I have a few questions.
1. Is a RADIUS server what we need to authenticate users that are
connecting to their ISP to the Internet to the school district?
slightly related posting on RADIUS in a thread in sci.crypt ng
http://www.garlic.com/~lynn/2001g.html#1
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Fri, 29 Jun 2001 21:58:46 GMT
Jim Watt writes:
Well, I was under the impression that unless it was signed by an
authority that has a key included in the browser that a warning
message flashed up. I've certainly seen this whilst using secure
servers. Whether one accepts it from then on is a matter of
ones personal paranoia/trust level.
The ease of registering a business depends on the
jurisdiction you are in, indeed before too long you may
have to provide a DNA sample to open a bank account or get
on an aircraft. (for your security and convenience)
However, having had a peek at your website its
comprehensive.
the certificate has to be signed with the private key of some
authority that has the corresponding public key already loaded into
the browser.
that isn't the issue.
the issue is that anybody that has registered a business (which can be
done for as little as $10 dollars at some state or county office) and
performed a domain name hijack ... can go to almost any of the
certification authorities (that have their public key already loaded
into browser) and get a valid server domain name certificate.
one list of certification authority candidates from existing browser
http://www.garlic.com/~lynn/aepay4.htm#comcert14
http://www.garlic.com/~lynn/aepay4.htm#comcert16
aka any server domain name certificate signed by corresponding private
key with a public key loaded into the browser won't put up a message.
and reference to the TLS (SSL) protocol
http://www.garlic.com/~lynn/aepay4.htm#comcert15
longer list of various discussion threads:
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
one press release regarding domain name hijacking
http://www.garlic.com/~lynn/aepay4.htm#dnsinteg1
as stated previously, one of the solutions to address domain name
infrastructure integrity issues is to ask entities registering a
domain name to also register a public key.
however, if you fix integrity issues with the domain name
infrastructure for use by the certification authorities ... it is also
addressed for everyone.
furthermore, if the approach to addressing integrity issues is done by
registering public keys ... then those public keys could be made
available as part of the basic domain name infrastructure ... aka
online, real-time public key distribution ... in the same way the
domain name infrastructure provides online, real-time resolution of
domain name to ip-address.
As previously claimed, the original design point for certification
authorities and certificates is the offline world where it isn't
possible/practical to contact the real-time, online authority.
As part of improving the certificatable (i.e. trust) of the domain
name infrastructure for use by the certification authorities by
registering public keys ... creates the opening to significantly
improve and simplify the SSL/TLS protocol by using the standard domain
name infrastructure for real-time, online, high-integrity public key
distribution (instead of resorting to a complicated, convoluted
paradigm designed to meet the requirements of an offline world).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Golden Era of Compilers
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Golden Era of Compilers
Newsgroups: comp.arch,alt.folklore.computers
Date: Fri, 29 Jun 2001 23:09:03 GMT
jsavard@ecn.ab.SBLOK.ca.nowhere (John Savard) writes:
Because Fortran produced efficient object code, people were willing to
make use of it; in those days, efficiency was at a premium, and if it
produced code that ran only 1/2 as fast, never mind 1/10 as fast, as
hand-coded, most computing centres would have indignantly banned it.
there have been a couple of trade-offs ... development and student
programming (at least on ibm mainframes) had Fortran G and WatFor for
fast compile and turn-around.
Much of the work for IBM's (mainframe) Fortran HX was done at the Palo
Alto Science Center.
There was also some people at SLAC (on Sand Hill, instead of Page Mill
in Palo Alto) who not only were heavy Fortan HX users but also heavily
contributed to IBM's Assembler H ... they specialized in taking
critical inner loops and hand-coding in assembler to get additional
performance (i believe that one of the SLAC guys frequently claimed he
could still get another ten times in various critical sections with
hand coded assembler).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Fri, 29 Jun 2001 23:34:47 GMT
Jim Watt writes:
OK, but if thats the case the certificate authority is not doing
its job properly as they should investigate the company they
are issuing the certificate to. If thats the case (in the US) its
pretty worthless. The only real point of them signing it is the
trust that that action confers.
Otherwise its simply a matter of the technical problem of issuing
a certificate, which I expect we can both manage.
After strarting the discussion (and finding what I believed to
be true to be less than accurate, which is the point of the
process) I also checked Netscape 4.47 which does have a
list of authorities it trusts, but MSIE 5 seems not to tell me who
anything.
I take your point - Tis a wicked world.
a part of the issue is that the majority of the certification
authorities are not themselves the authoritative agencies for the
information they are certifying. as a result, they have a difficult
time providing a higher level of trust than the authoritative agencies
they have to rely upon as to the accuracy of the information.
in effect, with regard to server domain name certificates they can
certify that the entity requesting a server domain name certificate is
the same as that listed by the domain name infrastructure, and that
the entity is also a valid registered business.
certification authorities can talk about how strong their crypto is
and how secure their operations are and how how they always follow a
detailed process ... but since they aren't authoritative agencies for
the information they are certifying, the level of trust is only as
good as the underlying operations they are certifying.
For an extreme analogy, lets say they are an armored truck business
that has the best and most secure technology and processes in the
world and they are working for a financial institution that uses
unguarded and unprotected janitor closets instead of vaults for
keeping money. Can they prevent somebody from taken money out of the
janitor closet?
as a somewhat sidepoint, the embodiment of most existing certification
authority operations, the "certificates" are artifacts that are
designed to meet the needs of an offline world where relying parties
don't have real-time, online communication with the respective
authoritative agencies.
These certificates are the "letters of credit" from the days of
sailing ships, the "signing limit paper checks" from by-gone business
operation days, and the plastic, offline credit cards (before
the days of online credit card transactions).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Golden Era of Compilers
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Golden Era of Compilers
Newsgroups: comp.arch,alt.folklore.computers
Date: Sat, 30 Jun 2001 15:26:34 GMT
jcmorris@jmorris-pc.MITRE.ORG (Joe Morris) writes:
Anne, I think you've just shifted the time frame forward by a decade
or so. The original FORTRAN was written for machines in the early
1950s when the time-to-execute for even a tightly-written program
could almost be measured by a wall calendar rather than a wall clock.
FORT-G is of course an OS/360 component from the late 1960s, and WATFOR
was written for the 704x...maybe available in 1965? (Anyone from
Waterloo here to check this?)
... lynn ... but yes
At least as late as the early 1960s I recall student runs on a 7090
being handled as a special case, including the use of a customized
system tape. (They were also given at least one minute of time
each, since that was the granularity of the time limit field in FMS...)
when I first ran student fortran job, it was ibsys monitor on 709 and
then the university replaced it with 360/67 and student jobs went from
possibly jobs/seconds to tens of seconds per job. By that time, the
university had hired me and given me responsible for much of the
stuff. Combination of HASP and WATFOR eventually saved the day.
Basically student jobs were all compile and effectively no execution
(predominately because of errors of one sort or another). WATFOR was a
single step monitor that handled all the (student) job-to-job transition
internally and (at the time) compile was rated something like 20,000
statements/cards per minute on 65/67 (typical student jobs were 10-50
cards). Given that 2540 was only 2000 cards/min, something like HASP
was necessary for it to achieve its thruput.
>There was also some people at SLAC (on Sand Hill, instead of Page Mill
>in Palo Alto) who not only were heavy Fortan HX users but also heavily
>contributed to IBM's Assembler H ... they specialized in taking
>critical inner loops and hand-coding in assembler to get additional
>performance (i believe that one of the SLAC guys frequently claimed he
>could still get another ten times in various critical sections with
>hand coded assembler).
the primary person at PASC had also earlier done the APL microcode assist
for 370/145.
H'mmm ... I'll bet that you're thinking of John Ehrman, right? I never
heard him make that claim, but it sounds like something he would say.
... no, try Greg M? something (I would have to search for it)
John (at SLAC at the time, before he moved to IBM) was the designer of
the SHARE button that read:
FREE
THE
FORTRAN
77
when the product was first released. At the next meeting he had edited
the text to read:
FIX
THE
FORTRAN
77
with the "editing" clearly (and deliberately) visible.
Joe Morris
totally random stuff
http://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14
http://www.garlic.com/~lynn/94.html#43 Bloat, elegance, simplicity and other irrelevant concepts
http://www.garlic.com/~lynn/94.html#53 How Do the Old Mainframes
http://www.garlic.com/~lynn/94.html#55 How Do the Old Mainframes Compare to Today's Micros?
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
IA64 Rocks My World
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IA64 Rocks My World
Newsgroups: comp.arch,comp.os.vms,comp.sys.dec,alt.folklore.computers
Date: Sat, 30 Jun 2001 18:51:28 GMT
mccalpin@gmp246.austin.ibm.com (McCalpin) writes:
I got one of the earliest RS/6000's in the Spring of 1990.
They were not single-chip systems -- maybe eight chips?
The PowerPC 601 was the first single-chip processor in the
extended family.
The POWER side of the line did not become single-chip until
P2SC (POWER2 single-chip).
I've got a paper weight on my desk with six chips in it ... that says
150 million ops, 60 million flops, 7 million transistors.
there was a RSC ... referred to as RIOS .9. I don't remember how much
influence it had on somerset (aka powerpc). It was used in (live) oak
(i.e. 4-way SMP box that got around the lack of cache coherence by
flagging virtual segments as to cach'able or non cach'able; aka if it
really needed to be shared, it was flagged as never going thru the
cache).
during part of the 6000 period my wife was manager, rs/6000
engineering achitecture and her manager went on to head up somerset
with the motorola people (he had previously worked for motorola before
joining ibm to work on rios; he later went on to be president of MIPs
and then later returned to austin w/ibm). Also, when we started the
HA/CMP project, it started out reporting to him.
the way i remember rios was that (at least) non-cache coherence
permeated whole sections of the design (even RSC) which had to be
significantly reworked for power/pc (as well as the whole virtual
memory segment register stuff).
random refs:
http://www.garlic.com/~lynn/subtopic.html#hacmp
http://www.garlic.com/~lynn/93.html#22 Assembly language program for RS600 for mutual exclusion
http://www.garlic.com/~lynn/94.html#41 baddest workstation
http://www.garlic.com/~lynn/94.html#47 Rethinking Virtual Memory
http://www.garlic.com/~lynn/95.html#9 Cache and Memory Bandwidth (was Re: A Series Compilers)
http://www.garlic.com/~lynn/95.html#11 801 & power/pc
http://www.garlic.com/~lynn/96.html#4a John Hartmann's Birthday Party
http://www.garlic.com/~lynn/97.html#5 360/44 (was Re: IBM 1130 (was Re: IBM 7090--used for business or
http://www.garlic.com/~lynn/97.html#25 Early RJE Terminals (was Re: First Network?)
http://www.garlic.com/~lynn/98.html#25 Merced & compilers (was Re: Effect of speed ... )
http://www.garlic.com/~lynn/98.html#26 Merced & compilers (was Re: Effect of speed ... )
http://www.garlic.com/~lynn/98.html#27 Merced & compilers (was Re: Effect of speed ... )
http://www.garlic.com/~lynn/98.html#28 Drive letters
http://www.garlic.com/~lynn/99.html#23 Roads as Runways Was: Re: BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/99.html#64 Old naked woman ASCII art
http://www.garlic.com/~lynn/99.html#66 System/1 ?
http://www.garlic.com/~lynn/99.html#67 System/1 ?
http://www.garlic.com/~lynn/99.html#129 High Performance PowerPC
http://www.garlic.com/~lynn/2000.html#49 IBM RT PC (was Re: What does AT stand for ?)
http://www.garlic.com/~lynn/2000.html#59 Multithreading underlies new development paradigm
http://www.garlic.com/~lynn/2000b.html#54 Multics dual-page-size scheme
http://www.garlic.com/~lynn/2000c.html#4 TF-1
http://www.garlic.com/~lynn/2000c.html#9 Cache coherence [was Re: TF-1]
http://www.garlic.com/~lynn/2000c.html#12 Cache coherence [was Re: TF-1]
http://www.garlic.com/~lynn/2000d.html#2 IBM's "ASCI White" and "Big Blue" architecture?
http://www.garlic.com/~lynn/2000d.html#24 Superduper computers--why RISC not 390?
http://www.garlic.com/~lynn/2000d.html#28 RS/6000 vs. System/390 architecture?
http://www.garlic.com/~lynn/2000d.html#31 RS/6000 vs. System/390 architecture?
http://www.garlic.com/~lynn/2000d.html#39 Future hacks [was Re: RS/6000 ]
http://www.garlic.com/~lynn/2000d.html#60 "all-out" vs less aggressive designs (was: Re: 36 to 32 bit transition)
http://www.garlic.com/~lynn/2000f.html#13 Airspeed Semantics, was: not quite an sr-71, was: Re: jet in IBM ad?
http://www.garlic.com/~lynn/2000f.html#31 OT?
http://www.garlic.com/~lynn/2000f.html#74 Metric System (was: case sensitivity in file names)
http://www.garlic.com/~lynn/2001.html#72 California DMV
http://www.garlic.com/~lynn/2001b.html#33 John Mashey's greatest hits
http://www.garlic.com/~lynn/2001b.html#37 John Mashey's greatest hits
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
XML: No More CICS?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: XML: No More CICS?
Newsgroups: bit.listserv.ibm-main
Date: Sat, 30 Jun 2001 22:32:30 GMT
jfregus@IX.NETCOM.COM (John F. Regus) writes:
Has XML and HTML sounded the death knell for CICS for developing online transaction processing?
actually HTTP servers would benefit from fast transaction processor
backend ... taking current webservers (plus maybe firewall function)
and stripping it way down to the point where it did little more than
handled the HTTP protocol and pass it to a real backend (lightweight,
multithreaded) transaction processor.
for the most part the "ML" are the stuff for client presentation
services (claim could be made that the extensive vm/cms & GML
installation at cern contributed significantly to evolution of HTML).
then it becomes an issue of writing cics transactions that support
the designed http & application functions.
in that respect, cics could make a superior lightweight, multithreaded
transaction processing backend compared to various other existing web
server technologies.
... one of the CICS pre-release beta-test customers in '69
.... and a little involvement in some webserver aspects
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
random refs
http://www.garlic.com/~lynn/internet.htm
http://www.garlic.com/~lynn/94.html#33 short CICS story
http://www.garlic.com/~lynn/94.html#35 mainframe CKD disks & PDS files (looong... warning)
http://www.garlic.com/~lynn/96.html#9 cics
http://www.garlic.com/~lynn/97.html#6 IBM Hursley?
http://www.garlic.com/~lynn/97.html#8 Ancient DASD
http://www.garlic.com/~lynn/97.html#30 How is CICS pronounced?
http://www.garlic.com/~lynn/98.html#28 Drive letters
http://www.garlic.com/~lynn/98.html#33 ... cics ... from posting from another list
http://www.garlic.com/~lynn/98.html#34 ... cics ... from posting from another list
http://www.garlic.com/~lynn/99.html#130 early hardware
http://www.garlic.com/~lynn/99.html#218 Mainframe acronyms: how do you pronounce them?
http://www.garlic.com/~lynn/2000b.html#41 How to learn assembler language for OS/390 ?
http://www.garlic.com/~lynn/2000c.html#35 What level of computer is needed for a computer to Love?
http://www.garlic.com/~lynn/2000c.html#45 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#52 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#54 WHAT IS A MAINFRAME???
http://www.garlic.com/~lynn/2000e.html#23 Is Tim Berners-Lee the inventor of the web?
http://www.garlic.com/~lynn/2000f.html#61 360 Architecture, Multics, ... was (Re: X86 ultimate CISC? No.)
http://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2001.html#51 Competitors to SABRE?
http://www.garlic.com/~lynn/2001.html#62 California DMV
http://www.garlic.com/~lynn/2001b.html#85 what makes a cpu fast
http://www.garlic.com/~lynn/2001d.html#56 Pentium 4 Prefetch engine?
http://www.garlic.com/~lynn/2001f.html#49 any 70's era supercomputers that ran as slow as today's supercompu
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Sat, 30 Jun 2001 22:58:00 GMT
Jim Watt writes:
I took a re-look at the Gibraltar e-commerce law, this is based on
current EU directives, however we are the first to get these
transcribed into law and on the books. Currently electronic
signatures have the same standing as traditional ones.
It lays down an operating framework for approved certificate
authorities and they are liable if they fail to 'take all measures
reasonably practical to verify information' and specifies
that they can be sued for loss or damage by someone who
uses a certificate issued by them.
it also gives electronic versions of documents the same
validity as paper ones.
my wife and I had (very) small part in both the cal. state and the
federal e-signature laws.
one of the issues is the necessity for having CA/TTPs and x.509
identity certificates at all in consumer related activities
.... because of all the unnecessary liability issues as well as severe
privacy exposures.
as in other previous discussions & postings ... it is possible to do
electronic signatures and even digital signatures w/o requiring
certificates. A trivial analogy is the "signature card" that is signed
for a financial institution ... when they get paper signature, they
then can compare it to the signature card to see if it is correct.
Effectively, the same business process can be used with regard digital
sigatures i.e. the consumer doesn't have to carry the digital
signature card around with them and/or attach copies on every
transaction, it is just sufficient that it is stored and available
(online).
there are additional significant issues with any sort of electronic
signing ... similar to what some software vendors have been grappling
with regarding disclosiers and software licenses (the "i accept"
buttons) ... aka just because somebody's computer does some fancy
operation ... can it be prooven that the consumer was absolutely aware
of every operation that their computer performed and furthermore was
the computer doing operations only at the behest of that comsumer (and
the computer unable to perform any operation that wasn't under the
direct and explicit control of the consumer).
... it is 10pm, parents, do you know what your computer is doing?
random refs:
http://www.garlic.com/~lynn/subtopic.html#privacy
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
http://www.garlic.com/~lynn/subtopic.html#radius
some of the more interesting writings on the subject is by Jane Winn
at Southern Methodist University
http://www.smu.edu/~jwinn/
NOTE moved to
http://www.law.washington.edu/Faculty/Winn/
some misc. refs from the site
E-Sign of the Times, E-Commerce Law Report (August 2000)(with Robert A
Wittie, Esq.)
This is a concise overview of the provisions of the Electronic
Signatures in Global and National Commerce Act of 2000, and a
comparison of some of its key provisions with those of the Uniform
Electronic Transactions Act.
Electronic Records and Signatures under the Federal E-Sign Legislation
and the UETA (with Robert A. Wittie, Esq.) 54 The Business Lawyer 293
(2000)
This is an analysis of the provisions of the Electronic Signatures in
Global and National Commerce Act of 2000, and a comparison of its key
provisions with those of the Uniform Electronic Transactions Act.
The Emperor's New Clothes: The Shocking Truth About Digital Signatures and
Internet Commerce, __ Idaho Law Rev. __ (forthcoming 2001 UETA Symposium
Issue)
Although it has been an article of faith in some quarters for many
years that using digital signatures as signatures on Internet
contracts would be the "next big thing" in electronic commerce, there
is actually considerable evidence that they are not being used that
way and may never be used that way. UETA avoids confusing marketing
hype and business reality by adopting a technology neutral stance.
Is the EU the US Online Consumer's Best Friend? __ American University
Law Review __ (forthcoming 2001)
The US and EU are approaching online consumer protection issues from
very different perspectives. In some contexts, online consumers may
be better protected under the US approach, and in others, under the EU
approach. In some instances, however, regulators in both markets may
be failing to develop organized responses to major challenges.
The Hedgehog and the Fox: Distinguishing Public and Private Sector
Approaches to Managing Risk for Internet Transactions, 51 ABA
Administrative Law Review 955 (1999)
This article argues that much recent and proposed electronic commerce
legislation is based on flawed assumptions regarding risk management
and the practical utility of current electronic commerce
technologies. Such flawed legislation would produce a loss allocation
system that would undermine incentives that currently exist to improve
the technological infrastructure of Internet commerce. This paper was
presented at a conference at American University in March 1999.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
distributed authentication
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: distributed authentication
Newsgroups: sci.crypt
Date: Sat, 30 Jun 2001 23:07:37 GMT
wahern@25thandClement.com (William Ahern) writes:
This is why I was orignally more focused on identity and not
authorization. My idea of identity was an identity used to bootstrap
yourself into a system. Though, I do not fully understand the problems
of malicous elements 'cooperating'. I was hoping introducing a
mechanism of injecting an identity into a system non-deterministically
would somehow thwart such cooperation.
If I can possiblly be more vague ;) The Freenet Project speaks of the
system being built to fight the cancer of malicous nodes in the
network. I haven't found hard materiual on how THAT works... which I
believe is a very similar problem to what affects the web-of-trust.
Thus my queries being put to this news group.
as an aside from yesterday
RFC 3127
Title: Authentication, Authorization, and Accounting:
Protocol Evaluation
Author(s): D. Mitton, M. St.Johns, S. Barkley, D. Nelson,
B. Patil, M. Stevens, B. Wolff
Status: Informational
Date: June 2001
Mailbox: dmitton@nortelnetworks.com,
stjohns@rainmakertechnologies.com,
stuartb@uu.net, dnelson@enterasys.com,
Basavaraj.Patil@nokia.com, mstevens@ellacoya.com,
barney@databus.com
Pages: 86
Characters: 170579
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-aaa-proto-eval-02.txt
URL: ftp://ftp.rfc-editor.org/in-notes/rfc3127.txt
This memo represents the process and findings of the Authentication,
Authorization, and Accounting Working Group (AAA WG) panel evaluating
protocols proposed against the AAA Network Access Requirements, RFC
2989. Due to time constraints of this report, this document is not as
fully polished as it might have been desired. But it remains mostly
in this state to document the results as presented.
This document is a product of the Authentication, Authorization and
Accounting Working Group of the IETF.
they reference a number of additional reports in progress
one way of getting to it is
http://www.garlic.com/~lynn/rfcietff.htm
& in the bottom frame scroll down to 3127.
if you click on "3127" ... it brings up all the keywords that it are used for
that rfc. clicking on any of those keywoards will bring up a list of all RFCs
associated with that keyword (i.e. RFC->keyword as well as keyword->RFC).
instead, if you click on "txt=nnnn" it will retrieve the actual RFC (via
http).
It is also possible to retrieve it via FTP using the URL mentioned in
the announcement.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Golden Era of Compilers
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Golden Era of Compilers
Newsgroups: comp.arch,alt.folklore.computers
Date: Sun, 01 Jul 2001 01:39:53 GMT
brightside writes:
Would you like to reconsider that rate. The IBM 084 (sorter)was the
fastest card feeder around at the time of the 2540, and the 084 made
2000cpm. But to do that it required vacuum fed feed knives, which the
2540 never had. ISTR the 2540 was 1000cpm.
oops, finger/brain check
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Cray at Apple (was Re: Compaq confirms Intel Alpha spin-off)
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cray at Apple (was Re: Compaq confirms Intel Alpha spin-off)
Newsgroups: comp.arch
Date: Sun, 01 Jul 2001 01:46:38 GMT
Eric Smith <eric-no-spam-for-me@brouhaha.com> writes:
The engineering divisions of Ford and GM probably use Microsoft Word and
Excel to write various documents and reports. Would you say that
"GM uses Microsoft Office to design cars?" Technically it might be true
in a limited sense, but it doesn't really give an accurate impression.
somewhat ot ...
http://www.garlic.com/~lynn/2000f.html#43 Reason Japanese cars are assembled in the US
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
any 70's era supercomputers that ran as slow as today's supercomputers?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: any 70's era supercomputers that ran as slow as today's supercomputers?
Newsgroups: alt.folklore.computers
Date: Sun, 01 Jul 2001 15:40:40 GMT
kragen@dnaco.net (Kragen Sitaker) writes:
So how does this actually work? I've seen you and someone else explain
that "clock" swaps pages out "like the hands of a clock sweeping
through the address space", but I don't quite understand what that
means. Does it mean this?
one bit, one handed clock is something like
lm r2,r4 ... load saved registers
loop ds 0h
rrb r2 .. reset & test reference bit
bz takeit .. take reference page
bxle r2,r4,loop ... loop until we have page
l r2,start ... didn't find anything, start again
b loop ... restart loop
takeit ds 0h
bxle r2,r4,+8 ... update pointer past page taken
l r2,start ... looped, start at other end
st r2, ... save restart point
rrb instruction did a reference bit test and reset.
bxle incremented a pointer and compared the resulting value and took
a conditional branch.
if a page wasn't "taken" because its reference bit was on, it had
until the algorithm completely looped around memory examining all
other pages for program activity to reference the page again. On some
systems we measured the "average depth of search" was four to six
pages (i.e. the inner loop examined six pages until it found one).
Given the MTBF (mean time between page faults) and the total number of
pages, you could calculate the average time between testing a
particular pages bits i.e. if average depth of search per fault was
six, the total number of pages was 600, and the MTBF page faults was
10ms, then the average time for the algorithm to loop completely
around once was (600/6)10ms ... aka 1 second.
So on the average, the reference bit of pages would fall into two
categories, 1) those pages that had been referenced at least once a
second (i.e. once second between having the reference bit tested and
reset) and 2) those pages that had not been referenced at least once a
second (and would be selected for replacement).
It approximated LRU by dividing all pages into two categories 1) those
that had been referenced recently ... aka since the last reset and 2)
those pages that had not been referenced recently ... aka since the
last reset.
As the hand "sweeps" around memory, examining pages ... it harvests
pages that don't have their reference bit turned on
This is the original, one-handed algorithm that i did on 360/67 for
cp/67 in the 1968 time-frame as an undergraduate (and ibm incorporated
into the product and shipped to customers). It differed from the above
in that the RRB had to be several instructins ... since RRB
instruction wasn't introduced until the 370s.
Later, after graduation I did both multi-bit and two-handed clock in
the early '70s.
On the 370, there was only a single hardware bit, so multi-bit
algorithm had to be simulated in software. A multi-bit algorithm,
instead of resetting a single bit, involved multi-bits. It can be thot
of as a one bit logical shift of a multi-bit value ... with a zero bit
introduced from one side and a bit dropping off the other side. The
page is harvested if all bits are zero.
In effect, each bit would represent an amount of "history" equal to
the complete sweep of the algorithm around all pages. Instead of
having a single bit of history that represents a single sweep around
memory, there are N bits, representing the state of the last N sweeps
around all pages.
Therefor pages are divided into two categories, 1) pages that have
been referenced sometime within the last N sweep(s) around memory and
2) pages that haven't been referenced in the last N sweep(s) around
memory (and are harvested).
A two-handed clock, offsets the testing and resetting of pages. The
two hands are separated by some number of pages ... say 1/2 of all
pages. As the testing hand bumps one page at a time, searching for a
page to harvest, the resetting hand is 1/2 of all pages "ahead"
bumping along at the same rate. A one-bit, two-handed algorithm that
is off-set by 1/2 of all pages means that the reference bit only
represents the amount of history equal to the time for the algorithm
to sweep 1/2 of the available pages (rather than a complete sweep of
all pages).
In the previous example of MTBF of 10ms, 600 total pages, and avg. 6
page depth of search, the "resetting" hand ... rather than being
exactly one sweep ahead of the "testing" hand it is only 1/2 sweep
ahead. So that is 300 pages ahead ... (300/6)10ms equals .5
seconds. In this scenerio, pages are divided into two categories,
those that have been referenced in the last 1/2 second (and won't be
harvested) and those that have not been referenced in the last 1/2
second (which will be harvested).
In a whole, series of detailed similation tests with full instruction
and page refence traces, clock sweep algorithm comes within 10-15% of
the accuracy of "true" LRU with almost negligible overhead.
Now, LRU is based on the assumption that the most recently used pages
are the most likely to be used again in the future. It turns out that
isn't alwas the case. There are lots of situations where that doesn't
happen. That gave rise to the variation on two-handed, N-bit clock
that would automagically switch back and forth between 1)
LRU-approximation (as in the above description) when LRU appeared to
be performing well and 2) random when LRU appeared to not be
performing well.
random refs:
http://www.garlic.com/~lynn/93.html#0 360/67, was Re: IBM's Project F/S ?
http://www.garlic.com/~lynn/93.html#4 360/67, was Re: IBM's Project F/S ?
http://www.garlic.com/~lynn/93.html#6 Self-virtualization and CPUs
http://www.garlic.com/~lynn/93.html#8 PowerPC Architecture (was: Re: PowerPC priced very low!)
http://www.garlic.com/~lynn/93.html#31 Big I/O or Kicking the Mainframe out the Door
http://www.garlic.com/~lynn/94.html#01 Big I/O or Kicking the Mainframe out the Door
http://www.garlic.com/~lynn/94.html#1 Multitasking question
http://www.garlic.com/~lynn/94.html#2 Schedulers
http://www.garlic.com/~lynn/94.html#4 Schedulers
http://www.garlic.com/~lynn/94.html#8 scheduling & dynamic adaptive ... long posting warning
http://www.garlic.com/~lynn/94.html#10 lru, clock, random & dynamic adaptive
http://www.garlic.com/~lynn/94.html#14 lru, clock, random & dynamic adaptive ... addenda
http://www.garlic.com/~lynn/94.html#20 CP/67 & OS MFT14
http://www.garlic.com/~lynn/94.html#31 High Speed Data Transport (HSDT)
http://www.garlic.com/~lynn/94.html#42 bloat
http://www.garlic.com/~lynn/94.html#46 Rethinking Virtual Memory
http://www.garlic.com/~lynn/94.html#49 Rethinking Virtual Memory
http://www.garlic.com/~lynn/94.html#51 Rethinking Virtual Memory
http://www.garlic.com/~lynn/94.html#54 How Do the Old Mainframes
http://www.garlic.com/~lynn/95.html#1 pathlengths
http://www.garlic.com/~lynn/95.html#2 Why is there only VM/370?
http://www.garlic.com/~lynn/95.html#12 slot chaining
http://www.garlic.com/~lynn/96.html#0a Cache
http://www.garlic.com/~lynn/96.html#0b Hypothetical performance question
http://www.garlic.com/~lynn/96.html#10 Caches, (Random and LRU strategies)
http://www.garlic.com/~lynn/96.html#11 Caches, (Random and LRU strategies)
http://www.garlic.com/~lynn/97.html#0 LRU in caches with bit decay
http://www.garlic.com/~lynn/97.html#28 IA64 Self Virtualizable?
http://www.garlic.com/~lynn/97.html#29 IA64 Self Virtualizable?
http://www.garlic.com/~lynn/98.html#2 CP-67 (was IBM 360 DOS (was Is Win95 without DOS...))
http://www.garlic.com/~lynn/98.html#17 S/360 operating systems geneaology
http://www.garlic.com/~lynn/98.html#26 Merced & compilers (was Re: Effect of speed ... )
http://www.garlic.com/~lynn/98.html#49 Edsger Dijkstra: the blackest week of his professional life
http://www.garlic.com/~lynn/98.html#54 qn on virtual page replacement
http://www.garlic.com/~lynn/99.html#18 Old Computers
http://www.garlic.com/~lynn/99.html#20 APL/360.
http://www.garlic.com/~lynn/99.html#78 Mainframes Relevant?
http://www.garlic.com/~lynn/99.html#95 Early interupts on mainframes
http://www.garlic.com/~lynn/99.html#102 IBM 9020 computers used by FAA (was Re: EPO stories (was: HELP IT'S HOT!!!!!))
http://www.garlic.com/~lynn/99.html#104 Fixed Head Drive (Was: Re:Power distribution (Was: Re: A primeval C compiler)
http://www.garlic.com/~lynn/99.html#175 amusing source code comments (was Re: Testing job applicants)
http://www.garlic.com/~lynn/99.html#237 I can't believe this newsgroup still exists.
http://www.garlic.com/~lynn/2000.html#52 Correct usage of "Image" ???
http://www.garlic.com/~lynn/2000.html#86 Ux's good points.
http://www.garlic.com/~lynn/2000c.html#35 What level of computer is needed for a computer to Love?
http://www.garlic.com/~lynn/2000d.html#11 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000d.html#13 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000f.html#9 Optimal replacement Algorithm
http://www.garlic.com/~lynn/2000f.html#10 Optimal replacement Algorithm
http://www.garlic.com/~lynn/2000f.html#18 OT?
http://www.garlic.com/~lynn/2000f.html#32 Optimal replacement Algorithm
http://www.garlic.com/~lynn/2000f.html#34 Optimal replacement Algorithm
http://www.garlic.com/~lynn/2000f.html#36 Optimal replacement Algorithm
http://www.garlic.com/~lynn/2000f.html#60 360 Architecture, Multics, ... was (Re: X86 ultimate CISC? No.)
http://www.garlic.com/~lynn/2000g.html#2 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#3 virtualizable 360, was TSS ancient history
http://www.garlic.com/~lynn/2000g.html#7 360/370 instruction cycle time
http://www.garlic.com/~lynn/2000g.html#16 360/370 instruction cycle time
http://www.garlic.com/~lynn/2000g.html#30 Could CDR-coding be on the way back?
http://www.garlic.com/~lynn/2001.html#15 IBM Model Numbers (was: First video terminal?)
http://www.garlic.com/~lynn/2001.html#68 California DMV
http://www.garlic.com/~lynn/2001b.html#17 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001b.html#18 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001b.html#29 z900 and Virtual Machine Theory
http://www.garlic.com/~lynn/2001c.html#10 Memory management - Page replacement
http://www.garlic.com/~lynn/2001c.html#11 Memory management - Page replacement
http://www.garlic.com/~lynn/2001d.html#24 April Fools Day
http://www.garlic.com/~lynn/2001d.html#67 Pentium 4 Prefetch engine?
http://www.garlic.com/~lynn/2001f.html#47 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001f.html#48 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001f.html#52 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001f.html#53 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001f.html#54 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001f.html#55 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001f.html#57 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001f.html#67 IBM mainframe reference online?
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Did AT&T offer Unix to Digital Equipment in the 70s?
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Did AT&T offer Unix to Digital Equipment in the 70s?
Newsgroups: alt.folklore.computers
Date: Sun, 01 Jul 2001 15:58:32 GMT
"Gary A. Gorgen" writes:
"We" = "The wollongong Group", in this case.
I don't normally do this, but it may help decipher my ramblings.
Tymshare 1966-1973 Cupertino
Interdata 1975-1980 Santa Clara
Wollongong 1980-1983 Palo Alto
we worked with interdata 3 in the late 68 / early 69 time frame & it
didn't have any unix on it, :-)
we built a 360 channel attach board and programmed the interdata 3 to
simulate a 360 telecommunication control unit (getting blamed for
originating the 360 PCM controller market).
random ref:
http://www.garlic.com/~lynn/subtopic.html#360pcm
tymshare became one of the large vm service bureaus in the 70s and
continued up to thru the 80s when MD bought it up.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Root certificates
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificates
Newsgroups: alt.computer.security
Date: Sun, 01 Jul 2001 16:02:08 GMT
Jim Watt writes:
It lays down an operating framework for approved certificate
authorities and they are liable if they fail to 'take all measures
reasonably practical to verify information' and specifies
that they can be sued for loss or damage by someone who
uses a certificate issued by them.
... however, if they are not the authoritative agency responsible for
the information being verified ... "reasonably practical" means
contacting the authoritative agency responsible for the
information. The authoritative agency responsible for the information
could still have it wrong ... and the certificate authorities are not
liable.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Did AT&T offer Unix to Digital Equipment in the 70s?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Did AT&T offer Unix to Digital Equipment in the 70s?
Newsgroups: alt.folklore.computers
Date: Sun, 01 Jul 2001 18:45:18 GMT
"Gary A. Gorgen" writes:
You better tell me this was later than 1970. :-))))
Because a 2314 glued to a Model 5, probably would have qualified
to solve the above problem. Maybe a little over-kill, but... .
Tymshare was building a selector channel, at that time to glue
a 2314 onto the 940. I got to know how the 360 channel worked,
rrrreal well.
I snatched a 360 channel adaptor, from Ocean Port. I spent 5 years
trying to find a use for it, other than 270X.
Never did. Left it in the office.
as an undergraduate, we built our own channel adapter board for the
interdata/3 in late '68, early '69 time frame ... to use the
interdate/3 as replacement for 2702 (i had tried doing dynamic
terminal identification between 1052, 2740, 2741, and tty/ascii and
while the 2702 SAD command allowed lines to be switched to different
line-scanners, they had taken short cut in the 2702 and hired-wired
oscillator to each line, in theory fixing the baud rate). In the
interdata/3 we strobed the in-coming (line signal) at a high rate for
rise/fall in order to dynamcially determine baud rate.
this is claimed to have been the first non-ibm 360 channel adapter
card, and the first non-ibm 360-compatible control unit.
Later the implementation was expanded to an Interdata/4 with multiple
interdata/3s ... the interdata/4 handling the channel adapter card and
misc. other functions with the interdata/3s dedicated to line-scanner
function. Perkin/Elmer bought interdata and the box was sold under the
Perkin/Elmer name.
As late as 1997, in a machine room tour, I ran across a perkin/elmer
box still in production use as telecommunication controller for ibm
mainframe. Talking to somebody about it, it still used a wire-wrap
board that was potentially the same or hardly changed from what we had
started on in '68.
interdatas from the following list:
http://www.komkon.org/fms/comp/misc/List.txt
Interdata 3 May 1967
Interdata 2 Jul 1968
Interdata 4 Aug 1968
Interdata 15 Jan 1969
somebody in an interdata thread in this n.g. (in the past year or so),
gave a much more detailed chronology ... which i can't seem to find at
the moment.
random refs:
http://www.garlic.com/~lynn/subtopic.html#360pcm
in school, i was still mostly doing stuff related to algorithms that
drove disk/DASD ... not much on the really low level hardware.
I got a lot more familiar in the '78 time frame when I supplied
operating system to the engineering and product test labs (in
bldgs. 14 & 15) so that all the san jose engineering development &
test work went on under the operating system ... and any time the
engineers couldn't find their bugs, they would blame it on me and I
would have to come in and shoot the problem. It got to the point where
I had a number of designs for an optimised controller & disk
interfaces ... but couldn't get the incremental business case thru to
have standard operating system, kernel, filesystem, etc. shipped
customer support (even tho i would show five year amortized costs
would actually be less cost than the existing plan). As an example,
STL at one point quoted me $26m to ship modifications to MVS for
"vtoc" & "pds" support in a non-CKD environment (even if all the code
was supplied to them).
random refs:
http://www.garlic.com/~lynn/subtopic.html#disk
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Did AT&T offer Unix to Digital Equipment in the 70s?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Did AT&T offer Unix to Digital Equipment in the 70s?
Newsgroups: alt.folklore.computers
Date: Sun, 01 Jul 2001 19:33:22 GMT
"Gary A. Gorgen" writes:
You better tell me this was later than 1970. :-))))
Because a 2314 glued to a Model 5, probably would have qualified
to solve the above problem. Maybe a little over-kill, but... .
somewhat totally unrelated, but in late '70s and early '80s, I would
get by (at least once/month) Tymshare (in cupertino), PASC (on page
mill in palo alto), HONE (on california in palo alto), SLAC (on sand
hill), and/or Dialog.
I also got brought in to do the due diligence on Gnosis as part of
the MD purchase of Tymshare and the Gnosis spin-off as keykos
(somewhere i still have a gnosis manual).
misc. gnosis references
http://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#22 No more innovation? Get serious
http://www.garlic.com/~lynn/2001b.html#73 7090 vs. 7094 etc.
random refs:
http://www.garlic.com/~lynn/subtopic.html#hone
the other way of "glueing" an IBM disk to some other device came along
in the '80s with the HYPERCHannel A510 & A515 channel adapters
(i.e. devices that emulated ibm mainframe channels).
We had been doing work with Network Systems just about from their
startup. They had even build a "special adapter", the A720 to my
wife's specs.
In any case, I developed some amount of operating system support and
spent time debugging Hyperchannel boxes. One project involved remoted
300 of the IMS support group out of STL/bldg.90 to a different
buidling 10-15 miles away (while the computer remained in bldg. 90),
and allowing them to keep all their locally attached devices ... as if
they were still in the same building.
I also did the IBM mainframe TCP/IP RFC 1044 support ... and while the
standard product could nearly saturate a 3090 cpu getting
44kbytes/sec, I worked with Cray Research and tuned up RFC 1044
support that it ran at channel hardware speed between a 4341-clone and
a cray (using only nominal amount of the processor of a 4341).
random refs:
http://www.garlic.com/~lynn/subnetwork.html#1044
Also, NCAR had a SAN (storage-area-network?) in the '80s using ibm
disks and HYPERChannel A515s allowing various supercomputers to access
data on IBM disks.
almost all the above was 80s tho.
random refs:
http://www.garlic.com/~lynn/2000c.html#68 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2001.html#21 Disk caching and file systems. Disk history...people forget
http://www.garlic.com/~lynn/2001.html#22 Disk caching and file systems. Disk history...people forget
http://www.garlic.com/~lynn/2001e.html#76 Stoopidest Hardware Repair Call?
http://www.garlic.com/~lynn/2001f.html#66 commodity storage servers
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Did AT&T offer Unix to Digital Equipment in the 70s?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Did AT&T offer Unix to Digital Equipment in the 70s?
Newsgroups: alt.folklore.computers
Date: Sun, 01 Jul 2001 20:08:44 GMT
Anne & Lynn Wheeler writes:
In any case, I developed some amount of operating system support and
spent time debugging Hyperchannel boxes. One project involved remoted
300 of the IMS support group out of STL/bldg.90 to a different
buidling 10-15 miles away (while the computer remained in bldg. 90),
and allowing them to keep all their locally attached devices ... as if
they were still in the same building.
and for some real OT drift ...
STL/bldg. 90 was going to be dedicated the spring of '77.
The week before was (some) school spring break and I took the kids to
washington DC. My oldest boy was especially taken with members of the
San Fran Coyote union demonstrating on the steps of congress that
week.
Now normally, bldgs/labs are named for the closest post office (if
they aren't in a city &/or there is already lab with that name) ... in
this case it is Coyote, California (95013) ... and bldg. 90 was going
to be called the Coyote Lab. Well in the couple days between the
demonstrations in wash. dc and the actual dedication of bldg. 90,
everything was changed from the Coyote Lab, to Santa Teresa Lab (for
the nearest cross street? ... bailey & santa teresa).
Now, I have no idea what they would have done if the demonstrations
had occured after the dedication.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Did AT&T offer Unix to Digital Equipment in the 70s?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Did AT&T offer Unix to Digital Equipment in the 70s?
Newsgroups: alt.folklore.computers
Date: Mon, 02 Jul 2001 01:12:37 GMT
kragen@dnaco.net (Kragen Sitaker) writes:
In your view, was KeyKOS really as technically superior as this article
claims? Did you ever use it yourself?
tymshare was a service bureau. one of the objectives was that a gnosis could
be used as a delivery vehicle for a lot of "3rd party" technology & offerings
... all wrappped together for customer solutions.
there was lots of capability based features ... but i estimated that
possibly 1/3rd of the processor would be taken up in just updating the
accounting information as capability boundaries were crossed (not only
would consumer have rate billing ... but "3rd party" offerings would
get rate reimbursement for consumer use of their offerings), a
customer might get billed for doing some database analysis. That
billing would include resource useage (disk, cpu, memory, etc). The
actual analysis program, the database DBMS, the actual database, and
the kernel would all have components and could be supplied by three
different vendors; the kernel by Tymshare, and the other three pieces
by three separate 3rd party vendors using Tymshare as delivery
platform for their products. The consumer would get billed for the
aggregate, but the 3rd party vendors would get a pro-rated
re-imbursement of their share.
some amount of that disappeared once it got into keykos. keykos then
started to look like a much better TPF offering than TPF (transaction
processing facility, grew up out of PARS & ACP ... airline control
program).
Tom Simpson at Amdahl was also trying to out "MVS" MVS about the same
time.
One of the things they all learned was that building real mainframe,
industrial quality operating system was expensive. Building low-level
infrastructure that attempted to recover from all possible failures is
an interesting task ... and then keeping up maintenance & life-cycle
gets even more expensive (new device support with recovery for all
possible failure modes is an example).
I ran into people at RSA '97 ('98?) still attempting to do something
with Keykos ... i believe in the context of the Flex/OS (or one of the
other intel-based mainframe emulators).
misc refs to operating system and supporting disk engineering & test
environment (effort for "never fail")
http://www.garlic.com/~lynn/subtopic.html#disk
random pars/acp/tpf stuff:
http://www.garlic.com/~lynn/2000.html#0 2000 = millennium?
http://www.garlic.com/~lynn/2000.html#94 Those who do not learn from history...
http://www.garlic.com/~lynn/2000b.html#20 How many Megaflops and when?
http://www.garlic.com/~lynn/2000b.html#32 20th March 2000
http://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000b.html#65 oddly portable machines
http://www.garlic.com/~lynn/2000d.html#9 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000e.html#21 Competitors to SABRE? Big Iron
http://www.garlic.com/~lynn/2000e.html#22 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000f.html#20 Competitors to SABRE?
http://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#30 Could CDR-coding be on the way back?
http://www.garlic.com/~lynn/2001b.html#37 John Mashey's greatest hits
http://www.garlic.com/~lynn/2001e.html#2 Block oriented I/O over IP
http://www.garlic.com/~lynn/94.html#12 360 "OS" & "TSS" assemblers
http://www.garlic.com/~lynn/94.html#26 Misc. more on bidirectional links
http://www.garlic.com/~lynn/96.html#29 Mainframes & Unix
http://www.garlic.com/~lynn/96.html#35 Mainframes & Unix (and TPF)
http://www.garlic.com/~lynn/96.html#36 Mainframes & Unix (and TPF)
http://www.garlic.com/~lynn/99.html#24 BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/99.html#233 Computer of the century
possible amdahl rasp/aspen/simpson stuff
http://www.garlic.com/~lynn/2000f.html#68 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000f.html#70 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#41 Egghead cracked, MS IIS again
http://www.garlic.com/~lynn/2001b.html#73 7090 vs. 7094 etc.
and gnosis/keykos
http://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#22 No more innovation? Get serious
http://www.garlic.com/~lynn/2001b.html#73 7090 vs. 7094 etc.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
What was object oriented in iAPX432?
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What was object oriented in iAPX432?
Newsgroups: alt.folklore.computers
Date: Mon, 02 Jul 2001 01:16:55 GMT
Pete Fenelon writes:
A lot of the 432 ideas are paralleled in the IBM S/36 and S/38 which of course
gave rise to the AS/400 -- but on the IBMs the object orientation is at the
"system" level rather than purely in hardware (esp. as modern AS/400s are
PowerPCs!). The Plessey 250 was capability based in a fairly similar way to
the 432 too, but it was slightly older technology :) and it was actually
fairly difficult to find anyone even inside Plessey who knew much about it
(I spent several tedious summer vacations working for part of Plessey
as an undergrad in the 80s.)
as an aside much of the s/38 was taken from the canceled FS (future
system) project.
http://www.garlic.com/~lynn/96.html#24 old manuals
http://www.garlic.com/~lynn/99.html#100 Why won't the AS/400 die? Or, It's 1999 why do I have to learn how to use
http://www.garlic.com/~lynn/99.html#237 I can't believe this newsgroup still exists.
http://www.garlic.com/~lynn/2000.html#3 Computer of the century
http://www.garlic.com/~lynn/2000f.html#16 [OT] FS - IBM Future System
http://www.garlic.com/~lynn/2000f.html#17 [OT] FS - IBM Future System
http://www.garlic.com/~lynn/2000f.html#18 OT?
http://www.garlic.com/~lynn/2000f.html#21 OT?
http://www.garlic.com/~lynn/2000f.html#27 OT?
http://www.garlic.com/~lynn/2000f.html#28 OT?
http://www.garlic.com/~lynn/2000f.html#30 OT?
http://www.garlic.com/~lynn/2000f.html#37 OT?
http://www.garlic.com/~lynn/2000f.html#40 Famous Machines and Software that didn't
http://www.garlic.com/~lynn/2000f.html#56 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#18 360/370 instruction cycle time
http://www.garlic.com/~lynn/2001d.html#44 IBM was/is: Imitation...
http://www.garlic.com/~lynn/2001e.html#4 Block oriented I/O over IP
http://www.garlic.com/~lynn/2001f.html#30 IBM's "VM for the PC" c.1984??
http://www.garlic.com/~lynn/2001f.html#33 IBM's "VM for the PC" c.1984??
http://www.garlic.com/~lynn/2001f.html#43 Golden Era of Compilers
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Thread drift: Coyote Union (or Coyote Ugly?)
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Thread drift: Coyote Union (or Coyote Ugly?)
Newsgroups: alt.folklore.computers
Date: Mon, 02 Jul 2001 03:33:56 GMT
Lars Poulsen writes:
Lynn Wheeler wrote:
>The week before was (some) school spring break and I took the kids to
>washington DC. My oldest boy was especially taken with members of the
>:San Fran Coyote union demonstrating on the steps of congress that
>week.
The term "coyote union" is not known to me, so I asked Google to
search. This is the closest I could find, but