List of Archived Posts

2002 Newsgroup Postings (09/12 - 10/12)

Handling variable page sizes?
Do any architectures use instruction count instead of timer
Handling variable page sizes?
The problem with installable operating systems
Handling variable page sizes?
Dumb Question - Hardend Site ?
Dumb Question - Hardend Site ?
Handling variable page sizes?
Backdoor in AES ?
DOS history question
Backdoor in AES ?
DOS history question
End of Moore's law and how it can influence job market
Do any architectures use instruction count instead of timer
fingerprint authentication
What is microcode?
A new e-commerce security proposal
A new e-commerce security proposal
Do any architectures use instruction count instead of timer
A new e-commerce security proposal
A new e-commerce security proposal
Original K & R C Compilers
DOS history question
DOS history question
Original K & R C Compilers
Original K & R C Compilers
Original K & R C Compilers
Root certificate definition
simple architecture machine instruction set
Computer Security Taxonomy
Root certificate definition
simple architecture machine instruction set
Computer Security Taxonomy
simple architecture machine instruction set
good asymmetric algorithm
simple architecture machine instruction set
(OT) acceptance of technology, was: Convenient and secure
Convenient and secure eCommerce using POWF
Convenient and secure eCommerce using POWF
Convenient and secure eCommerce using POWF
Wanted: the SOUNDS of classic computing
History of The Well was AOL
Wanted: the SOUNDS of classic computing
It is GNU/Linux, not just Linux
Beware, Intel to embed digital certificates in Banias
Wanted: the SOUNDS of classic computing
Encryption algorithm for stored data
updated security glossary/taxonomy
History of The Well was AOL
Help in Understanding requirement gathering, design,
Microsoft's innovations [was:the rtf format]
Microsoft's innovations [was:the rtf format]
Microsoft's innovations [was:the rtf format]
Authentication of others is a privilege, not a right
Microsoft's innovations
Beware, Intel to embed digital certificates in Banias
Microsoft's innovations
The next big things that weren't
The next big things that weren't
The next big things that weren't
The next big things that weren't
The next big things that weren't
The next big things that weren't
IBM Announcement
SSL certificate modification
SSL certificate modification
Tweaking old computers?
Tweaking old computers?
Tweaking old computers?
End to Moore's law and job market : conclusion
Tweaking old computers?
The next big things that weren't
Whatever happened to C2 "Orange Book" Windows security?
VLSI and "the real world"
InfiniBand Performance (Hey Pfister!)
New Book
Whatever happened to C2 "Orange Book" Windows security?

Handling variable page sizes?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Handling variable page sizes?
Newsgroups: comp.arch
Date: Thu, 12 Sep 2002 23:05:10 GMT
robertwessel2@yahoo.com (Robert Wessel) writes:
Actually I was asking about the common segment bit in the segment table entry, which caused the TLB to ignore the STO for comparison purposes for entries so tagged. It existed precisely because common areas were mapped in the same places in different address spaces.

I can't find the specific announcement when common segment bit came into being ... it appears to probably be 3090.

I did find a reference to an MVS APAR/PTF 0267587 having to do with running MVS Guest under VM dated 1983. The problem is that the common segment bit is only applicable when MVS is running directly on the bare hardware. When MVS is running as a VM guest ... STO-associativity has to be honored for all TLB entries (since the single MVS's guests actual segment tables aren't likely to be the only ones that exist in the system).

here is the zap.


//nnnnnn JOB (6007,X003),nnnnnn,MSGLEVEL=1,MSGCLASS=O,CLASS=B,
// REGION=1024K,NOTIFY=nnnnn
//ZAP EXEC PGM=AMASPZAP
//SYSPRINT DD SYSOUT=
//SYSLIB DD DSN=SYS1.NUCLEUS,DISP=SHR

 FOR VM MVS GUEST, STBVR, TURN OFF USE OF COMMON SEGMENTS

 NAME IEAVNPX1 IEAVNPX1
VER 0DA2 96026003        OI  SGTCB=1
REP 0DA2 47000000        NOP
VER 0DCE 96026003        OI  SGTCB=1
 REP 0DCE 47000000        NOP
//

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Do any architectures use instruction count instead of timer

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Do any architectures use instruction count instead of timer
 interrupts  for context changes?
Newsgroups: comp.arch,alt.folklore.computers
Date: Thu, 12 Sep 2002 23:14:39 GMT
peter@abbnm.com (Peter da Silva) writes:
You can if you have threads.

If you have threads you're not building asynchronous actions on top of synchronous ones. Threads are an asynchronous mechanism.

The problem is threads are also a very complex mechanism. If all you're trying to do is deal with asynchrony (rather than, for example, use kernel threads for multiprocessing) there are good reasons to implement threads at the user level on top of asynchronous system calls. Among other things, it avoids a lot of trips into the kernel, and that can lead to better performance.

I really think both abstractions have their place.


as well as compare&swap like instructions for barrier semantics ... as per recent thread about getting compare&swap into original 370.
http://www.garlic.com/~lynn/2002l.html#69

charlie had done a lot of work on fine grain locking for smp operation and invented the compare&swap instruction as part of that work. CAS was chosen as the mnemonic because they are charlie's initials ... then had to come up with the compare&swap part to match his initials.

the guys that owned 370 architecture wouldn't put it into the architecture purely on the basis of smp (typically kernel) support ... they said that we had to come up with other uses to justify putting the instruction into 370. the result was the thread-safe operations that were originally part of the programming notes for the compare&swap instruction in the 370 POP ... and since been moved to the appendix.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Handling variable page sizes?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Handling variable page sizes?
Newsgroups: comp.arch,alt.folklore.computers
Date: Thu, 12 Sep 2002 23:32:12 GMT
"glen herrmannsfeldt" writes:
Using this STO as part of the TLB key, does a PTLB only purge entries with the current STO? It seems like it should.

the original 370 (red-book) architecture had

IPTE purge page table entry ISTE purge segment table entry ISTO purge segment table origin PTLB purge table look aside

IPTE & ISTE turned on the respective "invalid" bits in the table entry as well as purge associative entries in the TLB.

370/155 & 370/165 processors were already in the field and needed hardware retrofit to add support for virtual memory. 165 engineers claimed that to put in any of the TLB selective invalidates would delay the introduction of 370 virtual memory by an additional six months (they would need an additional six months just to come up all the design and implementation for selective invalidate). VS2 claimed that they would never invalidate more than five pages per second and that would be done in a batch operation ... so that TLB invalidates wouldn't happen more than once a second and PTLB might be slightly more efficient. The result was that the selective invalidate instructions were dropped from the original introduction of virtual memory for 370. This was all 30+ years ago.

IPTE selective invalidate was later introduced with 3033s ... in part because the paging rate had significantly increased by that time and in part because of some smp synchronization issues (i.e. invalidating all TLBs in a shared complex).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The problem with installable operating systems

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The problem with installable operating systems.
Newsgroups: alt.folklore.computers
Date: Fri, 13 Sep 2002 00:10:47 GMT
"Rostyslaw J. Lewyckyj" writes:
CP/67 implementing "savesys" around 1968, says nothing about how someone got the idea to do such a thing. Could it perhaps be from the pre existance of such a facility, in the field on straight single OS systems? I realize that your experience is on the VM side. Is that why you don't attempt to answer the question on a date for PCP? Which was released to the customers first PCP or CP/40? But all that aside, I am wondering when the technique might be rediscovered for the current crop of OSes for personal desktop computers.

CP/40 was never released to customers ... it was an internal IBM thing.

I remember first doing assemblies with PCP on 360/30 ... i believe os/360 release 6 in the 1966 time frame (I had a student summer job for the university to design and implement a 360 monitor that supported all the 1401 MPIO ur<->tape function for front end to 709). I don't remember the date for PCP (other than release 6 had to have been some time in '66). I got to design & implement my own monitor, interrupt handlers, device drivers, asynchronous task handler, buffer pool manager, etc.

after that i had a student job that included all responsibility for the OS/360 operating systems at the university. I did the sysgens, maintained the systems, etc. My first sysgen was a fairly straight forward OS/360 release 9.5 MFT. I installed HASP on it and eventually WATFOR, PLI, misc. other stuff. I started playing with re-arranging all the system files and members within PDS to optimize thruput as well as being able to do sysgens as part of standard production job stream. I gave a couple presentations on this at SHARE and some kind IBM'er in POK got me a bootlegged copy of a PDS member activity trace. I could get a trace of all accesses to PDS members and sort it by frequency and activity.

I expanded on this for my first OS/360 release 11 MFT sysgen ... I did stage1 in the production workload and got the output of stage2 ... I then created job cards for all the stage2 execution steps and re-arranged the job sequence so that datasets would be allocated in optimal seek distance order. I then went thru the move/copy member steps and re-arranged all the move/copy statements to optimally order PDS members within SYS1.LINKLIB, SYS1.SVCLIB, and some others. I gave some presentations on this at SHARE.

Around the time I was starting on OS/360 release 14 MFT sysgen at the univeristy, the CSC team showed up and installed CP/67 .... so now in addition to getting to rewrite and re-org MFT and HASP ... I had opportunity to do similar stuff for CP/67 and CMS.

My official student job was keeping the production os/360 systems fully operational and fully tuned up. The CP/67 was just some toy play stuff that I got to do on the side.

The following is an extract from a combined MFT14 and CP/67 presentation that I gave at fall '68 share meeting in Atlantic City.
http://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14

most of the data in the referenced presentation is about MFT14 under CP/67 .... and a lot of pathlength rewrite that I had done to the CP/67 kernel. However, part of it also mentions that the "optimized" MFT14 running stand-alone had thruput about 3 times that of an MFT14 done using the standard sysgen process (for the univeristy workload). Furthermore, standard PTF & bug fix activity over a six month period could possibly cut production thruput in half on standard (non-CP/67) workload environment. PTFs tended to replace PDS members and mess up the carefully tuned seek ordering. Sometimes it was necessary to rebuild a system from scratch to regain the necessary member ordering for optimal seek distance

My next sysgen was an OS/360 release 15/16 MVT system. I also put 2741 and tty terminal support into HASP and a context editor that implemented the CMS editor syntax (for an early CRJE system). I had also redone the CP/67 terminal support and put TTY/ASCII support into it. It was still possible to generate PCP option up thru this period, it just that I never did.

As a student, I spent most of my time supporting and working on production OS/360 systems. I don't remember hearing about OS/360 fast-ipl until after head it from some people that had been dealing with CP/67. It doesn't mean that it didn't happen ... but I don't remember hearing about it either from IBM or at Share prior to the CP/67 connection.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Handling variable page sizes?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Handling variable page sizes?
Newsgroups: comp.arch
Date: Fri, 13 Sep 2002 12:02:21 GMT
nmm1@cus.cam.ac.uk (Nick Maclaren) writes:
So it isn't necessary to increase the page size to get the disk performance improvements that could also be obtained by increasing the page size. But increasing the page size would definitely and considerably improve this performance.

however they did go to logical "big pages" ... basically swapping was actually paging of "big pages" that were clusters of 4k pages in track sized units (on 3380, 10 4k pages). a cluster could be composed dynamically on the fly of pages that appeared to be referenced together. on page fault ... the whole (track) big page was brought in

page out had some similarity to log-structured ... it used a moving cursor and allocated to the closest available track. big-track area was frequently ten times larger than expected allocated tracks (and spread across multiple drives) ... and the garbage collection of typical log-structured filesystem was eliminated since a track was de-allocated as soon as it was read.

note all of this would further increase "impressive" paging rates since sometimes there would be additional pages transferred in the 10-page set that wouldn't have been transferred if doing single page operations, basically transfer bandwidth was traded off against disk access latency, and there was always write on replace ... since there was no "home" slot that could be re-used for non-changed replaced page.

past vm/mvs big page stuff done in the '80s
http://www.garlic.com/~lynn/2001k.html#60 Defrag in linux? - Newbie question
http://www.garlic.com/~lynn/2002b.html#20 index searching
http://www.garlic.com/~lynn/2002c.html#29 Page size (was: VAX, M68K complex instructions)
http://www.garlic.com/~lynn/2002c.html#48 Swapper was Re: History of Login Names
http://www.garlic.com/~lynn/2002e.html#8 What are some impressive page rates?
http://www.garlic.com/~lynn/2002e.html#11 What are some impressive page rates?
http://www.garlic.com/~lynn/2002f.html#20 Blade architectures
http://www.garlic.com/~lynn/2002l.html#36 Do any architectures use instruction count instead of timer

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Dumb Question - Hardend Site ?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Dumb Question - Hardend Site ?
Newsgroups: bit.listserv.ibm-main
Date: Fri, 13 Sep 2002 03:57:20 GMT
efinnell@SEEBECK.UA.EDU (Edward J. Finnell, III , Ed) writes:
Extra reinforcment(s)! Money center banks have to be able to go 2 weeks without external utilities and survive 9.0 earthquakes. In the military it means surviving heavy bombardment or first round tactical nukes. Each industry has a "vague definition". There are both MIL and ISO specs. Searching on case hardened at www.nist.gov returned 122 hits mostly with concrete and ablative fluids. Guess I first heard the term in properties of materials and the iron-carbide phase diagram or maybe it was George Raft......

there are also things about smoke in the building (processing for NYSE exchange thot they had everything covered ... except one day a transformer blew up in the basement and contaiminated the building with PCB), tornadoes, hurricanes, floods (remember chicago merchantile exchange being taken out by underground flood) etc.

also for operations doing transactions with the outside ... tends to include things like diverse routing (lot of high availability stuff). there is a joke about a hardened transaction site in europe that had all the latest stuff ... except all telco came in thru a single set of overhead lines ... lightning hit a nearby tree, tree fell over and took out the telco lines ... site was out as much as if the lightning had hit the computer itself. A "real" hardened site would have had at least two sets of underground fiber entering the building from opposite sides and connecting to totally different central exchanges (this is for the backhoe scenario taking out all communication); some will have underground telco and utilities coming in from four different directions, each connecting to different central exchanges and power substations.

telco central exchange buildings tend to have quite a bit of this stuff (there was also something recently about AT&T selling off some number of bunkered location/facilities).

and then when it still isn't sufficient you replicate somewhere totally different for continuous availability (geographic survivability & disaster survivability were terms we coined when we coined when we were doing ha/cmp) ... aka not only may a site be hardened but the service may be further "hardened" with geographic replication.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Dumb Question - Hardend Site ?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Dumb Question - Hardend Site ?
Newsgroups: bit.listserv.ibm-main
Date: Fri, 13 Sep 2002 11:46:52 GMT
werner.kuehnel@MANNHEIMER.DE (Werner Kuehnel) writes:
We use the German word for 'hardend' for a very secure site, in our case some RS/6000 running AIX. The procedure of 'hardening' includes (list is not complete): - remove, disable or restrict services and daemons (inetd, syslogd, lpd, sendmail, dns, dhcp, rcp, routed, snmp, ftp server) - remove default user accounts - use of stronger password rules - use of timeout logoff - setting filters, using IPsec

that was the other thing we looked at with ha/cmp in the late '80s ... detailed vulnerability analysis. random refs:
http://www.garlic.com/~lynn/99.html#48 language based exception handling
http://www.garlic.com/~lynn/2002e.html#58 O'Reilly C Book
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later
http://www.garlic.com/~lynn/subintegrity.html#fraud risk, fraud, exploits
http://www.garlic.com/~lynn/subintegrity.html#assurance assurance

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Handling variable page sizes?

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Handling variable page sizes?
Newsgroups: comp.arch
Date: Fri, 13 Sep 2002 17:05:33 GMT
Anne & Lynn Wheeler writes:
note all of this would further increase "impressive" paging rates since sometimes there would be additional pages transferred in the 10-page set that wouldn't have been transferred if doing single page operations, basically transfer bandwidth was traded off against disk access latency, and there was always write on replace ... since there was no "home" slot that could be re-used for non-changed replaced page.

note that even if a big-page fetch of 10 pages was only 50% useful ... it would still be a win. as per prior postings about relatively disk performance decline ... there was a factor of 10 more real storage and at least a factor of two more disk transfer bandwidth (compared to access performance). In effect there was both excess real memory and excess disk transfer bandwidth compared to disk latency access. Getting five "good" pages in a single access at a 100 percent overhead (five "good" pages plus five "unnecessary" pages) would still come out ahead ... compared to having five separate faults and five separate accesses.
http://www.garlic.com/~lynn/95.html#10 virtual memory (a return to the past?)

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Backdoor in AES ?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Backdoor in AES ?
Newsgroups: sci.crypt
Date: Sat, 14 Sep 2002 01:55:04 GMT
"Roger Schlafly" writes:
You are holding DES to a high standard. About once a week, someone discovers a buffer-overflow or similar bug that allows Windows computers to be remotely controlled by an adversary.

but it was known how to not have buffer overflows over 30 years ago.
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation.

c string handling libraries did much to invent most buffer overflows

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

DOS history question

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: DOS history question
Newsgroups: alt.folklore.computers
Date: Sat, 14 Sep 2002 18:38:18 GMT
tshoppa@wmata.com (Tim Shoppa) writes:
1) VMS didn't exist until 1978. CP/M had existed several years by then.

2) First versions of VMS used 9.3, just like RSX-11 and its filesystem ODS-1.

3) VMS doesn't run on a PDP-10.


there was some statement about the head of pok contributing heavily to VMS ... this was not related to
http://www.garlic.com/~lynn/2001m.html#15 departmental server

in the mid-70s a number of the smaller, outlying operations were being consolidated.

in '76, vm/370 development in burlington mall was being closed and the group consolidated in endicott. at some point the head of POK realized that MVS/XA development was dependent on the VMTOOL (a internal only version of VM for providing XA virtual machines in support of operating system development) and the people got told that instead of moving to Endicott as part of product development they had to move to POK to support the internal VMTOOL (and another round of VM product being killed). Some number refused to moved to POK and instead left IBM to go to work for DEC on VMS.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Backdoor in AES ?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Backdoor in AES ?
Newsgroups: sci.crypt
Date: Sat, 14 Sep 2002 19:01:03 GMT
Anne & Lynn Wheeler writes:
but it was known how to not have buffer overflows over 30 years ago.
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation.

c string handling libraries did much to invent most buffer overflows


there may have been something someplace about the 80s & 90s when all knowledge from the golden ages was lost and the world descended into chaos, darkness, buffer-overflows, and security vulnerabilities.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

DOS history question

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: DOS history question
Newsgroups: alt.folklore.computers
Date: Mon, 16 Sep 2002 18:21:13 GMT
Brian Inglis writes:
And also CP(/67?) and CMS from which batch submission, the standard I/O devices: CON, RDR, PRT, PUN, drive letters, and perhaps the virtual I/O interface (BDOS/BIOS) ideas may have come.

an old CMS "EXEC" from cp/67 (aka '60s). cms used blank deliminators with 8+8+2 (where the +2 could default) for file identifiers.

In cms, "wait" was an internal kernel routine that assumed it was called by program with all hex zeros as deliminating the parameter list. It was possible to call it from exec processor by careful editing and inserting hex zeros. The following file had a name of "waitload exec". The command line processor actually fed into the same command resolution as internal kernel calls or other command calls (aka in cms it was actually possible to create files with name of internal kernel routines and have the alias executed in place of the real kernel routine). This capability was somewhat inhibited in the time-frame of CMS for VM/370 (aka early '70s) where a new "fast" kernel call procedure was implemented (it was expensive to force every routine linkage thru the same lookup interface as was used for commad entry from a terminal). It was still possible to do the hack to access internal routines from command line ... but internal code linkages started using a fast lookup bypass.

waitload exec:
&CONTROL OFF CP SP C CL Y -READ DISK LOAD &IF &RETCODE EQ 0 &SKIP 1 WAIT RDR1RDR1 ........ -DSKLOAD DISK LOAD CP SP C CL A

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

End of Moore's law and how it can influence job market

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: End of Moore's law and how it can influence job market .....
Newsgroups: comp.arch
Date: Mon, 16 Sep 2002 23:26:25 GMT
bjl@cs.purdue.edu (Bradley J Lucier) writes:
This seems to be a new meme that Microsoft has been working hard to implant in people's mind---that software developed, for whatever reasons, from public funds shouldn't "compete" with commercial producers. I guess all you guys would just rather have us bury it, or give it to you to sell. Now, that wouldn't be "corporate welfare", would it?

lots of current commercial products started as some sort of gov. funded research in one way or another. i guess it depends on who is benefiting and who is competing at any specific point in time. at least for some of the gov. funded research and spanning multi-year period ... there could always be some scenario where there was nothing in the market place at the time gov. funding started ... and then gov. funding continued over a period of time ... including when commercial products started to appear (some of which had benefiting from gov. funding).

slightly related from totally different thread
http://www.garlic.com/~lynn/2002l.html#70

referring to various legislation (mostly during the 80s) that promoted being able to commercialize gov. funded stuff.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Do any architectures use instruction count instead of timer

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Do any architectures use instruction count instead of timer
interruptsfor context changes?
Newsgroups: alt.folklore.computers
Date: Tue, 17 Sep 2002 18:17:20 GMT
jmfbahciv writes:
Whenever a new supervisor was hired to supervise the TOPS-10 Monitor Group, JMF's and TW's first task was to train the guy to focus on, and only on, the two points. As a result, the supervisor slowly realized that he was working for JMF and TW..not the other way around.

i remember some 30 years ago a manager noting that if they spent 90 percent of their time on (working for) the 10 percent most productive members of the group that they typically increased the group's productivity by a factor of five. the problem is that they rarely had opportunity to do that, their time was typically consumed by the 50 percent least productive members of the organization ... and frequently the PHBs were taken from this group (the members weren't otherwise being productive ... so they spent the majority of their time promoting themselves).

slightly related boyd comment
http://www.garlic.com/~lynn/2001m.html#16 mainframe question

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

fingerprint authentication

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: fingerprint authentication
Newsgroups: sci.crypt
Date: Tue, 17 Sep 2002 18:45:29 GMT
"Anton Stiglic" writes:
The basic idea is that the fingerprint reader scans your finger in order to get a digital representation of your finger (a fingerprint image). The fingerprint reader then typically sends this fingerprint image to some other entity who will compare it with a template it has in order to authenticate or identify a user (compares the minutiae, with some pre-determined acceptable error rate) . This other entity can be a process in a smart card, or could be a computer server. The advantage about using a smart card is that the fingerprint image does not need to travel via some network cables, so you don't need to worry about confidentiality and integrity and replay attacks on the messages that are sent. Note that the comparison of the fingerprint image and the template can be computationally expensive, so you would need a smart card with a good processor. The disadvantage of storing the template in a smart card is that smart cards can get stolen and probing techniques and other kinds of attacks can be used in order to read the template. Of course, if the templates are stored in a server they have to be stored in some secure way, just like passwords need to be stored securely.

frequently the scanner will have a chip that reduces the image to minutia or something equivalent. this is most of the computationally intensive operation. there are a number of "match on chip" strategies that store one or more registered values and then compare a reading with registered values.

an issue is that biometric readings in general tned to be quite fuzzy (in fact an exact 100 percent reproduction could be indication of an attack). most systems have various complex things having to do with matching thresholds ... degree of match below the threshold are rejected, while those above the match are accepted. this leads to all the stuff about false negatives (valid biometric that are rejected) and false positives (invalid biometric that are accepted).

transmitting the minutia to server-based infrastructure leads to lots of issues. x9.84 devotes lots of time to server-based infrastructure, not only the storage of the server registration ... but also the transmission of the minutia readins as well as the whole end-to-end infrastructure. smartcards have the advantage that attacks from stealing a smartcard is extremely localized ... i.e. first a specific smartcard is stolen and then attacked. compromise of a server-based infrastructure can lead to exposure of hundreds of thousands of minutia.

this is analogous to the whole shared-secret vis-a-vis secret discussion. a registered template in server-based infrastructure is a shared-secret based operation ... with the additional disadvantage that it is a little more difficult to re-issue hundreds of thousands of fingerprints (as composed to re-issuing hundres of thousands of pins or account numbers). another comparison is the compromises of payment card databases at merchants ... aka security proportional to risk:
http://www.garlic.com/~lynn/2001h.html#61 Security Proportional To Risk

also related to security proportional to risk, x9.84, biometrics in transactions/operations involving value and server-based infrastructure is the issue of threshold levels related to transaction value (possibly higher threshold levels for higher transaction values). majority of current cardbased infrastructures have difficulty with adjusting threshold level to transactions .... except of the aads chip strawman
http://www.garlic.com/~lynn/x959.html#aads

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

What is microcode?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What is microcode?
Newsgroups: alt.folklore.computers
Date: Tue, 17 Sep 2002 22:45:58 GMT
Sam Yorko writes:
I once took out my frustration on a wooden door. The door won. I was in a cast for about a month, and the bones didn't heal straight.

once i had been in the machine room for possibly 36 hrs straight and something went bad so i went to get the most recent backup tapes ... and the door was locked. I kicked it once ... it was solid fir and it fractored along the grain(?) from top to bottom where the door handle was. they kept the door around as a desk top on two 2-drawer file cabinets (i think just as a reminder to me).

what was worse ... the backup tapes had been moved to a different room.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

A new e-commerce security proposal

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: A new e-commerce security proposal
Newsgroups: alt.computer.security
Date: Wed, 18 Sep 2002 02:54:46 GMT
zgene writes:
Thank you very much for sharing with me your ideas, which give me a lot of enlightenings. I am fully aware that this proposal might not be feasible for e-commerce site.

Anyway, let's forget about this, and just focus on this question: if the access control of a Web server is based on checking a client's certificate, does the Web server still need to register the client and ask for his/her user name and password?

In other words, if Amazon.com bases its access control on checking a client's certificate, is it still necessary for Amazon.com to register the client and ask for his user name (in Amazon's case, e-mail address) and password?


typically a merchant wants to know that they are going to get paid. so what if a user registers a public key, a userid and password with a CA ... and gets back a certificate? how does that help the merchant believe that they are going to get paid? will the CA pay the merchant?

what does amazon.com gets out of a userid & password? or a certificate?

merchants typically want to know that they are going to get money. register all the items you want that have nothing at all to do with financial related purposes. it doesn't contribute a whole lot to getting money to the merchant.

so maybe amazon.com ... as part of making the experience simpler for a user ... pre-registers some amount of information ... especially information related to amazon.com getting paid; they then place a unique tag on that information ... a tag that is convinient for the end user to reproduce but is also is reproduce securely. so that information is tagged with some form of "id" ... that could be a certificate id, a user id, a information id, a tag id ... any id. then it is necessary to authenticate that an entity claiming that id is really the same entity that registered that id.

So one way is a cookie ... the id goes into the cookie ... a shared-secret (aka password, pin, key, etc, that happens to be registerd at the same time as the original information) goes along with the ID. any person claiming that id ... has to also reproduce the shared-secret (aka password, pin, key, etc).

So another way is a public key. A certificate with no information doesn't authenticate anything. There has to be some tie between the certificate and the information that got registerd at amazon.com. So lets say that at the same time the original information is registerd ... the certificate is registerd. The entity wanted to establish the id at amazon.com that they had previously registerd ... sends something that claims that they own that id ... and sends along a digital signature to authenticate that they are the originators of that entry. However, it isn't actually necessary to have a certificate at all to perform this mechanism. When the entry with all the information is originally created ... a public key (all by itself) is included in that information ... and the creation transaction is digital signed (prooving the entity posseses the corresponding private key to the public key supplied).

So in this case ... it is possible to substitute a public key as authentication material in place of password, pin, or some other key. Any certificate is redundant and superfluous. example of this in more detail:
http://www.garlic.com/~lynn/x959.html#aads

example of being able to use this method with respect to financial transactions .... passing digital signature on the financial transaction and not really needing certificates:
http://www.garlic.com/~lynn/x959.html#x959

some discussion of not needing certificates for SSL, server-based authentication:
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

other forms of using public keys in business processes that currently are userid/password based:
http://www.garlic.com/~lynn/subpubkey.html#radius

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

A new e-commerce security proposal

Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: A new e-commerce security proposal
Newsgroups: alt.computer.security
Date: Wed, 18 Sep 2002 19:00:44 GMT
zgene writes:
I think in my proposal, the merchant does not have to maintain a customer database, because the certificate that the customer provides bears all the necessary information for the merchant to get paid. For example, the certificate can have such important information:

Certificate Holder's Legal Name Mailing Address Credit Card Number e-mail Address Telephone Number Employer Social Security Number Date of Birth Gender

So on and so forth.

Thus, if a customer wants to place an order from, say, Amazon.com, Amazon.com will retrieve from his certificate the customer's name, mailing address, credit card number (desirably only the last 4 digits) and such and such for him to verify, and if the customer says "yes", Amazon.com goes ahead and takes the order. It gets paid, no hassle.

What do you think?


all of that information represents serious privacy issues .... it is one of the reasons that even simple x.509 "identity" certificates (containing small subset of what you propose) were cut back by financial institutions to simple relying-party-only certificates ... containing only account number and public key. Even a small subset of the above example information you present is a horrible privacy problem.

lets hypothesis that once a merchant ... or anybody else ... ran across such information ... would they cache it someplace for future reference (aka customer profiles stuff)? the only way that I know where that might be successful is if it was totally impossible for the merchant/others to actually read the information. if it was totally impossible for a merchant to access such information (say encryption) ... one then claims that it is superfluous to actually send it to the merchant (this is the trivial example showing that relying-party-only certificates ... aka account number and public key ... are redundant and superfluous).

one of the critiera given the x9a10 working group for the x9.59 standard was to preserved the integrity of the financial infrastructure (including consumer/client privacy) for all retail payments (credit, debit, stored-value), etc) in all environments (internet, non-internet, point-of-sale, etc).

x9.59 refs:
http://www.garlic.com/~lynn/x959.html#x959

misc. past privacy postings
http://www.garlic.com/~lynn/subpubkey.html#privacy

misc. past fraud postings
http://www.garlic.com/~lynn/subintegrity.html#fraud

EU actually put out a directive that electronic payments should be as anonymous as cash. having even a little bit of the information you suggest in a certificate represents a horrendous privacy violation.

misc. postings regarding relying-party-only certificates (financial institutions attempting to address the horrendous privacy problems of even simple x.509 identity certificates):
http://www.garlic.com/~lynn/aadsmore.htm#pressign President Clinton digital signing
http://www.garlic.com/~lynn/aadsmore.htm#client4 Client-side revocation checking capabilityh
http://www.garlic.com/~lynn/aadsm2.htm#techno digital signatures, technology experiments, and service operations
http://www.garlic.com/~lynn/aadsm3.htm#cstech6 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#kiss1 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss4 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss5 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm4.htm#9 Thin PKI won - You lost
http://www.garlic.com/~lynn/aadsm5.htm#x959 X9.59 Electronic Payment Standard
http://www.garlic.com/~lynn/aadsm5.htm#shock revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm5.htm#liex509 Lie in X.BlaBla...
http://www.garlic.com/~lynn/aadsm5.htm#pkimort PKI: Evolve or Die
http://www.garlic.com/~lynn/aadsm5.htm#spki Simple PKI
http://www.garlic.com/~lynn/aadsm5.htm#spki2 Simple PKI
http://www.garlic.com/~lynn/aadsm5.htm#spki4 Simple PKI
http://www.garlic.com/~lynn/aadsm7.htm#rhose10 when a fraud is a sale, Re: Rubber hose attack
http://www.garlic.com/~lynn/aadsm7.htm#rhose11 when a fraud is a sale, Re: Rubber hose attack
http://www.garlic.com/~lynn/aadsm8.htm#softpki8 Software for PKI
http://www.garlic.com/~lynn/aadsm8.htm#softpki11 Software for PKI
http://www.garlic.com/~lynn/aadsm9.htm#softpki23 Software for PKI
http://www.garlic.com/~lynn/aadsm9.htm#cfppki CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm11.htm#18 IBM alternative to PKI?
http://www.garlic.com/~lynn/aadsm11.htm#19 IBM alternative to PKI?
http://www.garlic.com/~lynn/aadsm11.htm#21 IBM alternative to PKI?
http://www.garlic.com/~lynn/aadsm11.htm#40 ALARMED ... Only Mostly Dead ... RIP PKI ... part II
http://www.garlic.com/~lynn/aadsm12.htm#22 draft-ietf-pkix-warranty-ext-01
http://www.garlic.com/~lynn/ansiepay.htm#aadsnwi2 updates for (AADS) Relying-Party Certification Business Practices
http://www.garlic.com/~lynn/aepay3.htm#votec (my) long winded observations regarding X9.59 & XML, encryption and certificates
http://www.garlic.com/~lynn/aepay3.htm#openclose open CADS and closed AADS
http://www.garlic.com/~lynn/aepay6.htm#dsdebate Digital Signatures Spark Debate
http://www.garlic.com/~lynn/99.html#228 Attacks on a PKI
http://www.garlic.com/~lynn/2000.html#36 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000.html#40 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000.html#41 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000b.html#40 general questions on SSL certificates
http://www.garlic.com/~lynn/2000e.html#41 Why trust root CAs ?
http://www.garlic.com/~lynn/2000f.html#15 Why trust root CAs ?
http://www.garlic.com/~lynn/2001c.html#56 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2001c.html#58 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2001c.html#72 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2001c.html#79 Q: ANSI X9.68 certificate format standard
http://www.garlic.com/~lynn/2001d.html#7 Invalid certificate on 'security' site.
http://www.garlic.com/~lynn/2001e.html#35 Can I create my own SSL key?
http://www.garlic.com/~lynn/2001f.html#77 FREE X.509 Certificates
http://www.garlic.com/~lynn/2001g.html#65 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001g.html#68 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001h.html#0 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001h.html#3 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001i.html#16 Net banking, is it safe???
http://www.garlic.com/~lynn/2002d.html#39 PKI Implementation
http://www.garlic.com/~lynn/2002e.html#56 PKI and Relying Parties
http://www.garlic.com/~lynn/2002e.html#72 Digital certificate varification

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Do any architectures use instruction count instead of timer

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Do any architectures use instruction count instead of timer
 interruptsfor context changes?
Newsgroups: alt.folklore.computers
Date: Thu, 19 Sep 2002 18:18:36 GMT
jmfbahciv writes:
Only five? I'd expect higher. Although...I guess a part of that managing job is to stem rampant productivity, too. So maybe five is a good number.

i was once asked if i really needed to use as much computer time as the whole rest of the organization; i offered to work fewer hours if it was a problem.

i think that the claim was that management appropriately applied could increase the productivity of the whole group by a factor of 5-10 aka over & above what productity already was; and directly attributable to positive management action ... and not compared to possible absolutely worst management action.

corrollary was some line about the worst possible manager is somebody who believe they know what they are doing.

A new e-commerce security proposal

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: A new e-commerce security proposal
Newsgroups: alt.computer.security
Date: Thu, 19 Sep 2002 19:06:03 GMT
zgene writes:
Certificate holder's name Mailing address e-mail address

Will this be good enough.


A subtheme in all this is that identification and authentication frequently get confused. It is possible to have strong authentication and high level of confidence of action w/o requiring identity information to be broadcast to huge number of locations. Somewhat analogous to the discussion about security proportional to risk ... having any identity information in large (tens of millions) number of locations that have little or no formal integrity controls ... aka
http://www.garlic.com/~lynn/2001h.html#61
it isn't just a matter of being able to harvest large amounts of information for fraudulent financial transactions ... it is also just having privacy information available at all

from identity information, merchant doesn't even know what the bank account payment is or even if there is sufficient funds in any bank account.

Also, the EU privacy guideline is even saying that the name on the front (or in magstripe) of existing payment cards is a privacy violation ... addresses even further aggravate that (address may be a requirement for shipping goods but needs to be removed as requirement for payment ... and there are now even anonymizers for physical good shipment).

Identity is not suppose to be part of payment transaction at retail point of sale (online or physical) .... not a lot of identity, not a little bit of identity, just plain identity.

Part of the reason for eliminating (all) identity at point of sale is privacy. The other part .... using reference of current day ISO8583 online transactions ... doesn't need identity to guarantee payment to the merchant. The problem is actually even worse ... for the majority of simple retail transactions ... if a merchant ever has to resort to actually referring to name/address for payment ... they are loosing money.

some about the current mechanism
http://www.garlic.com/~lynn/aadsm5.htm#asrn1
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
http://www.garlic.com/~lynn/aadsm5.htm#asrn4

is derived from MOTO (mail-order, telephone-order) that does an online transaction and uses name/mail-address as corroborating authentication information as part of the online transaction (AVS auth trans).

issue is that the information is effectively shared-secret and can be harvested and reproduced. the original MOTO assumed small additional protection that there would always be a hardgood shipment to the address of record verified in the online transaction. misc. harvesting refs:
http://www.garlic.com/~lynn/subintegrity.html#fraud

furthermore much of the information has to be kept around and available at the merchant for subsequent business processes related to the transaction (i.e. you just can't throw it away).

X9.59 mapped to ISO8583 basically tacks a digital signature onto an existing auth trans (debit, credit, stored-value, etc, and in hardware token can be done at online as well as point-of-sale) ... it preserves all the real-time advantage to the merchant that they really know that they have high probability of getting paid ... and eliminates some of the weakenesses of the existing shared-secrets for authentication (even ability to harvest just the account number and use it for fraudulent transaction).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

A new e-commerce security proposal

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: A new e-commerce security proposal
Newsgroups: alt.computer.security
Date: Thu, 19 Sep 2002 22:47:34 GMT
zgene writes:
Certificate holder's name Mailing address e-mail address

let's ignore for the moment that above is effectively equivalent to x.509 identity certificate ... as per previous posts, financial institutions have determined that the propagation, distribution, and/or emailing such information appended to every payment transaction is privacy issue (whether or not the information is contained in a certificate or not) ... and has led to the relying-party-only certificates that only contain account number and public key (as per the previous references to relying-party-only certificates). This is analogous to moving towards payment cards that don't require name in either the plastic or on the magstripe.

let's look at the idea of only needing to execute a commerce transaction that contains just the above information ... the merchant/relying-party gets the above ... validates that it is a good certificate but (as per prior ref) doesn't keep or retain the information.

applying a little KISS and transposing to the physical world ... I get a gov. credential with my name, mailing address and e-mail address (lets just say that it is called a drivers license). With this credential, I can go into any store in the world, totally fill my shopping cart, walk up to the check out counter and present my credential. The clerk confirms my credential as being valid ... but doesn't record any information from the credential. Furthermore, I don't need to present any money or payment card ... or any other means of payment; once the clerk validates that I have a valid drivers license or other gov. credential ... I'm allowed to walk out with all the goods w/o ever being required to pay for them.

previous posts in thread:
http://www.garlic.com/~lynn/2002m.html#16 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#17 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#19 A new e-commerce security proposal

random past e-commerce related threads:
http://www.garlic.com/~lynn/aadsmore.htm#killer0 Killer PKI Applications
http://www.garlic.com/~lynn/aadsmore.htm#killer1 Killer PKI Applications
http://www.garlic.com/~lynn/aadsmore.htm#setjava javasoft SET - NO!
http://www.garlic.com/~lynn/aadsm2.htm#storage Storage of Certificates
http://www.garlic.com/~lynn/aadsm2.htm#integrity Scale (and the SRV record)
http://www.garlic.com/~lynn/aadsm3.htm#cstech cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#cstech2 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#cstech3 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm3.htm#ecomm Authentication in eCommerce applications
http://www.garlic.com/~lynn/aadsm3.htm#imicro Authentication in eCommerce applications
http://www.garlic.com/~lynn/aadsm5.htm#asrn1 Assurance, e-commerce, and some x9.59 ... fyi
http://www.garlic.com/~lynn/aadsm5.htm#asrn2 Assurance, e-commerce, and some x9.59 ... fyi
http://www.garlic.com/~lynn/aadsm5.htm#asrn3 Assurance, e-commerce, and some x9.59 ... fyi
http://www.garlic.com/~lynn/aadsm5.htm#epaym "e-payments" email discussion list is now "Internet-payments"
http://www.garlic.com/~lynn/aadsm5.htm#shock revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm6.htm#ppsem3 Payment Processing Seminars
http://www.garlic.com/~lynn/aadsm6.htm#terror5 [FYI] Did Encryption Empower These Terrorists?
http://www.garlic.com/~lynn/aadsm6.htm#terror7 [FYI] Did Encryption Empower These Terrorists?
http://www.garlic.com/~lynn/aadsm6.htm#terror9 [FYI] Did Encryption Empower These Terrorists? (addenda)
http://www.garlic.com/~lynn/aadsm7.htm#pcards4 FW: The end of P-Cards?
http://www.garlic.com/~lynn/aadsm7.htm#cryptofree Erst-Freedom: Sic Semper Political Cryptography
http://www.garlic.com/~lynn/aadsm7.htm#rubberhose Rubber hose attack
http://www.garlic.com/~lynn/aadsm7.htm#3dsecure 3D Secure Vulnerabilities?
http://www.garlic.com/~lynn/aadsm8.htm#rhose17 [Fwd: Re: when a fraud is a sale, Re: Rubber hose attack]
http://www.garlic.com/~lynn/aadsm8.htm#softpki11 Software for PKI
http://www.garlic.com/~lynn/aadsm9.htm#carnivore Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"
http://www.garlic.com/~lynn/aadsm9.htm#cfppki5 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm9.htm#cfppki10 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm10.htm#cfppki13 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm10.htm#tamper Limitations of limitations on RE/tampering (was: Re: biometrics)
http://www.garlic.com/~lynn/aadsm10.htm#bio3 biometrics (addenda)
http://www.garlic.com/~lynn/aadsm10.htm#bio7 biometrics
http://www.garlic.com/~lynn/aadsm10.htm#boyd AN AGILITY-BASED OODA MODEL FOR THE e-COMMERCE/e-BUSINESS ENTERPRISE
http://www.garlic.com/~lynn/aadsm10.htm#limit2 Q: Where should do I put a max amount in a X.509v3 certificate?
http://www.garlic.com/~lynn/aadsm11.htm#1 Basic credit-card payment question
http://www.garlic.com/~lynn/aadsm11.htm#16 international financial standards (ISO TC68)
http://www.garlic.com/~lynn/aadsm11.htm#17 Alternative to Microsoft Passport: Sunshine vs Hai
http://www.garlic.com/~lynn/aadsm11.htm#30 Proposal: A replacement for 3D Secure
http://www.garlic.com/~lynn/aadsm11.htm#43 PKI: Only Mostly Dead
http://www.garlic.com/~lynn/aadsm12.htm#3 [3d-secure] NEWS: 3D-Secure and Passport
http://www.garlic.com/~lynn/aadsm12.htm#8 [3d-secure] 3D Secure and EMV
http://www.garlic.com/~lynn/aadsm12.htm#14 Challenge to TCPA/Palladium detractors
http://www.garlic.com/~lynn/aadsm12.htm#18 Overcoming the potential downside of TCPA
http://www.garlic.com/~lynn/aadsm12.htm#24 Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]
http://www.garlic.com/~lynn/ansiepay.htm#aadsach NACHA to Test ATM Card Payments for Consumer Internet Purchases
http://www.garlic.com/~lynn/ansiepay.htm#x959bai X9.59/AADS announcement at BAI
http://www.garlic.com/~lynn/ansiepay.htm#scaads X9.59 related press release at smartcard forum
http://www.garlic.com/~lynn/aepay2.htm#otp X9.59 email purchase transactions (from lynn)
http://www.garlic.com/~lynn/aepay2.htm#fed Federal CP model and financial transactions
http://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management and Information Security
http://www.garlic.com/~lynn/aepay3.htm#riskaads AADS & RIsk Management, and Information Security Risk Management (ISRM)
http://www.garlic.com/~lynn/aepay3.htm#smrtcrd Smart Cards with Chips encouraged ... fyi
http://www.garlic.com/~lynn/aepay4.htm#comcert Merchant Comfort Certificates
http://www.garlic.com/~lynn/aepay4.htm#miscdns misc. other DNS
http://www.garlic.com/~lynn/aepay6.htm#fraud Online Card Fraud Thirty Times That Offline
http://www.garlic.com/~lynn/aepay6.htm#idf Intel Developer's Forum ... fyi
http://www.garlic.com/~lynn/aepay6.htm#harvest harvesting of credit card numbers
http://www.garlic.com/~lynn/aepay6.htm#ecomich call for new measures: ICH would be glad to help
http://www.garlic.com/~lynn/aepay7.htm#netbank net banking, is it safe?? ... power to the consumer
http://www.garlic.com/~lynn/aepay7.htm#netsecure some recent threads on netbanking & e-commerce security
http://www.garlic.com/~lynn/aepay8.htm#ccfraud Almost Half UK E-Shopper's Fear Card Fraud (CC fraud increased by 50% in 2k)
http://www.garlic.com/~lynn/aepay8.htm#visapass VISA: All Your Password Are Belong to Us
http://www.garlic.com/~lynn/aepay8.htm#x959paper Credit Card Fraud and E-Commerce: A Case Study
http://www.garlic.com/~lynn/aepay10.htm#7 UNCITRAL Electronic Contracting Project
http://www.garlic.com/~lynn/aepay10.htm#8 FSTC to Validate WAP 1.2.1 Specification for Mobile Commerce
http://www.garlic.com/~lynn/aepay10.htm#20 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/aepay10.htm#22 PKI: An Insider's View
http://www.garlic.com/~lynn/aepay10.htm#42 FSTC Announces Proximity Payment Trial
http://www.garlic.com/~lynn/98.html#5 x9.59 electronic payment standard
http://www.garlic.com/~lynn/98.html#41 AADS, X9.59, & privacy
http://www.garlic.com/~lynn/98.html#48 X9.59 & AADS
http://www.garlic.com/~lynn/99.html#16 Old Computers
http://www.garlic.com/~lynn/99.html#79 Authentication in eCommerce applications
http://www.garlic.com/~lynn/99.html#80 Authentication in eCommerce applications
http://www.garlic.com/~lynn/99.html#217 AADS/X9.59 demo & standards at BAI (world-wide retail banking) show
http://www.garlic.com/~lynn/99.html#224 X9.59/AADS announcement at BAI this week
http://www.garlic.com/~lynn/99.html#235 Attacks on a PKI
http://www.garlic.com/~lynn/2000.html#36 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2000g.html#5 e-commerce: Storing Credit Card numbers safely
http://www.garlic.com/~lynn/2000g.html#48 Use of SET?
http://www.garlic.com/~lynn/2000g.html#50 Egghead cracked, MS IIS again
http://www.garlic.com/~lynn/2001c.html#54 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2001d.html#41 solicit advice on purchase of digital certificate
http://www.garlic.com/~lynn/2001e.html#26 Can I create my own SSL key?
http://www.garlic.com/~lynn/2001f.html#31 Remove the name from credit cards!
http://www.garlic.com/~lynn/2001g.html#11 FREE X.509 Certificates
http://www.garlic.com/~lynn/2001g.html#25 Root certificates
http://www.garlic.com/~lynn/2001h.html#7 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001h.html#51 future of e-commerce
http://www.garlic.com/~lynn/2001h.html#58 Net banking, is it safe???
http://www.garlic.com/~lynn/2001h.html#64 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce
http://www.garlic.com/~lynn/2001i.html#56 E-commerce security????
http://www.garlic.com/~lynn/2001i.html#57 E-commerce security????
http://www.garlic.com/~lynn/2001j.html#0 E-commerce security????
http://www.garlic.com/~lynn/2001j.html#2 E-commerce security????
http://www.garlic.com/~lynn/2001j.html#5 E-commerce security????
http://www.garlic.com/~lynn/2001j.html#9 E-commerce security????
http://www.garlic.com/~lynn/2001j.html#23 OT - Internet Explorer V6.0
http://www.garlic.com/~lynn/2001j.html#52 Are client certificates really secure?
http://www.garlic.com/~lynn/2001k.html#34 A thought on passwords
http://www.garlic.com/~lynn/2001k.html#55 I-net banking security
http://www.garlic.com/~lynn/2001l.html#10 E-commerce security????
http://www.garlic.com/~lynn/2001m.html#25 ESCON Data Transfer Rate
http://www.garlic.com/~lynn/2002.html#32 Buffer overflow
http://www.garlic.com/~lynn/2002c.html#31 You think? TOM
http://www.garlic.com/~lynn/2002c.html#35 TOPS-10 logins (Was Re: HP-2000F - want to know more about it)
http://www.garlic.com/~lynn/2002c.html#36 economic trade off in a pure reader system
http://www.garlic.com/~lynn/2002d.html#8 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002d.html#35 PKI Implementation
http://www.garlic.com/~lynn/2002d.html#41 Why?
http://www.garlic.com/~lynn/2002e.html#18 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002e.html#36 Crypting with Fingerprints ?
http://www.garlic.com/~lynn/2002e.html#40 Smart Cards
http://www.garlic.com/~lynn/2002e.html#73 Blade architectures
http://www.garlic.com/~lynn/2002f.html#10 Least folklorish period in computing (was Re: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002f.html#23 Computers in Science Fiction
http://www.garlic.com/~lynn/2002f.html#27 Security Issues of using Internet Banking
http://www.garlic.com/~lynn/2002f.html#28 Security Issues of using Internet Banking
http://www.garlic.com/~lynn/2002f.html#31 Security and e-commerce
http://www.garlic.com/~lynn/2002f.html#33 Security and e-commerce
http://www.garlic.com/~lynn/2002f.html#34 Security and e-commerce
http://www.garlic.com/~lynn/2002f.html#35 Security and e-commerce
http://www.garlic.com/~lynn/2002f.html#40 e-commerce future
http://www.garlic.com/~lynn/2002f.html#45 Biometric Encryption: the solution for network intruders?
http://www.garlic.com/~lynn/2002g.html#83 Questions about computer security
http://www.garlic.com/~lynn/2002h.html#6 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002h.html#31 Computers in Science Fiction
http://www.garlic.com/~lynn/2002h.html#41 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002h.html#68 Are you really who you say you are?
http://www.garlic.com/~lynn/2002j.html#18 Symmetric-Key Credit Card Protocol on Web Site
http://www.garlic.com/~lynn/2002j.html#63 SSL integrity guarantees in abscense of client certificates
http://www.garlic.com/~lynn/2002k.html#44 how to build tamper-proof unix server?
http://www.garlic.com/~lynn/2002l.html#5 What good is RSA when using passwords ?
http://www.garlic.com/~lynn/2002l.html#11 IEEE article on intelligence and security
http://www.garlic.com/~lynn/2002l.html#24 Two questions on HMACs and hashing
http://www.garlic.com/~lynn/2002l.html#35 Cryptography

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Original K & R C Compilers

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Original K & R C Compilers.
Newsgroups: alt.folklore.computers
Date: Fri, 20 Sep 2002 19:34:43 GMT
"Douglas H. Quebbeman" writes:
I must be missing something here; EBCDIC is an 8-bit code, right? So 'char' shouldn't have any trouble being based on EBCDIC instead of ASCII, should it? Most conversations about the difficulty of implementing C on non-ASCII machines seemed to center more on the fact that those machines had character sizes of something other than 8 bits.

As to the standard library, seems like all you need to do is supply a table with the EBCDIC collating sequence to make strcmp() et. al. work right.


there are little things that aren't in both character sets ... brackets, braces, dollar/cent signs, etc ... there is even some issues about being able to do symmetric translation (aka if you translate ascii->ebcdic and back again ... would you have the original). i ran into this when i put tty support into cp/67 back in the '60s. some of this led to us building pcm terminal controller for ibm mainframe (out of interdata/3):
http://www.garlic.com/~lynn/subtopic.html#360pcm

there was a version of unix ported to a stripped down tss/370 kernel that was used only inside at&t (it had a code name but it slips my mind at the moment). random past refs:
http://www.garlic.com/~lynn/96.html#4a John Hartmann's Birthday Party
http://www.garlic.com/~lynn/2000.html#64 distributed locking patents
http://www.garlic.com/~lynn/2000.html#92 Ux's good points.
http://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000c.html#8 IBM Linux
http://www.garlic.com/~lynn/2000f.html#68 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000f.html#70 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2001d.html#77 Pentium 4 Prefetch engine?
http://www.garlic.com/~lynn/2001e.html#19 SIMTICS
http://www.garlic.com/~lynn/2001f.html#20 VM-CMS emulator
http://www.garlic.com/~lynn/2001f.html#22 Early AIX including AIX/370
http://www.garlic.com/~lynn/2001f.html#23 MERT Operating System & Microkernels
http://www.garlic.com/~lynn/2001l.html#8 mainframe question
http://www.garlic.com/~lynn/2001l.html#17 mainframe question

a former co-worker did some extensive work with the compiler in the early to mid 80s at a chip-shop porting a number of bezerkely chip tools to vm/cms. he said that there was a large number of bugs that he had to fix and also significantly rewrite the code-generation optimizer. he was also the original beta-test for the c-compiler that ibm chose to OEM for 370 ... which he also had to do significant debugging on. past ref
http://www.garlic.com/~lynn/2001l.html#18 mainframe question

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

DOS history question

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: DOS history question
Newsgroups: alt.folklore.computers
Date: Fri, 20 Sep 2002 23:56:53 GMT
Eric Sosman writes:
The company still exists, more or less; http://www.atex.com/ is their Web site. They've been sold and re-sold and merged and re-merged several times, and it appears they've changed their business focus more than a little. Not having seen the place in seventeen years I can't be sure, but I rather imagine the old hot-rodded PDP-11s that once were their bread and butter may now be just a fading memory of indigestion.

one of the things that started my wife and i on ha/cmp
http://www.garlic.com/~lynn/subtopic.html#hacmp

in the late '80s was platform for the applications for one of their large customers. following newsgroup posting is totally unrelated that my wife and i were doing in the late '80s.
From: alexv@Atex.Kodak.COM (Alex Volanis)
Newsgroups: comp.newprod
Date: 1 Jul 92 19:27:54 GMT

NEW PRODUCT ANNOUNCEMENT: Ultra High Performace Fault Tolerant File Server

Atex Inc., a Kodak subsidiary, a supplier of high availability publishing systems has developed a Ultra high performance fault tolerant NFS file server. The product allows NFS client processes to continue computing, in the event of any single point of failure of the server or its network enviroment, even if the failure occured mid-transaction. This is accomplished without any modification to client software.

The fault tolerant system is comprised of two 486 servers, one acting as a primary server and the other as a secondary server. Each server runs Unix V.3. A proprietary high speed interface connects the two servers. The dual servers eliminate all single points of failure.

Continuous diagnostic monitoring of all system interfaces, including the required un-interuptable powersupply, enables the secondary server to detect when to take over client processes from a failed primary server.

A change journal of all data blocks modified since the primary server went down is used to quickly bring the primary back into data synchronization when it is returned to service.

A modified UNIX file system copies all file system data updates from the primary server to the secondary server. The dual data copies obviate the need to commit file system data to disk. The use of a large buffer cache allows the file server to operate out of memory with little or no disk reads or writes. The result is large improvement in UNIX file system and data base performance. The secondary server can be used in a read only mode for further performance gains.

Atex is looking for a strategic partner to market the FTFS product and will port the product to the operating system and hardware of the selected vendor.

For further product information contact:

Gordon Vinther
Atex Inc.
805 Middlesex Tpk.
Billerica Ma., 01821
U.S.A.

Tel: (508)670-3133


--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

DOS history question

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: DOS history question
Newsgroups: alt.folklore.computers
Date: Sat, 21 Sep 2002 00:04:54 GMT
misc. other atex ...

Subject: "Can Atex Keep Its Proprietary Place in the Newsroom?"
Source:  NY Times, 3/17/91, pg F4, John Markoff       <120 LINES>

 'A favorite is being superseded by desktop software'
o Atex Inc., Billerica MA
   - once the world's premier maker of editorial and advertising systems
- now under pressure as new technology and nimble competitors challenge
o Bill Solimeno, Seybold Publishing Group (Media PA) analyst
"They don't have a competitive product today and they need one quickly"
 o the news lately has been unrelentingly bad
- 3 multi-million deals have gone to their chief competitor, S11 from
     Systems Integrators, Sacramento CA
. Toronto Star
. Washington Post
. Westchester Rockland Newspapers
   - 2 weeks ago Atex announced the latest in their layoffs
. they are now down to 600 employees, from 1985's 1,400
   - Time Magazine dropped their hardware service and support contract
. Time was Atex's premier magazine customer
- then Time announced plans at the Seybold seminar in Boston last month
. they're going to create a division and compete with Atex
     . using Macintosh software technology from P.Ink (Germany)
o Atex was founded in 1973 by Charles and Richard Ying
   - they developed their first system in an unheated loft in Lexington MA
after graduating from MIT
- Ray Toothaker, Advanced Technology Solutions pres. & former Atex exec
"They would be a classic business school study case.
      The thing that's sad is they had the market and they let it go.
It was a revolutionary business when it started.
      But Kodak slowed us down during a crucial period beginning in 1981.
They brought in two chemists who knew nothing about high technology"
- Kodak bought Atex from its founders for $77M

 Atex announced a new president in January, and a new strategy
o they were developing a "big bang" product with IBM
   - instead they will go to a modular approach
- they hope for more than a dozen products before yearend
o Brian Lacey, Atex president and former Monotype (UK) head
"This company has been in a deep freeze.
    We have to come out and show the what what this technology can do"
o industry executives say Atex lost it's grip because:
   - they were slow to modernize, and
- slow to recognize the power of the PC desktop publishing wave
. Atex's business was based on a minicomputer system from DEC
. minicomputer sales have largely sagged in the face of PC systems
 o the same features that were exclusive to Atex are available on desktops
- plus features that newspaper publishers have been looking for
 o Atex may be too late to save it's still-considerable customer base
- Paul Brainerd, Aldus (Seattle WA) president
"It's a fundamental change in the business model.
It's very difficult for a company to make this kind of transition
       when everything is changing in the way you do business"
. he founded Aldus when he left Atex in 1984
 o Lacey took over with a mandate from Kodak and IBM
- do whatever it takes to get back on track
o Atex will adopt to industry hardware and software standards: Lacey
- they'll also open their product line and work with other companies
   - industry officials are adopting a wait and see:
. can Atex make progress while cutting headcount?
 o Atex is going to finish new technology projects for newsroom pagination
- combining digitized photos and text on a computer screen and
sending the result directly to the printing press
- the New York Times announced a $22M plan in 1988
     . Atex and IBM would develop a customized system
- there have been delays with the system, still...
     . installation of the text editing will take place this year
. without the page layout feature
o Jonathon Seybold, Seybold Report publisher
"What you have is a company that has retreated into a corner.
    It's partly ATex's fault and partly its customers fault"
- large newspapers had become too dependent on Atex
     'the thought of changing systems is too painful to consider'
o Lacey believes Atex will stave off the desktop onslaught
"It's very easy for passion to be forgotten when you're part of a large
multinational company.  We have to bring passion back to what we do"

Accompanied by a box, "Catching the '4th Wave'"
 o a lot of the talk at the Seybold seminar in Boston was about Time & P.Ink
- selling sophisticated editorial production software to magazines & papers
o P.Ink Software Engineering is a modular collection of software programs
- they combine other commercial software...
     . Quark's Xpress page-layout program
. a range of database managers, text editors, newswire viewers
 o the programs run on Apple Macintoshes
- "IBMs RS/6000", Next's Nextstation and other Unix systems to be added
o P.Ink allows a reporter or editor to write in one window...
- while watching newswires in another...
   - and simultaneously running other Mac programs
- it's the holy grail of publishing:
     . combining editing, pagination, and coordinating with dozens of
other writers and editors
o Gerald Lelivre, Time director of development for pre-press systems
"I felt the software had potential, however they were a small German
    company that had no immediate intention of moving into the US.
I couldn't afford to wait"
   - P.Ink is installed at 10 sites in Germany
- at Leipziger Volkszeitung, P.Ink controls a system of 140 reporters
and editors using Macintosh Ilc's

 Accompanied by a chart, "Atex's Stake Amoung Leading Newspapers"
       Newspaper        Circulation   System
Wall Street Journal       1,835,713   Information Int'l
USA Today                 1,325,507   Atex
Daily News                1,194,237   Atex
Los Angeles Times         1,107,823   Systems Integrators
New York Times            1,068,217   Atex, Harris
Washington Post             772,749   Systems Integrators
Chicago Tribune             720,155   Hazeltine
Newsday                     700,174   Atex
Detroit News                690,422   Systems Integrators
Detroit Free Press          626,434   Atex
San Francisco Chronicle     560,640   Systems Integrators
Chicago Sun-Times           535,884   Atex
Boston Globe                516,031   Atex
New York Post               507,568   Harris
Philadelphia Inquirer       504,903   Atex

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Original K & R C Compilers

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Original K & R C Compilers.
Newsgroups: alt.folklore.computers
Date: Sat, 21 Sep 2002 00:32:06 GMT
attached some random bit of information. note that the sss/370 (tss/370 kernel work to support running unix on top) for at&t had started in 1979.

while the compiler ran on cms ... it & runtime libraries were written using os-simulation (i.e. os/360 kernel api interfaces that were simulated by cms). the chip-shop work mentioned in previous reference
http://www.garlic.com/~lynn/2002m.html#21 original K & R C Compilers

in 1984, also undertook to rewrite the internals to use native CMS APIs

Date: 2 Nov 1983 20:46:32-EST (Wednesday)
To: C370_fans
Subject: C compiler for 370.

In reply to your question about C/370 licenses.

Source license is $2000. The contact at ATT for source licenses is:

Max Wicker (919) 697-6760
ATT Technology Licensing
PO Box 25000
Greensboro, NC 27420

Binary licenses are $200 (one-time charge). However, ATT does not sell any binary licenses directly.

You also understand that a C/370 license is independent of any other ATT software license (e. g. a C/370 license does not imply any rights with respect to UNIX software, nor does a UNIX license imply any rights with respect to C/370 software).

Also include a statement of the steps that you will take to protect the software from users who may not be aware of the above requirements, such as use of read passwords, etc.

Please let me know if you find/fix any bugs (no flames, please). For example, the pre-processor reports line numbers in source files incorrectly, so it is necessary to look at the output of the C Pre-Processor and do some arithmetic to find the errors reported by the compiler. There are also problems in the libraries. For example, fseek() does not seem to work, even in the limited way that is advertized.

There are differences in the ascii-to-ebcdic conversions used by C/370 from the "standard" IBM translations (I will include VM2CC EXEC which may help with this if you are trying to import C code). I have also written routine to use the new PLIST form of command-line arguments, mixed-case untokenized by CMS. See C_CMDS SCRIPT for info and C370PRO C for how to install it.

Editing invisible characters on a 3277 is aided by macros FROMCC XEDIT and TOCC XEDIT (TELLCC XEDIT documents how to type these characters).

______
UNIX is a trademark of Bell Laboratories.
... snip ... top of post, old email index

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Original K & R C Compilers

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Original K & R C Compilers.
Newsgroups: alt.folklore.computers
Date: Sat, 21 Sep 2002 03:05:33 GMT
Anne & Lynn Wheeler writes:
started in 1979. while the compiler ran on cms ... it & runtime libraries were written using os-simulation (i.e. os/360 kernel api interfaces that were simulated by cms). the chip-shop work mentioned in previous reference
http://www.garlic.com/~lynn/2002m.html#21 original K & R C Compilers

in 1984, also undertook to rewrite the internals to use native CMS APIs


the other item that i had forgotten ... somebody reminded me ... was that the bell runtime libraries originally had been almost totally written in assembler. my former co-worker at this chip-shop ... rewrote them almost totally in C (besides various bug fixes, performance optimizations and support native CMS API conventions). he/chip-shop had some contract to provide the rewrite back to bell/at&t.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Original K & R C Compilers

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Original K & R C Compilers.
Newsgroups: alt.folklore.computers
Date: Sat, 21 Sep 2002 03:55:25 GMT
also from some place ...

Date: 7/13/87 07:37:05 PDT
From: wheeler
Subject: high-level debugger;

A friend of mine who use to work for IBM is now working as an independent consultant. One of his contracts involved taking the C-370 compiler that is available from bell labs. and almost totally rewriting it. Another contract was for beta test site for the xxxxxx compiler (oem'ed by ibm) where he rewrote and fixed a lot of the code.

One of the things he did was to write a CMS C asynchronous environment that makes it very easy for writing service virtual machine applications in C (i.e. simple multitasking and other functions). Another thing he did was to write a super symbolic C debugger that makes extensive use of the 370 PER hardware and is integrated into the CMS asynchronous runtime environment (simplifying the problem of poping into & out of the debugger while the program is running for things like traces, reading files with symbol tables, saving context information, etc).

I'm not sure about what if any plans there are to market many of these enhancements available to xxxxxx (compiler oem'ed by ibm). Most of the work was done under contract to one of the VLSI design companies where he also ported (to CMS) a large percentage of the available VLSI design packages that are available on UNIX. I have a feeling that the company may feel that the resulting super-sophisticated CMS/C development/production environment provides them with a significant competitive advantage over the competition ... CMS on a 3090 is delivering much more mips than the run of the mill dec/unix machines ... and the combined CMS/C environment ... especially with the debugger is providing a compariable environment (downside is the lack of shared, hiearchial file system, ... service virtual machines are providing most of the batch/fork support).


... snip ... top of post, old email index

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Root certificate definition

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificate definition
Newsgroups: sci.crypt
Date: Sat, 21 Sep 2002 20:03:06 GMT
"Johan Stäck" writes:
In PKI, is there a commonly accepted definition of "root certificate"?

In searching the net, I find zillions of references to the phrase, but it seems everyone assumes that it has a well defined meaning. Does it?....


it tends to be related with hierarchical trust infrastructure where it is the root of a specific trust hierarchy and is normally self-signed (aka rather than having public key and related certificate contents signed by some other private key ... it is signed by the private key associated with the public key in the certificate). being the root of the trust hierarchy it also tends to be obtained or made available by some out-of-band mechanism ... not associated with the standard certificate PKI protocol ... and as such, the process by which it is obtained establishes a major trust component by which all of the rest of the PKI hierarchy is based.

there has been a number of threads recently that the complexity (non-KISS) of the PKI infrastructure (certfication authorities, certification processes, intepretation of certificate options, etc), is in itself a major vulnerability ... leading to exploits (analogous to the significant number of exploits and vulnerabilities associated with the semantics of the c-language string and buffer handling interfaces)
http://www.garlic.com/~lynn/subintegrity.html#fraud

from:
http://www.garlic.com/~lynn/secure.htm
root

(I) A CA that is directly trusted by an end entity. Acquiring the value of a root CA's public key involves an out-of-band procedure. (I) Hierarchical PKI usage: The CA that is the highest level (most trusted) CA in a certification hierarchy; i.e., the authority upon whose public key all certificate users base their trust. (C) In a hierarchical PKI, a root issues public-key certificates to one or more additional CAs that form the second highest level. Each of these CAs may issue certificates to more CAs at the third highest level, and so on. To initialize operation of a hierarchical PKI, the root's initial public key is securely distributed to all certificate users in a way that does not depend on the PKI's certification relationships. The root's public key may be distributed simply as a numerical value, but typically is distributed in a self-signed certificate in which the root is the subject. The root's certificate is signed by the root itself because there is no higher authority in a certification hierarchy. The root's certificate is then the first certificate in every certification path. (O) MISSI usage: A name previously used for a MISSI policy creation authority, which is not a root as defined above for general usage, but is a CA at the second level of the MISSI hierarchy, immediately subordinate to a MISSI policy approving authority. (O) UNIX usage: A user account (also called 'superuser') that has all privileges (including all security-related privileges) and thus can manage the system and its other user accounts. [RFC2828] (see also certificate, certification, key, Multi-Level Information System Security Initiative)

root CA

The Certification Authority that is trusted by everyone. The root CA issues digital certificates to other CAs. [misc] (see also certification authority, public-key infrastructure)

root certificate

(I) A certificate for which the subject is a root. (I) Hierarchical PKI usage: The self-signed public-key certificate at the top of a certification hierarchy. [RFC2828] (see also certification, key, certificate) root key (I) A public key for which the matching private key is held by a root. [RFC2828] (see also key)


--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

simple architecture machine instruction set

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: simple architecture machine instruction set
Newsgroups: comp.arch
Date: Sat, 21 Sep 2002 21:44:42 GMT
Roberto de Iriarte writes:
The only popular 32 bit ISA that i am aware of that had a documented 24 bit address space (i.e the remaining bits where "reserved") is , as stated above, the IBM 360/370 ISA, later extended to 31 bits (370XA), and currently to 64 bits (Z series)

small side note ... the 360 model 67 (mid-60s) had support for two virtual addressing modes ... 24-bit & 32-bit. adding virtual addressing & relocating hardware to 370 machines only provided for 24-bit virtual addressing. later with 811/xa on the 3081 ... 31-bit virtual addressing mode was added to the 24-bit virtual addressing mode. there were some considerations of why xa used 31-bit vis-a-vis 32-bit that was used in 360.

http://www.garlic.com/~lynn/93.html#14 S/360 addressing
http://www.garlic.com/~lynn/93.html#25 MTS & LLMPS?
http://www.garlic.com/~lynn/2000f.html#35 Why IBM use 31 bit addressing not 32 bit?
http://www.garlic.com/~lynn/2001h.html#10 VM: checking some myths.
http://www.garlic.com/~lynn/2001l.html#36 History
http://www.garlic.com/~lynn/2001m.html#43 FA: Early IBM Software and Reference Manuals
http://www.garlic.com/~lynn/2002c.html#40 using >=4GB of memory on a 32-bit processor
http://www.garlic.com/~lynn/2002d.html#49 Hardest Mistake in Comp Arch to Fix

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Computer Security Taxonomy

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Computer Security Taxonomy
Newsgroups: comp.security.unix
Date: Sun, 22 Sep 2002 04:18:39 GMT
NSU writes:
I've been working on a Computer Security Taxonomy, so that people can create large databases of computer security references. I've looked at COAST's security taxonomy and found it seriously lacking. I was wondering if anyone could point me at any other taxonomies (does the Dewey Decimal System or Library of Congress have a good online taxonomy for computer security?). Thanks in advance.

of a kind:
http://www.garlic.com/~lynn/index.html#glossary

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Root certificate definition

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Root certificate definition
Newsgroups: sci.crypt
Date: Sun, 22 Sep 2002 04:13:52 GMT
as an aside ... note that the hierarchical PKI trust model somewhat originated in the '80s targeting an offline, electronic environment and in many ways patterned after the offline, non-electronic credit card model of the '60s.

basically the offline credit card model had credentials (plastic cards), trust hierarchy (brands & logos), and periodic credential revokation lists. the hierarchical PKI trust model of the '80s in many ways attempted to emulate this offline model but updated with electronic technology.

one issue was that the offline, non-electronic credit card model observed in the '70s that for things of value, the advent of online electronic operations made it possible to economically transition from an offline, non-electronic model to an online, electronic model (completely bypassing a possible intermediate step of offline, electronic paradigm). in many ways, the '80s hierarchical PKI trust model was an enormous step backwards except possibly for no-value operations. As a result there is sometimes something of an oxymoron relating a trust PKI hierarchy to no-value operations.

The '80s niche that the trust PKI hierarchy was attempting to address were no-value, offline email of the early '80s; aka a dialed connection was temporarily made to the entities email post office, email was exchanged, and the link was broken. The issue in processing offline email was what authentication mechanism could be used? ... since it was not possible to directly contact an authoritative reference (as happened in the transition to electronic, online operation made by the payment card industry in the '70s for valued opertions).

The alternative model that emerged for processing offline email was PGP. Rather than explicitly performing out-of-band verification of each and every trusted 3rd party root certificates ... and then implicitly relying on the trust in the 3rd parties to correctly verify all parties that you might wish to communicate with .... you explicitly used out-of-band verification for every party that you needed to have valued/trusted email.

The 3rd party trust model never really hit any big time use until SSL and HTTPS for electronic commerce. This was somewhat a transition scenario, while SSL & HTTPS were online models, there was a desire to incrementally deploy pieces of the infrastructure before online authoritative agencies were available. In fact, one of the major reasons given for the deployment of SSL & HTTPS at all was various itegrity concerns with regard to the existing online authoritative agencies for domain name to ip-address lookup (i.e. the domain name infrastructure).

Note, however that much of the SSL/HTTPS infrastructure can be considered somewhat a facade overlaying the existing domain name infrastructure because the domain name infrastructure, is in fact the authoritative reference for domain name ownership ... aka when you apply to a trusted third party certification authority for a domain name SSL server certificate, the TTP-CA has to rely on the authoritative agency responsible for domain name ownership ... the domain name infrastructure (concerns about the integrity of this very same infrastructure gave rise to having SSL/HTTPS originally).

In what might be considered an apparent catch-22, there are proposals (including some needed by the TTP CA operations) to signifcantly improve the integrity of the domain name infrastructure (in no small part so that TTP CA operations can rely on it). Note however that significant improvement in the integrity of the (online, realtime) domain name infrastucture would largely negate the justification for having SSL domain name server certificates.

random refs:
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

simple architecture machine instruction set

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: simple architecture machine instruction set
Newsgroups: comp.arch
Date: Sun, 22 Sep 2002 19:34:44 GMT
nmm1@cus.cam.ac.uk (Nick Maclaren) writes:
While that is true at some levels, there are others at which it is a VASTLY simpler architecture than the high-performance RISCs, let alone the IA-64. It may have been evil for the hardware people to implement, but was relatively easy to code generate for. To a great extent, the RISC revolution merely made the complexity Someone Else's Problem.

in fact, i was in a meeting circa '76 where that was stated as a primary goal of 801 ... hardware/software complexity trade-offs ... hardware simplicity trade-off against software (& compiler) complexity.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Computer Security Taxonomy

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Computer Security Taxonomy
Newsgroups: comp.security.unix
Date: Mon, 23 Sep 2002 14:19:11 GMT
NSU writes:
Wow, do you have tools to parse that? I can't imagine transcribing it all.

basically my own RYO knowledge base .... a front-end parser to load entries ... and then a glossary/taxonomy application that spits out the html.

i also use it for the IETF RFC standards process .... as changes/additions occur ... they are loaded and the index is regenerated ... but there is also several consistency checks regarding change/addition are consistent with the defined standards process for the internet
http://www.garlic.com/~lynn/rfcietff.htm

an idiosyncracy of the glossary/taxonomy application is that URL for specific entries being automatically generated ... when the knowledge base changes ... the generated URL for specific entries may change.

some notes regarding sources of the merged gtlossary/taxonomy
http://www.garlic.com/~lynn/index.html#glosnote

while some of the taxonomy structures are gleaned from the original sources, i've tended to make significant additions.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

simple architecture machine instruction set

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: simple architecture machine instruction set
Newsgroups: comp.arch
Date: Mon, 23 Sep 2002 14:00:06 GMT
nmm1@cus.cam.ac.uk (Nick Maclaren) writes:
Yes. The papers that I saw proposing that the next step in hardware design should be for ISAs that were designed for compiler code generation (as distinct from manual coding or ease and efficiency of implementation) were in the eaarly 1970s. It never happened :-(

compiler was pl.8 ... which eventually saw some of its technology migrate into some other compliers ... and CPr operating system. one of the things simplified was the whole thing of protection domains, system calls, etc. code was to be validated at compile and bind time .. and then at run time there was effectively no differentiation between application runtime library code and kernel runtime library code.

the virtual memory segement registers were as accessable as general purpose registers ... and it was as easy to change a virtual memory register as it was to change a pointer/addressing register. to some extent this gave rise to statements about ROMP (pc/rt) being 40-bit addressing (inverted tables, 32-bit addresses, 4bit segment register selection, 28bit segment displacement, 12bit segment register values ... 12+28=40bits ... and then rios being 24+28=52bit addressing).

course nearly all of that started to evaporate when ROMP was retargeted to unix platfrom instead of displaywriter followon platform.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

good asymmetric algorithm

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: good asymmetric algorithm
Newsgroups: sci.crypt
Date: Mon, 23 Sep 2002 21:20:30 GMT
"Frank Leggett" writes:
Hi, just wanted to ask your advice on what asymmetric encryption algorithm to use for a web-based data transfer (using TCP/IP to transfer data from one place to another). Until now we've used blowfish and twofish (both symmetric algorithms) but it's a problem that some clients lose their keys so we are considering using a public/private key system. But we're uncertain how safe/fast they are compared to symmetric algorithms (speed is next to irrelevant)

SSL uses asymmetric for (symmetric, session) key exchange ... and then uses symmetric key for that session. RFC 2246 discusses TLS and various key exchange (authenticated, anonymous, rsa, diffie-hellman).

While blow/two fish aren't listed in the current ciphersuites the following from RFC 2246, appendix A.5, pg. 54:

Note: All cipher suites whose first byte is 0xFF are considered private and can be used for defining local/experimental algorithms. Interoperability of such types is a local matter.

Note: Additional cipher suites can be registered by publishing an RFC which specifies the cipher suites, including the necessary TLS protocol information, including message encoding, premaster secret derivation, symmetric encryption and MAC calculation and appropriate reference information for the algorithms involved. The RFC editor's office may, at its discretion, choose to publish specifications for cipher suites which are not completely described (e.g., for classified algorithms) if it finds the specification to be of technical interest and completely specified.

Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are reserved to avoid collision with Fortezza-based cipher suites in SSL 3.


...=========================================================

also ...

RFC 3268
Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

simple architecture machine instruction set

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: simple architecture machine instruction set
Newsgroups: comp.arch
Date: Tue, 24 Sep 2002 02:06:17 GMT
J Ahlstrom writes:
What a good idea ! Software is so much cheaper to architect, design and implement and to replicate, so much easier to get correct, to modify and to extend than hardware is. (Isn't that why they call it hardware?) IIRC aggressively optimizing compilers have always been the way to get faster performance rather than waiting for the next hardware implementation.

this has worked for things that can be predetermined and relatively deterministic since the software/compiler is doing relatively early binding. as hardware has gotten more capabilities it started adding support for a lot more transient and less predeterminable optimizations (say branch prediction).

there are some claims that risc/801 was in part a re-action to the excessive complexity of FS project where everything and the kitchen sink was being dropped into hardware ... supposedly one of the things that killed FS was one report that claimed if a real FS machine was implemented with the fastest 370 (195) technology then available at the time ... its thruput would be that of a 370 less than 1/10th as powerful (370/145).

another past issue was existance of legacy executables tightly coupled to specific machine and lengthy conversion transition whenever hardware changed. risc happened to come into its stride in a market segment that was trying to get away from the tight coupling between executables and hardware ISA. Promoting compiler technology for hardware optimization was synergistic with promoting compiler technology for portability purposes.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

(OT) acceptance of technology, was: Convenient and secure

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: (OT) acceptance of technology, was: Convenient and secure
eCommerce using POWF
Newsgroups: sci.crypt
Date: Wed, 25 Sep 2002 01:31:04 GMT
"Paul Pires" writes:
Not so. Issuers hold individual card-users harmless for each particular instance of fraud but the cost of all fraud is passed through to their customers. It doesn't come out of executive compensation you know. It is a cost of doing business and as such is passed on..... to us. Furthermore, If we don't care or if we percieve that they are paying for it "for us" we are decieved as well as drained since they now have little motivation to deal with it. Why worry? We are paying but not screaming bloody murder.

it isn't just the issuers ... although the issuers is who the card users typically are dealing with. the default for everything is the merchant. consumer says that they didn't do/get something, burden of proof is on the merchant or otherwise the merchant eats it.

if the merchant is bankrupt (or skips town), then the merchant's financial institution is liable (merchant credit card banks "like" airline merchants because of the profitable charges ... but they also really hate it when they go bankrupt, they are on the hook for charges for undelivered services, which can easily be tens of millions). The consumer's issuing bank is at the end of that line behind the merchants and the merchants' finanical institutions.

Of course fraud, bankruptcy, etc is cost of doing business ... and shows up in fees and charges one way or another. Merchant has to accept discount rate on credit card charges as cost of doing business as well as fraud as cost of doing business. Lots of merchants (and banks) may buy fraud insurance ... the premiums for that insurance is also cost of doing business. In much the same way that defrauding insurance companies result in higher premiums that everybody pays ... defrauding anybody results in higher cost of doing business and is ultimately passed on to the consumer.

general fraud, exploit, vulnerabilities:
http://www.garlic.com/~lynn/subintegrity.html#fraud

lots of card fradu related postings:
http://www.garlic.com/~lynn/aadsmore.htm#debitfraud Debit card fraud in Canada
http://www.garlic.com/~lynn/aadsmore.htm#scanon Smartcard anonymity patents
http://www.garlic.com/~lynn/aadsm3.htm#cstech3 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aadsm5.htm#shock revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm6.htm#terror7 [FYI] Did Encryption Empower These Terrorists?
http://www.garlic.com/~lynn/aadsm6.htm#terror14 [FYI] Did Encryption Empower These Terrorists? (addenda to chargebacks)
http://www.garlic.com/~lynn/aadsm6.htm#pcards2 The end of P-Cards? (addenda)
http://www.garlic.com/~lynn/aadsm7.htm#auth Who or what to authenticate?
http://www.garlic.com/~lynn/aadsm7.htm#auth2 Who or what to authenticate? (addenda)
http://www.garlic.com/~lynn/aadsm7.htm#rhose4 Rubber hose attack
http://www.garlic.com/~lynn/aadsm7.htm#rhose5 when a fraud is a sale, Re: Rubber hose attack
http://www.garlic.com/~lynn/aadsm10.htm#risks credit card & gift card fraud (from today's comp.risks)
http://www.garlic.com/~lynn/aadsm10.htm#tamper Limitations of limitations on RE/tampering (was: Re: biometrics)
http://www.garlic.com/~lynn/aadsm10.htm#bio2 biometrics
http://www.garlic.com/~lynn/aadsm11.htm#44 Web site exposes credit card fraud
http://www.garlic.com/~lynn/aadsm11.htm#45 Web site exposes credit card fraud
http://www.garlic.com/~lynn/ansiepay.htm#breach Security breach raises questions about Internet shopping
http://www.garlic.com/~lynn/ansiepay.htm#scaads X9.59 related press release at smartcard forum
http://www.garlic.com/~lynn/aepay3.htm#disputes Half of Visa's disputes, fraud result from I-commerce (more)
http://www.garlic.com/~lynn/aepay3.htm#x959risk2 Risk Management in AA / draft X9.59
http://www.garlic.com/~lynn/aepay3.htm#smrtcrd Smart Cards with Chips encouraged ... fyi
http://www.garlic.com/~lynn/aepay6.htm#fraud Online Card Fraud Thirty Times That Offline
http://www.garlic.com/~lynn/aepay6.htm#ccfraud2 "out of control credit card fraud"
http://www.garlic.com/~lynn/aepay6.htm#ccfraud3 "out of control credit card fraud"
http://www.garlic.com/~lynn/aepay8.htm#ccfraud Almost Half UK E-Shopper's Fear Card Fraud (CC fraud increased by 50% in 2k)
http://www.garlic.com/~lynn/aepay8.htm#ccfraud2 Statistics for General and Online Card Fraud
http://www.garlic.com/~lynn/aepay8.htm#visapass VISA: All Your Password Are Belong to Us
http://www.garlic.com/~lynn/aepay8.htm#x959paper Credit Card Fraud and E-Commerce: A Case Study
http://www.garlic.com/~lynn/aepay9.htm#risks credit card & gift card fraud (from today's comp.risks)
http://www.garlic.com/~lynn/aepay9.htm#skim High-tech Thieves Snatch Data From ATMs (including PINs)
http://www.garlic.com/~lynn/aepay10.htm#3 High-tech Thieves Snatch Data From ATMs (including PINs)
http://www.garlic.com/~lynn/aepay10.htm#6 credit card & gift card fraud (from today's comp.risks)
http://www.garlic.com/~lynn/aepay10.htm#16 Worker Accused of Selling Colleagues' ID's Online (credit card scam)
http://www.garlic.com/~lynn/aepay10.htm#19 Misc. payment, security, fraud, & authentication GAO reports (long posting)
http://www.garlic.com/~lynn/aepay10.htm#25 Definese Dept Criticised on Internal Credit Card Fraud
http://www.garlic.com/~lynn/aepay10.htm#26 Definese Dept Criticised on Internal Credit Card Fraud
http://www.garlic.com/~lynn/aepay10.htm#38 Credit card fraud sending night-vision rifle scope to criminal
http://www.garlic.com/~lynn/aepay10.htm#41 ATM Scams - Whose Liability Is It, Anyway?
http://www.garlic.com/~lynn/aepay10.htm#44 Credit Card Skimming Rising In The US
http://www.garlic.com/~lynn/2001c.html#73 PKI and Non-repudiation practicalities
http://www.garlic.com/~lynn/2001f.html#40 Remove the name from credit cards!
http://www.garlic.com/~lynn/2001h.html#68 Net banking, is it safe???
http://www.garlic.com/~lynn/2002c.html#22 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002c.html#23 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002d.html#41 Why?
http://www.garlic.com/~lynn/2002e.html#23 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002e.html#40 Smart Cards
http://www.garlic.com/~lynn/2002f.html#10 Least folklorish period in computing (was Re: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002g.html#72 Biometrics not yet good enough?
http://www.garlic.com/~lynn/2002h.html#6 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002h.html#8 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002h.html#41 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002j.html#63 SSL integrity guarantees in abscense of client certificates

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Convenient and secure eCommerce using POWF

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Convenient and secure eCommerce using POWF
Newsgroups: sci.crypt
Date: Wed, 25 Sep 2002 01:37:00 GMT
"Ben Mord" writes:
So the issuer and merchants will lose less money to fraud if customers accept a better technology e.g. smart cards or POWFs. How can they get customers to accept the new technology? This seems very easy to me. Pass on some percentage of the fraud savings back to the customers as financial incentives such as lower APRs, better airline mile deals, direct crediting of their account, etc. When faced directly with these incentives funded by the savings in prevented fraud, what customer won't want to adopt this new technology?

one of the studies during this period was issue of PC/SC and the requirement for serial port readers. there has been documentation on significant consumer problems with the consumer installation and operation of pc/sc serial port readers (including some failures that resulting having to re-install operating system). this by itself, independent of card use itself, represented a significant issue.

note that there has been uptake of smartcards in other parts of the world with point-of-sale terminal support being deployed ... and the use of the cards at point-of-sale.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Convenient and secure eCommerce using POWF

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Convenient and secure eCommerce using POWF
Newsgroups: sci.crypt
Date: Wed, 25 Sep 2002 05:52:00 GMT
"Roger Schlafly" writes:
That is one of the fundamental problems with smartcards. Unless there is some secure way of communicating with the card, the reader could intercept the PIN, have it sign something other than what you want it to sign, and maybe even steal your private key.

that is part of the objective of the EU finread standard ... certified readers ... not only certified/secure pin entry, but also certified/secure display (aka are you really signing what you think you are signing ... the PC has a virus which sends to the reader for signing something totally different than is being displayed on the screen ... with only secure PIN entry .... you could still be signing something other than what you think you are signing).

there is related issue with regard to intention and non-repudiation ... aka programs can be set-up to perform digital signature operations as means of authentication. however, that wouldn't be sufficient to equate a digital signature to a physical hand-written signature (since it usually is possible to show that when you write your signature, you actually intended to write your signature ... as opposed to performing some totally different operation).

recent finread & intention related posting:
http://www.garlic.com/~lynn/aadsm12.htm#19 TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
http://www.garlic.com/~lynn/aadsm12.htm#24 Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]

any signing card that can divulge your private key is hardly worth it ... related aads chip strawman:
http://www.garlic.com/~lynn/x959.html#aads

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Convenient and secure eCommerce using POWF

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Convenient and secure eCommerce using POWF
Newsgroups: sci.crypt
Date: Thu, 26 Sep 2002 01:42:12 GMT
"Ben Mord" writes:
That kind of problem would kill anything. But that's an easily fixed implementation problem that has nothing to do with the underlying technology. There is nothing inherent to smart card technology that sh uld make readers difficult to install. That is just a QA problem.

there was issue of getting pc/sc to support USB plug&play and then whether it would be retrofitted to things already in the field.

also with usb plug&play other form factors things came into operation ... like USB dongles/key-fobs (not requiring a separate reader).

from an infrastructure investment standpoint there is the cross-over between consumer device and commercial point-of-sale device. for a time this seemed to be iso 7816 smartcards ... that have pos device deployment in various places in the world. one of the issues that has come up with high-traffic POS devices commercial settings is reliability and some migration started towards iso 14443 proximity cards (or 7816/14443 combo cards).

so there having been some initial problems with early deployment in a consumer setting of 7816 contact card readers (in part because of the pc/sc serial port issue) ... there is now some issue about whether there will be commercial migration to various wireless/contactless technologies; aka bluetooth, iso 14443 proximity, etc (or alternatively USB dongles). In which case, any significant additional investment in 7816 contact infrastructure at this point might be in question.

One possibility might be combo key-fob that does both USB as well as iso 14443 proximity.

In the bluetooth setting, one issue might be whether a lot of the individual card form factors get absorbed into a PDA or cellphone that supports multiple kinds of wireless operations (bluetooth, cellular, proximity, infrared, etc) ... rather than having a unique piece of plastic for every possible account ... each is defined in the PDA/cellphone.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Wanted: the SOUNDS of classic computing

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wanted: the SOUNDS of classic computing
Newsgroups: alt.folklore.computers,alt.sys.pdp10
Date: Fri, 27 Sep 2002 00:53:00 GMT
fdc@columbia.edu (Frank da Cruz) writes:

http://www.columbia.edu/cu/computinghistory/datacell.html


i don't remember any of the 2321 sounds being particular pattern ... except the sound of bin volser being read during os/ipl ... which i remember as something like kerchunk, kerchunk, whirl ... repeated for each bin.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

History of The Well was AOL

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: History of The Well was AOL
Newsgroups: alt.folklore.computers
Date: Fri, 27 Sep 2002 15:22:06 GMT
Joel Gallun writes:
Who was the first ISP to go flat rate? It wasn't AOL or MCI. Both of them went flat rate as a reaction to someone else but I can't recall who.

i had well account for a number of years and then added netcom (very early on in netcom's life, i was able to still get "lynn" as my shell account) which was flat rate (I don't know if it was earliest) ... misc. postings
http://www.garlic.com/~lynn/93.html#20 Most Embarrasing Misposting
http://www.garlic.com/~lynn/93.html#21 Too much data on an actuator (was: 3.5 inch 9GB )

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Wanted: the SOUNDS of classic computing

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wanted: the SOUNDS of classic computing
Newsgroups: alt.folklore.computers,alt.sys.pdp10
Date: Sat, 28 Sep 2002 17:32:26 GMT
jcmorris@mitre.org (Joe Morris) writes:
Don't forget the sounds of an entire machine room coming to life from a cold shutdown. Start with dead quiet, then a quiet <click> of the power-on button, followed by loud kerCHUNK sounds from the power relays (plus pinball-game-like sounds from the rotary relay in the CPU as it skips over unused power-control connections), followed by thudrrrrreeeeeeIIIII from the huge motors that spun the disk drives...all accompanied by the increasingly loud noise from the fans in the various boxes, and the chatter of the 8in floppy readers loading microcode.

and periodically something in the sequence would hang. then power-off, go around to the individual controllers, put them into ce-mode, power up individually, go back to the cpu, power it up, put all the controllers back to normal.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

It is GNU/Linux, not just Linux

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: It is GNU/Linux, not just Linux
Newsgroups: alt.folklore.computers
Date: Sat, 28 Sep 2002 18:41:45 GMT
cstacy@dtpq.com (Christopher C. Stacy) writes:
My point is that there are many reasons why a contract might be void, relating to improper formation of the contract. My example (the relevant sentence you deleted, which came after the one you are complaining about) was failure to agree on the subject matter of the contract. Another example along these lines, and one way that my first example could happen, relates to the language of the contractual offer. For an offer to be valid, it must (for one thing) be language that a reasonable person, hearing the words spoken, under the given circumstances, would believe that the person intended to enter into the committment. The offer must also contain definite terms and address the subject matter. (The law used to be that the offer had to include all the material terms, but that's not true anymore in most states.)

for drift ... there is an interesting situation regarding digital signatures which can be implemented for authentication ... I send your machine a challenge, it digitally signs it and sends back the response (as a challenge/response authentication protocol). Now that is the same digital signature that rough reading of some digital signature laws is going to be equivalent to a physical signature. Part of the confusion may just be semantics ... because there is the character string "signature" in the term "digital signature" ... it automagically conveys the attributes of a physical signature.

some lawyers have been trying to make the distinction that (physical) signing of a contract carries with it the idea that you intended to sign that contract as agreeing to the T&Cs specified ... as opposed to digital "signing" any (presumably) random bit of data as a means of authentication.

misc. public key threads:
http://www.garlic.com/~lynn/subpubkey.html#publickey

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Beware, Intel to embed digital certificates in Banias

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Beware, Intel to embed digital certificates in Banias
 processors
Newsgroups: sci.crypt,comp.sys.intel,comp.arch
Date: Sun, 29 Sep 2002 21:22:55 GMT
"Douglas A. Gwyn" writes:
Ha! That's what you think. Most embedded processors have no reasonable way to generate anything randomly, so one has to engineer a random generator as part of the system.

the chips that i'm aware of for trusted computing platform module ... are very similar/same to eal4-high certified security-ic chips for smartcards ... including fairly high quality random number generator ... sufficient for both key generation procedures as well as fips186-2/dsa/ecdsa digital signatures.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Wanted: the SOUNDS of classic computing

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wanted: the SOUNDS of classic computing
Newsgroups: alt.folklore.computers,alt.sys.pdp10
Date: Mon, 30 Sep 2002 15:56:41 GMT
Alan Greig writes:
Remember NCR - who do you think builds all the ATMs?

how 'bout diebold?

when we were in the los gatos lab., some of the people there had worked on original ATM machine ... there was a vault built in the basement that use to have something like $50k of US twenties ... and also a lot of bills from couple dozen other countries.

That business was sold off ... I think to diebold ... but I don't remember for sure.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Encryption algorithm for stored data

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Encryption algorithm for stored data
Newsgroups: sci.crypt
Date: Mon, 30 Sep 2002 16:10:27 GMT
somewhat related:

Call for Papers
          First IEEE International Security In Storage Workshop
December 11th, 2002 -- Greenbelt, Maryland, USA
                    http://ieee-tfia.org/sisw2002

Sponsored by the
IEEE Computer Society Task Force on Information Assurance and the
                 IEEE Security In Storage Working Group

The ability to create large shared storage systems in a secure manner
is an area that has received little formal research or results. A
comprehensive, systems approach to storage security is required if
storage consolidation is to succeed. This workshop serves as an open
forum to discuss storage threats, technologies, methodologies and
deployment.

The workshop seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of designing,
building and managing secure storage systems; possible topics include,
but are not limited to the following:

  - Cryptographic Algorithms for Storage
- Cryptanalysis of Existing and Proposed Systems and Protocols
- Key Management for Storage Novel Implementations
- Attacks on Storage Area
  - Networks and Storage Systems
- Insider Attack Countermeasures
  - Standardization Approaches
- Deployment of Secure Storage Mechanisms
- Defining and Defending Trust Boundaries in Storage
- Security in Federated Systems
  - Relating Storage Security to System and Network Security
- Security for Internet Storage Service Providers

The goal of the workshop is to disseminate new research, and to bring
together researchers and practitioners from both governmental and
civilian areas.  Accepted papers will be published by IEEE Press in a
proceedings volume.  Program Co-Chairs

  - James Hughes (StorageTek, USA)
- Jack Cole (US Army Research Laboratory, USA)

Program Committee

- Donald Beaver (Seagate, USA)
  - Randal Burns (Johns Hopkins University, USA)
- Richard Chow (USA)
- Peter Haas (University of Stuttgart, Germany)
- Yongdae Kim (University of Minnesota, USA)
  - Ben Kobler (NASA Goddard Space Flight Center, USA)
- Fabio Maino (Andiamo Systems, USA)
  - Ethan Miller (University of California Santa Cruz, USA)
- David McGrew (Cisco Systems, USA)
- Andrew Odlyzko (University of Minnesota, USA)
- Tatsuaki Okamoto (NTT, Japan)
  - Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium)
- Pierangela Samarati (University of Milan, Italy)
  - Rodney Van Meter (Nokia, USA)

Submissions

Papers must list all authors and affiliations, begin with a title, a
short abstract, a list of key words, and an introduction. The
introduction should summarize the contributions of the paper at a
level appropriate for a non-specialist reader. Papers may be submitted
in ASCII text, PostScript, PDF, HTML, or Microsoft Word.

Papers should be at most 15 pages in length including the
bibliography, figures, and appendices (using 10pt body text and
twocolumn layout).  Authors are responsible for obtaining appropriate
clearances. Authors of accepted papers will be asked to sign
IEEEcopyright release forms. Final submissions must be in camera-ready
PostScript or PDF. Authors of accepted papers must guarantee that
their paper will be presented at the conference.

Papers that duplicate work that any of the authors have or will
publish elsewhere are acceptable for presentation at the
workshop. However, only original papers will be considered for
publication in the proceedings.

Important Dates

Paper due:                  October 11, 2002
Notification of acceptance: November 1, 2002
Final papers due:           November 25, 2002
Workshop:                   December 11, 2002

Submissions and questions should be sent electronically to
James Hughes <jim@network.com>

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

updated security glossary/taxonomy

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: updated security glossary/taxonomy
Newsgroups: comp.security.misc
Date: Mon, 30 Sep 2002 19:21:06 GMT
i've updated security glossary/taxonomy
http://www.garlic.com/~lynn/index.html#glossary

with quite a few additional entries from sc27 as well as glossary from a group that provides online references for one of the professional security certifications. The update of the taxonomy for the new entries is only partially completed ... so there will be additional changes over the next several days.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

History of The Well was AOL

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: History of The Well was AOL
Newsgroups: alt.folklore.computers
Date: Tue, 01 Oct 2002 02:50:16 GMT
Giles Todd writes:
In the UK, Demon Internet was flat-rate from the day the service started -- 1 June 1992.

Giles.


doing search on older google newsgroup entries for

flat rate online netcom

came up with old posting
http://groups.google.com/groups?q=flat+rate+online+netcom&hl=en&lr=&ie=UTF-8&oe=UTF-8&as_drrb=b&as_mind=1&as_minm=1&as_miny=1988&as_maxd=1&as_maxm=6&as_maxy=1990&selm=6966%40cbnewsh.ATT.COM&rnum=6

that had:
02/89 408-997-9119^ netcom San Jose CA 3/12/24/96 24 Unix System V -- Shell Access [Bourne, Korn, C-Shell], BBS, USENET, Languages: C, Lisp, Prolog, Clips, (Ada soon), $10 / month, login as 'guest' no password. Contact netcom!bobr.

as well as:
11/89 415-332-6106^ well Sausalito CA 12/24 24 6-processor Sequent Balance (32032); UUCP and USENET access; multiple lines; access via CPN; PICOSPAN BBS; $3/hour. Contact (415) 332-4335

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Help in Understanding requirement gathering, design,

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Help in Understanding requirement gathering, design,
 development & quality control
Newsgroups: comp.arch
Date: Tue, 01 Oct 2002 02:54:26 GMT
jitudavda@hotmail.com (Jitu) writes:
Can anyone help me understanding "requirement gathering", "design", "development" & "quality control".

much of these are including in updated merged security glossary at
http://www.garlic.com/~lynn/index.html#glossary

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Microsoft's innovations [was:the rtf format]

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Microsoft's innovations [was:the rtf format]
Newsgroups: alt.folklore.computers
Date: Wed, 02 Oct 2002 19:19:02 GMT
ignatios@newton.cs.uni-bonn.de (Ignatios Souvatzis) writes:
hawk@slytherin.ds.psu.edu (Dr. Richard E. Hawkins) writes:

Microsoft did invent something once [...]

I'll give them credit for three innovations:

2) The usable footnote. Until Word 1.0 for the mac, footnotes were a royal pain. OTOH, there are still spacing bugs, though they don't bite as often.

Was that before Knuth and TeX?

-is


was that before G. M. & L. added GML to script in the early '70s. script was runoff like from about '66 and I believe principle of operations was one of the first major manuals (besides the cp/67 & cms manuals) done in script. during the '70s almost all the manuals converted to gml ... and 3800 output looked a lot nicer than 1403 when sent to the publishers.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Microsoft's innovations [was:the rtf format]

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Microsoft's innovations [was:the rtf format]
Newsgroups: alt.folklore.computers
Date: Thu, 03 Oct 2002 00:23:22 GMT
"Foobar T. Clown" writes:
How about bravo? Anybody here remember bravo? I don't specifically remember whether it had automatic footnotes, but I remember using it to write a resume in 1979. Very cool!

there was also a port/rewrite of script for the pc in the early '80s (script/pc?) random past ref:
http://www.garlic.com/~lynn/2002b.html#46 ... the need for a Museum of Computer Software

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Microsoft's innovations [was:the rtf format]

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Microsoft's innovations [was:the rtf format]
Newsgroups: alt.folklore.computers
Date: Thu, 03 Oct 2002 14:04:12 GMT
Anne & Lynn Wheeler writes:
there was also a port/rewrite of script for the pc in the early '80s (script/pc?) random past ref:
http://www.garlic.com/~lynn/2002b.html#46 ... the need for a Museum of Computer Software


i was using search engines looking for pc script/gml processors ... one of the few (relevant) hits that i found:

http://www.romankoch.ch/capslock/minigmlscr.htm

MiniGML A small GML formatter for your IBM PC or PS/2 Version 2.0

Document Number MINIGML.SCR

04/17/1987

Roman Koch
INS CC Zuerich
Operation
Mail: ICRKO01 at ZCHVM2

Preface

MiniGML is a small (less then 25 KB) and fast text formatting program. lt accepts a subset of the GML (Generalized Markup Language) starter set tags. MiniGML is a handy and simple way to process GML documents in environments where diskette space or memory is critical. MiniGML is not a replacement for other DCF/ GML formatters like DWSCRIPT or SCRIPT/PC. For complex formatting tasks (indexing, cross-references, conditional processing and so on), and for perfect compatibility with your host GML, you will continue to use one of the big ones.


====================

also found following list of ibm announcements from spring 1984 that mentions script/pc. the script product i was thinking about wasn't (originally?) an ibm offering

XENIX announced for the System/9000 machine (which was recently added to
IBM's product line - it's not IBM Instruments anymore)

PC/Videotex - Supports PCJr directly (I think), but PC and XT require
a Plantronics Colorplus or a MDS Realcolor graphics adapter

FORTRAN v2
- 8087 support, double precision, 4-byte integers,
overlays, 640K support, DOS 2 pathname support,
    library manager provided, byte-aligned character variables
PASCAL v2
  - 8087, 640K support, pathname support, librarian provided, etc.

Upgrade for existing FORTRAN or PASCAL user costs $100.00

PC SORT V 1
- Standalone or callable from COBOL
  - Seems to have most features of mainframe sort/merge

Screen Print utility for the previously announced color printer

SCRIPT/PC

Plannercalc

ISPF/PC (aka EZ-VU) - 2 products, a runtime package and a
development package.  Provides dialogue management services
for BASIC, PASCAL, FORTRAN, etc.

PCJR Color Display

Datamaster-like PCWriter

2 Flavors of Displaywriter-like WP software - big one is
similar to Textpack 4, and can interchange documents with it

IBM 5218 Printer - finally, an IBM logo letter quality printer -
optional sheet and envelope feeders, can be shared among up to
4 PCs through an option, software to drive it converts IBM Graphic
printer orders into appropriate sequences for the 5218, listed as
fully compatible with WordStar, PeachText, and todays announcements

Ability to directly attach PC and Displaywriter, and to put the
Displaywriter on a PC Cluster (through a PC).

DisplayComm BSC program - Provides BSC 2780 etc emulation, but
also allows document interchange with Displaywriter, 6670 (imagine,
a PC driving a 6670!), a 5520, and other office systems

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Authentication of others is a privilege, not a right

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Authentication of others is a privilege, not a right
Newsgroups: alt.computer.security
Date: Fri, 04 Oct 2002 00:37:47 GMT
"Mark Guzowski" writes:
Authentication is a privilege, which should not necessarily be the domain of anyone other than (a) the govt/law enforcement, (b) the courts, or (c) the person whose authentication is in question.

i believe this is mixing up authentication and identification. it might be better worded that the identification of others is a privilege.

i would claim that anybody could do authentication ... which in a relatively simple form is the person that i believe i'm talking to ... really that person. this can be as simple as the dollar bill torn in half ... a person can proove that they are the person that sent me half a torn dollar bill by presenting the other half; this doesn't involve identification ... it just involves authentication.

i go into a bank and deposit a million dollars ... and the bank gives me a card and a secret password for authenticated access to that million dollars. other than various gov. requirements ... the card and password would be sufficient for authenticated access ... no identification is required.

misc. refs for authentication and identification are in the merged security glossary at:
http://www.garlic.com/~lynn/index.html#glossary

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Microsoft's innovations

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Microsoft's innovations
Newsgroups: alt.folklore.computers
Date: Fri, 04 Oct 2002 14:21:50 GMT
jmfbahciv writes:
Right. IF I recall correctly, our RUNOFF could not back up to the previous page. Also there was a problem when the footnote indicator occurred on the last line of the page (I would "fix" that by inserting a .TEST PAGE at a previous break in the text; note that you can't do that within a paragraph because it blew the filling and justifying out of the water.

And then there was that one time when the bloody footnote was greater than the page. The programmer was Spoken to.


script would handle the footnotes correctly ... but there was the problem of "old maids". most of the papers i did for publications had a local professional tech writer work on. one had a real hot button for sentence at end of paragraph or section that crossed a page and there were only a couple of words on the following page. he insisted on a conditional page check put in front of such sentences (if there are fewer than 2-3 lines on the current page ... force the complete sentence to the following page).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Beware, Intel to embed digital certificates in Banias

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Beware, Intel to embed digital certificates in Banias
processors
Newsgroups: sci.crypt,comp.sys.intel,comp.arch
Date: Fri, 04 Oct 2002 14:42:40 GMT
writes:
Placing a digital certificate in the CPU isb't supposed to be creating an identity for you.

In the ideal world, the user would have a smart card carrying his digital identity (and possibly some anonymous identities[]). In addition, the hardware would have digital certificates used to certify to both the user and the business that the user is talking to that the hardware can be trusted.

E.g. ideally your credit card number would never be stored in the CPU. Everything would be challenge/response to your personal smart card. No unencrypted credit cards.

But... it is probably not feasible not to ever store unencrypted text in CPU memory. Sure, maybe all paging to disk can be encrypted, but you will want to store and display unencrypted stuff at least temporarily on your PC. The purpose of a digital certificate in the hardware is to allow both you and the businesses you are dealing with to trust the hardware, and, by extensuon, the OS and everything else involved in the storage, management, and display of unencrypted stuff.

I.e. aspects of digital certificates in hardware actually do provide value individual. That is why I find it not totally reprehensible to work in that field.

The bad parts are that

(1) digital certificates in hardware enable digital rights management in ways that violate traditional fair use doctrine

(2) digital certificates in hardware are not a perfect identity, but they are pretty damned good --- good enough to infringe on privacy.

Hence my contention: we need enough digital certification of hardware (and OS) to enable trusting the platform, but we need enough obfuscation to prevent it infringing privacy. One bit, and flash rather than ROM...


certification authorities typically create digital certificates where some sort of information is certifiably bound to a public key. in the x.509 defintion this information has traditionally been considered "identity" information that is bound to a public key.

however, the financial (and other) infrastructures for (at least) privacy and liability reasons went to something called relying-party-only certificates that typically contain only an account number and a public key. for these purposes it is possible to show that such certificates are redundant and superfluous ... and typically only exist for compatibility reasons with easily available COTS digital signature support software. misc. recent posts on r.p.o. certificates
http://www.garlic.com/~lynn/aadsm12.htm#27 Employee Certificates - Security Issues
http://www.garlic.com/~lynn/aadsm12.htm#28 Employee Certificates - Security Issues

also
http://www.garlic.com/~lynn/subpubkey.html#rpo

within the general context of binding any information to a public key ... it could be as simple as type of processor or type of operation system. the certificate could be totally privacy agnostic ... something like the stored value cards that you can purchase at large number of retail, grocery store, etc. check-out counters.

NOTE that within the current structure of payment card retail financial transactions ... they are essentially unauthenticated ... as a result the account number effectively becomes a shared-secret. many of the vulnerabilities are related to the fact that the account number is a shared-secret but at a large number of processing points it must be available ... and therefor it is available for fraudulent purposes ... various posts related to this:
http://www.garlic.com/~lynn/subintegrity.html#fraud
http://www.garlic.com/~lynn/2001h.html#61 Security Proportional To Risk

the charter given the x9a10 standards working group was to preserve the integrity of the financial infrastructure for all retail transactions. the x9.59 standard
http://www.garlic.com/~lynn/x959.html#x959

defines authenticated transaction and removes the account number from the category of a shared-secret ... aka the account number can be publically broadcast and it would still not be possible to perform a fraudulent transaction. part of the issue is that the account number is required in the clear in so many places ... that it was effectively impossible to keep in secret; so the solution was to remove the necessity of keeping it secret.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Microsoft's innovations

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Microsoft's innovations
Newsgroups: alt.folklore.computers
Date: Sun, 06 Oct 2002 13:00:45 GMT
Steve O'Hara-Smith writes:
In my normal word processing environment I use .cp n (where n is a number of lines that must be available on the page). In the new fangled docbook XML -> XSL-FO system I use the keep-with hints a lot. I gave up on Word and the like years ago (actually I never did get the hang of WSYWIG).

.cp n was standard cms script i guess going all the way back to mid 60s. when gml was added to script circa '70 ... the original script syntax was kept ... so it was possible to have document markup that intermixed gml and the original dot dommands.

this perculated into things like the waterloo versions as well as all the PC versions.

misc:
http://www.garlic.com/~lynn/2002m.html#54 Microsoft's innovations

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The next big things that weren't

Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The next big things that weren't
Newsgroups: alt.folklore.computers
Date: Mon, 07 Oct 2002 19:27:47 GMT
"x" writes:
>IBM 9000 series What are these then?

recent posting here mentioning 9000
http://www.garlic.com/~lynn/2002m.html#52 Microsoft's innovations

... part way down the posting is a list of announcements from 1987 mentioning the s/9000 ... aka
XENIX announced for the System/9000 machine (which was recently added to IBM's product line - it's not IBM Instruments anymore)

also from original announcement:


IBM Instruments Inc (Danbury, Ct.) has announced on Monday 4/26/82 a
Motorola 68000 based MICROCOMPUTER named ADVENTURE. Preliminary
specifications are:

1) Base system consisting of
a) a box containing a planar board + 5 additional slots
          -Planar board has: 128 kbytes of ram, prom resident operating
system, 5 1/4 in floppy controller, 1 IEEE-488 port,
           3 serial ports (RS 232), 3 timers (2 Mhz), 1 parallel port
b) Crt (bw, apa, 768480 resolution)
c) a function keypad (not key board)

2) Prices start at $ 5695 for the base system. Options include:
Keyboard (same as PC)       270; 4 color printer-plotter 2095
       Sensor board (A/D; Di/do)   850; Floppy drive (2 8in)    2478
Hard disk controller/Drive 3900; 1 mb ram board          4100
Basic                       195; Assembler/linker/editor  155

3) First customer ship date 10/82

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The next big things that weren't

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The next big things that weren't
Newsgroups: alt.folklore.computers
Date: Mon, 07 Oct 2002 20:39:32 GMT
Joachim Pense writes:
>PL/I Well, but it was the implementation language of MULTICS, which is one of the OS milestones (and maybe a candidate for this list, too). And Multics is the origin of Unix.

one of the observations in the recent multics paper is no buffer overflows. one might conjecture that the epidemic of buffer overflows might be due to differences between PL/I and C.

http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#45 Thirty Years Later: Lessons from the Multics Security Evaluation

using search engine on pl/i seems to still come up with quite a few hits ... so it can't have disappeared totally.
http://www.faqs.org/faqs/computer-lang/pli-faq/

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The next big things that weren't

Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The next big things that weren't
Newsgroups: alt.folklore.computers
Date: Tue, 08 Oct 2002 14:07:26 GMT
"David Wade" writes:
OSI Networking? Universal X.400 connectivity. The X.500 directory (not lots of x.500 like directories)

GOSIP ... osi networking mandated by the (US) government ... replace all the internet (also all the euro gov. osi mandates).

random past gosip refs:
http://www.garlic.com/~lynn/99.html#114 What is the use of OSI Reference Model?
http://www.garlic.com/~lynn/99.html#115 What is the use of OSI Reference Model?
http://www.garlic.com/~lynn/aadsm12.htm#23 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/aadsmore.htm#setjava javasoft SET - NO!
http://www.garlic.com/~lynn/2000b.html#0 "Mainframe" Usage
http://www.garlic.com/~lynn/2000b.html#59 7 layers to a program
http://www.garlic.com/~lynn/2000b.html#79 "Database" term ok for plain files?
http://www.garlic.com/~lynn/2000d.html#16 The author Ronda Hauben fights for our freedom.
http://www.garlic.com/~lynn/2000d.html#43 Al Gore: Inventing the Internet...
http://www.garlic.com/~lynn/2000d.html#63 Is Al Gore The Father of the Internet?
http://www.garlic.com/~lynn/2000d.html#70 When the Internet went private
http://www.garlic.com/~lynn/2001e.html#17 Pre ARPAnet email?
http://www.garlic.com/~lynn/2001e.html#32 Blame it all on Microsoft
http://www.garlic.com/~lynn/2001i.html#5 YKYGOW...
http://www.garlic.com/~lynn/2001i.html#6 YKYGOW...
http://www.garlic.com/~lynn/2002g.html#21 Why did OSI fail compared with TCP-IP?
http://www.garlic.com/~lynn/2002g.html#30 Why did OSI fail compared with TCP-IP?
http://www.garlic.com/~lynn/2002i.html#15 Al Gore and the Internet

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The next big things that weren't

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The next big things that weren't
Newsgroups: alt.folklore.computers
Date: Tue, 08 Oct 2002 16:08:29 GMT
Roland Hutchinson writes:
SOFTWARE:

BeOS

Taligent

OpenDoc


Pink (by apple) and Spring (by Sun) object-oriented operating systems ... Taligent outgrowth of Pink and Java outgrowth of Spring

http://www.garlic.com/~lynn/2000.html#10 Taligent
http://www.garlic.com/~lynn/2000e.html#42 IBM's Workplace OS (Was: .. Pink)
http://www.garlic.com/~lynn/2000e.html#45 IBM's Workplace OS (Was: .. Pink)
http://www.garlic.com/~lynn/2000e.html#46 Where are they now : Taligent and Pink
http://www.garlic.com/~lynn/2000e.html#48 Where are they now : Taligent and Pink
http://www.garlic.com/~lynn/2001j.html#32 Whom Do Programmers Admire Now???

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The next big things that weren't

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The next big things that weren't
Newsgroups: alt.folklore.computers
Date: Tue, 08 Oct 2002 20:26:09 GMT
haynes@alumni.uark.edu (Jim Haynes) writes:
Perhaps it fits the category in the sense that Algol 60 was to be the new improved language that would make Fortran obsolete.

PL/1 to do the same for both Fortran and COBOL.

Don't believe anybody has mentioned UNCOL yet.

The Computer Utility - the idea around the time of Multics that computing would be done in big central stations (Grosch's Law) and users would plug in like plugging into an electricity socket. Although this one keeps coming back in various schemes to make the user pay each time he uses the software.


there were some number of computer utilities ... aka timesharing service bureaus that came out of 545tech sq (the building housing multics) ... but it was from the group on the 4th floor that did cp/67 .... IDC, NCSS, then tymshare, etc. random
http://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000d.html#40 360 CPU meters (was Re: Early IBM-PC sales proj..
http://www.garlic.com/~lynn/2000e.html#9 Checkpointing (was spice on clusters)
http://www.garlic.com/~lynn/2000f.html#52 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000f.html#60 360 Architecture, Multics, ... was (Re: X86 ultimate CISC? No.)
http://www.garlic.com/~lynn/2000g.html#4 virtualizable 360, was TSS ancient history
http://www.garlic.com/~lynn/2001b.html#15 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001h.html#35 D
http://www.garlic.com/~lynn/2001h.html#59 Blinkenlights
http://www.garlic.com/~lynn/2001i.html#44 Withdrawal Announcement 901-218 - No More 'small machines'
http://www.garlic.com/~lynn/2001m.html#51 Author seeks help - net in 1981
http://www.garlic.com/~lynn/2002b.html#2 Microcode? (& index searching)
http://www.garlic.com/~lynn/2002h.html#34 Computers in Science Fiction
http://www.garlic.com/~lynn/2002h.html#50 crossreferenced program code listings
http://www.garlic.com/~lynn/2002h.html#60 Java, C++ (was Re: Is HTML dead?)
http://www.garlic.com/~lynn/2002i.html#44 Unisys A11 worth keeping?
http://www.garlic.com/~lynn/2002i.html#48 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002i.html#64 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#69 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002k.html#54 general networking
http://www.garlic.com/~lynn/2002k.html#57 History of AOL
http://www.garlic.com/~lynn/2002l.html#53 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#56 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#62 Itanium2 performance data from SGI
http://www.garlic.com/~lynn/2002l.html#63 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#64 10 choices that were critical to the Net's success

later during the hpcc period in the early '90s, i believe it was one of the people supplying hardware to the test bed at LLNL that coined the term "information utility".
http://www.garlic.com/~lynn/2001.html#20 Disk caching and file systems. Disk history...people forget

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The next big things that weren't

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The next big things that weren't
Newsgroups: alt.folklore.computers
Date: Wed, 09 Oct 2002 15:21:40 GMT
Joe Pfeiffer writes:
And that wasn't the point of associative memory, anyway. Even if you had a fully-associative TLB (which I believe has been done, though I'm too lazy to look it up) that's nothing like a user-level program for pattern-matching.

360/67 look-aside table was fully associative ... but it was only eight entries ... and only one address space deep ... all entries were automatically reset any table the address space (segment table) pointer changed.

370/165/168 TLB was 4-way set associative ... 128 entries, 7 address space deep. virtual address bits were used to select group of 4 entries .... and then the 4 entries were checked for both address space match as well as virtual address match.

for some other refs do search engine on content addressable in addition to associative

one past ref:
IXM2: A Parallel Associative Processor, 1991 Proc. ACM SIGARCH, Higuchi T., Furuya T., Handa K., Takahashi N., Nishiyama N., and Kokubu A.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

IBM Announcement

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM Announcement
Newsgroups: comp.arch
Date: Wed, 09 Oct 2002 19:25:46 GMT
Greg Pfister writes:
Hey, that's not true. There are several nice weeks of spring each March or so. That's when the wildflowers all come out. You know, those flowers that the highway department seeds along the roads each year.

there are the periodic ice storms .... there is this band from san antonio(?) to north of round rock(?) ... with the gulf weather to the south and the plains (dallas) weather to the north. during the summer, austin can fluctuate between hot & dry (dallas) to hot & humid (houston) weather. in the winter can get the dallas (sub-freezing) weather. and every once and awhile in the winter ... get the humidity from houston and the sub-freezing from dallas ... and voila ... major ice storm.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

SSL certificate modification

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: SSL certificate modification
Newsgroups: comp.security.misc
Date: Thu, 10 Oct 2002 13:55:01 GMT
Henrick Hellström writes:
It is possible that ordinary web browsers will only verify the URI. I don't know. Other kinds of software would probably verify the IP address if present. If the client has access to a secure and trusted name server more fields could be verified.

or eliminate the certificate all together. a primary reason for the existance of SSL server domain certificates is concerns about the integrity of the domain name infrastructure (correctly serving up name->ip-address). The browser connects to a server (after getting the URI->ip-address translation) and then checks that server correctly posseses a certificate for the URI.

an issue is that certification authorities that issue SSL domain name server certificates have to check with the authoritative agency for domain names ... when they get an application for certification. Their problem is that the authoritative agency for domain names is the domain name infrastructure .... the very same domain name infrastructure with integrity issues that gave rise to the jistification for certificates in the first place.

some of the enhancements to the domain name infrastructure (to improve its integrity) needed by certification authorities (so they can trust the certified information) include things like the owner of a domain name registering their public key at the some time they register the domain name.

in any case, enhancements to the domain name infrastructure to improve the integrity and trust (for purposes of the certification authority market) also goes a long way to improving the integrity and trust for everybody. Improving the integrity and trust of the domain name infrastructure for everybody also negates much of the requirement for needing SSL domain name server certificates (sort of a catch-22, isn't it).

Furthermore, one of the solutions from the certification authorities to have public keys registered as part of domain name registrtation means that a trusted domain name infrastructure can serve up trusted public keys in the same way that they would serve up trusted ip-addresses.

The implementation of domain name infrastructure already supports serving up arbritrary information, not just domain names -> ip-addresses. Such an infrastructure would result in near real-time trusted public keys bound to domain names (as well as any other information that might be of interested) as opposed to the method of stale trustetd information implemented by (the now redundant and superfluous) SSL domain name server certificates.

random refs:
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

SSL certificate modification

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: SSL certificate modification
Newsgroups: comp.security.misc
Date: Thu, 10 Oct 2002 21:04:41 GMT
Henrick Hellström writes:
That's only one reason for the existance of SSL server certificates. The other reason, which IMHO is even more important, is that certificates contains certified public keys which are used during the SSL handshake and e.g. prevents man-in-the-middle attacks.

see later in the (same) post regarding near real time serving of trusted public keys ... as opposed to stale,
http://www.garlic.com/~lynn/2002m.html#64 SSL certificate modification

aka that the CA requirement for improving domain name infrastructure by having the domain name infrastructure register public keys at the same time they register the domain name:

1) improves the integrity of the domain name infrastructure so that the CAs can trust the information ... but if the CAs can trust the information ... then other people can trust the information ... by implication then the domain name infrastructure is a trusted server ... a catch-22 that eliminates the main reason for having SSL domain name certificates ... aka i've actually heard of real situations involving domain name take over and impersonation, i have yet to hear of a situation of real actual a significant mitm attacks.

2) if public keys are registered as part of #1 ... and also by #1 the domain name infrastructure is a trusted server ... then the existing domain name infrastructure can to trusted, near real time serving of public keys ... which is significantly better than the stale information paradigm implemented with certificates. as noted previously ... the domain name infrastructure is implemented to serve up general information ... not just ip-addresses.

not mentioned in the previous posting, that with the ability to obtain both the real trusted ip-address and the trusted public key in a single operation ... there can be a reduction in the SSL protocol handshaking chatter as part of setting up a session. The client as part of the original contact to the server ... include a SSL setup request piggybacked with the random session key (encrypted with the the server's public key) and the acceptable symmetric algorithms. The server responds with its choice of algorithm and the number of bits used from the random session key and everything else encrypted with the random session key. In theory, the SSL session could be setup and running in a single round trip.

a) trusted public key obtained in the same domain name infrastructure transaction that is already performed to obtain the ip-address. this is near real-time status ... and doesn't suffer the shortcomings of stale credential information that may need some sort of CRL broadcast to invalidate information aka current SSL domain name certificates aren't a real PKI infrastructure since it lacks the management of revoked/changed information ... say something like periodic broadcasts of CRLs to all possible browsers in the world.

b) since the client already has the server's public key prior to contacting the server ... SSL session setup chatter might be reduced to single round-trip ... piggybacked as part of the initial session setup.

as before .... (numerous) other postings with these observations:
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Tweaking old computers?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Tweaking old computers?
Newsgroups: alt.folklore.computers
Date: Fri, 11 Oct 2002 13:55:03 GMT
ab528@FreeNet.Carleton.CA (Heinz W. Wiggeshoff) writes:
Ancient rumours have it that any IBM 370-nn5 could be turned into an nn8 by a CE with wire cutters - but that's going from real to virtual addressing modes, not speed ups.

i think some of the 370 clones/pcms were even noted for such things also.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Tweaking old computers?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Tweaking old computers?
Newsgroups: alt.folklore.computers
Date: Fri, 11 Oct 2002 14:18:31 GMT
ab528@FreeNet.Carleton.CA (Heinz W. Wiggeshoff) writes:
Ancient rumours have it that any IBM 370-nn5 could be turned into an nn8 by a CE with wire cutters - but that's going from real to virtual addressing modes, not speed ups.

the other is the 3081/3083. 370 SMPs slowed the cache cycle down by 10 percent (compared to non-shared memory, uniprocessors) to account for cross-cache chatter supporting cache consistency (any actual invalidates could slow things down even further ... over and above the 10 percent for the inter-cache protocol). So basic two processor hardware was only 1.8 times that of a uniprocessor (two processors operating at .9 times a single processor).

The 3081 originally came out in two processor smp version only and no non-shared memory, single processor version. This somewhat assumed that all operating systems had SMP support. However, there was a very performance sensitive operating system that still didn't have SMP support ... ACP/TPF used by many airline res sysetms and various financial transaction networks. While ACP/TPF had loosely-coupled (aka cluster support) ... it liked tighly-coupled multiprocessor support.

ACP/TPF running on a 3081 was only able to make use of a single processor. Frequently, they might run VM on the 3081 and then run two (or more) copies of ACP/TPF to more fully use the processing power.

Note that the 3081 wasn't a traditional IBM SMP ... where a two-processor configuration could be cleaved into two fully functional uniprocessors, each with full set of components, power supplies, i/o, etc. The 3081 was a single box, with effectively a single set of components and two processors. It wasn't possible to partition a 3081 into two fully functional uniprocessors (other than the software partitioning provided by VM) ... each running 15 percent faster (with the inter-cache chatter protocol turned off).

Eventually a uniprocessor was produced ... 3083 (primarily for the acp/tpf market) which was a single processor running 15 percent faster (because the inter-cache chatter protocol was disabled).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Tweaking old computers?

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Tweaking old computers?
Newsgroups: alt.folklore.computers
Date: Fri, 11 Oct 2002 14:40:52 GMT
ab528@FreeNet.Carleton.CA (Heinz W. Wiggeshoff) writes:
Ancient rumours have it that any IBM 370-nn5 could be turned into an nn8 by a CE with wire cutters - but that's going from real to virtual addressing modes, not speed ups.

370-165 & 370-155 were cache machines with 2mic(?) main memory and high speed caches. They were initially shipped w/o virtual memory. Both 165 and 155 required hardware upgrades to add virtual memory.

370-168 and 370-158 had a number of things done .... one was main memory was upgraded to 4xx(?)ns main memory (aka storage was better than four times faster).

other data point (at least for 168), the microcode & hardware implementing 370 instruction set was significantly reworked such that the avg. machine cycles per 370 instruction was dropped from 2.1 (on 165) to 1.6 (on 168) ... the basic machine/cache cycle time for both stayed the same ... but the combination of faster memory and better optimized microcode implementing 370 instruction set ... made the 168 a much faster machine.

both the 135 & 145 shipped with virtual memory support from the start but was disabled until the virtual memory announcement ... which was significantly gated getting the 165 virtual memory hardware upgrade designed and built. when the virtual memory announcement was made, there was a new microcode load for the machines that enabled virtual memory mode. There is the famous(?) story about customers asking at share what the "xlat" light met aka the 145 had several rows of lights with varous (physically printed) labels. One light (on all 145 shipped to customers, even before virtual memory was announced) had label that customers strongly suspected was short for "translation" ... aka virtual address translation mode.

the 135/145 had upgrades to 138/148 both were new hardware. 138/148 (virgil/tully) also had m'code accelerators for VS1 and VM. The 15x/16x were horizontal m'code machines where you talk about avg. machine cycles per instruction. The smaller machines were vertical m'code machines where there was something like 10:1 ratio of vertical m'code instructions for every 370 instruction (aka a .5mip 370 machine needed a 5mip microprocessor). The m'code accelerators for VS1 and VM effectively dropped highly used operating system paths into the m'code ... nominally seeing a 10:1 speedup.
http://www.garlic.com/~lynn/94.html#21 370 ECPS microcode assit

at least the 148 also had significant speedup in floating point ... possibly on the order of 3 to 5 times(?) that of 145.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

End to Moore's law and job market : conclusion

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: End  to Moore's law and job market : conclusion
Newsgroups: comp.arch
Date: Fri, 11 Oct 2002 15:06:56 GMT
Peter Boyle writes:
Hardest part is getting a license from altera and xilinx. IBM have an agreement with Xilinx and are integrating FPGA's in future embedded PPC chips, so a large part of ASIC market becomes quick turnaround low risk development on a standard part.

Peter Boyle


a couple weeks ago saw a presentation from some company in round rock that was specializing in management/administration application for FPGA applications ... managing libraries, integrating packages, loading/changing FPGA. This activity would seem to pick up if there was FPGA in standard chips.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Tweaking old computers?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Tweaking old computers?
Newsgroups: alt.folklore.computers
Date: Fri, 11 Oct 2002 20:00:19 GMT
Charles Richmond writes:
I have heard of two models of disk drive...one 40 meg and the other 80 meg. The difference was, with a jumper removed, the drive could format the same 40 meg pack to 80 meg. Of course, you paid more for the 80 meg drive...after all, it has a greater capacity!!! ;-)

we actually tried to have some 3380s marketed that were 1/3rd the capacity and more expensive ... but "faster" (i.e. with only 1/3rd the arm travel, the avg. arm access calculations were better).

this was to address business scenarios where the technical people attempted to convince their management that not filling a drive completely full was more cost effective (because of reduced arm contention and improved overall system thruput) ... and otherwise failed to make the case. it was important (from a management perspective) that these "faster" drives cost more.

the only difference was a change in the microcode load.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

The next big things that weren't

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The next big things that weren't
Newsgroups: comp.arch,comp.society.futures,rec.arts.sf.science,soc.history.science,alt.folklore.computers
Date: Sat, 12 Oct 2002 19:28:51 GMT
kyle_jones@wonderworks.com (Kyle Jones) writes:
I could believe it maybe if this was a new field study. But military strategy is as old as civilization, and I'm pretty sure it's being pursued as assiduously today as it ever was. What is there that is new that would cost that much to simulate? Now if they have thousands of these simulators scattered around the country then there would be a large outlay for equipment and mtainenance. But a billion a year?

minor note ... V/R would probably be more military tactics. military stategy would possibly have more in common with economic modeling. and of course, boyd ref:
http://www.garlic.com/~lynn/subtopic.html#boyd

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Whatever happened to C2 "Orange Book" Windows security?

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Whatever happened to C2 "Orange Book" Windows security?
Newsgroups: alt.folklore.computers
Date: Sat, 12 Oct 2002 19:24:19 GMT
"Daniel P. B. Smith" writes:
VMS had C2 "Orange Book" security, and when Windows NT was young Microsoft made a big deal about having also passed C2 certification.

in general, most/many things get C2 certification w/o network connection. A certification that includes network connection is extremely difficult.

The orange book was orientated towards certification of general purpose systems ... lots of the things that are required would make it impossible for many network connected things.

common criteria in many ways is trying to provide security certifications for things that would be effectively impossible to certify as a general purpose system under the orange book. Basically you can environmentally targeted protection profiles under common criteria .... instead of a generalized certification standard for everything ... you have protection profile certification standard for specific things (firewalls, smartcards, etc).

In the case of the firewall, you can claim that even if it is built from general purpose platform, only a very restricted subset of things are actually configured and it is then only necessary to specify/certify just the firewall environment. A firewall might never have been able to get an acceptable certification under the orange book as a generalized computing system... but could using a common criteria firewall protection profile.

There is also some latitude in being able to specify what pieces/functions that a certification applies to. There has been a joke that one of the published smartcard certifications ... which didn't publish the certification criteria ... might have only requested that the plastic card manufacturing quality be certified and the criteria never actually specified anything about the chip in the card. Other certifications are gotten for baseline chip with little, if any software.

I've recently been involved in getting a EAL4-high certification for chipcard. I had looked at EAL5-high for full lifecycle with all (including crypto) applications ... but turned out to be really breaking new ground

random recent refs:
http://www.garlic.com/~lynn/2002c.html#10 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002e.html#17 Smart Cards
http://www.garlic.com/~lynn/2002j.html#82 formal fips186-2/x9.62 definition for eal 5/6 evaluation
http://www.garlic.com/~lynn/2002j.html#84 formal fips186-2/x9.62 definition for eal 5/6 evaluation
http://www.garlic.com/~lynn/2002j.html#86 formal fips186-2/x9.62 definition for eal 5/6 evaluation
http://www.garlic.com/~lynn/2002k.html#35 ... certification
http://www.garlic.com/~lynn/2002m.html#44 Beware, Intel to embed digital certificates in Banias
http://www.garlic.com/~lynn/aadsm12.htm#13 anybody seen (EAL5) semi-formal specification for FIPS186-2/x9.62 ecdsa?
http://www.garlic.com/~lynn/aadsm12.htm#14 Challenge to TCPA/Palladium detractors
http://www.garlic.com/~lynn/aadsm12.htm#19 TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

VLSI and "the real world"

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VLSI and "the real world"
Newsgroups: comp.arch
Date: Sat, 12 Oct 2002 19:48:28 GMT
"del cecchi" writes:
Yeah but those things were like 300 feet long, and needed a forklift to move.

360 was aggregate 200 feet ... including any daisy chaining. There might have been some cables 200 feet ... but more likely there were several 40-50 feet ... but still big and heavy.

370 "data streaming" extended that to 400 feet aggregate and from max. data rate of 1.5mbytes/sec to 3mbytes/sec. 360 had synchronous handshake per byte, 370 stretched that to 8 bytes. It wasn't until 3380s that there were significant devices doing 3mbyte/sec transfer.

there were exceptions ... latency sensitive devices in conjunction with channels that had high command processing latency ... combination of 2305 fixed head disk and 370/158 channel had aggregate of 80 feet.

random:
http://www.garlic.com/~lynn/96.html#5 360 "channels" and "multiplexers"?
http://www.garlic.com/~lynn/2000b.html#38 How to learn assembler language for OS/390 ?
http://www.garlic.com/~lynn/2000c.html#75 Does the word "mainframe" still have a meaning?></pre>
http://www.garlic.com/~lynn/2001b.html#59 Disks size growing while disk count shrinking = bad performance
http://www.garlic.com/~lynn/2001h.html#28 checking some myths.
http://www.garlic.com/~lynn/2002e.html#7 Bus & Tag, possible length/distance?
http://www.garlic.com/~lynn/2002f.html#7 Blade architectures
http://www.garlic.com/~lynn/2002g.html#33 ESCON Distance Limitations - Why ?

when i was undergradudate (long ago and far away) i got to work on project that included reverse engineering 360 channel interface to build supposedly first pcm controller:
http://www.garlic.com/~lynn/subtopic.html#360pcm

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

InfiniBand Performance (Hey Pfister!)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: InfiniBand Performance (Hey Pfister!)
Newsgroups: comp.arch
Date: Sat, 12 Oct 2002 20:00:08 GMT
nmm1@cus.cam.ac.uk (Nick Maclaren) writes:
A system call IS privilege inheritance! That is its WHOLE function! If you don't need to inherit privilege, you can perform an ordinary routine call (as in MS-DOS and Windows 3).

some aside, original 801/CPr design point was hardware/software trade-off where privilege checking was done at compile and bind/load times (bind verifying that compiled code being loaded came from a trusted compiler ... and therefor code could be trusted).

one of these trade-offs is the (limited number) segment register design in ROMP & RIOS. The original assumption was that inline application could change segment registers as easily as it could change any other general or floating point register ... mitigating the issue of the limited amount of addressed space at any one moment (in much the same way that an application can change addresses in general purpose registerd).

the problem came when the ROMP/displaywriter project was killed and the group scambled to remake themselves as a unix workstation. All of a sudden the assumptions about inline trusted code went out the door and kernel calls (and associated overhead) were introduced for managing privileges/trust.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

New Book

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: New Book
Newsgroups: comp.arch
Date: Sat, 12 Oct 2002 20:20:12 GMT
seebs@plethora.net (Peter Seebach) writes:
Well, of course. Itanium CPU's may be fast enough to allow people to, dare I suggest it, virtualise the functions of a CPU, perhaps inventing some sort of virtual machine that could run code designed for other processors.

I'm sure this will only be possible on Itanium, because it's got sixtyfour-something. You know, like that old Atari console.


note that there are 3-4 offerings that provide 370/390/etc virtual machines running on i86 processors (even running real live production workload).

there is some question about these being simulators or emulators.

note that this isn't actually too different than the majority of the 360/370 mainframes .... very few were actually hardwired machines. The majority of 360/370 were some processor with programming prividing the 360/370 ISA.

The higher end 370 machines (155, 158, 165, 168, 303x) were horizontal microcoded machines ... and 370 efficiency was typically rated in avg. machine cycles per 370 instruction (aka one of the changes from 165 to 168 was improvements in microcode with reduction from 2.1cycles/instruction to 1.6cycles/instruction).

The lower end 370 machines (115, 125, 135, 145 and descendents) were much more like traditional vertical programmed microprocessors. They tended to avg. 10 microprocessor instructions per 370 instruction (which is compareable to some of the current offerings that run on i86 processors). The net was that for say a .3mip 370 machine, a 3mip microprocessor was required.

Long ago, for the 138/148 enhancements to 135/145 there was a project that translated about 6000 bytes of critical 370 kernel code into 6000 bytes of microprocessor code that got a 10:1 speedup.
http://www.garlic.com/~lynn/94.html#21 370 ECPS microcode assist

there has been some threads in ibm mainframe groups about ibm getting out of the low & midrange 390 cpu marketing ... and the only things some customers are left with (other than moving to a different architecture) is some of these simulators/emulators.

random res:
http://www.garlic.com/~lynn/2000.html#11 I'm overwhelmed
http://www.garlic.com/~lynn/2000.html#17 I'm overwhelmed
http://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000c.html#35 What level of computer is needed for a computer to Love?
http://www.garlic.com/~lynn/2000g.html#6 virtualizable 360, was TSS ancient history
http://www.garlic.com/~lynn/2000g.html#7 360/370 instruction cycle time
http://www.garlic.com/~lynn/2001.html#27 VM/SP sites that allow free access?
http://www.garlic.com/~lynn/2001n.html#22 Hercules, OCO, and IBM missing a great opportunity
http://www.garlic.com/~lynn/2001n.html#31 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2001n.html#32 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2001n.html#34 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2001n.html#37 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2001n.html#67 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
http://www.garlic.com/~lynn/2002c.html#42 Beginning of the end for SNA?
http://www.garlic.com/~lynn/2002d.html#4 IBM Mainframe at home
http://www.garlic.com/~lynn/2002g.html#61 GE 625/635 Reference + Smart Hardware
http://www.garlic.com/~lynn/2002i.html#31 : Re: AS/400 and MVS - clarification please
http://www.garlic.com/~lynn/2002i.html#63 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#64 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#69 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#76 HONE was .. Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#79 Fw: HONE was .. Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002j.html#0 HONE was .. Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002j.html#1 HONE was .. Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002j.html#2 HONE was .. Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002j.html#6 HONE was .. Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002j.html#37 HONE was .. Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002j.html#48 SHARE Planning

Whatever happened to C2 "Orange Book" Windows security?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Whatever happened to C2 "Orange Book" Windows security?
Newsgroups: alt.folklore.computers
Date: Sat, 12 Oct 2002 20:31:24 GMT
cbh@ieya.co.REMOVE_THIS.uk (Chris Hedley) writes:
Wasn't there a "secure VMS" project which attained some higher level of security, maybe a B rating? AFAIK the only "really" secure system by orange-book standards was Multics, but I look forward to being shown the error of my ways, as ever. :)

evaluated products list
http://www.radium.ncsc.mil/tpep/epl/index.html

the historical evaluated products list:
http://www.radium.ncsc.mil/tpep/epl/historical.html

some other refs:
http://www.radium.ncsc.mil/tpep/tpep.html
http://www.radium.ncsc.mil/tpep/whatsnew.html

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

next, previous, index - home