List of Archived Posts
2002 Newsgroup Postings (12/6 - 12/18)
- Newsgroup cliques?
- Defeating telemarketers
- IBM OS source code
- IBM OS source code
- Running z/VM 4.3 in LPAR & guest v-r or v=f
- IBM 029 predecessor--1050 communications
- unix permissions
- myths about Multics
- Sci Fi again
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Multics on emulated systems?
- Multics on emulated systems?
- Multics on emulated systems?
- myths about Multics
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cirtificate Authorities 'CAs', how curruptable are they to
- Cost of computing in 1958?
- I'll see your deep-fried mars-bar
- I'll see your deep-fried mars-bar
- Cirtificate Authorities 'CAs', how curruptable are they to
- Secure you PC or get kicked off the net?
- Western Union data communications?
- Vector display systems
- Sci Fi again
- Western Union data communications?
- Western Union data communications?
- Western Union data communications?
- VSE (Was: Re: Refusal to change was Re: LE and COBOL)
- I'll see your deep-fried mars-bar
- January 7, 2003: "25 years of Hennessy & Patterson" PARC
- Newbie: Two quesions about mainframes
- 20th anniversary of the internet (fwd)
- 20th anniversary of the internet (fwd)
- Linux paging
- Music to craft code by
- Beyond 8+3
- cost of crossing kernel/user boundary
- Linux paging
- Linux paging
- Linux paging
- Linux paging
- Linux paging
- Linux paging
- Cirtificate Authorities 'CAs', how curruptable are they to
- Linux paging
- Cirtificate Authorities 'CAs', how curruptable are they to
- Free Desktop Cyber emulation on PC before Christmas
- Newbie: Two quesions about mainframes
- Running z/VM 4.3 in LPAR & guest v-r or v=f
- cost of crossing kernel/user boundary
- Cirtificate Authorities 'CAs', how curruptable are they
- AMP vs SMP
- AMP vs SMP
- 20th Anniversary Of The Internet
- 20th anniversary of the internet (fwd)
- cost of crossing kernel/user boundary
- Newbie: Two quesions about mainframes
- cost of crossing kernel/user boundary
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Newsgroup cliques?
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 14:15:48 GMT
Anne & Lynn Wheeler writes:
one of the first half dozen or so (university) sales situations that i
got called into (after going to cambridge) involved 370/145 against a
sigma/7.
it was univ. of idaho in moscow, idaho (long ways from cambridge).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Defeating telemarketers
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 15:54:10 GMT
somewhat related:
FTC moves to ease telemarketing calls
http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,76442,00.html
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: IBM OS source code
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 20:51:45 GMT
possibly of some interest ... answer to (email) question regarding
operating source code availability:
all of cp/67 ... and all of vm/370 was delivered in machine readable
source code ... and system could be built from the machine readable
source code. this was up thru at least the late '70s. there was a
large university (and other technician) community that created a large
body of source code modifications and collected in "VMSHARE". Waterloo
university managed the library of source code and distribution (60s
and 70s had much less network connectivity .... so distribution was
typically on some physical media like 9track tape). At one point there
was an estimate that there was a much source code on the
vmshare/waterloo tape as on the base product tape.
For some of the other IBM operating systems it wasn't quite so clean
cut. They tended to have a much more complex source management and
distribution system. Typically customers got a machine readible tape
of the listings of the assembler/compiler ... but not machine readable
of the actual source build. There was also readily available
microfiche of the source listings (output of assembler/compiler)
... typically for debugging and binary patch fixes ... but it was less
common to have all the source and libraries necessary to do a system
build from scratch.
This all started to change with the antitrust case against ibm and
with the ibm unbundling announcement june 23rd, 1969. After that point
... basic operating system components were still viewed as basically
bundled ... but other components represented independent intellectual
property. Things continued to change thru the '70s ... especially with
the advent of mainframe clones in the mid-70s. The issue of operating
system source code then started to become more and more proprietary
because 1) operating system components weren't being charged for, 2)
freely available source code was allowing other vendors to take and
modify it ... with no visible corporate benefit (except to the
competition), 3) the source code easily represented investment that
ran to the hundreds of millions of dollars.
The late 70s and early 80s saw lots of user group discussions about
the transition to the policy of OCO (object code only) ... the
corporation attempting to protect investments that in aggregate ran to
tens of billions of dollars.
in addition to waterloo university supporting vm source library
... tymshare corporation provided support for online vmshare
discussions (and later pcshare). these have been collected, archived
and online at:
http://vm.marist.edu/~vmshare/
for additional background ... try searching the vmshare archives for
OCO, object code only, object-code-only, etc. .... which represented
the transition away from source availability.
..... end
also during the 70s ... VM/370 shipped a monthly "PLC" tape (basically
bug fixes and sometimes new function). The PLC tape included both the
changed binaries as well as the incremental source code change files.
Customers could either rebuild their system from the originally
distributed binaries plus the latest PLC binaries (PLC contained
accumulated changes of all PLC tapes since the original base release).
Customers also had the option of rebuilding all or some subset using
the incremental PLC source updates (also accumulated) plus the
original source distribution.
misc. side note ... CP/67 & VM/370 source control system was in form
of "updates" ... base source file plus list of incremental update files
were combined prior to assembly/compile. Most people are more familiar
with the RCS/CVS that keeps the latest source file and effectively
"downdates" that can regress changes. The CP orientation was that base
source and appropriate source change (sort-of diff like) files were
combined on the fly. discussion of the CMS update command:
http://www.garlic.com/~lynn/2002n.html#39 CMS update
when I did the resource manager as a separate product in the mid-70s,
they told me it was going to be the first "charged for" operating
system code (aka guinea pig) ... and i got to spend six months on and
off with the business people inventing the methodologies for operating
system code pricing.
they also wanted me to ship on the same monthly PLC schedule as the
base product. However, I convinced them to let me do at three month
intervals rather than monthly intervals. Part of the reason was that
in addition to standard integrity stress testing ... I would also redo
performance regression tests that i used for the original product
validation (aka not only validate that system wouldn't fail because of
changes ... but also that performance & thruput weren't affected by
changes). A customer could build a system with a combination of the
resource manager distribution binaries and the base system
distribution binaries. They could also rebuild from source using
combination of the resource manager distribution PLC tape files,
resource manager distribution base distribution, base product
distribution PLC tape files, base product distribution files.
misc. stuff related to resource manager,
http://www.garlic.com/~lynn/2001e.html#45 VM/370 Resource Manager
somewhat related postings regarding benchmarking, workload proifiling,
capacity planning, etc
http://www.garlic.com/~lynn/subtopic.html#bench
and there was also the issue that I was nominally doing full time
research at the science center and the Resource Manager product was
more like a hobby ... and i had to somewhat beg time to provide
product support, product release regression testing, etc.
as an aside ... one of the drivers for expanded use of (portable) UNIX
in the '80s was that the (hardware) cost of building computing systems
(of various types) was starting to significantly decrease; however the
cost of creating proprietary operating system software hadn't
similarly come down. A relatively quickly portable operating system
was a huge investment avoidance that made possible the economics for
some of the new system product offerings in the 80s.
some past threads with mention of OCO:
http://www.garlic.com/~lynn/94.html#11 REXX
http://www.garlic.com/~lynn/2000b.html#32 20th March 2000
http://www.garlic.com/~lynn/2001e.html#6 Blame it all on Microsoft
http://www.garlic.com/~lynn/2001n.html#11 OCO
http://www.garlic.com/~lynn/2002c.html#4 Did Intel Bite Off More Than It Can Chew?
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM OS source code
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 21:53:41 GMT
Anne & Lynn Wheeler writes:
in addition to waterloo university supporting vm source library
... tymshare corporation provided support for online vmshare
discussions (and later pcshare). these have been collected, archived
and online at:
http://vm.marist.edu/~vmshare/
for additional background ... try searching the vmshare archives for
OCO, object code only, object-code-only, etc. .... which represented
the transition away from source availability.
one of the items broguht up doing a search on OCO is
http://vm.marist.edu/~vmshare/read?fn=VMSHIST&ft=NOTE&line=1
attach from above:
Browse entire NOTE VMSHIST 5/15/89 21:19:21
An Examination of the impacts of VMSHARE on individuals, VM community
& Society
Thanks so far for both the public appends I've been receiving in
addition to the private mail. Just to develop some of my ideas further
I've included some notes I've made in which I examine VMSHARE against
a set of criteria used in assessing the impacts of computer based
conferencing. I'd appreciate and enjoy very much if you have any
observations, disagreements or comments you'd care to make.
Kerr and Hiltz (1980) reported on a survey they carried out in
conjunction with experts in the field of computer based conferencing.
This survey was designed to examine what the impacts of
computer-mediated conferencing would be and how this related to the
overall impact of the computer on the way we live.
An impact in this context is defined as outcomes, effects or
consequences. Kerr and Hiltz further defined impacts into levels and
types and then hypothesized various effects that they felt were
intuitively held or could be found in the various literature. The
levels defined were: individual, group and societal. The types within
each of these levels were: cognitive, affective, and behavioural
... snip
besides the survey
http://www.garlic.com/~lynn/2001l.html#61 MVS History (all parts)
mentioned in
http://www.garlic.com/~lynn/2002o.html#75 They Got Mail: Not-So-Fond Farewells
part of the thread
http://www.garlic.com/~lynn/2002o.html#73 They Got Mail: Not-So-Fond Farewells
and
http://www.garlic.com/~lynn/2002k.html#39 Vnet: Unbelievable
hiltz and turoff were also brought in as consultants to do some
detailed study of the phenomena. there was also in depth study that
resulted in a stanford phd thesis; misc. refs:
http://www.garlic.com/~lynn/2002e.html#37 Would the value of knowledge and information be transferred or shared accurately across the different culture??????
http://www.garlic.com/~lynn/2002l.html#54 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/subnetwork.html#cmc
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Running z/VM 4.3 in LPAR & guest v-r or v=f
Newsgroups: bit.listserv.vmesa-l
Date: Sat, 7 Dec 2002 08:46:36 -0700
At 12:01 AM 12/7/2002 -0600, wrote:
I don't have any recent experience running MVS guests (none running
OS/390 guests) but in a previous life I supported the IBM education
systems and we ran lots of MVS guests. My experience was to minimize
the amount of paging that CP needs to do in support of the guests.
Let MVS handle it's own paging as much as possible. Otherwise if CP
is handling a page fault for MVS, the entire machine is
non-dispatachable. If you let MVS do it's own paging, it will just
dispatch something else when it needs to do page i/o. Do this by
making the OS/390 virtual machine size smaller than you might normally
do to minimize the likelihood of CP having to do it's paging. MVS is
a very capable operating system. Let it decide what to page in/out.
Jim Bohnsack
there is also an issue if situation becomes such that both MVS & VM
are paging (i.e. MVS setup for VM paging and then workload increasing
so that MVS is also paging) which results in extremely bad
pathological situation.
Basically both are using a page replacement algorithm that attempts to
approximate LRU/least recently used. This is based on the assumption
that the least recently used page has a high probability of continue
to not be used ... and therefor is the best candidate to be
replaced/removed.
When you operate an LRU infrastructure (virtual memory guest, database
cache management, etc) the virtual subsystem characteristics can start
to appear to violate LRU algorithm assumptions. The virtual guest
(mvs, another vm, any cache manager, etc) will look around for a
storage page that is not being used (LRU) and put the next page to be
used in that slot). Now if the first level VM is also paging ... it
will also tend to select the same not used page to be page-out. The
situation can become very pathological where the page that VM is
paging out is exactly the page that the virtual guest is most likely
to use next.
A guest that implements a LRU replacement algorithm can start to
exhibit behavior that looks more like MRU (i.e. the first level VM
might be better off selecting the most recently used page for
replacement ... rather than the least recently used page). Actually it
is more bimodel ... a virtual guest that is doing paging with a LRU
page replacement algorithm ... will have a strong tendency to use the
most recently used pages and the least recently used pages .... and
the pages "in the middle" (between the two extremes) are the most
likely to not be used in the near future (aka the page replacement
algorithm is attempting to infer the future page reference pattern
based on past page reference use).
--
Anne & Lynn Wheeler lynn@garlic.com, http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM 029 predecessor--1050 communications
Newsgroups: alt.folklore.computers
Date: Sun, 08 Dec 2002 14:38:34 GMT
hancock4@bbs.cpcn.com (Jeff Nor Lisa) writes:
In the 1963 IBM "Machine Functions" booklet, they have the "1050 Data
Communciations System". One of the units looks like an 029 keypunch (NOT
the older 026), but part of it (where the card was punched) is covered
with a solid plate. The typewriter in this system also looks modern, like
a Selectric.
There is no mention of S/360 in this booklet; 360 came out in 1964.
But it's interesting how they had the lines of the 029--the rectangular
look instead of older rounded look--available already for machines.
there was the 1052mod7 ... which was the operator's terminal on 360s
... and can be seen in most pictures of the front of any 360.
communicating 1052 could come with various attachments ... including
paper tape punch/reader.
misc. prev. mentions of 1052:
http://www.garlic.com/~lynn/96.html#4a John Hartmann's Birthday Party
http://www.garlic.com/~lynn/96.html#9 cics
http://www.garlic.com/~lynn/96.html#12 IBM song
http://www.garlic.com/~lynn/96.html#30 interdata and perkin/elmer
http://www.garlic.com/~lynn/96.html#37 interdata & perkin/elmer machines
http://www.garlic.com/~lynn/96.html#39 Mainframes & Unix
http://www.garlic.com/~lynn/97.html#22 Pre S/360 IBM Operating Systems?
http://www.garlic.com/~lynn/98.html#32 Drive letters
http://www.garlic.com/~lynn/2000b.html#49 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2001.html#3 First video terminal?
http://www.garlic.com/~lynn/2001.html#15 IBM Model Numbers (was: First video terminal?)
http://www.garlic.com/~lynn/2001.html#17 IBM 1142 reader/punch (Re: First video terminal?)
http://www.garlic.com/~lynn/2001c.html#15 OS/360 (was LINUS for S/390)
http://www.garlic.com/~lynn/2001f.html#64 Converting Bitmap images
http://www.garlic.com/~lynn/2001f.html#78 HMC . . . does anyone out there like it ?
http://www.garlic.com/~lynn/2001g.html#32 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001i.html#30 IBM OS Timeline?
http://www.garlic.com/~lynn/2001i.html#34 IBM OS Timeline?
http://www.garlic.com/~lynn/2002d.html#30 Mainframers: Take back the light (spotlight, that is)
http://www.garlic.com/~lynn/2002j.html#16 Ever inflicted revenge on hardware ?
http://www.garlic.com/~lynn/2002l.html#55 The problem with installable operating systems
http://www.garlic.com/~lynn/2002o.html#21 IBM Selectric as printer
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: unix permissions
Newsgroups: alt.folklore.computers
Date: Sun, 08 Dec 2002 15:08:53 GMT
Charles Shannon Hendrix writes:
It's great the Multicians have this information out there, but I really,
really wish there were a Multics system running that people could access.
I know schools no longer seem to care, but I really think a new system
with some of the ideas of Multics and UNIX together would be very useful.
There are so many mistakes in current systems that Multicians were
working on fixing back then.
As an aside, has anyone ever written up a specific answer to this
question: why did the Air Force drop its research project on system
security after the Multics security paper was released?
I was reading IBM's re-release of that document and associated commentary,
which is pretty good reading, but they only mentioned the project
stopping, not why.
the multics people could give all sorts of answers. note however, that
multics wasn't exactly getting mainstream support from
ge/honywell/bull (in that sense it was somewhat like the treatment of
cp/67 and vm/370 ... although cp/67 & vm/370 had significantly larger
customer base and vm/370 ran on same exact mainframe hardware as the
rest of the mainstream ibm virtual storage systems).
both cp/67 and vm/370 saw a number of deployments in business critical
sensitive operations. misc. previous refs:
http://www.garlic.com/~lynn/2001m.html#12 Multics Nostalgia
http://www.garlic.com/~lynn/2001m.html#15 departmental servers
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from the Multics Security Evaluation
specifically on the subject of buffer overflow (also past thread of
how cots systems make society vulnerable
http://www.garlic.com/~lynn/2002l.html#45 Thirty Years Later: Lessons from the Multics Security Evaluation
other discussions of buffer overflow
http://www.garlic.com/~lynn/99.html#70 Series/1 as NCP (was: Re: System/1 ?)
http://www.garlic.com/~lynn/99.html#85 Perfect Code
http://www.garlic.com/~lynn/99.html#163 IBM Assembler 101
http://www.garlic.com/~lynn/99.html#219 Study says buffer overflow is most common security bug
and my favorite air force thread drift:
http://www.garlic.com/~lynn/subtopic.html#boyd
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: myths about Multics
Newsgroups: alt.os.multics
Date: Sun, 08 Dec 2002 15:25:27 GMT
Andi Kleen writes:
Early IBM OS shipped with source code, until they went over to a
"OCO" (object code only) policy in the 70ies.
lots of (ibm) source code continued to ship (as licensed products)
well thru the 80s ... well past the advent of OCO. The earlier source
code in the 60s was basically "free". starting after the unbundling
announcement of 6/23/1969 (pretty much in reaction to gov. steps)
... they started putting copyright notices in the header of every
source file.
recent postings on "IBM OS source code"
http://www.garlic.com/~lynn/2002p.html#2 IBM OS source code
in '88 there were still some stuff in transition from source
maintained (i.e. licensed distributed source) to OCO.
http://vm.marist.edu/~vmshare/read?fn=VMWKABS8&ft=NOTE&line=1
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Sci Fi again
Newsgroups: alt.folklore.computers
Date: Sun, 08 Dec 2002 15:44:43 GMT
eugene@cse.ucsc.edu (Eugene Miya) writes:
Well Hardware Wars was pretty funny to Star Wars.
And we cannot in this group forget DEC Wars.
And Bobby Pickett did Star Dreck.
misc. ref to dec wars
http://www.garlic.com/~lynn/2001f.html#39 Ancient computer humor - DEC WARS>
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 00:49:13 GMT
"Odin" writes:
But the CA never gets the individual's private key. They get the public key,
so what is the problem?
what kind of exploit are you looking at?
in a certificate credential world .... the CA issues a certificate in your
name to some other person (aka traditional identity theft). They don't need
your private key ... they just need a certificate that says they are you
with any public key ... which they happen to have the private key for.
At a corporate level ... this is something of the issue with SSL
domain name certificates. CAs nominally aren't the authoritative
agency for the information certified in the certificate ... aka a CA
typically checks with the agency responsible for the information as
part of the certification process. If the authoritative agency says
that it is ok, then a CA goes ahead and issues a certified certificate
with the information they checked on. Just because information is in a
certificate or on a driver's license doesn't make it magically
perfect/true.
In the case of identity theft ... enuf information is acquired that
allows them to get credentials in your name (whether it is a
certificate or some other kind of credential).
In the case of SSL domain name server certificate ... it is actually
something of a catch-22. One of the prime justifications for the whole
SSL infrastructure with SSL domain name server certificates ... is
because of integrity concerns with regard to the domain name
infrastructure. However, the domain name infrastructure is the
authoritative agency for domain names, aka when somebody applies to a
CA for a SSL domain name server certificate ... the CA must check with
the authoritative agency (the domain name infrastructure) as to the
true owner of the domain name. If the domain name infrastructure has
been compromised ... then it could be possible for people to
fraudulently obtain an SSL domain name server certificate ... with
their own key (since CAs rely on the domain name infrastructure as to
the true owner of the domain name).
Now there are proposals to improve the integrity of the domain name
infrastructure ... in large part so that CAs can better trust the
integrity of the domain name infrastructure as to the information they
certify in an SSL domain name server certificate. However, improving
the integrity of the domain name infrastructure for CAs ... actually
improves the domain name infrastructure for everybody ... lessoning
the justification for wanting to have SSL domain name server
certifications.
random refs:
http://www.garlic.com/~lynn/subtopic.html#fraud
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 15:56:24 GMT
Henrick Hellström writes:
This is not a sound argument. I sincerely doubt most of the major CAs
do a simple DNS query just like any webbrowser when they are
validating a Server Certificate Request. They probably either pick up
the phone and talk to someone at the domain name registration office
in person, or use some other kind of relatively secure communication
with the registrar.
It is far more likely that some web browser would get the wrong result
from a DNS query, than a major CAs validation process for a Server
Certificate Request would fail.
... i'm talking about some of the domain name take-over exploits
(again akin to identity theft) ... where somebody has managed to
fraudulently get the "registration office" to update the primary
database pointing to some other entity (in some cases a purely "front"
operation). this has been reported in the press in the past.
once the primary database has been updated to point at the "front"
entity ... they can obtain a certificate ... since the CA has to rely
on the domain name infrastructure registration infrastructure.
some of the proposals to make this much less likely/possible (on
behalf of the CA industry) ... as stated in the original posting
... go a long way to improving the integrity of the domain name
infrastructure for everybody ... and also mitigating much of the need for
having SSL domain name certificates in the first place.
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 17:27:26 GMT
ref:
http://www.garlic.com/~lynn/2002p.html#9 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#10 Cirtificate Authorities 'CAs', how curruptable are they to
so one of the proposals that has been put forward (by certification
authority industry?) is that when somebody registers their domain
name, they also register a public key. further communication with the
domain name infrastructure by the domain name owner is done with
digitally signed messages. this has the objective of removing some of
the domain name take-over scenarios and raising the bar for various
kinds of fraud.
now it also has an interesting sidelight that the proposal to improve
the integrity of certificate-based PKI is based on implementing a
certificate-less PKI ... aka aads:
http://www.garlic.com/~lynn/x959.html#aads
now another sidelight of this ... is the current domain name
infrastructures already support generalized real-time information
distribution (aka in addition to get binding between domain name and
ip address ... the implementation also supports being able to get
various other kinds of bindings). That opens up the gate so that
domain name infrastructure could be used for not only distributing
trusted ip-addresses but also for real-time trusted distribution of
public keys (as an alternative to the stale, redundant, and
superfluous method done via certificate-based PKI).
now if i can get both the ip-address and public key in a single
transaction from the domain name infrastructure .... it is very close
to being able to do SSL in a single round trip (i.e. piggy-back SSL
selection options, encrypted session key, encrypted session data all
in a single transmission). If the receiving server supports the
defaulted selected SSL options ... then the SSL session is
effectively setup at that moment ... and the server can respond. If
this is transaction oriented ... it would be possible to then piggy
back the session tear down in that single response transmission. The
whole thing done in single transmission round-trip (slightly
discounting the set-up/tear-down packet exchange round trips for base
TCP).
So, the possible glitch here is mismatch in selected SSL options
between the server and the client's selection. If this becames a
significant issue for some servers ... then they could register their
(possibly non-standard) SSL options along with the ip-address and the
public key. The client can now get the ip-address and public key along
with optional server SSL supported options ... in their single domain
name lookup requests. The client then has real time information as to
the server's ip-address, pubkic key, and supported SSL options all
before even initiating the contact with the server. Encapsulated,
piggy-backing of all necessary information that would occur in the
existing SSL setup world but w/o certificates and w/o all the SSL
protocol chatter.
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
misc. past posts on minimal round-trip setup/teardonw protocol:
http://www.garlic.com/~lynn/99.html#0 Early tcp development?
http://www.garlic.com/~lynn/99.html#115 What is the use of OSI Reference Model?
http://www.garlic.com/~lynn/2000b.html#1 "Mainframe" Usage
http://www.garlic.com/~lynn/2000b.html#9 "Mainframe" Usage
http://www.garlic.com/~lynn/2000c.html#52 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2001b.html#57 I am fed up!
http://www.garlic.com/~lynn/2001e.html#24 Pre ARPAnet email?
http://www.garlic.com/~lynn/2001n.html#15 Replace SNA communication to host with something else
http://www.garlic.com/~lynn/2002.html#3 The demise of compaq
http://www.garlic.com/~lynn/2002g.html#50 Why did OSI fail compared with TCP-IP?
http://www.garlic.com/~lynn/2002k.html#31 general networking is: DEC eNet: was Vnet : Unbelievable
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 18:07:56 GMT
Henrick Hellström writes:
This is a problem, but not the only way the domain name infrastructure
may be compromised.
various of the other methods are addressed by dnssec work
http://www.garlic.com/~lynn/rfcietff.htm
at RFCs listed by click on Term (term->RFC#)
and in the Acronym fastpath click on "DNSSEC"
from above:
domain name system security (DNSSEC )
see also domain name system , security
3226 3225 3130 3110 3090 3008 3007 2931 2930 2845 2541 2540 2539 2538
2537 2536 2535 2137 206
my previous comments in thread
http://www.garlic.com/~lynn/2002p.html#11 Cirtificate Authorities 'CAs', how curruptable are they to
was highlighting the irony that various fixes to the domain name
infrastructure in support of the certification authority industry
... plants the seeds for eliminating needing ssl domain name server
certificates at all.
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Multics on emulated systems?
Newsgroups: alt.os.multics,alt.folklore.computers
Date: Sun, 08 Dec 2002 17:52:35 GMT
Christopher Browne writes:
For Domain/OS to be "inspired by" MULTICS is quite different from
being "based on" MULTICS.
throw in at least prime and stratus also. from multics page
http://www.multicians.org/general.html
from above:
1.4.3. Primos
Prime's Primos operating system shows a strong Multics influence. Bill
Poduska worked on Multics at MIT before founding Prime, and several
other senior Multicians worked at Prime. Poduska referred to Primos as
"Multics in a shoebox."
1.4.4. VOS
Stratus's VOS operating system shows a strong Multics influence. Bob
Freiburghouse, former Multics languages manager, was one of the
founders of Stratus; many Multicians are still Stratus
employees. (Stratus is now called Stratus Technologies.)
1.4.5. Apollo Domain
Bill Poduska went on from Prime to help found Apollo, and Domain was
known as "Multics in a Matchbox." Apollo's OS shows strong Multics
influence. For instance, the basic access to stuff on disk is via a
single-level store directly based on Multics. Supposedly some of the
motivation for the object-store style of file system came from Multics
too. [Frederick Roeber] [Jerry Saltzer adds:] In addition, it uses a
shared memory model, despite being distributed across a network. If
that isn't Multics influence, I don't know what is.
1.4.6. NTT DIPS
NTT undertook a massive effort to clone Multics, which led to their
DIPS (Denden Information Processing System) series of mainframes. DIPS
machines are still in widespread use in Japan today by NTT, but
everyone agrees that they are going away. I believe that Intermetrics
developed the DIPS PL/I compiler for NTT. [Carl Hoffman]
DIPS was an operating system developed by NTT and running on IBM S/370
clone machines built by Hitachi, Fujitsu and NEC. Sure, it was
inspired by Multics, but was not a clone, or you would call every
multi-user machine built after 1970 a Multics clone. [Jean Bellec]
1.4.7. Amber
Multics also influenced Amber, the operating system produced by the
S-1 project at Livermore between 1979 and 1986 or so. The original
Amber group was familiar with Multics as users - the original
development work was done on MIT-Multics - but I don't believe it
included anyone who'd actually worked on the Multics kernel itself.
The most important Multics influences were writing the operating
system in a high-level language, the single-level storage system, and
an emphasis on security, although rings were not present on the last
generation of S-1 machine. Amber was heavily influenced by critiques
of Multics such as the Multics Kernel Redesign Project. In its later
years, Amber made serious strides toward machine independence.
The developers hoped to make it "Multics done better," as reported in
a DATAMATION article. Jeff Broughton co- wrote the compiler for the
Pastel language used for Amber. [Jay Pattin]
1.4.8. GEMSOS
The Gemini GEMSOS secure operating system for the Intel architecture
was developed by Roger Schell to support a Multics-style segmented
environment in a system designed to meet A1 security requirements.
[Paul Karger]
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Multics on emulated systems?
Newsgroups: alt.os.multics,alt.folklore.computers
Date: Sun, 08 Dec 2002 21:35:45 GMT
Anne & Lynn Wheeler writes:
throw in at least prime and stratus also. from multics page
http://www.multicians.org/general.html
as an aside ... when they shutdown the vm/370 development group in
burlington mall (mid-70s) and told everybody that vm/370 was dead and
they would have to move to POK to work on an internal only tool (aka
VMTOOL, provided XA virtual machines ... but the only purpose was
going to be for internal MVS/XA development and would never be
released as a pproduct) ... some of the people found their way to DEC
working on VMS ... and some others found their way to Prime.
customers eventually did get the company to continue with vm/370 as
well as to come out with vm/xa (but some number of the good people
wandered away because of the continuous corporate statements about
product being dead).
random vmtool postings
http://www.garlic.com/~lynn/2001m.html#38 CMS under MVS
http://www.garlic.com/~lynn/2001m.html#47 TSS/360
http://www.garlic.com/~lynn/2001n.html#67 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2002e.html#27 moving on
http://www.garlic.com/~lynn/2002m.html#9 DOS history question
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Multics on emulated systems?
Newsgroups: alt.folklore.computers,alt.os.multics
Date: Mon, 09 Dec 2002 14:57:47 GMT
"Douglas H. Quebbeman" writes:
But: I've also heard a rumour that The Computer History Museum
received not only the DOCKMASTER hardware, but its software as
well. Lest eyebrows raise everywhere, yes, this seems quite
unlikely, and it is only a rumour...
i thot i heard anything that could record (disk, tapes, etc) got
degaussed, crushed, shredded, pulverized, and burned/melted.
minor related
http://www.garlic.com/~lynn/2002h.html#30 Multics hardware (was Re: "Soul of a New Machine" Computer?)
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: myths about Multics
Newsgroups: alt.os.multics
Date: Mon, 09 Dec 2002 15:09:52 GMT
haynes@alumni.uark.edu (Jim Haynes) writes:
I was out of the picture after GECOS2, but you could certainly get the
source for it. OS/360 came with source until IBM unbundled; in fact you
had to have source for some reason. (I don't know what it was, but there
were programmers who had to add or patch or do something with source at
each release.) Burroughs 5500 and 6500 systems came with source, and
in fact you patched source between releases.
os/360 came with microfiche of source listings .... very few
components came with machine readable source that could be used to
actually rebuild from source; cp/67 & vm/370 ... also at 545 tech sq
... being one of the few. HASP (for os/360) also was an exception.
os/360 maint. tended to be with binary deck (compiled output)
replacements and superzaps. zap'ing was selective modification of
bytes in a binary deck. It was so common that many programs came with
"zap" areas (say 80-256 bytes) in each program. You zap'ed some number
of instructions into the zap-area with a return ... and then modified
some inline instruction to branch to new instructions in the zap area.
In extreme cases, customers might rekey (punch cards) source from the
microfiche and compile/assemble
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 18:45:47 GMT
Christopher Browne writes:
There is some thinking going into this sort of thing, but the current
protocols don't offer the ability to tie the PK to domain names.
the current implementation allows almost any generalized information
to be "served" with the domain name ... not just IP-address (aka some
amount of whois ... runs off the same domain-name database as the
ip-address ... you can put almost any kind of information with some
tag ... into the domain name database and retrieve it).
in effect the domain name infrastructure is a generalized real-time
information distribution system (akin to ldap ... but long before ldap
come into existance) which isn't restricted to just ip-address
information distribution (aka if you put an ip-address in the database
for a domain name ... then that ip-address is tied to the domain name,
if you put a phone number in the database for a domain name ... then
the phone number is tied to the domain name, etc).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 18:51:04 GMT
... and the basis of registering the public key in the domain name
database is something that the existing certification authorities have
come up with as minimizing the ability to do domain name take-over
exploits.
the problem is that you can certify a certification authority ... as
much as you want ... and it doesn't really mean much if the
authoritative agency that the certification authority has to rely on
has a lot of vulnerabilities. in fact, there could be a case made that
some amount of the certification of certification authorities ... is
to distract attention from the fact that the sources of information
that they are certifying ... have issues (aka the saying about integrity
only be as strong as the weakest link .... have everybody pay attention
to the fact that the crypto is very, very secure ... and hopefully they
won't notice that there are major issues with the basic information).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 19:04:49 GMT
Christopher Browne writes:
Well, if we're heading to some-domain.tld, we could always go hit
<https://www.some-domain.tld/>, and try to verify whatever certificate
we get against whatever certificates we have lying around.
That doesn't establish a generalized protocol for verifying that
what's coming through BIND is legitimate via a digital signature.
The point is that for there to be a ubiquitous standard mechanism,
there needs to be a standardized mechanism, and it presumably involves
modifying EPP/RRP to put digital signatures in at the provisioning
level.
If it's not a standard, and isn't being supported, as a standard, by
registrars, then it's not a ubiquitous mechanism that can be depended
on.
the issue about ssl certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
isn't with the certificates, or the certificate chain, or the root certificate,
or public keys or private keys.
the issue with the ssl certificates is how does a certification
authority actually know who owns a domain. this is basically recorded
in the domain name database(s) owned by the domain name
infrastructure. A certification authority has to rely on the
authoritative agency was to who actually owns the domain name (that
authoritative agency is the domain name infrastructure).
again the integrity of the infrastructure is only as strong as its weakest
link. why attack the crypto ... when there are possibly a zillion simpler
things to attack.
so one suggestion from the certification authority industry to help
improve the integrity of the domain name infrastructure ... and the
information recorded in the domain name database(s) is to have a
public key recorded in that database at the same time the domain name
is registered. in some sense it can be like those "TIP" reporting
programs where you tear a dollar bill in half and send in one
half. You don't subseqently have to proove who you are ... you just
need to be able to proove that you are the person that sent in the tip
(and the other half of the dollar bill). In this case, you proove that
you are the person that registered the database by signing something
that can be verified with the registered public key.
however, once a public key is registered in the domain name database
... the binding of that public key to the domain name ... is as valid
as the binding of the ip-address to the domain name (and is at least
as strong a binding as any certification authority's binding that is
the result of asking the domain name infrastructure as to who really
owns the domain name).
now (again) the irony is that if the domain name infrastructure
binds/registers a public key to a domain name entry ... in support of
improving the integrity of the domain name infrastructure for use by
the certification authority industry ... then in theory that same
public key binding could be accessed directly ... w/o the need of
having a certification authority industry (or certificates).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 19:35:01 GMT
oh yes, slightly related thread on SSL
http://www.garlic.com/~lynn/aadsm12.htm#50 Frist Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#51 Frist Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aepay10.htm#60 First Data Unit Says It's Untangling Authentication
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 20:27:03 GMT
Henrick Hellström writes:
The irony seems to have escaped you. <g>
The point is that there is not really anything to gain from turning
domain name registrars into CAs. You would still have the same
security issues, with one minor exception: The subject validation
process would appear to be a more transparent process, since the
domain name registrar would already have verified the identity of the
registrant.
I suspect the whole issue here is that people assume that CAs are
making money for nothing and just want to find ways to put them out of
business. What they perhaps fail to realize is that there are massive
investments in hardware and organizational procedures involved in any
secure CA operation. Simply put: You don't want to store a CA private
key with a 30 year lifetime on the hard drive of your home PC.
no ... the irony is that you have to turn domain name registrars into
high integrity resources .... since their databases are the
authoritative reference that certification authority industry uses as
the true owners of a domain name. in some sense ... for an SSL domain
name certificate, the certification authority is taking the bits from
an entry in the domain name database .... changing the encoding and
arrangement of those bits ... doing some magic crypto mumbo-jumbo ...
and calling it a certificate.
the integrity of the certificate is based on the magic crypto
mumbo-jumbo.
the integrity of the information in the certificate is based on the
integrity of the authoritative agency responsible for the information
(the domain name infrastructure).
logically ... there is a master reference someplace, somewhere for
pieces of information .... typically in something that looks like a
database account record.
a certification authority ... certifies that it uses due diligence in
acquiring that information from the authoritative agency responsible
for the information and uses appropriate crypto strength & business
processes for copying that information into a certificate. logically,
a certificate is a R/O copy of (typically subset and possibly quite
stale) some authoritative database piece of information.
the original purpose for certificates was for environments where the
relying party was offline and had no recourse to directly contacting
the authoritative agency as to the validity of some piece of
information (aka analogy is the letters of credit in the days of
sailing ships). These days, when matters of real value are involved,
it is much more cost effective to use an online, real-time contact
directly to the authoritative agency with regard to the information
being verified (only resorting to offline, stale, subset information
in a certificate when no other possible means was available).
The specific issue with the SSL domain name certificates ... is that
something was wanted quickly ... and while the domain name
infrastructure was online and realtime ... there were issues with
integrity that didn't look like could be quickly resolved ... so the
SSL domain name certificates were a temporary solution pending being
able to improve the integrity of a (legacy) domain name
infrastructure.
However, one of there still remained a significant issue that the
certification authority industry were as dependent on the integrity
and quality of the information of the domain name infrastructure as
the whole rest of the internet.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 21:06:57 GMT
"DD" writes:
On the other hand - maybe a different view of the world would be to stop
expecting CAs to be this ultimate source of trust. I use different
documents (paper / digital) to get cash from an ATM, to travel to another
country, to get a book form a local library, to rent a car, etc. Perhaps a
different CA model might be to be more localised and issue certs closer to
the point of use. E.g. my company would issue me a cert for my company
email address and a cert for my company ERP system so I can sign POs. My
ISP would issue a cert for my ISP mailbox.
In the first case the company is certifying the identity of the employee and
email address and linking them to a public key. In the second case they are
certifying a function (purchasing with a defined $ limit) and linking it to
a public key. The ISP is certifying an email address and linking it to a
public key. Note that the ISP (in this case) makes no assurances about the
entity who uses that email address.
so in the ISP case ... when you open an account you supply a public
key (similar to the scenario for creating a domain name defintion
... supply a public key at the time the entry is created). the ISP
registers the public key in the RADIUS data base record for the userid
... in lieu of a userid. They don't need to know who you are (as long
as you pay the bill) ... they just need to know that you are the
person that established the account/userid. then can use digital
signature signing at ISP connection (instead of userid/password). see
radius references
http://www.garlic.com/~lynn/subtopic.html#radius
this is similar to the kerberos pk-init draft .... public key is
registered for the userid at the time the userid is defined ... there
is no requirement to know who you are (aka identification) just that
you are the entity that established/owns the userid (aka
authentication).
the ISP and employee online environments are likely to either be a) a
radius infrastructure or b) a kerberos infrastructure (both of which
can be certificate-less public key for authentication).
so for employee case. is it better to establish a public key in the
employee data base ... and do real-time transactions against that
employee database entry ... or to have a (potentially very stale) copy
of a subset of that information in a credential targeted for offline
use.
so one use might be door-badge system. Some door-badge systems
(especially in low-value environments) are offline
operations. However, high value operations tend to have online,
real-time checking. So a possible issue for target certificate
environments are offline and/or very low value operations ... where it
doesn't justify to utilize a real-time online environment.
There are two things going against the offline scenario: a) online
costs are dropping significantly and online is becoming worldwide
ubiquitous (one way or another), b) there is a negative feedback
scenario, if the certificates are only used for low-value or no-value
operations ... it isn't likely that people are going to pay much for
them; if people won't pay much for them, it limits the kind of
infrastructure that a CA is able to afford; if the CA can only afford
to operate a cut-rate infrastructure; the applicability/usefulness of
such certificates becomes even further reduced, people are even going
to pay less for a certificate that has even lower value, which means
less money for a CA infrastructure, when reduces the value of the
certificate.
the other way of looking at it ... is that things of value are not
only moving to online ... but moving to various kinds of aggregation
and/or patterns of activity. financial transactions are online,
aggregation operations ... i.e. not just a value bound on a single
transaction ... but value bound on the aggregation of any number of
transactions. if you touch the online database ... with the master of
the information that is contained in a stale, redundant, superfluous
certificate ... is it better for a business process to use the
realtime information in the record it has just read ... or the stale
information in a certificate that come via who knows what?
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cost of computing in 1958?
Newsgroups: alt.folklore.computers
Date: Tue, 10 Dec 2002 14:33:34 GMT
Tony Lima writes:
Economists will tell you this is merely equating marginal
cost (the cost of writing better, tighter code) with
marginal benefit (saving CPU cycles). When CPU cycles
become cheaper, it's foolish to incur the higher marginal
costs of writing that tight code. - Tony
there was some tighter code that was faster ... but there was also
some tighter code that was simpler and easier to understand. the
simpler and easier to understand made it easier to adapt and enhance
to new situations (aka reusable code) ... as opposed to
write-only/write-once code (term originated with apl\360?).
the shortcoming that easy to understand/modify code ... was it tended
to become very dirty by people making easy modifications (some
programming law of entropy?).
lynn@garlic.com somewhere else recently wrote:
long ago and far away i liked to try and rewrite code to add new
function so that the basic function appeared to be implemented in much
shorter path length and much less code ... and the added new function
appeared to have been implemented in zero pathlength with no
instructions. some of the problems that arose was that traditional
maint. (by others) might result in some things stop working for no
apparent reason (sometimes this could be 10-15 years later). I once
had somebody track me down ten years after a custom kernel had
disappeared into AT&T longlines ... looking for help.
in any case, KISS seems to be out of style ... another observation
somebody recently made ... strong sense that simplifying problems is
not nearly as profitable as other approaches.
random kiss references:
http://www.garlic.com/~lynn/99.html#228 Attacks on a PKI
http://www.garlic.com/~lynn/aadsm10.htm#hackhome Hackers Targeting Home Computers
http://www.garlic.com/~lynn/aadsm10.htm#boyd AN AGILITY-BASED OODA MODEL FOR THE e-COMMERCE/e-BUSINESS ENTERPRISE
http://www.garlic.com/~lynn/aadsm11.htm#10 Federated Identity Management: Sorting out the possibilities
http://www.garlic.com/~lynn/aadsm11.htm#30 Proposal: A replacement for 3D Secure
http://www.garlic.com/~lynn/aadsm12.htm#19 TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
http://www.garlic.com/~lynn/aadsm2.htm#mcomfort Human Nature
http://www.garlic.com/~lynn/aadsm3.htm#kiss1 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp-00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss3 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss4 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss5 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss6 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss7 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss8 KISS for PKIX
http://www.garlic.com/~lynn/aadsm3.htm#kiss9 KISS for PKIX .... password/digital signature
http://www.garlic.com/~lynn/aadsm3.htm#kiss10 KISS for PKIX. (authentication/authorization seperation)
http://www.garlic.com/~lynn/aadsm5.htm#liex509 Lie in X.BlaBla...
http://www.garlic.com/~lynn/aadsm7.htm#3dsecure 3D Secure Vulnerabilities?
http://www.garlic.com/~lynn/aadsm8.htm#softpki10 Software for PKI
http://www.garlic.com/~lynn/aadsmail.htm#comfort AADS & X9.59 performance and algorithm key sizes
http://www.garlic.com/~lynn/aepay3.htm#gaping gaping holes in security
http://www.garlic.com/~lynn/aepay7.htm#nonrep3 non-repudiation, was Re: crypto flaw in secure mail standards
http://www.garlic.com/~lynn/aepay7.htm#3dsecure4 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure
http://www.garlic.com/~lynn/2001.html#18 Disk caching and file systems. Disk history...people forget
http://www.garlic.com/~lynn/2001i.html#51 DARPA was: Short Watson Biography
http://www.garlic.com/~lynn/2001l.html#1 Why is UNIX semi-immune to viral infection?
http://www.garlic.com/~lynn/2001l.html#3 SUNW at $8 good buy?
http://www.garlic.com/~lynn/2002b.html#22 Infiniband's impact was Re: Intel's 64-bit strategy
http://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
http://www.garlic.com/~lynn/2002b.html#59 Computer Naming Conventions
http://www.garlic.com/~lynn/2002c.html#15 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002d.html#0 VAX, M68K complex instructions (was Re: Did Intel Bite Off MoreThan It Can Chew?)
http://www.garlic.com/~lynn/2002d.html#1 OS Workloads : Interactive etc
http://www.garlic.com/~lynn/2002e.html#26 Crazy idea: has it been done?
http://www.garlic.com/~lynn/2002e.html#29 Crazy idea: has it been done?
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002k.html#11 Serious vulnerablity in several common SSL implementations?
http://www.garlic.com/~lynn/2002k.html#43 how to build tamper-proof unix server?
http://www.garlic.com/~lynn/2002k.html#44 how to build tamper-proof unix server?
http://www.garlic.com/~lynn/2002m.html#20 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#27 Root certificate definition
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: I'll see your deep-fried mars-bar..
Newsgroups: alt.folklore.computers
Date: Tue, 10 Dec 2002 14:59:49 GMT
jmfbahciv writes:
The "last" generation (version 7.03) of TOPS-10 monitor developers did
the Chinese food thing.
people from 545 (at least 4th floor) did chinese ... typically down in
central sq. there was also legal in inman sq ... but that was more
often just lunch ... tables and benches on the 2nd floor. for lunch we
would periodically try the various student cafeterias.
there is the stanford joke ... i think involving mccarthy and minsky
and some others at some chinese place on university ... and minsky
talking about some stanford phd thesis in preperation and asking a
number of questions ... and mccarthy saying something to the effect
that everybody understands that ... here lets ask the waiter (of
course the waiter happens to be the author). After monthly SLAC
meetings, the Oasis or the Blue Goose were typically the choice.
in san jose ... we frequently did pizza ... and for awhile had a real
thing for the first Chuck E. Cheese (just off blossom).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: I'll see your deep-fried mars-bar..
Newsgroups: alt.folklore.computers
Date: Wed, 11 Dec 2002 14:09:32 GMT
jmfbahciv writes:
We didn't do food; we did beer. For JMF and TW, lunch time was
the end of their work shift. I had that shift for a while (anybody
working on TOPS-10 stand-alone had to work non-prime time.
for the first couple years when an eric's moved in across the street
from the main plant site ... they had a back room that for some reason
or another had my name posted on it ... and we would get half price on
pitchers of anchor steam
both oasis and blue goose are probably considered much more of peanut
shells and beer place.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Wed, 11 Dec 2002 17:27:56 GMT
recent threads in some other places related to this subject:
http://www.garlic.com/~lynn/2002p.html#12 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#18 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#19 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#21 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/aepay10.htm#31 some certification & authentication landscape summary from recent threads
http://www.garlic.com/~lynn/aepay10.htm#37 landscape & p-cards
http://www.garlic.com/~lynn/aepay10.htm#53 First International Conference On Trust Management
http://www.garlic.com/~lynn/aadsm12.htm#42 draft-ietf-pkix-warranty-extn-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#45 draft-ietf-pkix-warranty-extn-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#48 draft-ietf-pkix-warranty-extn-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#52 First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#53 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#54 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#55 TTPs & AADS (part II)
and some relation to parts of previous threads:
http://www.garlic.com/~lynn/aepay10.htm#62 VeriSign unveils new online identity verification services
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Secure you PC or get kicked off the net?
Newsgroups: alt.computer.security,alt.security,comp.security.firewalls
Date: Thu, 12 Dec 2002 15:21:31 GMT
colonel_flagg@NOSOUPFORJ00internetwarzone.org (Colonel Sam Flagg, U.S. Army Intelligence (ret)) writes:
yea, and? what's wrong with making people secure themselves? would you
rather have the government come in and secure it for you?
bwahahahahahaha.
frankly, i think it would be a good idea for a "learners permit" then a
"computer drivers test" when you complete the "learning period", if you
fail, no computer for you, off the net moron.
there has been similar thread in the context of infobahn & information
super highway ... as much as individual licensing ... the other area
is in terms of liability and insurance.
one of the issues brought up is similar to the automobile industry ...
nobody will pay for safety features. a combination of personal
liability, liability premiums adjusted for kind of vehicle and
gov. mandated security features has accomplished quite a bit.
one possible translation of presonal liability is that ISPs
automatically adjust the monthly bill based on various kinds of
activity (like if your computer is part of certain kinds of attacks,
you get zap'ed for operating an unsafe vehicle as well as reckless
driving).
the driving licensing issue, in part is because individual
shortcomings in a car can have significant consequences like loss of
life ... so a minimum level of competency has been deemed
necessary. However in the auto analogy, being hit with much higher
insurance premiums as well as fines for both a) operating unsafe
vehicle and b) reckless driving has been a significant mitigating
factor ... along with some gov. mandated safety standards.
http://www.garlic.com/~lynn/2001m.html#27 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
http://www.garlic.com/~lynn/2001m.html#28 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
http://www.garlic.com/~lynn/2001m.html#29 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
http://www.garlic.com/~lynn/2001m.html#30 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
so, lets say that you recklessly drive (program some threat) and/or
operate an unsafe vehicle (virus takes over your machine) on the
internet ... you just get hit with much larger charges.
people then are motivated to buy original equipment with appropriate
safty measures and/or have aftermarket equipment installed. People
don't need to understand the technology ... any more than many people
understand details of auto technology. appropriate original equipment
and aftermarket safety features may even come with warrenties that
re-imburse the person for safety failures that result in hitting the
person's pocket book.
one of the issues raised in the previous thread was can individual ISP
be relied upon to enforce the traffic laws and appropriately collect
fines (aka boundary packet filtering & virus checking rules are
appropriately installed and customers get hit with additional charges
for everything that trips the filters).
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 15:44:36 GMT
Joel Gallun writes:
They launched a bunch of them -- the WESTAR series of birds. Try a
google on WESTAR and see what you get. Memeory is failing me
here. Sorry.
there were a number of businesses that thot to get into that market.
another was sbs (my wife worked for them for a time), which was
jointly owned by ibm, aetna, and comsat. one of the issues was
deployment of computing protocols that supported satellite propagation
delays. sbs even tried voice business for a time ... before getting
out of the business. most of the land/tail circuits and people went to
MCI ... and the satellites went to Hughes. I got to sit in the VIP
stands for launch of 41d w/SBS-4 (actually a number of times because
of aborts) aug/84
http://www.nasa.gov/mission_pages/shuttle/shuttlemissions/archives/sts-41D.html
another issue was satellites designed to fit in the cargo bay of the
shuttle ... and shuttle launch shutdown after the accident ... and
a lot of the business wandering away to fiber. the other was
some satellites getting larger than what would fit in the shuttle bay
... and needing to find alternative launch capability that supported
larger form factor satellites.
we (aka hsdt/high speed data transport) ... had small high speed
backbone running with fiber links as well as three hsdt tdma
earthstations (two were in northern us with 4.5m dishes ... one in
southern us that needed 7m dish). I had done some amount of protocol
optimization as well as rate-based pacing algorithm for high speed
activity misc. hsdt posts:
http://www.garlic.com/~lynn/subtopic.html#hsdt
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Vector display systems
Newsgroups: alt.folklore.computers
Date: Wed, 11 Dec 2002 22:28:13 GMT
ibm had these 2250s in the 60s. the university that i was at had a
2250 with its own controller and directly attached to ibm mainframe
channel.
the science center had a 2250m4 ... which was a 2250 with a
1130. somebody ported space wars to the science center's 1130 & played
on the 2250 (two person; had the keyboard split in have and each
player had a set of keys for the various functions).
ibm eventually came out with a replacement called the 3250 ... which i
believe were relogo'ed from sanders. The later replacement, 5080 was
also possibly relogo'ed from sanders.
attempt to use search engine didn't come up with much:
http://www-2.cs.cmu.edu/afs/cs/usr/ph/www/nyit/morrison/1960s.txt
http://www.upfrontezine.com/1999/upf-135.htm
A graphics device earlier than 3250 was the 3277ga (aka graphics
attachment) ... a relogo'ed tektronics device ... that had special
attachment into the side of 3277 terminal display. It basically used
the 3272 channel attached controler for high data rates from the
processor.
note in the following:
http://www.nfrpartners.com/comphistory/
edit, moved to & 2250 ref. fixed
http://home.maine.rr.com/jhcphoto/
the picture identified as "2250 being used as operator console" is 9track
tape drive.
at the bottom of the above page are pictures of 3250 and 5080.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Sci Fi again
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 19:06:40 GMT
eugene@cse.ucsc.edu (Eugene Miya) writes:
I've only relatively recently gotten into serials, and it is amazing to
me that all these series like Dune, Foundation, Ender, start with 1 really
good volume, then degenerate. I need to finish Cryptonomicom that I
think about it.
my wife is right in the middle of reading cryptonomicom. also we just
watched dvd of the first rings on monday night. she thot it was
interesting the passage from the book where one of the guys is
comparing themself to a dwarf from tolken ... working in extreme dark,
forging things of great power ... and having to sit around a table of
chattering hobbits.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 19:15:34 GMT
Anne & Lynn Wheeler writes:
we (aka hsdt/high speed data transport) ... had small high speed
backbone running with fiber links as well as three hsdt tdma
earthstations (two were in northern us with 4.5m dishes ... one in
southern us that needed 7m dish). I had done some amount of protocol
optimization as well as rate-based pacing algorithm for high speed
activity misc. hsdt posts:
http://www.garlic.com/~lynn/subtopic.html#hsdt
also related to hsdt activity:
http://www.garlic.com/~lynn/internet.htm#0
and ha/cmp could be considered outgrowth of marrying hsdt to earlier
experience in tightly-coupled & loosely-coupled systems:
http://www.garlic.com/~lynn/subtopic.html#hacmp
as well as later electronic commerce stuff:
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
previous postings on connecting threads:
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 19:45:12 GMT
Anne & Lynn Wheeler writes:
previous postings on connecting threads:
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce
brain check ... should be
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 21:27:57 GMT
jchausler writes:
They shed all their "communications" facilities and became a
service provider in 1989 or so (that was the last year they
provided a "wire" to interconnect all the chapters of the
Morse Telegraph Club for their annual Morse's Birthday
meetings on the last Saturday of April). It was my
understanding, in fact, that the company as such was
dissolved at that time and all the pieces sold off. The
company doing business now as Western Union was
just the buyer of the telegram and money order service
(Yes, Virginia, you can still send a 15 word or less
telegram but its gonna cost ya, even more if you want
it hand delivered, about $35 total the last time I
checked.) I could be wrong about this though.
amex spun off firstdata in '92 ... integrated payments part of
firstdata operated moneygram. when western union was on the block
... firstdata looked at buying them ... but western union was
purchased by first financial management. Later when firstdata and
first financial management merged, first data had to divest moneygram.
http://www.ftc.gov/opa/1995/9509/fdfin.htm
http://www.prnewswire.com/cnoc/FDSmda.html
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VSE (Was: Re: Refusal to change was Re: LE and COBOL)
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Fri, 13 Dec 2002 02:06:53 GMT
ted.macneil@mobile.rogers.com (ted.macneil) writes:
OT: I would never consider anything about PROFS/OV gleaming,
when the keys meant different things on different panels.
I think that the poor interface was what drove IBM to come up with SAA!
I know PROFS used to drive our infrequent users up the wall!
They could never get in the habit of not getting in the habit of
hitting different keys on different panels to do the same thing.
we thot that SAA was mostly directed at trying to put the genie back
in the bottle ... try and turn PCs into enhanced 327xs. we got
hammered by both the SSA guys and the T/R guys when we came up with
three-tiered architecture and started presenting it as sophisticated
distributed computing environment with high speed interconnect.
http://www.garlic.com/~lynn/subnetwork.html#3tier 3tier, middle layer,
saa
the profs group picked up a number of different applications and
smashed them all together. the email application they picked up was
primitive/early version of an application called vmsg. later when the
author of vmsg questioned why they were using such an early/primitive
version in the product ... there was some difference of opinion
... however the author was able to demonstrate that his initials
existed in an internal control field in all PROFS (aka VMSG)
messages. After that he stopped open source distribution and only
shared source with me and one other.
misc. profs &/or vmsg refs:
http://www.garlic.com/~lynn/99.html#35 why is there an "@" key?
http://www.garlic.com/~lynn/2000c.html#46 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000e.html#20 Is Al Gore The Father of the Internet?^
http://www.garlic.com/~lynn/2001j.html#35 Military Interest in Supercomputer AI
http://www.garlic.com/~lynn/2001k.html#35 Newbie TOPS-10 7.03 question
http://www.garlic.com/~lynn/2001k.html#39 Newbie TOPS-10 7.03 question
http://www.garlic.com/~lynn/2001k.html#40 Newbie TOPS-10 7.03 question
http://www.garlic.com/~lynn/2001k.html#56 E-mail 30 years old this autumn
http://www.garlic.com/~lynn/2002f.html#14 Mail system scalability (Was: Re: Itanium troubles)
http://www.garlic.com/~lynn/2002h.html#58 history of CMS
http://www.garlic.com/~lynn/2002h.html#59 history of CMS
http://www.garlic.com/~lynn/2002h.html#64 history of CMS
http://www.garlic.com/~lynn/2002i.html#50 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002j.html#4 HONE, , misc
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: I'll see your deep-fried mars-bar..
Newsgroups: alt.folklore.computers
Date: Fri, 13 Dec 2002 22:25:19 GMT
"Charlie Gibbs" writes:
"All the sugar and twice the caffeine!" There you have it: 2 to 1.
(Makes sense - after two cans of Jolt I can vibrate right up a wall.)
long ago and far away i was at a conference where they came out and
provided free truck load of jolt ... as the initial marketing/consumer
testing ... before they started selling it.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: January 7, 2003: "25 years of Hennessy & Patterson" PARC
auditorium, Palo Alto
Newsgroups: alt.folklore.computers
Date: Fri, 13 Dec 2002 23:58:43 GMT
... forwarded ....
old_systems_guy@yahoo.com (John Mashey) writes:
This is sponsored by Computer History Museum,
www.computerhistory.org/events/latest,
keep an eye on website for details in a couple
weeks (this is an early warning for comp.arch fans).
Host/interviewer - mash, really @ heymash.com.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Newbie: Two quesions about mainframes.
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sat, 14 Dec 2002 22:32:04 GMT
dunklervater@yahoo.com (DV) writes:
Hello,
Recently I read in a computer magazine, that there is a port for the
architecture S/390. I dug around a bit, and found out that this seems
to be a very interesting, but very unaffordable architecture.
Especially interesting for me was that the concept of the VM was
administered through and through. I am currently in the process of
downloading hercules and images of VM/370 and OS/360. These two seem
to be quite dated versions, but I could imagine, that VM/ESA and
OS/390 are very expensive.
The reason for this post are two questions:
1) I often read that the VM principle is also a method of system
security, as it separates users from one another. I have been thinking
hard about this (as I would find it cool, if one could do a linux
distro for PCs that used the same VM principle, maybe using bochs or
usermode linux), but I don´t get two points of this:
a)There must be at least one connection into the VM: The console link
of the user. Thus, the VM is not un-hackable, right? Are there some
precautions about this (other that read-only mode or something)?
b) In addition to that, this also means, that there must be some
authentification process: User minidisks have to be setup and login
controlled. This process either must take place on the bare hardware
(without VM camouflage) or within some other VM. Thus, doesn´t that
mean, that the bare hardware and any VM is not un-hackable?
c)There must be somthing as an administrator that has acess to the
real hardware. In order to prevent this account being hacked, what
precautions are normally administered (maybe only certain consoles in
the machine room allow administrator rights; any remote access as
administrator is forbidden a.s.o)?
2)Are there any good docs about VM/CP/CMS on the one side and
MVS/descendants/JCL/pipes on the other? I searched around and only
found things on the ibm website, which is unbearably slow to access
and seems to contain PDF (un-userfriendly to read) or mainframe
formats I cant read at all. It would be nice if this stuff was really
base-level, so I can get the facts straight and then find more arcane
stuff to amuse myself.
I hope this doesn´t seem too offtopic, but the VM-Principle is most
interesting for me, and I would really like to grasp whether there
isn´t really any analogon to JCL and pipes in Linux.
I would appreciate any answers.
Thank you in advance,
Bye.
first cp/67 and then vm/370 was used in a number of secure business
critical areas. one such was the science center for a time operated
cp/67 time-sharing service that had BU & MIT students ... science
center employees and remote users from corporate hdqtrs using cms\apl
doing corporate business modeling with the absolutely most sensitive
of corporate data (all on the same machine concurrently). misc. 545
refs:
http://www.garlic.com/~lynn/subtopic.html#545tech
misc. apl refs:
http://www.garlic.com/~lynn/subtopic.html#hone
other examples are various general commercial time-sharing services
based on cp/67 and later vm/370 ... that depended on general users
couldn't crash &/or compromise the system (tymshare, idc, ncss, etc).
lots of random postings about commercial time-sharing
http://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000d.html#40 360 CPU meters (was Re: Early IBM-PC sales proj..
http://www.garlic.com/~lynn/2000e.html#9 Checkpointing (was spice on clusters)
http://www.garlic.com/~lynn/2000f.html#52 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#4 virtualizable 360, was TSS ancient history
http://www.garlic.com/~lynn/2000g.html#22 No more innovation? Get serious
http://www.garlic.com/~lynn/2000g.html#31 stupid user stories
http://www.garlic.com/~lynn/2001b.html#15 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001b.html#50 IBM 705 computer manual
http://www.garlic.com/~lynn/2001g.html#30 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001g.html#32 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001g.html#33 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001g.html#35 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001h.html#35 D
http://www.garlic.com/~lynn/2001h.html#59 Blinkenlights
http://www.garlic.com/~lynn/2001i.html#44 Withdrawal Announcement 901-218 - No More 'small machines'
http://www.garlic.com/~lynn/2001m.html#1 ASR33/35 Controls
http://www.garlic.com/~lynn/2001m.html#44 Call for folklore - was Re: So it's cyclical.
http://www.garlic.com/~lynn/2001m.html#51 Author seeks help - net in 1981
http://www.garlic.com/~lynn/2001m.html#54 Author seeks help - net in 1981
http://www.garlic.com/~lynn/2001m.html#55 TSS/360
http://www.garlic.com/~lynn/2001n.html#10 TSS/360
http://www.garlic.com/~lynn/2002b.html#2 Microcode? (& index searching)
http://www.garlic.com/~lynn/2002c.html#44 cp/67 (coss-post warning)
http://www.garlic.com/~lynn/2002e.html#47 Multics_Security
http://www.garlic.com/~lynn/2002f.html#59 Blade architectures
http://www.garlic.com/~lynn/2002g.html#4 markup vs wysiwyg (was: Re: learning how to use a computer)
http://www.garlic.com/~lynn/2002h.html#34 Computers in Science Fiction
http://www.garlic.com/~lynn/2002h.html#43 IBM doing anything for 50th Anniv?
http://www.garlic.com/~lynn/2002h.html#50 crossreferenced program code listings
http://www.garlic.com/~lynn/2002h.html#60 Java, C++ (was Re: Is HTML dead?)
http://www.garlic.com/~lynn/2002i.html#44 Unisys A11 worth keeping?
http://www.garlic.com/~lynn/2002i.html#48 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002i.html#63 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#64 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#69 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002l.html#53 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#56 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#61 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#62 Itanium2 performance data from SGI
http://www.garlic.com/~lynn/2002l.html#64 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002m.html#61 The next big things that weren't
http://www.garlic.com/~lynn/2002n.html#27 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#32 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#54 SHARE MVT Project anniversary
http://www.garlic.com/~lynn/2002n.html#67 Mainframe Spreadsheets - 1980's History
http://www.garlic.com/~lynn/2002n.html#73 Home mainframes
there has also been some discussion about the security evaluated
version of VAX/VMS was done by implementating some sort of virtual
machine layer for (secure) vms. random secure vms refs:
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002m.html#72 Whatever happened to C2 "Orange Book" Windows security?
http://www.garlic.com/~lynn/2002m.html#76 Whatever happened to C2 "Orange Book" Windows security?
also
http://groups.google.com/groups?q=+%22secure+vms%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&scoring=r&as_drrb=b&as_mind=12&as_minm=1&as_miny=2000&as_maxd=14&as_maxm=12&as_maxy=2002&selm=3C07B110.9060905%40multicians.org&rnum=2
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: 20th anniversary of the internet (fwd)
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 12:44:40 GMT
somewhat related discussions:
http://www.garlic.com/~lynn/internet.htm#0
index of rfcs
http://www.garlic.com/~lynn/rfcietff.htm
forwarded:
From: Bob Braden <braden@ISI.EDU>
Date: Sat, 14 Dec 2002 10:08:38 -0800 (PST)
To: ietf@ietf.org
Cc: internet-history@postel.org
Subject: The 20th anniversary of the Internet
We ought not to let pass unnoticed the impending 20th anniversary of
the Internet. The most logical date of origin of the Internet is
January 1, 1983, when the ARPANET officially switched from the NCP
protocol to TCP/IP. Six months later, the ARPANET was split into the
two subnets ARPANET and MILNET, which were connected by Internet
gateways (routers).
The planning for the January 1983 switchover was fully documented in
Jon Postel in RFC 801. The week-by-week progress of the transition was
reported in a series of 15 RFCs, in the range RFC 842 - RFC 876, by
UCLA student David Smallberg.
There may still be a few remaining T shirts that read, "I Survived the
TCP/IP Transition". People sometimes question that any geeks would
have been in machine rooms on January 1. Believe it!! Some geeks got
very little sleep for a few days (and that was before the work "geek"
was invented, I believe.)
So, on New Year's Eve, hoist one for the 20th anniversary of the
Internet.
Bob Braden
____________________________________________________
Routers brought to you by Bob Hinden of BBN.
Prominent survivors included Dan Lynch of Interop fame.
And of course Vint Cerf was working the Levers of Power at
ARPA.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: 20th anniversary of the internet (fwd)
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 18:29:19 GMT
in addition to previous posts about the transition
http://www.garlic.com/~lynn/2000e.html#18 Is Al Gore The Father of the Internet?^
http://www.garlic.com/~lynn/2001n.html#5 Author seeks help - net in 1981
another one (and while i have the 1/9 memo, i haven't found a copy of
the referenced 1/7 memo)
Date: 9 Jan 83 0:13:36-EST (Sun)
From: G. B. Reilly <reilly@udel-relay>
To: pn-liaisons at udel-relay
cc: csnet-mc at bbn-unix, mimno at bbn-unix
Subject: Re: Problems with TCP cutover
Via: UDel; 9 Jan 83 18:21-PDT
Via: rand-relay; 10 Jan 83 6:30-EST
Dear Site Liaisons,
Because the University of Delware's Relay is dually connected in the
ARPAnet (both NCP and TCP/IP access) most of the sites mentioned in
Nancy Mimno's message of January 7, 1983 still accessible to CSNET Phonenet
sites.
Specifically, we still exchange mail with CMU, MIT and Stanford. To
the best of my knowledge, NYU, Yale and Rochester will only be accessible
at some future date as TCP/IP hosts.
Brendan Reilly
East Coast Relay Liaison
=================
and something slightly different from the period
Date: 22 Nov 1982 10:40:54-PST (Monday)
From: Lynn Wheeler <WHEELER@IBM-SJ>
To: ???@mit-ai
Subject: IBM CSNET background info
following append is background info on IBM CSNET:
Welcome to CSNET! The link is still experimental. Delivery seems to
be certain, but may be delayed for a day or so sometimes. I thought
it more important to make this link available as early as possible
instead of having everything perfect.
Mail can be sent to CSNET using the MAIL EXEC. The exec gets
information about you from PROFILE MAIL, so please edit this file
to customize it for you. The MAIL EXEC should NOT be edited.
Invoke the MAIL exec by simply typing 'mail'. It will ask you for the
To:, Subject:, and CC: (optional) fields. It will pick a number <n>
that's not in use on your disk and save the message as
P<userid>.MAIL<n>. Enter the body of the message (end by hitting
ENTER twice), then exit from XEDIT or RED by saying FILE. The exec
will ask you if you want to submit the mail, and send it to IBMCSNET
if you do.
The exec requires that you have REX installed (do REX I), and uses the
XEDIT or RED editor. If you make any changes to improve this exec,
please initial them in a comment and send the exec back to me.
The MAIL EXEC saves your mail message as the file P<name>.MAIL<n>,
where n is some number that doesn't conflict with previous messages
that you have on your disk. If you want it to pick a different <n>,
or a free <n> larger than some number, just call the MAIL exec with
that number as a parameter (e.g., 'MAIL 11').
Received mail will be sent to your reader as files with name
L<time-stamp>.MAIL. When you read them in with RD or VRDR, they will
automatically be added to your mail log. The "L" stands for Local
mail, and the "P" in outgoing mail stands for POBox mail, i.e. mail
going to the "P.O. boxes" in the CSNET relay. Please send a short
acknowledgement to IBMCSNET when you have successfully received a
message, so I can delete it from the disk. This will later be
automated as well.
Addresses are formed in the following way: If your userid is on
SJRLVM1, then your address is <userid>@IBM-SJ. If you are on some
other machine in San Jose, your address is <userid>.<nodeid>@IBM-SJ,
and if you are at some other location use <userid>.<nodeid>@IBM. IBM
and IBM-SJ are synonyms right now, but may not be so in the future,
hence the distinction. Alternately, if you have an alias in NAMES
RMSG on the SJRLVM1 system disk, people may send mail to you also at
address <alias>@IBM-SJ. In outgoing mail, you actual userid will appear.
I will NOT administer any additions to NAMES RMSG during this try-out
period.
The address as formed above is a valid CSNET address. When you send
a message to the Arpanet, any address in the message header of the form
<anystring>@<csnet-host> will be automatically converted to the form
that has to be used when sending a message to you from the Arpanet,
namely: <anystring>.<csnet-host>@UDel-Relay. This conversion will
NOT be made for addresses contained in the text.
Do not send any classified material on this network. If you
correspond with anyone connected with a competitor, you should
probably send him/her a message explaining that anything he sends will
be considered non-proprietary. A permanent record will exist of all
messages that enter or exit the network, containg sender and
recipient, the length of the message, and the time it was
sent/received. In addition, the content of messages can be inspected
at any time by an auditor. During the trial-out period messages will
to some extent be handled manually by me, so you might want to avoid
information of a personal nature (which you might want to avoid
anyway, since messages may be viewed by network administrators in
several places).
Send all mail and acknowledgements to SJRLVM1(IBMCSNET), but send
comments and questions to SJRLVM1(?????).
P.S. You can test the connection out by sending a message to yourself.
It will be sent to the relay and returned at the next poll. The
relay polls three times a day, at 3pm, 8 pm, and 2 am. I may get to us
anywhere between 0-2 hours after this start time, depending on load.
Let me know if you have any problems, and remember: Be understanding!
... snip ... top of post, old email index
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main
Date: Sun, 15 Dec 2002 18:40:36 GMT
oldtimer@WANADOO.FR (Bruno Sugliani) writes:
Well hear it a third time ...This ucode is very much VM like
When a CE needed to take a dump or do whatever in the ucode
after strange HW failure ,
he was using things like I CMS or logon whatever once in some fancy
pe or ce mode .
It looked very much like VM to a lot of people .
But you never know .
Bruno
note that SIE ... for 3081/XA was enhanced virtual machine microcode
assist for VM. pr/sm is further extension of that for what VM called
V=R mode (aka the virtual machine didn't page) ... the version on
amdahl machines was called something else(?). come 3090 ... the
service processor was actually a pair of 4361s running a heavily
modified version of vm/370 release 6 ... and all the service
panels/menus were written in ios3270 running under cms.
LPARS was a minior extension of pr/sm ... not actually requiring the
VM operating system to be present with a limited set of specific
options.
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Music to craft code by ...
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 18:33:44 GMT
researchers find brain center of music appreication
http://www.cnn.com/2002/HEALTH/12/13/music.brain.ap/index.html
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Beyond 8+3 ...
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 19:58:43 GMT
lars@bearnip.com (Lars Duening) writes:
Make it generic: arbitrary searchable attributes, some of which are
predefined by the system: one to store the mime-type of the file, and
for applications another one to store the types of files it accepts.
IEEE metadata working group has been wrestling with these issues
for some time ... initially from the standpoint of hiearchical storage systems
.... but sizes of disks are now larger than earlier tape library sizes ...
so there is much more dense forest of file & data objects. misc refs:
http://www.llnl.gov/liv_comp/metadata/md97.html
http://www.computer.org/conferences/meta96/meta_home.html
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: cost of crossing kernel/user boundary
Newsgroups: comp.arch
Date: Sun, 15 Dec 2002 20:24:25 GMT
Oliver Dain writes:
Thanks for the response. This still doesn't seem like it should take too
much time. "locking the CPU" involves disabling interrupts. Is there
anything else involved there. If not, disabling interrupts generally
involves setting some bits in a register which should be cheap. (If we've
got multiple CPUs some other work needs to be done, but lets ignore that
for now)
Now since we've got 1 routine handling everything we've got to look up the
routine we really want from a vector or something and then call it, but
this still seems pretty cheap. A total cost (including disabling
interrupts) of less than 20 instructions I would think. This is much less
than the cost typically attributed to a user/kernal mode switch (several
thousand clock cycles or more is the type of number I've heard).
What am I missing? Do some of these instructions (e.g. changing the
protection level) take a very long time to execute?
Thanks.
because of various machine issues ... frequently disabling for
interrupts and changing machine state will drain/serialize the
processor. then because it is a generalized interrupt routine
... there is a lot of saving state of the application program followed
by loading kernel state. then ere is some amount of generalized decode
of what was the application program status at the time of the kernel
call ... then generalized decode of the kernel call parameters
... then generalized decode deciding if the application is allowed to
request the desired activity.
attempting to address this stuff in hardware, try the whole access
register stuff. it somewhat started out as
1) some of the 3033 cross-memory stuff ... which was a solution to
running out of addressability with both kernel & application resident
in the same 16mbyte address space (originally data)
2) moving system services library code resident in application space
to different address space and some limited changes in privileges (w/o
having to go all the way to kernel mode) ... effectively trying to
have some of the efficiencies of subroutine library call with some
of the things that happen for change of privileges that come with
a kernel call
3) high cost of forcing things thru single/common kernel interrupt
structure
misc past cross-memory &/or access register postings (in the foloowing
there are some URL pointers to access register detailed implementation
description in POP):
http://www.garlic.com/~lynn/98.html#11 S/360 operating systems geneaology
http://www.garlic.com/~lynn/98.html#36 What is MVS/ESA?
http://www.garlic.com/~lynn/2000c.html#35 What level of computer is needed for a computer to Love?
http://www.garlic.com/~lynn/2000c.html#83 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000c.html#84 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000d.html#28 RS/6000 vs. System/390 architecture?
http://www.garlic.com/~lynn/2000e.html#57 Why not an IBM zSeries workstation?
http://www.garlic.com/~lynn/2000g.html#28 Could CDR-coding be on the way back?
http://www.garlic.com/~lynn/2001d.html#28 Very CISC Instuctions (Was: why the machine word size ...)
http://www.garlic.com/~lynn/2001d.html#30 Very CISC Instuctions (Was: why the machine word size ...)
http://www.garlic.com/~lynn/2001h.html#73 Most complex instructions
http://www.garlic.com/~lynn/2001k.html#16 Minimalist design (was Re: Parity - why even or odd)
http://www.garlic.com/~lynn/2002d.html#51 Hardest Mistake in Comp Arch to Fix
http://www.garlic.com/~lynn/2002g.html#5 Black magic in POWER5
http://www.garlic.com/~lynn/2002g.html#17 Black magic in POWER5
http://www.garlic.com/~lynn/2002h.html#21 PowerPC Mainframe
http://www.garlic.com/~lynn/2002l.html#57 Handling variable page sizes?
includes url pointer to pop ... plus table of contents of some of the factilities
http://www.garlic.com/~lynn/2002n.html#74 Everything you wanted to know about z900 from IBM
--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 00:35:30 GMT
jcewing@ACM.ORG (Joel C. Ewing) writes:
The performance concern was one of doing virtual memory paging at
multiple levels. The VM-defined memory for a virtual machine is virtual
memory, and VM manages page frames for the virtual machine with paging
to/from VM-owned auxiliary DASD. If the operating system running in the
virtual machine, which thinks it has real memory, has its own concept of
virtual memory as well, then you end up with paging at two different
levels, sometimes working at cross purposes, and always with higher
overhead than a single-level memory mapping.
LPARs don't have the problem of double paging .... since it is a
variation on V=R support with pr/sm .... which is enhancement of SIE
.... the VM microcode assist. Back with CP/67, all privilege
instructions resulted in an interrupt into the CP kernel where the
instruction was "simulated" according to virtual machine rules
... rather than real machine rules. This continued into VM/370 ... all
privilege instructions interrupted into the CP kernel for simulation.
Starting with 370/158 & 370/168 there was microcode enhancement called
VM-assist ... that specific setting in control register put the
machine in virtual machine mode ... and certain "supervisor"
instructions had the additional microcode changes so that they would
be executed in either real-machine mode or virtual-machine mode. Also
in the same time-frame ... the 370/148 got both VM-assist microcode
enhancements as well as an extended set of processor instructions that
implemented parts of the CP kernel.
The 158 & 168 machines were horizontal microcode instructions
... where thruput was typically measured in avg. 370 instruction per
machine cycle. An example was that in the transition from 165 to the
168 they manage to drop the avg. 370 instructions per machine cycle
from 2.1 to 1.6. The low & mid range 370s were verticle microcode
machines ... their programming is much more like current
microprocessors and they were rated in avg. number of microcode
instructions per 370 instruction which ran about ten. Basically for
the 148 ... in addition to the VM-assist type things done for 158/168
(certain privilege instructions were given microcode that implemented
both real machine & virtual machine modes) ... certain CP kernel code
sequences were dropped into microcode (typically on a byte-for-byte
basis with a ten to one performance speed-up). The CP kernel then
had new "B2" opcodes inserted it it which would invoke the new kind
of microcode operations