List of Archived Posts

2002 Newsgroup Postings (12/06 - 12/18)

Newsgroup cliques?
Defeating telemarketers
IBM OS source code
IBM OS source code
Running z/VM 4.3 in LPAR & guest v-r or v=f
IBM 029 predecessor--1050 communications
unix permissions
myths about Multics
Sci Fi again
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Multics on emulated systems?
Multics on emulated systems?
Multics on emulated systems?
myths about Multics
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Cirtificate Authorities 'CAs', how curruptable are they to
Cost of computing in 1958?
I'll see your deep-fried mars-bar
I'll see your deep-fried mars-bar
Cirtificate Authorities 'CAs', how curruptable are they to
Secure you PC or get kicked off the net?
Western Union data communications?
Vector display systems
Sci Fi again
Western Union data communications?
Western Union data communications?
Western Union data communications?
VSE (Was: Re: Refusal to change was Re: LE and COBOL)
I'll see your deep-fried mars-bar
January 7, 2003: "25 years of Hennessy & Patterson" PARC
Newbie: Two quesions about mainframes
20th anniversary of the internet (fwd)
20th anniversary of the internet (fwd)
Linux paging
Music to craft code by
Beyond 8+3
cost of crossing kernel/user boundary
Linux paging
Linux paging
Linux paging
Linux paging
Linux paging
Linux paging
Cirtificate Authorities 'CAs', how curruptable are they to
Linux paging
Cirtificate Authorities 'CAs', how curruptable are they to
Free Desktop Cyber emulation on PC before Christmas
Newbie: Two quesions about mainframes
Running z/VM 4.3 in LPAR & guest v-r or v=f
cost of crossing kernel/user boundary
Cirtificate Authorities 'CAs', how curruptable are they
AMP vs SMP
AMP vs SMP
20th Anniversary Of The Internet
20th anniversary of the internet (fwd)
cost of crossing kernel/user boundary
Newbie: Two quesions about mainframes
cost of crossing kernel/user boundary

Newsgroup cliques?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Newsgroup cliques?
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 14:15:48 GMT
Anne & Lynn Wheeler writes:
one of the first half dozen or so (university) sales situations that i got called into (after going to cambridge) involved 370/145 against a sigma/7.

it was univ. of idaho in moscow, idaho (long ways from cambridge).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Defeating telemarketers

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Defeating telemarketers
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 15:54:10 GMT
somewhat related:

FTC moves to ease telemarketing calls

http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,76442,00.html

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

IBM OS source code

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: IBM OS source code
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 20:51:45 GMT
possibly of some interest ... answer to (email) question regarding operating source code availability:

all of cp/67 ... and all of vm/370 was delivered in machine readable source code ... and system could be built from the machine readable source code. this was up thru at least the late '70s. there was a large university (and other technician) community that created a large body of source code modifications and collected in "VMSHARE". Waterloo university managed the library of source code and distribution (60s and 70s had much less network connectivity .... so distribution was typically on some physical media like 9track tape). At one point there was an estimate that there was a much source code on the vmshare/waterloo tape as on the base product tape.

For some of the other IBM operating systems it wasn't quite so clean cut. They tended to have a much more complex source management and distribution system. Typically customers got a machine readible tape of the listings of the assembler/compiler ... but not machine readable of the actual source build. There was also readily available microfiche of the source listings (output of assembler/compiler) ... typically for debugging and binary patch fixes ... but it was less common to have all the source and libraries necessary to do a system build from scratch.

This all started to change with the antitrust case against ibm and with the ibm unbundling announcement june 23rd, 1969. After that point ... basic operating system components were still viewed as basically bundled ... but other components represented independent intellectual property. Things continued to change thru the '70s ... especially with the advent of mainframe clones in the mid-70s. The issue of operating system source code then started to become more and more proprietary because 1) operating system components weren't being charged for, 2) freely available source code was allowing other vendors to take and modify it ... with no visible corporate benefit (except to the competition), 3) the source code easily represented investment that ran to the hundreds of millions of dollars.

The late 70s and early 80s saw lots of user group discussions about the transition to the policy of OCO (object code only) ... the corporation attempting to protect investments that in aggregate ran to tens of billions of dollars.

in addition to waterloo university supporting vm source library ... tymshare corporation provided support for online vmshare discussions (and later pcshare). these have been collected, archived and online at:
http://vm.marist.edu/~vmshare/

for additional background ... try searching the vmshare archives for OCO, object code only, object-code-only, etc. .... which represented the transition away from source availability.

..... end

also during the 70s ... VM/370 shipped a monthly "PLC" tape (basically bug fixes and sometimes new function). The PLC tape included both the changed binaries as well as the incremental source code change files. Customers could either rebuild their system from the originally distributed binaries plus the latest PLC binaries (PLC contained accumulated changes of all PLC tapes since the original base release). Customers also had the option of rebuilding all or some subset using the incremental PLC source updates (also accumulated) plus the original source distribution.

misc. side note ... CP/67 & VM/370 source control system was in form of "updates" ... base source file plus list of incremental update files were combined prior to assembly/compile. Most people are more familiar with the RCS/CVS that keeps the latest source file and effectively "downdates" that can regress changes. The CP orientation was that base source and appropriate source change (sort-of diff like) files were combined on the fly. discussion of the CMS update command:
http://www.garlic.com/~lynn/2002n.html#39 CMS update

when I did the resource manager as a separate product in the mid-70s, they told me it was going to be the first "charged for" operating system code (aka guinea pig) ... and i got to spend six months on and off with the business people inventing the methodologies for operating system code pricing.

they also wanted me to ship on the same monthly PLC schedule as the base product. However, I convinced them to let me do at three month intervals rather than monthly intervals. Part of the reason was that in addition to standard integrity stress testing ... I would also redo performance regression tests that i used for the original product validation (aka not only validate that system wouldn't fail because of changes ... but also that performance & thruput weren't affected by changes). A customer could build a system with a combination of the resource manager distribution binaries and the base system distribution binaries. They could also rebuild from source using combination of the resource manager distribution PLC tape files, resource manager distribution base distribution, base product distribution PLC tape files, base product distribution files. misc. stuff related to resource manager,
http://www.garlic.com/~lynn/2001e.html#45 VM/370 Resource Manager

somewhat related postings regarding benchmarking, workload proifiling, capacity planning, etc
http://www.garlic.com/~lynn/submain.html#bench

and there was also the issue that I was nominally doing full time research at the science center and the Resource Manager product was more like a hobby ... and i had to somewhat beg time to provide product support, product release regression testing, etc.

as an aside ... one of the drivers for expanded use of (portable) UNIX in the '80s was that the (hardware) cost of building computing systems (of various types) was starting to significantly decrease; however the cost of creating proprietary operating system software hadn't similarly come down. A relatively quickly portable operating system was a huge investment avoidance that made possible the economics for some of the new system product offerings in the 80s.

some past threads with mention of OCO:
http://www.garlic.com/~lynn/94.html#11 REXX
http://www.garlic.com/~lynn/2000b.html#32 20th March 2000
http://www.garlic.com/~lynn/2001e.html#6 Blame it all on Microsoft
http://www.garlic.com/~lynn/2001n.html#11 OCO
http://www.garlic.com/~lynn/2002c.html#4 Did Intel Bite Off More Than It Can Chew?

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

IBM OS source code

Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM OS source code
Newsgroups: alt.folklore.computers
Date: Fri, 06 Dec 2002 21:53:41 GMT
Anne & Lynn Wheeler writes:
in addition to waterloo university supporting vm source library ... tymshare corporation provided support for online vmshare discussions (and later pcshare). these have been collected, archived and online at:
http://vm.marist.edu/~vmshare/

for additional background ... try searching the vmshare archives for OCO, object code only, object-code-only, etc. .... which represented the transition away from source availability.


one of the items broguht up doing a search on OCO is
http://vm.marist.edu/~vmshare/read?fn=VMSHIST&ft=NOTE&line=1

attach from above:
Browse entire NOTE VMSHIST 5/15/89 21:19:21

An Examination of the impacts of VMSHARE on individuals, VM community & Society

Thanks so far for both the public appends I've been receiving in addition to the private mail. Just to develop some of my ideas further I've included some notes I've made in which I examine VMSHARE against a set of criteria used in assessing the impacts of computer based conferencing. I'd appreciate and enjoy very much if you have any observations, disagreements or comments you'd care to make.

Kerr and Hiltz (1980) reported on a survey they carried out in conjunction with experts in the field of computer based conferencing. This survey was designed to examine what the impacts of computer-mediated conferencing would be and how this related to the overall impact of the computer on the way we live.

An impact in this context is defined as outcomes, effects or consequences. Kerr and Hiltz further defined impacts into levels and types and then hypothesized various effects that they felt were intuitively held or could be found in the various literature. The levels defined were: individual, group and societal. The types within each of these levels were: cognitive, affective, and behavioural


... snip

besides the survey
http://www.garlic.com/~lynn/2001l.html#61 MVS History (all parts)
mentioned in
http://www.garlic.com/~lynn/2002o.html#75 They Got Mail: Not-So-Fond Farewells
part of the thread
http://www.garlic.com/~lynn/2002o.html#73 They Got Mail: Not-So-Fond Farewells
and
http://www.garlic.com/~lynn/2002k.html#39 Vnet: Unbelievable

hiltz and turoff were also brought in as consultants to do some detailed study of the phenomena. there was also in depth study that resulted in a stanford phd thesis; misc. refs:
http://www.garlic.com/~lynn/2002e.html#37 Would the value of knowledge and information be transferred or shared accurately across the different culture??????
http://www.garlic.com/~lynn/2002l.html#54 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/subnetwork.html#cmc

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Running z/VM 4.3 in LPAR & guest v-r or v=f

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Running z/VM 4.3 in LPAR & guest v-r or v=f
Newsgroups: bit.listserv.vmesa-l
Date: Sat, 7 Dec 2002 08:46:36 -0700
At 12:01 AM 12/7/2002 -0600, wrote:
I don't have any recent experience running MVS guests (none running OS/390 guests) but in a previous life I supported the IBM education systems and we ran lots of MVS guests. My experience was to minimize the amount of paging that CP needs to do in support of the guests. Let MVS handle it's own paging as much as possible. Otherwise if CP is handling a page fault for MVS, the entire machine is non-dispatachable. If you let MVS do it's own paging, it will just dispatch something else when it needs to do page i/o. Do this by making the OS/390 virtual machine size smaller than you might normally do to minimize the likelihood of CP having to do it's paging. MVS is a very capable operating system. Let it decide what to page in/out. Jim Bohnsack

there is also an issue if situation becomes such that both MVS & VM are paging (i.e. MVS setup for VM paging and then workload increasing so that MVS is also paging) which results in extremely bad pathological situation.

Basically both are using a page replacement algorithm that attempts to approximate LRU/least recently used. This is based on the assumption that the least recently used page has a high probability of continue to not be used ... and therefor is the best candidate to be replaced/removed.

When you operate an LRU infrastructure (virtual memory guest, database cache management, etc) the virtual subsystem characteristics can start to appear to violate LRU algorithm assumptions. The virtual guest (mvs, another vm, any cache manager, etc) will look around for a storage page that is not being used (LRU) and put the next page to be used in that slot). Now if the first level VM is also paging ... it will also tend to select the same not used page to be page-out. The situation can become very pathological where the page that VM is paging out is exactly the page that the virtual guest is most likely to use next.

A guest that implements a LRU replacement algorithm can start to exhibit behavior that looks more like MRU (i.e. the first level VM might be better off selecting the most recently used page for replacement ... rather than the least recently used page). Actually it is more bimodel ... a virtual guest that is doing paging with a LRU page replacement algorithm ... will have a strong tendency to use the most recently used pages and the least recently used pages .... and the pages "in the middle" (between the two extremes) are the most likely to not be used in the near future (aka the page replacement algorithm is attempting to infer the future page reference pattern based on past page reference use).

--
Anne & Lynn Wheeler lynn@garlic.com, http://www.garlic.com/~lynn/

IBM 029 predecessor--1050 communications

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IBM 029 predecessor--1050 communications
Newsgroups: alt.folklore.computers
Date: Sun, 08 Dec 2002 14:38:34 GMT
hancock4@bbs.cpcn.com (Jeff Nor Lisa) writes:
In the 1963 IBM "Machine Functions" booklet, they have the "1050 Data Communciations System". One of the units looks like an 029 keypunch (NOT the older 026), but part of it (where the card was punched) is covered with a solid plate. The typewriter in this system also looks modern, like a Selectric.

There is no mention of S/360 in this booklet; 360 came out in 1964. But it's interesting how they had the lines of the 029--the rectangular look instead of older rounded look--available already for machines.


there was the 1052mod7 ... which was the operator's terminal on 360s ... and can be seen in most pictures of the front of any 360.

communicating 1052 could come with various attachments ... including paper tape punch/reader.

misc. prev. mentions of 1052:
http://www.garlic.com/~lynn/96.html#4a John Hartmann's Birthday Party
http://www.garlic.com/~lynn/96.html#9 cics
http://www.garlic.com/~lynn/96.html#12 IBM song
http://www.garlic.com/~lynn/96.html#30 interdata and perkin/elmer
http://www.garlic.com/~lynn/96.html#37 interdata & perkin/elmer machines
http://www.garlic.com/~lynn/96.html#39 Mainframes & Unix
http://www.garlic.com/~lynn/97.html#22 Pre S/360 IBM Operating Systems?
http://www.garlic.com/~lynn/98.html#32 Drive letters
http://www.garlic.com/~lynn/2000b.html#49 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2001.html#3 First video terminal?
http://www.garlic.com/~lynn/2001.html#15 IBM Model Numbers (was: First video terminal?)
http://www.garlic.com/~lynn/2001.html#17 IBM 1142 reader/punch (Re: First video terminal?)
http://www.garlic.com/~lynn/2001c.html#15 OS/360 (was LINUS for S/390)
http://www.garlic.com/~lynn/2001f.html#64 Converting Bitmap images
http://www.garlic.com/~lynn/2001f.html#78 HMC . . . does anyone out there like it ?
http://www.garlic.com/~lynn/2001g.html#32 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001i.html#30 IBM OS Timeline?
http://www.garlic.com/~lynn/2001i.html#34 IBM OS Timeline?
http://www.garlic.com/~lynn/2002d.html#30 Mainframers: Take back the light (spotlight, that is)
http://www.garlic.com/~lynn/2002j.html#16 Ever inflicted revenge on hardware ?
http://www.garlic.com/~lynn/2002l.html#55 The problem with installable operating systems
http://www.garlic.com/~lynn/2002o.html#21 IBM Selectric as printer

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

unix permissions

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: unix permissions
Newsgroups: alt.folklore.computers
Date: Sun, 08 Dec 2002 15:08:53 GMT
Charles Shannon Hendrix writes:
It's great the Multicians have this information out there, but I really, really wish there were a Multics system running that people could access.

I know schools no longer seem to care, but I really think a new system with some of the ideas of Multics and UNIX together would be very useful. There are so many mistakes in current systems that Multicians were working on fixing back then.

As an aside, has anyone ever written up a specific answer to this question: why did the Air Force drop its research project on system security after the Multics security paper was released?

I was reading IBM's re-release of that document and associated commentary, which is pretty good reading, but they only mentioned the project stopping, not why.


the multics people could give all sorts of answers. note however, that multics wasn't exactly getting mainstream support from ge/honywell/bull (in that sense it was somewhat like the treatment of cp/67 and vm/370 ... although cp/67 & vm/370 had significantly larger customer base and vm/370 ran on same exact mainframe hardware as the rest of the mainstream ibm virtual storage systems).

both cp/67 and vm/370 saw a number of deployments in business critical sensitive operations. misc. previous refs:
http://www.garlic.com/~lynn/2001m.html#12 Multics Nostalgia
http://www.garlic.com/~lynn/2001m.html#15 departmental servers
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from the Multics Security Evaluation

specifically on the subject of buffer overflow (also past thread of how cots systems make society vulnerable
http://www.garlic.com/~lynn/2002l.html#45 Thirty Years Later: Lessons from the Multics Security Evaluation

other discussions of buffer overflow
http://www.garlic.com/~lynn/99.html#70 Series/1 as NCP (was: Re: System/1 ?)
http://www.garlic.com/~lynn/99.html#85 Perfect Code
http://www.garlic.com/~lynn/99.html#163 IBM Assembler 101
http://www.garlic.com/~lynn/99.html#219 Study says buffer overflow is most common security bug

and my favorite air force thread drift:
http://www.garlic.com/~lynn/subtopic.html#boyd

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

myths about Multics

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: myths about Multics
Newsgroups: alt.os.multics
Date: Sun, 08 Dec 2002 15:25:27 GMT
Andi Kleen writes:
Early IBM OS shipped with source code, until they went over to a "OCO" (object code only) policy in the 70ies.

lots of (ibm) source code continued to ship (as licensed products) well thru the 80s ... well past the advent of OCO. The earlier source code in the 60s was basically "free". starting after the unbundling announcement of 6/23/1969 (pretty much in reaction to gov. steps) ... they started putting copyright notices in the header of every source file.

recent postings on "IBM OS source code"
http://www.garlic.com/~lynn/2002p.html#2 IBM OS source code

in '88 there were still some stuff in transition from source maintained (i.e. licensed distributed source) to OCO.
http://vm.marist.edu/~vmshare/read?fn=VMWKABS8&ft=NOTE&line=1

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Sci Fi again

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Sci Fi again
Newsgroups: alt.folklore.computers
Date: Sun, 08 Dec 2002 15:44:43 GMT
eugene@cse.ucsc.edu (Eugene Miya) writes:
Well Hardware Wars was pretty funny to Star Wars. And we cannot in this group forget DEC Wars. And Bobby Pickett did Star Dreck.

misc. ref to dec wars
http://www.garlic.com/~lynn/2001f.html#39 Ancient computer humor - DEC WARS>

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
 getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 00:49:13 GMT
"Odin" writes:
But the CA never gets the individual's private key. They get the public key, so what is the problem?

what kind of exploit are you looking at?

in a certificate credential world .... the CA issues a certificate in your name to some other person (aka traditional identity theft). They don't need your private key ... they just need a certificate that says they are you with any public key ... which they happen to have the private key for.

At a corporate level ... this is something of the issue with SSL domain name certificates. CAs nominally aren't the authoritative agency for the information certified in the certificate ... aka a CA typically checks with the agency responsible for the information as part of the certification process. If the authoritative agency says that it is ok, then a CA goes ahead and issues a certified certificate with the information they checked on. Just because information is in a certificate or on a driver's license doesn't make it magically perfect/true.

In the case of identity theft ... enuf information is acquired that allows them to get credentials in your name (whether it is a certificate or some other kind of credential).

In the case of SSL domain name server certificate ... it is actually something of a catch-22. One of the prime justifications for the whole SSL infrastructure with SSL domain name server certificates ... is because of integrity concerns with regard to the domain name infrastructure. However, the domain name infrastructure is the authoritative agency for domain names, aka when somebody applies to a CA for a SSL domain name server certificate ... the CA must check with the authoritative agency (the domain name infrastructure) as to the true owner of the domain name. If the domain name infrastructure has been compromised ... then it could be possible for people to fraudulently obtain an SSL domain name server certificate ... with their own key (since CAs rely on the domain name infrastructure as to the true owner of the domain name).

Now there are proposals to improve the integrity of the domain name infrastructure ... in large part so that CAs can better trust the integrity of the domain name infrastructure as to the information they certify in an SSL domain name server certificate. However, improving the integrity of the domain name infrastructure for CAs ... actually improves the domain name infrastructure for everybody ... lessoning the justification for wanting to have SSL domain name server certifications.

random refs:
http://www.garlic.com/~lynn/subintegrity.html#fraud
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
 getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 15:56:24 GMT
Henrick Hellström writes:
This is not a sound argument. I sincerely doubt most of the major CAs do a simple DNS query just like any webbrowser when they are validating a Server Certificate Request. They probably either pick up the phone and talk to someone at the domain name registration office in person, or use some other kind of relatively secure communication with the registrar.

It is far more likely that some web browser would get the wrong result from a DNS query, than a major CAs validation process for a Server Certificate Request would fail.


... i'm talking about some of the domain name take-over exploits (again akin to identity theft) ... where somebody has managed to fraudulently get the "registration office" to update the primary database pointing to some other entity (in some cases a purely "front" operation). this has been reported in the press in the past.

once the primary database has been updated to point at the "front" entity ... they can obtain a certificate ... since the CA has to rely on the domain name infrastructure registration infrastructure.

some of the proposals to make this much less likely/possible (on behalf of the CA industry) ... as stated in the original posting ... go a long way to improving the integrity of the domain name infrastructure for everybody ... and also mitigating much of the need for having SSL domain name certificates in the first place.

http://www.garlic.com/~lynn/subpubkey.html#sslcerts

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 17:27:26 GMT
ref:
http://www.garlic.com/~lynn/2002p.html#9 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#10 Cirtificate Authorities 'CAs', how curruptable are they to

so one of the proposals that has been put forward (by certification authority industry?) is that when somebody registers their domain name, they also register a public key. further communication with the domain name infrastructure by the domain name owner is done with digitally signed messages. this has the objective of removing some of the domain name take-over scenarios and raising the bar for various kinds of fraud.

now it also has an interesting sidelight that the proposal to improve the integrity of certificate-based PKI is based on implementing a certificate-less PKI ... aka aads:
http://www.garlic.com/~lynn/x959.html#aads

now another sidelight of this ... is the current domain name infrastructures already support generalized real-time information distribution (aka in addition to get binding between domain name and ip address ... the implementation also supports being able to get various other kinds of bindings). That opens up the gate so that domain name infrastructure could be used for not only distributing trusted ip-addresses but also for real-time trusted distribution of public keys (as an alternative to the stale, redundant, and superfluous method done via certificate-based PKI).

now if i can get both the ip-address and public key in a single transaction from the domain name infrastructure .... it is very close to being able to do SSL in a single round trip (i.e. piggy-back SSL selection options, encrypted session key, encrypted session data all in a single transmission). If the receiving server supports the defaulted selected SSL options ... then the SSL session is effectively setup at that moment ... and the server can respond. If this is transaction oriented ... it would be possible to then piggy back the session tear down in that single response transmission. The whole thing done in single transmission round-trip (slightly discounting the set-up/tear-down packet exchange round trips for base TCP).

So, the possible glitch here is mismatch in selected SSL options between the server and the client's selection. If this becames a significant issue for some servers ... then they could register their (possibly non-standard) SSL options along with the ip-address and the public key. The client can now get the ip-address and public key along with optional server SSL supported options ... in their single domain name lookup requests. The client then has real time information as to the server's ip-address, pubkic key, and supported SSL options all before even initiating the contact with the server. Encapsulated, piggy-backing of all necessary information that would occur in the existing SSL setup world but w/o certificates and w/o all the SSL protocol chatter.

http://www.garlic.com/~lynn/subpubkey.html#sslcerts

misc. past posts on minimal round-trip setup/teardonw protocol:
http://www.garlic.com/~lynn/99.html#0 Early tcp development?
http://www.garlic.com/~lynn/99.html#115 What is the use of OSI Reference Model?
http://www.garlic.com/~lynn/2000b.html#1 "Mainframe" Usage
http://www.garlic.com/~lynn/2000b.html#9 "Mainframe" Usage
http://www.garlic.com/~lynn/2000c.html#52 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2001b.html#57 I am fed up!
http://www.garlic.com/~lynn/2001e.html#24 Pre ARPAnet email?
http://www.garlic.com/~lynn/2001n.html#15 Replace SNA communication to host with something else
http://www.garlic.com/~lynn/2002.html#3 The demise of compaq
http://www.garlic.com/~lynn/2002g.html#50 Why did OSI fail compared with TCP-IP?
http://www.garlic.com/~lynn/2002k.html#31 general networking is: DEC eNet: was Vnet : Unbelievable

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
 nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Sun, 08 Dec 2002 18:07:56 GMT
Henrick Hellström writes:
This is a problem, but not the only way the domain name infrastructure may be compromised.

various of the other methods are addressed by dnssec work
http://www.garlic.com/~lynn/rfcietff.htm

at RFCs listed by click on Term (term->RFC#)

and in the Acronym fastpath click on "DNSSEC"

from above:
domain name system security (DNSSEC )
see also domain name system , security
3226 3225 3130 3110 3090 3008 3007 2931 2930 2845 2541 2540 2539 2538 2537 2536 2535 2137 206


my previous comments in thread
http://www.garlic.com/~lynn/2002p.html#11 Cirtificate Authorities 'CAs', how curruptable are they to

was highlighting the irony that various fixes to the domain name infrastructure in support of the certification authority industry ... plants the seeds for eliminating needing ssl domain name server certificates at all.

http://www.garlic.com/~lynn/subpubkey.html#sslcerts

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Multics on emulated systems?

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Multics on emulated systems?
Newsgroups: alt.os.multics,alt.folklore.computers
Date: Sun, 08 Dec 2002 17:52:35 GMT
Christopher Browne writes:
For Domain/OS to be "inspired by" MULTICS is quite different from being "based on" MULTICS.

throw in at least prime and stratus also. from multics page
http://www.multicians.org/general.html

from above:
1.4.3. Primos

Prime's Primos operating system shows a strong Multics influence. Bill Poduska worked on Multics at MIT before founding Prime, and several other senior Multicians worked at Prime. Poduska referred to Primos as "Multics in a shoebox."

1.4.4. VOS

Stratus's VOS operating system shows a strong Multics influence. Bob Freiburghouse, former Multics languages manager, was one of the founders of Stratus; many Multicians are still Stratus employees. (Stratus is now called Stratus Technologies.)

1.4.5. Apollo Domain

Bill Poduska went on from Prime to help found Apollo, and Domain was known as "Multics in a Matchbox." Apollo's OS shows strong Multics influence. For instance, the basic access to stuff on disk is via a single-level store directly based on Multics. Supposedly some of the motivation for the object-store style of file system came from Multics too. [Frederick Roeber] [Jerry Saltzer adds:] In addition, it uses a shared memory model, despite being distributed across a network. If that isn't Multics influence, I don't know what is.

1.4.6. NTT DIPS

NTT undertook a massive effort to clone Multics, which led to their DIPS (Denden Information Processing System) series of mainframes. DIPS machines are still in widespread use in Japan today by NTT, but everyone agrees that they are going away. I believe that Intermetrics developed the DIPS PL/I compiler for NTT. [Carl Hoffman]

DIPS was an operating system developed by NTT and running on IBM S/370 clone machines built by Hitachi, Fujitsu and NEC. Sure, it was inspired by Multics, but was not a clone, or you would call every multi-user machine built after 1970 a Multics clone. [Jean Bellec]

1.4.7. Amber

Multics also influenced Amber, the operating system produced by the S-1 project at Livermore between 1979 and 1986 or so. The original Amber group was familiar with Multics as users - the original development work was done on MIT-Multics - but I don't believe it included anyone who'd actually worked on the Multics kernel itself.

The most important Multics influences were writing the operating system in a high-level language, the single-level storage system, and an emphasis on security, although rings were not present on the last generation of S-1 machine. Amber was heavily influenced by critiques of Multics such as the Multics Kernel Redesign Project. In its later years, Amber made serious strides toward machine independence.

The developers hoped to make it "Multics done better," as reported in a DATAMATION article. Jeff Broughton co- wrote the compiler for the Pastel language used for Amber. [Jay Pattin]

1.4.8. GEMSOS

The Gemini GEMSOS secure operating system for the Intel architecture was developed by Roger Schell to support a Multics-style segmented environment in a system designed to meet A1 security requirements. [Paul Karger]


--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Multics on emulated systems?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Multics on emulated systems?
Newsgroups: alt.os.multics,alt.folklore.computers
Date: Sun, 08 Dec 2002 21:35:45 GMT
Anne & Lynn Wheeler writes:
throw in at least prime and stratus also. from multics page
http://www.multicians.org/general.html


as an aside ... when they shutdown the vm/370 development group in burlington mall (mid-70s) and told everybody that vm/370 was dead and they would have to move to POK to work on an internal only tool (aka VMTOOL, provided XA virtual machines ... but the only purpose was going to be for internal MVS/XA development and would never be released as a pproduct) ... some of the people found their way to DEC working on VMS ... and some others found their way to Prime.

customers eventually did get the company to continue with vm/370 as well as to come out with vm/xa (but some number of the good people wandered away because of the continuous corporate statements about product being dead).

random vmtool postings
http://www.garlic.com/~lynn/2001m.html#38 CMS under MVS
http://www.garlic.com/~lynn/2001m.html#47 TSS/360
http://www.garlic.com/~lynn/2001n.html#67 Hercules etc. IBM not just missing a great opportunity...
http://www.garlic.com/~lynn/2002e.html#27 moving on
http://www.garlic.com/~lynn/2002m.html#9 DOS history question

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Multics on emulated systems?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Multics on emulated systems?
Newsgroups: alt.folklore.computers,alt.os.multics
Date: Mon, 09 Dec 2002 14:57:47 GMT
"Douglas H. Quebbeman" writes:
But: I've also heard a rumour that The Computer History Museum received not only the DOCKMASTER hardware, but its software as well. Lest eyebrows raise everywhere, yes, this seems quite unlikely, and it is only a rumour...

i thot i heard anything that could record (disk, tapes, etc) got degaussed, crushed, shredded, pulverized, and burned/melted.

minor related
http://www.garlic.com/~lynn/2002h.html#30 Multics hardware (was Re: "Soul of a New Machine" Computer?)

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

myths about Multics

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: myths about Multics
Newsgroups: alt.os.multics
Date: Mon, 09 Dec 2002 15:09:52 GMT
haynes@alumni.uark.edu (Jim Haynes) writes:
I was out of the picture after GECOS2, but you could certainly get the source for it. OS/360 came with source until IBM unbundled; in fact you had to have source for some reason. (I don't know what it was, but there were programmers who had to add or patch or do something with source at each release.) Burroughs 5500 and 6500 systems came with source, and in fact you patched source between releases.

os/360 came with microfiche of source listings .... very few components came with machine readable source that could be used to actually rebuild from source; cp/67 & vm/370 ... also at 545 tech sq ... being one of the few. HASP (for os/360) also was an exception.

os/360 maint. tended to be with binary deck (compiled output) replacements and superzaps. zap'ing was selective modification of bytes in a binary deck. It was so common that many programs came with "zap" areas (say 80-256 bytes) in each program. You zap'ed some number of instructions into the zap-area with a return ... and then modified some inline instruction to branch to new instructions in the zap area. In extreme cases, customers might rekey (punch cards) source from the microfiche and compile/assemble

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
 nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 18:45:47 GMT
Christopher Browne writes:
There is some thinking going into this sort of thing, but the current protocols don't offer the ability to tie the PK to domain names.

the current implementation allows almost any generalized information to be "served" with the domain name ... not just IP-address (aka some amount of whois ... runs off the same domain-name database as the ip-address ... you can put almost any kind of information with some tag ... into the domain name database and retrieve it).

in effect the domain name infrastructure is a generalized real-time information distribution system (akin to ldap ... but long before ldap come into existance) which isn't restricted to just ip-address information distribution (aka if you put an ip-address in the database for a domain name ... then that ip-address is tied to the domain name, if you put a phone number in the database for a domain name ... then the phone number is tied to the domain name, etc).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
 nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 18:51:04 GMT
... and the basis of registering the public key in the domain name database is something that the existing certification authorities have come up with as minimizing the ability to do domain name take-over exploits.

the problem is that you can certify a certification authority ... as much as you want ... and it doesn't really mean much if the authoritative agency that the certification authority has to rely on has a lot of vulnerabilities. in fact, there could be a case made that some amount of the certification of certification authorities ... is to distract attention from the fact that the sources of information that they are certifying ... have issues (aka the saying about integrity only be as strong as the weakest link .... have everybody pay attention to the fact that the crypto is very, very secure ... and hopefully they won't notice that there are major issues with the basic information).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
 getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 19:04:49 GMT
Christopher Browne writes:
Well, if we're heading to some-domain.tld, we could always go hit <https://www.some-domain.tld/>, and try to verify whatever certificate we get against whatever certificates we have lying around.

That doesn't establish a generalized protocol for verifying that what's coming through BIND is legitimate via a digital signature.

The point is that for there to be a ubiquitous standard mechanism, there needs to be a standardized mechanism, and it presumably involves modifying EPP/RRP to put digital signatures in at the provisioning level.

If it's not a standard, and isn't being supported, as a standard, by registrars, then it's not a ubiquitous mechanism that can be depended on.


the issue about ssl certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcerts

isn't with the certificates, or the certificate chain, or the root certificate, or public keys or private keys.

the issue with the ssl certificates is how does a certification authority actually know who owns a domain. this is basically recorded in the domain name database(s) owned by the domain name infrastructure. A certification authority has to rely on the authoritative agency was to who actually owns the domain name (that authoritative agency is the domain name infrastructure).

again the integrity of the infrastructure is only as strong as its weakest link. why attack the crypto ... when there are possibly a zillion simpler things to attack.

so one suggestion from the certification authority industry to help improve the integrity of the domain name infrastructure ... and the information recorded in the domain name database(s) is to have a public key recorded in that database at the same time the domain name is registered. in some sense it can be like those "TIP" reporting programs where you tear a dollar bill in half and send in one half. You don't subseqently have to proove who you are ... you just need to be able to proove that you are the person that sent in the tip (and the other half of the dollar bill). In this case, you proove that you are the person that registered the database by signing something that can be verified with the registered public key.

however, once a public key is registered in the domain name database ... the binding of that public key to the domain name ... is as valid as the binding of the ip-address to the domain name (and is at least as strong a binding as any certification authority's binding that is the result of asking the domain name infrastructure as to who really owns the domain name).

now (again) the irony is that if the domain name infrastructure binds/registers a public key to a domain name entry ... in support of improving the integrity of the domain name infrastructure for use by the certification authority industry ... then in theory that same public key binding could be accessed directly ... w/o the need of having a certification authority industry (or certificates).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
 getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 19:35:01 GMT
oh yes, slightly related thread on SSL
http://www.garlic.com/~lynn/aadsm12.htm#50 Frist Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#51 Frist Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aepay10.htm#60 First Data Unit Says It's Untangling Authentication

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
 getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 20:27:03 GMT
Henrick Hellström writes:
The irony seems to have escaped you. <g>

The point is that there is not really anything to gain from turning domain name registrars into CAs. You would still have the same security issues, with one minor exception: The subject validation process would appear to be a more transparent process, since the domain name registrar would already have verified the identity of the registrant.

I suspect the whole issue here is that people assume that CAs are making money for nothing and just want to find ways to put them out of business. What they perhaps fail to realize is that there are massive investments in hardware and organizational procedures involved in any secure CA operation. Simply put: You don't want to store a CA private key with a 30 year lifetime on the hard drive of your home PC.


no ... the irony is that you have to turn domain name registrars into high integrity resources .... since their databases are the authoritative reference that certification authority industry uses as the true owners of a domain name. in some sense ... for an SSL domain name certificate, the certification authority is taking the bits from an entry in the domain name database .... changing the encoding and arrangement of those bits ... doing some magic crypto mumbo-jumbo ... and calling it a certificate.

the integrity of the certificate is based on the magic crypto mumbo-jumbo.

the integrity of the information in the certificate is based on the integrity of the authoritative agency responsible for the information (the domain name infrastructure).

logically ... there is a master reference someplace, somewhere for pieces of information .... typically in something that looks like a database account record.

a certification authority ... certifies that it uses due diligence in acquiring that information from the authoritative agency responsible for the information and uses appropriate crypto strength & business processes for copying that information into a certificate. logically, a certificate is a R/O copy of (typically subset and possibly quite stale) some authoritative database piece of information.

the original purpose for certificates was for environments where the relying party was offline and had no recourse to directly contacting the authoritative agency as to the validity of some piece of information (aka analogy is the letters of credit in the days of sailing ships). These days, when matters of real value are involved, it is much more cost effective to use an online, real-time contact directly to the authoritative agency with regard to the information being verified (only resorting to offline, stale, subset information in a certificate when no other possible means was available).

The specific issue with the SSL domain name certificates ... is that something was wanted quickly ... and while the domain name infrastructure was online and realtime ... there were issues with integrity that didn't look like could be quickly resolved ... so the SSL domain name certificates were a temporary solution pending being able to improve the integrity of a (legacy) domain name infrastructure.

However, one of there still remained a significant issue that the certification authority industry were as dependent on the integrity and quality of the information of the domain name infrastructure as the whole rest of the internet.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
 nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 09 Dec 2002 21:06:57 GMT
"DD" writes:
On the other hand - maybe a different view of the world would be to stop expecting CAs to be this ultimate source of trust. I use different documents (paper / digital) to get cash from an ATM, to travel to another country, to get a book form a local library, to rent a car, etc. Perhaps a different CA model might be to be more localised and issue certs closer to the point of use. E.g. my company would issue me a cert for my company email address and a cert for my company ERP system so I can sign POs. My ISP would issue a cert for my ISP mailbox. In the first case the company is certifying the identity of the employee and email address and linking them to a public key. In the second case they are certifying a function (purchasing with a defined $ limit) and linking it to a public key. The ISP is certifying an email address and linking it to a public key. Note that the ISP (in this case) makes no assurances about the entity who uses that email address.

so in the ISP case ... when you open an account you supply a public key (similar to the scenario for creating a domain name defintion ... supply a public key at the time the entry is created). the ISP registers the public key in the RADIUS data base record for the userid ... in lieu of a userid. They don't need to know who you are (as long as you pay the bill) ... they just need to know that you are the person that established the account/userid. then can use digital signature signing at ISP connection (instead of userid/password). see radius references
http://www.garlic.com/~lynn/subpubkey.html#radius

this is similar to the kerberos pk-init draft .... public key is registered for the userid at the time the userid is defined ... there is no requirement to know who you are (aka identification) just that you are the entity that established/owns the userid (aka authentication).

the ISP and employee online environments are likely to either be a) a radius infrastructure or b) a kerberos infrastructure (both of which can be certificate-less public key for authentication).

so for employee case. is it better to establish a public key in the employee data base ... and do real-time transactions against that employee database entry ... or to have a (potentially very stale) copy of a subset of that information in a credential targeted for offline use.

so one use might be door-badge system. Some door-badge systems (especially in low-value environments) are offline operations. However, high value operations tend to have online, real-time checking. So a possible issue for target certificate environments are offline and/or very low value operations ... where it doesn't justify to utilize a real-time online environment.

There are two things going against the offline scenario: a) online costs are dropping significantly and online is becoming worldwide ubiquitous (one way or another), b) there is a negative feedback scenario, if the certificates are only used for low-value or no-value operations ... it isn't likely that people are going to pay much for them; if people won't pay much for them, it limits the kind of infrastructure that a CA is able to afford; if the CA can only afford to operate a cut-rate infrastructure; the applicability/usefulness of such certificates becomes even further reduced, people are even going to pay less for a certificate that has even lower value, which means less money for a CA infrastructure, when reduces the value of the certificate.

the other way of looking at it ... is that things of value are not only moving to online ... but moving to various kinds of aggregation and/or patterns of activity. financial transactions are online, aggregation operations ... i.e. not just a value bound on a single transaction ... but value bound on the aggregation of any number of transactions. if you touch the online database ... with the master of the information that is contained in a stale, redundant, superfluous certificate ... is it better for a business process to use the realtime information in the record it has just read ... or the stale information in a certificate that come via who knows what?

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cost of computing in 1958?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cost of computing in 1958?
Newsgroups: alt.folklore.computers
Date: Tue, 10 Dec 2002 14:33:34 GMT
Tony Lima writes:
Economists will tell you this is merely equating marginal cost (the cost of writing better, tighter code) with marginal benefit (saving CPU cycles). When CPU cycles become cheaper, it's foolish to incur the higher marginal costs of writing that tight code. - Tony

there was some tighter code that was faster ... but there was also some tighter code that was simpler and easier to understand. the simpler and easier to understand made it easier to adapt and enhance to new situations (aka reusable code) ... as opposed to write-only/write-once code (term originated with apl\360?).

the shortcoming that easy to understand/modify code ... was it tended to become very dirty by people making easy modifications (some programming law of entropy?).

lynn@garlic.com somewhere else recently wrote:
long ago and far away i liked to try and rewrite code to add new function so that the basic function appeared to be implemented in much shorter path length and much less code ... and the added new function appeared to have been implemented in zero pathlength with no instructions. some of the problems that arose was that traditional maint. (by others) might result in some things stop working for no apparent reason (sometimes this could be 10-15 years later). I once had somebody track me down ten years after a custom kernel had disappeared into AT&T longlines ... looking for help.

in any case, KISS seems to be out of style ... another observation somebody recently made ... strong sense that simplifying problems is not nearly as profitable as other approaches.

random kiss references:
http://www.garlic.com/~lynn/99.html#228 Attacks on a PKI
http://www.garlic.com/~lynn/aadsm10.htm#hackhome Hackers Targeting Home Computers
http://www.garlic.com/~lynn/aadsm10.htm#boyd AN AGILITY-BASED OODA MODEL FOR THE e-COMMERCE/e-BUSINESS ENTERPRISE
http://www.garlic.com/~lynn/aadsm11.htm#10 Federated Identity Management: Sorting out the possibilities
http://www.garlic.com/~lynn/aadsm11.htm#30 Proposal: A replacement for 3D Secure
http://www.garlic.com/~lynn/aadsm12.htm#19 TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
http://www.garlic.com/~lynn/aadsm2.htm#mcomfort Human Nature
http://www.garlic.com/~lynn/aadsm3.htm#kiss1 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss2 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp-00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss3 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss4 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss5 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss6 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss7 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
http://www.garlic.com/~lynn/aadsm3.htm#kiss8 KISS for PKIX
http://www.garlic.com/~lynn/aadsm3.htm#kiss9 KISS for PKIX .... password/digital signature
http://www.garlic.com/~lynn/aadsm3.htm#kiss10 KISS for PKIX. (authentication/authorization seperation)
http://www.garlic.com/~lynn/aadsm5.htm#liex509 Lie in X.BlaBla...
http://www.garlic.com/~lynn/aadsm7.htm#3dsecure 3D Secure Vulnerabilities?
http://www.garlic.com/~lynn/aadsm8.htm#softpki10 Software for PKI
http://www.garlic.com/~lynn/aadsmail.htm#comfort AADS & X9.59 performance and algorithm key sizes
http://www.garlic.com/~lynn/aepay3.htm#gaping gaping holes in security
http://www.garlic.com/~lynn/aepay7.htm#nonrep3 non-repudiation, was Re: crypto flaw in secure mail standards
http://www.garlic.com/~lynn/aepay7.htm#3dsecure4 3D Secure Vulnerabilities? Photo ID's and Payment Infrastructure
http://www.garlic.com/~lynn/2001.html#18 Disk caching and file systems. Disk history...people forget
http://www.garlic.com/~lynn/2001i.html#51 DARPA was: Short Watson Biography
http://www.garlic.com/~lynn/2001l.html#1 Why is UNIX semi-immune to viral infection?
http://www.garlic.com/~lynn/2001l.html#3 SUNW at $8 good buy?
http://www.garlic.com/~lynn/2002b.html#22 Infiniband's impact was Re: Intel's 64-bit strategy
http://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
http://www.garlic.com/~lynn/2002b.html#59 Computer Naming Conventions
http://www.garlic.com/~lynn/2002c.html#15 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002d.html#0 VAX, M68K complex instructions (was Re: Did Intel Bite Off MoreThan It Can Chew?)
http://www.garlic.com/~lynn/2002d.html#1 OS Workloads : Interactive etc
http://www.garlic.com/~lynn/2002e.html#26 Crazy idea: has it been done?
http://www.garlic.com/~lynn/2002e.html#29 Crazy idea: has it been done?
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002k.html#11 Serious vulnerablity in several common SSL implementations?
http://www.garlic.com/~lynn/2002k.html#43 how to build tamper-proof unix server?
http://www.garlic.com/~lynn/2002k.html#44 how to build tamper-proof unix server?
http://www.garlic.com/~lynn/2002m.html#20 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002m.html#27 Root certificate definition

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

I'll see your deep-fried mars-bar

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: I'll see your deep-fried mars-bar..
Newsgroups: alt.folklore.computers
Date: Tue, 10 Dec 2002 14:59:49 GMT
jmfbahciv writes:
The "last" generation (version 7.03) of TOPS-10 monitor developers did the Chinese food thing.

people from 545 (at least 4th floor) did chinese ... typically down in central sq. there was also legal in inman sq ... but that was more often just lunch ... tables and benches on the 2nd floor. for lunch we would periodically try the various student cafeterias.

there is the stanford joke ... i think involving mccarthy and minsky and some others at some chinese place on university ... and minsky talking about some stanford phd thesis in preperation and asking a number of questions ... and mccarthy saying something to the effect that everybody understands that ... here lets ask the waiter (of course the waiter happens to be the author). After monthly SLAC meetings, the Oasis or the Blue Goose were typically the choice.

in san jose ... we frequently did pizza ... and for awhile had a real thing for the first Chuck E. Cheese (just off blossom).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

I'll see your deep-fried mars-bar

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: I'll see your deep-fried mars-bar..
Newsgroups: alt.folklore.computers
Date: Wed, 11 Dec 2002 14:09:32 GMT
jmfbahciv writes:
We didn't do food; we did beer. For JMF and TW, lunch time was the end of their work shift. I had that shift for a while (anybody working on TOPS-10 stand-alone had to work non-prime time.

for the first couple years when an eric's moved in across the street from the main plant site ... they had a back room that for some reason or another had my name posted on it ... and we would get half price on pitchers of anchor steam

both oasis and blue goose are probably considered much more of peanut shells and beer place.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
 nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Wed, 11 Dec 2002 17:27:56 GMT
recent threads in some other places related to this subject:
http://www.garlic.com/~lynn/2002p.html#12 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#18 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#19 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#21 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/aepay10.htm#31 some certification & authentication landscape summary from recent threads
http://www.garlic.com/~lynn/aepay10.htm#37 landscape & p-cards
http://www.garlic.com/~lynn/aepay10.htm#53 First International Conference On Trust Management
http://www.garlic.com/~lynn/aadsm12.htm#42 draft-ietf-pkix-warranty-extn-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#45 draft-ietf-pkix-warranty-extn-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#48 draft-ietf-pkix-warranty-extn-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#52 First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#53 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#54 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#55 TTPs & AADS (part II)

and some relation to parts of previous threads:
http://www.garlic.com/~lynn/aepay10.htm#62 VeriSign unveils new online identity verification services

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Secure you PC or get kicked off the net?

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Secure you PC or get kicked off the net?
Newsgroups: alt.computer.security,alt.security,comp.security.firewalls
Date: Thu, 12 Dec 2002 15:21:31 GMT
colonel_flagg@NOSOUPFORJ00internetwarzone.org (Colonel Sam Flagg, U.S. Army Intelligence (ret)) writes:
yea, and? what's wrong with making people secure themselves? would you rather have the government come in and secure it for you?

bwahahahahahaha.

frankly, i think it would be a good idea for a "learners permit" then a "computer drivers test" when you complete the "learning period", if you fail, no computer for you, off the net moron.


there has been similar thread in the context of infobahn & information super highway ... as much as individual licensing ... the other area is in terms of liability and insurance.

one of the issues brought up is similar to the automobile industry ... nobody will pay for safety features. a combination of personal liability, liability premiums adjusted for kind of vehicle and gov. mandated security features has accomplished quite a bit.

one possible translation of presonal liability is that ISPs automatically adjust the monthly bill based on various kinds of activity (like if your computer is part of certain kinds of attacks, you get zap'ed for operating an unsafe vehicle as well as reckless driving).

the driving licensing issue, in part is because individual shortcomings in a car can have significant consequences like loss of life ... so a minimum level of competency has been deemed necessary. However in the auto analogy, being hit with much higher insurance premiums as well as fines for both a) operating unsafe vehicle and b) reckless driving has been a significant mitigating factor ... along with some gov. mandated safety standards.

http://www.garlic.com/~lynn/2001m.html#27 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
http://www.garlic.com/~lynn/2001m.html#28 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
http://www.garlic.com/~lynn/2001m.html#29 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement
http://www.garlic.com/~lynn/2001m.html#30 Internet like city w/o traffic rules, traffic signs, traffic lights and traffic enforcement

so, lets say that you recklessly drive (program some threat) and/or operate an unsafe vehicle (virus takes over your machine) on the internet ... you just get hit with much larger charges.

people then are motivated to buy original equipment with appropriate safty measures and/or have aftermarket equipment installed. People don't need to understand the technology ... any more than many people understand details of auto technology. appropriate original equipment and aftermarket safety features may even come with warrenties that re-imburse the person for safety failures that result in hitting the person's pocket book.

one of the issues raised in the previous thread was can individual ISP be relied upon to enforce the traffic laws and appropriately collect fines (aka boundary packet filtering & virus checking rules are appropriately installed and customers get hit with additional charges for everything that trips the filters).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Western Union data communications?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 15:44:36 GMT
Joel Gallun writes:
They launched a bunch of them -- the WESTAR series of birds. Try a google on WESTAR and see what you get. Memeory is failing me here. Sorry.

there were a number of businesses that thot to get into that market. another was sbs (my wife worked for them for a time), which was jointly owned by ibm, aetna, and comsat. one of the issues was deployment of computing protocols that supported satellite propagation delays. sbs even tried voice business for a time ... before getting out of the business. most of the land/tail circuits and people went to MCI ... and the satellites went to Hughes. I got to sit in the VIP stands for launch of 41d w/SBS-4 (actually a number of times because of aborts) aug/84
http://www.nasa.gov/mission_pages/shuttle/shuttlemissions/archives/sts-41D.html

another issue was satellites designed to fit in the cargo bay of the shuttle ... and shuttle launch shutdown after the accident ... and a lot of the business wandering away to fiber. the other was some satellites getting larger than what would fit in the shuttle bay ... and needing to find alternative launch capability that supported larger form factor satellites.

we (aka hsdt/high speed data transport) ... had small high speed backbone running with fiber links as well as three hsdt tdma earthstations (two were in northern us with 4.5m dishes ... one in southern us that needed 7m dish). I had done some amount of protocol optimization as well as rate-based pacing algorithm for high speed activity misc. hsdt posts:
http://www.garlic.com/~lynn/subnetwork.html#hsdt

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Vector display systems

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Vector display systems
Newsgroups: alt.folklore.computers
Date: Wed, 11 Dec 2002 22:28:13 GMT
ibm had these 2250s in the 60s. the university that i was at had a 2250 with its own controller and directly attached to ibm mainframe channel.

the science center had a 2250m4 ... which was a 2250 with a 1130. somebody ported space wars to the science center's 1130 & played on the 2250 (two person; had the keyboard split in have and each player had a set of keys for the various functions).

ibm eventually came out with a replacement called the 3250 ... which i believe were relogo'ed from sanders. The later replacement, 5080 was also possibly relogo'ed from sanders.

attempt to use search engine didn't come up with much:
http://www-2.cs.cmu.edu/afs/cs/usr/ph/www/nyit/morrison/1960s.txt
http://www.upfrontezine.com/1999/upf-135.htm

A graphics device earlier than 3250 was the 3277ga (aka graphics attachment) ... a relogo'ed tektronics device ... that had special attachment into the side of 3277 terminal display. It basically used the 3272 channel attached controler for high data rates from the processor.

note in the following:
http://www.nfrpartners.com/comphistory/
edit, moved to & 2250 ref. fixed
http://web.archive.org/web/20030115091035/http://home.maine.rr.com/jhcphoto/

the picture identified as "2250 being used as operator console" is 9track tape drive.

at the bottom of the above page are pictures of 3250 and 5080.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Sci Fi again

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Sci Fi again
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 19:06:40 GMT
eugene@cse.ucsc.edu (Eugene Miya) writes:
I've only relatively recently gotten into serials, and it is amazing to me that all these series like Dune, Foundation, Ender, start with 1 really good volume, then degenerate. I need to finish Cryptonomicom that I think about it.

my wife is right in the middle of reading cryptonomicom. also we just watched dvd of the first rings on monday night. she thot it was interesting the passage from the book where one of the guys is comparing themself to a dwarf from tolken ... working in extreme dark, forging things of great power ... and having to sit around a table of chattering hobbits.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Western Union data communications?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 19:15:34 GMT
Anne & Lynn Wheeler writes:
we (aka hsdt/high speed data transport) ... had small high speed backbone running with fiber links as well as three hsdt tdma earthstations (two were in northern us with 4.5m dishes ... one in southern us that needed 7m dish). I had done some amount of protocol optimization as well as rate-based pacing algorithm for high speed activity misc. hsdt posts:
http://www.garlic.com/~lynn/subnetwork.html#hsdt


also related to hsdt activity:
http://www.garlic.com/~lynn/internet.htm#0

and ha/cmp could be considered outgrowth of marrying hsdt to earlier experience in tightly-coupled & loosely-coupled systems:
http://www.garlic.com/~lynn/subtopic.html#hacmp

as well as later electronic commerce stuff:
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
http://www.garlic.com/~lynn/aadsm5.htm#asrn2

previous postings on connecting threads:
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Western Union data communications?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 19:45:12 GMT
Anne & Lynn Wheeler writes:
previous postings on connecting threads:
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce


brain check ... should be
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Western Union data communications?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Western Union data communications?
Newsgroups: alt.folklore.computers
Date: Thu, 12 Dec 2002 21:27:57 GMT
jchausler writes:
They shed all their "communications" facilities and became a service provider in 1989 or so (that was the last year they provided a "wire" to interconnect all the chapters of the Morse Telegraph Club for their annual Morse's Birthday meetings on the last Saturday of April). It was my understanding, in fact, that the company as such was dissolved at that time and all the pieces sold off. The company doing business now as Western Union was just the buyer of the telegram and money order service (Yes, Virginia, you can still send a 15 word or less telegram but its gonna cost ya, even more if you want it hand delivered, about $35 total the last time I checked.) I could be wrong about this though.

amex spun off firstdata in '92 ... integrated payments part of firstdata operated moneygram. when western union was on the block ... firstdata looked at buying them ... but western union was purchased by first financial management. Later when firstdata and first financial management merged, first data had to divest moneygram.
http://web.archive.org/web/20021223005227/http://www.ftc.gov/opa/1995/9509/fdfin.htm
http://www.prnewswire.com/cnoc/FDSmda.html

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

VSE (Was: Re: Refusal to change was Re: LE and COBOL)

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VSE (Was: Re: Refusal to change was Re: LE and COBOL)
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Fri, 13 Dec 2002 02:06:53 GMT
ted.macneil@mobile.rogers.com (ted.macneil) writes:
OT: I would never consider anything about PROFS/OV gleaming, when the keys meant different things on different panels.

I think that the poor interface was what drove IBM to come up with SAA! I know PROFS used to drive our infrequent users up the wall! They could never get in the habit of not getting in the habit of hitting different keys on different panels to do the same thing.


we thot that SAA was mostly directed at trying to put the genie back in the bottle ... try and turn PCs into enhanced 327xs. we got hammered by both the SSA guys and the T/R guys when we came up with three-tiered architecture and started presenting it as sophisticated distributed computing environment with high speed interconnect.
http://www.garlic.com/~lynn/subnetwork.html#3tier 3tier, middle layer, saa

the profs group picked up a number of different applications and smashed them all together. the email application they picked up was primitive/early version of an application called vmsg. later when the author of vmsg questioned why they were using such an early/primitive version in the product ... there was some difference of opinion ... however the author was able to demonstrate that his initials existed in an internal control field in all PROFS (aka VMSG) messages. After that he stopped open source distribution and only shared source with me and one other.

misc. profs &/or vmsg refs:
http://www.garlic.com/~lynn/99.html#35 why is there an "@" key?
http://www.garlic.com/~lynn/2000c.html#46 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000e.html#20 Is Al Gore The Father of the Internet?^
http://www.garlic.com/~lynn/2001j.html#35 Military Interest in Supercomputer AI
http://www.garlic.com/~lynn/2001k.html#35 Newbie TOPS-10 7.03 question
http://www.garlic.com/~lynn/2001k.html#39 Newbie TOPS-10 7.03 question
http://www.garlic.com/~lynn/2001k.html#40 Newbie TOPS-10 7.03 question
http://www.garlic.com/~lynn/2001k.html#56 E-mail 30 years old this autumn
http://www.garlic.com/~lynn/2002f.html#14 Mail system scalability (Was: Re: Itanium troubles)
http://www.garlic.com/~lynn/2002h.html#58 history of CMS
http://www.garlic.com/~lynn/2002h.html#59 history of CMS
http://www.garlic.com/~lynn/2002h.html#64 history of CMS
http://www.garlic.com/~lynn/2002i.html#50 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002j.html#4 HONE, , misc

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

I'll see your deep-fried mars-bar

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: I'll see your deep-fried mars-bar..
Newsgroups: alt.folklore.computers
Date: Fri, 13 Dec 2002 22:25:19 GMT
"Charlie Gibbs" writes:
"All the sugar and twice the caffeine!" There you have it: 2 to 1. (Makes sense - after two cans of Jolt I can vibrate right up a wall.)

long ago and far away i was at a conference where they came out and provided free truck load of jolt ... as the initial marketing/consumer testing ... before they started selling it.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

January 7, 2003: "25 years of Hennessy & Patterson" PARC

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: January 7, 2003: "25 years of Hennessy & Patterson"  PARC
 auditorium, Palo Alto
Newsgroups: alt.folklore.computers
Date: Fri, 13 Dec 2002 23:58:43 GMT
... forwarded ....

old_systems_guy@yahoo.com (John Mashey) writes:
This is sponsored by Computer History Museum, www.computerhistory.org/events/latest, keep an eye on website for details in a couple weeks (this is an early warning for comp.arch fans). Host/interviewer - mash, really @ heymash.com.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Newbie: Two quesions about mainframes

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Newbie: Two quesions about mainframes.
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sat, 14 Dec 2002 22:32:04 GMT
dunklervater@yahoo.com (DV) writes:
Hello,

Recently I read in a computer magazine, that there is a port for the architecture S/390. I dug around a bit, and found out that this seems to be a very interesting, but very unaffordable architecture. Especially interesting for me was that the concept of the VM was administered through and through. I am currently in the process of downloading hercules and images of VM/370 and OS/360. These two seem to be quite dated versions, but I could imagine, that VM/ESA and OS/390 are very expensive.

The reason for this post are two questions:

1) I often read that the VM principle is also a method of system security, as it separates users from one another. I have been thinking hard about this (as I would find it cool, if one could do a linux distro for PCs that used the same VM principle, maybe using bochs or usermode linux), but I don´t get two points of this:

a)There must be at least one connection into the VM: The console link of the user. Thus, the VM is not un-hackable, right? Are there some precautions about this (other that read-only mode or something)?

b) In addition to that, this also means, that there must be some authentification process: User minidisks have to be setup and login controlled. This process either must take place on the bare hardware (without VM camouflage) or within some other VM. Thus, doesn´t that mean, that the bare hardware and any VM is not un-hackable?

c)There must be somthing as an administrator that has acess to the real hardware. In order to prevent this account being hacked, what precautions are normally administered (maybe only certain consoles in the machine room allow administrator rights; any remote access as administrator is forbidden a.s.o)?

2)Are there any good docs about VM/CP/CMS on the one side and MVS/descendants/JCL/pipes on the other? I searched around and only found things on the ibm website, which is unbearably slow to access and seems to contain PDF (un-userfriendly to read) or mainframe formats I cant read at all. It would be nice if this stuff was really base-level, so I can get the facts straight and then find more arcane stuff to amuse myself.

I hope this doesn´t seem too offtopic, but the VM-Principle is most interesting for me, and I would really like to grasp whether there isn´t really any analogon to JCL and pipes in Linux.

I would appreciate any answers.

Thank you in advance, Bye.


first cp/67 and then vm/370 was used in a number of secure business critical areas. one such was the science center for a time operated cp/67 time-sharing service that had BU & MIT students ... science center employees and remote users from corporate hdqtrs using cms\apl doing corporate business modeling with the absolutely most sensitive of corporate data (all on the same machine concurrently). misc. 545 refs:
http://www.garlic.com/~lynn/subtopic.html#545tech

misc. apl refs:
http://www.garlic.com/~lynn/subtopic.html#hone

other examples are various general commercial time-sharing services based on cp/67 and later vm/370 ... that depended on general users couldn't crash &/or compromise the system (tymshare, idc, ncss, etc).

lots of random postings about commercial time-sharing
http://www.garlic.com/~lynn/2000b.html#61 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000d.html#40 360 CPU meters (was Re: Early IBM-PC sales proj..
http://www.garlic.com/~lynn/2000e.html#9 Checkpointing (was spice on clusters)
http://www.garlic.com/~lynn/2000f.html#52 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000f.html#69 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2000g.html#4 virtualizable 360, was TSS ancient history
http://www.garlic.com/~lynn/2000g.html#22 No more innovation? Get serious
http://www.garlic.com/~lynn/2000g.html#31 stupid user stories
http://www.garlic.com/~lynn/2001b.html#15 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001b.html#50 IBM 705 computer manual
http://www.garlic.com/~lynn/2001g.html#30 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001g.html#32 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001g.html#33 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001g.html#35 Did AT&T offer Unix to Digital Equipment in the 70s?
http://www.garlic.com/~lynn/2001h.html#35 D
http://www.garlic.com/~lynn/2001h.html#59 Blinkenlights
http://www.garlic.com/~lynn/2001i.html#44 Withdrawal Announcement 901-218 - No More 'small machines'
http://www.garlic.com/~lynn/2001m.html#1 ASR33/35 Controls
http://www.garlic.com/~lynn/2001m.html#44 Call for folklore - was Re: So it's cyclical.
http://www.garlic.com/~lynn/2001m.html#51 Author seeks help - net in 1981
http://www.garlic.com/~lynn/2001m.html#54 Author seeks help - net in 1981
http://www.garlic.com/~lynn/2001m.html#55 TSS/360
http://www.garlic.com/~lynn/2001n.html#10 TSS/360
http://www.garlic.com/~lynn/2002b.html#2 Microcode? (& index searching)
http://www.garlic.com/~lynn/2002c.html#44 cp/67 (coss-post warning)
http://www.garlic.com/~lynn/2002e.html#47 Multics_Security
http://www.garlic.com/~lynn/2002f.html#59 Blade architectures
http://www.garlic.com/~lynn/2002g.html#4 markup vs wysiwyg (was: Re: learning how to use a computer)
http://www.garlic.com/~lynn/2002h.html#34 Computers in Science Fiction
http://www.garlic.com/~lynn/2002h.html#43 IBM doing anything for 50th Anniv?
http://www.garlic.com/~lynn/2002h.html#50 crossreferenced program code listings
http://www.garlic.com/~lynn/2002h.html#60 Java, C++ (was Re: Is HTML dead?)
http://www.garlic.com/~lynn/2002i.html#44 Unisys A11 worth keeping?
http://www.garlic.com/~lynn/2002i.html#48 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002i.html#63 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#64 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002i.html#69 Hercules and System/390 - do we need it?
http://www.garlic.com/~lynn/2002l.html#53 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#56 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#61 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002l.html#62 Itanium2 performance data from SGI
http://www.garlic.com/~lynn/2002l.html#64 10 choices that were critical to the Net's success
http://www.garlic.com/~lynn/2002m.html#61 The next big things that weren't
http://www.garlic.com/~lynn/2002n.html#27 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#32 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#54 SHARE MVT Project anniversary
http://www.garlic.com/~lynn/2002n.html#67 Mainframe Spreadsheets - 1980's History
http://www.garlic.com/~lynn/2002n.html#73 Home mainframes

there has also been some discussion about the security evaluated version of VAX/VMS was done by implementating some sort of virtual machine layer for (secure) vms. random secure vms refs:
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002m.html#72 Whatever happened to C2 "Orange Book" Windows security?
http://www.garlic.com/~lynn/2002m.html#76 Whatever happened to C2 "Orange Book" Windows security?

also
http://groups.google.com/groups?q=+%22secure+vms%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&scoring=r&as_drrb=b&as_mind=12&as_minm=1&as_miny=2000&as_maxd=14&as_maxm=12&as_maxy=2002&selm=3C07B110.9060905%40multicians.org&rnum=2

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

20th anniversary of the internet (fwd)

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: 20th anniversary of the internet (fwd)
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 12:44:40 GMT
somewhat related discussions:
http://www.garlic.com/~lynn/internet.htm#0

index of rfcs
http://www.garlic.com/~lynn/rfcietff.htm

forwarded:
From: Bob Braden <braden@ISI.EDU>
Date: Sat, 14 Dec 2002 10:08:38 -0800 (PST)
To: ietf@ietf.org
Cc: internet-history@postel.org
Subject: The 20th anniversary of the Internet

We ought not to let pass unnoticed the impending 20th anniversary of the Internet. The most logical date of origin of the Internet is January 1, 1983, when the ARPANET officially switched from the NCP protocol to TCP/IP. Six months later, the ARPANET was split into the two subnets ARPANET and MILNET, which were connected by Internet gateways (routers).

The planning for the January 1983 switchover was fully documented in Jon Postel in RFC 801. The week-by-week progress of the transition was reported in a series of 15 RFCs, in the range RFC 842 - RFC 876, by UCLA student David Smallberg.

There may still be a few remaining T shirts that read, "I Survived the TCP/IP Transition". People sometimes question that any geeks would have been in machine rooms on January 1. Believe it!! Some geeks got very little sleep for a few days (and that was before the work "geek" was invented, I believe.)

So, on New Year's Eve, hoist one for the 20th anniversary of the Internet.

Bob Braden ____________________________________________________

Routers brought to you by Bob Hinden of BBN.

Prominent survivors included Dan Lynch of Interop fame. And of course Vint Cerf was working the Levers of Power at ARPA.


--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

20th anniversary of the internet (fwd)

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: 20th anniversary of the internet (fwd)
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 18:29:19 GMT
in addition to previous posts about the transition
http://www.garlic.com/~lynn/2000e.html#18 Is Al Gore The Father of the Internet?^
http://www.garlic.com/~lynn/2001n.html#5 Author seeks help - net in 1981

another one (and while i have the 1/9 memo, i haven't found a copy of the referenced 1/7 memo)



Date:     9 Jan 83 0:13:36-EST (Sun)
From:     G. B. Reilly <reilly@udel-relay>
To:       pn-liaisons at udel-relay
cc:       csnet-mc at bbn-unix, mimno at bbn-unix
Subject:  Re:  Problems with TCP cutover
Via:  UDel; 9 Jan 83 18:21-PDT
Via:  rand-relay; 10 Jan 83 6:30-EST

Dear Site Liaisons,

Because the University of Delware's Relay is dually connected in the
ARPAnet (both NCP and TCP/IP access) most of the sites mentioned in
Nancy Mimno's message of January 7, 1983 still accessible to CSNET Phonenet
sites.
Specifically, we still exchange mail with CMU, MIT and Stanford.  To
the best of my knowledge, NYU, Yale and Rochester will only be accessible
at some future date as TCP/IP hosts.

Brendan Reilly
East Coast Relay Liaison

... snip ... top of post, old email index

and something slightly different from the period

Date: 22 Nov 1982 10:40:54-PST (Monday)
From: Lynn Wheeler <WHEELER@IBM-SJ>
To: ???@mit-ai
Subject: IBM CSNET background info

following append is background info on IBM CSNET:

Welcome to CSNET! The link is still experimental. Delivery seems to be certain, but may be delayed for a day or so sometimes. I thought it more important to make this link available as early as possible instead of having everything perfect.

Mail can be sent to CSNET using the MAIL EXEC. The exec gets information about you from PROFILE MAIL, so please edit this file to customize it for you. The MAIL EXEC should NOT be edited.

Invoke the MAIL exec by simply typing 'mail'. It will ask you for the To:, Subject:, and CC: (optional) fields. It will pick a number <n> that's not in use on your disk and save the message as P<userid>.MAIL<n>. Enter the body of the message (end by hitting ENTER twice), then exit from XEDIT or RED by saying FILE. The exec will ask you if you want to submit the mail, and send it to IBMCSNET if you do.

The exec requires that you have REX installed (do REX I), and uses the XEDIT or RED editor. If you make any changes to improve this exec, please initial them in a comment and send the exec back to me.

The MAIL EXEC saves your mail message as the file P<name>.MAIL<n>, where n is some number that doesn't conflict with previous messages that you have on your disk. If you want it to pick a different <n>, or a free <n> larger than some number, just call the MAIL exec with that number as a parameter (e.g., 'MAIL 11').

Received mail will be sent to your reader as files with name L<time-stamp>.MAIL. When you read them in with RD or VRDR, they will automatically be added to your mail log. The "L" stands for Local mail, and the "P" in outgoing mail stands for POBox mail, i.e. mail going to the "P.O. boxes" in the CSNET relay. Please send a short acknowledgement to IBMCSNET when you have successfully received a message, so I can delete it from the disk. This will later be automated as well.

Addresses are formed in the following way: If your userid is on SJRLVM1, then your address is <userid>@IBM-SJ. If you are on some other machine in San Jose, your address is <userid>.<nodeid>@IBM-SJ, and if you are at some other location use <userid>.<nodeid>@IBM. IBM and IBM-SJ are synonyms right now, but may not be so in the future, hence the distinction. Alternately, if you have an alias in NAMES RMSG on the SJRLVM1 system disk, people may send mail to you also at address <alias>@IBM-SJ. In outgoing mail, you actual userid will appear. I will NOT administer any additions to NAMES RMSG during this try-out period.

The address as formed above is a valid CSNET address. When you send a message to the Arpanet, any address in the message header of the form <anystring>@<csnet-host> will be automatically converted to the form that has to be used when sending a message to you from the Arpanet, namely: <anystring>.<csnet-host>@UDel-Relay. This conversion will NOT be made for addresses contained in the text.

Do not send any classified material on this network. If you correspond with anyone connected with a competitor, you should probably send him/her a message explaining that anything he sends will be considered non-proprietary. A permanent record will exist of all messages that enter or exit the network, containg sender and recipient, the length of the message, and the time it was sent/received. In addition, the content of messages can be inspected at any time by an auditor. During the trial-out period messages will to some extent be handled manually by me, so you might want to avoid information of a personal nature (which you might want to avoid anyway, since messages may be viewed by network administrators in several places).

Send all mail and acknowledgements to SJRLVM1(IBMCSNET), but send comments and questions to SJRLVM1(?????).

P.S. You can test the connection out by sending a message to yourself. It will be sent to the relay and returned at the next poll. The relay polls three times a day, at 3pm, 8 pm, and 2 am. I may get to us anywhere between 0-2 hours after this start time, depending on load.

Let me know if you have any problems, and remember: Be understanding!


... snip ... top of post, old email index

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main
Date: Sun, 15 Dec 2002 18:40:36 GMT
oldtimer@WANADOO.FR (Bruno Sugliani) writes:
Well hear it a third time ...This ucode is very much VM like When a CE needed to take a dump or do whatever in the ucode after strange HW failure , he was using things like I CMS or logon whatever once in some fancy pe or ce mode . It looked very much like VM to a lot of people . But you never know . Bruno

note that SIE ... for 3081/XA was enhanced virtual machine microcode assist for VM. pr/sm is further extension of that for what VM called V=R mode (aka the virtual machine didn't page) ... the version on amdahl machines was called something else(?). come 3090 ... the service processor was actually a pair of 4361s running a heavily modified version of vm/370 release 6 ... and all the service panels/menus were written in ios3270 running under cms.

LPARS was a minior extension of pr/sm ... not actually requiring the VM operating system to be present with a limited set of specific options.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Music to craft code by

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Music to craft code by ...
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 18:33:44 GMT
researchers find brain center of music appreication
http://web.archive.org/web/20021213222941/http://www.cnn.com/2002/HEALTH/12/13/music.brain.ap/index.html

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Beyond 8+3

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Beyond 8+3 ...
Newsgroups: alt.folklore.computers
Date: Sun, 15 Dec 2002 19:58:43 GMT
lars@bearnip.com (Lars Duening) writes:
Make it generic: arbitrary searchable attributes, some of which are predefined by the system: one to store the mime-type of the file, and for applications another one to store the types of files it accepts.

IEEE metadata working group has been wrestling with these issues for some time ... initially from the standpoint of hiearchical storage systems .... but sizes of disks are now larger than earlier tape library sizes ... so there is much more dense forest of file & data objects. misc refs:
http://web.archive.org/web/20021214092200/http://www.llnl.gov/liv_comp/metadata/md97.html
http://www.computer.org/conferences/meta96/meta_home.html

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

cost of crossing kernel/user boundary

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: cost of crossing kernel/user boundary
Newsgroups: comp.arch
Date: Sun, 15 Dec 2002 20:24:25 GMT
Oliver Dain writes:
Thanks for the response. This still doesn't seem like it should take too much time. "locking the CPU" involves disabling interrupts. Is there anything else involved there. If not, disabling interrupts generally involves setting some bits in a register which should be cheap. (If we've got multiple CPUs some other work needs to be done, but lets ignore that for now)

Now since we've got 1 routine handling everything we've got to look up the routine we really want from a vector or something and then call it, but this still seems pretty cheap. A total cost (including disabling interrupts) of less than 20 instructions I would think. This is much less than the cost typically attributed to a user/kernal mode switch (several thousand clock cycles or more is the type of number I've heard).

What am I missing? Do some of these instructions (e.g. changing the protection level) take a very long time to execute?

Thanks.


because of various machine issues ... frequently disabling for interrupts and changing machine state will drain/serialize the processor. then because it is a generalized interrupt routine ... there is a lot of saving state of the application program followed by loading kernel state. then ere is some amount of generalized decode of what was the application program status at the time of the kernel call ... then generalized decode of the kernel call parameters ... then generalized decode deciding if the application is allowed to request the desired activity.

attempting to address this stuff in hardware, try the whole access register stuff. it somewhat started out as

1) some of the 3033 cross-memory stuff ... which was a solution to running out of addressability with both kernel & application resident in the same 16mbyte address space (originally data)

2) moving system services library code resident in application space to different address space and some limited changes in privileges (w/o having to go all the way to kernel mode) ... effectively trying to have some of the efficiencies of subroutine library call with some of the things that happen for change of privileges that come with a kernel call

3) high cost of forcing things thru single/common kernel interrupt structure

misc past cross-memory &/or access register postings (in the foloowing there are some URL pointers to access register detailed implementation description in POP):
http://www.garlic.com/~lynn/98.html#11 S/360 operating systems geneaology
http://www.garlic.com/~lynn/98.html#36 What is MVS/ESA?
http://www.garlic.com/~lynn/2000c.html#35 What level of computer is needed for a computer to Love?
http://www.garlic.com/~lynn/2000c.html#83 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000c.html#84 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000d.html#28 RS/6000 vs. System/390 architecture?
http://www.garlic.com/~lynn/2000e.html#57 Why not an IBM zSeries workstation?
http://www.garlic.com/~lynn/2000g.html#28 Could CDR-coding be on the way back?
http://www.garlic.com/~lynn/2001d.html#28 Very CISC Instuctions (Was: why the machine word size ...)
http://www.garlic.com/~lynn/2001d.html#30 Very CISC Instuctions (Was: why the machine word size ...)
http://www.garlic.com/~lynn/2001h.html#73 Most complex instructions
http://www.garlic.com/~lynn/2001k.html#16 Minimalist design (was Re: Parity - why even or odd)
http://www.garlic.com/~lynn/2002d.html#51 Hardest Mistake in Comp Arch to Fix
http://www.garlic.com/~lynn/2002g.html#5 Black magic in POWER5
http://www.garlic.com/~lynn/2002g.html#17 Black magic in POWER5
http://www.garlic.com/~lynn/2002h.html#21 PowerPC Mainframe
http://www.garlic.com/~lynn/2002l.html#57 Handling variable page sizes?

includes url pointer to pop ... plus table of contents of some of the factilities
http://www.garlic.com/~lynn/2002n.html#74 Everything you wanted to know about z900 from IBM

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 00:35:30 GMT
jcewing@ACM.ORG (Joel C. Ewing) writes:
The performance concern was one of doing virtual memory paging at multiple levels. The VM-defined memory for a virtual machine is virtual memory, and VM manages page frames for the virtual machine with paging to/from VM-owned auxiliary DASD. If the operating system running in the virtual machine, which thinks it has real memory, has its own concept of virtual memory as well, then you end up with paging at two different levels, sometimes working at cross purposes, and always with higher overhead than a single-level memory mapping.

LPARs don't have the problem of double paging .... since it is a variation on V=R support with pr/sm .... which is enhancement of SIE .... the VM microcode assist. Back with CP/67, all privilege instructions resulted in an interrupt into the CP kernel where the instruction was "simulated" according to virtual machine rules ... rather than real machine rules. This continued into VM/370 ... all privilege instructions interrupted into the CP kernel for simulation.

Starting with 370/158 & 370/168 there was microcode enhancement called VM-assist ... that specific setting in control register put the machine in virtual machine mode ... and certain "supervisor" instructions had the additional microcode changes so that they would be executed in either real-machine mode or virtual-machine mode. Also in the same time-frame ... the 370/148 got both VM-assist microcode enhancements as well as an extended set of processor instructions that implemented parts of the CP kernel.

The 158 & 168 machines were horizontal microcode instructions ... where thruput was typically measured in avg. 370 instruction per machine cycle. An example was that in the transition from 165 to the 168 they manage to drop the avg. 370 instructions per machine cycle from 2.1 to 1.6. The low & mid range 370s were verticle microcode machines ... their programming is much more like current microprocessors and they were rated in avg. number of microcode instructions per 370 instruction which ran about ten. Basically for the 148 ... in addition to the VM-assist type things done for 158/168 (certain privilege instructions were given microcode that implemented both real machine & virtual machine modes) ... certain CP kernel code sequences were dropped into microcode (typically on a byte-for-byte basis with a ten to one performance speed-up). The CP kernel then had new "B2" opcodes inserted it it which would invoke the new kind of microcode operations. boot/ipl would determine if it wasn't running on a machine and no-op all these "B2" instructions if necessary. More on the mcode for the 148 (and followon machines)):
http://www.garlic.com/~lynn/94.html#21 370 ECPS VM microcode assist
http://www.garlic.com/~lynn/94.html#27 370 ECPS VM microcode assist
http://www.garlic.com/~lynn/94.html#28 370 ECPS VM microcode assist

As an aside, CP kernel has always had a unique (for os/360 derived operating systems) that the kernel code didn't operate in the same address space as the application (virtual machine). As a result, CP required an instruction that both changed address space and changed privilege state (problem/supervisor) in a single instruction. MVS with kernel code occupying the same address space as the application didn't have this requirement.

Along comes 3081 and 370-XA ... the VM microcode assists from the earlier machines was greatly extended with the SIE instruction .... which basically had a whole list of virtual machine related control blocks and put the machine in virtual machine mode (as opposed to putting the machine into problem-state ... with a special control register contents which was checked by the microcode of various privilege instructions). various past SIE instruction postings:
http://www.garlic.com/~lynn/94.html#37 SIE instruction (S/390)
http://www.garlic.com/~lynn/2000b.html#51 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2000b.html#52 VM (not VMS or Virtual Machine, the IBM sort)
http://www.garlic.com/~lynn/2001h.html#71 IBM 9020 FAA/ATC Systems from 1960's
http://www.garlic.com/~lynn/2001h.html#73 Most complex instructions
http://www.garlic.com/~lynn/2001m.html#38 CMS under MVS
http://www.garlic.com/~lynn/2001m.html#53 TSS/360
http://www.garlic.com/~lynn/2002b.html#6 Microcode?
http://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
http://www.garlic.com/~lynn/2002o.html#15 Home mainframes
http://www.garlic.com/~lynn/2002o.html#18 Everything you wanted to know about z900 from IBM

I had first started doing something i made up in the '60s which i called fastpath, basically special optimized code sequences ... in places like the interrupt handlers and other highly used locations. Sometimes this got 100:1 performance improvement for the most common case (as opposed to 10:1 that the ecps microcode changes got). However,

I gave a number of talks at SHARE and BayBunch (bay area VM user group meeting held monthly at SLAC) about the effects of doing fastpath in interrupt handlers for various special code sequences and the difference between highly optimized CP paths versis microcode assists (one of the savings in microcode assists for privilege instruction execution was not having to save/restore registers and other house keeping ... that the microcode could avoid). somewhat related recent posting about crossing kernel/user boundary
http://www.garlic.com/~lynn/2002p.html#43 cost of crossing kernel/user boundary

various old fastpath postings
http://www.garlic.com/~lynn/94.html#2 Schedulers
http://www.garlic.com/~lynn/94.html#54 How Do the Old Mainframes
http://www.garlic.com/~lynn/95.html#1 pathlengths
http://www.garlic.com/~lynn/96.html#0a Cache
http://www.garlic.com/~lynn/97.html#22 Pre S/360 IBM Operating Systems?
http://www.garlic.com/~lynn/97.html#28 IA64 Self Virtualizable?

In any case, a couple of amdahl baybunch attendees said that they were going to do a greatly enhanced SIE type implementation for special case of virtual machine that didn't page (i.e. there was one real page for every virtual page) based on some of my analysis. they touted the amdahl macrocode feature for the implementation. The high-end horizontal microcode machines were extremely difficult to microcode. Macrocode on the amdahl machines was a special intermediate mode .... that used a restricted subset of the 370 instruction set that code be easily loaded into the personality of the machine ... and also had the characteristic that it had its own state/registers. Without the difficult programming typically associated with horizontal microcoding ... they could finish a complete virtual machine mode for all privilege instructions.

when they finished ... they gave a baybunch presentation on basically what was a new state ... problem state, privilege state, and effectively an extended version of the SIE instruction with complete coverage of all privilege instructions running in virtual machine mode (for the special case of where the CP kernel didn't page the virtual machine ... there was a real page for every virtual machine page) ... and allowed some operating system (say MVS) to run in a subset of the machine (at effectively no degradation) ... shared with a VM operating system.

PR/SM was the IBM reaction.

LPARs are an extension of PR/SM

slightly related recent posting on vmesa-l mailing list
http://www.garlic.com/~lynn/2002p.html#4 Running z/VM 4.3 in LPAR & guest v-r or v-f

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 04:04:16 GMT
edjaffe@PHOENIXSOFTWARE.COM (Edward E. Jaffe) writes:
Interesting concept and (IMHO) quite doable. However, fast as it is, Linux still takes time to boot and fire up all of the applications, data bases, IP stack and middleware required to do useful work. That would be a lot of overhead for just one transaction.

there was similar thread some 15 years ago with aix/370, pr/sm & vm

aix/370 (& aix/ps2) was port of UCLA's locus .. process migration, distributed file system, ala nfs, but with distributed file cachine, ala afs ... but supported partial file caching (compared to full file caching of afs).

in some sense it was all the stuff that SAA wanted to be.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 04:17:59 GMT
ibm-main@LDWOREN.NET (Leonard Woren) writes:
I don't seem to recall ever having PR/SM crash and kill the production MVS system. VM's toleration for flaky hardware is essentially non-existant, at least back when I last saw a VM system. IBM finally recognized that VM reliability was an oxymoron and wrote some feature that I can't think of the name of right now that allowed a VM rollover with recovery of the preferred guest. It's the only VM code that ever impressed me.

well there was this environment (the san jose disk engineering & product test labs) where the MTBF of mvs with single test cell was on the order of 15 minutes. Took rewritten i/o subsystem so that it would never crash, even with half dozen to dozen test cells operating concurrently. misc. refs:
http://www.garlic.com/~lynn/subtopic.html#disk

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 04:52:40 GMT
another aspect of the assurance/integrity question is security types issues. this came up recently in a thread here with regard to virtual machine paradigm being able to provide isolation and possibly compartmentalism from a security standpont.
http://www.garlic.com/~lynn/2002p.html#37 two questions about mainframes.

the example was the number of production timesharing services cited in the above ... including HONE which was the internal online system that all branch offices operated off of ... and observation that starting with the 370 115/125 ... it was not possible to order a machine w/o using HONE:
http://www.garlic.com/~lynn/subtopic.html#hone

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 04:34:27 GMT
ibm-main@LDWOREN.NET (Leonard Woren) writes:
SIE is basically VM's dispatcher in microcode. Once that was done, PR/SM was a logical next step.

SIE did two things

1) provided for a single instruction switch from the CP kernel privilege state and the CP address space (remember CP kernel doesn't reside in the address space of the virtual machine) to the virtual machine mode and the virtual machine address space.

2) made the transaction from VM-assist paradigm (the micrcode of each privilege instruction checking for the control register indication that if a privilege instruction was executed in non-privilege mode ... it checks CR6 for indication that it is in VM-assist mode) ... to the invokation of the SIE instruction used for indicating that the machine is operating in virtual machine mode.

it wasn't the dispatching in the sense of selecting the next task to run ... but it was the part of the dispatcher code that switched registers, address space registers, psws, etc to the virtual machine. it is basically equivalent of the following piece segment of code ... from the analysis for the 148/4341 ECPS microcode:
http://www.garlic.com/~lynn/94.html#21 370 ECPS VM microcode assist
path count time percent (mics) cp

dsp+8d2 to dsp+c84 67488 374. 9.75 from 'unstio' end to enter problem state


pr/sm was pretty much ibm re-action to amdahl's implementation (which for amdahl was greatly simplified by being able to do the implementation in "macrocode"). previous post
http://www.garlic.com/~lynn/2002p.html#44 Linux paging

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 15:45:55 GMT
pa3efu@YAHOO.COM (Jan Jaeger) writes:
The overhead is not so much associated with double paging, rather with the need for ccw translation for v=v guests. When VM runs native it can use the region relocate/io assist for v=f and v=r guests, which means that VM is not involved in scheduling i/o nor in the processing of i/o interrupts. For a v=v guest VM will always need to perform ccw translation before the i/o is actually scheduled, and when the i/o interrupt occurs vm will need to reverse translate to ccw address in the irb, before it can be reflected to the guest.

remember that this aspect of CCW translation was no just restricted to VM ... ludlow when he was originally doing the MVT->AOS (vs/2) development ... took a version of CP/67's ccwtrans and cobbled it into VS/2 ... so that VS/2 could provide virtual->real ccw translation across the EXCP/svc0 interface (i.e. applicatioins generating CCWs with virtual addresses and executing excp ... which then required virtual to real address translation).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
 getting keys.
Newsgroups: sci.crypt
Date: Mon, 16 Dec 2002 16:30:23 GMT
pgut001@cs.auckland.ac.nz (Peter Gutmann) writes:
It's not just encryption keys, it's any and all keys (hmm, distinguishing encryption vs. signing keys? You don't do that, that means you'd have to pay the CA twice, and go through twice the hassle to get the two keys. Use one key for everything, and it's even cheaper if everyone in the company shares it).

The reason which is most frequently given for CA keygen is that the user isn't able/competent to generate their own keys, so the CA had better do it for them. In general the thinking appears to be "It's easier if the CA does it for the user, and we'll invent a justification later if anyone asks", because I've heard all sorts of other odd reasons, some of which seem really dubious ("We can't guarantee the quality of the user's RNG, so we'll generate their key for them on our Windows box and send it out in email with the password alongside it" and other sillyness).


there is an issue about signing keys and wanting to be able to show that one and only one person could have originated the signature. this is the attempt to turn the authentication signing process into something that is acceptable as a digital signature ... note however that digital signature has a lot of other constraints ... not just being able to show that no other entity has access to the signing capability.

one problem is that a signing only key could still be utilized in two different modes a) authentication and b) digital signing. The problem is that if a signing only key is ever used for authentication (say like signing something in a challenge/response type protocol) then can it ever be trusted in a digital signing context where it is implied that the person approves the content of the thing being signed. In a challenge/response scenario, the person isn't actually likely to look at the bits being signed ... and so therefor can't be assumed to be approving the meaning of the bits being signed (like in a legal contract). Then you start to get into all sorts of complications is could a legal contract be substituted for the bits in a challenge/response ... and the digital signature starts to have further cracks.

misc. recent discussion on the subject:
http://www.garlic.com/~lynn/aadsm12.htm#5 NEWS: 3D-Secure and Passport
http://www.garlic.com/~lynn/aadsm12.htm#12 TOC for world bank e-security paper
http://www.garlic.com/~lynn/aadsm12.htm#24 Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]
http://www.garlic.com/~lynn/aadsm12.htm#30 Employee Certificates - Security Issues
http://www.garlic.com/~lynn/aadsm12.htm#37 Legal entities who sign
http://www.garlic.com/~lynn/aadsm12.htm#38 Legal entities who sign
http://www.garlic.com/~lynn/aadsm12.htm#54 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#59 e-Government uses "Authority-stamp-signatures"

the other scenario is keys used for encryption. it isn't much of a problem with encryption for data in flight/transit since that is very transitory. the issue is a corporate context where the key may be used for encryption of data at rest ... and that data at rest represents significant corporate assets. most corporations will have typically invested lots of money in various kinds of backups and disaster recovery scenarios with no single point of failure. From a corporate disaster recovery ... would the person and/or the key represent a single point of failure ... that could result in loss of significant corporate assets.

signing keys and encrypting keys are fundamentally totally different business process ... even tho they rely on similar technology. there are some business reasons for establishing that a signing key may be available to one and only one person. there are also significant business reasons (like disaster recovery) for establishing that encryption keys are NEVER only available to one and only one person.

there is sometimes a confusion because the two totally different business operations rely on similar technology ... that the business rules for both should be similar. This is where people confuse business rules based on the similarity of the technology rather than based on fundamental business processes.

when talking about encrypting keys involving encryption of corporate assets (typically at rest, rather than in transit) ... they would be foolish to have single point of failure (the person and/or key). they go to a great deal of trouble not to have a single point of failure and frequently have implemented extensive (and expensive) no-single-point-of-failure, disaster/recovery plans. in these cases where corporate data encrypted under control of such keys ... it is purely business decisions whether the person is responsible for generating such a key pair (and registering both) or the corporate facility is responsible for generating the key pair (and issuing them).

this is all totally independent of whether certification authorities are necessary for use of public keys in any of these business processes. There are lots of reasons why there might be registration authorities for public keys (both the signing kind and the encrypting kind) as well as registration authorities for private keys (for the encrypting kind). But just because there may be need for lots of registration authorities (public, private, distributed, one for each business process, etc) doesn't necessarily follow that there is also a requirement for certification authorities in the sense that such certification authorities sell/issue public key certificates (as defined in most traditional PKI definitions).

lots of references to certificate-less public key infrastructure:
http://www.garlic.com/~lynn/x959.html#aads
http://www.garlic.com/~lynn/subpubkey.html#publickey

misc. recent postings related to certificate-less pki operation:
http://www.garlic.com/~lynn/aadsm12.htm#6 NEWS: 3D-Secure and Passport
http://www.garlic.com/~lynn/aadsm12.htm#22 draft-ietf-pkix-warranty-ext-01
http://www.garlic.com/~lynn/aadsm12.htm#26 I-D ACTION:draft-ietf-pkix-usergroup-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#27 Employee Certificates - Security Issues
http://www.garlic.com/~lynn/aadsm12.htm#28 Employee Certificates - Security Issues
http://www.garlic.com/~lynn/aadsm12.htm#32 Employee Certificates - Security Issues
http://www.garlic.com/~lynn/aadsm12.htm#39 Identification = Payment Transaction?
http://www.garlic.com/~lynn/aadsm12.htm#41 I-D ACTION:draft-ietf-pkix-sim-00.txt
http://www.garlic.com/~lynn/aadsm12.htm#42 draft-ietf-pkix-warranty-extn-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#51 Frist Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aadsm12.htm#54 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aepay10.htm#31 some certification & authentication landscape summary from recent threads
http://www.garlic.com/~lynn/aepay10.htm#35 some certification & authentication landscape summary from recent threads
http://www.garlic.com/~lynn/aepay10.htm#46 x9.73 Cryptographic Message Syntax
http://www.garlic.com/~lynn/aepay10.htm#65 eBay Customers Targetted by Credit Card Scam
http://www.garlic.com/~lynn/2002o.html#57 Certificate Authority: Industry vs. Government
http://www.garlic.com/~lynn/2002o.html#67 smartcard+fingerprint
http://www.garlic.com/~lynn/2002p.html#11 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#21 Cirtificate Authorities 'CAs', how curruptable are they to
http://www.garlic.com/~lynn/2002p.html#22 Cirtificate Authorities 'CAs', how curruptable are they to

random disaster/recover & points of failure postings:
http://www.garlic.com/~lynn/93.html#28 Log Structured filesystems -- think twice
http://www.garlic.com/~lynn/94.html#16 Dual-ported disks?
http://www.garlic.com/~lynn/94.html#33a High Speed Data Transport (HSDT)
http://www.garlic.com/~lynn/96.html#8 Why Do Mainframes Exist ???
http://www.garlic.com/~lynn/96.html#31 Mainframes & Unix
http://www.garlic.com/~lynn/99.html#34 why is there an "@" key?
http://www.garlic.com/~lynn/99.html#67 System/1 ?
http://www.garlic.com/~lynn/99.html#145 Q: S/390 on PowerPC?
http://www.garlic.com/~lynn/99.html#184 Clustering systems
http://www.garlic.com/~lynn/99.html#207 Life-Advancing Work of Timothy Berners-Lee
http://www.garlic.com/~lynn/aadsm2.htm#availability A different architecture? (was Re: certificate path
http://www.garlic.com/~lynn/aadsm8.htm#softpki9 Software for PKI
http://www.garlic.com/~lynn/aadsm9.htm#pkcs12 A PKI Question: PKCS11-> PKCS12
http://www.garlic.com/~lynn/aadsm9.htm#pkcs12d A PKI Question: PKCS11-> PKCS12
http://www.garlic.com/~lynn/aepay2.htm#cadis disaster recovery cross-posting
http://www.garlic.com/~lynn/aadsmail.htm#mfraud AADS, X9.59, security, flaws, privacy
http://www.garlic.com/~lynn/aadsm10.htm#diskcrypt Looking back ten years: Another Cypherpunks failure (fwd)
http://www.garlic.com/~lynn/2001.html#33 Where do the filesystem and RAID system belong?
http://www.garlic.com/~lynn/2001.html#34 Competitors to SABRE?
http://www.garlic.com/~lynn/2001d.html#46 anyone have digital certificates sample code
http://www.garlic.com/~lynn/2001f.html#15 Medical data confidentiality on network comms
http://www.garlic.com/~lynn/2001i.html#31 3745 and SNI
http://www.garlic.com/~lynn/2001i.html#52 misc loosely-coupled, sysplex, cluster, supercomputer, & electronic commerce
http://www.garlic.com/~lynn/2001k.html#13 HP-UX will not be ported to Alpha (no surprise)exit
http://www.garlic.com/~lynn/2001l.html#14 mainframe question
http://www.garlic.com/~lynn/2002.html#44 Calculating a Gigalapse
http://www.garlic.com/~lynn/2002c.html#7 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002d.html#43 Mainframers: Take back the light (spotlight, that is)
http://www.garlic.com/~lynn/2002e.html#10 Deleting files and emails at Arthur Andersen and Enron
http://www.garlic.com/~lynn/2002e.html#67 Blade architectures
http://www.garlic.com/~lynn/2002e.html#68 Blade architectures
http://www.garlic.com/~lynn/2002f.html#4 Blade architectures
http://www.garlic.com/~lynn/2002h.html#40 [survey] Possestional Security
http://www.garlic.com/~lynn/2002j.html#43 Killer Hard Drives - Shrapnel?
http://www.garlic.com/~lynn/2002k.html#8 Avoiding JCL Space Abends
http://www.garlic.com/~lynn/2002l.html#5 What good is RSA when using passwords ?
http://www.garlic.com/~lynn/2002l.html#15 Large Banking is the only chance for Mainframe
http://www.garlic.com/~lynn/2002m.html#22 DOS history question

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Linux paging

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Linux paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 15:45:55 GMT
pa3efu@YAHOO.COM (Jan Jaeger) writes:
The overhead is not so much associated with double paging, rather with the need for ccw translation for v=v guests. When VM runs native it can use the region relocate/io assist for v=f and v=r guests, which means that VM is not involved in scheduling i/o nor in the processing of i/o interrupts. For a v=v guest VM will always need to perform ccw translation before the i/o is actually scheduled, and when the i/o interrupt occurs vm will need to reverse translate to ccw address in the irb, before it can be reflected to the guest.

remember that this aspect of CCW translation was no just restricted to VM ... ludlow when he was originally doing the MVT->AOS (vs/2) development ... took a version of CP/67's ccwtrans and cobbled it into VS/2 ... so that VS/2 could provide virtual->real ccw translation across the EXCP/svc0 interface (i.e. applicatioins generating CCWs with virtual addresses and executing excp ... which then required virtual to real address translation).

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they to

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they to
nepotsim between Govt and Priv industry? This may be the fatal flaw... per
getting keys.
Newsgroups: sci.crypt
Date: Mon, 16 Dec 2002 17:49:44 GMT
I would further assert that it would be possible to use the same signing key for both authentication and signatures ... since the necessary business process for signatures required to establish intent, agrees, approves, and/or authorizes, would provide the distinction.

in the following, I've asserted that the same token (with the same key) could be used for

authentication and authorization in all x9.59 financial transactions

as well as authentication in at least

• all (public key) Radius (challenge/response) transactions • all Kerberos (pk-init) authentication transastion • all SSH authentication transactions

x9.59 financial transactions carry with it additional business processes that would establish both authentication as well as some sense of approval/agreement/authorization.

single signing key/token discussion:
http://www.garlic.com/~lynn/aepay10.htm#65 eBay Customers Targetted by Credit Card Scam
http://www.garlic.com/~lynn/aepay10.htm#66 eBay Customers Targetted by Credit Card Scam

and some recent posts with respect to necessity of using certificates:
http://www.garlic.com/~lynn/aepay10.htm#60 First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aepay10.htm#61 First Data Unit Says It's Untangling Authentication
http://www.garlic.com/~lynn/aepay10.htm#62 VeriSign unveils new online identity verification services
http://www.garlic.com/~lynn/aadsm12.htm#26 I-D ACTION:draft-ietf-pkix-usergroup-01.txt
http://www.garlic.com/~lynn/aadsm12.htm#56 TTPs & AADS Was: First Data Unit Says It's Untangling Authentication

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Free Desktop Cyber emulation on PC before Christmas

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Free Desktop Cyber emulation on PC before Christmas
Newsgroups: comp.sys.cdc,alt.folklore.computers
Date: Mon, 16 Dec 2002 20:42:56 GMT
CBFalconer writes:
I don't know just how he does it, but Eric Jung, in ARJ, has provision for adding a media error recovery syndrome, which he claims can recover from several media errors. Naturally this redundancy changes the net compression achieved, but the result should be safer than archiving the uncompressed originals. IIRC <http://www.arjsoft.com> Probably similar to fire codes, at any rate it has to handle burst errors.

cdrom standard has been reed-solomon. one of the things that were were doing in hsdt time-frame (especially for satellites)
http://www.garlic.com/~lynn/subnetwork.html#hsdt

was adaptive FEC. we had been working with cyclotomics at the time (berkeley, lots of the cdrom standard work ... bought up in the period by kodak because of the cdrom & optical disk encoding work). on a signal with nominal BER of 10**-9 ... 15/16ths reed-solomon gave about six orders magnitude signal improvement ... aka effective BER of 10**-15. cdrom uses interleaving to handle some of the burst/scratch type errors. the issue of kinds of interleaving ... typically is based on profile of expected error characteristics.

for transmission the idea ... that cyclotomics was also using with some FM radio applications ... was that on uncorrectable packet ... rather than resend the original packet (over the 15/16s reed-solomon encoded transmission) was to transmit the 1/2rate viterbi encoding of the original packet. if transmission quality dropped too badly ... then switch from transmitting the 1/2rate viterbi encoding on error ... to transmitting the 1/2rate viterbi as part of each packet.

idea was that for intermittent errors ... the transmission of the 1/2rate viterbi encoding used the same bandwidth as retransmitting the original packet ... but was much more resilient to additional errors. Under high error conditions ... just go ahead and cut the effective thruput by always transmitting the 1/2rate viterbi encoding with the original packet.

random refs:
http://www.garlic.com/~lynn/93.html#28 Log Structured filesystems -- think twice
http://www.garlic.com/~lynn/99.html#115 What is the use of OSI Reference Model?
http://www.garlic.com/~lynn/99.html#210 AES cyphers leak information like sieves
http://www.garlic.com/~lynn/2000c.html#38 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2001.html#1 4M pages are a bad idea (was Re: AMD 64bit Hammer CPU and VM)
http://www.garlic.com/~lynn/2001b.html#80 Disks size growing while disk count shrinking = bad performance
http://www.garlic.com/~lynn/2001k.html#71 Encryption + Error Correction
http://www.garlic.com/~lynn/2002e.html#53 Mainframers: Take back the light (spotlight, that is)

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Newbie: Two quesions about mainframes

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Newbie: Two quesions about mainframes.
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Mon, 16 Dec 2002 22:35:17 GMT
"T.R." writes:
What exactly determines whether a shell (or operating system for that matter) is batch-oriented or not? I understand a batch system is designed to do large amounts of the same task over-and-over again, but how does this property translates to a user shell?

Why should a user shell of a batch system have less interactive functionality than, say, a unix shell?


in theory nothing .... or for that matter .... why would a unix system have less batch functionality than a mainframe system.

from someplace .... in theory there is no difference between theory and practice but in practice there is.

in practice a batch system tends to have a lot of stuff that is specified/bound early and a lot of automagical procedures to recover from various kinds of processing failures and keep going w/o human intervention.

in practice an interactive system tends to have a lof of stuff bound late and/or default ... and when there is an exception ... generate an error message for a person to respond to.

a batch system tends to have a fundamental philosophy that there isn't a person running the program and therefor there isn't a person to respond to exceptions/faults. in order to establish the context for automatgical process, there tends to be a lot of early/explicit specifications (like DD cards). many of the complaints of some of the poor interactive characteristics of various "online" operations in a batch machine environment ... have to do with the large amounts of things that don't default.

one approach to trying to carve out a interactive environment in a batch oriented system (as opposed to offering online capability for doing batch oriented work) is to pre-allocate some subset of the resources ... and then run as a subsystem, some environment that was built from the ground up that there was a human to interact with ... as opposed to built from the ground up that there was no human. An example of that is running Linux systems in LPAR or VM partition of a mainframe machine.

note that the opposite is also true ... systems that originally grew up assuming "a human is present" paradigm ... sometimes have difficulty deliverying five-nines consistent operation, day after day, in say a dim/dark room environment (not only at the system level ... but also at application levels).

mainframe systems tend to sometimes have human someplace in the vacinity in the role of an operator (basically a human that is suppose to respond to certain operator like requests .... possibly like mounting a tape). a prominant financial processing center cited the two things that gave them one hundred percent availability (at the time over a six year period) were

automated operator
ims hot standy

basically ims hot standby provided them disaster survivability ... across three geographically distributed datacenters.

the other was that previously some number of application level faults had been because of human mistakes. automated operator went a long ways towards totally eliminated human equation totally from operational environment.

randomly related past post:
http://www.garlic.com/~lynn/94.html#2 Schedulers
http://www.garlic.com/~lynn/96.html#8 Why Do Mainframes Exist ???
http://www.garlic.com/~lynn/98.html#4 VSE or MVS
http://www.garlic.com/~lynn/98.html#18 Reviving the OS/360 thread (Questions about OS/360)
http://www.garlic.com/~lynn/98.html#51 Mainframes suck? (was Re: Possibly OT: Disney Computing)
http://www.garlic.com/~lynn/99.html#16 Old Computers
http://www.garlic.com/~lynn/99.html#71 High Availabilty on S/390
http://www.garlic.com/~lynn/99.html#107 Computer History
http://www.garlic.com/~lynn/99.html#128 Examples of non-relational databases
http://www.garlic.com/~lynn/99.html#136a checks (was S/390 on PowerPC?)
http://www.garlic.com/~lynn/99.html#197 Computing As She Really Is. Was: Re: Life-Advancing Work of Timothy Berners-Lee
http://www.garlic.com/~lynn/2000.html#22 Computer of the century
http://www.garlic.com/~lynn/2000.html#83 Ux's good points.
http://www.garlic.com/~lynn/2000f.html#12 Amdahl Exits Mainframe Market
http://www.garlic.com/~lynn/2000f.html#58 360 Architecture, Multics, ... was (Re: X86 ultimate CISC? No.)
http://www.garlic.com/~lynn/2000f.html#66 360 Architecture, Multics, ... was (Re: X86 ultimate CISC? No.)
http://www.garlic.com/~lynn/2001.html#43 Life as a programmer--1960, 1965?
http://www.garlic.com/~lynn/2001c.html#13 LINUS for S/390
http://www.garlic.com/~lynn/2001d.html#70 Pentium 4 Prefetch engine?
http://www.garlic.com/~lynn/2001d.html#71 Pentium 4 Prefetch engine?
http://www.garlic.com/~lynn/2001e.html#44 Where are IBM z390 SPECint2000 results?
http://www.garlic.com/~lynn/2001e.html#47 Where are IBM z390 SPECint2000 results?
http://www.garlic.com/~lynn/2001h.html#8 VM: checking some myths.
http://www.garlic.com/~lynn/2001i.html#34 IBM OS Timeline?
http://www.garlic.com/~lynn/2001k.html#14 HP-UX will not be ported to Alpha (no surprise)exit
http://www.garlic.com/~lynn/2001k.html#18 HP-UX will not be ported to Alpha (no surprise)exit
http://www.garlic.com/~lynn/2001l.html#47 five-nines
http://www.garlic.com/~lynn/2001n.html#47 Sysplex Info
http://www.garlic.com/~lynn/2001n.html#85 The demise of compaq
http://www.garlic.com/~lynn/2002.html#1 The demise of compaq
http://www.garlic.com/~lynn/2002.html#24 Buffer overflow
http://www.garlic.com/~lynn/2002e.html#68 Blade architectures
http://www.garlic.com/~lynn/2002h.html#73 Where did text file line ending characters begin?
http://www.garlic.com/~lynn/2002i.html#3 DCAS [Was: Re: 'atomic' memops?]
http://www.garlic.com/~lynn/2002l.html#62 Itanium2 performance data from SGI
http://www.garlic.com/~lynn/2002n.html#27 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#41 Home mainframes
http://www.garlic.com/~lynn/2002o.html#14 Home mainframes

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Running z/VM 4.3 in LPAR & guest v-r or v=f

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Running z/VM 4.3 in LPAR & guest v-r or v=f
Newsgroups: bit.listserv.vmesa-l
Date: Mon, 16 Dec 2002 08:23:24 -0700
somewhat related thread in ibm-main ng/ml
http://www.garlic.com/~lynn/2002p.html#40 Linux paging
http://www.garlic.com/~lynn/2002p.html#44 Linux paging
http://www.garlic.com/~lynn/2002p.html#45 Linux paging
http://www.garlic.com/~lynn/2002p.html#46 Linux paging
http://www.garlic.com/~lynn/2002p.html#47 Linux paging
http://www.garlic.com/~lynn/2002p.html#48 Linux paging

--
Anne & Lynn Wheeler lynn@garlic.com, http://www.garlic.com/~lynn/

cost of crossing kernel/user boundary

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: cost of crossing kernel/user boundary
Newsgroups: comp.arch,comp.programming.threads
Date: Tue, 17 Dec 2002 13:50:13 GMT
Joseph Seigh writes:
As far as system calls go, the system call handler saves registers in processor local storage. It then or at some later point sets up a alternate stack or whatever. How much context you save and when all depends. Usually you set up a decision tree to optimally decide what has to be done. This is performance sensitive code and you usually have performance groups literally counting and timing the code. I used to own VM's program check, svc, and machine check handlers at one point also. VM's progam call linkage used svc based but but was changed to branch entry for performance reasons, though you could still do an svc based program call if you wanted to.

The original cp/67 cp kernel had all internal calls/returns thru SVC interrupt (code 8 for call, code 12 for return ... made it easy to branch table). Call would dynamically allocate a new savearea ... thread from the existing savearea ... store various debuging information, etc. Originally this was fixed pool of 100 saveareas available for allocation. If you happened to exceed requirement for 100 allocated saveareas ... the system failed (loops, long threads, or lot of concurrent activity).

I did a number of things as an undergraudate. One was ... when the available saveareas were exhausted ... call "extend" for another 4k storage block to make available for additional saveareas. This had slight downside on debugging. In the original implementation ... it was possible to easily pick out of contiguous area of storage ... all currently in use ... and previously used, but available saveareas (which could provide additional debugging information). Dynamically extended saveareas were a little bit harder to explain.

The other thing i did as undergraduate was recognize that high percentage of total time was spent in the SVC call/return processing ... especially the allocation and deallocation of saveareas. Part of the analysis was determining that a large number of kernel calls were to "closed" subroutines ... they would perform some function and always immediately return (w/o making any call). I created two fixed saveareas in page zero (balrsave & freesave) for use by closed subroutines and change the call/return sequence for those routines to do a direct branch & link (BALR) to the routine instead of svc linkage ... and to use the fixed save areas. While the SVC interrupt was more expensive than BALR instruction ... the majority of the time spent in the SVC interrupt handler wasn't the instruction itself but the savearea management. The biggest performance boost came from eliminating the savearea management.

One more thing that I did (during the summer job I had at BCS) was introduce the pageable kernel routines. Both CP/67 and VM/370 kernels ran in "real" addressing mode (but PSW changes to/from virtual machines would switch in & out of virtual address mode). The issue was how to allow (low useage) parts of the kernel to page. The process I creates was to very carefully identity routines that were 4k or less and make sure that when kernel was initially built, make sure that they didn't cross 4k page boundary. Then all such routines were placed by the kernel build routine after a known, fixed address ("CPEND" or later "DMKCPE"). I then built a dummy address space table for the kernel.

If the svc call handler was processing a "to" address that was larger than CPEND ... it would first make a call to page fetch on the routine's entry address (using the dummy address table) with option to increment the page lock count, It would then do the standard savearea stuff and then branch to the translated address (not the original address). On svc return, the handler would check to see if the svc interrupt address (where the return was coming from) was larger than CPEND ... and if so, do a page unlock (decrement page lock count) on the svc interrupt address (entry and exit had to be in the same 4k area keeping the page lock counts consistent).

some amount of the stuff I did while an undergraduate ... was incorporated into the standard cp/67 source code distribution (some of the fastpath stuff, tty/ascii terminal support, misc. other stuff. Other of the stuff ... like balr linkages weren't incorporated into cp/67 distribution until after i joined the science center. The pageable kernel changes never made it out in the cp/67 distribution but was part of the standard vm/370 distribution.

random refs:
http://www.garlic.com/~lynn/2001b.html#23 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001l.html#32 mainframe question
http://www.garlic.com/~lynn/2002b.html#44 PDP-10 Archive migration plan
http://www.garlic.com/~lynn/2002n.html#71 bps loader, was PLX

some early performance numbers regarding early kernel changes:
http://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14
http://www.garlic.com/~lynn/94.html#20 CP/67 & OS MFT14

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Cirtificate Authorities 'CAs', how curruptable are they

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Cirtificate Authorities 'CAs', how curruptable are they
tonepotsim between Govt and Priv industry? This may be the fatal flaw...
pergetting keys.
Newsgroups: sci.crypt
Date: Tue, 17 Dec 2002 14:11:36 GMT
Michael Amling writes:
Isn't there some zero-knowledge proof of possession of a private key other than signing? If not, one could adopt a convention that the hash be extended with a 1 for a digital signature, with a 0 for an authentication.

there has been extended threads in pkix mailing list (and other places) about what it means (from a legal standpoint) for a signature. there was some recent posting/reference that it was a severe disservice to public key adoption for somebody to have originated the term "digital signature" at all (aka just because the word/string "digital signature" is used to apply to the private key encryption of the hash .... doesn't create the semantic meaning of signature). to move from the relm of authentication to something that implies the semantic equivalence of legal signature takes a bit more than simple extension of one bit.

(legal) signatures typically carries with it the meaning that the human intended to sign something including having read, understood, and agrees with the content of the thing that they are signing.

the issue isn't so much what it is you are using to represent the difference between a digital signature event and an authentication event .... the issue is how can you show a direct business process relationship between the setting of such a bit and the human having read, understood and agreeing to the content being signed (and the bit can't be set otherwise).

a little piece of the thread:
http://www.garlic.com/~lynn/aadsm12.htm#59 e-Government uses "Authority-stamp-signatures"

the comment about disservice was reply to the above ... and could probably found in the pkix mailing list archive.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

AMP vs SMP

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: AMP  vs  SMP
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Tue, 17 Dec 2002 15:47:40 GMT
Chris_Craddock@BMC.COM (Craddock, Chris) writes:
Not at all. The definition of SMP is a bit slippery, but it is basically that every CPU has equal access to all of the memory and I/O resources. Under this description, IBM mainframes are classic SMP machines. There were asymmetric machines in the very early days (S/370 303x-AP) but everything since the 3080 series has been symmetric. And the architecture supports 16 CPs not 14.

the mainstream 360/65 was duplex (two processor) shared memory system. each processor had its own i/o ... and the only thing shared was memory. processors shared devices by having the devices with "twin-tails" so that channel from each processor connected to the device (or controller). the operating system basically had a single kernel "spin-lock" ... i.e. the first thing that happened on interrupt into the kernel was a test&set spin loop to obtain the lock. IBM made a big distinction that a multiprocessor could always be configured into two independently operating single processor machines.

the 360/67 multiprocessor was a different beast. is was designed to support 4-way multiprocessing ... but I know of only one 3-way that was actually built and the rest were 2-way. Multiprocessor 360/67 had something called a channel controller. By the switches on the panel, channels, processors, and memory banks could be reconfigured. The settings of the switches were available to the software in control registers (the 3-way also had the ability to change the settings of the switches by loading control registers). All memory was shared by every processor (as in the 360/65) but also every channel was shared/addresable by every processor (as later found in XA/3081). The 360/67 also supported 24-bit virtual addressing and 32-bit virtual addressing.

Cambridge Science Center did a lot of work on fine grain multiprocessing locking ... most of the pioneering work being done by Charlie ... and it is in fact Charlie who invented the compare&swap instruction. The original mnemonic for the instruction was CAS which was chosen because they are charlie's initials (i.e. started with CAS ... and then had to invent the part about compare&swap to match the initials). Before compare&swap was shipped in 370 ... it was extended to compare&swap and compare double & swap and the mnemonic changes to CS and CDS.

The initial 370 15x & 16x multiprocessors followed in the path of the 360/65 (and step backward from the technology of the 360/67). The concept of a multiprocessor being a machine that could be split into two independently operating single processor was continued. Later in the 158 & 168 life cycle, reduced cost version of the MP were made available called asymmetric/attached processor or AP. Only one of the processors had channels, the "attached processor" didn't have any installed channels. These also weren't multiprocessors in the traditional sense, not having the ability to be split into two independently operating single processor systems.

In the mid-70s there were two internal SMP projects (that I worked on), one involving 5-way SMP using 370/125 hardware base and a 16-way SMP using 370/158 hardware base. These never made it as products. One of the major product issues was that the various non-vm370 operating systems would of had extreme difficulty in coming up with more than two-way processor support at the time. Some of the POK engineers got hammered by executives when it was realized they were working with us (and that their "mainstream" operating systems couldn't support the hardware).

Also spent some time with the group working on an 2-way for the 370/195. This was more like some of the thread stuff going on with some of the current microprocessors. There were very few codes that would keep the 195 pipeline full. The 2-way effort would create duplicated registers, two PSWs, and misc. other stuff ... but all the existing hardware would pretty much stay the same. There would be one additional bit added to instructions processed in the pipeline (indicating with i-stream/psw the instruction was from). The idea was that two independent i-streams had somewhat better chance of keeping the 195 pipeline full.

The 3081 broke the multiprocessor tradition in that it didn't have fully duplicated hardware allowing the processor to be split into two independently operationg single processors. Originally the 3081 wasn't even going to have a single processor version. However, eventually a 3083 was produced primarily for the airline/tpf industry (acp/tpf didn't have multiprocessing support). The 370, 303x, & 308x duplex machines had a ten percent cycle slow-down (to allow for cross-cache communication) compared to their single processor versions (i.e. the hardware of a two-way ran at 1.8 times the processing power of a single processor). There was additional slow-downs if there was actually cross-cache communications (i.e. the base slow-down was just to allow for the slow-down ... when communication actually occured, things slowed down further). The airline/TPF industry were either using 3081 with one processor ... or running with VM ang running pairs of TPF under VM. The 3083 gave them slightly less expensive 3081 (and the cache slow-down for multiprocessing mode was removed ... so the 3083 was nearly 15 percent faster than a single 3081 processor).

Eventually the 3084 was produced (two 3081s connected together) for a 4-way (it was possible to split a 3084 into two independently operating 3081s). The 3084 penalty was even larger since each cache had to be able to communicate with three other caches instead of just one other cache.

Part of the scale-up issues (in number of real processors) in a complex has been the implementation of (very) strong memory consistency protocols in the caches. Other machines have gone to larger scaling configurations, in part by relaxing some of the cache memory consistency issues (and/or by having individual processors that were relatively slower than the performance of the cross-cache technology being used).

misc past smp postings
http://www.garlic.com/~lynn/subtopic.html#smp

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

AMP vs SMP

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: AMP  vs  SMP
Newsgroups: bit.listserv.ibm-main
Date: Tue, 17 Dec 2002 16:30:41 GMT
eells@US.IBM.COM (John Eells) writes:
The 3168 and 303x MPs and 3084s were definitely partitionable, and you could also run a 3168AP system without its AP. I don't recall whether the 3158s were partitionable (we didn't have any), but like the 168s, the 3158AP model could also be run without the AP. The 303x processor designs were 168-based, by the way, and the 303x channel director was a repackaged 3158. (I went into programming after that and lost track.)

the 158 processor had microcode for both 370 and channels.

the 303x channel director was a 158 processor w/o the 370 microcode and only the 370 channel microcode

the 3031 was a 158 processor with only the 370 microcode and adapted to use the 303x channel director (since they both shared memory the processor memory ... the 3031 & 303x channel directory might be considered sort of a multiprocessor).

the 3032 was a 168 processor repackaged to use the 303x channel director.

the 3033 started out using the 168 wiring diagram but instead of being mapped to technology with 4circuits/chip ... it was mapped to technology that was about 20% faster and had about 10times as many circuits per chip. as a straight technology remap, the 3033 would have been 20% faster than the 168 (say 3.6mips instead of 3mips). late in the development there was some selective redo of the design to take advantage of more onchip processing ... resulting in more like a 50% faster (4.5mips).

random past mentions of 303x:
http://www.garlic.com/~lynn/93.html#14 S/360 addressing
http://www.garlic.com/~lynn/94.html#7 IBM 7090 (360s, 370s, apl, etc)
http://www.garlic.com/~lynn/95.html#3 What is an IBM 137/148 ???
http://www.garlic.com/~lynn/97.html#20 Why Mainframes?
http://www.garlic.com/~lynn/98.html#50 Edsger Dijkstra: the blackest week of his professional life
http://www.garlic.com/~lynn/99.html#7 IBM S/360
http://www.garlic.com/~lynn/99.html#74 Read if over 40 and have Mainframe background
http://www.garlic.com/~lynn/99.html#75 Read if over 40 and have Mainframe background
http://www.garlic.com/~lynn/99.html#103 IBM 9020 computers used by FAA (was Re: EPO stories (was: HELP IT'S HOT!!!!!))
http://www.garlic.com/~lynn/99.html#110 OS/360 names and error codes (was: Humorous and/or Interesting Opcodes)
http://www.garlic.com/~lynn/99.html#112 OS/360 names and error codes (was: Humorous and/or Interesting Opcodes)
http://www.garlic.com/~lynn/99.html#187 Merced Processor Support at it again
http://www.garlic.com/~lynn/99.html#188 Merced Processor Support at it again
http://www.garlic.com/~lynn/99.html#190 Merced Processor Support at it again
http://www.garlic.com/~lynn/2000.html#78 Mainframe operating systems
http://www.garlic.com/~lynn/2000b.html#37 How to learn assembler language for OS/390 ?
http://www.garlic.com/~lynn/2000b.html#65 oddly portable machines
http://www.garlic.com/~lynn/2000c.html#35 What level of computer is needed for a computer to Love?
http://www.garlic.com/~lynn/2000c.html#44 WHAT IS A MAINFRAME???
http://www.garlic.com/~lynn/2000c.html#69 Does the word "mainframe" still have a meaning?
http://www.garlic.com/~lynn/2000c.html#75 Does the word "mainframe" still have a meaning?></pre>
http://www.garlic.com/~lynn/2000c.html#83 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000d.html#0 Is a VAX a mainframe?
http://www.garlic.com/~lynn/2000d.html#7 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000d.html#11 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000d.html#12 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000d.html#21 S/360 development burnout?
http://www.garlic.com/~lynn/2000d.html#61 "all-out" vs less aggressive designs (was: Re: 36 to 32 bit transition)
http://www.garlic.com/~lynn/2000d.html#82 "all-out" vs less aggressive designs (was: Re: 36 to 32 bit transition)
http://www.garlic.com/~lynn/2000e.html#57 Why not an IBM zSeries workstation?
http://www.garlic.com/~lynn/2000e.html#58 Why not an IBM zSeries workstation?
http://www.garlic.com/~lynn/2000g.html#11 360/370 instruction cycle time
http://www.garlic.com/~lynn/2000g.html#28 Could CDR-coding be on the way back?
http://www.garlic.com/~lynn/2000g.html#29 Could CDR-coding be on the way back?
http://www.garlic.com/~lynn/2001.html#63 Are the L1 and L2 caches flushed on a page fault ?
http://www.garlic.com/~lynn/2001b.html#37 John Mashey's greatest hits
http://www.garlic.com/~lynn/2001b.html#39 John Mashey's greatest hits
http://www.garlic.com/~lynn/2001b.html#69 Z/90, S/390, 370/ESA (slightly off topic)
http://www.garlic.com/~lynn/2001b.html#83 Z/90, S/390, 370/ESA (slightly off topic)
http://www.garlic.com/~lynn/2001c.html#1 Z/90, S/390, 370/ESA (slightly off topic)
http://www.garlic.com/~lynn/2001c.html#3 Z/90, S/390, 370/ESA (slightly off topic)
http://www.garlic.com/~lynn/2001e.html#9 MIP rating on old S/370s
http://www.garlic.com/~lynn/2001i.html#13 GETMAIN R/RU (was: An IEABRC Adventure)
http://www.garlic.com/~lynn/2001j.html#3 YKYGOW...
http://www.garlic.com/~lynn/2001k.html#8 Minimalist design (was Re: Parity - why even or odd)
http://www.garlic.com/~lynn/2001l.html#24 mainframe question
http://www.garlic.com/~lynn/2001l.html#32 mainframe question
http://www.garlic.com/~lynn/2001m.html#15 departmental servers
http://www.garlic.com/~lynn/2001n.html#39 195 was: Computer Typesetting Was: Movies with source code
http://www.garlic.com/~lynn/2002.html#36 a.f.c history checkup... (was What specifications will the standard year 2001 PC have?)
http://www.garlic.com/~lynn/2002.html#48 Microcode?
http://www.garlic.com/~lynn/2002b.html#0 Microcode?
http://www.garlic.com/~lynn/2002b.html#2 Microcode? (& index searching)
http://www.garlic.com/~lynn/2002c.html#40 using >=4GB of memory on a 32-bit processor
http://www.garlic.com/~lynn/2002d.html#7 IBM Mainframe at home
http://www.garlic.com/~lynn/2002d.html#10 IBM Mainframe at home
http://www.garlic.com/~lynn/2002d.html#51 Hardest Mistake in Comp Arch to Fix
http://www.garlic.com/~lynn/2002f.html#8 Is AMD doing an Intel?
http://www.garlic.com/~lynn/2002g.html#17 Black magic in POWER5
http://www.garlic.com/~lynn/2002i.html#7 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#19 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#21 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#22 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#23 CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002i.html#37 IBM was: CDC6600 - just how powerful a machine was it?
http://www.garlic.com/~lynn/2002j.html#30 Weird
http://www.garlic.com/~lynn/2002k.html#4 misc. old benchmarks (4331 & 11/750)
http://www.garlic.com/~lynn/2002l.html#57 Handling variable page sizes?
http://www.garlic.com/~lynn/2002m.html#2 Handling variable page sizes?
http://www.garlic.com/~lynn/2002m.html#75 New Book
http://www.garlic.com/~lynn/2002n.html#10 Coherent TLBs
http://www.garlic.com/~lynn/2002n.html#58 IBM S/370-168, 195, and 3033
http://www.garlic.com/~lynn/2002n.html#59 IBM S/370-168, 195, and 3033
http://www.garlic.com/~lynn/2002n.html#63 Help me find pics of a UNIVAC please
http://www.garlic.com/~lynn/2002n.html#73 Home mainframes
http://www.garlic.com/~lynn/2002p.html#43 cost of crossing kernel/user boundary

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

20th Anniversary Of The Internet

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: 20th Anniversary Of The Internet
Newsgroups: bit.listserv.ibm-main
Date: Tue, 17 Dec 2002 16:39:08 GMT
and for something completely different see mention at:
http://www.garlic.com/~lynn/rfcietff.htm

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

20th anniversary of the internet (fwd)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: 20th anniversary of the internet (fwd)
Newsgroups: alt.folklore.computers
Date: Tue, 17 Dec 2002 17:23:18 GMT
random other email from the period ... also slightly related (includes list of CMU machines):
http://www.garlic.com/~lynn/2001l.html#61 MVS History (all parts)
Date: 12/14/82--14:41:14
To: CSNET mailing list
Subject: New CMU addresses now supported by CSNET

The new CMU addresses (CMU-CS-A, CMU-CS-B, CMU-CS-VLSI, etc.) are now supported by CSNET. The old addresses like CMU-10A, CMU-10B, etc. no longer are accepted, but the nicknames CMUA, CMUB, etc. are still valid.


--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

cost of crossing kernel/user boundary

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: cost of crossing kernel/user boundary
Newsgroups: comp.arch,comp.programming.threads,alt.folklore.computers
Date: Tue, 17 Dec 2002 19:59:45 GMT
"glen herrmannsfeldt" writes:
This sounds similar to the transient SVC area of OS/360, though I believe that it had more than one, and I think they were 2K.

I hope they don't still have transient SVC's in OS/390.


yes ... except instead of having a specific location(s) for loading transient SVCs ... it was done thru standard paging mechanism. i had done a lot with transient SVCs also on MFT & MVT performance enhancements ... you could have some preloaded at boot and fixed in the kernel (if you had the real storage) and the rest was careful building of sys1.svclib to optimize disk arm motion. all required good trace & frequency count of transient SVCs being loaded.

random past references to optimized MFT (& MVT) system builds that got me three times thruput improvement for specific test job mix. note that the os/360 thruput optimization work that i did as an undergraduate was pretty much independent of the cp/67 work (performance & function).
http://www.garlic.com/~lynn/94.html#18 CP/67 & OS MFT14
http://www.garlic.com/~lynn/94.html#20 CP/67 & OS MFT14
http://www.garlic.com/~lynn/97.html#22 Pre S/360 IBM Operating Systems?
http://www.garlic.com/~lynn/97.html#28 IA64 Self Virtualizable?
http://www.garlic.com/~lynn/98.html#21 Reviving the OS/360 thread (Questions about OS/360)
http://www.garlic.com/~lynn/99.html#93 MVS vs HASP vs JES (was 2821)
http://www.garlic.com/~lynn/2000c.html#10 IBM 1460
http://www.garlic.com/~lynn/2000d.html#50 Navy orders supercomputer
http://www.garlic.com/~lynn/2001.html#26 Disk caching and file systems. Disk history...people forget
http://www.garlic.com/~lynn/2001b.html#23 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001f.html#26 Price of core memory
http://www.garlic.com/~lynn/2001h.html#12 checking some myths.
http://www.garlic.com/~lynn/2001i.html#30 IBM OS Timeline?
http://www.garlic.com/~lynn/2001k.html#37 Is anybody out there still writting BAL 370.
http://www.garlic.com/~lynn/2002b.html#23 Infiniband's impact was Re: Intel's 64-bit strategy
http://www.garlic.com/~lynn/2002b.html#24 Infiniband's impact was Re: Intel's 64-bit strategy
http://www.garlic.com/~lynn/2002c.html#45 cp/67 addenda (cross-post warning)
http://www.garlic.com/~lynn/2002c.html#51 cp/67 addenda (cross-post warning)
http://www.garlic.com/~lynn/2002m.html#3 The problem with installable operating systems
http://www.garlic.com/~lynn/2002n.html#29 why does wait state exist?
http://www.garlic.com/~lynn/2002n.html#71 bps loader, was PLX

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

Newbie: Two quesions about mainframes

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Newbie: Two quesions about mainframes.
Newsgroups: alt.folklore.computers,bit.listserv.ibm-main
Date: Wed, 18 Dec 2002 14:17:11 GMT
jmfbahciv writes:
Huh? Batch is just a user who never makes typoes when telling the computer what to do.

and who is always at their keyboard 24hrs a day, 7 days a week to immediately respond to any and all program activities within milliseconds.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/

cost of crossing kernel/user boundary

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: cost of crossing kernel/user boundary
Newsgroups: comp.arch,comp.programming.threads,alt.folklore.computers
Date: Wed, 18 Dec 2002 14:36:43 GMT
Anne & Lynn Wheeler writes:
One more thing that I did (during the summer job I had at BCS) was introduce the pageable kernel routines. Both CP/67 and VM/370 kernels ran in "real" addressing mode (but PSW changes to/from virtual machines would switch in & out of virtual address mode). The issue was

... and for a little bit of thread drift ... later when I did the vm370 resource manager ... somewhat related:
http://www.garlic.com/~lynn/2001e.html#45 VM/370 Resource Manager
http://www.garlic.com/~lynn/subtopic.html#fairshare
http://www.garlic.com/~lynn/submain.html#bench
http://www.garlic.com/~lynn/submain.html#dumprx

there were other bits and pieces besides paging & scheduling algorithms ... there were bits and pieces of other stuff like i redid the kernel serialization primitive that eliminated a lot of the timing-dependent failures that had been occuring. I also created a dummy virtual memory table for each logged on user (in addition to their normal virtual address space tables). the kernel tended to have a lot of control blocks for each process (including their virtual memory tables themselves) .... for inactive processes i would copy a bunch of these tables into the process's dummy address table and use that to page the tables out to secondary storage (freeing up the fixed storage). This was somewhat analogous to the system dummy page table used to page kernel code.

--
Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/




next, previous, index - home