List of Archived Posts
2005 Newsgroup Postings (01/31 - 02/12)
- [Lit.] Buffer overruns
- 4shift schedule
- [Lit.] Buffer overruns
- The mid-seventies SHARE survey
- Anyone know what the 'clipper' chip looks like ?
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- The mid-seventies SHARE survey
- The mid-seventies SHARE survey
- [Lit.] Buffer overruns
- The mid-seventies SHARE survey
- The mid-seventies SHARE survey
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- Volume Largest Free Space Problem... ???
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- XML Encryption
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- The mid-seventies SHARE survey
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- Oldest active information system
- [Lit.] Buffer overruns
- History of performance counters
- [Lit.] Buffer overruns
- History of performance counters
- History of performance counters
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- [Lit.] Buffer overruns
- 12-2-9 REP & 47F0
- [Lit.] Buffer overruns
- intel's Vanderpool and virtualization in general
- Thou shalt have no other gods before the ANSI C standard
- Thou shalt have no other gods before the ANSI C standard
- intel's Vanderpool and virtualization in general
- intel's Vanderpool and virtualization in general
- comp.arch thread "intel's vanderpool and virtualization in general" ,,, fyi
- Thou shalt have no other gods before the ANSI C standard
- intel's Vanderpool and virtualization in general
- Is the solution FBA was Re: FW: Looking for Disk Calc
- Thou shalt have no other gods before the ANSI C standard
- looking to buy a working DX box
- intel's Vanderpool and virtualization in general
- Thou shalt have no other gods before the ANSI C standard
- intel's Vanderpool and virtualization in general
- [Lit.] Buffer overruns
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Mon, 31 Jan 2005 11:34:37 -0700
Anne & Lynn Wheeler writes:
the result was actually less code, ran much faster and had more
function ... besides not having lots of failure modes. part of the
problem was that the code i had modified had somewhat evolved over
nearly ten year period with new feature/function periodically being
grafted on. I rewrote nearly the whole operating system I/O
subsystem from scratch which had a side effect of resulting in
significantly less code, faster code, no failures, and more
function.
long ago and far away in another lifetime, it periodically crossed my
mind that everything would be much simpler and better if they stopped
letting other people ship code ... in part there would be a lot less
for me to fix afterwards. i eventually outgrew it.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
4shift schedule
Refed: **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: 4shift schedule
Newsgroups: alt.folklore.computers
Date: Mon, 31 Jan 2005 11:39:39 -0700
there also used to be this joke about having a four shift schedule
... 1st shift in bldg28/sjr on things like
http://www.garlic.com/~lynn/subtopic.html#systemr
2nd shift in bldg14/15 on disk engineering
http://www.garlic.com/~lynn/subtopic.html#disk
3rd shift in bldg90/stl & bldg29 (vlsi lab) on variety
of things including (high speed data transport):
http://www.garlic.com/~lynn/subnetwork.html#hsdt
and 4th shift (weekends) doing stuff for hone
http://www.garlic.com/~lynn/subtopic.html#hone
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Mon, 31 Jan 2005 12:18:08 -0700
"Tom Linden" writes:
I suspect she was referring to the cpu, of which of course there
could multiple in a given computer. Even the CDC6400 (40 years ago)
could simultaneoussly execute two instructions simultaneously in
certain streams.
the 195 genre ('71) had 64 instruction pipeline, register coloring,
etc ... It had a problem that a branch instruction (modulo loop
sequence within the pipeline) resulted in draining the pipeline (no
speculative execution, etc).
the result was that most codes tended to keep the pipeline only half
full (and tended to run along at half the peak MIP rate).
there was a project about 30 years ago that looked at supporting dual
i-streams ... somewhat akin to the current hyperthreading work. there
would be two instruction addresses, duplicate registers, programmed
like a two-processor smp. the instructions and registers in the
pipeline would have a one-bit red/black tag indicating which i-stream
the operation was associated with. The theory was that two i-streams,
each keeping the pipeline half-full might result in aggregate thruput
nearly twice the single thread version.
precusor reference to acs ... from the 60s
http://www.cs.clemson.edu/~mark/acs_inst_set.html
eager execution, dual path, multiple path
http://www.cs.clemson.edu/~mark/eager.html
selected historical computer designs
http://www.cs.clemson.edu/~mark/hist.html
a secret computer project in the '60s
http://www.cs.clemson.edu/~mark/acs.html
which is different from the FS secret computer project in the '70s
http://www.cs.clemson.edu/~mark/fs.html
and more drift ... my postings mentioning FS
http://www.garlic.com/~lynn/subtopic.html#futuresys
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
The mid-seventies SHARE survey
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The mid-seventies SHARE survey
Newsgroups: alt.folklore.computers
Date: Mon, 31 Jan 2005 12:49:02 -0700
glen herrmannsfeldt writes:
The ITEL 7330 was a 3330 clone that would run on S/360, at least
it would on the 360/91. I am not sure about the channel question as
far as the 91 goes.
and might run on the 85, 75, some possibility in 65 (i.e. the 65
tended to have one or two channels that you could attach 2301 drum
... which read/wrote 4heads in parallel and transfer rate about
1.5mbytes/sec). it wouldn't support 3330 block multplexor operation
with set sector commands on machines that didn't have block
multiplexor channels (i have some vague recollection there is some
possibility that 85 was late enuf in the engineering cycle that it
might have gotten block multiplexor channel).
the 3330 had 20 surfaces and 20 heads ... however, only 19
platters/heads were addressable. the 20th surface had sector
information.
normal 360 CKD dasd operation was
seek
search-id (equal, say cchhr)
tic *-8
read/write
the cchr argument for the search operation was in main memory. in CKD
dasd architecture you could tag a record with some id value (standard
programming tended to use CCHHR type tags). Rather than having
indexes of stuff in memory, it was possible to just know the ID
of the record ... and start an operation that searched for that
record ID.
this architecture traded off real-storage (which was typically in 360
generation terribly constrained ... or at least believed to be
terribly constrained) with I/O bandwidth; the search operation would
maintain device, controller, and channel dedicated use while it
recognized the start of each record, (re)fetched the ID from main
memory and compared it to the ID of the record currently rotating
under the head. This was horribly expensive in terms of device,
controller and channel utilization. However, in the 360 era, it was
deemed to be an acceptable trade-off if it saved on needing real
storage.
for 3330, the architecture was enhanced if you had a relatively
regular data format; you could know ahead of time the sector location
(rotational position) of the start of the record you wanted. the
ccw sequence then looked something like
seek
set-sector
search-id
tic *-8
read/write
the set-sector operation freed up the control unit and channel (and
possibly string-switch, if one was involved) ... until the sector
location rotated under the 20th head. This could cut the channel and
controller busy in half or better ... potentially doubling the i/o
thruput (in i/o intensive environment).
so the other side is looking at the business ROI ... it turns out that
they were shipping standard 3330s as fast as they could make them.
Any possible incremental 3330 business that came from retrofitting
3330s to 360s would have to be really significant ... to pull the
(scarce) engineers off work on 3330 enhancements, 3350s, 3370s, 3375s,
3380, etc work. The big paying customers were getting a lot larger
bang for the buck off the other work the engineers were doing than any
possible retrofit that they might do for a relatively few number ofs
360s.
Now on the otherside ... they didn't completely fix CKD dasd (say by
converting everything over to fixed-block architecture, FBA).
CP67/VM370/CMS effectively always had an FBA architecture that they
were forced to emulate on CKD dasd. There wer significant features of
OS/360 genre of operating systems that were dependent on CKD dasd
search feature. Both PDS library directories and the master volume
VTOC (directory) relied on multi-track search. Rather than maintain
indexes (that would require being cached in memory ... tying up real
storage), they used multi-track searching to find a unique directory
entry out on disk; these records had ids that represented what they
indexed, rather than their relative position on disk. Rather than
read/cache multi-level of pointers ... they just told the disk to go
find the specific directory entry they were interested in.
this design had even more serious impact on channel, controller,
device (and potentially string-switch) busy/utilization.
http://www.garlic.com/~lynn/subtopic.html#dasd
In the late 70s, i shot a customer performance problem at a large
retail batch/online shop (not vm370/cms) ... where they had multiple
machines sharing the same large disk farm. It turns out all the
machines shared the same application program library ... and during
busy period of the day ... all the machines were constantly loading
various applications out of the library. Every application load always
first reading the directory entry. Reading the directory entry first
required searching for it. Each search operation was taking 1/3rd to
1/2 second elapsed time, during which the device, string-switch,
controller and channel was busy. The actual application program load
was on the order of 30-50mils elapsed time. In addition to the serious
resource busy time ... the aggregate cluster of machines was limited
to approx. two application program loads per second. There were
hundreds of applications in this particular library ... that had
aggregate use demand on the order of scores per second not two per
second.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
Anyone know what the 'clipper' chip looks like ?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Anyone know what the 'clipper' chip looks like ?
Newsgroups: sci.crypt
Date: Mon, 31 Jan 2005 14:15:57 -0700
"Alex Bird" writes:
Yes, thanks guys, though it seems I made a mistake, I was mixing
clipper up with skipjack. The device is some sort of fortezza thing
from 'kasten chase applied research'. This doesn't have the same
noteriety, so I probably won't keep any chips from it ;o) In any case
I can only find chips from the normal manufacturers.
clipper was chip with that thing called LEAF
http://www2.gsu.edu/~lawppw/lawand.papers/dwilson.html
http://encryption_policies.tripod.com/us/denning_0795_clipper.htm
skipjack encryption:
http://www.cs.technion.ac.il/~biham/Reports/SkipJack/
http://www.powerbasic.com/support/forums/Forum7/HTML/001545.html
http://csrc.nist.gov/encryption/skipjack/skipjack.pdf
http://www.schneier.com/crypto-gram-9807.html#skip
and fortezza were these cards with certificates, preloaded
public/private keys and various onboard crypto algorithms
http://www.mykotronx.com/products/fortezza/index.asp
http://www.rsasecurity.com/rsalabs/node.asp?id=2320
later there was fortezza-ii
http://www.infoworld.com/cgi-bin/displayStory.pl?97115.wnetscape.htm
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Mon, 31 Jan 2005 15:33:55 -0700
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
You mean databases? Maybe true. Now look at the extreme measures
that app developers take to keep the databases away from the
internet. E.g. a typical public-facing banking system these days
has an application written in Java (with, natch, GC) followed by a
hardware firewall followed by the database, even though both the app
and db layers are inside a security boundary. And they still live
in dread of some SQL injection attack taking over the database. I
haven't figured out the precise reason for the firewall (maybe just
superstition), but it's a typical practice anyway.
the more complex and greater magnitude the manual operations ... the
higher probability of mistake that might be exploited.
frequently you have browser, firewall, webserver/application, and then
database ... both the firewall and the webserver are between the
browser machine and the database machine ... the webserver has lan to
the firewall and a totally disjoint lan to the database machine.
a common mistake is somebody doing database maintanance ... the web
interface is taken down, possibly they enable some other form of
remote access, then enable database for changes/administration ... do
the updates/changes ... and then forget to lock the database machine
down again before re-enabling the web interface.
for the original payment gateway ... way back in the dark ages ... we
put in packet filtering router .... for which only a couple things
were allowed ... which was connected to a striped-bare machine running
application firewall (there was a lot of roll-your-own stuff in this
era) ... who's primary duty was checking for length reasonability on
incoming requests ... before it got to the machine running the
webserver ... which invoked an application ... that in turn forwarded
the request to the real processor.
back then one of the most popular routers had a pack filtering
specification interface ... where the common failure mode was that the
admin specified the inverse of what they had intended. It had to do
with the human factors of the specification language. we had two
otherwise functional routers from different vendors .... one required
200-300 line specification for the packet filtering rules and the
newsgroups had a lots of comments about people specifying the inverse
of what they thot they were specifying (aka they were constantly
allowing when they thot they were denying) and the other required
20-30 lines to specify the same exact filtering ... and I know of no
reported failures where people reported that they had specified the
inverse of what they wanted.
later, one of them somewhat featured the really horrible human factors
of their specification interface by offering a new GUI that simplified
the rule specification ... which would then turn around and generate
the actual specification (that people were constantly making mistakes
with) which was what was actually loaded into the router.
to slightly bring it back to crypto ... one of the things done for
this early payment gateway ... the protocol used SSL between the
webserver and the gateway (in part because of the vendor involved)
... but we came up with something referred to as mutual authentication
(before there was any specification for anything about mutual
authentication)
minor random old ref:
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Mon, 31 Jan 2005 20:15:27 -0700
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
I ship when I believe there are no bugs. I leave the safety checks
enabled in case my belief turns out to be wrong. If you're a stunt
pilot and you wear a parachute, does that mean you're assuming
you're going to crash the plane?
when i shiped the resource manager ... i ran 2000 benchmarks that took
3 months elapsed time. the problem with the resource manager was that
issues with bugs included any problems with the performance of the
system (i.e. say might have 300 active users all with default
fairshare scheduling policy, you then give one user allocation of
twice fairshare and then have to verify that it operates as designed
across a large array of different workloads and configurations).
so the first thing to do was design and build an automated
benchmarking system ... could build new kernels on the fly and reboot
and automatically do the next benchmark. all w/o human intervention.
the first 1000 or so benchmarks were sort of chosen to cover the
complete domain space (workload, configuration, thruput, options,
etc).
an apl program was written ... that took in the results of all
benchmarks to date ... and then chose the next set of benchmark
characteristics (workload, configuration, options, etc) ... so it
could possibly do the next 1000.
the normal kernel service policy put out maintenance updates once a
month (including full source). they initially asked me to put out the
resource manager on the same schedule. now they had several hundred
people ... there was just me to update and integrate resource manager
with the latest kernel version and then perform regression tests to
validate that they hadn't done something in their kernel maintenance
that affected performance. I required at least 100 automatied
automated benchmarks that took a minimum of 48hrs elapsed time as part
of quality control before releasing a maintenance version. I talked
them into that i didn't have to do it more than once every three
months (instead of every month).
random related posts on fairshare scheduling, resource manager, etc
http://www.garlic.com/~lynn/subtopic.html#fairshare
http://www.garlic.com/~lynn/subtopic.html#wsclock
misc. posts on automated benchmarking process, workload profiling,
and the early days of capacity planning technology
http://www.garlic.com/~lynn/subtopic.html#bench
one of the problems was that i specified some synthentic workloads
that were ten times heavier than nominal heavy system load and were
guaranteed to crash the kernel. so before starting the final 3month
validation ... i had to rewrite and restructure all internal kernel
serialization mechanisms which eliminated all the stress testing
induced kernel crashes ... and as it turns out ... all known
occurances of zombie/hung processes. this exercise help later when i
redid the I/O subsystem for the disk engineering lab to eliminate all
system hungs &/or crashes associated with mis-behaving i/o operations.
http://www.garlic.com/~lynn/subtopic.html#disk
and even more later when we were doing ha/cmp
http://www.garlic.com/~lynn/subtopic.html#hacmp
minor related post
http://www.garlic.com/~lynn/95.html#13
for things like 5-nines and 6-nines availability ... during the
project, we coined the terms disaster survivability and geographic
survivability to differentiate from simple disaster/recovery. misc
past posts on business continuity, continuous availability, etc
http://www.garlic.com/~lynn/subtopic.html#available
now this still wasn't human rated ... for some topic drift, part of an
old thread from 1984 related to Y2k problems (nasa and glancing
reference to human rated systems):
http://www.garlic.com/~lynn/99.html#24
bldg.29/lsg vlsi lab built the LSM (Los gatos Simulation Machine ...
or later the Logic State Machine) ... basically used to validate chip
design logic. There was a design for the YSE (yorktown simulation
engine) and several EVEs built (endicott verification engine).
bldg. 86 in San Jose got an EVE ... so there was two chip validation
facilities in the san jose area.
in the time-frame involving the development of the RIOS chipset ...
misc. past 801 posts
http://www.garlic.com/~lynn/subtopic.html#801
i was also playing HSDT at the same time ...
http://www.garlic.com/~lynn/subnetwork.html#hsdt
had fiber-optic links, microwave links, traditional telco connections
and three TDMA earthstations (one in Yorktown, one in Los Gatos, and
one in Austin). Austin chip designs could go over the highspeed
satellite link to los gatos and the LSM. There was also a T3 collins
digital radio between bldg. 29 and the roof of bldg. 12 on the main
plant site ... and there was a microwave link from the roof of bldg.12
to the roof of bldg. 86 ... so could connect bldg 29 and bldg. 86
... and could also do high speed transmission of RIOS chip designs to
the EVE in bldg. 86. HSDT and the use of the San Jose hardware
verification were credited with helping bring in RIOS chipset a year
early. EVE could handle lot larger chip designs than the several year
older LSM. However the LSM had a unique feature, a clock. Most chip
verifications engines have assumed synchronous clock ... and so they
don't need one ... they just step everything in unison. LSM had a
clock and so could handle chips with asynchronous clocking as well as
digital chips with analog circuits (thin film magnetic disk heads).
As chips got more & more complex, it started becoming harder and
harder to do complete validation.
There was a joint project between a chip company, some people at
stanford ... and quite a few mathmaticians located in Moscow (and not
Moscow, Idaho) starting in the mid-90s to develop genetic algorithms
for chip design validation (some number of patent applications came
out of that effort).
misc. past LSM, YSE, and/or EVE posts
http://www.garlic.com/~lynn/2002d.html#3 Chip Emulators - was How does a chip get designed?
http://www.garlic.com/~lynn/2002g.html#55 Multics hardware (was Re: "Soul of a New Machine" Computer?)
http://www.garlic.com/~lynn/2002g.html#77 Pipelining in the past
http://www.garlic.com/~lynn/2002g.html#82 Future architecture
http://www.garlic.com/~lynn/2002j.html#26 LSM, YSE, & EVE
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from the Multics Security Evaluation
http://www.garlic.com/~lynn/2003.html#31 asynchronous CPUs
http://www.garlic.com/~lynn/2003k.html#3 Ping: Anne & Lynn Wheeler
http://www.garlic.com/~lynn/2003k.html#14 Ping: Anne & Lynn Wheeler
http://www.garlic.com/~lynn/2003o.html#38 When nerds were nerds
http://www.garlic.com/~lynn/2004j.html#16 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004o.html#25 CKD Disks?
http://www.garlic.com/~lynn/2004o.html#65 360 longevity, was RISCs too close to hardware?
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Mon, 31 Jan 2005 20:30:33 -0700
Anne & Lynn Wheeler writes:
for things like 5-nines and 6-nines availability ... during the
project, we coined the terms disaster survivability and geographic
survivability to differentiate from simple disaster/recovery. misc
past posts on business continuity, continuous availability, etc
http://www.garlic.com/~lynn/subtopic.html#available
when you start talking about five and six nines availability ... you
pretty much move out of the relm of "perfect code" and "no failures"
and are well into techniques for failure isolation or failure fencing
and failure recovery ... because you quickly realize that you aren't
going to have perfection.
a couple years ago ... one of the major financial transaction systems
credited their 100 percent availability over the previous six years
to two things:
• ims hot-standby
• automated operator
my wife did her stint in pok in charge of loosely-coupled architecture
(aka mainframe for clusters). she was also responsible for peer-couple
shared data architecture:
http://www.garlic.com/~lynn/subtopic.html#shareddata
and at the time, the ims hot-standby group was one of the few places
that paid her any attention (most of the company was focused on
uniprocessor and smp configurations)
automated operator is recognition that people make mistakes.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
The mid-seventies SHARE survey
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The mid-seventies SHARE survey
Newsgroups: alt.folklore.computers
Date: Tue, 01 Feb 2005 05:41:23 -0700
sidd@situ.com () writes:
how did you fix it ?
split the application library file into set of much smaller files
that were each much faster to search ... and then replicated them.
a much better fix would be to move to an FBA-architecture and start
caching directory entries.
a less better fix has been PDSE (partition data set extended)
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
The mid-seventies SHARE survey
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The mid-seventies SHARE survey
Newsgroups: alt.folklore.computers
Date: Tue, 01 Feb 2005 05:55:48 -0700
one of the issues of applying scarce resources to bldg new stuff or
niche markets of retrofitting current stuff to old iron aka nominally
360/65s or above, you had to have a customer with reasonably large
operation, and they need to buy large amounts of additional dasd and
weren't going to migrate to faster, bigger, cheaper 370 to go along
with the operation. memory on 360s was much more expensive than 370
memory ... typical 360/65 was 512kbytes ... you could at least migrate
to 2-4mbyte 370/155 ... which had much less expensive real memory.
However, a growing 360/65 shop that needed a lot more disk space was
likely to also need a lot more real storage and memory and was likely
to also migrate to 370/165.
note also a lot of the primary 3330 crew ... were part of the 200 disk
engineers that migrated with shugart in '69 ... leaving san jose with
real shortage of people in the early 70s (it really was scarce disk
engineering resources). even in the late 70s, i was being conned into
going to high level disk meetings. the excuse they gave was that they
still hadn't backfilled all the high-level "system" expertise that
they lost in the large shugart exit.
various past shugart postings:
http://www.garlic.com/~lynn/2000.html#9 Computer of the century
http://www.garlic.com/~lynn/2002.html#17 index searching
http://www.garlic.com/~lynn/2002l.html#50 IBM 2311 disk drive actuator and head assembly
http://www.garlic.com/~lynn/2004.html#5 The BASIC Variations
http://www.garlic.com/~lynn/2004j.html#36 A quote from Crypto-Gram
http://www.garlic.com/~lynn/2004l.html#14 Xah Lee's Unixism
http://www.garlic.com/~lynn/2004p.html#0 Relational vs network vs hierarchic databases
http://www.garlic.com/~lynn/2004q.html#64 Will multicore CPUs have identical cores?
http://www.garlic.com/~lynn/2005b.html#1 Foreign key in Oracle Sql
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Tue, 01 Feb 2005 20:43:35 -0700
Brian Inglis writes:
Was that used for 801 microcode in channel controllers and 9370
processors?
pl.8 is billed as a pli subset ... the original cp.r operating system
for 801 was written in pl.8 as was just about every other based 801
programming (other than unix stuff). cp.r on ROMP was going to be a
displaywriter replacement ... when that project got canceled they
decided to retarget ROMP to the unix workstation market. They hired
the same company that had done AT&T unix port to the PC for PC/IX ...
to do somewhat similar port to ROMP. However, instead of porting to
the bare metal ... they defined an abstract machine interface and
wrote a micro-kernel called VRM (virtual resource manager) in PL.8 was
the layer provided the abstract machine interface and the bare metal.
the whole concept of risc & 801 from the mid-70s was that the
processor design was significantly simplified and that compiler
technology would be used to compensate for the minimalist hardware.
It wasn't necessarily that the software using the processor was simple
... in fact the rules for optimizing the machine might be quite
complext ... but it was supposedly a software/hardware trade-off
... aka simplifying hardware implementation could be compensated for
by much more complex software (and code generation rules).
Some amount of sophisticated code optimization technology from pl.8
spread into pli compiler and libraries.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
The mid-seventies SHARE survey
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The mid-seventies SHARE survey
Newsgroups: alt.folklore.computers
Date: Tue, 01 Feb 2005 20:51:58 -0700
Mike Kingston writes:
In 1966, 360/75 at Rutherford High Energy Laboratory had 512K in a
cabinet similar to that shown in pic above - don't recollect having
seen it. They also had 1 megabyte Large Core Storage with a cycle
double that of the main core storage, in a stand-alone cabinet about 6
feet tall and base 2ft 6in or 3ft square, glazed cabinet sides.
One day it suffered what I guess was a dry joint. Not sure how
manufacturing made these wire attachments, but IBM officially said "no
way to repair that". Brave and skilled IBM account CEs located and
soldered the dry joint.
On another topic in neighbouring Harwell account, customer ordered
360/67 with red cabinets, to the horror of account SE at the thought
of living with that colour. He said in jest - no software support for
red machines, and what happened?..........
the story i was told was that the original 360/60 and 360/70
announcements were for similar 1microsecond memory (i.e. numbers went
30, 40, 50, 60, 70 ... & 62 for the virtual memory version of the 60).
before ship, there was better technology with 750ns memory and the
model numbers were changed to 360/65, 360/67, and 360/75).
Cambridge had six strings of 2314 drives ... the FE assigned to the
account decided to color code the controller doors (and spray painted
them accordingly). It was much simpler for operations to be told to
replace a 2314 pack on a red string or blue string, etc.
Most of the LCS that I was aware of came in 8microsecond variety
(which was better than ten times slower).
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
The mid-seventies SHARE survey
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The mid-seventies SHARE survey
Newsgroups: alt.folklore.computers
Date: Tue, 01 Feb 2005 21:01:22 -0700
Peter Flass writes:
I'm astonished that it would work like that. Obviously the timing
wasn't too critical anywhere between the device and the CPU!
os/360 had another kind of failure mode .. the 1052-7 used as operator
consoles on most 360 machines ... and if the 1052-7 ran out of paper,
an intervention required would be presented to the system. os/360 when
it got an intervention required would ring the system bell (load) and
stop (the system bell could also be rung for various other reasons
... so it wasn't absolutely determinable what the problem was).
there was a little finger paper sensor that would sense when the end
of paper occured ... now normally when that happen, the paper under
the type head would be pulled out and last of the fan-fold paper fell
to the floor (or possibly stand) ... so it would be pretty evident
that you had run out of paper.
however, it was possible for the paper to stick just a little and not
be pulled out ... so it wouldn't be evident why the system had hung
... at least not until great frustration (after trying everything
else) ... you smashed you fist into the keyboard ... breaking the
keyboard ... but also jostling the paper enuf so that it fell loose to
the floor and it was now evident what the problem was. At this point
the 1052-7 was also broken and a CE had to be called in to repair it.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Tue, 01 Feb 2005 21:37:54 -0700
daw@taverner.cs.berkeley.edu (David Wagner) writes:
I think you may be coming to the wrong conclusion. The thread started
with several people (myself included) arguing in favor of the benefits
of type- or memory-safe languages, or if you must use C, C with ABC.
One or two people objected that ABC is pointless and unnecessary and
that C without ABC is fine if you use professional software engineering
practices of sufficient rigor, and that everyone ought to be using those
practices in any event. If I appear focused on C, it is because I am
responding to this claim about C without ABC vs C with ABC.
I agree with your more general point, which is that the choice of
languages, libraries, and programming environment can have an impact
on security.
if the target storage area has a length/size that is not determinable
by the infrastructure (say no pointer+length paradigm found in some
infrastructures ... even in infrastructures using assembler language
programming) ... which then requires the programmer to specify the
size of the target storage area ... and there are some number of
buffer overflow failures because the programming has incorrectly
specified the size ... then it is also possible that the programmer
would incorrectly specify the target storage location size to any ABC.
However, if the target storage areas have infrastructure determinable
sizes ... which isn't dependent on the programmer to provide the
target storage area length/size ... then such target storage area
length/size could conceivably also be used by a number of buffer
related operations also (mitigated the requirement that ABC is
required for many buffer operations ... since it becames fairly
deterministic that they are going to operate correctly ... since they
could be using the same exact size limit construct that would be
relied upon by any ABC facility).
My assertion has been that most target storage areas that get
overflowed have no determinable size ... and therefor the size must be
manufactured by the programmer ... which can lead to mistaken size
values which can lead to buffer overflows. If the infrastructure
provides no determinable size value for target buffer areas ... then
any ABC implementation may also be subject to having the target buffer
area size/length provided by the programmer. But if some numbers of
the problems are because there are no infrastructure determinable
target storage location size/lengths and the infrastructure is at the
mercy of the programmer correctly specifying such lengths ... then it
is highly likely that any ABC facility could also fail because the
programming has incorrectly provided size/length to ABC for target
storage area (aka for ABC to correctly work it needs the actual
size/length in order to correctly do any bounds checking).
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Tue, 01 Feb 2005 23:59:12 -0700
slight disclaimer ... long ago and far away when i was an
undergraduate there were these two products ... a PLI checkout
compiler and a PLI optimizing compiler. Products tended to have
Ynn-nnnn documents called Program Logic Manual (or PLMs). For some
long forgotten reason, I decided to read the PLI checkout compiler's
PLM.
One of the things that struck me with reading the PLI checkout
compiler PLM is that for doing things like ABC ... the infrastructure
needed determinable sizes for structures and storage locations in
order to calculate bounds for use in ABC operations. If the
infrastructure didn't have determinable lengths and/or sizes for
storage areas ... then it was difficult to establish the bounds that
any ABC operation might use.
At least in the PLI case, structures and storages areas had
determinable lengths &/or sizes and therefor it was possible for ABC
to caculate bounds by which to perform ABC operations.
It also turns out that some number of buffer/string operations also
tended to use these determinable lengths and/or sizes as part of there
standard operation. Given that you could establish the correctness of
the library buffer/string operations that utilized these lengths/sizes
... you could be fairly confident that they were at least as correct
as the ABC operations that utilized the same length/size constructs.
There is some difficulty in extended ABC operations to environments
that includes storages areas that might lack infrastructure
determinable lengths and/or sizes ... since it then becomes difficult
for ABC to establish any bounds for use in doing ABC operations.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 09:06:23 -0700
Phil Carmody writes:
I just tried it out, and it seems that /dev/zero is quite happy
being opened for write, and that copy-on-write seems to be taking
place, and that it's of course zero-initialised to start with. I
hit swap too, with larger parameters, and it still behaved as
expected (by me, but not by you it seems).
one of the (early) optimizations i did to cp67 when an undergraduate
was change zero-filled pages. the original cp67 had a special
zero-filled page formated on the boot volume disk ... newly created
address spaces were all initialized to having their backing store page
pointing to the record (and the RECOMP flag set ... that if the page
was ever changed and selected for replacement ... it required
recomputing a new backing store location for the page out).
i changed the logic to indicate that there was an undefined backing
store page for newly created address space ... and logic in the page
fault handler to zero ten contiguous registers and perform a BXLE loop
with a STM (store-multiple) to zero the page on the fly.
it was part of complete rewrite of the page fault handling code and
inventing a new page replacement algorithm. misc. past posts on
the subject:
http://www.garlic.com/~lynn/subtopic.html#wsclock
ten years later somebody was having trouble getting their stanford phd
approved on the technology that i had invented ten years earlier ...
in part because it disagreed with some PC academic literature. I was
able to provide some direct performance comparisons between
implementation of the PC academic literature and my implementation
which appeared to help break the impasse over granting the phd.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 09:29:23 -0700
"Tom Linden" writes:
Was it possible with apprpriate permission to modify that page?
you could modify any storage resident page that had been fetched from
that zeros disk page. however, the page replacement algorithm ... when
it decided it had to be moved back to disk ... would honor the
RECOMP-flag and recompute a new disk backing store location (and reset
the RECOMP flag). Accessing the disk location containing the (system)
zeros page took special access privileges (basically write access to
the "raw" disk, something that somebody building a new replacement
kernel might have ... basically modify the disk location was on par
with building a new production kernel).
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 09:36:34 -0700
"Trevor L. Jackson, III" writes:
The only major gap I detect in the above is that a domain expert is
often quite valuable in that the software experts may share a
misinterpretation of the requirements and specs that becomes
illuminated during the review. If security is a serious issue then
a security expert becomes mandatory because the engineering staff
are intent upon what the code _should_ do while the security expert
will be intent upon what the code _should_not_ do.
in review of one of the FAA ATC modernization projects ... that issue
was raised ... but possibly not the way you think. a design and
implementation had been done predicated that hardware and operating
system software could mask all failures from the actual application.
however, as you walked thru the ATC process ... it turns out that
there were some number of possible failures/errors at the domain
processing level (unrelated to hardware and/or software bugs/errors).
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 12:28:02 -0700
"Tom Linden" writes:
Was it possible with apprpriate permission to modify that page?
or are you talking about the page(s) in memory instead?
default in cp67 was not have sharing in memory (except for
a hack i'll mention) ... the virtual address space technology
provided a very high degree of isolation (and assurance). some
places like commercial time-sharing services used it
http://www.garlic.com/~lynn/subtopic.html#timeshare
as well as some gov. TLAs.
360/67 had added virtual memory and features like segment sharing to
basic 360/65 hardware ... but no additional memory protection
features. If you were to provide common, concurrent acccess to the
same virtual page resident in real memory and still provide
protection ... the only store protect feature available on all
360s was the storarge-key based protection mechanism ... extended
discussion on the subject earlier in this thread
http://www.garlic.com/~lynn/2005.html#5 [Lit.} Buffer overruns
http://www.garlic.com/~lynn/2005.html#6 [Lit.} Buffer overruns
this was a problem in cp67 ... as per various previous posts, cp67
attempted to faithfully implemented the 360 principle of operations.
Fiddling the storage keys for (system) page protection could interfer
with some application use of the same storage key facility in the
virtual address space. fetch protection wasn't as much of an issue,
since with virtual address space architecture fetch protection can be
achieved by just not mapping the pages into the virtual address space
(if you can't address the data, then the usual implementation is that
you also can't fetch the data). In any case the original cp67 made
very little use of sharing the same real pages across multiple
different address spaces.
Now there were 1200 people that had been working on tss/360 (the
official corporate operating system for 360/67) that did a page mapped
filesystem and various virtual address sharing paradigms. The people
upstairs on the 5th floor was also doing similar stuff with multics.
In any case, i was a brash young programmer ... and I figured that
anything anybody else could do ... i could also do. So I designed
and implementated page mapped filesystem
http://www.garlic.com/~lynn/subtopic.html#mmap
and various virtual address space facilities ... although i was forced
to deal with some number of widely used conventions that bound
executable code to specific (virtual or otherwise) address locations
http://www.garlic.com/~lynn/subtopic.html#adcon
and for a little crypto topic drift ... some people may remember
email addresses with the hostname dockmaster from the 90s (and
some may even remember them from the 80s):
http://www.multicians.org/site-dockmaster.html
other drift:
http://www.garlic.com/~lynn/2001m.html#12 Multics Nostalgia
http://www.garlic.com/~lynn/2001m.html#15 departmental servers
now one of the things that had deviled tss/360 was that they had laid
out applications in a very flat structure ... and when the application
was invoked it just mapped in the whole structure and pretty much
relied on single page fault at a time to fetch the
operations. Something like a fortran compiler could be a couple
megabyte file ... and running on a 768k real machine with possibly
only 60-80 pages left after fixed kernel requirements ... there was a
huge amount of page wait in the infrastructure.
cms had essentially borrowed most of the major os/360 applications
which had been segmented to fit in small real storage environments
... with transitions between phases that would do block reads for
60kbytes-80kbytes at a time. translating this into a page mapped
infrastructure ... the block read requests were translated into page
mapped operations with hints for doing block page fetch for all pages
in the phase (single page fetch for possibly 10-20 pages at a time).
Now the generalized virtual memory architecture for 370 added a bunch
of stuff learned from 360/67 experience (and others). There was a
bunch of protection features (especially for shared environments) and
various other things like hardware selective invalidates. There were
this series of product concensus meetings in pok involving business
people, software people, and hardware people. As mentioned in several
other posts ... the 370/165 engineers were claiming that if they had
to implement various of the new features (protection mechnisms,
selective invalidates, etc), it would delay the announce of delivery
of 370 virtual memory by six months. Eventually the business decision
was made to drop those additionsl features from the 370 virtual memory
architecture and go with the earlier announce.
http://www.garlic.com/~lynn/2005b.html#62 The mid-seventies SHARE survey
the morphing of cp67/cms to vm370/cms was going to rely on all the new
protection mechenisms replacing the storage-key based protection hack
that had been used in cp67. however, when it was decided to go across
the product line with the 370/165 virtual memory subset ... vm370/cms
was forced to revert to the storage-key based protection hack.
we scroll forward a little bit and i've converted my cp67 page mapped
file system and enhanced virtual memory management facilities to vm370
... and the vm370 product group decide to pickup and ship a subset of
my virtual memory management facility. In parallel with this, somebody
else came up with an alternative shared page protection design. Using
the storage-key based protection hack cost cms some performance that
could be gained back if it was eliminated. One mechanism was to allow
processes to run w/o protection and between task switches
... determine if the active task had corrupted any "protected" pages.
If any corrupted protected pages were found ... they were discarded
and the system would revert to the uncorrupted copies on
disk. Overall, the overhead of this alternative implementation was
slightly less than the performance gain from eliminating the
storage-key protection hack (when limited to checking 16 virtual
shared pages).
The problem was that they shipped this brand new "protection"
(actually fix up corruptioin after the fact) at the same time they
shipped a subset of my expanded virtual address space use (which at a
minimum doubled the typical number of shared pages to 32 ... and
frequently to a lot larger number). At checking 32 shared pages
(instead of only 16 shared pages), the alternative protection
mechanism cost more than was gained from eliminating the storage key
based protection hack.
Now we scroll forward a little bit ... and we come to original
relational database implementation
http://www.garlic.com/~lynn/subtopic.html#systemr
all this work was going on in vm370/cms based operating system
environment. You would have a user process address space and a systemr
shadow address space of the user process. The shadow process had the
protected database stuff that ran on behalf of the user ... but the
user didn't have any direct control or access to the shadow. All the
shadows could have code that was nominally read-only shared and
portions of the shadow address spaces that were read/write shared
across all database processes (caching, serialization. commits,
locking, etc). This sharing of read/write address space areas was much
more of a permission issue than a protection issue (i.e. you only
wanted to have trusted processes with sharing of the read/write
database virtual memory areas).
So eventually you roll forward to 3033 ... and for the first time you
see some mainframe model implementing even a piece of the original 370
virtual memory hardware protection specification.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 12:48:59 -0700
Brian Inglis writes:
Totally untrue. Often systems are built of disparate components by
different people over a (short) period of time. You have to unit,
regression, and system test each piece from the backend out to the
frontend, assuming no tight dependencies which require all pieces be
updated together, before you can be sure you've got a new stable
release.
and if you have a rock solid interface specification like the 360
prinicple of operations ... that each side validated against ... then
you could have some level of development independence. of course that
started to get more complicated as creative uses of the DIAGNOSE
instruction became common.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 12:54:10 -0700
... oh, part II, somewhat later
http://www.garlic.com/~lynn/2004p.html#9 vm/370 smp support and shared segment protection hack
http://www.garlic.com/~lynn/2004p.html#10 vm/370 smp support and shared segment protection hack
vm370 support stuff for unix processes ... somewhat pattern after the
tss/370 ssup done for at&t for supporting unix processes.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 18:18:19 -0700
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
The IETF requires not one but two separate, independently written,
interoperating implementations of any spec to exist before they'll
approve the spec as a draft standard. I think they understand the
difficulty.
which is one of my favorite things about ISO standards ... an example
was their insistence that all networking standards had to conform to
the OSI model. ISO standards don't require any demonstration of
useability or feasability.
random past mutterings about rejecting HSP
http://www.garlic.com/~lynn/subnetwork.html#xtphsp
because it went directly from transport to MAC/LAN ... violating
OSI by
- bypassing OSI model transport/network interface
- supporting internetworking protocol ... which violates OSI
model
- supporting MAC/LAN inferface, MAC/LAN interface sits somewhere in
the middle of networking layer ... which violates the OSI model ... so
anything that interfaces/supports MAC/LAN interface also violates OSI
model.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 18:30:43 -0700
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
"Writing is the easy part. Deciding what to write is the hard part".
even harder is deciding what not to write (and KISS).
although in my brash youth i was drawn to the exercise of
re-arrainging totally unrelated code in the kernel so that some
desired result might happen purely as side-effect of totally unrelated
activity ... and therefor claim i could implement kernel function in
zero lines of code.
of course this could come back to bite your 5-10 years later with
somebody else doing kernel change and perturbing the carefully
orchistrated arrangement. part of the problem is these newer
generations never bother to learn the fine art of codeless
implementations, they tend to prefer very straight forward cause &
effect.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
Volume Largest Free Space Problem... ???
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Volume Largest Free Space Problem... ???
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Wed, 02 Feb 2005 21:43:12 -0700
shmuel+ibm-main@ibm-main.lst (Shmuel Metz , Seymour J.) writes:
The 2321 was not[1] a disk drive. BB had to be zero for every disk
drive, every drum and even the virtual disk drive (3330V) to the 3850
MSS. The 2321 was the only DASD that used nonzero BB. I believe that
you are correct as to which CCW data areas included a BB field, with
the possible exception of a maintenance CCW or two.
[1] What it was cannot be said in polite society.
drums and data-cells are part of the reason that it is called DASD
... *direct access storage device* ... as opposed to just disks, i.e.
there was stuff that while while it may have been brown were flat
round platters.
one of the engineers that went to memorex and latter formed BLI
claimed to have been an engineer on the 2321.
random other posts about dasd
http://www.garlic.com/~lynn/subtopic.html#dasd
and totally unrelated posts about dasd engineering and product
test labs in bldgs 14 & 15:
http://www.garlic.com/~lynn/subtopic.html#disk
random past posts mentioning 2321
http://www.garlic.com/~lynn/2000b.html#41 How to learn assembler language for OS/390 ?
http://www.garlic.com/~lynn/2000.html#9 Computer of the century
http://www.garlic.com/~lynn/2001.html#17 IBM 1142 reader/punch (Re: First video terminal?)
http://www.garlic.com/~lynn/2001.html#51 Competitors to SABRE?
http://www.garlic.com/~lynn/2001l.html#63 MVS History (all parts)
http://www.garlic.com/~lynn/2002f.html#3 Increased Paging in 64-bit
http://www.garlic.com/~lynn/2002g.html#84 Questions on IBM Model 1630
http://www.garlic.com/~lynn/2002.html#16 index searching
http://www.garlic.com/~lynn/2002.html#22 index searching
http://www.garlic.com/~lynn/2002i.html#26 : Re: AS/400 and MVS - clarification please
http://www.garlic.com/~lynn/2002i.html#31 : Re: AS/400 and MVS - clarification please
http://www.garlic.com/~lynn/2002i.html#33 "Mass Storage System"
http://www.garlic.com/~lynn/2002m.html#40 Wanted: the SOUNDS of classic computing
http://www.garlic.com/~lynn/2002o.html#3 PLX
http://www.garlic.com/~lynn/2002o.html#9 PLX
http://www.garlic.com/~lynn/2003b.html#7 Disk drives as commodities. Was Re: Yamhill
http://www.garlic.com/~lynn/2003b.html#9 Disk drives as commodities. Was Re: Yamhill
http://www.garlic.com/~lynn/2003b.html#18 Card Columns
http://www.garlic.com/~lynn/2003c.html#36 "average" DASD Blocksize
http://www.garlic.com/~lynn/2003.html#70 Disk drives as commodities. Was Re: Yamhill
http://www.garlic.com/~lynn/2003.html#72 Disk drives as commodities. Was Re: Yamhill
http://www.garlic.com/~lynn/2003k.html#36 What is timesharing, anyway?
http://www.garlic.com/~lynn/2003m.html#6 The real history of comp arch: the short form
http://www.garlic.com/~lynn/2003m.html#42 S/360 undocumented instructions?
http://www.garlic.com/~lynn/2003n.html#39 DASD history
http://www.garlic.com/~lynn/2004e.html#41 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004.html#5 The BASIC Variations
http://www.garlic.com/~lynn/2004.html#6 The BASIC Variations
http://www.garlic.com/~lynn/2004l.html#18 FW: Looking for Disk Calc program/Exec
http://www.garlic.com/~lynn/2004p.html#0 Relational vs network vs hierarchic databases
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Wed, 02 Feb 2005 22:28:17 -0700
"Tom Linden" writes:
No I was specifically wondering about the zero-page, since it could
have been a trojan host.
as mentioned
http://www.garlic.com/~lynn/2005c.html#16 [Lit.] Buffer overruns
direct access to the zeros page area required special raw disk
permission ... even special permission for r/o raw disk permission of
that disk area.
also as mentioned, i changed it fairly early on to an instruction loop
(the instruction loop was shorter than the pathlength to do a page i/o
operation) ... and even as an undergraduate ... they got to be fairly
good at shipping my code in the product.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: alt.folklore.computers
Date: Thu, 03 Feb 2005 08:31:37 -0700
Anne & Lynn Wheeler writes:
and for a little crypto topic drift ... some people may remember
email addresses with the hostname dockmaster from the 90s (and
some may even remember them from the 80s):
http://www.multicians.org/site-dockmaster.html
a random dockmaster sighting from google groups:
http://groups-beta.google.com/group/comp.risks/msg/642ef01efd359b0a?dmode=source
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Thu, 03 Feb 2005 12:29:04 -0700
"Charlie Gibbs" writes:
I wouldn't necessarily count crackers as incompetent. Indeed, some
are quite competent at what they do; these are the ones you hear
about being hired as security consultants.
In their place, though, I'd add those management types who have a
vested interest in the failure of a project.
a few years ago, we had a mini security conference at our house and
one of the refains by university security graduate program was
motivating the students to work on creating secure infrastructures
rather than working on garnering bragging rights by finding the next
exploit.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Thu, 03 Feb 2005 22:12:31 -0700
cmadams@hiwaay.net (Chris Adams) writes:
OSF/1^UDEC^WDigital Unix^WCompaq^WHP Tru64 Unix has overcommit in the
form of "lazy" swap allocation. The kernel only allocates swap when it
is needed, and if it can't, it starts killing processes (including
kernel processes).
part of the issue with page backing store allocation policy is whether
or not you have dups or not ... especially with large real memories. I
had done dynamic adaptive dup/no-dup allocation algorithms in the late
'70s. with a dup algorithm, once a disk location is allocated on
initial page out ... then it remains allocated even on subsequent page
in operations (i.e. there are two copies, one in memory and one on
disk). if the page then is selected for replacement ... and it hasn't
been modified during the most recently stay in storage ... then the
copy on disk could be considered still valid ... and you avoid the
page-out operation. in the no-dup scenario ... the backing storage
location is released as soon as a page is read into memory.
"lazy" swap tends to be sort of like no-dup ... but only for the
initial allocation. you can still overcommit a no-dup policy ... but
it gives a little bit better breathing room. i ran into a number of
unixes during the 90s that had "lazy" swap but a dup policty (once
allocated) and would bring themselves down. System initially booted,
some number of demons and other processors initialized and when to
sleep. application came along and started running ... forcing all the
pages for these startup routines to disk. the application is running
fine ... but "lazy" swap hasn't yet allocated any space. some of the
demons start to wake up and are being brought into memory ... which
starts forcing application pages out. The system hangs at this point
since there hasn't been enuf page space on disk allocated for a "dup"
policy ... but there would have been sufficient space if system was
able to dynamically switch to a "no-dup" policy. One could claim that
while dup policy was in-force, that a system could be quite a bit more
liberal in its allocation strategy ... but at a point where it was
forced from dup to no-dup policy ... it would start becoming quite a
bit more conservative.
In the "dup" policy ... you eventually need to have enuf disk space
for all pages that might exist. In a "no-dup" policy, the total number
of pages supportable is the combination of the allocated disk space
plus the pageable real memory. A "dup" policy might advise allocated
twice as much disk space for pages as there is real memory. A "no-dup"
policy might get along fine with the same amount of disk space as
there is real memory.
for some thread drift ... some amount about page replacement
algorithms that i had originated as undergraduate in the '60s
http://www.garlic.com/~lynn/subtopic.html#wsclock
some number of past threads on dup/no-dup allocation policie
http://www.garlic.com/~lynn/93.html#12 managing large amounts of vm
http://www.garlic.com/~lynn/93.html#13 managing large amounts of vm
http://www.garlic.com/~lynn/94.html#9 talk to your I/O cache
http://www.garlic.com/~lynn/2000d.html#13 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2001i.html#42 Question re: Size of Swap File
http://www.garlic.com/~lynn/2001l.html#55 mainframe question
http://www.garlic.com/~lynn/2001n.html#78 Swap partition no bigger than 128MB?????
http://www.garlic.com/~lynn/2002b.html#10 hollow files in unix filesystems?
http://www.garlic.com/~lynn/2002b.html#16 hollow files in unix filesystems?
http://www.garlic.com/~lynn/2002b.html#19 hollow files in unix filesystems?
http://www.garlic.com/~lynn/2002b.html#20 index searching
http://www.garlic.com/~lynn/2002e.html#11 What are some impressive page rates?
http://www.garlic.com/~lynn/2002f.html#20 Blade architectures
http://www.garlic.com/~lynn/2002f.html#26 Blade architectures
http://www.garlic.com/~lynn/2003f.html#5 Alpha performance, why?
http://www.garlic.com/~lynn/2003o.html#62 1teraflops cell processor possible?
http://www.garlic.com/~lynn/2004g.html#17 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004g.html#18 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004g.html#20 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004h.html#19 fast check for binary zeroes in memory
http://www.garlic.com/~lynn/2004i.html#1 Hard disk architecture: are outer cylinders still faster than inner cylinders?
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Thu, 03 Feb 2005 22:39:21 -0700
daw@taverner.cs.berkeley.edu (David Wagner) writes:
I don't have the numbers. The distribution of bugs falls off very
quickly after that, making it hard to identify a single bug that is
anywhere near as prevalent as buffer overruns.
near the start of the thread i made some references to stats that i've
pulled from cve database and exploit descriptions.
http://www.garlic.com/~lynn/2004q.html#74 [Lit.] Buffer overruns
as i previously mentioned the exploit descriptions are relatively
free-form and unstructured ... and there doesn't seem to be any
uniform process about the descriptions ... sometimes describing the
cause and sometimes describing the results and sometimes describing
both. My original analysis was from nearly a year ago and I made some
numbers of postings about the difficulty of cause determination
... recently there has been some statements that they will start using
more structure process for CVE entries.
From last year, I eventually did word and word pair frequency analysis
... buffer overruns showed up in about 1/5th of the CVE exploit
descriptions .... posting from nearly year ago about analysis of CVE
entries (note this isn't about the percentage of buffer overrun bugs,
this is the percentage of exploits that involved buffer overruns):
http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
a much more recent posting in this thread
http://www.garlic.com/~lynn/2005b.html#20 [Lit.] Buffer overruns
observes that the Feb. 2005 linux magazine has an article quoting NIST
as saying that for the exploited vulnerabilities (871) that they have
studied for the past four years, 20 percent of the exploited
vulnerabilities involved buffer overrun vulnerabilities (which was
about the same percentage I came up with by doing word-pair frequency
analysis on the CVE entries).
I've also observed that the buffer overrun vulnerabilities exploits
have apparently been deemed serious enuf that special hardware has
been developed to address the buffer overrun exploits issue (not
preventing the overruns ... but preventing that the overrun
vulnerabilities will lead to system compromises). some recent postings
discussion the no execute hardware and windows XP support for it
designed to address buffer overrun vulnerability exploits:
http://www.garlic.com/~lynn/2005.html#0 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#1 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#3 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#5 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#32 8086 memory space [was: The Soul of Barb's New Machine]
http://www.garlic.com/~lynn/2005b.html#25 360POO
http://www.garlic.com/~lynn/2005b.html#39 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#66 [Lit.] Buffer overruns
newer types of attacks and exploits seem to be evolving ... there had
been something in 1999 about buffer overruns being the majority
(i.e. the number of buffer overrun vulnerabilities exploits may not
have actually decreased ... there may just be an increase in other
kinds of exploits and attacks).
I also noted that something about buffer overrun vulnerability
exploits seemed to have spawned at least three books (just doing a
search on amazon.com titles for buffer overflow attack). recent posting
about papers, books, etc.
http://www.garlic.com/~lynn/2005b.html#42 [Lit.] Buffer overruns
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 07:55:40 -0700
Randy Howard writes:
There are a lot of different ways to exploit security problems, and
buffer overruns certainly get the press, but there are a lot more
methods, and I'm not sure that buffer overruns aren't dropping as
we speak versus other approaches. Admittedly they are very common,
but more and people know about them and how to avoid them.
An interesting article related to all of this is here:
http://research.microsoft.com/users/jpincus/beyond-stack-smashing.pdf
note that exploits of buffer overflow problems in c language
environment have been known for 15-20 years ... not only do they get
the press ... but more recently they are even getting their very own
hardware and operating system countermeasure.
repeat of a prior reference:
http://www.theregister.co.uk/2004/12/24/amd_dutch_ads
a reference from above:
http://dictionary.reference.com/search?q=buffer%20overflow
related to ABC and buffer overflow ... a prereq for ABC operations is
that the infrastructure have access to determinable length values for
the storage areas that ABC operations will be applied to.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 08:10:44 -0700
Randy Howard writes:
Yes. In fact, the authors of "The Shellcoder's Handbook" point out
that this very thing has been done over the last few years with the
bulk of the open source community software, resulting in very few
buffer overrun problems. 10,000 reviewers looking for such things
makes for a powerful cleanup party. The claim is that they are very
rare today in open source software. Judging by the number of buffer
overruns in commercial software versus open source, I think they're
probably correct.
the issue that the quoted data is from ... is not from buffer overflow
problems ... it is from exploits of buffer overflow problems. The
analysis didn't examine the number of buffer overflow software bugs as
percentage of all software bugs ... they examined the causes of
exploits and compromises and found that buffer overflow problems
account for 20% of the cause of all exploits and compromises. this has
been going on for possibly 20 years or more. the Linux magazine feb.
2005 article (pg. 38) mentioned that buffer overflow exploit gained
widespread notoriety in 1988 with the Morris worm.
note however, the prevalence and significant of the exploits and
compromises because of buffer overflow problems appear to have been
deemed significant enuf that specialized hardware and software was
created as countermeasure. Given that one of the exploit mechanisms
involve storage areas in the c language that lack infrastructure
determinable length areas ... the specialized hardware is not an ABC
mechanism (lack any determinable length on which to base a bounds
checking methodology) ... they just mark all such storage areas as
non-executable as a countermeasure to common exploit/compromise of
buffer overflow vulnerability.
misc. references to specialized hardware and software countermeasure
for buffer overflow exploits:
http://www.garlic.com/~lynn/2005.html#0 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#1 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#3 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#5 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#32 8086 memory space [was: The Soul of Barb's New Machine]
http://www.garlic.com/~lynn/2005b.html#25 360POO
http://www.garlic.com/~lynn/2005b.html#39 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#66 [Lit.] Buffer overruns
minor reference from one of the above
http://hardware.mcse.ms/message13436-4.html
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
XML Encryption
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: XML Encryption
Newsgroups: sci.crypt
Date: Fri, 04 Feb 2005 08:29:58 -0700
alastairgarrow@aol.com (Alastair Garrow) writes:
Thanks for reply. I do understand the difference but perhaps I never
explained it well. My understanding of encryption is that original
data, once encrypted, will be increased in size by the addition of
the key. Compression follows that. My understanding of XML
encryption is that encryption can be selective e.g. I could have
encrypted every third word of this message and left the rest in full
view. This being the case, I assume the main benefit of selective
encryption is to avoid some of the processing and transmission
difficulties with compressed and encrypted data. An example might
help - If I encrypted 100kb of data with a key that adds a 10%
overhead, that would be 110kb before compression. If I only had to
encrypted 10kb of that 100kb then I would have 90kb + 11kb (10kb
with the 10% overhead) = 101kb before encryption.
there are certain public key related paradigms that allow for the
attachment of a digital certificate as part of verifying a digital
signature. The digital signature isn't actually an encryption of the
data but an encryption of the hash of the data ... it is used by the
recipient for determining the integrity and origin of the transmitted
data.
the digital certificate paradigm was developed for environments where
the recipient would have had no prior contact and/or previous
knowledge of the sender ... and was a method of distributing the
sender's public key to such recipients (when the recipient would have
had to prior reason, occasion, and/or opportunity for obtaining the
sender's public key).
in the mid-90s this technology was applied to financial transactions
between a consumer and their financial institution. Now, in general, a
person has an account with their financial institution ... which
violates a basic premise of the original design point for digital
certificates. Another characteristics was that any attached digital
certificate could be two orders of magnitude larger than the basic
common financial transaction message size. As a result, the attachment
of such digital certificates was not only redundant and superfluous
but also served primarily to increase the financial transaction
message size by two orders of magnitude.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 08:54:37 -0700
Randy Howard writes:
Yes. In fact, the authors of "The Shellcoder's Handbook" point out
that this very thing has been done over the last few years with the
bulk of the open source community software, resulting in very few
buffer overrun problems. 10,000 reviewers looking for such things
makes for a powerful cleanup party. The claim is that they are very
rare today in open source software. Judging by the number of buffer
overruns in commercial software versus open source, I think they're
probably correct.
attached is partial repeat of a post from last summer
http://www.garlic.com/~lynn/2004j.html#58 Vintage computers are better than modern crap!
with truncated & sorted extraction of part of sentences from
descriptions in CVE database involving buffer overflow .. a large
amount of these programs appear to be relatively recent and represent
a spectrum of programs across both open source and non-open source.
Buffer overflow and denial of service in
Buffer overflow in /usr/bin/cu in Solari
Buffer overflow in AIX and Solaris ""get
Buffer overflow in AIX dtterm program fo
Buffer overflow in AIX ftpd in the libc
Buffer overflow in AIX lchangelv gives r
Buffer overflow in AIX lquerylv program
Buffer overflow in AIX rcp command allow
Buffer overflow in AIX writesrv command
Buffer overflow in AIX xdat gives root a
Buffer overflow in AOL Instant Messenger
Buffer overflow in AOL Instant Messenger
Buffer overflow in AOLserver 3.0 allows
Buffer overflow in ASP Server-Side Inclu
Buffer overflow in ASP.NET Worker Proces
Buffer overflow in Accept command in Net
Buffer overflow in Analog before 4.16 al
Buffer overflow in AnalogX SimpleServer:
Buffer overflow in AnalogX SimpleServer:
Buffer overflow in AnalogX SimpleServer:
Buffer overflow in AspUpload.dll in Pers
Buffer overflow in AuthFilter ISAPI filt
Buffer overflow in AuthFilter ISAPI filt
Buffer overflow in BEA WebLogic server p
Buffer overflow in BFTelnet allows remot
Buffer overflow in BIND 8.2 via NXT reco
Buffer overflow in BNC IRC proxy allows
Buffer overflow in BNU UUCP daemon (uucp
Buffer overflow in BSD and linux lpr com
Buffer overflow in BSD line printer daem
Buffer overflow in BSD-based lpr package
Buffer overflow in BSD-based telnetd tel
Buffer overflow in Berkeley automounter
Buffer overflow in BitchX IRC client all
Buffer overflow in CDE Calendar Manager
Buffer overflow in CProxy 3.3 allows rem
Buffer overflow in CSAdmin module in Cis
Buffer overflow in CSM mail server allow
Buffer overflow in CamShot WebCam HTTP s
Buffer overflow in Canna input system al
Buffer overflow in Cisco 7xx routers thr
Buffer overflow in Cisco TACACS+ tac_plu
Buffer overflow in CiscoSecure ACS Serve
Buffer overflow in Common Desktop Enviro
Buffer overflow in CommuniGatePro via a
Buffer overflow in Compaq Management Age
Buffer overflow in CrackLib 2.5 may allo
Buffer overflow in Dalnet IRC server 4.6
Buffer overflow in Darxite 0.4 and earli
Buffer overflow in Dosemu Slang library
Buffer overflow in EFTP allows remote at
Buffer overflow in EFTP allows remote at
Buffer overflow in Elm 2.5.5 and earlier
Buffer overflow in Embedded Support Part
Buffer overflow in Eterm of Enlightenmen
Buffer overflow in Exim allows local use
Buffer overflow in Flash OCX for Macrome
Buffer overflow in FreeBSD angband allow
Buffer overflow in FreeBSD fts library r
Buffer overflow in FreeBSD libmytinfo li
Buffer overflow in FreeBSD lpd through l
Buffer overflow in FreeBSD setlocale in
Buffer overflow in FreeBSD xmindpath all
Buffer overflow in Frox transparent FTP
Buffer overflow in Fujitsu Chocoa IRC cl
Buffer overflow in FuseMAIL POP service
Buffer overflow in Getkey in the protoco
Buffer overflow in Gnomelib in SuSE Linu
Buffer overflow in GoodTech Telnet Serve
Buffer overflow in GuildFTPd Server 0.97
Buffer overflow in HP Openview Network N
Buffer overflow in HP-UX newgrp program
Buffer overflow in HPUX passwd command a
Buffer overflow in HTML parser of the Lo
Buffer overflow in HTTP Proxy for Symant
Buffer overflow in Half Life dedicated s
Buffer overflow in Hilgraeve, Inc. Hyper
Buffer overflow in HylaFAX faxgetty befo
Buffer overflow in IBM HomePagePrint 1.0
Buffer overflow in IBM Net.Data db2www C
Buffer overflow in IBM WebSphere web app
Buffer overflow in ICQ before 2001B Beta
Buffer overflow in IIS 4.0 allows remote
Buffer overflow in IMAP server in Netsca
Buffer overflow in INN 2.2.1 and earlier
Buffer overflow in INN inews program.
Buffer overflow in IPSEC authentication
Buffer overflow in IPSwitch IMail SMTP s
Buffer overflow in ISAPI extension (idq.
Buffer overflow in ISS BlackICE Defender
Buffer overflow in ITHouse mail server 1
Buffer overflow in InetServ 3.0 allows r
Buffer overflow in Infopulse Gatekeeper
Buffer overflow in Infoseek Ultraseek se
Buffer overflow in Intel InBusiness eMai
Buffer overflow in Internet Explorer 4.0
Buffer overflow in Internet Explorer 4.0
Buffer overflow in Internet Explorer 5 a
Buffer overflow in Internet Explorer 5 d
Buffer overflow in Internet Information
Buffer overflow in Internet Mail Connect
Buffer overflow in Internet Mail Service
Buffer overflow in Internet Printing ISA
Buffer overflow in IrDA driver providing
Buffer overflow in KDE Kmail allows a re
Buffer overflow in KDE kdesud on Linux a
Buffer overflow in Kerberos 4 KDC progra
Buffer overflow in Kermit communications
Buffer overflow in Korn Shell (ksh) suid
Buffer overflow in L0pht AntiSniff allow
Buffer overflow in Linux Slackware crond
Buffer overflow in Linux cdrecord allows
Buffer overflow in Linux mount and umoun
Buffer overflow in Linux splitvt 1.6.3 a
Buffer overflow in Linux splitvt command
Buffer overflow in Linux xinetd 2.1.8.9p
Buffer overflow in Lotus Domino HTTP ser
Buffer overflow in Lotus Domino Mail Ser
Buffer overflow in Lotus Notes LDAP (NLD
Buffer overflow in Lynx 2.x allows remot
Buffer overflow in MDBMS database server
Buffer overflow in MDaemon POP server al
Buffer overflow in MERCUR SMTP server 3.
Buffer overflow in Mediahouse Statistics
Buffer overflow in Mercury MTA POP3 serv
Buffer overflow in Microsoft Clip Art Ga
Buffer overflow in Microsoft FrontPage S
Buffer overflow in Microsoft Index Serve
Buffer overflow in Microsoft MSN Chat Ac
Buffer overflow in Microsoft Outlook and
Buffer overflow in Microsoft Phone Book
Buffer overflow in Microsoft Phone Diale
Buffer overflow in Microsoft Rich Text F
Buffer overflow in Microsoft Telnet clie
Buffer overflow in Microsoft Terminal Se
Buffer overflow in Microsoft Visual Stud
Buffer overflow in Microsoft Windows Med
Buffer overflow in Microsoft Windows Med
Buffer overflow in Microsoft Windows Med
Buffer overflow in Microsoft command pro
Buffer overflow in Multiple UNC Provider
Buffer overflow in NCSA HTTP daemon v1.3
Buffer overflow in NFS mountd gives root
Buffer overflow in NFS server on Linux a
Buffer overflow in NIS+, in Sun's rpc.ni
Buffer overflow in NLS (Natural Language
Buffer overflow in NetMeeting allows den
Buffer overflow in NetScreen Firewall We
Buffer overflow in Netscape Communicator
Buffer overflow in Netscape Communicator
Buffer overflow in Netscape Directory Se
Buffer overflow in Netscape Enterprise S
Buffer overflow in Netscape Enterprise S
Buffer overflow in Netsnap webcam HTTP s
Buffer overflow in Netwin WebNews CGI pr
Buffer overflow in Norton Antivirus for
Buffer overflow in Novell GroupWise 6.0.
Buffer overflow in Novell iManager (eMFr
Buffer overflow in OSF Distributed Compu
Buffer overflow in OmniHTTPd CGI program
Buffer overflow in OpenBSD ping.
Buffer overflow in OpenBSD procfs and fd
Buffer overflow in OpenLink 3.2 allows r
Buffer overflow in OpenSSH before 2.9.9,
Buffer overflow in Oracle9iAS Web Cache
Buffer overflow in OverView5 CGI program
Buffer overflow in PHP cgi program, php.
Buffer overflow in POP servers based on
Buffer overflow in PerlIS.dll in Actives
Buffer overflow in Platinum Policy Compl
Buffer overflow in Pragma Systems Telnet
Buffer overflow in Qpopper (popper) 4.0.
Buffer overflow in RSAREF2 via the encry
Buffer overflow in Real Networks RealPla
Buffer overflow in RealJukebox 2 1.0.2.3
Buffer overflow in RealNetworks RealServ
Buffer overflow in RegAPI.DLL used by Wi
Buffer overflow in Remote Access Service
Buffer overflow in Remote Access Service
Buffer overflow in SCO scohelp program a
Buffer overflow in SGI IRIX mailx progra
Buffer overflow in SLmail 3.x allows att
Buffer overflow in SMTP service of Lotus
Buffer overflow in SNMP daemon (snmpd) o
Buffer overflow in Samba smbd program vi
Buffer overflow in SeaNox Devwex allows
Buffer overflow in Sendmail before 8.12.
Buffer overflow in Serv-U FTP 2.5 allows
Buffer overflow in Serv-U FTP server whe
Buffer overflow in Simple Network Time S
Buffer overflow in Skyfull mail server v
Buffer overflow in Small HTTP Server all
Buffer overflow in SmartDesk WebSuite al
Buffer overflow in SmartMax MailMax POP3
Buffer overflow in Solaris 7 lp allows l
Buffer overflow in Solaris dtprintinfo p
Buffer overflow in Solaris fdformat comm
Buffer overflow in Solaris getopt in lib
Buffer overflow in Solaris kcms_configur
Buffer overflow in Solaris lpset program
Buffer overflow in Solaris netpr program
Buffer overflow in Solaris sadmind allow
Buffer overflow in Solaris snmpXdmid SNM
Buffer overflow in Solaris snoop allows
Buffer overflow in Solaris snoop program
Buffer overflow in Solaris x86 mkcookie
Buffer overflow in Source Code Browser P
Buffer overflow in StarOffice StarSchedu
Buffer overflow in Sun ONE / iPlanet Web
Buffer overflow in Sun's ping program ca
Buffer overflow in SunFTP build 9(1) all
Buffer overflow in SunOS/Solaris ps comm
Buffer overflow in SysVInit in Red Hat L
Buffer overflow in TNS Listener for Orac
Buffer overflow in TT_SESSION environmen
Buffer overflow in Thomas Boutell's cgic
Buffer overflow in Tinyproxy HTTP proxy
Buffer overflow in ToxSoft NextFTP clien
Buffer overflow in Trend Micro Virus Bus
Buffer overflow in Trivial HTTP (THTTPd)
Buffer overflow in TrollFTPD 1.26 and ea
Buffer overflow in Universal Plug and Pl
Buffer overflow in University of Minneso
Buffer overflow in University of Washing
Buffer overflow in University of Washing
Buffer overflow in University of Washing
Buffer overflow in UnixWare i2odialogd d
Buffer overflow in UnixWare ppptalk comm
Buffer overflow in UnixWare rtpm program
Buffer overflow in UnixWare xauto progra
Buffer overflow in VB-TSQL debugger obje
Buffer overflow in VDO Live Player allow
Buffer overflow in VMWare 1.0.1 for Linu
Buffer overflow in VMware Authorization
Buffer overflow in Van Dyke SecureCRT SS
Buffer overflow in Vixie Cron library up
Buffer overflow in Vixie Cron on Red Hat
Buffer overflow in Vixie cron 3.0.1-56 a
Buffer overflow in Voyager web administr
Buffer overflow in WFTPD FTP server allo
Buffer overflow in WS_FTP FTP Server 3.1
Buffer overflow in WU-FTPD and related F
Buffer overflow in WU-FTPD and related F
Buffer overflow in War FTP allows remote
Buffer overflow in War FTPd 1.6x allows
Buffer overflow in WebActive HTTP Server
Buffer overflow in WebBBS 1.15 allows re
Buffer overflow in WebShield SMTP 4.5.44
Buffer overflow in Webfind CGI program i
Buffer overflow in Webstar HTTP server a
Buffer overflow in WinZip 8.0 allows att
Buffer overflow in Winamp 2.64 and earli
Buffer overflow in WindowMaker (aka wmak
Buffer overflow in Windows 2000 event vi
Buffer overflow in Windows NT 4.0 help f
Buffer overflow in Windows Shell (used a
Buffer overflow in Winhlp32.exe allows r
Buffer overflow in X server (Xsco) in Op
Buffer overflow in X11 dissector in Ethe
Buffer overflow in XFree86 3.3.x allows
Buffer overflow in Xi Graphics Accelerat
Buffer overflow in Xshipwars xsw program
Buffer overflow in Xsun X server in Sola
Buffer overflow in Xsun in Solaris 8 and
Buffer overflow in Xt library of X Windo
Buffer overflow in Yamaha MidiPlug via a
Buffer overflow in ZBServer Pro allows r
Buffer overflow in a legacy ActiveX cont
Buffer overflow in a system function tha
Buffer overflow in aVirt Rover POP3 serv
Buffer overflow in arp command in Solari
Buffer overflow in bash 2.0.0, 1.4.17, a
Buffer overflow in bftp daemon (bftpd) 1
Buffer overflow in bing allows remote at
Buffer overflow in bootpd 2.4.3 and earl
Buffer overflow in calserver in SCO Open
Buffer overflow in catopen() function in
Buffer overflow in cb_reset in the Syste
Buffer overflow in cfingerd allows local
Buffer overflow in chkey in Solaris 2.5.
Buffer overflow in cmctl program in Orac
Buffer overflow in cpr for the eoe.sw.cp
Buffer overflow in curl earlier than 6.0
Buffer overflow in dc20ctrl before 0.4_1
Buffer overflow in digest command in IBM
Buffer overflow in dlvr_audit for Calder
Buffer overflow in dmplay in IRIX 6.2 an
Buffer overflow in dsh in dqs 3.2.7 in S
Buffer overflow in dtterm in HP-UX 11.0
Buffer overflow in dvtermtype in Tridia
Buffer overflow in eDonkey 2000 35.16.60
Buffer overflow in eeprom in Solaris 2.5
Buffer overflow in efingerd 1.5 and earl
Buffer overflow in enq command in IBM AI
Buffer overflow in exrecover in Solaris
Buffer overflow in fdmount on Linux syst
Buffer overflow in ffbconfig in Solaris
Buffer overflow in free internet chess s
Buffer overflow in glob function of glib
Buffer overflow in gnuplot in Linux vers
Buffer overflow in healthd for FreeBSD a
Buffer overflow in httpGets function in
Buffer overflow in hybrid-6 IRC server c
Buffer overflow in iMesh 1.02 allows rem
Buffer overflow in imwheel allows local
Buffer overflow in index.cgi administrat
Buffer overflow in innd 2.2.2 allows rem
Buffer overflow in ippRead function of C
Buffer overflow in ircII 4.4 IRC client
Buffer overflow in ja-xklock 2.7.1 and e
Buffer overflow in jaZip Zip/Jaz drive m
Buffer overflow in kdc_reply_cipher of l
Buffer overflow in krb425_conv_principal
Buffer overflow in krb_rd_req function i
Buffer overflow in krshd in Kerberos 5 a
Buffer overflow in ksu in Kerberos 5 all
Buffer overflow in libi18n library in IB
Buffer overflow in licq 1.0.4 and earlie
Buffer overflow in line printer daemon (
Buffer overflow in linuxconf 1.11r11-rh2
Buffer overflow in listmanager earlier t
Buffer overflow in listserv allows arbit
Buffer overflow in logging functions of
Buffer overflow in login in various Syst
Buffer overflow in lpstat in IRIX 6.2 an
Buffer overflow in lukemftp FTP client i
Buffer overflow in mail command in Solar
Buffer overflow in mail included with Su
Buffer overflow in mailx in Solaris 8 an
Buffer overflow in man program in variou
Buffer overflow in mana in OpenServer 5.
Buffer overflow in mhshow in the Linux n
Buffer overflow in micq client 0.4.6 and
Buffer overflow in mopd (Maintenance Ope
Buffer overflow in mtr 0.46 and earlier,
Buffer overflow in mutt mail client allo
Buffer overflow in ncurses 5.0, and the
Buffer overflow in ndcfg command for Uni
Buffer overflow in newt.c of newt window
Buffer overflow in nftp FTP client versi
Buffer overflow in nnrpd program in INN
Buffer overflow in nslookupComplain func
Buffer overflow in nss_nisplus.so.1 libr
Buffer overflow in ntpd ntp daemon 4.0.9
Buffer overflow in ntping in scotty 2.1.
Buffer overflow in otrcrep in Oracle 8.0
Buffer overflow in pam_localuser PAM mod
Buffer overflow in ping in AIX 4.2 and e
Buffer overflow in piobe command in IBM
Buffer overflow in pioout command in IBM
Buffer overflow in pks PGP public key we
Buffer overflow in ppp program in FreeBS
Buffer overflow in procmail before versi
Buffer overflow in ptexec in the Sun Val
Buffer overflow in qpopper (aka qpop or
Buffer overflow in remote web administra
Buffer overflow in rpc.yppasswdd (yppass
Buffer overflow in rpc.yppasswdd allows
Buffer overflow in rwcgi60 CGI program f
Buffer overflow in sccw allows local use
Buffer overflow in search.cgi in mnoGoSe
Buffer overflow in setclock command in I
Buffer overflow in setsenv command in IB
Buffer overflow in ssh 1.2.26 client wit
Buffer overflow in sshd in OpenSSH 2.3.1
Buffer overflow in ssinc.dll in IIS 5.0
Buffer overflow in statd allows root pri
Buffer overflow in strong.exe program in
Buffer overflow in su in Tru64 Unix 5.x
Buffer overflow in sudo earlier than 1.6
Buffer overflow in suidperl (sperl), Per
Buffer overflow in syslog utility allows
Buffer overflow in tab expansion capabil
Buffer overflow in telnet daemon tgetent
Buffer overflow in telnet server in Wind
Buffer overflow in the ""Super"" utility
Buffer overflow in the ASP data transfer
Buffer overflow in the AddSuLog function
Buffer overflow in the CyberPatrol daemo
Buffer overflow in the ESMTP service of
Buffer overflow in the FTP client in the
Buffer overflow in the GUI authenticatio
Buffer overflow in the HTML interpreter
Buffer overflow in the HTML library used
Buffer overflow in the HTML parser for N
Buffer overflow in the HTML parsing code
Buffer overflow in the HTTP proxy server
Buffer overflow in the ISAPI DLL filter
Buffer overflow in the InterAccess telne
Buffer overflow in the LDAP component of
Buffer overflow in the Linux binary comp
Buffer overflow in the Linux mail progra
Buffer overflow in the Mail-Max SMTP ser
Buffer overflow in the NetWare remote we
Buffer overflow in the NetWin DSMTP 2.7q
Buffer overflow in the Office Web Compon
Buffer overflow in the OpenDataSource fu
Buffer overflow in the POP server POProx
Buffer overflow in the SHTML logging fun
Buffer overflow in the SMTP gateway for
Buffer overflow in the SQLXML ISAPI exte
Buffer overflow in the Still Image Servi
Buffer overflow in the System Monitor Ac
Buffer overflow in the Transact-SQL (T-S
Buffer overflow in the Web Archives comp
Buffer overflow in the Web Messaging dae
Buffer overflow in the Window.External f
Buffer overflow in the Xview library as
Buffer overflow in the automatic mail ch
Buffer overflow in the chunked encoding
Buffer overflow in the chunked encoding
Buffer overflow in the client connection
Buffer overflow in the conversion utilit
Buffer overflow in the dump utility in t
Buffer overflow in the dvwssr.dll DLL in
Buffer overflow in the huh program in th
Buffer overflow in the implementation of
Buffer overflow in the ism.dll ISAPI ext
Buffer overflow in the kcsSUNWIOsolf.so
Buffer overflow in the kdc_reply_cipher
Buffer overflow in the libauth library i
Buffer overflow in the line printer daem
Buffer overflow in the logging feature o
Buffer overflow in the man program in Li
Buffer overflow in the parsing mechanism
Buffer overflow in the pop-2d POP daemon
Buffer overflow in the preprocessor in g
Buffer overflow in the web administratio
Buffer overflow in the web archive compo
Buffer overflow in the web interface for
Buffer overflow in the web interface for
Buffer overflow in the web server for No
Buffer overflow in the wmcdplay CD playe
Buffer overflow in traffic_manager for I
Buffer overflow in transaction signature
Buffer overflow in ufsrestore in Solaris
Buffer overflow in uidadmin in Caldera O
Buffer overflow in ultimate_source funct
Buffer overflow in uuq in AIX 4 could al
Buffer overflow in various Microsoft app
Buffer overflow in various decoders in E
Buffer overflow in vchkpw/vpopmail POP a
Buffer overflow in vqSoft vqServer 1.4.4
Buffer overflow in w3-msql CGI program i
Buffer overflow in w3m 0.2.1 and earlier
Buffer overflow in wconsole.dll in Rockl
Buffer overflow in webd in Network Fligh
Buffer overflow in wmcube-gdk for WMCube
Buffer overflow in ximp40 shared library
Buffer overflow in xlib in XFree 3.3.x p
Buffer overflow in xlock program allows
Buffer overflow in xlockmore xlock progr
Buffer overflow in xmcd 2.0p12 allows lo
Buffer overflow in xpilot-server for XPi
Buffer overflow in ypbind 3.3 possibly a
Buffer overflow in ypserv in Mandrake Li
Buffer overflow of rlogin program using
Buffer overflows in (1) php_mime_split i
Buffer overflows in HP Software Distribu
Buffer overflows in Linux cdwtools 093 a
Buffer overflows in Mars NetWare Emulati
Buffer overflows in Sun libnsl allow roo
Buffer overflows in Windows NT 4.0 print
Buffer overflows in lpspooler in the fil
Buffer overflows in muxatmd in AIX 4 all
Buffer overflows in ntop running in web
Buffer overflows in wuarchive ftpd (wu-f
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 10:18:29 -0700
jmfbahciv writes:
Ah. [emoticon get a glimmer] BLT (BLock Transfer) A PDP-10
instruction that would transfer contents from addr1 to addr2
and could be interrupted.
It would have been simpler and taken less time if you had simiply
put a ? after the word.
360 had MVC instruction with a single length field (but only 256
bytes, aka it applied to both the origin and target). MVC was an
interesting case for 360/67 virtual memory support since worst case
could involve eight page address .... (1&2) execute instruction
possibly crossing a page boundy ... (3&4) executing a MVC instruction
crossing a page boundary ... (5&6) source crossing a page boundary
and (7&8) target crossing a page boundary.
standard 360 might have do fetch protection (if feature was installed
and active) on both start and end source locations (protection was on
2k boundary, so wouldn't involve more than two protection areas, start
and end) and store protection check on target start and end locations
(if store ptection feature was installed and active). If any of the
store & fetch checks failed ... the instructure wasn't executed.
introduced with 370 was the long instructions, MVCL instruction
specified origin address, origin count, target address and target
count ... and possibly padding value (in the case that the origin
count was less that the target count). The "long" instructions were
interruptable ... but the address and length fields were all in
registers ... and the long instructions were defined as executing
incrementally and updating register values as they went along. In the
case of interruption, the register values would indicate the current
position. A long instruction could be interrupted for something like
I/O or timer ... and the system then could be expected to restart the
instruction (using the most current, updated register values). The
register values could also be updated correctly for interrupt
involving page fault, store protection, and/or fetch protection.
All 360 instructions pretested start and end address for store/fetch
protection before starting the instruction. The 370 long instructions
were defined as not pretesting start and end values because 1) lengths
could be 24bit ... so large number of protected areas might be
involved, 2) instructions were defined as incremental and
interrruptable (so it was only necessary to test currently working
area).
Note however, the initial 370 115/125 models shipped with a bug in the
microcode of the long instructions. They implemented 360 praradigm
preset for the long instructions ... and wouldn't execute the
instruction if any violation appeared (so the registers appeared as if
no incremenatal activity took place when the interrupt violation
occured). The definition of 370 long instructions was that incremental
activity should have occured up until the point that the violation
occured ... and then a violation interrupt would happen and the
registers would point to the point of the violation.
In the morphing of cp67 to vm370 they got cute and decided to use MVCL
long with zero source length, max. 16mbyte target length, and zero
value for pad at boot time. This should clear all available real
memory to zeros and interrupt when it ran out of memory (the register
values at interrupt time would then indicate the size of real memory
on the machine). I was installing vm370 on 370/125 for norwegian
shipping company in their offices in downtown manhatten and couldn't
get vm370 to boot. I finally had to hack the boot procedure and report
that the MVCL instruction wasn't operating per the 370 architecture.
note that at the basic hardware metaphor, there was an awareness that
both source and target areas have infrastructure determinable lengths.
detailed description of MVCL in 24-bit and 31-bit address modes
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DZ9AR004/7.5.56?SHELF=EZ2HW125&DT=19970613131822
a more dettailed discussion of characteristics of interruptable
instructions
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DZ9AR004/5.3.6?SHELF=EZ2HW125&DT=19970613131822#HDR05BH7
detailed description of MVCL from z/architecture giving 24-bit, 31-bit
and 64-bit address modes:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dz9zr003/7.5.90?DT=20040504121320
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 10:23:41 -0700
this may or may not be considered a reflection on views
about the quality of c & c++ programming languages
http://www.zdnet.com.au/news/security/0,2000061744,39179932,00.htm
from above ...
Java creator James Gosling this week called Microsoft's
decision to support C and C++ in the common language runtime in .NET
one of the "biggest and most offensive mistakes that they could have
made".
... snip ...
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 10:42:42 -0700
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
Some of the old CISC architectures let you do an array lookup with
ABC in one instruction. I don't see why that can't be brought back.
It used to be done with microcode but these days the ABC can use
parallel hardware and stop or back out the instruction in the case
of an ABC fault. There would still be some cost in gates and cache
load, but the scheme should still decrease ABC's performance impact
considerably.
the SLT (search list) RPQ instruction for the 360/67 could run on
forever (i believe it was originated by lincoln lab).
one of the other most convoluted was luther woodrum's
tree stuff that was adapted for stuff like sorting.
detailed description of the infrastructure and example use:
http://publibz.boulder.ibm.com:80/cgi-bin/bookmgr_OS390/BOOKS/DZ9AR004/A.7
misc. past references to luther's instructions
http://www.garlic.com/~lynn/2001d.html#28 Very CISC Instuctions (Was: why the machine word size ...)
http://www.garlic.com/~lynn/2001h.html#73 Most complex instructions
http://www.garlic.com/~lynn/2001.html#2 A new "Remember when?" period happening right now
http://www.garlic.com/~lynn/2002d.html#18 Mainframers: Take back the light (spotlight, that is)
some past posts mentioning lincoln lab's SLT rpq
http://www.garlic.com/~lynn/98.html#20 Reviving the OS/360 thread (Questions about OS/360)
http://www.garlic.com/~lynn/2000d.html#47 Charging for time-share CPU time
http://www.garlic.com/~lynn/2001c.html#15 OS/360 (was LINUS for S/390)
http://www.garlic.com/~lynn/2001d.html#23 why the machine word size is in radix 8??
http://www.garlic.com/~lynn/2001h.html#71 IBM 9020 FAA/ATC Systems from 1960's
http://www.garlic.com/~lynn/2002f.html#54 WATFOR's Silver Anniversary
http://www.garlic.com/~lynn/2002h.html#87 Atomic operations redux
http://www.garlic.com/~lynn/2002.html#14 index searching
http://www.garlic.com/~lynn/2003m.html#35 SR 15,15 was: IEFBR14 Problems
http://www.garlic.com/~lynn/2004l.html#17 IBM 3090 : Was (and fek that) : Re: new computer kits
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
The mid-seventies SHARE survey
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The mid-seventies SHARE survey
Newsgroups: alt.folklore.computers
Date: Fri, 04 Feb 2005 12:57:58 -0700
blackhole_for_spam@the_skip.invalid writes:
Right at the top of this posting the discussion was about a belt
falling of a 7330 disk drive unit. This is a IBM330 compatible drive
unit. You say above that you cannot speak for the IBM units, and go
on to comment about technology being the same as disks used to
discuss disks used on IBM XT and AT.
I think the only similarity between those disks and the 3330 disks is
that they use magnetic surface, R/W heads and the disks rotate.
On 3330 seeks are controlled by counting the number of servo tracks
passed over and reading / writing is clocked from pulses on the servo
track, i.e the data is not self clocked aka IBM23xx disk drives.
remember that real 3330s had 20 surfaces and 20 heads ... but only 19
were used (and addressable) for data. they could also use the 20th
head/surface for rotational position ... if the rotational position of
records were determinable by the programmer then they could do
set-sector channel programs where the channel, controller and string
switch could be freed until the disk had rotated into position.
this was a '60s era design where electronic memory was extremely
expensive and it was not economically feasable to put it into each
disk drive ... allowing local reading of disk surface track data
whether or not there was dedicated transfer path back to the processor
memory.
the methodology was to lock down and dedicate the data path from
string switch, controller, and channel back to the processor main
memory ... so that when the desired record had (finally) rotated under
the head ... the path was available for transfer to main memory.
Since there was a high degree of sharing of these data paths ...
potentially across a large number of disks .... per device (& per
operation), dedicated busy time could represent a significant system
thruput bottleneck.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 14:52:18 -0700
Mack <macckone@a_nospamjunk123_ol.com> writes:
After looking back through a 1000 posts or so I found the reference
to the code in question. After looking at the difference between
how it would be handled in x86 assembly (which generally won't allow
two memory accesses in the same instruction) and ADA, the problem is
obvious. In the code in question a check if j==i is needed.
Sometimes lower level languages ARE better.
note in the 360 & 370 machine instruction paradigm previously
mentioned ... the move instructions required the length of the storage
areas before beginning the operation (establishing bounds with
explicit length values) ... as contrasted to the typical C language
string convention which starts the operation and only discovers the
bound of an area by running into a specific data pattern in storage
(as opposed to actually having the length before the operation begins)
... or worse still in a copy operation where the string/source area
may at least have some form of infrastructure determinable bounds
(even tho it may have to be discovered during the processing of the
operation) ... but frequently the typical target storage location for
such copy operations tend to have no infrastructure determinable
bounds ....
http://www.garlic.com/~lynn/2005c.html#33 [Lit.] Buffer overruns
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 15:40:33 -0700
Anne & Lynn Wheeler writes:
one of the other most convoluted was luther woodrum's
tree stuff that was adapted for stuff like sorting.
slightly dift from luther's partition tree stuff (that he spent
something like ten years getting into the hardware) ... we did radix
partition search for the online phonebooks.
this was in the late '70s and one of those friday after work projects
(and lots of lubrication). we were looking for killer apps for the
non-online oriented population. we already had extensive email and
internal network connectivity i.e. the internal network was larger
than the arpanet/internet until approx. mid.-85 timeframe (and for the
crypto crowd ... since all links leaving physical premise were
required to be encrypted ... the internal network was claimed to have
over half of all the link encryptors in the world ... and you don't
think it was a hassle back then getting link encryptors installed on
lines crossing national boundaries) ... misc. internal network
postings
http://www.garlic.com/~lynn/subnetwork.html#internalnet
minor specific post about internal network passing 1000 nodes not long
after the internet passed 256 nodes
http://www.garlic.com/~lynn/internet.htm#22
... in any case, 4-6hrs of friday after work libations and we come up
with the idea of online telephone books (to go with email and online
network) as another killer app. Now at the time, there was a proposal
at the corporate level for $20m, dedicated hardware, and a dedicated
staff of 20 people for a corporate online telephone book service.
by midnight, we had worked out that the basic criteria for the
effort was
1) design and implementation of the application,
2) collection and formating of the data, and
3) deployment of production operation
had to be done in under two person weeks ... and 90th percentile
respone under nominal heavy load had to be faster than manual lookup
of paper phone directory on person's desk.
so we got an interactive application on record oriented mainframe with
500k or so records ... with approx 50 data records per 4k physical
disk record. the trivial would be sort the file and do binary search
... the problem is that binary search would need an avg. of 12
physical record reads to get within the physical record that probably
contains the target logical record. Given a heavily loaded system,
that results in response that exceeds the original design criteria.
So binary search is good for sorted data w/o any knowledge of
frequency of occurance. So name two-letter frequency analysis is
performed and a table generated for the application. Now the
application takes the first two letters of the search, looks it up in
the starting letter name frequency table and uses that to calculate
the initial radix partition probe. That tends to get the number of
physical disk read probes down into the range of four (from 12
... actually prossibly double that if you take into account various
filesystem control structures).
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 15:42:24 -0700
Mack <macckone@a_nospamjunk123_ol.com> writes:
I generally use the bounded version of the string copy operation
(strncpy). But I am not sure that is really relevant to the XOR swap
debate.
it wasn't in response to the XOR part ... it was in response to the
comment related to sometimes assembler/machine language paradigm can
be more applicable than higher level language.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
[Lit.] Buffer overruns
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: [Lit.] Buffer overruns
Newsgroups: sci.crypt,alt.folklore.computers
Date: Fri, 04 Feb 2005 16:23:41 -0700
Randy Howard writes:
Yes. In fact, the authors of "The Shellcoder's Handbook" point out
that this very thing has been done over the last few years with the
bulk of the open source community software, resulting in very few
buffer overrun problems. 10,000 reviewers looking for such things
makes for a powerful cleanup party. The claim is that they are very
rare today in open source software. Judging by the number of buffer
overruns in commercial software versus open source, I think they're
probably correct.
i thumbed thru a copy just now in the book store and checked the index
.. the references to buffer overflows is almost non-existant.
that hardly corresponds to the new buffer overflow attack book that i
ran across earlier in the week (which is larger than the shellcoder's
handbook). check your bookstore ... or do a search on someplace like
amazon.com for buffer overflow attack (when i did it, three books came
up).
it also doesn't hardly correspond to amd going to all the trouble of
putting in hardware countermeasure (and windows shipping operating
system software support for the hardware countermeasure) for buffer
overflow exploits.
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
Oldest active information system
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Oldest active information system
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Fri, 04 Feb 2005 18:02:23 -0700
Shelley.Giles@ibm-main.lst (Giles, Shelley) writes:
My employer has some programs which were written