List of Archived Posts
2007 Newsgroup Postings (03/27 - 04/10)
- 10 worst PCs
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- University rank of Computer Architecture
- ISPF Limitations (was: Need for small machines ... )
- Call for XEDIT freaks, submit ISPF requirements
- U.S. Cedes Top Spot in Global IT Competitiveness
- U.S. Cedes Top Spot in Global IT Competitiveness
- Securing financial transactions a high priority for 2007
- The Perfect Computer - 36 bits?
- Record Credit card heist...TJM
- The Perfect Computer - 36 bits?
- University rank of Computer Architecture
- The Perfect Computer - 36 bits?
- ISPF not productive
- T.J. Maxx data theft worse than first reported
- What's a CPU second?
- The Perfect Computer - 36 bits?
- The Complete April Fools' Day RFCs
- T.J. Maxx data theft worse than first reported
- T.J. Maxx data theft worse than first reported
- The Perfect Computer - 36 bits?
- Bidirectional Binary Self-Joins
- The Perfect Computer - 36 bits?
- Bidirectional Binary Self-Joins
- Bidirectional Binary Self-Joins
- Bidirectional Binary Self-Joins
- The Complete April Fools' Day RFCs
- Jim Gray Is Missing
- The Perfect Computer - 36 bits?
- T.J. Maxx data theft worse than first reported
- Wylbur and Paging
- Can SSL sessions be compromised?
- Wylbur and Paging
- U.S. Cedes Top Spot in Global IT Competitiveness
- U.S. Cedes Top Spot in Global IT Competitiveness
- Wylbur and Paging
- The Perfect Computer - 36 bits?
- Can SSL sessions be compromised?
- Wylbur and Paging
- Electronic signature outside Europe
- US Airways badmouths legacy system
- 1960s: IBM mgmt mistrust of SLT for ICs?
- Wylbur and CRBE
- 1960s: IBM mgmt mistrust of SLT for ICs?
- The Complete April Fools' Day RFCs
- 1960s: IBM mgmt mistrust of SLT for ICs?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- IBM to the PCM market
- IBM to the PCM market(the sky is falling!!!the sky is falling!!)
- U.S. Cedes Top Spot in Global IT Competitiveness
- T.J. Maxx data theft worse than first reported
- The Perfect Computer - 36 bits?
- IBM to the PCM market(the sky is falling!!!the sky is falling!!)
- The Perfect Computer - 36 bits?
- IBM to the PCM market(the sky is falling!!!the sky is falling!!)
- Can SSL sessions be compromised?
- IBM to the PCM market(the sky is falling!!!the sky is falling!!)
- Can SSL sessions be compromised?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- IBM to the PCM market
- Memory Mapped Vs I/O Mapped Vs others
- Unusual Floating-Point Format Remembered?
- U.S. Cedes Top Spot in Global IT Competitiveness
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- PAAppViewer3 (AppViewer3)?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- The Perfect Computer - 36 bits?
- Memory Mapped Vs I/O Mapped Vs others
- The Perfect Computer - 36 bits?
- Working while young
- IBM to the PCM market(the sky is falling!!!the sky is falling!!)
- IBM to the PCM market
- IBM to the PCM market
- IBM to the PCM market
- The Perfect Computer - 36 bits?
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: 10 worst PCs
Newsgroups: alt.folklore.computers
Date: Tue, 27 Mar 2007 14:00:47 -0600
bv@wjv.com (Bill Vermillion) writes:
I only knew of the 8-10 Adventure games that Scott Adams - of
Adventure International wrote.
as opposed to the earlier mainframe adventure?
Rick Adams' history page
http://www.rickadams.org/adventure/a_history.html
some old email trying to track down the port to CMS
http://www.garlic.com/~lynn/2006y.html#email780405 780405
http://www.garlic.com/~lynn/2006y.html#email780405b 780405
i.e. somebody (at tymshare?) had ported the fortran version to
CMS.
old post that has mention of "microsoft version of adventure"
http://www.garlic.com/~lynn/2000d.html#33 Adventure Games (Was: Navy orders supercomputer)
other old posts/threads mentioning adventure
http://www.garlic.com/~lynn/99.html#169 Crowther (pre-Woods) "Colossal Cave"
http://www.garlic.com/~lynn/2001m.html#44 Call for folklore - was Re: So it's cyclical.
http://www.garlic.com/~lynn/2002d.html#12 Mainframers: Take back the light (spotlight, that is)
http://www.garlic.com/~lynn/2003f.html#46 Any DEC 340 Display System Doco ?
http://www.garlic.com/~lynn/2003i.html#69 IBM system 370
http://www.garlic.com/~lynn/2003l.html#40 The real history of computer architecture: the short form
http://www.garlic.com/~lynn/2004c.html#34 Playing games in mainframe
http://www.garlic.com/~lynn/2004g.html#49 Adventure game (was:PL/? History (was Hercules))
http://www.garlic.com/~lynn/2004g.html#57 Adventure game (was:PL/? History (was Hercules))
http://www.garlic.com/~lynn/2004h.html#0 Adventure game (was:PL/? History (was Hercules))
http://www.garlic.com/~lynn/2004h.html#1 Adventure game (was:PL/? History (was Hercules))
http://www.garlic.com/~lynn/2004h.html#2 Adventure game (was:PL/? History (was Hercules))
http://www.garlic.com/~lynn/2004h.html#4 Adventure game (was:PL/? History (was Hercules))
http://www.garlic.com/~lynn/2004k.html#56 Xah Lee's Unixism
http://www.garlic.com/~lynn/2004m.html#20 Whatever happened to IBM's VM PC software?
http://www.garlic.com/~lynn/2005c.html#45 History of performance counters
http://www.garlic.com/~lynn/2005h.html#38 Systems Programming for 8 Year-olds
http://www.garlic.com/~lynn/2005k.html#18 Question about Dungeon game on the PDP
http://www.garlic.com/~lynn/2005l.html#16 Newsgroups (Was Another OS/390 to z/OS 1.4 migration
http://www.garlic.com/~lynn/2005u.html#15 Fast action games on System/360+?
http://www.garlic.com/~lynn/2005u.html#25 Fast action games on System/360+?
http://www.garlic.com/~lynn/2005u.html#28 Fast action games on System/360+?
http://www.garlic.com/~lynn/2006n.html#3 Not Your Dad's Mainframe: Little Iron
http://www.garlic.com/~lynn/2006y.html#18 The History of Computer Role-Playing Games
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Tue, 27 Mar 2007 16:54:24 -0600
Peter Flass <Peter_Flass@Yahoo.com> writes:
Series-1's were also in this market. IBM sold them with an IUP as a
terminal driver. "Yale ASCII" or something like that.
old email mentioning (general purpose) series/1 "cost" as a ascii
terminal controller vis-a-vis more dedicated box
http://www.garlic.com/~lynn/2006y.html#email800312
couple old posts mentioning yale iup
http://www.garlic.com/~lynn/2002j.html#36 Difference between Unix and Linux?
http://www.garlic.com/~lynn/2003e.html#43 IBM 3174
other (recent) mention of series/1
http://www.garlic.com/~lynn/2007f.html#80 The Perfect Computer - 36 bits?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Wed, 28 Mar 2007 08:08:47 -0600
nmm1@cus.cam.ac.uk (Nick Maclaren) writes:
I know. My point stands. While it is an over-simplification, the
Series-1 was very much an SNA engine, and lived or died with that.
Despite IBM's belief, SNA never made much headway into the scientific
markets, and didn't make as much even in the commercial ones as they
claimed. I can't remember if the Series-1 ever did support the 'X.'
protocols, but it may have done (probably too little, too late).
re:
http://www.garlic.com/~lynn/2007f.html#79 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#1 The Perfect Computer - 36 bits?
official system for series/1 was RPS ... quite heavyweight ... there
were jokes that some of the people that transferred from Kingston
to Boca were trying to re-invent OS/360 MFT.
EDX was much more lightweight system coming out of research physicists
for doing instrument automation. no sna orientation. the closest that
it might have to sna ... was a very early (actually pre sna) battle to
try and get the series/1 (peachtree) engine used for 3705 controllers
(peachtree was much more capable processor than what actually got
selected for 3705).
yale iup was pure (full-duplex) ascii terminal emulation going into
mainframe ... with no hint of sna. one of the target markets was
mainframe unix.
the palo alto science center also first did port of UCLA's Locus to
some 68000 processors and series/1. Later Locus was ported to
mainframe and PS2s ... and sold as aix/360 and aix/ps2.
recent series/1 post with wiki reference that talks about use for GM
manufacturing (i have vaque recollection of something called MAP
protocol?) and extensive deployment by the Marines (whoever did the
wiki articile must have been one of those datadinks?)
http://www.garlic.com/~lynn/2007f.html#42 Is computer history taught now?
quicky search engine use turned up
http://www.gcom.com/home/company/custpers.html
... from above
What does a person do after working on one of the most exciting and
successful university-based computer projects ever? That was the
question confronting Dave Grothe back in 1979. Dave had been a
systems programmer on the immensely successful ILLIAC IV computer
project at the University of Illinois.
...
Gcom's first customer, another small company located in Santa Barbara,
CA, built a Z80-based protocol processor card for the IBM Series/1
minicomputer. Gcom provided an X.25 protocol stack for this board. IBM
liked this product so much that it adopted it and put it into its
catalog. IBM's first customer for the X.25 adapter was MasterCard.
... snip ...
Mastercard had large number of series/1 driving large x.25 network
(for all i know still does ... although i assume that they've since
moved on to various PC platforms).
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: University rank of Computer Architecture
Newsgroups: comp.arch
Date: Wed, 28 Mar 2007 08:24:19 -0600
anton@mips.complang.tuwien.ac.at (Anton Ertl) writes:
Hasn't this been solved a decade ago with directory-based cache
coherence? I.e., the Stanford FLASH project, and SGI Origin and Altix
systems. The tradeoffs might be different for the memory systems of
multi-core CPUs, so there is probably quite a bit of work to do, but
no basic breakthrough seems to be necessary.
note that ISO/IEEE SCI standard had directory based cache coherence
... used in (at least) convex (exemplar with two HP processor boards),
sequent (NUMA-Q) and dg (NUMALINE) machines (using quad-intel processor
boards).
SCI website
http://www.scizzl.com/
the multi-processor boards are somewhat the analog of today's
multi-core chip ... i.e. SCI provided for 64-port memory
infrastructure; two-processor boards gave convex 128-processor
configuration ... and the four-processor boards gave sequent and DG,
256-processor configuration.
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: ISPF Limitations (was: Need for small machines ... )
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Wed, 28 Mar 2007 09:52:40 -0600
Gerard Schildberger wrote:
I was talking to some IBMer one day (rather high up
in the food chain), and he related to a time where
IBM asked some customers (it might even been at a
SHARE/GUIDE MVS or TSO Q&A session), and the question
was asked, "would you like IBM to port XEDIT to
ISPF (or SPF)" and provide it as an option for
which editor to use (or something like that), and
the answer was, "no, hell no!!". That ended
that. Does anyone else remember being asked ?
a different kind of ISPF and VM story that I was told at share,
long ago and far away ....
http://www.garlic.com/~lynn/2000d.html#17 Where's all the VMers?
http://www.garlic.com/~lynn/2001m.html#33 XEDIT on MVS
http://www.garlic.com/~lynn/2006k.html#50 TSO and more was: PDP-1
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Call for XEDIT freaks, submit ISPF requirements
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Wed, 28 Mar 2007 13:36:12 -0600
/*DLW wrote:
I have to say, after using both XEDIT and ISPF, that using XEDIT is
like Bowling without thumbs. I have been a Sysprog for many years and
have had the "pleasure" of using both. (So spare me the "n00b" label,
kids.....) ;-)
My impression of XEDIT is that it is the VM equivilent of "VI" under
Unix. That is to say, archaic, yet powerful, intuitive ONLY to the
"power-user" types, and at the same time primitive in its presentation
and capabilities.
FILEL is a poor replacement for PDF. After all these years one would
assume that some unification would have occurred between the two
environments(ISPF(w/EDIT and XEDIT). I can truly say that I could only
hope that XEDIT would become more like ISPF, than the other way
around.
VM is great but suffers the same "PR" that Linux does. XEDIT does it
no favors, as much as "VI" does for Linux.
previous post referencing where the resources might come from
http://www.garlic.com/~lynn/2007g.html#4 ISPF Limitations (was: Need for small machines ...)
old email about XEDIT being chosen to ship rather than an internal
editor that had been widely deployed internally for some number of
years (i.e. this was in period when almost all internal
edit/development went on under VM/CMS ... regardless of what product
it involved).
http://www.garlic.com/~lynn/2006u.html#email800311 800311
http://www.garlic.com/~lynn/2006u.html#email800312 800312
one of the come-backs was request for documentation on all the
better/more features and they would look into adding the support to
XEDIT ... somewhat ignoring the issue of where might the resources
come from (then came the line about it being the responsibility of the
RED author to make XEDIT as good as RED).
a couple recent posts about POK convincing corporate to kill off VM,
transfer all the resources to POK and assigned to help turn-out MVS/XA
... and Endicott managing to salvaging very small number of the people
and mission ...
http://www.garlic.com/~lynn/2007.html#23 How to write a full-screen Rexx debugger?
http://www.garlic.com/~lynn/2007e.html#41 IBM S/360 series operating systems history
http://www.garlic.com/~lynn/2007f.html#7 IBM S/360 series operating systems history
part of this possibly was big rush attempting to make up for a lot of
(370 related) lost yrs after future system project as killed (which
had been planned to be the replacement for 370)
http://www.garlic.com/~lynn/subtopic.html#futuresys
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: U.S. Cedes Top Spot in Global IT Competitiveness
Newsgroups: alt.folklore.computers
Date: Wed, 28 Mar 2007 18:58:14 -0600
Survey shows U.S. slipping globally in IT use
http://www.infoworld.com/article/07/03/28/HNusslippinginglobalituse_1.html
from above:
The United States falls from first to seventh place in the World
Economic Forum's index of how well countries use IT to maximize
development and competitiveness
... snip ...
US No Longer Technology King
http://slashdot.org/articles/07/03/28/2042247.shtml
U.S. Cedes Top Spot in Global IT Competitiveness
http://www.eweek.com/article2/0,1895,2108825,00.asp
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: U.S. Cedes Top Spot in Global IT Competitiveness
Newsgroups: alt.folklore.computers
Date: Wed, 28 Mar 2007 20:24:16 -0600
re:
http://www.garlic.com/~lynn/2007.html#6 U.S. Cedes Top Spot in Global IT Competitiveness
some past posts about y2k remediation ... one of the issues
is that the uptick in internet (bubble) and y2k remediation
competing for (scarce) resources at the same time ....
accelerated offshoring
http://www.garlic.com/~lynn/2004b.html#2 The SOB that helped IT jobs move to India is dead!
http://www.garlic.com/~lynn/2004f.html#39 Who said "The Mainframe is dead"?
http://www.garlic.com/~lynn/2004o.html#66 Integer types for 128-bit addressing
http://www.garlic.com/~lynn/2005.html#20 I told you ... everybody is going to Dalian,China
http://www.garlic.com/~lynn/2005s.html#16 Is a Hurricane about to hit IBM ?
http://www.garlic.com/~lynn/2006g.html#21 Taxes
http://www.garlic.com/~lynn/2006s.html#40 Ranking of non-IBM mainframe builders?
the off-sharing was already going on in the early 90s ... we were
doing a lot of marketing in the far east in the early 90s ... on one
trip, ran across a long article in hong kong comparing the competitive
characteristics of china vis-a-vis india for offshoring work (which a
lot of people didn't even notice was going on until a decade later).
some past posts about the 1990 census ... one of the results was some
statement about half the 18yr olds were considered funtionally
illiterate ... as well as other references to decline in competence
(and increasing skill shortage)
http://www.garlic.com/~lynn/2002k.html#41 How will current AI/robot stories play when AIs are real?
http://www.garlic.com/~lynn/2003i.html#28 Offshore IT
http://www.garlic.com/~lynn/2003i.html#45 Offshore IT
http://www.garlic.com/~lynn/2003l.html#13 Cost of patching "unsustainable"
http://www.garlic.com/~lynn/2003p.html#12 Danger: Derrida at work
http://www.garlic.com/~lynn/2004b.html#2 The SOB that helped IT jobs move to India is dead!
http://www.garlic.com/~lynn/2004b.html#42 The SOB that helped IT jobs move to India is dead!
http://www.garlic.com/~lynn/2004d.html#18 The SOB that helped IT jobs move to India is dead!
http://www.garlic.com/~lynn/2004h.html#18 Low Bar for High School Students Threatens Tech Sector
http://www.garlic.com/~lynn/2005e.html#48 Mozilla v Firefox
http://www.garlic.com/~lynn/2005g.html#43 Academic priorities
http://www.garlic.com/~lynn/2006f.html#44 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#20 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#21 Taxes
http://www.garlic.com/~lynn/2006l.html#63 DEC's Hudson fab
part of the above implied that one of the big things that did keep the
internet bubble going in the 90s ... was that half or more of the
skilled workers in silicon valley (and other domestic hitech centers)
were foreign born (w/o those resources it couldn't have happened as
well as it did)
there have been articles that a lot of the economy was driven by
technical leadership ... and that leadership would slip because: 1)
insufficient domestic resources resulting in growing amount of
outsourcing as well as growing numbers of high skilled foreign born
workers, 2) insufficient domestic resources because there weren't
sufficient skills in the following generation(s) (significnat
percentage were functionally illiterate), 3) large risk that as
offshoring increased and native economies improved, significant
numbers of highly skilled foreign workers return home (significantly
exaserbating domestic skill shortages) 4) retiring baby boomers that
had dominated the high-skilled domestic market (further aggravating
high-skill domestic shortages)
... basically (for two decades or more) it has never been "if" ... it
has been "when"
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Securing financial transactions a high priority for 2007
Newsgroups: alt.folklore.computers
Date: Thu, 29 Mar 2007 06:57:37 -0600
jmfbahciv writes:
Ah, I had missed noticing these laws.
re:
http://www.garlic.com/~lynn/2007f.html#72 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#75 Securing financial transactions a high priority for 2007
for a little topic drift
http://www.garlic.com/~lynn/aadsm26.htm#42 "Dilemmas of Privacy and Surveillance" report launched
http://www.garlic.com/~lynn/aadsm26.htm#43 Cost of an identity
More Than 100 Security breaches Reported Under Law to Thwart ID Thieves
http://www.govtech.net/magazine/channel_story.php/104461
and small sample of breach notification news URLs going back to the start
of 2006:
Ohio Enacts Security Breach Notification Law
http://www.mondaq.com/i_article.asp?articleid=37836
Breach notification laws: When should companies tell all?
http://www.computerworld.com/securitytopics/security/story/0,10801,109161,00.html
House Slated to Pass Data Breach Bill
http://www.securitypronews.com/insiderreports/insider/spn-49-20060316HouseSlatedtoPassDataBreachBill.html
Security Breach Notification Requirements: Guidelines and Securities Law Considerations
http://www.mondaq.com/i_article.asp?articleid=38698
Data-Breach Disclosure Bill Passes House Panel
http://www.internetnews.com/bus-news/article.php/3595291
Data Breach Bills Crowding Congress
http://www.internetnews.com/bus-news/article.php/3605666
Bill puts cops first in data leak notification
http://news.com.com/Bill+puts+cops+first+in+data+leak+notification/2100-7348_3-6071216.html
Bill puts cops first in data leak notification
http://news.zdnet.com/2100-1009_22-6071216.html
Data Breach Bills Crowding Congress
http://www.internetnews.com/security/article.php/3605666
Bill Would Criminalize Failure to Report Breaches
http://blog.washingtonpost.com/securityfix/2006/05/bill_would_criminalize_failure.html
House Panel Moves on Data Breach Bill
http://www.internetnews.com/bus-news/article.php/3608816
Information Policy Institute Examines Data Breach Notification Legislation
http://www.govtech.net/magazine/channel_story.php/99946
Will a Federal Data Security Breach Legislation Pass This Congressional Session?
http://www.dmnews.com/cms/dm-news/legal-privacy/37204.html
Congress Proposes Data Breach Notification Law
http://www2.csoonline.com/blog_view.html?CID=23257
Data breach notification law unlikely this year
http://www.pcwelt.de/news/englishnews/137225/
ID theft law expanding in Maine; State agencies will be required to notify victims of stolen data
http://www.bangornews.com/news/templates/?a=138226
Europe may require data breach notification
http://www.out-law.com/page-7287
Europe may mandate data breach notification
http://www.theregister.co.uk/2006/09/13/europe_data_breach_law/
Handling Security breaches Under European Law
http://www.law.com/jsp/ihc/PubArticleIHC.jsp?id=1158682105389
House passes data breach bill
http://www.fcw.com/article96246-09-27-06-Web
Data Breach Bill Does Little
http://www.consumeraffairs.com/news04/2006/09/davis_data_bill.html
DISUK warns Europe to prepare for data breach notification legislation
http://sourcewire.com/releases/rel_display.php?relid=27588&hilite=
Data breach legislation on the cards for EU firms
http://www.onestopclick.com/news/Data-breach-legislation-on-the-cards-for-EU-firms_17873890.html
European companies should prepare for data breach notification legislation
http://www.securitypark.co.uk/article.asp?articleid=26029&CategoryID=1
EU proposes US-style data breach laws
http://www.itpro.co.uk/security/news/97140/eu-proposes-usstyle-data-breach-l
What You Need to Know About Security breaches and European Legislation
http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1163671526352
Data breaches rising as firms, laws move slowly
http://www.palmbeachpost.com/business/content/business/epaper/2007/01/08/c1bz_idtheftlaws_0108.html
Advocates call for data breach notification law
http://www.itbusiness.ca/it/client/en/home/News.asp?id=41817
Data Breach Law Back in Senate
http://www.internetnews.com/bus-news/article.php/3653856
Privacy breaches expose flaws in law
http://www.thestar.com/Business/article/173418
National Bill Could Require Companies To Report Data breaches
http://www.informationweek.com/news/showArticle.jhtml?articleID=197004220
Data Breach Bills Resurface in Congress
http://www.linuxsecurity.com/content/view/126929/169/
Concealment a Crime in Latest Data Breach Bill
http://www.internetnews.com/security/article.php/3658296
US Senate Bill Holds IT Managers Responsible for Privacy Breaches
http://www.betanews.com/article/US_Senate_Bill_Holds_IT_Managers_Responsible_for_Privacy_Breaches/1170983371
Lawmakers Introduce Breach Notification, Other Bills
http://www.pcworld.com/article/id,128887-pg,1/article.html
National Bill Could Require Companies To Report Data breaches
http://www.informationweek.com/showArticle.jhtml?articleID=197004220&queryText=security+breach+bill
Data privacy bill requires breach disclosure
http://arstechnica.com/news.ars/post/20070209-8807.html
ICO gives qualified backing to security breach law
http://www.out-law.com/page-7783
National Bill Could Require Companies To Report Data breaches
http://www.optimizemag.com/showArticle.jhtml?articleId=197007659
New Laws Target Data Security breaches
http://www2.csoonline.com/blog_view.html?CID=29000
Symantec: U.S. Data Breach Legislation Needed
http://www.pcworld.com/article/id,129448-c,techrelatedlegislation/article.html
Symantec: US data breach legislation needed
http://www.infoworld.com/article/07/02/27/HNbreachlegislationneeded_1.html
Identity Theft: U.S. Data Breach Legislation Needed
http://www2.csoonline.com/blog_view.html?CID=29043
More Than 100 Security breaches Reported Under Law to Thwart ID Thieves
http://www.govtech.net/magazine/channel_story.php/104461
Feinstein Charges Again on Data Breach Notification Bill
http://www.internetnews.com/security/article.php/3667221
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Thu, 29 Mar 2007 07:26:24 -0600
Jan Vorbrüggen <jvorbrueggen@not-mediasec.de> writes:
Customizing on such a large scale that you need source to the OS? I
don't believe even the IBM customers, who were notorious for
customizing the hell out of their installations, did that.
But DEC customers were very different: They always expected DEC to do
that kind of work for them, and complained when they didn't (often due
to lack of resources on DEC's side). It was only very late in VMS's
life that DECUS guys got their act together in this respect.
there was big distintion between the os/360 genre of operating
systems and the vm/cms genre.
customers could get microfiche for the os/360 genre ... at least up
until OCO announcement ... recent reference
http://www.garlic.com/~lynn/2007f.html#67 The Perfect Computer - 36 bits?
... but typically didn't have machine readable source.
In fact, there was situation where some gov. agency requested that
they be provided source that was guarenteed to exactly match the
executable they were running. after spending several million dollars
investigating the problem, it was decided that it wasn't practical. it
wasn't just that there was a large amount of source ... in large
number of different components ... supported by large number of
different groups ... but many of the groups were in several different
physical locations around the world (doing their own builds and test
... and then would forward executables for final integration, test and
release). a couple past posts mentioning the agency request:
http://www.garlic.com/~lynn/2001n.html#26 Open Architectures ?
http://www.garlic.com/~lynn/2002q.html#32 Collating on the S/360-2540 card reader?
the vm/cms genre was quite a bit different ... where source and
(machine readable) source maintenance distribution to customers were
part of the culture. around the time of the OCO announcement, there
was study of amount of customized source changes ... looking at both
internal accounts as well as external customer accounts. The external
customers had the SHARE (univ. of) Waterloo tape ... and internal
accounts had a couple internal packaging operations ... including ones
that I would do periodically over the years ... a couple old email
references (i.e. large body of code changes that I would package
for production systems)
http://www.garlic.com/~lynn/2006w.html#email750430
http://www.garlic.com/~lynn/2006u.html#email800429
http://www.garlic.com/~lynn/2007c.html#email830711
the study found that the total amount of code in the customized source
changes were larger than the base source ... and the total amount of
code changes on the SHARE waterloo tape and the internal customized
packages were about the same (i.e. both external customer
installations and internal installations had similar requirements).
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Record Credit card heist...TJM
Newsgroups: bit.listserv.ibm-main
Date: Thu, 29 Mar 2007 10:39:14 -0600
Efinnell15@ibm-main.lst wrote:
http://www.businessweek.com/ap/financialnews/D8O5TU180.htm
long running related thread (over in a.f.m) .... most recent post
http://www.garlic.com/~lynn/2007g.html#8 Securing financial transactions a high priority for 2007
part of most recent topic drift about why is such stuff showing up in
the press ...
http://www.garlic.com/~lynn/2007f.html#72 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#75 Securing financial transactions a high priority for 2007
and slightly earlier post with reference to "cyber thieves are hauling
in more cash than drug dealers" as well as URL references to half
dozen previous posts (going back nearly to the start of the year)
mentioning the TJX data breach. also some references to the
information (from the breach) being used; "tjx data shows up in
massive credit card fraud at florida wal-mart"
http://www.garlic.com/~lynn/2007f.html#68 Securing financial transactions a high priority for 2007
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Thu, 29 Mar 2007 13:39:29 -0600
krw <krw@att.bizzzz> writes:
No system final test was being "outsourced" to anyone. The '70s were
dire times for IBM. I've been told they were as bad as the early
'90s, but covered it somewhat better.
at least some of which might be considered still attempting to recover
from the side-trip into future system project. i had been told that if
it had been any other company that dumped that much money down such a
hole (as went into FS), they would have gone under ... aside from the
issue of lost time and having to scramble to get back into the game.
numerous past posts mentioning FS
http://www.garlic.com/~lynn/subtopic.html#futuresys
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: University rank of Computer Architecture
Newsgroups: comp.arch
Date: Thu, 29 Mar 2007 13:58:21 -0600
Terje Mathisen <terje.mathisen@hda.hydro.com> writes:
Yes and No:
Offchip memory access share a single channel, so latency is the same,
but that's like saying a 1980 VAX cluster with shared disks had the
same latency to disk.
one of the things that i was battling with (ibm) multi-tail
controllers to different processor/system channels
(i.e. "loosley-coupled" ... i.e. cluster by any other name) ...
was that heavily loaded disks tended to have workload optimization
with ordered seek queueing. heavy multi-system access ... each with
their own independent ordered seek queues resulted in not only some
amount of contention ... but tended to turn the individual processor
careful arm seek queueing into random motion (aka i wanted to be able
to have the controller maintain a single arm queue across all
processors).
the other "problem" in the transition from 3830 disk controllers in
the 70s to 3880 disk controllers in the 80s ... was that the 3880 used
a much slower processor for command handling (compared to the
3830). there were attempts to mask slower processing/latency by having
something similar to caching of the processing. this worked as long as
everything was coming in thru single channel interface ... but as soon
as there was a request from a different channel/processor interface
... it took processing milliseconds to switch interfaces (significant
penalty for 3880 multi-system operation vis-a-vis earlier 3830s).
misc. past posts about my wife having been con'ed into going to
POK to be in charge of loosely-coupled (mainframe) architecture
http://www.garlic.com/~lynn/subtopic.html#shareddata
misc. past posts about getting to play in the disk engineering
labs ... including period when much of 3880 controller and 3380
disk development was going on (floating heads, etc)
http://www.garlic.com/~lynn/subtopic.html#disk
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Fri, 30 Mar 2007 07:34:02 -0600
krw <krw@att.bizzzz> writes:
FS wasn't the big problem. No income was a a far bigger problem.
The economy of the mid '70s was horrid. With inflation going into
the double digits it takes some pair to lay out a few megabux on
blinkin' lights.
re:
http://www.garlic.com/~lynn/2007g.html#11 The Perfect Computer - 36 bits?
Huge amount of money was spent on FS project ... and while everybody
was distracted by FS project ... there weren't a lot of people minding
the 370 store ... and then with the death of FS ... there was enormous
amount of scurring about trying to make up for lost time ... trying to
get stuff into the 370 pipeline (to market/sell)
from
http://www-03.ibm.com/ibm/history/
starting with
http://www-03.ibm.com/ibm/history/history/decade_1970.html
yr revenue net
70 7.5b 1.01b
71 8.27b 1.07b
72 9.53b 1.27b
73 10.99b 1.57b
74 12.67b 1.83b
75 14.43b 1.99b
76 16.3b 2.39b
77 18.13b 2.71b
78 21.07b 3.11b
79 22.86b 3.01b
and
92 64.52b -4.96b
and comment about product for gov. agencies, some of it was possibly
related to
http://www.nsa.gov/selinux/list-archive/0409/8362.cfm
above science center reference is of course 545 tech sq
http://www.garlic.com/~lynn/subtopic.html#545tech
also Boyd ran NKP ("spook base") 72-73 ... in one of Boyd biographies, it
mentioned that it represeted a $2.5B "windfall" for IBM
past posts mentioning $2.5B windfall
http://www.garlic.com/~lynn/2005m.html#22 Old Computers and Moisture don't mix - fairly OT
http://www.garlic.com/~lynn/2005m.html#23 Old Computers and Moisture don't mix - fairly OT
http://www.garlic.com/~lynn/2005m.html#24 Old Computers and Moisture don't mix - fairly OT
http://www.garlic.com/~lynn/2005t.html#1 Dangerous Hardware
http://www.garlic.com/~lynn/2006q.html#37 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006q.html#38 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006u.html#49 Where can you get a Minor in Mainframe?
http://www.garlic.com/~lynn/2006u.html#50 Where can you get a Minor in Mainframe?
http://www.garlic.com/~lynn/2006x.html#18 The Future of CPUs: What's After Multi-Core?
misc. collected posts mentioning Boyd:
http://www.garlic.com/~lynn/subboyd.html#boyd
and URLs from around the web mentioning Boyd:
http://www.garlic.com/~lynn/subboyd.html#boyd2
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: ISPF not productive
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Fri, 30 Mar 2007 07:56:07 -0600
Shmuel Metz , Seymour J. wrote:
I grew up on punched cards. I wrote my own card-oriented editors. I
used ATS before XEDIT. I used FSE before XEDIT. I encountered SPF
before XEDIT. I wanted SPF when I was using XEDIT, but that didn't
blind me to the faults of SPF or to the useful features of XEDIT. And
BTW, the editor I'm using on my PC is[1] Tritus SPF, an ISPF clone.
re:
http://www.garlic.com/~lynn/2007g.html#4 ISPF Limitations (was: Need for small machines ... )
http://www.garlic.com/~lynn/2007g.html#5 Call for XEDIT freaks, submit ISPF requirements
I was first exposed to CMS edit in the spring '68 on 2741. I then
wrote the TTY/ASCII terminal support for cp67. Then for OS/MVT release
18 system ... i re-implemented the CMS editor syntax (along with 2741
and TTY terminal support) from scratch for HASP CRJE implementation
(CMS editor implementation wasn't re-entrant ... each running in its
own address space ... while HASP implementation required fully
re-entrant implementation). Being somewhat biased, I considered it
enormously better than subsequent TSO release.
As far as I know, the HASP CRJE implementation never survived ... but
the effort didn't totally go to waste. Later I was able to use the
experience of writing re-entrant code as part of pushing portions of
CMS (including the editor) into "shared" (r/o protected) segments
http://www.garlic.com/~lynn/subtopic.html#mmap
old communication reference (some amount of the following reference involved
moving stuff that had already been implemented in cp67 to vm370)
http://www.garlic.com/~lynn/2006v.html#email731212
unrelated old email mentioning TSO
http://www.garlic.com/~lynn/2006b.html#email800310
and slightly truncated
http://www.garlic.com/~lynn/2006v.html#email800310b
shortly after the mid-80s, i got moved to a unix/emacs environment
... one of the things that i missed was the all command ... and was
able to acquire one (two decades ago now) ... although the
implementation that i currently use dates from '94.
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: T.J. Maxx data theft worse than first reported
Newsgroups: bit.listserv.ibm-main
Date: Fri, 30 Mar 2007 08:09:03 -0600
Howard Brazee wrote:
Privacy laws are designed to limit Big Brother, and the IS industry
needs to be aware of requirements in both directions.
re:
http://www.garlic.com/~lynn/2007g.html#10 Record Credit card heist...TJM
recent side-track, somewhat into the privacy side of the issue
http://www.garlic.com/~lynn/aadsm26.htm#42 Dilemmas of Privacy and Surveillance
http://www.garlic.com/~lynn/aadsm26.htm#43 Cost of an identity
for a little drift, we had been co-author of the financial privacy
standard, x9.99 and i had done one of our merged glossaries and
taxonomies in support of the work ... reference here
http://www.garlic.com/~lynn/index.html#glosnote
referencing glba, hipaa, eu-dpd, etc.
in the mid-90s, the x9a10 financial standard working group had been
given the requirement to preserve the integrity of the financial
infrastructure for all retail payments ... the result was the x9.59
standard
http://www.garlic.com/~lynn/x959.html#x959
one of the claims was that it was also privacy agnostic
http://www.garlic.com/~lynn/subpubkey.html#privacy
in part, at the time, the EU was making some statements that they were
going to require that point-of-sale electronic transactions be as
anonymous as cash.
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: What's a CPU second?
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Fri, 30 Mar 2007 10:29:35 -0600
Gerhard Adam wrote:
My original question is completely answered, but I've got a corollary
question now. I understand the concept of MP overhead perfectly. If one
guy can do a >job in two hours, it's unlikely that two guys could
accomplish the same thing in one hour. So I understand why in aggregate
a 5-way box is not five times >as fast as a 1-way box.
I would modify the analogy slightly as follows:
Imagine two guys working on two projects, but having to share tools.
How much time is lost in having to wait for a tool to become available,
or to communicate with one another to see who has the tool, etc. It
isn't the task itself that consumes the time, but the coordination
behind every action that elongates the activity.
In short, the answer is that the MP effect is in the "hardware" (using
the term loosely) operation of the CP(s) in coordinating the actions
that are largely invisibile to the operating system.
depends on the granularity of MP consistency .... in 370 cache machines the
overhead was significant ... baseline started out slowing each processor
down by 10% (in a two-way configuration) just to allow for cross-cache
signaling ... i.e. 2-way was 1.8 times processing of a single processor.
Any actual handling of cross-cache invalidation/coordination was additional
slowdown.
3081 was only going to be a two-way offering ... and there wasn't going
to be any uniprocessor. In large part because ACP/TPF (at the time) didn't
have multiprocessor support ... they came out with 3083 ... which was
a single processor ... that had processor about 15percent faster than
3081 processor (being able to eliminate the cross-cache handling).
The 3084 4-way ... was three times as bad as a 3081 2-way (each processor
cache having to listen to 3 other processors caches ... rather than just
one other). In that time-frame ... both VM and MVS had some amount of
kernel storage restructuring to make things aligned on cache-line
boundaries and multiples of cache-lines (attempting to avoid two
different kernel storage structures overlapping in the same cache
line ... possibly being used by two different processes
concurrently ... resulting in significant cache-line trashing).
The claim was that the kernel storage restructuring for cache-line
sensitivity improved overall thruput by something like five percent.
lots of past SMP related postings
http://www.garlic.com/~lynn/subtopic.html#smp
including mentioning Charlie inventing compare&swap at the
science center
http://www.garlic.com/~lynn/subtopic.html#545tech
I've claimed in the past John's work on 801/risc in the mid-70s
http://www.garlic.com/~lynn/subtopic.html#801
was at least partially motivated by reaction to the extreme hardware
complexity (and failure) of the Future System project
http://www.garlic.com/~lynn/subtopic.html#futuresys
there was also a strong drive that 801/risc would never support
multiprocessing and cache consistency ... reaction to the enormous
thruput penalty seen in 370 (and later) mainframe multiprocessor cache
consistency implementations.
the lack of cache consistency and multiprocessor support was
one of the motivations driving us to do the ha/cmp product,
as a way of getting scale-up
http://www.garlic.com/~lynn/subtopic.html#hacmp
and related old email about MEDUSA effort (cluster in a rack)
http://www.garlic.com/~lynn/lhwemail.html#medusa
however at the time ... we also participated some in the SCI
activity ... we just didn't have a processor that we could
build any machines from ... recent post mentioning SCI
http://www.garlic.com/~lynn/2007g.html#3 University rank of Computer Architecture
somewhat related past thread (from this mailing list) discussing the issue and
citing some 2084 LSPR ratios
http://www.garlic.com/~lynn/2006l.html#30 One of two CPUs - the pros & cons
http://www.garlic.com/~lynn/2006l.html#41 One or two CPUs - the pros & cons
http://www.garlic.com/~lynn/2006l.html#43 One or two CPUs - the pros & cons
http://www.garlic.com/~lynn/2006l.html#47 One or two CPUs - the pros & cons
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Fri, 30 Mar 2007 12:53:59 -0600
krw <krw@att.bizzzz> writes:
True, but FS was killed in '74. Bldg 002 was empty for most of the
six years after, until the 303x was announced. No one was buying
because the economy was on the balls of its ass. In '79/80 they
couldn't ramp production fast enough. There wasn't anyone left
around to turn the lights back on.
re:
http://www.garlic.com/~lynn/2007g.html#9 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#11 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#13 The Perfect Computer - 36 bits?
a lot of the claims were that full technology cycle was on the order
of 7yrs. 3033 was a way of trying to get something new thru the cycle in
half the time (since FS diversion had somewhat drained the 370 pipeline).
http://www.garlic.com/~lynn/subtopic.html#futuresys
... 303x channel director was 158 microengine with the 158 integrated
channel microcode and no 370 microcode, 3031 was 158 microengine with
370 microcode (and no integrated channel microcode), 3032 was 168-3
reconfigured to use "channel directors", and 3033 started out being
168 wiring diagram mapped to newer/faster chip technology ... some
past posts
http://www.garlic.com/~lynn/2007d.html#21 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007d.html#62 Cycles per ASM instruction
http://www.garlic.com/~lynn/2007e.html#32 I/O in Emulated Mainframes
http://www.garlic.com/~lynn/2007f.html#28 The Perfect Computer - 36 bits?
for some drift ... somewhat related to this post
http://www.garlic.com/~lynn/2007g.html#16 What's a CPU second
by '76, the 5-way smp project I had been working on had been killed
... minor old email ref
http://www.garlic.com/~lynn/2006w.html#email750827
other posts mentioning the effort
http://www.garlic.com/~lynn/subtopic.html#bounce
afterwards, a couple of us from the science center had somewhat
surreptitiously dropped into POK and co-opted a couple of the
processor engineers (working on 3033) to spend some of their spare
time working on a 16-way 158 (engine) multiprocessor design (158
engine economic selection was similar to why it was selected for the
channel director).
everything went fine for some time ... most people thot it was
significantly more interesting than the other stuff going on. that is
until somebody happened to mention to the POK director that MVS would
never be able to support the machine (at least not in the expected
lifetime of the product). That resulted in a lot of uproar and some
people were invited to never appear in POK again (and the processor
engineers told to get back to the grind stone and don't look up
again).
part of the issue was that POK had already convinced corporate that vm
product had to be completely killed off and all the people re-assigned
to help getting mvs/xa out the door ... although endicott got a
partial stay of execution ... recent posts/references
http://www.garlic.com/~lynn/2007f.html#26 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#5 Call for XEDIT freeks, submit ISPF requirements
in any case, it wouldn't do to have a revolutionary new high-end
product that the favorite son operating system wouldn't be able to
support (for possibly a couple more decades). so ok, maybe i had
other issues than the ones mentioned here
http://www.garlic.com/~lynn/2007e.html#48 time spent/day on a computer
it was in this time-frame that I first ran into 801/risc. Somebody in
pok was sponsoring an advanced technology symposium ... and we
presented 16-way smp ... and the 801 group also made presentation
on 801/risc and related software technology:
http://www.garlic.com/~lynn/subtopic.html#801
other past posts mentioning the 16-way smp effort
http://www.garlic.com/~lynn/95.html#5 Who started RISC? (was: 64 bit Linux?)
http://www.garlic.com/~lynn/95.html#6 801
http://www.garlic.com/~lynn/95.html#11 801 & power/pc
http://www.garlic.com/~lynn/98.html#40 Comparison Cluster vs SMP?
http://www.garlic.com/~lynn/2002i.html#82 HONE
http://www.garlic.com/~lynn/2003.html#4 vax6k.openecs.org rebirth
http://www.garlic.com/~lynn/2003.html#5 vax6k.openecs.org rebirth
http://www.garlic.com/~lynn/2004f.html#21 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004f.html#26 command line switches [Re: [REALLY OT!] Overuse of symbolic
http://www.garlic.com/~lynn/2004j.html#45 A quote from Crypto-Gram
http://www.garlic.com/~lynn/2004m.html#53 4GHz is the glass ceiling?
http://www.garlic.com/~lynn/2005k.html#45 Performance and Capacity Planning
http://www.garlic.com/~lynn/2005m.html#48 Code density and performance?
http://www.garlic.com/~lynn/2005p.html#39 What ever happened to Tandem and NonStop OS ?
http://www.garlic.com/~lynn/2006c.html#40 IBM 610 workstation computer
http://www.garlic.com/~lynn/2006l.html#30 One or two CPUs - the pros & cons
http://www.garlic.com/~lynn/2006n.html#37 History: How did Forth get its stacks?
http://www.garlic.com/~lynn/2006r.html#22 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006t.html#7 32 or even 64 registers for x86-64?
http://www.garlic.com/~lynn/2006t.html#9 32 or even 64 registers for x86-64?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Complete April Fools' Day RFCs
Newsgroups: bit.listserv.ibm-main
Date: Fri, 30 Mar 2007 14:55:21 -0600
Gabe Goldberg wrote:
The Complete April Fools' Day RFCs
$19.95
1-57398-042-0
Author's site: http://www.rfc-humor.com/
Peer site: http://www.peerllc.com/content/view/24/53/
Amazon: http://www.amazon.com/exec/obidos/ASIN/1573980420
????
my RFC index
http://www.garlic.com/~lynn/rfcietff.htm
in the RFCs listed by section, click on TERM (term->RFC#)
and scroll down to "April1" ... i.e.
April1
4042 4041 3751 3514 3252 3251 3093 3092 3091 2795 2551 2550 2549 2325
2324 2323 2322 2321 2100 1927 1926 1925 1924 1776 1607 1606 1605 1437
1313 1217 1149 1097 852 748
... clicking on an RFC number brings up that RFC summary in the lower
frame. clicking on the ".txt=nnnn" field in the RFC summary retrieves
the actual RFC.
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: T.J. Maxx data theft worse than first reported
Newsgroups: bit.listserv.ibm-main
Date: Fri, 30 Mar 2007 15:48:07 -0600
Don Leahy wrote:
"What are we going to do tonight, Brain?"
"The same thing we do every night, Pinky. Try to take over the world!
If *I* ruled the world retailers wouldn't be allowed to store credit and
debit card numbers on their data bases!"
"Why not Brain, I thought they needed to?"
"Don't think, Pinky, you'll hurt yourself. No, my intellectually
deficient friend, retailers only need store the authorization code they
receive from the card issuer".
"I don't get it Brain, what good would that do?"
"'It's very simple Pinky, but perhaps beyond your limited capacity to
understand. To trace a transaction all they'd have to do is send the
authorization number back to the credit card issuer and the information
chain can be completed. No one would be able to hack into a retailer's
data base and get the card numbers because the card numbers wouldn't be
there! The hackers would be thwarted, Pinky! Then I, Brain, will take
over the card issuers and achieve total world domination! YES!! "
re:
http://www.garlic.com/~lynn/2007g.html#10 Record Credit card heist ...TJM
http://www.garlic.com/~lynn/2007g.html#15 T.J. Maxx data theft worse than first reported
lots of times the dispute process has the consumer calling their bank with
credit card number, merchant, amount and date. the bank then contacts the
merchant with credit card number, merchant, amount and date ... there was
transaction id introduced several years ago to replace it ... but the
uptake wasn't very succesful. the consumer may also contact the merchant
with just account number, amount and date.
the current infrastructure not only requires the account number in several
places in the infrastructure ... making it vulnerable "at rest" ... but
also has it vulnerable in transit as the process is flowing thru various
processes ... i.e. skimming and harvesting vulnerabilities
http://www.garlic.com/~lynn/subintegrity.html#harvest
for replay attacks.
in the past decade ... a number of financial institutions have tried
"one time account numbers" as countermeasure to replay attacks ...
frequently internet specific ... i.e. the consumer is given a whole
list of account numbers ... each which may be used once, and only once.
this moved a significant burden (related to attempting to limit the
current infrastructure fraud vulnerabilities) to the consumer
(where it became the consumers responsibility of keeping track
of which account number went with which purchase). some past posts
mentioning some of the one-time account number deployments:
http://www.garlic.com/~lynn/aadsm17.htm#42 Article on passwords in Wired News
http://www.garlic.com/~lynn/aadsm26.htm#4 Citibank e-mail looks phishy
http://www.garlic.com/~lynn/2003n.html#0 public key vs passwd authentication?
http://www.garlic.com/~lynn/2007c.html#6 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#15 Securing financial transactions a high priority for 2007
note ... these financial institutions typically already had transaction
infrastructures that could map multiple different account numbers
to a common (primary) account.
now, as i've mentioned before, in the mid-90s, the x9a10 financial standard
working group had been given the requirement to preserve the integrity
of the financial institution for all retail payments. the result was
the x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959
part of the standard provided end-to-end strong authentication ... and
precluded being able to use an account number used in x9.59
transactions ... in non-authenticated transactions (eliminating being
able to use harvested/skimmed information from previous transactions
in replay attacks for fraudulent transactions)
other posts/discussions related to the x9.59 financial standard for
all retail transactions
http://www.garlic.com/~lynn/subpubkey.html#privacy
i.e. the issue is that account numbers in the current infrastructure
have diametrically opposing requirements ... on one hand they are used
as a type of shared-secret authentication (analogous password)
... in which case they have to be kept confidential and never divulged
to anybody. On the other hand, the account numbers are a standard part
of numerous business process ... and as such have to be divulged and
made available.
part of the x9.59 financial standard was eliminating the use of
account numbers for two distinctly different business purposes with
diametrically opposing business requirements problem can somewhat be
viewed as frequently occurring systemic problem when a single
construct is used for multiple different business purposes which impose
radically different (and possibly diametrically opposing)
requirements. It would be somewhat like taking existing mainframe
security paradigm using userid & password ... where a lot of
permissions and privileges are associated with the userid ... and the
password is separately used for authentication ... and eliminating the
userid ... requiring that the password be used for both specifying
permissions and privileges as well as used for the purposes of
authentication.
in the financial cryptography mailing list blog
https://financialcryptography.com/mt/archives/000877.html
somebody also used the analogy of infrastructure that decided that the
color of a person's eyes were going to be used for authentication ...
and then blaming the individuals if they didn't go around perpetually
with their eyes closed.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: T.J. Maxx data theft worse than first reported
Newsgroups: bit.listserv.ibm-main
Date: Fri, 30 Mar 2007 16:52:30 -0600
re:
http://www.garlic.com/~lynn/2007g.html#10 Record Credit card heist ...TJM
http://www.garlic.com/~lynn/2007g.html#15 T.J. Maxx data theft worse than first reported
http://www.garlic.com/~lynn/2007g.html#19 T.J. Maxx data theft worse than first reported
and a recent update:
TJX Intruder Had Retailer's Encryption Key
http://www.physorg.com/news94480989.html
from above:
Not that the culprit necessarily needed it. Data was apparently taken
during the card-approval process before it was encrypted. These are
among the latest details in what is almost certainly the worst retail
data breach ever.
... snip ...
i.e. the attacker was skimming the information as part of the initial
transaction process ... as opposed to waiting for a copy to be moved
into some sort of transaction log and then harvesting that log.
for a little drift on the subject
http://www.garlic.com/~lynn/aadsm26.htm#44 Governance of anonymous financial services
all of this has been my periodic comment about security proportional to risk
http://www.garlic.com/~lynn/2001h.html#61
and/or that the attacker can possibly afford to outspend the defender
by possibly 100:1
http://www.garlic.com/~lynn/2007f.html#75 Securing financial transactions a high priority for 2007
and/or that even if the planet was buried under miles of information
hiding encryption, it still wouldn't stop such leaks
http://www.garlic.com/~lynn/2007b.html#8 Special characters in passwords was Re: RACF - Password rules
http://www.garlic.com/~lynn/2007b.html#20 How many 36-bit Unix ports in the old days?
http://www.garlic.com/~lynn/2007b.html#60 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#10 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#33 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#53 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007d.html#34 Mixed Case Password on z/OS 1.7 and ACF 2 Version 8
http://www.garlic.com/~lynn/2007e.html#26 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#75 Securing financial transactions a high priority for 2007
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Fri, 30 Mar 2007 17:34:26 -0600
Peter Flass <Peter_Flass@Yahoo.com> writes:
IBM had and has this problem too. Maybe there's just no way to
quantify it sufficiently for the MBAs that look at this stuff. Many
times I've seen them cancel a product that probably sold lots of
other stuff with it.
gov litigation threw a big monkey wrench into such considerations
... which also led to 23jun69 unbundling announcement and the
change-over to charging for software
http://www.garlic.com/~lynn/subtopic.html#unbundle
each individual component had to have its own price and profit and be
justified purely based on the specific item's profit ... w/o
consideration of possible synergy with other things.
there had been a lot of synergy among components in the 60s
(i.e. bundled) ... but with unbundling ... it started to unravel
... customers were expected to (effectively) justify paying for each
individual component (theoritically w/o regard to any synergy). In
such an environment ... there were difficulties not only for vendors
but also in the customer ranks.
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Bidirectional Binary Self-Joins
Newsgroups: comp.databases.theory
Date: Fri, 30 Mar 2007 19:25:50 -0600
paul c <toledobythesea@oohay.ac> writes:
Not trying to change the example, which I think is excellent, but this
reminds me of the airline game. In flight and related systems, it is
enough to use airline code, flight number (an invented number), date,
scheduled departure and arrival time in hours and minutes, departure
airport code and destination airport code to indicate a flight (or
flight segment, the term that biz uses). One could ask what prevents
two different flights with that recorded key, from taking off from the
same large multi-runway airport in the same minute? The answer is the
key itself, which is embedded in every manual and computer method the
controllers, airport personnel and so forth use, which doesn't include
a runway code, nor anything close to scheduled times measured in
seconds.
actually there are flights that do take off simultaneously. i blame
it on TWA ... the first time I remember seeing it was very early 70s
... twa had plane parked overnight in san jose ... first thing in the
morning, it took off for SFO, with two different flight numbers. in
san fran, some of the passengers ... who thot they had a "direct"
flight with no connections ... found that while their flight number
went direct, they had a "change of equipment" (NOT a connection) ...
since the original equipment continued outbound from SFO with one of
the flight numbers ... and some totally different equipment assumed
the other flight numbers for a different destination.
in a different life, we were given the opportunity to rewrite ROUTES
... one of the common airline res system applications ... i.e. finding
flights/times/etc to get from origin to a destination. as part of the
effort, we were provided a machine readable copy of the OAG ... with
all world-wide commercial flight segments. I believe the "worst" I
found was what appeared to be six different flight segments
... i.e. different flight numbers but identical equipment, identical
departure times from the same airport and identical arrival times at
the same destination airport.
when i expressed my opinion about the "change of equipment" scenario
... the explanation was that agent reservation screens (as well as
printed manuals) typically ordered all direct flights first on the
screen (or in books) before all connecting flights. judicious use of
multiple flights numbers for the same equipment, got a lot of things
moved up to the top of the screen (with people who were avoiding
connecting flights found themselves faced with "change of equipment")
the other "benefit" (of creating multiple different flight nos for the
same equipment), was typical reservation system provided agents with
only a limited number of connecting flight operations. more complex
travel scenarios required agents to manually stitch together some
number of connections. use of multiple flight numbers per equipment
... could provide some additional trip planning help to agents.
so one of the "ten impossible" things (current ROUTES couldn't do and
we were suppose to implement), was being able to find connections
between any two (commercial) airports (some 4k plus) in the world. for
demo, they would give two airports codes ... frequently ones that
nobody had ever heard of before on opposite sides of the world. there
were some that took more than 24hrs elapsed time with 5-6 different
connections.
being able to automatically find all possible origin/destination
... at least eliminated the excuse (for multiple flight nos per
equipment) that the agent was being helped on how to get from any
possible origin to any possible destination.
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Fri, 30 Mar 2007 20:22:47 -0600
krw <krw@att.bizzzz> writes:
Sure, but you forgot the 3081 series in there. The 303x series was
needed because the 3081 technology (originally intended for FS)
wasn't going to be ready when needed. TCMs, and all that, took a lot
more work than expected. OTOH, the 303x was pretty much a remapped
3168 (with differences you've noted) so could be pushed out the door
quickly. The 3033 was ready when the economy turned up in '80ish.
The 3081 wouldn't have been and kabillion$ would have been left on
the table.
re:
http://www.garlic.com/~lynn/2007g.html#17 The Perfect Computer - 36 bits?
we didn't co-op any of the 3081 processor engineers ... just the guys
working on 3033 ... so I knew much less about what the 3081 guys were
doing ... other than i think they got to play leapfrog, the
kingston(?) engineers doing the 3081 while the pok engineers did the
3033, who then went on to do trout/3090.
i.e. get 3033 out in half the time (4-5 years) while it was taking 7-8
years to get 3081 out (as soon as 3033 was out the door ... switch to
trout/3090 in parallel with finishing 3081) ... or ... are we possibly
in violent agreement.
one of the suspicions was that the "i/o" in the 158, 303x channel
director and 3081 had similar characteristics/profile ... i was doing
tests on latency involving different vendor disks, different vendor
controllers, channels and processors ... related to disk head-switch.
3081, 303x channel director and 158 elapsed latencies were nearly
identical. i/o commands in "channel programs" were executed end-to-end
synchronous ... with programs residing in processor memory ... so
end-to-end latency on each command involved processor memory, channel,
control unit, device (and various cable lengths)
you have channel program that reads record on one track and then does
a head switch to a different track ... and attempts to read the next
record ... how much has the disk continued to rotate while the
processing of the head switch command is being processed.
past posts mentioning doing variety of head-switch latencies tests
http://www.garlic.com/~lynn/2000d.html#7 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000d.html#11 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2000d.html#12 4341 was "Is a VAX a mainframe?"
http://www.garlic.com/~lynn/2001j.html#3 YKYGOW...
http://www.garlic.com/~lynn/2002b.html#17 index searching
http://www.garlic.com/~lynn/2003g.html#22 303x, idals, dat, disk head settle, and other rambling folklore
http://www.garlic.com/~lynn/2004d.html#64 System/360 40 years old today
http://www.garlic.com/~lynn/2004d.html#65 System/360 40 years old today
http://www.garlic.com/~lynn/2004d.html#66 System/360 40 years old today
http://www.garlic.com/~lynn/2004e.html#41 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004h.html#43 Hard disk architecture: are outer cylinders still faster than inner cylinders?
http://www.garlic.com/~lynn/2005p.html#38 storage key question
http://www.garlic.com/~lynn/2005s.html#22 MVCIN instruction
http://www.garlic.com/~lynn/2006r.html#40 REAL memory column in SDSF
http://www.garlic.com/~lynn/2006t.html#19 old vm370 mitre benchmark
http://www.garlic.com/~lynn/2006w.html#8 Why these original FORTRAN quirks?
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Bidirectional Binary Self-Joins
Newsgroups: comp.databases.theory
Date: Fri, 30 Mar 2007 20:29:57 -0600
paul c <toledobythesea@oohay.ac> writes:
I think you are probably right about a six-segment likely maximum in
practice, which I seem to remember seeing somewhere, although I only
saw the airline biz for a couple of years. Also, on some continents,
maybe even in NA, smaller airlines like to cheat and re-use flight
numbers for the same plane on the same day at the same airport, to
save fees. I think the airline people call those "lollipop" flights
because if you draw a picture of the route, somewhere there is a leg
connected to a circle of sorts.
When I say flight "number", these days I'm assuming base-36 numbers!
re:
http://www.garlic.com/~lynn/2007g.html#22 Bidirectional Binary Self-Joins
the max. in the world that i found ... was 16 flight segments for the
same flight number (and presumably same equipment) that started early
in the morning and finished late at night at the same airport.
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Bidirectional Binary Self-Joins
Newsgroups: comp.databases.theory
Date: Fri, 30 Mar 2007 20:58:26 -0600
paul c <toledobythesea@oohay.ac> writes:
I knew one consulting company that charged an airline a lot of money
to do that. Eventually the effort was stopped when both parties were
asked to solve the "travelling salesman" problem in a most general
way, which was more or less what they were trying to do. The problem
was new to both parties, even to the airline's most experienced
business analysts! What's more, since that airline did a lot of
contracting out to other airlines, they wanted to include all airports
known to IATA, which numbered about 6,000 airports at the time.
The segment combinations that involved factorials also got the
consulting companies quite interested, suggesting schemas of hundreds
of tables for routing alone, let alone all the other stuff an airline
has to account for today.
re:
http://www.garlic.com/~lynn/2007g.html#22 Bidirectional Binary Self-Joins
some considered that we cheated ... in previous life I had been
involved in doing automated circuit layout ... and number of airports
and flight segments was a much smaller problem than typical circuit
layout problems ... the real trick was being able to do any possible
from/to in subsecond elapsed time (for all possible airports and all
possible flight segments)
bringing it somewhat back to database theory ... when i had been doing
some of the stuff on system/r
http://www.garlic.com/~lynn/subtopic.html#systemr
other refs
http://www.garlic.com/~lynn/2007e.html#31 Quote from comp.object
http://www.garlic.com/~lynn/2007e.html#36 Quote from comp.object
http://www.garlic.com/~lynn/2007e.html#37 Quote from comp.object
i was also involved lending hand to some vlsi design tool group.
there was stuff like chip design, chip physical layout, board layouts,
circuit routing, etc.
the system/r group sort of took some optimizations with relational,
creating tables where the same schema was applied to everything in the
table. some types of chip stuff is very regular/uniform (say memory)
... but other types of chips (processors) could be extremely
non-uniform.
so there was a joint project between the vlsi tools group and various
database people from STL (also where IMS went on) ... where all
relationships were bidirectional and physically instantiated. However,
instead of doing it as exposed record pointers (as in ims) ... it was
done as indexes ... ala the system/r metaphor ... but since there were
a huge number of (bidirectional, instantiated) relationships ... there
was also huge forest of such indexes.
this is the type of stuff that we use for managing the information
for out RFC index
http://www.garlic.com/~lynn/rfcietff.htm
and the various merged taxonomies and glossaries
http://www.garlic.com/~lynn/index.html#glosnote
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Bidirectional Binary Self-Joins
Newsgroups: comp.databases.theory
Date: Sat, 31 Mar 2007 05:24:02 -0600
Anne & Lynn Wheeler <lynn@garlic.com> writes:
so there was a joint project between the vlsi tools group and various
database people from STL (also where IMS went on) ... where all
relationships were bidirectional and physically instantiated. However,
instead of doing it as exposed record pointers (as in ims) ... it was
done as indexes ... ala the system/r metaphor ... but since there were
a huge number of (bidirectional, instantiated) relationships ... there
was also huge forest of such indexes.
this is the type of stuff that we use for the RFC index
http://www.garlic.com/~lynn/rfcietff.htm
and the various merged taxonomies and glossaries
http://www.garlic.com/~lynn/index.html#glosnote
re:
http://www.garlic.com/~lynn/2007g.html#22 Bidirectional binary self-joins
http://www.garlic.com/~lynn/2007g.html#24 Bidirectional binary self-joins
http://www.garlic.com/~lynn/2007g.html#25 Bidirectional binary self-joins
i.e. all the information is maintained in an infrastructure that
directly instantiates bi-directional relationships ... then
applications are used to generate html files for the website
http://www.garlic.com/~lynn/index.html
one of the issues is that the html generation applications attempt to
simulate the extensive bi-directional relationships with (one-way)
hrefs ... which partially accounts for the extremely high density of
"hrefs" per mbyte.
this possibly accounts for what appears to be all the major search
engine crawlers using the site as regression test ... with avg. of
1000 hits/day just from crawlers from all the major search engines.
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Complete April Fools' Day RFCs
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sat, 31 Mar 2007 05:40:19 -0600
re:
http://www.garlic.com/~lynn/2007g.html#18 The Complete April Fools' Day RFCs
for other drift ... old posting of the 1984 april 1st corporate
directive on passwords ... old posting
http://www.garlic.com/~lynn/2001d.html#51 A beautiful morning in AFM.
http://www.garlic.com/~lynn/2001d.html#52 A beautiful morning in AFM.
http://www.garlic.com/~lynn/2001d.html#53 April Fools Day
That year, 1apr84 was on a sunday. the corporate directive appeared on
several bulletin boards monday morning. Unfortunately, several people
took it to be valid (even tho the 1apr84, sunday date should have been
a dead give-away), as a result there was an attempt to identify (and
punish?) the culprit responsible.
Afterwards, corporate letterhead paper was kept under lock and key ...
no longer laying around in the various bldg. 6670/sherpa print rooms.
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Jim Gray Is Missing
Newsgroups: alt.folklore.computers
Date: Sat, 31 Mar 2007 06:18:35 -0600
most recent summary (from this morning)
The Search For Microsoft Researcher Jim Gray
http://www.informationweek.com/news/showArticle.jhtml?articleID=198701579
from above:
Computer scientist Jim Gray disappeared Jan. 26 after sailing out of
San Francisco Bay to scatter his mother's ashes at the Farallon
Islands, 27 miles offshore. An extended, four-day search by the
U.S. Coast Guard by air and sea turned up nothing, and that might have
been that. But the search for the 63-year-old Gray--a distinguished
engineer with Microsoft Research, database expert, and Turing Award
winner for his work in transaction processing--didn't end there.
... snip ...
past pieces of the thread
http://www.garlic.com/~lynn/2007d.html#4 Jim Gray Is Missing
http://www.garlic.com/~lynn/2007d.html#6 Jim Gray Is Missing
http://www.garlic.com/~lynn/2007d.html#8 Jim Gray Is Missing
http://www.garlic.com/~lynn/2007d.html#17 Jim Gray Is Missing
http://www.garlic.com/~lynn/2007d.html#33 Jim Gray Is Missing
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Sat, 31 Mar 2007 10:57:23 -0600
krw <krw@att.bizzzz> writes:
Again, the reason the 303x could be pushed out so fast was that there
was little really all that new. The 3081, OTOH, was new from the
ground up; LEM=>TCM vs. CoB, TTL vs. ECL, much higher density....
yep, seems to be violent agreement ... there had to be rush project
(in the wake of FS) ... not the "normal" 7-8yr product cycle ... then
with two overlapping efforts allowing new products to come out on more
frequent schedule.
re:
http://www.garlic.com/~lynn/2007g.html#11 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#13 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#17 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#21 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007g.html#23 The Perfect Computer - 36 bits?
so this came up in a slightly different way around 1990 with the C4
project in the automobile industry. some number of different vendors
were invited ... including groups from both mainframe and 6000.
now some drift here about rios coming in a year earlier than expected
http://www.garlic.com/~lynn/2007f.html#73 Is computer history taught now?
a few past posts mentioning C4 effort
http://www.garlic.com/~lynn/2000f.html#41 Reason Japanese cars are assembled in the US (was Re: American bigotry)
http://www.garlic.com/~lynn/2000f.html#43 Reason Japanese cars are assembled in the US (was Re: American bigotry)
http://www.garlic.com/~lynn/2003i.html#61 TGV in the USA?
http://www.garlic.com/~lynn/2003i.html#65 TGV in the USA?
http://www.garlic.com/~lynn/2004c.html#51 [OT] Lockheed puts F-16 manuals online
http://www.garlic.com/~lynn/2004h.html#22 Vintage computers are better than modern crap !
http://www.garlic.com/~lynn/2006m.html#49 The Pankian Metaphor (redux)
http://www.garlic.com/~lynn/2007f.html#50 The Perfect Computer - 36 bits?
so i thot that it was slightly ironic that on a project to investigate
how to cut a 7-8yr product cycle in half (to start with) in order to
remain competitive ... that an organization that also had a 7-8yr
product cycle was participating.
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: T.J. Maxx data theft worse than first reported
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sat, 31 Mar 2007 15:05:50 -0600
Anne & Lynn Wheeler wrote:
re:
http://www.garlic.com/~lynn/2007g.html#10 Record Credit card heist ...TJM
http://www.garlic.com/~lynn/2007g.html#15 T.J. Maxx data theft worse
than first reported
http://www.garlic.com/~lynn/2007g.html#19 T.J. Maxx data theft worse
than first reported
and a recent update:
TJX Intruder Had Retailer's Encryption Key
http://www.physorg.com/news94480989.html
from above:
Not that the culprit necessarily needed it. Data was apparently taken
during the card-approval process before it was encrypted. These are
among the latest details in what is almost certainly the worst retail
data breach ever.
.... snip ...
re:
http://www.garlic.com/~lynn/2007g.html#20 T.J. Maxx data theft worse than first reported
and even more
Why Encryption Didn't Save TJX
http://www.physorg.com/news94568787.html
from above:
Encryption has no value when data isn't encrypted, obviously, but
credit cards can't be processed when their numbers are
encrypted. Hence, a smart crook will seek a way to get the data during
that window of time when it's in that state of being "in the clear" -
that is, unencrypted.
TJX's intruder also had a backup plan if data in the clear wasn't
attainable: namely, the decryption key.
... snip ...
we had been brought in to consult with a small client/server startup ... that wanted to do
payments on its server ... past reference
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
and they had this technology called SSL ... the effort has since come to be referred
to frequently as electronic commerce
then we spent some time in the x9a10 financial standards working group
... which had been given the requirement in the mid-90s to preserve
the integrity of the financial infrastructure for all retail
payments. the result was the x9.59 financial sandard
http://www.garlic.com/~lynn/x959.html#x959
part of x9.59 to provide end-to-end strong authentication
... effectively armoring the transaction. the standard effectively
addressed the issue of skimming/harvesting existing information as
part of replay attacks involving fraudulent transactions. Once
the transaction was armored, then there was little need to
hide/encrypt existing transactions and transaction information
... since the crooks were no longer able to use the information for
fraudulent financial transactions.
this also somewhat negated the requirement for the major use of SSL
that we had worked on previously (namely electronic commerce
transactions).
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wylbur and Paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sun, 01 Apr 2007 09:24:01 -0600
gah writes:
I do know that Wylbur ran of a 2301 for active
file storage even before Orvyl, and that was not
on a machine with DAT. You may not want to call
it paging, but it was at least close.
-- glen
or possibly "swapping" ... ctss on 7094 "swapped". apl\360 swapped its
workspaces.
apl\360 had its own terminal handler, dispatcher, and (workspace)
swapper ... the issue was that the workspaces were typically only
16kbytes or possibly 32kbytes. apl\360 tended to have at least two
different allocated (real-storage) workspace areas ... allowing some
overlap of swapping and execution. however, since they were
(real-storage) addresses in a workspace ... they had to be relative to
the start of the workspace ... since any swap-out/swap-in operation
wouldn't guarentee that a apl application always resided at the same
real address i.e. rather than having hardware (virtual) address
relocation ... the application instructions stream had to perform
relative address relocation. some amount of past posts about the
troubles dealing with os/360 paradigm "relocatable address constants"
... which are swizzled to absolute addresses on initial loading
of program image (and therefor became absolute addresses during
execution)
http://www.garlic.com/~lynn/subtopic.html#adcon
the science center
http://www.garlic.com/~lynn/subtopic.html#545tech
ported apl\360 to cms (cp67/cms) for cms\apl (in the very early 70s)
... and dispensed with apl\360s terminal handler, dispatcher, and
workspace handler ... basically the majority of "operating system"
functions ... leaving basically the apl interpreter and storage
manager. this allowed for arbitrarily large workspaces (up to the size
of the virtual address space limit) in virtual memory paged environment.
however, while the apl storage manager worked ok in a small workspace
swapped environment ... it could wreck havoc in large page space
environment. apl did all space management ... eliminating applications
have to worry about allocating and releasing storage maintenance worries
(somewhat like some of the more recent environments like JAVA).
however, on any assignment operation, new storage was always allocated
(and any previous location was "forgotten"). when apl got to the end of
the workspace ... it would perform garbage collection ... coalescing all
allocated memory into (bottom) contiguous area (i.e. garbage collection)
... and starting the process all over again.
the science center was also doing a lot of work on characterizing
operation in virtual memory environment ... one of the things were
detailed execution traces of instruction and storage reference/stores
(this was eventually released as a product called vs/repack ... which
included ability to do semi-automated program restructuring for
optimizing operation in a paged virtual memory environment). One of the
trace applications was drawing storage reference maps ... printed on
1403 printer ... basically storage on the vertical and time along the
horizontal. six ft printed strips (reverse side of green bar paper)
would be printed ... and multiple strips would be stitched together
hanging along the hallway of the science center. apl storage address
references exhibited a very strong saw-tooth pattern ... with storage
location references starting low and then rising very quickly (over
time) to high storage location ... and then a solid vertical line when
garbage collection occured.
the behavior wasn't hazardous with a small swapped workspace ... but was
extremely detrimental in a large paged virtual address space. In any
case, APL storage management (and garbage collection) had to be
significantly reworked for virtual memory environment.
in that period, you saw APL being used for a lot of business modeling
and what-if type operations ... a lot of stuff that you now find being
done with spreadsheet technology. the corporate hdqtrs people had been
doing some business modeling in APL ... but with limitation of 16kbyte
workspaces ... they were hardly able to deal with significant amount of
customer information. The science center cp/cms operation including
offering some amount of timesharing services to other corporate
locations. When cms\apl became available ... several corporate hdqtr
business planners got accounts on the science center machine ... and had
a physical tape sent with large amount of customer information (the most
secret of secret corporate information). This required some amount of
"security" ... since the same machine was also being accessed by some
number of people (faculty and students) from various educational
institutions in the cambridge area.
for lots of topic drift ... reference to other kinds of security
needed to be met by cp67/cms
http://www.nsa.gov/selinux/list-archive/0409/8362.cfm
the other interesting cms\apl related effort was HONE ... where most
of the applications supporting sales, marketing and field people
were written in APL. lots of past posts mentioning HONE and/or APL
applications
http://www.garlic.com/~lynn/subtopic.html#hone
HONE organization initially started by cloning the science center
cp67/cms system deployed on several 360/67 machines in datacenters
around the US. Later this was ported to vm370 and apl\cms (which then
went thru a number of morphs to apl/sv, vs/apl, etc). These systems were
further cloned at numerous places around the world, providing world-wide
online, interactive support for field, sales, and marketing people.
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Can SSL sessions be compromised?
Newsgroups: comp.security.misc
Date: Sun, 01 Apr 2007 09:48:46 -0600
"Powercat" <powercat@verizon.net> writes:
Hello I hope someone will take the time to answer my question. I'm
with a contractor inside someone else's facility. The facility allows
us to use their computers for internet access to our headquarters. We
communicate with HQ via browser-based sessions ("webmail") and this is
via SSL (https) connections. Sometimes we transmit documents (Word,
PDF, etc) attachments using webmail during these SSL sessions.
one of the most common SSL compromises has to do with various kinds of
man-in-the-middle attacks at session startup (as opposed to
evesdropping and/or man-in-the-middle after session is up and
running). misc. posts mentioning MITM-attacks
http://www.garlic.com/~lynn/subintegrity.html#mitm
the issue is weakness in various setups having to do with SSL startup
and whether the client is checking to see whether the server is
actually who the client thinks the server is ... or the process has
degenerated into the client just checking that the server is who the
server claims to be.
part of this has to do with the fundamental digital certificate and
PKI paradigm ... i.e. the trusted distribution of information in an
offline environment ... and the client can have some level of trust
that the information in the digital certificate is valid. the issue is
that an attacker may have a perfectly valid digital certificate with
perfectly valid information ... it is just not the information that
the client expects it to be. what is happening is that some client
processes will just check for valid information (i.e. valid digital
certificate) ... as opposed to valid information exactly matching
some predefined requirement. when clients are (effectively) just
checking for any valid information ... then a MITM-attack
involves setting up a intermediate SSL session (impersonating the
server to the client) and then setting up a second intermediate SSL
session (impersonating the client to the server).
lots of past posts about SSL certificates (including some number of
methods for attacks/compromises)
http://www.garlic.com/~lynn/subpubkey.html#sslcert
i.e. long ago and far away ... we had been called into consult
with this small client/server startup that wanted to do payments
on their servers ... a couple old posts
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
they had this technology that they called SSL ... and we had to do
some transformation from technology to business process and also
detailed vulnerability and threat analysis.
one of the countermeasures is to preload into the client
... the exact information that the client application has to expect
(and make sure that the information in any presented digital
certificate exactly matches). however, this countermeasure
violates the basic assumptions under which digital certificates,
certification authorities, and PKI paradigms are justified and makes
the digital certificates redundant and superfluous.
If the countermeasure involves preloading the exact server
information (for matching against information in digital certificate)
... then it is obvious that the preloaded information could be the
server's public key ... in which case it is no longer necessary to
have a digital certificate. With the client already having the
server's public key, then it would be possible to have a highly
optimized SSL operation with much of the current SSL session protocol
setup chatter eliminated.
various past posts specifically discussing various SSL vulnerabilities
and the catch-22 for the certification authority industry with
some of the countermeasures that result in making the digital
certificates and PKI infrastructure redundant and superfluous
http://www.garlic.com/~lynn/subpubkey.html#catch22
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wylbur and Paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sun, 01 Apr 2007 10:55:25 -0600
gah writes:
I do know that Wylbur ran of a 2301 for active
file storage even before Orvyl, and that was not
on a machine with DAT. You may not want to call
it paging, but it was at least close.
re:
http://www.garlic.com/~lynn/2007g.html#31 Wylbur and Paging
and for somewhat inverse ... boeing huntsville had os/360 mvt release 13
running on 360/67 with DAT turned on ... and no paging. Issue was that
long running applications in MVT could cause severe (real) storage
fragmentation ... and applications tended to require contiguous storage
allocation. they had a bunch of long-running 2250 (graphics) design
applications ... that suffered severe storage fragmentation. DAT wasn't
used to simulate more virtual memory than there was real storage (and
therefor require paging) ... but the amount of virtual memory matched
the amount of real storage ... DAT was being used to re-arrange the
(real) storage addresses so they could appear contiguous.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: U.S. Cedes Top Spot in Global IT Competitiveness
Newsgroups: alt.folklore.computers
Date: Sun, 01 Apr 2007 11:37:40 -0600
one of the places that they were obviously starting to cede was the
automobile industry in the late-70s/early-80s (sparking the import
quotas) ... which was some of what prompted the later C4 effort circa
1990 ... recent reference to C4 here
http://www.garlic.com/~lynn/2007g.html#29 The Perfect Computer - 36 bits
the above contains several past references to the C4 activity (which in
turn contains URLs for more detailed descriptions of what went on in C4)
and more recent references to Toyota ascendancy here
http://www.garlic.com/~lynn/2006m.html#49 The Pankian Metaphor (redux)
http://www.garlic.com/~lynn/2006x.html#32 Toyota set to lift crown from GM
in the early 70s, one of the places I got to do a "HONE" clone
installation ... recent HONE/APL reference here
http://www.garlic.com/~lynn/2007g.html#31 Wylbur and Paging
was in Tokyo. At the time, i remember the exchange rate being
somewhere around 330yen/dollar(?). I believe it then dropped (rose?)
to below 90yen/dollar sometime in the 90s ... before climbing back up
... just checked and it currently lists at 118yen/dollar.
and futher checking w/search engine for historical yen/dollar 1971-current
http://research.stlouisfed.org/fred2/data/EXJPUS.txt
yen hit a "high" against the dollar of 83yen/dollar in 1995 after being
at 358yen/dollar in 1971 ... between 1995 and current, it did manage to
climb back as "low" as 134 in 2002.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: U.S. Cedes Top Spot in Global IT Competitiveness
Newsgroups: alt.folklore.computers
Date: Sun, 01 Apr 2007 12:11:09 -0600
Charles Richmond <frizzle@tx.rr.com> writes:
Have you check the currency exchange rate between the US
and Canada
re:
http://www.garlic.com/~lynn/2007g.html#6 U.S. Cedes Top Spot in Global IT Competitiveness
http://www.garlic.com/~lynn/2007g.html#7 U.S. Cedes Top Spot in Global IT Competitiveness
it is much more useful to check against a major world economy ... and
look at it over much longer period ... since it tends to cover a much
broader range of economic factors (and smooths out relative short-term
up and down fluctuations).
i.e.
http://www.garlic.com/~lynn/2007g.html#34 U.S. Cedes Top Spot in Global IT Competitiveness
Last year, I got taken to task for posting an article reference that
included some comment that Japan's economy was second only after the
US. The claimant was asserting that the EU (as a collection of
countries) had a larger economy than Japan's. In my defense ... it
wasn't my claim, it was a statement in the referenced article.
I may have heard somewhere that Canada had economy about the size of
the state of cal. ... but lets see if search engine can find a
reference:
https://www.cia.gov/cia/publications/factbook/rankorder/2001rank.html
above has GDP rank order and notes information is estimated for 2006
(world) 65,000 (i.e. aggregate)
US 12,980
EU 12,820 (i.e. aggregate)
China 10,000
Japan 4,220
India 4,042
Germany 2,585
UK 1,902
France 1,972
Italy 1,727
Russia 1,723
Brazil 1,616
S. Korea 1,180
Canada 1,165
Mexico 1,134
Spain 1,070
Indonesia 935
Taiwan 668
in any case ... as in previous post
http://www.garlic.com/~lynn/2007g.html#34 U.S. Cedes Top Spot in Global IT Competitiveness
the yen/dollar hit an all-time low of 83 in 1995 (changed
significantly when i saw it around 330 in the early 70s) ... and then
managed to make it back to 130-some in 2002 ... and now somewhat
fluctuates in the 115-130 range.
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wylbur and Paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sun, 01 Apr 2007 12:53:13 -0600
Efinnell15 writes:
I remember Grace Hopper said Alan Turing had paging working on
Burroughs as DUZ, but wasn't popular until IBM invented it decades
later...
re:
http://www.garlic.com/~lynn/2007g.html#31 Wylbur and Paging
http://www.garlic.com/~lynn/2007g.html#33 Wylbur and Paging
Melinda's vm (virtual machine) history paper
http://www.princeton.edu/~melinda/
has a quote about early justification for the project at the science
center
http://www.garlic.com/~lynn/subtopic.html#545tech
and building prototype by adding virtual memory hardware to 360/40
(before 360/67 was available) ... having to do with it was well known
that paging on the Atlas machine didn't work (well? ... and the
technology needing a lot of invention).
misc. past references to the quote
http://www.garlic.com/~lynn/2000f.html#78 TSS ancient history, was X86 ultimate CISC? designs)
http://www.garlic.com/~lynn/2001h.html#10 VM: checking some myths.
http://www.garlic.com/~lynn/2001h.html#26 TECO Critique
http://www.garlic.com/~lynn/2002.html#42 a.f.c history checkup... (was What specifications will the standard year 2001 PC have?)
http://www.garlic.com/~lynn/2003b.html#1 Disk drives as commodities. Was Re: Yamhill
http://www.garlic.com/~lynn/2003m.html#34 SR 15,15 was: IEFBR14 Problems
http://www.garlic.com/~lynn/2005o.html#4 Robert Creasy, RIP
http://www.garlic.com/~lynn/2006i.html#30 virtual memory
http://www.garlic.com/~lynn/2007e.html#1 Designing database tables for performance?
.... of course, I might claim that even the cp67 implementation that I
encountered as undergraduate in spring of '68 ... still wasn't working
all that well either. I then proceeded to do my own algorithms,
implementation, page replacement, thrashing controls, etc. some old
email discussing the subject
http://www.garlic.com/~lynn/lhwemail.html#globallru
and other related posts on the subject
http://www.garlic.com/~lynn/subtopic.html#wsclock
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The Perfect Computer - 36 bits?
Newsgroups: comp.arch,alt.folklore.computers
Date: Sun, 01 Apr 2007 13:21:03 -0600
Morten Reistad <first@last.name> writes:
From sharing of segments, startup of databases, startup of deamons
for network, transactions, necessary initialisations of these,
rollback/forward, various spoolers, etc.
The Tops20 installation I got to know took 17 minutes from load to
usefulness; it was a 2065. A primos-based Prime 4450 (approx 5 mips)
took 27 minutes to get up to speed. This was a transaction system
that distributed live data to lots of clients, and had most of it
in RAM, with sources in databases.
cp67 took a couple minutes in the late 60s ... that also was time for
automatic restart simulated load after (soft) failure.
here is tale about some people at mit having experience with both cp67
and multics in that period ... and the multics coming off very poorly in
comparison ... eventually resulting in recoding sections of multics to
try and make it more favorable comparison.
http://www.multicians.org/thvv/360-67.html
it was highlighted by a local cp67 kernel change that resulted in 27
failures/auto-restarts in a single day ... where multics wouldn't have
been able to even come close to that number ... just because of the
lengthy restart time.
i was partially to blame for that occurance. As an undergraduate I had
added the tty/ascii support for cp67 (base system support 2741 and
1052). I had played some games in the code with truncating line-length
calculations to one byte. The cp67 service running at MIT wanted to add
support for some sort of simulated ascii terminal device over at harvard
(plotter?) which had max. line length more like 1200 bytes. Their kernel
patch updated some constants for maximum line length ... w/o changing
the code that played games with 1byte truncation (which then resulted in
some incorrect lengths being calculated and subsequent sotrage
overlays).
the science center (responsible for cp67) was on the 4th flr
of 545 tech sq.
http://www.garlic.com/~lynn/subtopic.html#545tech
the science center 360/67 machine room was on the 2nd flr and multics
was on the 5th flr.
My recollection was that the MIT Urban systems lab (and their 360/67,
where the referenced cp67 story takes place) was across the tech. sq
courtyard in 5?? tech sq.
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Can SSL sessions be compromised?
Newsgroups: comp.security.misc
Date: Sun, 01 Apr 2007 14:41:29 -0600
"Powercat" <powercat@verizon.net> writes:
I do get "intrusion detected" messages but we think that's because the
IP address of the computer I use is different than the IP address of
the proxy machine -- if I enable local cookies for authentication this
goes away.
your "SSL server" machine may be trying to catch some simple types of
client MITM ... by checking the origin IP-adddress that it sees against
the IP-address that the application on your computer knows about. If the
corporate gateway (between internal corporate operation and the
internet) is using NAT ... then the "SSL server" will be dealing with
the "NAT ip-address" ... not your local client machine ip-address.
part of the issue is that most standard SSL deployments are not doing
mutual authentication ... i.e. the client is using SSL to supposedly
authenticate the server ... but there isn't an equivalent "mutual" SSL
authentication of the client (by the server). As a result, the "SSL
server" is probably attempting to validate/authenticate clients via
other mechanisms ... possibly including various mechanisms where
authentication information is squirreled away in cookies (and not
finding that, falling back to other things, including checking for
inconsistent ip-addresses)
in the early SSL stuff that we were doing for what has since come
to be called electronic commerce
http://www.garlic.com/~lynn/2007g.html#32 Can SSL sessions be compromised?
we eventually mandated SSL mutual authentication between the commerce
servers and the payment gateway (this was before there was a
specification and code for mutual authentication) ... we actually
mandated a number of other implementation details, attempting
to compensate for standard internet environment not really have
been developed with business critical dataprocessing in mind.
in any case, it was during this deployment that we also realized that
for online environments and/or environments where there was existing
relationship between the two entties ... digital certificates and PKI
with certification authorities (CAs) were redundant and superfluous.
There had to be pre-registration and installation of each merchant with
the payment gateway ... and the payment gateway preregistered with each
merchant. In effect, we pre-installed the trusted infromation (& public
key) of each at the other's respective site(s). The traffic flow
continued to look like standard defined SSL protocol ... with all the
extraneous digital certificate protocol chatter ... only because they
wanted to (re-)use the existing software library that they had already
done (that only had support for certificate-based operation) ... aka the
(trusted) information carried by the digital certificates was
essentially meaningless ... since as part of the standard business
relationship process ... the (trusted) information was required to
pre-exist at the respective endpoints.
as before ... lots of past posts mentioning ssl and ssl digital
certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcert
also, various countermeasures to SSL (and other protocol)
vulnerabilities may result in catch-22 for certification authority
industry
http://www.garlic.com/~lynn/subpubkey.html#catch22
and posts mentioning various kinds of mitm-attacks
http://www.garlic.com/~lynn/subintegrity.html#mitm
for some additional information ... our rfc index
http://www.garlic.com/~lynn/rfcietff.htm
and select Term (term->RFC#) in the RFCs listed by section
then select "NAT" in the Acronym fastpath ... i.e.
network address translation
4787 4380 4008 3947 3715 3519 3489 3424 3235 3105 3104 3103 3102
3027 3022 2993 2766 2709 2694 2663 2428 2391 1631
clicking on any RFC number, brings up that RFC in the lower RFC summary
(frame). clicking on the ".txt=nnn" field (in the RFC summary) retrieves
that RFC.
Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wylbur and Paging
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Sun, 01 Apr 2007 15:24:49 -0600
Steve_Thompson@ibm-main.lst (Thompson, Steve) writes:
Trust me, OBS[ACS]/WYLBUR was not APL, it was bona fide ALC using a
"stack" architecture -- very little used R13 save registers. From my
viewpoint, the various parts had been very much integrated so t