List of Archived Posts

2009 Newsgroup Postings (01/01 - 01/19)

Is SUN going to become x86'ed ??
Is SUN going to become x86'ed ??
Is SUN going to become x86'ed ??
Is SUN going to become x86'ed ??
Is SUN going to become x86'ed ??
Is SUN going to become x86'ed ??
mvs preemption dispatcher
Swedish police warn of tampered credit card terminals
Is SUN going to become x86'ed ??
Is SUN going to become x86'ed ??
Swedish police warn of tampered credit card terminals
Swedish police warn of tampered credit card terminals
why stopped?
Is SUN going to become x86'ed ??
What are the challenges in risk analytics post financial crisis?
What are the challenges in risk analytics post financial crisis?
Date arithmetic and Zune bug
Magnetic tape storage
Magnetic tape storage
Magnetic tape storage
Data losses set to soar
Banks to embrace virtualisation in 2009: survey
Need Your Advice
NPR Asks: Will Cloud Computing Work in the White House?
A New Web of Trust
Wrong Instrument for Recurring Payments
Date arithmetic and Zune bug
NPR Asks: Will Cloud Computing Work in the White House?
the Z/10 and timers
Data losses set to soar
the Z/10 and timers
Banks to embrace virtualisation in 2009: survey
What are the challenges in risk analytics post financial crisis?
European Payments Council calls for action on counterfeit cards
Swedish police warn of tampered credit card terminals
Perfect MITM Attacks With No-Check SSL Certs
DECWriter APL Font
Graphics on a Text-Only Display
Flashy Botnet is Flashy
repeat after me: RAID != backup
How many layers exist in a TCP/IP model?
New machine code
Lets play Blame Game...?
Evil weather
Lawyers & programming (x-over from a.f.c discussion)
Security experts identify 25 coding errors
Lawyers & programming (x-over from a.f.c discussion)
repeat after me: RAID != backup
repeat after me: RAID != backup
The 25 Most Dangerous Programming Errors
Greed Is
repeat after me: RAID != backup
The Credit Crunch: Why it happened?
CROOKS and NANNIES: what would Boyd do?
Business Science
Graphics on a Text-Only Display
Data losses set to soar
CROOKS and NANNIES: what would Boyd do?
HONEY I LOVE YOU, but please cut the cards
CROOKS and NANNIES: what would Boyd do?
The 25 Most Dangerous Programming Errors
Does IBM host guest speakers?
IRS Mainframe Not Secure Enough
CROOKS and NANNIES: what would Boyd do?
An bit of an aside: Re: Magnetic tape storage
The 25 Most Dangerous Programming Errors
What's missing in security: business
In the beginning: The making of the Mac
CROOKS and NANNIES: what would Boyd do?
Double authentification for internet payment
A New Role for Old Geeks
CROOKS and NANNIES: what would Boyd do?
Double authentification for internet payment
CROOKS and NANNIES: what would Boyd do?
CROOKS and NANNIES: what would Boyd do?
Delays in DNS security baffling: Mockapetris
Alternative approaches for bailing out the auto industry
CROOKS and NANNIES: what would Boyd do?
Double authentification for internet payment
The Credit Crunch: Why it happened?
Are reckless risks a natural fallout of "excessive" executive compensation ?
Is SUN going to become x86'ed ??
Evil weather
F111 related discussion x-over from Facebook
what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
Banks' Demise: Why have the Governments hired the foxes to mend the chicken runs?
F111 related discussion x-over from Facebook
Cleaning Up Spaghetti Code vs. Getting Rid of It
Slow down to go faster!

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: comp.sys.sun.hardware,alt.folklore.computers
Date: Thu, 01 Jan 2009 12:55:27 -0500
re:
http://www.garlic.com/~lynn/2008s.html#74 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2008s.html#77 Is SUN going to become x86'ed ??

i've mentioned before the HONE system
http://www.garlic.com/~lynn/subtopic.html#hone

... which started out after 23jun69 unbundling announcement as "Hands-On Network Environment" ... virtual machine cp67 systems in a number of (U.S.) datacenters to provide "hands-on" operating system experience for system engineers in branch offices. the science center
http://www.garlic.com/~lynn/subtopic.html#545tech

had also ported apl\360 to cp67/cms for cms\apl ... and a number of APL-based applications were developed for sales & marketing support ... which were deployed on HONE. The sales & marketing support applications quickly came to dominate all HONE use and the "hands-on" aspect withered away.

HONE datacenter (sales & marketing) fairly early started to be cloned in other parts of the world (more from the stand-point of local connectivity) ... in the early 70s I got to do some of them ... when EMEA hdqtrs moved from the U.S. to Paris ... and when local national operation in Japan created one in Tokyo.

In the mid-70s, the various U.S. HONE datacenters were consolidated at one location in Cal. ... and a high-availability (aka mainframe loosely-coupled) installation evolved (multiple loosely-coupled SMP processors sharing large common pool of disks) ... supporting load-balancing and fall-over across the systems in the complex (I've commented before that it was possibly the largest single-system-image operation at the time in the late 70s ... which had nearly 40,000 defined "users" at the time).

In the early 80s ... the Cal. HONE datacenter was first replicated in Dallas then with a 3rd in Boulder ... with load-balancing and fall-over. This was for disaster survivability ... for various kinds of natural disasters (including Cal. earthquakes).

Later when we were doing HA/CMP and cluster scaleup ... old post mentioning meeting in Jan92
http://www.garlic.com/~lynn/95.html#13

two of the people at the Jan92 meeting later left and joined a small client/server startup responsible for something called "commerce server". We were called in to consult because they wanted to do payment transactions on the server ... the startup also had invented this technology called SSL they wanted to us. The activity is now frequently referred to as "electronic commerce".

Part of the effort involved deploying something called a "payment gateway" ... that handled payment transactions between (web) servers and financial transaction infrastructure.
http://www.garlic.com/~lynn/subnetwork.html#gateway

The effort included defining a lot of compensating processes and procedures for internet environment ... trying to approximate what large commercial companies got with having multiple private telco links into financial transaction processor i.e. approx. telco provisioning, diverse routing, etc.

Also lots of these operations were use to having SLA ... aka "service level aggreements" ... which weren't available from ISPs of the period ... so part of the compensating procedures was high levels of redundancy, diverse routing, etc. A typical SLA for commercial customer with dedicated link into financial processor would include continuous, active monitoring with trouble desk being able to do first level problem determination within five minutes (i.e. the financial processor service center would be polling the commerical customer transaction box every couple minutes).

Early in pilot with the "payment gateway", a merchant reported problem with webserver not being able to contact the "payment gateway". After, 3hrs, the trouble desk reported "no trouble found" (NTF). Part of compensating procedures for migrating to internet environment was additional software logging, as well as redundant operation and diagnostic procedures (attempting to reach objective of trouble desk being able to do first level problem determination within five minutes). In that period, we would periodically make the claim that taking a well designed, tested and debugged application and turning it into a "service" requires 4-10 times the original effort.

For some recent "electronic commerce" topic drift ... a couple recent posts regarding SSL infrastructure integrity:
http://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles

... and past posts mentioning 4-10 times effort for turning application into a "service":
http://www.garlic.com/~lynn/aadsm9.htm#cfppki10 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm25.htm#37 How the Classical Scholars dropped security from the canon of Computer Science
http://www.garlic.com/~lynn/aadsm27.htm#48 If your CSO lacks an MBA, fire one of you
http://www.garlic.com/~lynn/2001f.html#75 Test and Set (TS) vs Compare and Swap (CS)
http://www.garlic.com/~lynn/2001n.html#91 Buffer overflow
http://www.garlic.com/~lynn/2001n.html#93 Buffer overflow
http://www.garlic.com/~lynn/2002b.html#59 Computer Naming Conventions
http://www.garlic.com/~lynn/2002n.html#11 Wanted: the SOUNDS of classic computing
http://www.garlic.com/~lynn/2003g.html#62 IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM
http://www.garlic.com/~lynn/2003j.html#15 A Dark Day
http://www.garlic.com/~lynn/2003p.html#37 The BASIC Variations
http://www.garlic.com/~lynn/2004b.html#8 Mars Rover Not Responding
http://www.garlic.com/~lynn/2004b.html#48 Automating secure transactions
http://www.garlic.com/~lynn/2004k.html#20 Vintage computers are better than modern crap !
http://www.garlic.com/~lynn/2004l.html#49 "Perfect" or "Provable" security both crypto and non-crypto?
http://www.garlic.com/~lynn/2004m.html#51 stop worrying about it offshoring - it's doing fine
http://www.garlic.com/~lynn/2004p.html#23 Systems software versus applications software definitions
http://www.garlic.com/~lynn/2004p.html#63 Systems software versus applications software definitions
http://www.garlic.com/~lynn/2004p.html#64 Systems software versus applications software definitions
http://www.garlic.com/~lynn/2005b.html#40 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005i.html#42 Development as Configuration
http://www.garlic.com/~lynn/2005n.html#26 Data communications over telegraph circuits
http://www.garlic.com/~lynn/2006n.html#20 The System/360 Model 20 Wasn't As Bad As All That
http://www.garlic.com/~lynn/2007f.html#37 Is computer history taught now?
http://www.garlic.com/~lynn/2007g.html#51 IBM to the PCM market(the sky is falling!!!the sky is falling!!)
http://www.garlic.com/~lynn/2007h.html#78 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007n.html#10 The top 10 dead (or dying) computer skills
http://www.garlic.com/~lynn/2007n.html#76 PSI MIPS
http://www.garlic.com/~lynn/2007n.html#77 PSI MIPS
http://www.garlic.com/~lynn/2007o.html#23 Outsourcing loosing steam?
http://www.garlic.com/~lynn/2007p.html#54 Industry Standard Time To Analyze A Line Of Code
http://www.garlic.com/~lynn/2007v.html#53 folklore indeed
http://www.garlic.com/~lynn/2008e.html#41 IBM announced z10 ..why so fast...any problem on z 9
http://www.garlic.com/~lynn/2008e.html#50 fraying infrastructure
http://www.garlic.com/~lynn/2008e.html#53 Why Is Less Than 99.9% Uptime Acceptable?
http://www.garlic.com/~lynn/2008i.html#33 Mainframe Project management
http://www.garlic.com/~lynn/2008n.html#20 Michigan industry
http://www.garlic.com/~lynn/2008n.html#35 Builders V. Breakers
http://www.garlic.com/~lynn/2008p.html#48 How much knowledge should a software architect have regarding software security?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: comp.sys.sun.hardware,alt.folklore.computers
Date: Thu, 01 Jan 2009 13:21:10 -0500
Morten Reistad <first@last.name> writes:
Lynn made some points which were useful. I wasn't aware how low the pre-risc uptake of continous computing systems was. At the time (1983 onwards) we thought that such a platform was a very important part of business; but there were evidently not that many of us.

So I learn something new here all the time. One man's noise is another man's signal.


re:
http://www.garlic.com/~lynn/2008s.html#74 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2008s.html#77 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#0 Is SUN going to become x86'ed ??

there were single-site "availability" configurations from the 60 & 70s ... but geographic distributed operations didn't really come into being until high bandwidth, long-haul became more practical & economically feasible.

there were various loosely-coupled/cluster configurations from the 60s & 70s ... and some specialized software ... like the FAA air traffic control system ... recent mention
http://www.garlic.com/~lynn/2008s.html#71 Is SUN going to become x86'ed ??

another was ACP (airline control program) which were used for world-wide reservation systems. In the late 70s, there started to be some uptake of ACP by some financial transaction networks ... and as part of that move into new market segment resulted in renaming ACP to TPF (transaction processing facility). But these were frequently (high availability, bunkered, telco provisioned) single-site.

geographic disaster/recovery is where SBS attempted to move in the very late 70s and early 80s with (higher bandwidth) satellite communication.

somewhat implied here ... IMS (also heavily used in financial arena) moved into more formal hot-standby in the early 80s (as opposed to more manual fall-over)
http://www.garlic.com/~lynn/2007.html#email801016

in this post
http://www.garlic.com/~lynn/2007.html#1 "The Elements of Programming Style"

however, it was more into this century that started to see geographic dispersed parallel sysplex ... which also accounted for objections to our contribution for corporation continuous availability strategy document more than a decade earlier. as previously mentioned here
http://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??

we had coined the terms geographic survivability and disaster survivability when we were out marketing HA/CMP in the early 90s (as differentiation with disaster/recovery).
http://www.garlic.com/~lynn/submain.html#available

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: comp.sys.sun.hardware,alt.folklore.computers
Date: Thu, 01 Jan 2009 14:31:33 -0500
Morten Reistad <first@last.name> writes:
Lynn made some points which were useful. I wasn't aware how low the pre-risc uptake of continous computing systems was. At the time (1983 onwards) we thought that such a platform was a very important part of business; but there were evidently not that many of us.

So I learn something new here all the time. One man's noise is another man's signal.


re:
http://www.garlic.com/~lynn/2009.html#0 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#1 Is SUN going to become x86'ed ??

somewhat the differentiation between high availability systems of the 60s, 70s, and early 80s ... with later systems ... were that the earlier HA systems tended to have a lot of custom, RYO (roll-your-own) ... i.e. customized implementations ... it was later that started to see its move into standard commercial offerings. part of this was wider availability of economical higher bandwidth connections.

Earlier operations tended to be high availability in local datacenter ... and any remote datacenters tended to be disaster/recovery most comingly done with backup tapes.

another aspect was hardware becoming much more reliable ... so the remaining types of failure modes & outages were due to software, environmental factors and human errors ... as mentioned in comment about 100% availability
http://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??

one of the first published studies of this change was by Jim while he was at Tandem ... this was one of the things discussed at the celebration for Jim held last May (i.e. Tandem backing the study ... even though their business was predicated on replicated hardware):
http://www.garlic.com/~lynn/2008i.html#50 Microsoft versus Digital Equipment Corporation
http://www.garlic.com/~lynn/2008i.html#51 Microsoft versus Digital Equipment Corporation
http://www.garlic.com/~lynn/2008l.html#88 Book: "Everyone Else Must Fail"
http://www.garlic.com/~lynn/2008p.html#6 SECURITY and BUSINESS CONTINUITY
http://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: alt.folklore.computers
Date: Thu, 01 Jan 2009 17:22:04 -0500
Morten Reistad <first@last.name> writes:
I have seen lots of survivability stuff find it's way into IBM xSeries Linux-based hardware. Does it have any connection?

re:
http://www.garlic.com/~lynn/2009.html#1 Is SUN going to become x86'ed ??

HA/CMP scaleup ... as mentioned here
http://www.garlic.com/~lynn/95.html#13
and this old email
http://www.garlic.com/~lynn/lhwemail.html#medusa

got transferred and announced specifically for numerical intensive scaleup ... so it had less immediate impact on commercial.

in the mid-90s, there were number of cluster manager and distributed lock manager activities ... so it might be hard to show direct descendent vis-a-vis just influences (i.e. how much RS/6000 AIX HA/CMP was directly copied or just used HA/CMP as an example).

there is folklore that one of the RDBMS vendors (that we worked with) ... did reverse-engineer the HA/CMP distributed lock manager and started offering their high-availability (& cluster, aka concurrent execution, not just simple fall-over) RDBMS on other vendor unix platforms.

there are also cases of (corporate) people that we worked with in HA/CMP showing up on other (availability) projects ... including at other vendors.

i had tried to make nearly all the ha/cmp pieces "posix" complient ... so it would have been relatively straight-foward to port &/or translate into other environments.

ha/cmp project also "outsourced" and/or used external consultants for a lot of the work, for instance, one of the "consultants" that was hired to do some work on HA/CMP geographically distributed file system was from Harvard (at the time) ... but had earlier been at Berkeley and worked on unix fast file system and log structure file system. for topic drift, outsourcing mentioned in other parts of this thread:
http://www.garlic.com/~lynn/2008s.html#71 Is SUN going to become x86'ed ??

in the mainframe arena there has been lots of RAS work down through the yrs ... hardware as well as software ... including both VM and MVS systems. In the 90s there was also big uptake of Linux in mainframe VM virtual machines ... so there were corporate Linux product on both mainframe platforms as well as RISC platforms (which reasonably could assume for there to be influence from both traditional mainframe RAS as well as HA/CMP).

one of the things I had worked on in the early 90s as part of HA/CMP distirbuted lock manager scaleup ... was piggy-backing direct cache-to-cache transfer of records ... w/o first writing to disk "home" location. The issue was that each member of a cluster had their own private transaction logs. In the case of power-outage and then restart ... a DBMS record might have several committed transactions that appeared in multiple different log records, in order to correctly recover required that the log records be replayed in the original temporal sequence (i.e. single logs can be replayed sequentially, but merging multiple logs in original temporal sequence during recovery can be trickier ... w/o fine-resolution global clock mechanism across the whole infrastructure). a lot of organizations were apprehensive about such implementation ... so didn't see much deployment until a decade later.

old post mentioning 40,000 linux virtual machine images running under vm ... with vm running in relatively "small", test LPAR:
http://www.garlic.com/~lynn/2002b.html#36 windows XP and HAL: The CP/M way still works in 2002

an older linux under VM post:
http://www.garlic.com/~lynn/99.html#191 Merced Processor Support at it again

for other RAS topic drift ... past posts about getting to play disk engineer in bldgs. 14 & 15.
http://www.garlic.com/~lynn/subtopic.html#disk

part of that was rewriting operating system I/O subsystem to make it bullet proof for the disk engineering development & test environment. They were running stand-alone, mainframe "bare" machine dedicated time ... with primitive tools (one device testing at a time). They had tried operating under MVS ... but found it to have 15mins MTBF (test & development devices did all sorts of "bad" things). I got things so they could "on-demand" test several devices concurrently in operating system environment (significantly improving productivity).

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: comp.sys.sun.hardware,alt.folklore.computers
Date: Fri, 02 Jan 2009 10:23:00 -0500
Morten Reistad <first@last.name> writes:
9/11 had a lot of lessons to be run on a de-brief. Internet companies came out of it as a knight in shining amrour, where all the contingency plans largely worked. Around 20% of transatlantic capacity and a similar amount of peering capacity was knocked out, but the network handled that without a hitch. In terms of hitting internet connectivity they couldn't have hit a much worse spot. All the emergency power and responder plans worked out very well, except for one location. For a less-than-a-decade old industry with a yearly growth of 80+% I think the ISPs really had their moment of glory that day. There were some server issues from overload, but they were largely peripheral services, easily remedied.

other posts in this thread:
http://www.garlic.com/~lynn/2008s.html#74 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2008s.html#77 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#0 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#1 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#2 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#3 Is SUN going to become x86'ed ??

in the decade earlier incident at the wtc, there was a disaster/recovery datacenter (on lower floor) that was taken out. by itself that wasn't too bad ... but then there was a major financial transaction datacenter in NJ (included handling large number of ATM machines in the US) was taken out when its roof collapse from snow loading ... and its disaster/recovery site was no longer there; instead of hrs recovery ... it was days.

misc. past posts mentioning the early 90s incident:
http://www.garlic.com/~lynn/99.html#145 Q: S/390 on PowerPC?
http://www.garlic.com/~lynn/2001j.html#43 Disaster Stories Needed
http://www.garlic.com/~lynn/2002.html#44 Calculating a Gigalapse
http://www.garlic.com/~lynn/2008i.html#17 Does anyone have any IT data center disaster stories?

old post mentioning bunkered, hardened datacenter
http://www.garlic.com/~lynn/2002m.html#5 Dumb Question - Hardend Site ?

and a couple old posts discussing systemic risk issues with certain kinds of facilities:
http://www.garlic.com/~lynn/98.html#41 AADS, X9.59, & privacy
http://www.garlic.com/~lynn/aadsm2.htm#availability A different architecture? (was Re: certificate path

which included consideration of this most recent activity
http://www.garlic.com/~lynn/2008s.html#76 Boofins bust web authentication with game consoles
http://www.garlic.com/~lynn/2008s.html#78 Boofins bust web authentication with game consoles

including countermeasures for both above ground (black helicopters above the roof) and below ground approaches.

other trivia & topic drift ... large (customer) mainframe datacenter that footed the R&D costs of the major PDU vendor to get enhancements (i.e. handles switching when there is power failure to batteries until the generators are up and then switch to the generators):
http://www.garlic.com/~lynn/2000b.html#85 Mainframe power failure
http://www.garlic.com/~lynn/2001.html#61 Where do the filesystem and RAID system belong?
http://www.garlic.com/~lynn/2002g.html#62 ibm icecube -- return of watercooling?

I've periodically mentioned security proportional to risk and a industrial espionage legal case in silicon valley in the early 80s. The claim was for several billion in damages ... based on theft of unannounced product info. The amount was additional revenue a clone controller might earn by having a product ready to ship on same day as availability of the "original" ... vis-a-vis the delay having to obtain an original product and reverse engineer it in order to come up with a clone. The court effectively said that if the information was so valuable ... had to show/demonstrate security measures proportional to value/risk (trivial analogy are fences around swimming pools to keep out minors). Lots of past posts with references .... while some amount of countermeasures are against outsiders ... the majority of really serious attacks have been always been insiders ... including a lot of activity that plays significant role in the current financial crisis:
http://www.garlic.com/~lynn/aepay7.htm#netbank net banking, is it safe?? ... power to the consumer
http://www.garlic.com/~lynn/aepay7.htm#netbank2 net banking, is it safe?? ... security proportional to risk
http://www.garlic.com/~lynn/aepay7.htm#netsecure some recent threads on netbanking & e-commerce security
http://www.garlic.com/~lynn/aadsm10.htm#cfppki13 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm10.htm#bio6 biometrics
http://www.garlic.com/~lynn/aadsm11.htm#45 Web site exposes credit card fraud
http://www.garlic.com/~lynn/aadsm12.htm#14 Challenge to TCPA/Palladium detractors
http://www.garlic.com/~lynn/aadsm12.htm#15 Challenge to TCPA/Palladium detractors
http://www.garlic.com/~lynn/aadsm12.htm#18 Overcoming the potential downside of TCPA
http://www.garlic.com/~lynn/aadsm14.htm#1 Who's afraid of Mallory Wolf?
http://www.garlic.com/~lynn/aadsm14.htm#4 Who's afraid of Mallory Wolf?
http://www.garlic.com/~lynn/aadsm14.htm#28 Maybe It's Snake Oil All the Way Down
http://www.garlic.com/~lynn/aadsm14.htm#33 An attack on paypal
http://www.garlic.com/~lynn/aadsm15.htm#27 SSL, client certs, and MITM (was WYTM?)
http://www.garlic.com/~lynn/aadsm16.htm#20 Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else before
http://www.garlic.com/~lynn/aadsm17.htm#2 Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)
http://www.garlic.com/~lynn/aadsm17.htm#32 visa cards violated, BofA reissuing after hack attack
http://www.garlic.com/~lynn/aadsm17.htm#46 authentication and authorization (was: Question on the state of the security industry)
http://www.garlic.com/~lynn/aadsm17.htm#47 authentication and authorization ... addenda
http://www.garlic.com/~lynn/aadsm17.htm#53 Using crypto against Phishing, Spoofing and Spamming
http://www.garlic.com/~lynn/aadsm18.htm#6 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#35 Credit card leaks continue at a furious pace
http://www.garlic.com/~lynn/aadsm18.htm#45 Banks Test ID Device for Online Security
http://www.garlic.com/~lynn/aadsm19.htm#1 Do You Need a Digital ID?
http://www.garlic.com/~lynn/aadsm19.htm#15 Loss Expectancy in NPV calculations
http://www.garlic.com/~lynn/aadsm19.htm#25 Digital signatures have a big problem with meaning
http://www.garlic.com/~lynn/aadsm19.htm#45 payment system fraud, etc
http://www.garlic.com/~lynn/aadsm19.htm#47 the limits of crypto and authentication
http://www.garlic.com/~lynn/aadsm20.htm#12 the limits of crypto and authentication
http://www.garlic.com/~lynn/aadsm21.htm#18 'Virtual Card' Offers Online Security Blanket
http://www.garlic.com/~lynn/aadsm21.htm#27 X.509 / PKI, PGP, and IBE Secure Email Technologies
http://www.garlic.com/~lynn/aadsm22.htm#2 GP4.3 - Growth and Fraud - Case #3 - Phishing
http://www.garlic.com/~lynn/aadsm22.htm#3 GP4.3 - Growth and Fraud - Case #3 - Phishing
http://www.garlic.com/~lynn/aadsm22.htm#25 FraudWatch - Chip&Pin, a new tenner (USD10)
http://www.garlic.com/~lynn/aadsm22.htm#36 Unforgeable Blinded Credentials
http://www.garlic.com/~lynn/aadsm23.htm#9 PGP "master keys"
http://www.garlic.com/~lynn/aadsm23.htm#27 Chip-and-Pin terminals were replaced by "repairworkers"?
http://www.garlic.com/~lynn/aadsm23.htm#31 JIBC April 2006 - "Security Revisionism"
http://www.garlic.com/~lynn/aadsm23.htm#54 Status of SRP
http://www.garlic.com/~lynn/aadsm24.htm#5 New ISO standard aims to ensure the security of financial transactions on the Internet
http://www.garlic.com/~lynn/aadsm24.htm#6 Securely handling credit card transactions earns Blackboard kudos
http://www.garlic.com/~lynn/aadsm24.htm#38 Interesting bit of a quote
http://www.garlic.com/~lynn/aadsm24.htm#46 More Brittle Security -- Agriculture
http://www.garlic.com/~lynn/aadsm25.htm#2 Crypto to defend chip IP: snake oil or good idea?
http://www.garlic.com/~lynn/aadsm25.htm#21 Identity v. anonymity -- that is not the question
http://www.garlic.com/~lynn/aadsm25.htm#24 DDA cards may address the UK Chip&Pin woes
http://www.garlic.com/~lynn/aadsm25.htm#33 Mozilla moves on security
http://www.garlic.com/~lynn/aadsm25.htm#34 Mozilla moves on security
http://www.garlic.com/~lynn/aadsm25.htm#39 How the Classical Scholars dropped security from the canon of Computer Science
http://www.garlic.com/~lynn/aadsm25.htm#41 Why security training is really important (and it ain't anything to do with security!)
http://www.garlic.com/~lynn/aadsm26.htm#6 Citibank e-mail looks phishy
http://www.garlic.com/~lynn/aadsm26.htm#11 What is the point of encrypting information that is publicly visible?
http://www.garlic.com/~lynn/aadsm26.htm#24 News.com: IBM donates new privacy tool to open-source Higgins
http://www.garlic.com/~lynn/aadsm26.htm#25 EV - what was the reason, again?
http://www.garlic.com/~lynn/aadsm26.htm#54 What to do about responsible disclosure?
http://www.garlic.com/~lynn/aadsm27.htm#3 Solution to phishing -- an idea who's time has come?
http://www.garlic.com/~lynn/aadsm28.htm#3 Why Security Modelling doesn't work -- the OODA-loop of today's battle
http://www.garlic.com/~lynn/aadsm28.htm#60 Seeking expert on credit card fraud prevention - particularly CNP/online transactions
http://www.garlic.com/~lynn/aadsm28.htm#70 VCs have a self-destruction gene, let's tweak it
http://www.garlic.com/~lynn/aadsm28.htm#71 Paypal -- Practical Approaches to Phishing -- open white paper
http://www.garlic.com/~lynn/aadsm28.htm#73 "Designing and implementing malicious hardware"
http://www.garlic.com/~lynn/aadsm28.htm#74 Visa and MasterCard mandated PCI compliance as of Jan 1, 2008. I would like to get a feel or opinion on this subject
http://www.garlic.com/~lynn/aadsm28.htm#75 Fun with Data Theft/Breach Numbers
http://www.garlic.com/~lynn/2002d.html#7 IBM Mainframe at home
http://www.garlic.com/~lynn/2002d.html#8 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002d.html#9 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002d.html#10 IBM Mainframe at home
http://www.garlic.com/~lynn/2002d.html#11 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002d.html#23 Mainframers: Take back the light (spotlight, that is)
http://www.garlic.com/~lynn/2002d.html#24 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002d.html#25 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002d.html#27 iAPX432 today?
http://www.garlic.com/~lynn/2002d.html#28 Security Proportional to Risk (was: IBM Mainframe at home)
http://www.garlic.com/~lynn/2002f.html#23 Computers in Science Fiction
http://www.garlic.com/~lynn/2002i.html#72 A Lesson In Security
http://www.garlic.com/~lynn/2002j.html#14 Symmetric-Key Credit Card Protocol on Web Site
http://www.garlic.com/~lynn/2002j.html#63 SSL integrity guarantees in abscense of client certificates
http://www.garlic.com/~lynn/2002l.html#11 IEEE article on intelligence and security
http://www.garlic.com/~lynn/2002l.html#12 IEEE article on intelligence and security
http://www.garlic.com/~lynn/2002l.html#35 Cryptography
http://www.garlic.com/~lynn/2002m.html#14 fingerprint authentication
http://www.garlic.com/~lynn/2002m.html#19 A new e-commerce security proposal
http://www.garlic.com/~lynn/2002n.html#20 Help! Good protocol for national ID card?
http://www.garlic.com/~lynn/2002n.html#25 Help! Good protocol for national ID card?
http://www.garlic.com/~lynn/2002n.html#26 Help! Good protocol for national ID card?
http://www.garlic.com/~lynn/2002o.html#67 smartcard+fingerprint
http://www.garlic.com/~lynn/2003l.html#64 Can you use ECC to produce digital signatures? It doesn't see
http://www.garlic.com/~lynn/2003m.html#11 AES-128 good enough for medical data?
http://www.garlic.com/~lynn/2003m.html#51 public key vs passwd authentication?
http://www.garlic.com/~lynn/2003o.html#46 What 'NSA'?
http://www.garlic.com/~lynn/2004.html#29 passwords
http://www.garlic.com/~lynn/2004b.html#39 SSL certificates
http://www.garlic.com/~lynn/2004b.html#48 Automating secure transactions
http://www.garlic.com/~lynn/2004f.html#8 racf
http://www.garlic.com/~lynn/2004f.html#36 MITM attacks
http://www.garlic.com/~lynn/2004j.html#0 New Method for Authenticated Public Key Exchange without Digital Certificates
http://www.garlic.com/~lynn/2004j.html#15 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004l.html#19 FW: Looking for Disk Calc program/Exec (long)
http://www.garlic.com/~lynn/2004l.html#40 "Perfect" or "Provable" security both crypto and non-crypto?
http://www.garlic.com/~lynn/2004m.html#9 REVIEW: "Biometrics for Network Security", Paul Reid
http://www.garlic.com/~lynn/2004m.html#28 Shipwrecks
http://www.garlic.com/~lynn/2005f.html#60 Where should the type information be: in tags and descriptors
http://www.garlic.com/~lynn/2005g.html#51 Security via hardware?
http://www.garlic.com/~lynn/2005g.html#54 Security via hardware?
http://www.garlic.com/~lynn/2005i.html#1 Brit banks introduce delays on interbank xfers due to phishing boom
http://www.garlic.com/~lynn/2005i.html#22 technical question about fingerprint usbkey
http://www.garlic.com/~lynn/2005j.html#53 Banks
http://www.garlic.com/~lynn/2005k.html#23 More on garbage
http://www.garlic.com/~lynn/2005l.html#22 The Worth of Verisign's Brand
http://www.garlic.com/~lynn/2005l.html#35 More Phishing scams, still no SSL being used
http://www.garlic.com/~lynn/2005l.html#36 More Phishing scams, still no SSL being used
http://www.garlic.com/~lynn/2005o.html#2 X509 digital certificate for offline solution
http://www.garlic.com/~lynn/2005p.html#6 Innovative password security
http://www.garlic.com/~lynn/2005p.html#24 Hi-tech no panacea for ID theft woes
http://www.garlic.com/~lynn/2005t.html#32 RSA SecurID product
http://www.garlic.com/~lynn/2005t.html#34 RSA SecurID product
http://www.garlic.com/~lynn/2005u.html#33 PGP Lame question
http://www.garlic.com/~lynn/2005v.html#4 ABN Tape - Found
http://www.garlic.com/~lynn/2006c.html#34 X.509 and ssh
http://www.garlic.com/~lynn/2006d.html#26 Caller ID "spoofing"
http://www.garlic.com/~lynn/2006e.html#26 Debit Cards HACKED now
http://www.garlic.com/~lynn/2006e.html#44 Does the Data Protection Act of 2005 Make Sense
http://www.garlic.com/~lynn/2006h.html#15 Security
http://www.garlic.com/~lynn/2006k.html#4 Passwords for bank sites - change or not?
http://www.garlic.com/~lynn/2006k.html#16 Value of an old IBM PS/2 CL57 SX Laptop
http://www.garlic.com/~lynn/2006k.html#23 Value of an old IBM PS/2 CL57 SX Laptop
http://www.garlic.com/~lynn/2006o.html#20 Gen 2 EPC Protocol Approved as ISO 18000-6C
http://www.garlic.com/~lynn/2006o.html#35 the personal data theft pandemic continues
http://www.garlic.com/~lynn/2006p.html#18 19,000 Accounts Compromised
http://www.garlic.com/~lynn/2006q.html#36 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006s.html#4 Why not 2048 or 4096 bit RSA key issuance?
http://www.garlic.com/~lynn/2006s.html#5 Why not 2048 or 4096 bit RSA key issuance?
http://www.garlic.com/~lynn/2006t.html#5 Are there more stupid people in IT than there used to be?
http://www.garlic.com/~lynn/2006v.html#49 Patent buster for a method that increases password security
http://www.garlic.com/~lynn/2007b.html#33 security engineering versus information security
http://www.garlic.com/~lynn/2007c.html#6 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#8 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#9 Decoding the encryption puzzle
http://www.garlic.com/~lynn/2007c.html#11 Decoding the encryption puzzle
http://www.garlic.com/~lynn/2007c.html#37 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#38 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007c.html#40 Point-of-Sale security
http://www.garlic.com/~lynn/2007c.html#44 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#2 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007e.html#26 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007f.html#31 Is that secure : <form action="https" from a local HTML page ?
http://www.garlic.com/~lynn/2007f.html#36 Silly beginner questions
http://www.garlic.com/~lynn/2007f.html#68 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007g.html#20 T.J. Maxx data theft worse than first reported
http://www.garlic.com/~lynn/2007h.html#56 T.J. Maxx data theft worse than first reported
http://www.garlic.com/~lynn/2007j.html#15 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007l.html#35 My Dream PC -- Chip-Based
http://www.garlic.com/~lynn/2007l.html#40 My Dream PC -- Chip-Based
http://www.garlic.com/~lynn/2007v.html#87 Data Breaches Soar In 2007
http://www.garlic.com/~lynn/2007v.html#90 folklore indeed
http://www.garlic.com/~lynn/2008.html#2 folklore indeed
http://www.garlic.com/~lynn/2008.html#4 folklore indeed
http://www.garlic.com/~lynn/2008.html#5 folklore indeed
http://www.garlic.com/~lynn/2008c.html#47 Data Erasure Products
http://www.garlic.com/~lynn/2008i.html#21 Worst Security Threats?
http://www.garlic.com/~lynn/2008i.html#55 Is data classification the right approach to pursue a risk based information security program?
http://www.garlic.com/~lynn/2008i.html#101 We're losing the battle
http://www.garlic.com/~lynn/2008j.html#48 dollar coins
http://www.garlic.com/~lynn/2008m.html#71 TJ Maxx - why are they still in business?
http://www.garlic.com/~lynn/2008m.html#72 What are security areas to be addressed before starting an e-commerce transaction or setting up a portal?
http://www.garlic.com/~lynn/2008n.html#75 Should online transactions be allowed on credit cards without adequate safeguards?
http://www.garlic.com/~lynn/2008n.html#90 Credit Card Security
http://www.garlic.com/~lynn/2008o.html#16 Is Information Security driven by compliance??
http://www.garlic.com/~lynn/2008o.html#76 Blinkenlights
http://www.garlic.com/~lynn/2008p.html#5 Privacy, Identity theft, account fraud
http://www.garlic.com/~lynn/2008p.html#7 Dealing with the neew MA ID protection law
http://www.garlic.com/~lynn/2008p.html#65 Barbless
http://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
http://www.garlic.com/~lynn/2008s.html#4 Expanding U.S. Tactical Aviation's "Approved Belief"
http://www.garlic.com/~lynn/2008s.html#5 Greed - If greed was the cause of the global meltdown then why does the biz community appoint those who so easily succumb to its temptations?
http://www.garlic.com/~lynn/2008s.html#10 Data leakage - practical measures to improve Information Governance
http://www.garlic.com/~lynn/2008s.html#24 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#28 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: comp.sys.sun.hardware,alt.folklore.computers
Date: Fri, 02 Jan 2009 16:13:57 -0500
Morten Reistad <first@last.name> writes:
10 years later (approx 1999-2003) we saw a lot of contributions to Linux from the combo IBM, NSA, Oracle and a score of contributing smaller companies. SElinux was made; and a lot of HA stuff found it's way into the kernel; such as a lot of MP lock improvements, making the kernel completely asynchronous, journalling and semaphore locks, transactional support code, and lots of small improvements.

Do you know how this effort relates to the original HA effort in the eighties ?


re:
http://www.garlic.com/~lynn/2009.html#0 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#1 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#2 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#3 Is SUN going to become x86'ed ??
http://www.garlic.com/~lynn/2009.html#4 Is SUN going to become x86'ed ??

well, there was (mainframe) ACP (airline control program) using loosely-coupled for reservation systems (and other functions) in the 60s.

lots of various kinds of HA and cluster scaleup continues through the 70s & 80s.

Tandem does HA. vax/cluster does HA. IMS doing hot-standby. TPF (renamed from ACP) doing HA.

The Austin Tandem group doing UNIX based platform ... did a lot of work removing panics from the Unix kernel and other Unix RAS work ... and contributing their work back.

what we started trying to do in late 80s with HA/CMP ... was using commodity parts (effectively taking advantage of what Jim Gray had earlier observed about basic hardware had become significantly more reliable and failure/outages were more frequently from software, environment, people). for a little topic drift ... news item from today:

Why Mirroring Is Not a Backup Solution
http://hardware.slashdot.org/article.pl?sid=09/01/02/1546214

before we started on HA/CMP ... we had also come up with 3tier architecture (and was out pitching to customer executives). For at least some customers (possibly even gov), 3tier included supporting services at multiple different locations.
http://www.garlic.com/~lynn/subnetwork.html#3tier

for small topic drift, we were also on the XTP technical advisory board ... I've posted before about difficulty pitching XTP as HSP (high-speed protocol) to ANSI (ISO) x3s3.3 ... and getting turned down since ANSI/ISO standards had to conform to OSI. A major driving force behind XTP was Chesson ... then at SGI ... but may be recognized as responsible for UUCP when at belllabs. ... various past xtp/hsp posts:
http://www.garlic.com/~lynn/subnetwork.html#xtphsp

however, XTP also was low-latency and had support for reliable multicast. this was being looked at for military fire control systems (where there were assumptions about continued operation in the face of extremely high damage/failure ... and where there may still be surviving XTP implementations).

one of the reasons we were doing ha/cmp for rs/6000 ... was there wasn't a SMP 801/risc hardware platform at the time ... so in addition to high-availability ... cluster was the only way to get rs/6000 scaleup.
http://www.garlic.com/~lynn/subtopic.html#hacmp

A lot of kernel work was attempting to get SMP thruput scaleup for large number of processors (not necessarily primarily HA). a major Oracle reference platfrom was Sequent ... which had migrated to intel processors for large SMP scaleup (and was selling into mainframe datacenter market ... and so was also heavily into RAS). There were lots of cross-fertulization between Sequent & Oracle about thruput and (kernel) locking (for Seuquent's Dynix). Sequent also made claims about doing most of the early SMP locking work for NT kernel. Sequent then started SCI-based SMP project (moving from 32-processor SMP snoopy bus for cache coherency ... to 256-processor SMP NUMA-Q with SCI). This required significant more work on various kinds of fine-grain locking ... both for Dynix SMP scaleup as well as Oracle SMP scaleup. Sequent was also a major reference platform for Informix.

There was lot of kernel RAS work in conjunction with SMP kernel scaleup work ... SMP kernel scaleup looking to move into commercial dataprocessing ... but then effectively found that they also needed commercial RAS. Much of this was complimentary to cluster high-availability work.

IBM then buys Sequent mid-99:
http://news.cnet.com/IBM-buys-Sequent-for-810-million/2100-1001_3-228275.html
and then buys Informix 2001:
http://www.itworld.com/IDG010424informix

some search engine turns up linux/sequent item (just before the IBM purchase):
http://www.linuxhq.com/lnxlists/linux-smp/lm_9905/msg00110.html

and this item:
http://www.knowledgerush.com/kr/encyclopedia/Sequent_Computer_Systems/

from above:
In 1996 they released the first of a new series of machines based on this new architecture. Known internally as STiNG, an abbreviation for Sequent: The Next Generation (with Intel inside), it was productized as NUMA-Q and was the last of the systems released before the company was purchased by IBM for over $800 million. In 2002, after Sun Microsystems began a public discussion of IBM's silence on their NUMA-based x430 system, IBM had a reduction-in-force, announced that it had no further plans to market the x430 and would eventually drop support for the over-10,000 systems that Sequent and IBM had deployed.

... snip ...

We had been involved with SCI and SMP scaleup at various times in the 90s ... but didn't directly have a product using it.

for other topic drift, old posts about SMP and/or compare&swap instruction
http://www.garlic.com/~lynn/subtopic.html#smp

and for even more topic drift:
http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml

for other drift ... we did some consulting work for Steve Chen when he was CTO at sequent ... prior to IBM purchase ... past posts mentioning Steve Chen:
http://www.garlic.com/~lynn/2001n.html#68 CM-5 Thinking Machines, Supercomputers
http://www.garlic.com/~lynn/2001n.html#70 CM-5 Thinking Machines, Supercomputers
http://www.garlic.com/~lynn/2002h.html#42 Looking for Software/Documentation for an Opus 32032 Card
http://www.garlic.com/~lynn/2003d.html#57 Another light on the map going out
http://www.garlic.com/~lynn/2004b.html#19 Worst case scenario?
http://www.garlic.com/~lynn/2006q.html#9 Is no one reading the article?
http://www.garlic.com/~lynn/2006v.html#12 Steve Chen Making China's Supercomputer Grid
http://www.garlic.com/~lynn/2006y.html#38 Wanted: info on old Unisys boxen
http://www.garlic.com/~lynn/2007n.html#1 Is Parallel Programming Just Too Hard?
http://www.garlic.com/~lynn/2008e.html#4 Migration from Mainframe to othre platforms - the othe bell?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

mvs preemption dispatcher

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: mvs preemption dispatcher
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Fri, 02 Jan 2009 20:03:37 -0500
rfochtman@YNC.NET (Rick Fochtman) writes:
Actually, I think that preemptive dispatching and timer pops existed long before MVS. Can we say "Time Slicing" ??

CTSS (7094) would do time-slicing ... predates virtual machine cp/40 doing time-slicing (ran on 360/40 specially modified with virtual memory hardware support) which morphed into cp67 (when 360/67 with standard virtual memory hardware became available).

as an undergraduate in the 60s ... i modified cp67 dispatch/scheduler to support dynamic adaptive resource management. in the morph from cp67 to vm370, much of the dynamic adaptive was dropped ... but preemptive dispatching and time-slicing continued to exist.

there were some number of ("conversational" &/or "time-sharing") subsystems done under os/360 that also would do time-slicing ... like cps ... recent posts mentioning CPS
http://www.garlic.com/~lynn/2008s.html#69
http://www.garlic.com/~lynn/2008s.html#71

this reference describes apl\360 supporting time slicing
http://hopl.murdoch.edu.au/showlanguage2.prx?exp=18

above mentions that apl\360 work was being done by 10 people in a period when tss\360 (the "strategic" operating system for 360/67) had hundreds. i've guessed that tss\360 had possibly 1200 at a time when the science center had 12 working on cp67 and cms. the science center also did port of apl\360 to cp67/cms for cms\apl. The above article mentions that cms\apl ran 20% slower than apl\360. This probably refers to 360/67 running in 360/65 mode (real addressing) had memory cycle of 750ns. Running virtual memory mode added 150ns to the memory cycle time (20%).

Note however, apl\360 typically was limited to 16kbyte (or 32kbyte) real workspaces. cms\apl opened this up to virtual address space size ... as well as adding functions where apl applications could invoke cms system functions (like reading/writing files). apl was frequently used for modeling and/or kinds of applications currently done with spreadsheets, however these applications were severely limited in apl\360. with cms\apl it was possible to start doing real-world applications. One such was that the business planning people in Armonk loading customer business information on the science center cp67 system and were using cms\apl (remotely from armonk) to do customer and business modeling.

i've periodically claimed that part of the reason i got to do the "resource manager" for vm370 (being again able to ship again much of the stuff that i had done nearly a decade earlier as undergraduate) .... was first little 370 work went on during the future system days (assumption was that future system would replace all 370)
http://www.garlic.com/~lynn/submain.html#futuresys

then when future system project was killed ... there was mad rush to get products back into the 370 hardware & software product pipeline (i had somewhat pan'ed future system and continued to focus on 360/370).

recent post with reference about joke built into the resource manager:
http://www.garlic.com/~lynn/2008p.html#1

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Swedish police warn of tampered credit card terminals

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Swedish police warn of tampered credit card terminals
Date: Jan 03, 2009
Blog: Payment Systems Network
Swedish police warn of tampered credit card terminals
http://www.networkworld.com/news/2009/011209-nsa-helps-name-most-dangerous.html

from above:
The case is similar to one revealed earlier this year affecting several U.K. retailers, where point-of-sale devices were hacked to record debit and credit card details for use in frauds. It also demonstrates the increasing technical knowledge cybercriminals have gained in order to perpetuate card fraud.

... snip ...

we had been called in to consult with a small client/server startup that wanted to do payment transactions on their server ... and had this technology they had invented called SSL they wanted to use .... effort is now frequently called "electronic commerce". Some recent problems with the implementation ... including references to little new has been done since 1995 (which we have referred to the effort as "comfort" as opposed to "security")
http://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles

lots of past posts mentioning SSL certificates (including threads that refer to them as "comfort")
http://www.garlic.com/~lynn/subpubkey.html#sslcert

in the mid-90s, we were then asked to participate in the x9a10 financial standard working group which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments. the result was the x9.59 financial transaction standard
http://www.garlic.com/~lynn/x959.html#x959

X9.59 didn't do anything about data breaches, skimming, evesdropping, etc expoits (i.e. crooks being able to harvest information from valid transactions for the purpose of performing fraudulent financial transactions). However, x9.59 did tweak the paradigm so that crooks could no longer use the information for fraudulent transactions (they could still "steal" credit card details ... but they could no longer use that information for other fraudulent transactions, aka x9.59 included countermeasure to various kinds of replay attacks).

Now the largest use of SSL in the world today is this thing we had worked on now comingly referred to as "electronic commerce" ... as part of hiding credit card details. X9.59 changes the paradigm so it is no longer necessary to hide credit card details ... and therefor eliminates the major use for SSL.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: alt.folklore.computers
Date: Sun, 04 Jan 2009 10:17:26 -0500
jmfbahciv <jmfbahciv@aol> writes:
that's (10 years) isn't long enough. Most operations people didn't keep each yearly save; they replaced it with the "new" one. That's how sources got lost. Not everybody had a warehouse dedicated to tape-that-will-never-be-used storage.

I got into the habit of backing up nearly everything, everytime i could.

One of the processes ... was normally a cp67 (card-image) kernel deck was built to tape (although there for a time at the start there was card tray of the "current deck"). The "BPS" loader could IPL the deck off tape (as well as from the card reader). The loader would pull all the card decks into memory and build a core-image of the program ... and then transfer to the program. The "start" of cp67 kernel deck ... was actually some code that wrote the core-image to disk ... where cp67 was normally IPL'ed from. Recent thread discussing "BPS" loader used for cp67:
http://www.garlic.com/~lynn/2008s.html#56 Computer History Museum
http://www.garlic.com/~lynn/2008s.html#64 Computer History Museum
http://www.garlic.com/~lynn/2008s.html#65 Computer History Museum

The tapes for "stable" systems were kept for some period (as fall-back in case of reliability issues with "new" systems). The card-image on tape also occupied very little of the tape ... so I added to the procedure, processes that would "dump" everything (source, procedures, etc) necessary to recreate the card-image. Over the yrs, I had kept some number of these tapes ... including migrating to newer tape technology as necessary (starting from 9trk 800bpi).

In the mid-80s, when Melinda
http://www.leeandmelindavarian.com/Melinda/
http://www.leeandmelindavarian.com/Melinda/

was looking for original copies of the cp67 multi-level source update procedures ... I was able to provide her with the files that I pulled off one such tape ... past references:
http://www.garlic.com/~lynn/2003e.html#66 History of project maintenance tools -- what and when?
http://www.garlic.com/~lynn/2004b.html#59 A POX on you, Dennis Ritchie!!!
http://www.garlic.com/~lynn/2004m.html#30 Shipwrecks
http://www.garlic.com/~lynn/2005i.html#30 Status of Software Reuse?
http://www.garlic.com/~lynn/2006e.html#7 About TLB in lower-level caches
http://www.garlic.com/~lynn/2006q.html#45 Was FORTRAN buggy?
http://www.garlic.com/~lynn/2006w.html#42 vmshare
http://www.garlic.com/~lynn/2006w.html#48 vmshare

This was before the period in Almaden when quite a few of my tapes (and others) were wiped out ... there were problems where randomly selected tapes were being mounted for scratch. misc. past references:
http://www.garlic.com/~lynn/2003j.html#14 A Dark Day
http://www.garlic.com/~lynn/2006w.html#42 vmshare
http://www.garlic.com/~lynn/2007l.html#51 Scholars needed to build a computer history bibliography

However, shortly after the tapes being wiped out ... I was contacted by corporate lawyers looking for some cp67 source that I had done as an undergraduate (before becoming an employee). They were attempting to show prior art in a patent dispute regarding monitoring computer activity (basically technology that produced performance & activity reports). My stuff from undergraduate days was slightly different since my monitoring was use by dynamic adaptive resource management (but the monitoring methodology was effectively the same for the purpose of the patent dispute). The issue was my undergraduate work predated the patent application, but the later work didn't.

For additional drift ... I had done CMSBACK which was deployed internally for a couple generations, morphed into workstation datasave and released as a product, morphed into ADSM ... which was subsequently renamed TSM (Tivoli Storage Manager). Some old email
http://www.garlic.com/~lynn/lhwemail.html#cmsback
and misc. past posts referencing archived &/or backup
http://www.garlic.com/~lynn/submain.html#backup

There have been some facetious comments about blaming me for the backup paranoia in PROFS and incident involving the executive branch in the early 80s and using PROFS backup files in evidence.

For even more topic drift ... lots of old email snippets:
http://www.garlic.com/~lynn/lhwemail.html

some of the backups did include performance monitoring data ... which allowed for making comparisons of 360/67 cp67 performance against 3081 vm370 performance for highlighting that relative disk system thruput had declined by an order of magnitude (disks had increased thruput but processors thruput had increased by an order of magnitude more).
http://www.garlic.com/~lynn/93.html#31 Big I/O or Kicking the Mainframe out the Door
http://www.garlic.com/~lynn/94.html#43 Bloat, elegance, simplicity and other irrelevant concepts
http://www.garlic.com/~lynn/94.html#55 How Do the Old Mainframes Compare to Today's Micros?
http://www.garlic.com/~lynn/95.html#10 Virtual Memory (A return to the past?)
http://www.garlic.com/~lynn/98.html#46 The god old days(???)
http://www.garlic.com/~lynn/99.html#4 IBM S/360
http://www.garlic.com/~lynn/2001d.html#66 Pentium 4 Prefetch engine?
http://www.garlic.com/~lynn/2001f.html#62 any 70's era supercomputers that ran as slow as today's supercomputers?
http://www.garlic.com/~lynn/2001l.html#40 MVS History (all parts)
http://www.garlic.com/~lynn/2001l.html#61 MVS History (all parts)
http://www.garlic.com/~lynn/2001m.html#23 Smallest Storage Capacity Hard Disk?
http://www.garlic.com/~lynn/2002.html#5 index searching
http://www.garlic.com/~lynn/2002b.html#11 Microcode? (& index searching)
http://www.garlic.com/~lynn/2002b.html#20 index searching
http://www.garlic.com/~lynn/2002e.html#8 What are some impressive page rates?
http://www.garlic.com/~lynn/2002e.html#9 What are some impressive page rates?
http://www.garlic.com/~lynn/2004p.html#39 100% CPU is not always bad

Misc. past posts about joke that I put in the resource manager with regard to manually tuning (based on performance & activity reports) vis-a-vis direct dynamic adaptive resource management:
http://www.garlic.com/~lynn/2001b.html#18 Linux IA-64 interrupts [was Re: Itanium benchmarks ...]
http://www.garlic.com/~lynn/2001l.html#9 mainframe question
http://www.garlic.com/~lynn/2002c.html#16 OS Workloads : Interactive etc
http://www.garlic.com/~lynn/2002c.html#54 Swapper was Re: History of Login Names
http://www.garlic.com/~lynn/2002i.html#53 wrt code first, document later
http://www.garlic.com/~lynn/2004o.html#10 Multi-processor timing issue
http://www.garlic.com/~lynn/2005p.html#31 z/VM performance
http://www.garlic.com/~lynn/2006b.html#21 IBM 3090/VM Humor
http://www.garlic.com/~lynn/2006h.html#22 The Pankian Metaphor
http://www.garlic.com/~lynn/2006y.html#17 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2007g.html#56 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007i.html#43 Latest Principles of Operation
http://www.garlic.com/~lynn/2007i.html#77 Sizing CPU
http://www.garlic.com/~lynn/2008.html#16 No Glory for the PDP-15
http://www.garlic.com/~lynn/2008.html#88 folklore indeed
http://www.garlic.com/~lynn/2008g.html#35 Does TCP Need an Overhaul?
http://www.garlic.com/~lynn/2008p.html#1 My Funniest or Most Memorable Moment at IBM
http://www.garlic.com/~lynn/2008p.html#4 Strings story
http://www.garlic.com/~lynn/2008p.html#41 Automation is still not accepted to streamline the business processes... why organizations are not accepting newer technologies?
http://www.garlic.com/~lynn/2009.html#6 mvs preemption dispatcher

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: alt.folklore.computers
Date: Sun, 04 Jan 2009 10:31:56 -0500
Bernd Felsche <berfel@innovative.iinet.net.au> writes:
It's actually a PITA because you also have to make sure that you have the ability to be able to recover from those backups; i.e. legacy system support which can cost tens to hundreds of thousands of dollars a year. Copying the backups to newer media is also required as tapes and CD/DVD media "age" perceptably. Not maintaining a legacy system would obsolete the backups; or require the construction of a backward-compatible system in the event of a "need" to recover.

re:
http://www.garlic.com/~lynn/2009.html#8 Is SUN going to become x86'ed ??

from part of thread mentioned in above
http://www.garlic.com/~lynn/2008s.html#64 Computer History Museum

looking for copy of the original BPS loader source. The above discusses full source and executable infrastructure for vm370 release 6 (a little less than 30yrs old) ... for running under hercules. "aws" is file image of mainframe tapes ... in EBCDIC. It doesn't take a whole lot to extract all the vm370 release 6 source files as linux, ascii files.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Swedish police warn of tampered credit card terminals

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Swedish police warn of tampered credit card terminals
Date: Jan 04, 2009
Blog: Payment Systems Network
re:
http://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals

X9.59 financial standard approach it slightly different ... the standard stated that account numbers used in X9.59 transactions could only be used in appropriately authenticated transactions. X9.59 didn't do anything about preventing non-X9.59 transactions ... it just eliminated evesdropping/harvesting as an exploit for x9.59 transactions ... basically a form of replay attack (using the information from previous transactions for fraudulent transactions).

Part of the approach came from security proportional to risk paradigm philosophy and co-existing with legacy operations while also offering increased integrity.

Basically x9.59 and EMV originated in approx. the same period ... and in the EMV deployment period involving the yes card exploit ... lots of past posts mentioning the yes card exploit
http://www.garlic.com/~lynn/subintegrity.html#yescard

it was demonstrated that a trivial software tweak, downloaded from the acquiring operations (that any existing chip-accepting card interface was connected to) could easily perform several different kinds of transactions ... including x9.59 transactions.
http://www.garlic.com/~lynn/x959.html#x959

oh ... and for the fun of it ... this recent post mentioning the invention and archeology of magstripe ... in thread about web security hasn't moved since 1995:
http://www.garlic.com/~lynn/2008s.html#25

The bldg. mentioned in the above post related to magstripe ... was also involved in developing early ATM machines. As mentioned, for a period ... I had part of a wing and several labs in the same bldg.

Also mentioned in the above post regarding NACHA trials
http://www.garlic.com/~lynn/x959.html#aadsnacha

and a more recent post referencing infrastructure about major technologies and some amount of archeology regarding evolution of ATM processing (more oriented towards the networks & backends ... which is claimed to involve the majority of ATM transactions in the world today at some point)
http://www.garlic.com/~lynn/2008s.html#77

also discussed in this post
http://www.garlic.com/~lynn/2009.html#1

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Swedish police warn of tampered credit card terminals

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Swedish police warn of tampered credit card terminals
Date: Jan 04, 2009
Blog: Payment Systems Network
As mentioned earlier in this thread
http://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#10 Swedish police warn of tampered credit card terminals

... and many others, x9.59 avoided that problem by making the information in x9.59 transactions not usable in non-x9.59 (and/or magstripe) transactions.
http://www.garlic.com/~lynn/x959.html#x959

Part of this was the result of the requirement given the x9a10 financial standard working group to preserve the integrity of the financial infrastructure for ALL retail payments. That made x9.59 financial standard transaction protocol that right out of the starting gate, from day-one, had to support ALL kinds of payment methods; i.e. debit, credit, ATM, stored-value, ACH, etc ... as well as ALL kinds of payment environments, point-of-sale, cash machines, internet, face-to-face, unattended, transit gates, contact, contactless, proximity, wireless

It wasn't allowed for the x9a10 financial standard effort to myopically focus on just some narrow slice.

One of the issues in some of the other kinds of solutions in the US market is that there were some earlier false starts ... that then had to regroup for some period of time. For instance in the early part of this decade there was a large deployment of POS chipcards ... which turned out to be vulnerable to the yes card exploit
http://www.garlic.com/~lynn/subintegrity.html#yescard

It isn't so much the cost of a "single" deployment in the US market ... after some of the earlier failures ... it is the prospect of the cost for large number of repeated deployments ... hoping eventually that one of them will get it correct.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

why stopped?

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: why stopped?
Date: Jan 04, 2009
Blog: Facebook Concorde
I worked for boeing computer services in 1969 ... they had mockups of both SST and 747 (and a 747 was flying skys of seattle getting FAA certification).

this is wiki page for SST
https://en.wikipedia.org/wiki/Boeing_2707

and talks about it being canceled ... in part because of environmental issues.

This is BOEING history
http://www.boeing.com/history/chronology/chron10.html

Above has some mention of SST. It also mentions that BCS wasn't formed until May 25, 1970. I was undergraduate in 60s ... and had been talked into teaching one week class to the (small) BCS technical staff (during '69 spring break, more than a yr earlier) and then worked for BCS during summer '69 (as a full time mid-level employee that was still student). My memory was that there were ongoing problems with the executive that headed up BCS getting executives of the large corporate datacenters to recognize his authority (which may account for listing BCS not being formed until May 25, 1970).

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: alt.folklore.computers
Date: Sun, 04 Jan 2009 19:45:08 -0500
Peter Flass <Peter_Flass@Yahoo.com> writes:
You don't happen to have saved any of these? I haven't seen CP67 sources anywhere yet.

re:
http://www.garlic.com/~lynn/2009.html#8 Is SUN going to become x86'ed ??

as per the last part of the previous post ... i had consolidated several of the 800bpi & 1600bpi 9trk tapes from cp67 era ... first on to 6250bpi tapes ... which then were consolidated to 3480 cartridges.

The request from melinda for copy of source update procedures from cp67 days .... came while the tapes were still intact ... complete copies of source, updates and all the processes for recreating specific executable (cp67) kernel. later the problems in the almaden datacenter with random tapes being mounted for scratch ... managed to obliterate large number of my tapes ... including all the ones with cp67 source.

small part of list of tapes "lost" during the period of troubles at alamden datacenter ... note "FILES" (in following) refers to number of "tape" files, separated by tape marks ... as opposed to cms files:

001018          01/01/99 IUO             10FILES, CP/67 SOURCE & SYSTEM
001381          01/01/99 IUO             CAMB. WHEELER ARCHIVE
001642          01/01/99 UNCL            SL-8FILE CMS SYSTEM & MY FILES ABOUT 5/
001720          01/01/99 UNCL ALL        SL-8FILE PRPQ3.7, CMS, MISC
002090          12/31/99 UNCL            SL-10FILES, CP/67 SOURCE & SYSTEM
002826          01/01/99 UNCL            SL-1FILE CP2.0 SOURCE
004376          01/01/99 IUO  ALL        SL-5FILE VM2.15 + LOCAL
004789          01/01/99 UNCL ALL        SL-8FILE CAMBRIDG ARCHIVE

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

What are the challenges in risk analytics post financial crisis?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What are the challenges in risk analytics post financial crisis?
Date: Jan 05, 2009
Blog: Risk Management
Lenders (especially often unregulated mortgage originators) were able to unload the loans through securitized instruments.

The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html

from above:
Watsa's only sin was in being a little too early with his prediction that the era of credit expansion would end badly. This is what he said in Fairfax's 2003 annual report: "It seems to us that securitization eliminates the incentive for the originator of [a] loan to be credit sensitive. Prior to securitization, the dealer would be very concerned about who was given credit to buy an automobile. With securitization, the dealer (almost) does not care."

... snip ...

A couple months ago, in the congressional hearings into securitized instruments, it was mentioned that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers were paying the rating agencies for the triple-A ratings (the word "fraud" was used several times). Just now on one of the TV business news programs, there was discussion about how to replace the current rating agency infrastructure (in order to correct the problems). There was comment that the current paradigm really was a change-over that happened in the early 70s (when there was switch to the instrument issuers paying for the the ratings).

The triple-A ratings for toxic CDOs greatly increased the institutions that would deal in toxic CDOs ... as well as greatly increasing the amount money available to the lenders (who were unloading their loans as toxic CDOs). In the congressional hearings there was also discussions that having the toxic CDOs sellers paying for the ratings, "mis-aligned" the business interests (i.e. the ratings were being done in the interest of those selling the toxic CDOs, not in the interest of those buying the toxic CDOs).

Then there were a lot of the institutions that were buying up these triple-A rated toxic CDOs .... that even with the triple-A ratings there was still indications of the actual quality ... and the institutions were buying them anyway.

How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
and Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/

a recent article:

Computer Models and the Global Economic Crash
http://news.slashdot.org/article.pl?sid=08/12/16/2048235&tid=98
Axioms, downturns, and a global (computer?) crash
http://arstechnica.com/news.ars/post/20081215-axioms-downturns-and-a-global-computer-crash.html

Some number of the institutions buying triple-A rated toxic CDOs were playing long/short mismatch ... even tho that has been known for centuries to take down institutions. Comment was that Bear-Stearn and Lehman had marginal chance surviving (playing long/short mismatch)
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/

The recent washington post series about CDS ... basically talked about CDS being sold on instruments that were totally unrelated to the original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html

related thread in comp.arch
http://www.garlic.com/~lynn/2008s.html#23 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#24 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#27 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#28 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#33 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#57 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#59 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#60 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#62 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#63 Gargbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#70 Gargbage in, garbage out trampled by Moore's law

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

What are the challenges in risk analytics post financial crisis?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What are the challenges in risk analytics post financial crisis?
Date: Jan 05, 2009
Blog: Risk Management
re:
http://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?

TV business news show just finished segment with a repeated refrain that the regulatory agencies are more interested in protecting wall street than protecting the investor (which is going to have to significantly change)... semi-related article here:

The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php

from above:
Markets need regulation to stay stable. We have had thirty years of financial deregulation. Now we are seeing chickens coming home to roost. This is the key argument of Professor Nick Bingham, a mathematician at Imperial College London, in an article published today in Significance, the magazine of the Royal Statistical Society.

... snip ...

With regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.

Report on the Role and Function of Credit Rating Agencies in the Operation of the Securities Markets; As Required by Section 702(b) of the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf

long winded, decade old post discussing some of the current issues
http://www.garlic.com/~lynn/aepay3.htm#riskm

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Date arithmetic and Zune bug

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Date arithmetic and Zune bug
Newsgroups: comp.arch
Date: Mon, 05 Jan 2009 14:14:46 -0500
"Ken Hagan" <K.Hagan@thermoteknix.com> writes:
Disbelief? You jest, sir. Leap year problems are easy to pose but the historical evidence is that both programmers and QA testers find them almost impossible to handle. My impression is that far more software failed on 29:Feb:2000 than did 8 weeks previously, which is quite stunning when you consider that the requirement here was for a no-op.

there was y2k discussion thread in the early 80s (talking about the impending century problem) ... and there were instances of other kinds of failures in processing dates ... frequent failures involve leap yrs; one of the entries extracted here (including problem in airline reservation system that happened on 29feb72 and a problem in how dates are handled for shuttle missions):
http://www.garlic.com/~lynn/99.html#email841207

in these old threads:
http://www.garlic.com/~lynn/99.html#24 BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/99.html#233 Computer of the century

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Magnetic tape storage

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Magnetic tape storage
Newsgroups: alt.folklore.computers
Date: Mon, 05 Jan 2009 14:56:30 -0500
Morten Reistad <first@last.name> writes:
Very little hardware could handle that. Prime has a limit of 6k, ISTR 16k on some DEC equipment (probably the controller); and I know some IBM equipment could handle block sizes up to available dma memory.

recent mention of cmsback:
http://www.garlic.com/~lynn/2009.html#8 Is SUN going to become x86'ed ??

as part of doing CMSBACK (which was used internal and then went thru some product versions eventually morphing into the current TSM) ... misc. old email
http://www.garlic.com/~lynn/lhwemail.html#cmsback

I started out modifying the standard cms tape-based maintenance utility VMFPLC. VMFPLC in turn was a modified version of the cms utility TAPE. TAPE would write the FST (file descriptor) as a tape record followed by the file data blocked as one or more 800-byte tape records.

VMFPLC added some number of additional function and changed the 800-byte tape record blocking to 4k-bytes. However, for small files, there were still a minimum of two tape records (and two inter-record gaps).

I creating VMXPLC from VMFPLC by adding some more function for backup/archive, combined the FST tape record with the first/only file tape data record ... and allowed file data to be blocked as multiple 4k-byte records (minimum of one inter-record gap for small files, instead of two ... and multiple 4k data block tape records for larger files).

I also made sure that buffers were 4k-byte page allowed ... which enabled various kinds of performance & thruput tricks when dealing with page-mapped filesystem ... misc. past posts mentioning having done page-mapped filesystem for CMS. Part of this was standard CMS operation was synchronous ... but with paged-mapped filesystem it was possible to do a fair amount of asynchronous, overlapped operations ... with paging infrastructure providing the appropriate serialization. vmxplc would setup for things like multiple asynchronous, overlapped buffering ... which would be purely synchronous with normal filesystems ... but become asynchronous if page-mapped filesystem was involved:
http://www.garlic.com/~lynn/submain.html#mmap

IBM tape channel (I/O) programming tended to have tape records limited to length of what could be done with single channel command word ... which only had a half-word (16bit) length field ... common practice further limited things to 32k ... so that half-word signed operations worked correctly.

misc. past posts referring to (mostly tape) backup/archive:
http://www.garlic.com/~lynn/submain.html#backup

misc. past posts mentioning vmfplc &/or vmxplc:
http://www.garlic.com/~lynn/99.html#149 OS/360 (and descendents) VM system?
http://www.garlic.com/~lynn/2001n.html#92 "blocking factors" (Was: Tapes)
http://www.garlic.com/~lynn/2002h.html#35 Computers in Science Fiction
http://www.garlic.com/~lynn/2002h.html#36 Computers in Science Fiction
http://www.garlic.com/~lynn/2003b.html#42 VMFPLC2 tape format
http://www.garlic.com/~lynn/2003b.html#43 VMFPLC2 tape format
http://www.garlic.com/~lynn/2003b.html#44 filesystem structure, was tape format (long post)
http://www.garlic.com/~lynn/2003k.html#47 Slashdot: O'Reilly On The Importance Of The Mainframe Heritage
http://www.garlic.com/~lynn/2004e.html#39 Candle support from Los Delhi
http://www.garlic.com/~lynn/2005j.html#56 Q ALLOC PAGE vs. CP Q ALLOC vs ESAMAP
http://www.garlic.com/~lynn/2005p.html#42 VMFPLC2 to load EREP PTFs
http://www.garlic.com/~lynn/2006.html#8 How to restore VMFPLC dumped files on z/VM V5.1
http://www.garlic.com/~lynn/2006.html#9 How to restore VMFPLC dumped files on z/VM V5.1
http://www.garlic.com/~lynn/2006.html#10 How to restore VMFPLC dumped files on z/VM V5.1
http://www.garlic.com/~lynn/2006t.html#24 CMSBACK
http://www.garlic.com/~lynn/2006w.html#25 To RISC or not to RISC
http://www.garlic.com/~lynn/2008j.html#72 tape blocking

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Magnetic tape storage

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Magnetic tape storage
Newsgroups: alt.folklore.computers
Date: Mon, 05 Jan 2009 15:21:20 -0500
Andre Majorel <cheney@halliburton.com> writes:
In the eighties, we got 1280 BPI out of audio cassettes. The reliability was very poor but that was with shitty tape, shitty transport and shitty electronics, even by cassette standards.

6250 BPI is a lot, agreed, but 200 BPI seems low to me.


i've done somewhat crude conversion of the old green card ios3270 file to html
http://www.garlic.com/~lynn/gcard.html

which includes tape CCW command codes
http://www.garlic.com/~lynn/gcard.html#25

7track from above:
Magnetic-Tape Density--Parity---DC----Trans---Cmd Mode-Set-1 200 odd on off 13 (7-Track) off off 33 on 3B even off off 23 on 2B

556 odd on off 53 off off 73 on 7B even off off 63 on 6B

800 odd on off 93 off off B3 on BB even off off A3 on AB Density--Parity---DC----Trans---Cmd


... snip ...

my first student programming job was porting 1401 MPIO program to 360. MPIO was used for card->tape and tape->printer/punch ... using the 1401 as unit-record front-end for the university's 709. (7trk) tapes were manually moved back and forth between 1401 (7trk) tape drive and 709 (7trk) tape drive.

the university got a 360/30 to replace the 1401 (as part of evolution eventually getting a 360/67 to replace both the 1401 & 709). 360/30 had 1401 hardware emulation mode ... so that MPIO could run unmodified ... but redoing MPIO in 360 was possibly an exercise in using 360.

I got to design & implement my own stand-alone monitor, interrupt handlers, storage management, device drivers, dispatching, etc. I believe all the 7trk tapes I dealt with were 200bpi.

726 magnetic tape drive (1952 for 701) 100bpi
http://www-03.ibm.com/ibm/history/exhibits/storage/storage_726.html

2401 magnetic tape unit (1964 for 360) 9trk 800bpi (models 1,2,3) & both 800bpi & 1600bpi (models 4,5,6). there was option option to handle 7trk 200/556/800bpi
http://www-03.ibm.com/ibm/history/exhibits/storage/storage_2401.html

3420 magnetic tape drive ... initial models shipped (1971) only support 800 & 1600 bpi ... two yrs later (1973), three new models added 6250 bpi.
http://www-03.ibm.com/ibm/history/exhibits/storage/storage_3420.html

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Magnetic tape storage

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Magnetic tape storage
Newsgroups: alt.folklore.computers
Date: Tue, 06 Jan 2009 10:29:55 -0500
jmfbahciv <jmfbahciv@aol> writes:
Only if one can make the assumption that the tape is error-free.

rewriting 1401 MPIO (tape/unit-record utility) for 360/30:
http://www.garlic.com/~lynn/2009.html#18 Magnetic tape store

and reference to getting univ. data center from 8am sat until 8am mon:
http://www.garlic.com/~lynn/2008s.html#51 Computer History Museum

one of the things that was normally done at shift change was to clean the tape drive heads. one of the first things that i learned was to start off the weekend by doing standard maintenance, cleaning the tape drives (and repeat a couple times during the weekend) ... as well as disassembling the 2540 reader and punch and cleaning the brushes, punches, chip box, card paths, etc.

in the tape device driver ... read error recovery standard procedure was to read backward & forward (up to ten times) ... and then write error message (possibly getting the drive cleaned and then retried).

not all that different from using cotton q-tips on audio open real. as drives got more compact and enclosed ... they came up with the idea of a "cleaning cassette".

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Data losses set to soar

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Data losses set to soar
Date: Jan 03, 2009
Blog: Financial Crime Risk, Fraud and Security
Data losses set to soar
http://security.cbronline.com/news/data_losses_set_to_soar_050109

from above:
Last year stands as the worst for reported data loss incidents, and researchers with KPMG have warned that the trend is set to increase through 2009.

... snip ...

also

Data Breaches Up Almost 50 Percent
http://www.washingtonpost.com/wp-dyn/content/article/2009/01/05/AR2009010503046.html

and recent related article & discussion in "Payment Systems Network" re: "Swedish police warn of tampered credit card terminals":
http://www.garlic.com/~lynn/2009.html#7
http://www.garlic.com/~lynn/2009.html#10
http://www.garlic.com/~lynn/2009.html#11

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Banks to embrace virtualisation in 2009: survey

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Banks to embrace virtualisation in 2009: survey
Newsgroups: alt.folklore.computers
Date: Tue, 06 Jan 2009 11:51:48 -0500
Banks to embrace virtualisation in 2009: survey
http://bi.cbronline.com/news/banks_to_embrace_virtualisation_in_2009_survey_060108

two of the original (virtual machine) cp67 ("spin-offs") commercial time-sharing service bureaus in the 60s, were NCSS and IDC.

A couple recent posts mentioning NCSS:
http://www.garlic.com/~lynn/2008s.html#54 Computer History Museum
http://www.garlic.com/~lynn/2008s.html#56 Computer History Museum
http://www.garlic.com/~lynn/2008s.html#66 Computer History Museum

Both NCSS and IDC got into offering financial data (moving up the value stream for online computer services). NCSS was bought up by D&B and absorbed into their data processing unit.

IDC still exists ... but delivering the financial information over the web ... recent IDC news release:
http://www.finextra.com/fullpr.asp?id=25305

IDC website:
http://www.interactivedata.com/

IDC timeline ... mentions in '72 IDC purchases the "Pricing Services" division of Standard & Poors.
http://www.interactivedata.com/overview/timeline.htm

recent posts mentioning that current problems with giving triple-A rating to toxic CDOs ... a major factor in the current financial crisis ... has it seeds in the early 70s when the rating agencies changed their business model (to issuers paying for the ratings ... which created opening for significant conflict of interest)
http://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
http://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
http://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?

"NCSS Sold to Dun & Bradstreet"
http://staging.computerhistory.org/corphist/view.php?s=events&id=338&PHPSESSID=ae88c1a68115c7bf4fe76fb79ca1aa97

lots of past posts mentioning (virtual machine) timesharing commercial service bureaus
http://www.garlic.com/~lynn/submain.html#timeshare

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Need Your Advice

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Need Your Advice
Newsgroups: alt.folklore.computers
Date: Tue, 06 Jan 2009 12:22:03 -0500
Quadibloc <jsavard@ecn.ab.ca> writes:
Naturally, people will joke that the kind of notebook with paper pages that you write on with a pen is simple to use for people who don't understand computers.

But the fact is that a notebook is just a small kind of laptop computer. And like any other laptop, it operates the same way as a desktop computer. So you don't gain anything by getting a smaller computer as far as it being easier to learn how to use; the only thing easier about it is carrying it from one place to another.


the same is sort of true for "netbooks" ... basically notebooks but configured for web (cloud?) operation ... somewhat related thread:
http://www.garlic.com/~lynn/2008s.html#38 Welcome to Rain Matrix: The Cloud Computing Network
http://www.garlic.com/~lynn/2008s.html#42 Welcome to Rain Matrix: The Cloud Computing Network

above has little cross-over to a.f.c. mentioning
http://www.garlic.com/~lynn/2008s.html#37 Is SUN going to become x86'ed?

with reference to "the network is the computer" & information utility.

as mentioned, netbooks then start to be more analogous to portable terminals and obtain the computing over some sort of network/telecom connection

post with home office photo showing "portable" miniterm from the 70s (after replacing standard 2741 terminal at home):
http://www.garlic.com/~lynn/2008m.html#38 Baudot code direct to computers?
http://www.garlic.com/~lynn/2008m.html#51 Baudot code direct to computers?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

NPR Asks: Will Cloud Computing Work in the White House?

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: NPR Asks: Will Cloud Computing Work in the White House?
Date: Jan 06, 2009
Blog: Greater IBM Connection
NPR Asks: Will Cloud Computing Work in the White House?
http://cloudcomputing.sys-con.com/node/791545

Recent posts referring to cloud computing looking more & more like old-time online time-sharing
http://www.garlic.com/~lynn/2009.html#21
http://www.garlic.com/~lynn/2009.html#22

and this recent post that makes reference to long ago & far away the executive branch using vm370 (online virtual machine time-sharing) and profs (email):
http://www.garlic.com/~lynn/2009.html#8

and x-over with another cloud computing news article also posted here:
http://www.garlic.com/~lynn/2008s.html#38
http://www.garlic.com/~lynn/2008s.html#42

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

A New Web of Trust

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: A New Web of Trust
Date: Jan 06, 2009
Blog: Greater IBM Connection
A New Web of Trust
http://www.technologyreview.com/web/21922/?a=f

from above:
A protocol that could make the Internet more secure is finally being implemented.

... snip ...

Lots of past posts mentioning that improving DNS integrity can result in negating much of the original requirements for SSL:
http://www.garlic.com/~lynn/subpubkey.html#catch22

There have been a lot of news recently about flaw in SSL ... which impacts the integrity of lots of internet operations. Recent post discussing some aspects of the SSL flaw (along with a large number of URL pointers to news articles):
http://www.garlic.com/~lynn/2008s.html#76

Note that because of the nature of SSL validation ... it isn't sufficient to correct some of the flawed deployments ... it is necessary to correct *ALL* flawed deployments (since an attacker can leverage any flawed implementation to impersonate any internet entity .... including SSL entities totally unrelated to the flawed implementation). discussed more in this follow-up post
http://www.garlic.com/~lynn/2008s.html#78

The posts also reference some of the overlap between DNS weaknesses and SSL weaknesses ... as well as references to a thread from last fall about "web security hasn't moved since 1995"

Note that both DNS & SSL integrity problems and flaws have impact on lots of internet things ... including cloud computing. For a little more topic drift, some recent comment about similarity between cloud computing and old-time, online, time-sharing
http://www.garlic.com/~lynn/2009.html#23

recent posts with some x-over between availability, network infrastructure and electronic commerce
http://www.garlic.com/~lynn/2009.html#0
http://www.garlic.com/~lynn/2009.html#7

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Wrong Instrument for Recurring Payments

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Wrong Instrument for Recurring Payments
Date: Jan 06, 2009
Blog: Payment Systems Network
after having been involved in this thing that is now frequently called "electronic commerce" ... in the mid-90s, we were asked to participate in the x9a10 financial standard working group ... which had been given the requirement to preserve the integrity of the financial infrastructure for ALL retail payments. the result was x9.59 financial transaction protocol
http://www.garlic.com/~lynn/x959.html#x959

x9.59 had to be payment method agnostic ... i.e. works with credit, debit, ach, point-of-sale, face-to-face, unattended, internet, wireless, etc ... as well as super secure as well as super lightweight (both in payload and processing).

Nominally payment expense has been related to merchant "discount" based on 1) fraud and 2) loan costs vis-a-vis available balance. For instance there are studies that "signature debit" fraud is comparable to credit and 15-times that of "PIN-debit" ... where there is correlation between level of fraud and infrastructure costs. Credit also has the implied expense of advancing funds (basically loan) vis-a-vis debit/ACH which accesses funds directly.

Note that the FSTC e-check project looked at two different deployments ... one via the debit network and the other was via the ACH network. While they were both direct access to existing funds ... the ACH network settlement typically took longer and represented additional "float" income to the financial institutions.

The NACHA internet deployment was using debit network (as opposed to ACH network) ... reference to the NACHA RFI and results:
http://www.garlic.com/~lynn/x959.html#aadsnacha

For a x9.59 transaction ... it is equally secure regardless of the network carrying the transaction .. credit network, debit network or ACH network.

One of the side-effects of x9.59 transaction standard was it eliminated the fraudulent transactions that can result from data breaches, skimming, harvesting, and/or evesdropping exploits ( x9.59 didn't do anything about preventing data breaches, skimming, harvesting and/or evesdropping, it just eliminated the fraudulent transactions that could result from such activity).

We had been involved in using SSL for hiding transaction information as part of deployment of what is now frequently referred to as "electronic commerce" (which is the largest use of SSL in the world today) ... before working on x9.59 financial standard transaction protocol. One of the side-effects of x9.59 financial standard is that it is no longer necessary to hide financial transaction information (as countermeasure to fraudulent transactions) and so eliminates the major SSL use in the world today.

For a little x-over ... recent post in another linkedin group discussing both (recent) DNS (network) flaws as well as (recent) SSL flaws
http://www.garlic.com/~lynn/2009.html#24 A New Web of Trust

other recent posts/discussions in linkedin Payment Systems Network:
http://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing
http://www.garlic.com/~lynn/2008p.html#69 ATM PIN through phone or Internet. Is it secure? Is it allowed by PCI-DSS?, Visa, MC, etc.?
http://www.garlic.com/~lynn/2008p.html#74 2008 Data Breaches: 30 Million and Counting
http://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
http://www.garlic.com/~lynn/2008r.html#54 PCI needs to address virtualization, experts say
http://www.garlic.com/~lynn/2008r.html#59 Stolen credit-card boom
http://www.garlic.com/~lynn/2008s.html#1 PCI's Bob Russo: Data loss hurts brand more than a fine
http://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#10 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#11 Swedish police warn of tampered credit card terminals

and a few recent posts/discussions in linkedin Financial Crime Risk, Fraud and Security
http://www.garlic.com/~lynn/2008q.html#25 Cybercrime Could Be As Destructive As Credit Crisis
http://www.garlic.com/~lynn/2008q.html#32 I was wondering what types of frauds the audience think will increase?
http://www.garlic.com/~lynn/2008r.html#0 ATM Skimmers: Watch Out for Electronic Theft Devices
http://www.garlic.com/~lynn/2008r.html#52 Cheap Hack - Domain Name Market - Stolen Domains for Sale
http://www.garlic.com/~lynn/2008s.html#50 Perfect MITM Attacks With No-Check SSL
http://www.garlic.com/~lynn/2008s.html#58 DNS flaw is 2008's biggest web blunder
http://www.garlic.com/~lynn/2008s.html#72 CA issues no-questions asked Mozilla cert
http://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2009.html#20 Data losses set to soar

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Date arithmetic and Zune bug

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Date arithmetic and Zune bug
Newsgroups: comp.arch
Date: Tue, 06 Jan 2009 16:58:59 -0500
re:
http://www.garlic.com/~lynn/2009.html#16 Date arithmetic and Zune bug

for a little other topic drift (leap "seconds" rather than "year"):

'Leap Second' Snafu Affects Oracle Clusterware
http://www.pcworld.com/article/156453/leap_second_snafu_affects_oracle_clusterware.html

back circa 1970 ... i spent 3months with a number of other people discussing what to do about "leap seconds" (that and what does the "start of the century" mean ... i.e. did the century start in 1900 or 1901?) ... this was for the 370 TOD clock.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

NPR Asks: Will Cloud Computing Work in the White House?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: NPR Asks: Will Cloud Computing Work in the White House?
Date: Jan 06, 2009
Blog: Greater IBM Connection
then there is this:

A crack in the madness of clouds
http://www.theregister.co.uk/2009/01/06/year_ahead_clouds/

from above:
Few people define "the cloud" or "cloud computing" the same way, leading to market noise and a wealth of misinformation. "The cloud" as a term really started as a metaphor for the "internet" and has since been bastardized to mean pretty much anything that isn't on-premise computing.

... snip ...

again somewhat the description of old-time time-sharing service bureaus ...
http://www.garlic.com/~lynn/2009.html#23

and lots of past posts
http://www.garlic.com/~lynn/submain.html#timeshare

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

the Z/10 and timers

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: the Z/10 and timers.
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
To: <ibm-main@bama.ua.edu>
Date: Wed, 07 Jan 2009 10:57:20 -0500
timothy.sipples@US.IBM.COM (Timothy Sipples) writes:
And it's a little tough to pin down when SMP began, because engineers are going to quibble about the definition and exact characteristics that qualify. However, some notable systems include a version of the System/360 Model 65 (with dual processors -- I've seen this referred to as the "M65MP"), and this option carried into the Model 67. The Model 65 started shipping in November, 1965, although I'm not sure exactly when the M65MP variant shipped, and I don't know much about it. Probably not much later, if at all, since the Model 67 shipped in August, 1966.

360/67 uniprocessor was very much a 360/65 uniprocessor with address relocation (virtual memory) hardware added (with virtual memory mode providing for both 24-bit and 32-bit virtual addressing). 360/67 multiprocessor was much more complex than 360/65 multiprocessor.

360/65 multiprocessor had processors sharing all the same memory ... but each processor had its own "private" channels. To simulate a multiprocessor I/O configuration ... multi-channel controllers were used ... with the channels from the different processors connecting into "shared" controllers (usually with the same address configuration).

360/67 multiprocessor had a lot more to it, including a "channel controller" box ... and in multiprocessor operation ... all processors addressed all channels. part of the control registers were used to address the switch settings in the channel controller (which controlled the configuration of the channels as well as the memory banks). In at least one three-way 360/67 multiprocessor shipped, the control registers were not only used to sense the "channel controller" switch settings ... but were also able to change the hardware configuration settings.

Originally there was 360/60 (and 360/70) with slower memory ... and a model with virtual memory added. I remember seeing an early virtual memory reference manual describing standard multiprocessor architecture was for 4-way (which was reflected in the control register and channel control description). All the processors were renumbered when 750mic memory replaced the slower speed memory. Howerver, I don't remember anything about 360/65 multiprocessor was for anything other than two-way.

copy of the 360/67 function characteristics (including description of the channel controller box, control register values, etc)
http://bitsavers.org/pdf/ibm/360/funcChar/GA27-2719-2_360-67_funcChar.pdf

the corporate "official" operating system for the 360/67 was tss/360 ... directory with various TSS/360 documents:
http://bitsavers.org/pdf/ibm/360/tss/

some amount of 360/67 features weren't seen again until 370xa.

the science center had started a project to do a virtual machine implementation ... and first attempted to get a 360/50 to modify with virtual memory hardware ... but because so many 360/50s were going to the FAA air traffic control project ... had to settle for a 360/40. this was used to develop cp/40. when the science center was able to obtain a 360/67, cp/40 morphed into cp/67. ... directory with at least one manual:
http://bitsavers.org/pdf/ibm/360/cp67/

cp67 was very much a skunk works project ... with numerous corporate attempts from various quarters, at various times, to periodically terminate it. slightly related recent post
http://www.garlic.com/~lynn/2009.html#6 mvs preemption dispatcher

lots of the early 360/67 lore can be found in Melinda's VM history document ... a number of versions in various formats can be found here:
http://www.leeandmelindavarian.com/Melinda/
http://www.leeandmelindavarian.com/Melinda/

os/360 mp/65 smp implementation basically had a single global system "spin-lock" ... applications could run concurrently on both processors, but at entry to the supervisor ... TEST&SET instruction was used in attempt to obtain the global lock. If the other processor had the lock, it would just branch back to TEST&SET and repeat the operation until the other processor released the lock (basically only a single processor executing in the supervisor at a time).

charlie was doing fine-grain multiprocessor locking work on cp67 at the science center ... lots of past post mentioning science center
http://www.garlic.com/~lynn/subtopic.html#545tech

when he invented the compare&swap instruction (chosen because CAS are charlie's initials) ... lots of past posts mentioning SMP and/or compare&swap
http://www.garlic.com/~lynn/subtopic.html#smp

there was then discussions with the 370 hardware architecture group to have them include compare&swap instruction ... however it was initially rejected ... with the comment that the "favorite son operating system" people saw no need for anything more than the "test&set" instruction (see above comment about global system spin-lock). The architecture group said that in order to justify compare&swap instruction for 370 ... other than SMP system lock use was needed. Thus was born the description (still in principles of operation) for using compare&swap instruction in coordinating application multithreaded/multiprogramming operation (whether or not running in multiprocessor environment).
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DZ9ZR003/A.6?SHELF=DZ9ZBK03&DT=20040504121320

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Data losses set to soar

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Data losses set to soar
Date: Jan 07, 2009
Blog: Financial Crime Risk, Fraud and Security
re:
http://www.garlic.com/~lynn/2009.html#20 Data losses set to soar

well then ... here are a sample of a few over the past two yrs:
http://www.garlic.com/~lynn/2007v.html#87 Data Breaches Soar In 2007
http://www.garlic.com/~lynn/2007v.html#88 Data Breaches Soar In 2007
http://www.garlic.com/~lynn/2008.html#11 Information security breaches quadrupled in 2007
http://www.garlic.com/~lynn/2008f.html#88 Has Banking Industry Overlooked Its Biggest Breach Ever?
http://www.garlic.com/~lynn/2008g.html#17 Hannaford breach illustrates dangerous compliance mentality
http://www.garlic.com/~lynn/2008i.html#42 Security Breaches
http://www.garlic.com/~lynn/2008j.html#35 Data Breach Reports Up 69 Percent in 2008
http://www.garlic.com/~lynn/2008p.html#74 2008 Data Breaches: 30 Million and Counting

As I've mentioned before ... we were tangentially involved in the Cal. state breach notification legislation (similar legislation has since shown up in other jurisdictions). We had been called in for some word-smithing on the Cal. state electronic signature legislation. Some of the organizations involved in electronic signature were also heavily involved in privacy issues. They had done detailed, in-depth, consumer privacy surveys and found the number one issue was "identity theft" ... and one of the most common types of "identity theft" was fraudulent financial transactions resulting from varies kinds of information compromises. At the time, there appeared to be little being done about the situation ... and they seemed to believe that the publicity (resulting from the breach notifications) would motivate improvements in the situation.

for other topic drift, lots of past references to electronic signature legislation
http://www.garlic.com/~lynn/subpubkey.html#signature

some recent related linkedin discussions either in Payment Systems Network or Financial Crime Risk, Fraud and Security:
http://www.garlic.com/~lynn/2008s.html#1 PCI's Bob Russo: Data loss hurts brand more than a fine
http://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
http://www.garlic.com/~lynn/2008s.html#50 Perfect MITM Attacks With No-Check SSL
http://www.garlic.com/~lynn/2008s.html#58 DNS flaw is 2008's biggest web blunder
http://www.garlic.com/~lynn/2008s.html#72 CA issues no-questions asked Mozilla cert
http://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#10 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#11 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#25 Wrong Instrument for Recurring Payments

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

the Z/10 and timers

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: the Z/10 and timers.
Newsgroups: bit.listserv.ibm-main,alt.folklore.computers
Date: Wed, 07 Jan 2009 14:59:25 -0500
tzha1@ATTGLOBAL.NET (Tony Harminc) writes:
In particular, the 65MP did not have a programmable prefix register to relocate low storage for each CPU the way S/370 and later do. Rather, the prefixing was either ON or OFF for each CPU, and controlled by a front panel switch. If OFF, references to the low 4KB of storage went to the low 4KB; if ON, they went to the high 4KB of installed storage. So this would make life difficult for more than two CPUs.

re:
http://www.garlic.com/~lynn/2009.html#28 the Z/10 and timers.

360/67 smp had a programmable prefix register similar to 370 (reference the 360/67 functional specification mentioned in previous post) ... i.e. references to "real" page zero were remapped to the page address in the prefix register ... as a result ... each processor could have its own, unique "page zero" (when otherwise all other addresses on all processors mapped to the same storage locations).

for 370 smp prefix register, "reverse" mapping was added ... i.e. references to the real page address (specified in the prefix register) were mapped back to the "common" page zero.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Banks to embrace virtualisation in 2009: survey

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Banks to embrace virtualisation in 2009: survey
Newsgroups: alt.folklore.computers
Date: Thu, 08 Jan 2009 10:10:32 -0500
Anne & Lynn Wheeler <lynn@garlic.com> writes:
IDC website:
http://www.interactivedata.com/

IDC timeline ... mentions in '72 IDC purchases the "Pricing Services" division of Standard & Poors.
http://www.interactivedata.com/overview/timeline.htm


re:
http://www.garlic.com/~lynn/2009.html#21 Banks to embrace virtualisation in 2009: survey

TV business news show this morning had segment on pricing & purchasing mortgage-backed securities (formally triple-A rated toxic CDOs) ... and mentioned that IDC was helping the gov.

IDC wiki page
https://en.wikipedia.org/wiki/Interactive_Data_Corporation

IDC (along with NCSS) was one of the original (virtual machine) cp67 commercial timesharing service bureaus ... lots of past posts:
http://www.garlic.com/~lynn/submain.html#timeshare

for other topic drift ... recent posts mentioning triple-A rated toxic CDOs
http://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
http://www.garlic.com/~lynn/2008r.html#67 What is securitization and why are people wary of it ?
http://www.garlic.com/~lynn/2008s.html#8 Top financial firms of US are eyeing on bailout. It implies to me that their "Risk Management Department's" assessment was way below expectations
http://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
http://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
http://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#24 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
http://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
http://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?
http://www.garlic.com/~lynn/2008s.html#59 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#60 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
http://www.garlic.com/~lynn/2009.html#15 What are the challenges in risk analytics post financial crisis?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

What are the challenges in risk analytics post financial crisis?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What are the challenges in risk analytics post financial crisis?
Date: Jan 05, 2009
Blog: Risk Management
re:
http://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
http://www.garlic.com/~lynn/2009.html#15 What are the challenges in risk analytics post financial crisis?

TV business show this morning had segment on gov. buying mortgage-backed securities (toxic CDOs) and mentioning that IDC was helping the gov price the securities.

recent post from Tuesday mentioning IDC had bought Standards & Poors pricing services in 1972 (about the time the congressional hearings claimed the rating agencies business model became "mis-aligned" ... with the change issuers/sellers paying for the ratings).
http://www.garlic.com/~lynn/2009.html#21 Banks to embrace virtualization in 2009: survey

and followup
http://www.garlic.com/~lynn/2009.html#31 Banks to embrace virtualization in 2009: survey

also mentioned was in the 60s, IDC was one of the commercial (virtual machine) cp67 timesharing service bureaus.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

European Payments Council calls for action on counterfeit cards

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: European Payments Council calls for action on counterfeit cards
Date: Jan 08, 2009
Blog: Financial Crime Risk, Fraud and Security
European Payments Council calls for action on counterfeit cards
http://www.finextra.com/fullstory.asp?id=19491

from above:
The banking industry standards body says that ATM operators and schemes should consider the introduction of more safeguards to protect cardholders from a crime that resulted in losses of ov EURO438 million in Europe alone in 2007, according to figures from the European ATM Security Team.

... snip ...

Article also mentions requirement & certification for anti-skimming devices. Skimming is a form of data loss ... mentioned in other recent news article about data loses continuing to soar ... also archived here:
http://www.garlic.com/~lynn/2009.html#20
http://www.garlic.com/~lynn/2009.html#29

Counterfeiting hasn't just been limited to magstripe ... reference to magstripe invention/history in this recent post
http://www.garlic.com/~lynn/2008s.html#25

.. but has also included chipcards ... reference to past threads & discussions regarding the (counterfeit) yes card
http://www.garlic.com/~lynn/subintegrity.html#yescard

reference to yes card presentation at cartes 2002:
http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Swedish police warn of tampered credit card terminals

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Swedish police warn of tampered credit card terminals
Date: Jan 08, 2009
Blog: Payment Systems Network
re:
http://www.garlic.com/~lynn/2009.html#7 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#10 Swedish police warn of tampered credit card terminals
http://www.garlic.com/~lynn/2009.html#11 Swedish police warn of tampered credit card terminals

X9.59 provided for end-to-end integrity ... including eliminating the fraudulent transactions (and counterferit cards) that can result from data breaches, skimming, harvesting, evesdropping, etc.
http://www.garlic.com/~lynn/x959.html#x959

The issue then was whether the integrity of the end-point was trusted (POS terminal, personal computer, etc) ... namely is the transaction you "see" the same as the transaction you are authorizing?

The EU finread terminal standard was a countermeasure to such personal computer compromises ... basically a smartcard reader with its own display (and keypad) ... the finread display could be trusted to display the transaction being authorized ... regardless of any compromises in the PC it was connected to.
http://www.garlic.com/~lynn/subintegrity.html#finread

There was an unrelated, unfortunate attempted deployment of personal computer smartcard reader in the 2000 timeframe that suffered from significant shortcomings that resulted in large number of consumer problems ... to the extent that it was aborted and gave rise to a rapidly spreading opinion that smartcards weren't viable in the consumer market. It turned out the actual problems weren't related to hardware tokens ... but the smartcard reader (being deployed) having various shortcomings resulting in things like BSOD and consumers required to reinstall their systems. This resulted in nearly all the consumer oriented hardware token programs from the period being suspended (including the EU finread standard effort). Note this was unrelated to the deployments that were subject to the yes card compromise that happened in the same time period
http://www.garlic.com/~lynn/subintegrity.html#yescard

there was presentation regarding yes card compromise at Cartes 2002
http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html

There is an analogous issue with POS terminal compromises and whether the transaction it displays are the same as the transactions being authorized. There is countermeasure to this problem, analogous to the EU finread terminal standard ... but involving a personally trusted cellphone &/or PDA ... which displays and performs the actual transactions and communicates with the merchant POS terminal via some wireless mechanism.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Perfect MITM Attacks With No-Check SSL Certs

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Perfect MITM Attacks With No-Check SSL Certs
Date: Jan 08, 2009
Blog: Financial Crime Risk, Fraud and Security
re:
http://www.garlic.com/~lynn/2008s.html#50 Perfect MITM Attacks With No-Check SSL

Again ... this news item wasn't about the MD5 flaw ... it was about (valid) CAs issuing valid SSL digital certificates to imposters w/o adequately checking (or in some cases apparently no checking).

as per countermeasure to the MD5 flaw ... one might first check if it is a MD5 certificate ... i.e. survey has 1/7th of the certificates are MD5

Survey: One in seven SSL certificates are weak
http://www.securityfocus.com/brief/880
Weak sigs found on one in seven SSL sites
http://www.theregister.co.uk/2009/01/07/ssl_security_survey/

there has been suggestion that there then is a check if it actually correspond to known certificate for that website.

basically the SSL digital certificate is to provide a binding between a domain name and a public key. If there is going to be a real-time lookup of the public key against the corresponding domain name ... then it is possible to just eliminate the digital certificate all together (they become redundant and superfluous). this is the certificate-less public key scenario ... lots of past posts
http://www.garlic.com/~lynn/subpubkey.html#certless

It is also effectively the DNSSEC issue ... to address several perceived integrity issues in the DNS infrastructure ... not just that being addressed by the whole SSL scheme .... which potentially (also) has the prospect of making SSL certificates redundant and superfluous ... discussed in these past postings
http://www.garlic.com/~lynn/subpubkey.html#catch22

and a couple posts about MD5 flaw:
http://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

DECWriter APL Font

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: DECWriter APL Font
Newsgroups: alt.folklore.computers,comp.sys.dec,comp.lang.apl
Date: Fri, 09 Jan 2009 09:27:55 -0500
legalize+jeeves@mail.xmission.com (Richard) writes:
I would love to get my hands on a 2741! Alas, I've never seen one since I started collecting terminals.

i had one at home for 7 yrs in the 70s (and of course, one at the office) ... all i have left is the APL typeball ... post with photo:
http://www.garlic.com/~lynn/2008m.html#36 IBM THINK original equipment sign

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Graphics on a Text-Only Display

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Graphics on a Text-Only Display
Newsgroups: alt.folklore.computers
Date: Fri, 09 Jan 2009 09:42:13 -0500
krw <krw@att.zzzzzzzzz> writes:
I don't think we used it in P'ok. I only know of one design engineer who had a 3279. All the rest of us had 3277-GAs or 3278-mod4s. Rochester had a lot of toys that never made it to the rest of the company (and verse visa).

los gatos had a couple Calmas ... and then numerous 3277ga (tektronic screen hanging off the side of 3277 terminal) when they became available.

for something different ... recent post about los gatos, magstripe, and ATM machines:
http://www.garlic.com/~lynn/2008s.html#25 Web Security hasn't moved since 1995

a few past posts mentioning calmas:
http://www.garlic.com/~lynn/2005r.html#24 What ever happened to Tandem and NonStop OS ?
http://www.garlic.com/~lynn/2006e.html#9 terminals was: Caller ID "spoofing"
http://www.garlic.com/~lynn/2006n.html#41 Tek 4010, info and prices
http://www.garlic.com/~lynn/2007f.html#70 Is computer history taught now?
http://www.garlic.com/~lynn/2007m.html#58 Is Parallel Programming Just Too Hard?

calma wiki page (sunnyvale, ca company ... just up the road a bit from los gatos)
https://en.wikipedia.org/wiki/Calma

was acquired by GE in 80, sold to Valid in 88, which was acquired by Cadence in 91.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Flashy Botnet is Flashy

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Flashy Botnet is Flashy
Date: Jan 09, 2009
Blog: UK Information Security
some x-over from a col. john boyd blog ... which had pointer to a pointer. this is a world map animation of a botnet infection.

Flashy Botnet is Flashy
https://www.clarifiednetworks.com/Blog/2009-01-01%2018-15

from above:
Some time ago fellows from F-Secure collected a bunch of neat log data on botnet IRC channel joins. They then asked us to visualize the joins on a world map, much akin to what we did with the Kaminsky DNS patching logs. We gleefully agreed.

... snip ...

for other topic drift ... some recent posts referring to the MD5 vulnerability
http://www.garlic.com/~lynn/2009.html#24 A New Web of Trust
http://www.garlic.com/~lynn/2009.html#35 Perfect MITM Attacks With No-Check SSL Certs

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

repeat after me: RAID != backup

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: repeat after me:  RAID != backup
Newsgroups: alt.folklore.computers
Date: Fri, 09 Jan 2009 18:04:36 -0500
Joe Pfeiffer <pfeiffer@cs.nmsu.edu> writes:
"Here is what happened: the server which held the journalspace data had two large drives in a RAID configuration. As data is written (such as saving an item to the database), it's automatically copied to both drives, as a backup mechanism."


http://journalspace.com/this_is_the_way_the_world_ends/not_with_a_bang_but_a_whimper.html


related post with URL for 02jan09 slashdot "Why Mirroring Is Not a Backup Solution"
http://www.garlic.com/~lynn/2009.html#5

besides doing ha/cmp ... in late 80s and early 90s ... we would be brought in to review various RAID (hardware) design and implementations (both corporate projects as well as other vendors). frequent glitch that we would find is some "single point of failure" ... someplace in the design (and remind them that everything had to be no single point of value).

past reference to gathering honoring Jim last May
http://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing

part of the gathering focused on his effort formalizing transaction & ACID properaties ... especially for financial infrastructure.

this afternoon i was going thru some boxes in storage and came up with hardcopy "Approaches To Fault Tolerance" dated Summer 1984 (with some other stuff that I got from Jim the summer of 1984). Its 28 "foils" printed two per page ... on some conventional printer (boxes are done with "-" and "|" so they aren't solid line) ... which was duplex copied (so came out front & back) on some standard IBM copier (it has the corporate copier "id" on each page). pdf file is
http://www.garlic.com/~lynn/grayft84.pdf

for other drift ... past post discussing incident that led to having those little IDs put on the underside of the glass of all corporate copiers ... so it shows up on all pages produced by that copier.
http://www.garlic.com/~lynn/2000e.html#15
http://www.garlic.com/~lynn/2000f.html#55

which involved leaking a copy of 370 virtual memory description (before virtual memory for 370 was announced) and the information showing up in trade journals.

recent post mentioning being brought in after a dbms corurption of early "gift-card" pilot (now they can be seen all over the place and all sorts of checkout counters) because of a high availability configuration hardware failure
http://www.garlic.com/~lynn/2008s.html#75 Is SUN going to become x86'ed ??

it was some other vendor .. not ha/cmp
http://www.garlic.com/~lynn/subtopic.html#hacmp

for other topic drift ... gift-cards are conventional "magstripe" payment cards ... basically nearly identical to credit & debit cards ... and can be processed by the same POS terminals. recent post regarding magstripe invention and encoding management ... as well as early ATM (cash) machines
http://www.garlic.com/~lynn/2008s.html#25

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

How many layers exist in a TCP/IP model?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: How many layers exist in a TCP/IP model?
Date: Jan 11, 2009
Blog: Computer Networking
note that the internetworking layer in tcp/ip doesn't exist in the OSI 7layer model ... it is one of the problems with OSI (internetworking is a non-existent OSI layer between OSI layer3 & OSI layer4)

one of the differences between ISO standards (responsible for OSI) and IETF (responsible for tcp/ip & internet) was that ISO didn't require a workable implementation for a standard while IETF required two interoperable implementations for progressing in the standards process. ISO networking standards body also had an issue when they had requirement that no standards work could be done on work item that didn't conform to OSI.

I had been involved in trying to get HSP (high-speed protocol) work item in X3S3.3 (US ISO standards body for OSI layer 3&4). The work item was rejected since it didn't conform to OSI because:

1) HSP supported LAN/MAC interface ... which also doesn't exist in OSI ... LAN/MAC interface covers part of layer 3 and has interface not at 2/3 or 3/4 boundary ... but in the middle of layer 3.

2) HSP supported internetworking ... a layer that doesn't exist in the OSI model.

3) HSP supported going directly from transport to MAC (bypassing layer 3/4 interface)

lots of past posts mentioning HSP and/or difficulties in the ISO standards body with work items that didn't conform to OSI
http://www.garlic.com/~lynn/subnetwork.html#xtphsp

I've commented that one of the reasons that the internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet

was larger than the arpanet/internet
http://www.garlic.com/~lynn/subnetwork.html#internet

from just about the beginning until possibly sometime in the period md-85 to early-86 ... was that the internal network implementation had a form of gateway in every node (i.e. aspect of internetworking) from the beginning. arpanet/internet didn't get that until the great switchover to internetworking on 1/1/83.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

New machine code

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: New machine code
Newsgroups: alt.folklore.computers
Date: Sun, 11 Jan 2009 10:02:18 -0500
jmfbahciv <jmfbahciv@aol> writes:
The last profession I would have expected to have to do coding was lawyering. Things have sure changed since my RUNOFF "coding" days :-).

remember that early motivation for the invention of GML (precursor to current "markup languages", sgml, html, xml, etc) in '69 at the science center was legal documents

recent posts with some web references:
http://www.garlic.com/~lynn/2008p.html#67 Web Security hasn't moved since 1995

misc. past posts mentioning gml, sgml, etc
http://www.garlic.com/~lynn/submain.html#sgml

misc. past posts mentioning science center
http://www.garlic.com/~lynn/subtopic.html#545tech

industries supporting early, large, online "information utilities" ... were

financial ... including IDC&NCSS move into that segment ... recent references
http://www.garlic.com/~lynn/2009.html#21 Banks to embrace virtualization in 2009: survey
http://www.garlic.com/~lynn/2009.html#31 Banks to embrace virtualization in 2009: survey

medicine ... national library of medicine ... which was interesting use of BDAM with its own query transaction processing ... recent reference:
http://www.garlic.com/~lynn/2008m.html#6 Yet another squirrel question - Results (very very long post)
http://www.garlic.com/~lynn/2008m.html#74 Speculation ONLY

and legal ... lexis/nexis ... a couple old references:
http://www.garlic.com/~lynn/2001m.html#51 Author seeks help - net in 1981
http://www.garlic.com/~lynn/2002g.html#3 Why are Mainframe Computers really still in use at all?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Lets play Blame Game...?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Lets play Blame Game...?
Date: Jan 11, 2009
Blog: Economics
There was a business school article last spring that estimated something like 1000 executives are responsible for 80% of the current crisis ... and it would go a long way to correcting the situation if the gov. could figure out how to loose their jobs.

In congressional hearings last fall there was discussion that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth the triple-A ratings ... but the issuers were paying for triple-A ratings (the word "fraud" was periodically used). They also mentioned that there was a switch in the early 70s from the "buyers" paying for the ratings to the "sellers" paying for the ratings ... which misaligned the business process. The triple-A ratings enormously increased the institutions that would deal in toxic CDOs and the amount of money available to loan (frequently unregulated) originators.

related article:

The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html

from above:
Watsa's only sin was in being a little too early with his prediction that the era of credit expansion would end badly. This is what he said in Fairfax's 2003 annual report: "It seems to us that securitization eliminates the incentive for the originator of [a] loan to be credit sensitive. Prior to securitization, the dealer would be very concerned about who was given credit to buy an automobile. With securitization, the dealer (almost) does not care."

... snip ...

Then there were some of number of the institutions buying the triple-A rated toxic CDOs ... which were playing long/short mismatch ... even tho it has been known for centuries to take down institutions. Comment was that Bear-Stearn and Lehman had marginal change surviving (playing long/short mismatch):
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/

The recent washington post series about CDS ... basically talked about CDS being sold on instruments that were totally unrelated to the original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html

In large part, deregulation and/or failing to enforce regulations ... allowed a lot of isolated (greed/corrupt) hot-spots to combine into economic fire storm.

There was a recent news item that IDC is now helping the gov. evaluate these securitized instruments ... as part of gov. purchase plan. A recent reference about IDC from the 60s&70s ... including IDC purchasing Standard & Poors "pricing services" division in the early 70s ... about the time the hearings mentioned that rating agencies' business processes becoming mis-aligned:
http://www.garlic.com/~lynn/2009.html#21

misc. past posts mentioning item about securitization eliminating incentive for the loan originator to be credit sensitive:
http://www.garlic.com/~lynn/2008q.html#68 Obama, ACORN, subprimes (Re: Spiders)
http://www.garlic.com/~lynn/2008q.html#69 if you are an powerful financial regulator , how would you have stopped the credit crunch?
http://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
http://www.garlic.com/~lynn/2008s.html#18 What next? from where would the Banks be hit?
http://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
http://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
http://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Evil weather

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Evil weather
Newsgroups: alt.folklore.computers
Date: Sun, 11 Jan 2009 15:22:37 -0500
krw <krw@att.bizzzzzzzzzzz> writes:
IBM certainly had envrionmental standards for each product. I don't recall the exact numbers and classes though.

one of the neat things in the bldg. 15 (product test) machine room was an environmental chamber that you could roll big units into, secure the door and do air pressure and humidity tests (while operating).

misc. past posts mentioning getting to play engineer in bldgs. 14&15
http://www.garlic.com/~lynn/submain.html#disk

Col. Boyd's biographies mentions that one of the most pleasant places at spook base was the computer facility (also mentions that it was a $2.5B windfall for IBM).

misc. past posts mentioning Boyd (and/or OODA-loops)
http://www.garlic.com/~lynn/subboyd.html

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Lawyers & programming (x-over from a.f.c discussion)

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Lawyers & programming (x-over from a.f.c discussion)
Date: Jan 12, 2009
Blog: Greater IBM Connection
re:
http://www.garlic.com/~lynn/2009.html#41 New machine code

a decade or so ago, we had opportunity to spend some time looking at the NLM (IBM mainframe) implementation and two of the people that had done the initial implementation in the 60s were still there. we had some discussion because in the late 60s at the univ ... the univ library had an ONR grant to do digital catalogue and was selected to be beta-test for (original) CICS (and I was tasked to support & shoot bugs).

past posts mentioning CICS &/or BDAM:
http://www.garlic.com/~lynn/submain.html#bdam

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Security experts identify 25 coding errors

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Security experts identify 25 coding errors
Date: Jan 12, 2009
Blog: International Association of Software Architects
Security experts identify 25 coding errors
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1344645,00.html

from above:
Experts release list of the top 25 most dangerous coding errors, hoping to demand higher coding standards and secure software development.

... snip ...

a few other articles in the same thread:

25 Most Dangerous Programming Errors Exposed
http://www.informationweek.com/news/security/management/232500683
NSA helps name most dangerous programming mistakes
http://www.infoworld.com/article/09/01/12/NSA_helps_name_most_dangerous_programming_mistakes_1.html
NSA helps name most dangerous programming mistakes
http://www.networkworld.com/news/2009/011209-nsa-helps-name-most-dangerous.html?t51hb
http://www.networkworld.com/news/2009/011209-nsa-helps-name-most-dangerous.html
NSA Helps Name Most Dangerous Programming Mistakes
http://www.pcworld.com/article/156894/nsa_helps_name_most_dangerous_programming_mistakes.html
Top 25 software screw-ups
http://www.networkworld.com/news/2009/011509-bgp.html?t51hb
http://www.networkworld.com/news/2009/011209-top-25-programming-errors.html

and some past collected threads & posts regarding buffer length exploits
http://www.garlic.com/~lynn/subintegrity.html#overflow

oh and some specific past posts about taking CVE data and trying to categorize exploits and suggesting to Mitre to add information to the description to aid in categorizing:
http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
http://www.garlic.com/~lynn/2005d.html#0 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005d.html#67 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005k.html#3 Public disclosure of discovered vulnerabilities

and something a little different, from long ago and far away:
http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Lawyers & programming (x-over from a.f.c discussion)

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Lawyers & programming (x-over from a.f.c discussion)
Date: Jan 12, 2009
Blog: Greater IBM Connection
re:
http://www.garlic.com/~lynn/2009.html#41 Lawyers & programming
http://www.garlic.com/~lynn/2009.html#44 Lawyers & programming (x-over from a.f.c. discussion)

SCRIPT was CMS (back when CMS stood for "cambridge monitor system", before becoming "conversational monitor system") document formating application done in the mid-60s (at the science center) ... it was similar to a document formating application on CTSS .... description of CTSS runoff
http://web.mit.edu/Saltzer/www/publications/CC-244.html

GML was later invented at the science center in '69 and GML tag processing added to script application.

An early major IBM publication to be moved to CMS script was the "principles of operation" ... a major motivation was the conditional/macro processing capability. The "principles of operation" was actually sections of the internal "architecture manual" that included significant more detail. Command line specification would control whether the whole architecture manual was output ... or just the principles of operation subset.

one of the other commercial (virtual machine based) time-sharing service bureaus was Tymshare. Besides standard CMS features (editing, document management, email, etc), Tymshare also developed on online computer conferencing facility on their CMS platform (sort of 35yr old linkedin precursor) ... and in Aug76 ... offered free use of the service to the (ibm user group) SHARE ... VMSHARE archives
http://vm.marist.edu/~vmshare/

lots of past posts mentioning (virtual machine based) commercial time-sharing service bureaus
http://www.garlic.com/~lynn/submain.html#timeshare

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

repeat after me: RAID != backup

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: repeat after me:  RAID != backup
Newsgroups: alt.folklore.computers
Date: Mon, 12 Jan 2009 21:23:12 -0500
Al Kossow <aek@spies.com> writes:
See also the Tandem technical report scans recently uploaded to
http://bitsavers.org/pdf/tandem/technical_reports/


re:
http://www.garlic.com/~lynn/2009.html#39 repeat after me: RAID != backup

i did some additional cleanup of the grayft84.pdf document
http://www.garlic.com/~lynn/grayft84.pdf

I've also got a (1979) 100+ page SHARE (ibm user group) LSRAD report that i scanned at 600bpi with SANE on linux.

The PNM files and the converted TIFF files look fine. Using convert to go from PNM to PS & then PS to PDF ... both the PS & PDF look much worse (seems to show up mostly during the translation to PS).

TUMBLE doesn't work because the PNM (& TIFF) files are 8bit. If I use "pamdepth 1" to reduce the PNM files to 1bit ... things look a lot worse ... which carries thru in going from PNM to TIFF & TUMBLE to pdf.

Can you suggest any other way of getting from PNM to pdf ... w/o loosing a lot of quality.

... from LSRAD:
Preface

This is a report of the SHARE Large Systems Requirements for Application Development (LSRAD) task force. This report proposes an evolutionary plan for MVS and VM/370 that will lead to simpler, more efficient and more useable operating systems. The report is intended to address two audiences: the uses of IBM's large operating systems and the developers of those systems.


... snip ...
and
Acknowledgements

The LSRAD task force would like to thank our respective employers for the constant support they have given us in the form of resources and encourgement. We further thank the individuals, both within and outside SHARE Inc., who reviewed the various drafts of this report. We would like to acknowledge the contribution of the technical editors, Ruth Ashman, Jeanine Figur, and Ruth Oldfield, and also of the clerical assistants, Jane Lovelette and Barbara Simpson

Two computers systems proved invaluable for producing this report. Draft copies were edited on the Tymshare VM system. The final report was produced on the IBM Yorktown Heights experimental printer using the Yorktown Formatting Language under VM/CMS.


... snip ...

low-quality jpg front cover
http://www.garlic.com/~lynn/lsradcover.jpg

lsrad cover

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

repeat after me: RAID != backup

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: repeat after me:  RAID != backup
Newsgroups: alt.folklore.computers
Date: Tue, 13 Jan 2009 00:52:49 -0500
Al Kossow <aek@spies.com> writes:
I use a program on the Mac called Graphic Converter, which can do 8 -> 1 bit thresholding. Once it is a 1bpp tiff, tumble can convert it to pdf with compression.

"pamdepth 1" of the pnm file looses lots of the blackness of the scanned text... and I didn't find something similar on linux.

finally after some playing around, I settled on gimp "levels" with gama levels to .4 ... which increase the darkness of the letters in the pnm file ... before doing the "pamdepth 1" on the pnm file and then converted to tiff.

the resulting tiff file (after gimp processing) is a lot better (although still not quite as good as the tiff file w/o the 8->1 bit change).

tumble now works and the resulting pdf file looks a lot more legible ... but black and white are now inverted. any idea why???

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

The 25 Most Dangerous Programming Errors

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The 25 Most Dangerous Programming Errors
Date: Jan 13, 2009
Blog: International Association of Software Architects
The 25 Most Dangerous Programming Errors
http://www.bankinfosecurity.com/articles.php?art_id=1154

from above:
Security Experts Unveil List of Common Vulnerabilities and How to Fix Them

... snip ...

comment from yesterday in "International Association of Software Architects"
http://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors

and lots of past collected threads & posts regarding buffer length exploits
http://www.garlic.com/~lynn/subintegrity.html#overflow

oh and some specific past posts about (also) taking CVE data and trying to categorize/classifying explots and suggesting to Mitre to add information to the description to aid in categorizing:
http://www.garlic.com/~lynn/2004e.html#43 security taxonomy and CVE
http://www.garlic.com/~lynn/2005d.html#0 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005d.html#67 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005k.html#3 Public disclosure of discovered

part of the motivation was to enhanced my merged security taxonomy and security glossary
http://www.garlic.com/~lynn/secure.htm

additional description here
http://www.garlic.com/~lynn/index.html#glosnote

and for something slightly different:
http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml

and lots of other similar news URLs:

NSA helps name most dangerous programming mistakes
http://www.networkworld.com/news/2009/011209-software-security-effort.html
Error correcting software from the beginning
http://gcn.com/articles/2009/01/12/coding-errors.aspx
Experts trumpet '25 most dangerous' programming errors
http://www.theregister.co.uk/2009/01/13/top_25_programming_errors/
SANS Releases List Of Top 25 Most Dangerous Programming Errors In
Software
http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212800202
Security Experts ID Top 25 Programming Errors
http://www.csoonline.com/article/475620/Security_Experts_ID_Top_Programming_Errors
Update: Group details 25 most dangerous coding errors hackers exploit
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125678&source=rss_topic17
Security experts name top 25 programming screw-ups
http://www.arnnet.com.au/article/272735/security_experts_name_top_25_programming_screw-ups?fp=4194304&fpid=1
Avoiding the Most Common Programming Errors
http://www.internetnews.com/security/article.php/3795796/Avoiding+the+Most+Common+Programming+Errors.htm
Exploits & Vulnerabilities: Security Wonks List Coders' Top 25 Worst
Flubs
http://www.technewsworld.com/story/65792.html
Will Top 25 list of software errors rescue you from rotten software?
http://www.networkworld.com/news/2009/011209-top-25-programming-errors.html
Security experts name top 25 programming screw-ups
http://www.techworld.com.au/article/272735/security_experts_name_top_25_programming_screw-ups

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Greed Is

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Greed Is...
Date: Jan 13, 2009
Blog: Boyd (related)
recent post in linkedin "economics" Lets play Blame Game
http://www.garlic.com/~lynn/2009.html#42

about business school article that estimated about 1000 executives are responsible for 80% of the current crisis (and it would go a long way to fixing the problem if the gov. could figure out how they could loose their jobs)

older linkedin thread mentioning
http://www.garlic.com/~lynn/2008s.html#5

related greed to some things Col. John Boyd mentioned.

Another tie-in to aspect of greed and something Col. Boyd would mention in briefings
http://www.garlic.com/~lynn/2008s.html#41

There was a study that claimed that the ratio of executive compensation to worker compensation had exploded to 400:1 after being 20:1 for a long time (and 10:1 in most of the rest of the world). This might be related to (Col Boyd's observations about) growing pervasiveness of the orientation & training that US Army used going into WW2 ... to quickly deploy large numbers of inexperienced and untrained soldiers, an extremely rigid, top-down command&control structure was used to leverage the few experienced resources available. Propagating this into civilian arena ... it is only the few at the very top that are responsible for successful operation.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

repeat after me: RAID != backup

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: repeat after me:  RAID != backup
Newsgroups: alt.folklore.computers
Date: Tue, 13 Jan 2009 17:34:53 -0500
Al Kossow <aek@spies.com> writes:
The photometric interpretation you are sending tumble is probably the inverse of what it is expecting. I can either be:

photometric interpretation black=0, white=1 or photometric interpretation black=1, white=0


re:
http://www.garlic.com/~lynn/2009.html#47 repeat after me: RAID != backup
http://www.garlic.com/~lynn/2009.html#48 repeat after me: RAID != backup

I'm using pamtotiff to convert from pbm to tiff format (before using tumble to generate pdf file) ... it is part of netpbm package
http://netpbm.sourceforge.net/

all the (pbm & tiff) files (but the tumble generated pdf file), show black letters on white. turns out i was using pamtotiff w/o any compression. I finally found if I specify "-g4" compression for the generated tiff files, then tumble generates pdf file with black letters (on white) rather than white letters (on black).

if i can get agreement from (ibm user group) share.org
http://www.share.org

which holds the copyright ... is this something that can go up on bitsavers.org? 109 pages, pdf file is 4+mbyte.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

The Credit Crunch: Why it happened?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The Credit Crunch: Why it happened?
Date: Jan 13, 2009
Blog: Payment Systems Network
referenced article:
http://tickledbylife.com/index.php/the-credit-crunch-why-it-happened/

Securitized loans (toxic CDOs) were used two decades ago in the S&L crisis to obfuscate the underlying values. decade old, long-winded post discussing some of the current problems
http://www.garlic.com/~lynn/aepay3.htm#riskm

A couple months ago, in the congressional hearings, it was mentioned that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth triple-A ratings ... but the toxic CDO issuers were paying the rating agencies for the triple-A ratings (the word "fraud" was used several times). It was also mentioned that there was a switch in the early 70s from "buyers" paying for the ratings to the "sellers" paying for the ratings ... which created mis-aligned business interests and opened the way for conflict of interest. The triple-A ratings enormously increased the institutions that would deal in toxic CDOs and the amount of money available for the loan (often unregulated) orginators.

and then there is:

The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html

from above:
Watsa's only sin was in being a little too early with his prediction that the era of credit expansion would end badly. This is what he said in Fairfax's 2003 annual report: "It seems to us that securitization eliminates the incentive for the originator of [a] loan to be credit sensitive. Prior to securitization, the dealer would be very concerned about who was given credit to buy an automobile. With securitization, the dealer (almost) does not care."

... snip ...

Then there were some of number of the institutions buying these triple-A rated toxic CDOs ... which were playing long/short mismatch ... even tho it has been known for centuries to take down institutions. Comment was that Bear-Stearn and Lehman had marginal change surviving (playing long/short mismatch).
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/

The long/short mismatch was further aggravated by the heavy leveraging.

The recent washington post series about CDS ... basically talked about CDS being sold on instruments that were totally unrelated to the original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html

In large part, deregulation and/or failing to enforce regulations ... allowed a lot of isolated (greed/corrupt) hot-spots to combine into economic fire storm.

There was a recent news item that IDC is now helping the gov. evaluate these securitized instruments ... as part of gov. purchase plan. A recent reference about IDC from the 60s&70s ... including IDC purchasing S&Ps "pricing services" division in the early 70s ... about the time the claims about rating agencies business becoming mis-aligned
http://www.garlic.com/~lynn/2009.html#31

The crash of 2008: A mathematician's view
http://www.eurekalert.org/pub_releases/2008-12/w-tco120808.php

from above:
Markets need regulation to stay stable. We have had thirty years of financial deregulation. Now we are seeing chickens coming home to roost. This is the key argument of Professor Nick Bingham, a mathematician at Imperial College London, in an article published today in Significance, the magazine of the Royal Statistical Society.

... snip ...

With regard to the triple-A ratings on toxic CDOs, supposedly SOX required SEC to do something with respect to the rating agencies ... but there doesn't seem to have been anything besides a Jan2003 report.

Report on the Role and Function of Credit Rating Agencies in the Operation of the Securities Markets; As Required by Section 702(b) of the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf

There was a business school article last spring that estimated 1000 executives were responsible for approx. 80% of the current mess and it would go a long way to fixing the current problems if they could loose their jobs

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 13, 2009
Blog: Disciples of Boyd's Strategy
Long ago somebody pointed out that "business ethics" is an oxymoron (akin to "military intelligence" being an oxymoron).

post from today in payment systems network discussion:
http://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?

I took the position in european executive financial conference in 2004 that SOX wouldn't be able to make any difference (modulo possibly the last section about whistle blowers/snitches). See above post for reference to SOX requirements and rating agencies. A big issue highlighted during congressional hearings was that business interest became mis-aligned ... which enormously increases the regulation task.

This is post (also from today) in another blog (that was recently highlighted by the Boyd Conference website) ... which ties a lot of the greed to an example that Boyd would use in briefings (stemming from US army ww2 officer training):
http://www.garlic.com/~lynn/2009.html#50 Greed Is ....

and a couple slightly older posts on the same subject:
http://www.garlic.com/~lynn/2008s.html#44
and
http://www.garlic.com/~lynn/2008s.html#5
http://www.garlic.com/~lynn/2008s.html#41

and a couple slightly older comments about (world financial regulations) BASEL
http://www.garlic.com/~lynn/2008r.html#4 Basel Committee outlines plans to strengthen Basel II

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Business Science

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Business Science
Date: Jan 12, 2009
Blog: Greater IBM Connection
old post about when we were looking at copyrighting the term "business science"
http://www.garlic.com/~lynn/95.html#8aa

trying to relate data, information, knowledge, wisdom & understanding. within the last decade we've seen simplified versions used by others.

the above is also referenced in this long-winded, decade old post mentioning discussing some of the the current problems in the financial infrastructure.
http://www.garlic.com/~lynn/aepay3.htm#riskm

and for some other drift ... part a thread from last year discussing a news article about "KPO identified as the next wave of outsourcing"
http://www.garlic.com/~lynn/2008d.html#38 outsourcing moving up the value chain

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Graphics on a Text-Only Display

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Graphics on a Text-Only Display
Newsgroups: alt.folklore.computers
Date: Wed, 14 Jan 2009 16:00:48 -0500
krw <krw@att.zzzzzzzzz> writes:
The /85s were "returns" (metastability). Someone had to use 'em, the customers certainly weren't about to. I tried to stay away from VM. The "native" file system was too limiting. MVS was bad enough, though PDSs made life tolerable.

re:
http://www.garlic.com/~lynn/2009s.html#37 Graphics on a Text-Only Display

one of the MVS problems that corporate design applications were starting to run into by the late 70s were hitting max. application size. while every application was given its own (16mbyte) virtual address space .... because of extensive pointer-passing paradigm (inherited from real storage & os/360 days) an 8mbyte MVS kernel image occupied every address space. Also from pointer-passing paradigm, there was also a "common segment" defined in every virtual address space ... which started at a minimum of 1mbytes ... but was somewhat proportional to size of installation. by late 70s, numerous MVS installations had 4-5mbyte common segments ... leaving only 3-4mbytes for application.

Lots of large design applications were hitting 7mbyte limitation (running in customed configured MVS systems with minimum sized common segment). It was possible to get 3033 machines with 32mbytes of real storage ... but the largest application (under MVS) was frequently limited to 3-4mbytes ... and had hard limit at 7mbytes.

The available address space limitation was starting to be major motivation for some of these locations to migrate from MVS to VM ... so that application space was opened up to nearly the whole virtual address space size 16mbytes (minus maybe 196kbytes). This was all pending availability of 31bit addressing with 3081s, 370-xa, operating system supporting 31bit virtual, and application support to execute in 31bit mode.

misc. old email regarding migration of some of the internal tools from mvs to vm ... frequently motivated by the available address space size "problem"
http://www.garlic.com/~lynn/2006v.html#email800310
http://www.garlic.com/~lynn/2006v.html#email800310b
http://www.garlic.com/~lynn/2006v.html#email800624
http://www.garlic.com/~lynn/2006v.html#email800717
http://www.garlic.com/~lynn/2006v.html#email800903
http://www.garlic.com/~lynn/2006p.html#email810128

in these posts
http://www.garlic.com/~lynn/2006p.html#40
http://www.garlic.com/~lynn/2006v.html#19
http://www.garlic.com/~lynn/2006v.html#23
http://www.garlic.com/~lynn/2006v.html#15

there was a separate issue for things like trivial editing ... typical "trivial" MVS 3270 teminal response was 1second or greater ... while equivalent operations in VM were on the order of .2seconds. The poor MVS response was also used as an excuse that it wasn't necessary to improve 3274 (3270 terminal) controller thruput ... since it would have little overall aggregate difference. The change from 3272/3277 (controller/terminal) to 3274/327x (controller/terminal) had the 3274 processing overhead greater than the VM trivial response time (MVS users never noticed the difference, while VM users were very vocal).

for something completely different ... old email mentioning that after a VM pitch i gave at SLAC ... it prompted people at Amdahl to spend a month rewriting VMPE
http://www.garlic.com/~lynn/2006v.html#email800319

in this post
http://www.garlic.com/~lynn/2006v.html#22

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Data losses set to soar

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Data losses set to soar
Date: Jan 14, 2009
Blog: Financial Crime Risk, Fraud and Security
somewhat security related, not so much coding errors ... but more of problems with underlying paradigm ... recent thread:
http://www.garlic.com/~lynn/2008p.html#67 Web Security hasn't moved since 1995
http://www.garlic.com/~lynn/2008p.html#78 Web Security hasn't moved since 1995
http://www.garlic.com/~lynn/2008q.html#13 Web Security hasn't moved since 1995
http://www.garlic.com/~lynn/2008s.html#25 Web Security hasn't moved since 1995

I had done a (mainframe) problem determination application in the early 80s ... and did a lot of research on what caused failures ... some old posts
http://www.garlic.com/~lynn/submain.html#dumprx

when we started our high availability HA/CMP product in the late 80s, we did lots of in-depth threat & vulnerability analysis ... not specifically oriented to security breaches ... but anything that might affect service. We identified several weaknesses in tcp/ip implementations ... but also determined that the common storage use paradigm in C language would result in enormous buffer length related problems. I had done a major portion of tcp/ip stack implementation in pascal ... some old references
http://www.garlic.com/~lynn/subnetwork.html#1044

and I hypothesized that difference between C & PASCAL would see a major number of buffer storage problems in C language (as far as I know there was never a buffer storage problem in the PASCAL implementation). Through-out much of the 90s, C-language related buffer problems were the major source of exploits & vulnerabilities in internet & tcp/ip ... lots of old threads
http://www.garlic.com/~lynn/subintegrity.html#overflow

This post references a HA/CMP meeting in 1992
http://www.garlic.com/~lynn/95.html#13

sometime after that meeting ... two of the people mentioned in the meeting left and joined a small client/server startup responsible for something called the "commerce server". We were called in to consult because the startup wanted to do payment transactions on the server ... the startup also had invented this technology they called SSL they wanted to use. We had to do detailed end-to-end look at not only the SSL technology ... but various of the business processes ... including these new operations calling themselves Certification Authorities that were issuing these things called SSL domain name digital certificates ... some past posts
http://www.garlic.com/~lynn/subpubkey.html#sslcert

one kind of infrastructure problem that have shown up in the news since the above thread
http://www.garlic.com/~lynn/2008s.html#50 Perfect MITM Attacks With No-Check SSL
http://www.garlic.com/~lynn/2009.html#35 Perfect MITM Attacks With No-Check SSL

and a different kind of infrastructure problem that has also shown up in the news since the above thread:
http://www.garlic.com/~lynn/2008s.html#76 Boffins bust web authentication with game consoles
http://www.garlic.com/~lynn/2008s.html#78 Boffins bust web authentication with game consoles

and for an older view of security
http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 14, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?

Note that part of what allowed the current financial disaster to get out of control (also mentioned in congressional hearings) was that (in the early 70s) the rating agencies had switched from "buyers" paying for the ratings to the "sellers" paying for the ratings ... this resulted in the business process becoming "mis-aligned" and opened the way for conflict of interest. Trying to then "regulate" mis-aligned business process can be almost impossible ... since it is in so many people's interest to do the wrong thing. The whole implication about using the label "mis-aligned" ... is that if things were aligned ... it would be in most of the people's best interest to do the right thing (as opposed to encourage them to do the wrong thing) ... which also significantly simplifies the regulation task.

This also shows up in the explosion in executive compensation as well as the fiddling of public company financial statements (going on in-spite of SOX legislation, in seems that GAO took it upon itself to document the instances ... even when SEC and other agencies weren't actually doing anything about it). This is also the basis of the study of 270 public companies that redid their executive compensation plan ... specifically to try and eliminate the provisions that seemed to encourage executives to do the wrong thing.

For a look at how Boyd would likely view of some of the other current gov. specific things .... see these items from the Boyd conference website:
http://boyd2008.ning.com/profiles/blogs/chuck-spinneys-rebuttal-to-the
http://boyd2008.ning.com/profiles/blogs/andrew-cockburns-interview

Some amount of Boyd's briefings were taking military activity as examples of competitive operations and generalizing to other situations ... including civilian competitive environments. However I think that with regard to:
http://www.dtra.mil/

there was some line about .... Trust, But Verify--And Verify First.
http://www.dtra.mil/about/seal.cfm

which can be applied to all sort of situations. In theory the rating agencies were supposed to be some part of that ... but things became misaligned when their business interests changed from the buyers to the sellers (even though the purpose of the ratings were an aspect of verify first supposedly for the buyers).

wiki reference ...
https://en.wikipedia.org/wiki/Trust,_but_Verify

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

HONEY I LOVE YOU, but please cut the cards

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: HONEY I LOVE YOU, but please cut the cards
Date: Jan 15, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?

there was some old discussion about past some point, the greater the fraud ... the better the treatment .... at some point when the fraud is at the level it would take down govs. ... there frequently is *star* treatment and attempts made to not even divulge the activity.

from a different perspective, a lot of institutions bread&butter is trust .... and when that is compromised ... they would prefer to not even have it made public.

we were tangentially involved in the cal. data breach notification legislation. we had been brought in to help word-smith the electronic signature legislation. Some of the organizations involved were also involved in privacy issues and had done detailed, in-depth consumer privacy surveys. The number one issue was "identity theft" ... and the top of the list was crooks performing fraudulent transactions based on information gathered in various kinds of compromises. There was little being done about it and/or even publicized. There appeared to a feeling that the publicity from breach notification would promote countermeasures. Since then a lot of other jurisdictions have enacted similar legislation. At the federal level ... the legislation attempts have fallen into two categories ... those that are equivalent to the cal. state legislation ... and breach notification "bills" that would eliminate notification requirement (sometimes referred to as "federal preemption").

PBS series wall street fix discussing (older) financial fraud (enron, worldcom, etc) and various contributing factors ... including the repeal of Glass-Steagall:
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/

There was recently CSPAN program that during the congressional session that repealed Glass-Steagall, the financial industry contributed $250m to congress ... and in the most recent session that passed the $700b bail-out bill, there were $2b in contributions.

some recent posts mentioning repeal of Glass-Steagall:
http://www.garlic.com/~lynn/2008s.html#9 Blind-sided, again. Why?
http://www.garlic.com/~lynn/2008s.html#20 Five great technological revolutions
http://www.garlic.com/~lynn/2008s.html#23 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
http://www.garlic.com/~lynn/2008s.html#55 Is this the story behind the crunchy credit stuff?

misc. recent posts mentioning the breach/compromise problems:
http://www.garlic.com/~lynn/2008p.html#5 Privacy, Identity theft, account fraud
http://www.garlic.com/~lynn/2008p.html#7 Dealing with the neew MA ID protection law
http://www.garlic.com/~lynn/2008p.html#59 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#67 Web Security hasn't moved since 1995
http://www.garlic.com/~lynn/2008p.html#76 Multi-Factor Authentication - Moving Beyond Passwords for Security of Online Transactions
http://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
http://www.garlic.com/~lynn/2008s.html#10 Data leakage - practical measures to improve Information Governance

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 14, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?

I had gotten blamed for computer conferencing on the internal network in the late 70s and early 80s ... the internal network was larger than the arpanet/internet from just about the beginning until sometime in the period mid-85 to spring-86. Lots of past posts mentioning internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet

Somewhat as a result, a researcher was paid to sit in the back of my office for nine months and take notes on how I communicated. They also got copies of all my incoming and outgoing email as well as logs of all my instant messages. The information was used for a corporate research report and a Stanford PHD thesis (joint between language and computer AI), as well as some number of papers and books. One of the books was "Knowledge machines: Language and information in a technological society", which I think is still available on Amazon.

During part of this period, I was also sponsoring Boyd's briefings.

This is a recent reference to a post in another blog ... referring to when we were looking at relating data, information, knowledge, and wisdom ... and considering copyrighting the term "business science":
http://www.garlic.com/~lynn/2009.html#54 Business Science

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

The 25 Most Dangerous Programming Errors

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The 25 Most Dangerous Programming Errors
Date: Jan 15, 2009
Blog: Financial Crime Risk, Fraud and Security
re:
http://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors
http://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
http://www.garlic.com/~lynn/2009.html#56 Data losses set to soar

We've used some metaphors regarding much of the information having to be repeatedly exposed/used and therefor even if the planet was buried under miles of information hiding encryption ... it still wouldn't prevent information leakage: a few recent threads:
http://www.garlic.com/~lynn/2008p.html#5 Privacy, Identity theft, account fraud
http://www.garlic.com/~lynn/2008p.html#7 Dealing with the neew MA ID protection law
http://www.garlic.com/~lynn/2008p.html#59 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008r.html#53 21 million German bank account details on black market
http://www.garlic.com/~lynn/2008s.html#10 Data leakage - practical measures to improve Information Governance

for other topic drift ... lots of past post regarding having been involved in the original relational/sql implementation:
http://www.garlic.com/~lynn/submain.html#systemr

and for total topic drift ... past post mentioning Jim talked me into considering taking position of "chief security architect"
http://www.garlic.com/~lynn/2007o.html#7 Hypervisors May Replace Operating Systems As King Of The Data Center
http://www.garlic.com/~lynn/2008b.html#5 folklore indeed
http://www.garlic.com/~lynn/2008b.html#37 Tap and faucet and spellcheckers
http://www.garlic.com/~lynn/2008p.html#80 Making tea

as per above ... the issue isn't so much the encryption of the data when it is not being used ... it is that the much of the data has to be used & decrypting for so many business processes that it is nearly impossible to prevent leakage.

In the x9.59 financial standard protocol discussions
http://www.garlic.com/~lynn/x959.html#x959

the approach was to tweak the parapdigm and make the information useless to crooks. part of the issue (highlighted in some of the metaphor discussions) is that much of the information has a "dual-use" vulnerability ... it is required for 1) authentication (something you know) and 2) integral to large number of business process. an approach is to totally separate what is used for authentication and what is required for standard business processes.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Does IBM host guest speakers?

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Does IBM host guest speakers?
Date: Jan 15, 2009
Blog: Greater IBM
I had hosted Boyd briefings a number of times at IBM in the 80s. Lots of past posts mentioning Boyd and/or OODA-loops
http://www.garlic.com/~lynn/subboyd.html

A couple yrs ago, somebody hosted me for a talk at YKT/Hawthorne on security, authentication, and AADS ... some related AADS references
http://www.garlic.com/~lynn/x959.html#aads

When Tymshare was being bought by M/D ... some of the people were looking for other positions and I got asked to try and help. recent post
http://www.garlic.com/~lynn/2008s.html#3 New machine code

with this Seminar announcement (SJR, bldg. 28 cafeteria A):
http://www.garlic.com/~lynn/2008s.html#email840720

above related to this post
http://www.garlic.com/~lynn/2008g.html#23 Doug Engelbart's "Mother of All Demos"
http://www.garlic.com/~lynn/2008r.html#57 PC premiered 40 years ago to awed crowd
http://www.garlic.com/~lynn/2008r.html#62 PC premiered 40 years ago to awed crowd

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

IRS Mainframe Not Secure Enough

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: IRS Mainframe Not Secure Enough
Newsgroups: bit.listserv.ibm-main
Date: Thu, 15 Jan 2009 12:45:46 -0500
rfochtman@YNC.NET (Rick Fochtman) writes:
Obviously, security awareness is not a high priority at IRS. They seem to be more interested in audits, etc. :-)

IRS has a number of challenges.

for past decade or two, there have a number of major (unsuccesful) modernization projects at the IRS ... attempting to update the (60s) legacy infrastructures.

a lot of machines may not even be connected to the outside world ... but there is major issue with privacy (which can also be construed as security) regarding employees that may have legitimate access to the machines (and have ingrained operation that dates back decades).

i was one of the co-authors of the x9.99 financial industry privacy standard and we talked to a number of organizations ... including federal gov ... like hipaa people. Of the fed. gov. organizations that we dealt with, the one that had by far, done the most in PIAs (privacy impact assessements) was IRS (the extensive documentation from their PIAs may skew the data against the IRS vis-a-vis other organizations that may not have studied the problem as much).

There are very stringent requirements ... not with regard to whether an employee accesses tax returns ... but whether each employee only accesses the tax returns that have been assigned to them (in an environment where some of the applications may be 40yrs old).

for other topic drift ... as part of the x9.99 effort ... I had done a "privacy" subset
http://www.garlic.com/~lynn/privacy.htm

of our merged security taxonomy & glossary
http://www.garlic.com/~lynn/index.html#glosnote

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 15, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#59 CROOKS and NANNIES: what would Boyd do?

Many of the articles are that most of the current crisis is because (mostly business) people purposefully ignored and/or manipulated the risk analysis ... (mostly to inflate their personal compensation ... this is related to CEOs fiddling public company financial statements) ... some references:

How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/ Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/

this long-winded, decade old post
http://www.garlic.com/~lynn/aepay3.htm#riskm

includes discussion of how a "new" risk analysis (in the S&L crisis) showed that financial institution dealing in ARM mortgages could take down the institution ... resulting in Citibank totally getting out of the mortgage market (and nearly taking down the institution in the process).

In current situation, there has been some obfuscation attempting to blame faulty risk analysis ... which doesn't hold up. For instance, the recent washington post series on AIG & CDS business ... went into detail that the AIG business unit dealing in CDS got into trouble (and has nearly taken down the whole company) when they started selling CDS on instruments for which no risk analysis had been performed (the original business justification risk analysis for CDS were not for toxic CDO mortgage backed securities).
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html

Circa 1990, a new risk analysis product company was formed ... I believe with some of the people that had produced the ARM analysis in the S&L crisis. They have repeatedly raised alarms about the current situation. For instance, playing long/short mismatch has been known for centuries to take down institutions. They had commented that Bear-Stearns and Lehman had only a marginal chance of surviving playing long/short mismatch (in funding their toxic CDO purchases ... even if the toxic CDOs had been deserved the triple-A ratings) related article
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
Fed reserve article from decade ago:
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/

One might conclude there were a lot of individuals putting institutions significantly at risk for purely personal compensation (personal gain in conflict with institution viability).

past posts mentioning "fed is to easy on wall street" article:
http://www.garlic.com/~lynn/2008f.html#76 Bush - place in history
http://www.garlic.com/~lynn/2008g.html#66 independent appraisers
http://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
http://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
http://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
http://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
http://www.garlic.com/~lynn/2008o.html#31 The human plague
http://www.garlic.com/~lynn/2008o.html#32 How much is 700 Billion Dollars??
http://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
http://www.garlic.com/~lynn/2008r.html#61 The vanishing CEO bonus
http://www.garlic.com/~lynn/2008r.html#64 Is This a Different Kind of Financial Crisis?
http://www.garlic.com/~lynn/2008s.html#32 How Should The Government Spend The $700 Billion?
http://www.garlic.com/~lynn/2008s.html#33 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#35 Is American capitalism and greed to blame for our financial troubles in the US?
http://www.garlic.com/~lynn/2008s.html#41 Executive pay: time for a trim?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

An bit of an aside: Re: Magnetic tape storage

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: An bit of an aside: Re: Magnetic tape storage
Newsgroups: alt.folklore.computers
Date: Thu, 15 Jan 2009 15:26:26 -0500
Morten Reistad <first@last.name> writes:
"Nah, they couldn't hit an elephant from this distance."

old post about air strikes being called in on elephants
http://www.garlic.com/~lynn/2005t.html#1 Dangerous Hardware

disclaimer: i never heard the elephant story from boyd.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

The 25 Most Dangerous Programming Errors

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The 25 Most Dangerous Programming Errors
Date: Jan 16, 2009
Blog: Financial Crime Risk, Fraud and Security
re:
http://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors
http://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
http://www.garlic.com/~lynn/2009.html#56 Data losses set to soar
http://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors

... oh and recent reference to Jim
http://www.garlic.com/~lynn/2008p.html#27 Father of Financial Dataprocessing

and I recently scanned an '84 presentation of his on things failing
http://www.garlic.com/~lynn/grayft84.pdf

and reference to Jim and I being keynotes at NASA dependable computing workshop:
http://web.archive.org/web/20011004023230/http://www.hdcc.cs.cmu.edu/may01/index.html

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

What's missing in security: business

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What's missing in security: business
Date: Jan 16, 2009
Blog: Financial Cryptography
re:
https://financialcryptography.com/mt/archives/001128.html

there is recent thread in linkedin "Financial Crime, Risk, Fraud and Security" group that started with recent news item "The 25 Most Dangerous Programming Errors" ... but got into using encryption to "hide" financial transaction information (as part of preventing crooks from harvesting the information and using it to perform fraudulent transactions). One of the questions was about new RDBMS support for being able to do various kinds of queries against encrypted data (w/o having to 1st decrypt the data to perform the query).

A fundamental issue is dual-use of the account number ... the account number has dual-use vulnerability because it is being used for both something you know authentication and part of a large number of transaction business processes.

This creates diametrically opposing requirements ... the something you know authentication requires that the information be kept confidential and never divulged (especially to "insiders" which account for the majority of the related exploits) ... while the business transaction operations require it to be readily available.

The "encryption" solution attempts to apply pixie dust magic to both simultaneously never divulge the account number and at the same time make it widely available.

ref:
http://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
http://www.garlic.com/~lynn/2009.html#65 The 25 Most Dangerous Programming Errors

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

In the beginning: The making of the Mac

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: In the beginning: The making of the Mac
Newsgroups: alt.folklore.computers
Date: Fri, 16 Jan 2009 08:12:32 -0500
In the beginning: The making of the Mac
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125939&intsrc=hm_topic

from above:
Luck may have played as big a role as planning in the creation of the first Apple Macintosh

...

The most enduring result of this quest was the Macintosh computer, which on Jan. 24 celebrates its 25th anniversary.


... snip ...

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 14, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#59 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#63 CROOKS and NANNIES: what would Boyd do?

There was a business school article last spring estimating that 1000 executives are responsible for 80% of the current mess and that it would go a long way to fixing the situation if the gov. could figure out how they could loose their jobs.

This morning, the tv business news shows were focusing heavily on these guys aren't getting fired but are getting enormous compensation ... supposedly for "getting it right" ... but actually getting it wrong. There was several references to there having been enormous risk taken that showed big paper profits which in turn, resulted in big bonuses ... but later turned to be more like the "emperor's new clothes" parable.

past posts mentioning the above:
http://www.garlic.com/~lynn/2008j.html#40 dollar coins
http://www.garlic.com/~lynn/2008j.html#60 dollar coins
http://www.garlic.com/~lynn/2008j.html#69 lack of information accuracy
http://www.garlic.com/~lynn/2008k.html#10 Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
http://www.garlic.com/~lynn/2008k.html#16 dollar coins
http://www.garlic.com/~lynn/2008k.html#27 dollar coins
http://www.garlic.com/~lynn/2008l.html#42 dollar coins
http://www.garlic.com/~lynn/2008m.html#12 Fraud due to stupid failure to test for negative
http://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
http://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
http://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
http://www.garlic.com/~lynn/2008n.html#74 Why can't we analyze the risks involved in mortgage-backed securities?
http://www.garlic.com/~lynn/2008n.html#95 Blinkylights
http://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
http://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
http://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
http://www.garlic.com/~lynn/2008o.html#35 The human plague
http://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
http://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
http://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
http://www.garlic.com/~lynn/2008q.html#16 realtors (and GM, too!)
http://www.garlic.com/~lynn/2008q.html#18 A few months of legislative vacuum - is this a good thing?
http://www.garlic.com/~lynn/2008q.html#51 Obama, ACORN, subprimes (Re: Spiders)
http://www.garlic.com/~lynn/2008q.html#58 Obama, ACORN, subprimes (Re: Spiders)
http://www.garlic.com/~lynn/2008r.html#10 Blinkylights
http://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
http://www.garlic.com/~lynn/2009.html#50 Greed Is

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Double authentification for internet payment

Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Double authentification for internet payment
Date: Jan 16, 2009
Blog: Financial Crime Risk, Fraud and Security
From the 3-factor authentication paradigm ... lots of past post
http://www.garlic.com/~lynn/subintegrity.html#3factor

straight credit card has presumed to be something you have authentication ... but starting a couple a decades ago ... it became relatively straight-forward to "evesdrop" the magnetic stripe information to produce a counterfeit card. Basically the "evesdropping" is the same kind of attack that is used for something you know. There has been encryption technology ... like SSL that attempts to hide the something you know information ... but there are a couple of different problems: 1) long standing statistics have found that "insiders" are involved in the majority of exploits involving something you know authentication information and 2) there are quite extensive social engineering and phishing attacks that attempt to trick users into divulging the "authentication" information.

This is further complicated by the "dual-use" vulnerability in many existing infrastructures ... i.e. the account number is effectively both something you know authentication (requiring it to be kept confidential and never divulged to anybody) and required to be readily available as part of scores of standard business processes (at least exposing it to numerous "insiders").

There was an effort at the start of this decade to deploy something you have chipcards for Internet authentication ... however, the "readers" provided as part of the program, resulted in enormous number of installation and consumer support problems ... to the extent the program was aborted and there was a rapidly spreading opinion that chipcards weren't viable in the consumer/internet market place (the actual problem wasn't with the chipcards ... but with the readers provided as part of the specific deployment). The net was that not only was the specific project aborted ... but numerous other chipcard oriented efforts also were terminated. A trivial example was the NACHA Internet effort ... RFI and project description mentioned here:
http://www.garlic.com/~lynn/x959.html#aads

Another example of activity that appeared to totally evaporate was the whole EU FINREAD activity ... large number of past posts on the subject mentioned here:
http://www.garlic.com/~lynn/subintegrity.html#finread

various aspects appear in this recent news item discussion (in this linkedin group):
http://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
http://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
http://www.garlic.com/~lynn/2009.html#65 The 25 Most Dangerous Programming Errors

there is also this much longer discussion regarding paper from the Kansas City Fed
http://www.garlic.com/~lynn/2008p.html#11 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#14 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#15 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#18 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#19 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#22 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#28 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#32 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#44 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#55 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#59 Can Smart Cards Reduce Payments Fraud and Identity Theft?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

A New Role for Old Geeks

Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: A New Role for Old Geeks...
Date: Jan 16, 2009
Blog: Greater IBM
or

Old technology still may be the best

There was recent news item about "The 25 Most Dangerous Programming Errors" . The number one source of exploits on the internet during the 90s was buffer overflow vulnerabilities in (internet, tcp/ip) C language programs. This has dropped in the rankings ... not so much because the number of buffer exploits has improved but that there have been significant increases in other kinds of exploits (other buffer exploits continues to be a significant problem).

Some recent posts in discussions of the news item:
http://www.garlic.com/~lynn/2009.html#45
http://www.garlic.com/~lynn/2009.html#49
http://www.garlic.com/~lynn/2009.html#56
http://www.garlic.com/~lynn/2009.html#60
http://www.garlic.com/~lynn/2009.html#65

I mention in the above post having done part of a tcp/ip implementation in Pascal ... which had none of the buffer problems that are common in C language implementations.

these old posts
http://www.garlic.com/~lynn/2002l.html#42
http://www.garlic.com/~lynn/2002l.html#44

reference "Thirty Years Later: Lessons from the Multics Security Evaluation" ... one of the points was that Multics was implemented in PLI and had none of the buffer related exploits that are common in C language implementations.

In a recent forum item, I mention that I'm trying to get copyright permission to make the 1979 SHARE LSRAD (making /ibm mainframe/ systems more useable) report, available on bitsaver. In the report, it takes some Multics features as examples of more useable features.
http://www.garlic.com/~lynn/2009.html#47

For some digression, Multics was done on the 5th flr of 545 tech sq ... and the science center was on the 4th flr of 545 tech sq ... which was responsible for the virtual machine cp67 system (precursor to vm370), invention of gml in 1969 (precursor to sgml, html, xml, etc), the internal networking technology and several other contributions.

recent SGML reference:
http://www.garlic.com/~lynn/2009.html#41

misc. past posts mentioning science center
http://www.garlic.com/~lynn/subtopic.html#545tech

misc. past posts mentioning internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 17, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#59 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#63 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#68 CROOKS and NANNIES: what would Boyd do?

Note that Boyd's Patterns of Conflict briefing was filled with examples of military conflict ... but they were used in the context of any competitive human activity. This was somewhat the reference to DTRA and trust, but verify.

An (non-Boyd) example was some court case in the early 80s involving industry espionage and some information that an employee took to a competitor (in return for significant compensation). The litigation was claiming multiple billions in damages. The court basically stated that given significant temptation, all humans are vulnerable ... and that security proportional to value (or security proportional to risk) had to be demonstrated ... in order to collect damages (otherwise it is simple human nature). My corollary is courts requiring fences around swimming pools because minors can't be held responsible being tempted to use the pool.

Courts were basically saying that all humans are tempted by financial reward (may also be called greed) and unless there are sufficient countermeasures proportional to the temptation ... all humans can be considered vulnerable.

A lot of the individual hot-spots of greed & corruption had existed prior to the current mess ... but it was a deregulation and/or lack of regulation enforcement that resulted in them being able to combine together into economic firestorm.

misc. past references to firestorm:
http://www.garlic.com/~lynn/2008o.html#78 Who murdered the financial system?
http://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
http://www.garlic.com/~lynn/2008o.html#82 Greenspan testimony and securization
http://www.garlic.com/~lynn/2008p.html#60 Did sub-prime cause the financial mess we are in?
http://www.garlic.com/~lynn/2008q.html#20 How is Subprime crisis impacting other Industries?
http://www.garlic.com/~lynn/2008s.html#57 Garbage in, garbage out trampled by Moore's law
http://www.garlic.com/~lynn/2008s.html#62 Garbage in, garbage out trampled by Moore's law

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Double authentification for internet payment

Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Double authentification for internet payment
Date: Jan 17, 2009
Blog: Financial Crime Risk, Fraud and Security
re:
http://www.garlic.com/~lynn/2009.html#69 Double authentification for internet payment

Another side of the authentication issue is the threat model. A lot of implementations are a form of shared-secret ... lots of past posts
http://www.garlic.com/~lynn/subintegrity.html#secret

and the threat model is leaking the secret and replay attacks (i.e. imposters presenting the secret). One of the issues in a shared-secret paradigm is that frequently a unique shared-secret is required for every unique security domain as a countermeasure to x-domain attacks (secret obtain in one security domain, possibly with lower security, can be used to attack another security domain ... possibly one that has higher security).

something you know authentication

is frequently a shared-secret like PIN or password ... or date-of-birth or mothers-maiden-name (or sometimes a "dual-use" account number). the attacker is attempting to obtain the secret for impersonation and/or performing fraudulent transactions.

something you have authentication

may also be a shared-secret ... where the device presents some type of static data. the static data can be evesdropped and/or obtained and used to impersonate the device ... and therefor impersonate the person (that is supposed to be in possession of the device). Magstripes cards "skimming" to produce counterfeit card has been going on for at least a couple decades. for a little topic drift recent post discussing invention and early days of magstripe:
http://www.garlic.com/~lynn/2008s.html#25

various kinds of chipcards have also had "static data" (effectively share-secret) implementations that are also trivially vulnerable to counterfeiting ... in some cases obtaining the "static data" using nearly the same technology as in magstripe compromises. An example was the yes card exploits ... lots of past posts
http://www.garlic.com/~lynn/subintegrity.html#yescard
and this archived post mentioned the yes card exploit was discussed in a presentation at cartes2002
http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html

another class of chipcards are RFID that had been originally developed as replacement for barcode inventory ... that respond with purely static data (originally EPC as upgrade to UPC). sometimes these are configured to respond with the same (static) data that appears on magstripe.

something you are authentication

can even be implemented as shared-secret ... where the authentication server has a copy of the biometric template stored. the attacker obtains a copy of the template and uses that reproduce same/similar value. One scenario requires duplicating the biometric physical characteristics (use at "trusted" biometric readers). In remote (possibly internet environments), an attacker might just spoof biometric reader and reproduce the electronic representation. One of the downsides of a "thumb" secret ... vis-a-vis a "password" secret ... in a compromise, it is much easier to issue a new "password" than it is to issue a new "thumb".

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 17, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#59 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#63 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#68 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?

The estimate about 1000 executives responsible for 80% of the current crisis was a UofPenn Wharton paper ...
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)

CRA predated the current crisis by quite a bit. There was an enormous explosion in amount of money available for lending via securitization ... and that was further enormously increased with the triple-A ratings given the toxic CDOs. In the past, banks were typically the primary source of lending ... using deposits as source of funds. Securitization allowed just about anybody (often unregulated) to get into the lending business.

A month ago, there was a panel from the mortgage industry on CSPAN. They appeared to be somewhat torn between claiming the problems are because the people in the mortgage industry are ignorant and totally incompetent vis-a-vis they just ignored all prudent business processes. They also mentioned that only about 10% of the subprime, no-documentation, no-down, 1% interest only ARM loans could be considered falling into the CRA category. A large number of the loans went to people that realized that the carrying cost for buying property (during the introductory period) was significantly less than the appreciation/inflation. As mentioned in the following, the people making those loans "no longer cared" (since the use of triple-A rated toxic CDOs allowed them to get rid of any possible problem ... so every loan made was "profit")

The Man Who Beat The Shorts
http://www.forbes.com/forbes/2008/1117/114.html

from above:
Watsa's only sin was in being a little too early with his prediction that the era of credit expansion would end badly. This is what he said in Fairfax's 2003 annual report: "It seems to us that securitization eliminates the incentive for the originator of [a] loan to be credit sensitive. Prior to securitization, the dealer would be very concerned about who was given credit to buy an automobile. With securitization, the dealer (almost) does not care."

... snip ...

In the wake of ENRON, SOX was suppose to rectify some of the problems ... however nothing actually appeared to happen. Part of that supposedly included doing something about the rating agencies ... but there doesn't appear to have been anything except:

Report on the Role and Function of Credit Rating Agencies in the Operation of the Securities Markets; As Required by Section 702(b) of the Sarbanes-Oxley Act of 2002
http://www.sec.gov/news/studies/credratingreport0103.pdf

Also, GAO has started doing a database of executives fiddling public company financial reports (in spite of SOX). The executives get a boost in compensation based on the fiddled numbers. Later the financials may be restated ... but the compensation not forfeited. One example was in 2004 Freddie was fined $400m for $10b fiddling of financials and the CEO replaced ... but allowed to keep tens of millions (hundred?).

GAO references:
http://www.gao.gov/products/GAO-03-138
and
http://www.gao.gov/new.items/d06678.pdf

Part of the issue is that there may be extreme downside to the business operation ... but it appears that the executives still believe that they can come out ahead.

The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice

from above:
Here's a staggering figure to contemplate: New York City securities industry firms paid out a total of $137 billion in employee bonuses from 2002 to 2007, according to figures compiled by the New York State Office of the Comptroller. Let's break that down: Wall Street honchos earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6 billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and $33.2 billion in 2007.

... snip ...

some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).

... and more recent update

Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1

from above:
Goldman Sachs, which accepted $10 billion in government money, and lost $2.1 billion last quarter, announced Tuesday that it handed out $10.93 billion in benefits, bonuses, and compensation for the year.

... snip ...

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 17, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#59 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#63 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#68 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?

as mentioned in other refs ... securitization ... and especially triple-A ratings on toxic CDOs, enormously increased the funds for lending ... even unregulated non-depository non-financial institations could get into loan origination ... since there was no longer a dependency on deposits for funds.

at the same time, the triple-A ratings on toxic CDOs ... pretty much eliminated any motivation by the loan originators to having to pay attention to loan quality & prudent lending practices ... they no longer had to care ... every loan was a profit.

for a little topic drift ... here is a thread in financial cryptography blog wondering what has happened to "risk management". One of the quotes is about the auto industry being notorious for not improving theft countermeasures ... since "every car stolen resulted in a sale".

What's missing in security: business
https://financialcryptography.com/mt/archives/001128.html
Getting the business into security, or is it...
https://financialcryptography.com/mt/archives/001129.html

there were analogous threads a couple years ago ("a fraud is a sale") about banks not having a lot of motivation to improve credit/debit card security ... since they were able to charge the cost of the fraud against the "merchant discount" (what merchants had to pay for transactions) ... and even making a profit on the extra fees in the process. one article (at the time) pointed out that nearly 40% of those (US) financial institutions bottom line was coming from these fees. There was some comparison that the fees involing "secure" transactions is about 1/10th the fees for less secure transactions. Any major transition from current environment to significantly more secure operations might result in that 40% being reduced by a factor of ten.

slightly related recent discussion in linkedin "Financial Crime Risk, Fraud and Security" group
http://www.garlic.com/~lynn/2009.html#69 Double authentication for internet payment
http://www.garlic.com/~lynn/2009.html#72 Double authentication for internet payment

this is related to mis-aligned business process theme that was brought up in the congressional hearings about the rating agencies giving triple-A ratings to toxic CDOs.

misc past posts mentioning mis-aligned business process
http://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
http://www.garlic.com/~lynn/2008s.html#30 How reliable are the credit rating companies? Who is over seeing them?
http://www.garlic.com/~lynn/2009.html#14 What are the challenges in risk analytics post financial crisis?
http://www.garlic.com/~lynn/2009.html#32 What are the challenges in risk analytics post financial crisis?
http://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?

The mess in the home owner market is enormous speculation and inflation "pimple/boil" (more applicable than "bubble") across the market (in market segments that would never be involved in CRAs). Plot the avg. home price since 1970 ... as well as plot the ratio of avg. home prices to avg. income. There is a unique, large pimple/boil that starts to spike in the early part of this decade ... which has yet to fully correct (and has no correlation with CRA).

one of the problems in a speculation market ... is that the speculation tends to mask the fundamental demand ... the obfuscation results in over production ... and when the speculation pimple/boil/bubble bursts ... numerous economic factors can contribute to downward spiral continuing past the original starting point (including needing to absorb the the over production and excess supply).

In the past, I've related the speculation obfuscation to undermining Boyd's OODA-loop (not being able to clearly determine underlying fundamentals) ... and the indirect consequences of securitization and giving triple-A ratings to toxic CDOs ... starts to spread out and encompass several other portions of the economy.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Delays in DNS security baffling: Mockapetris

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Delays in DNS security baffling: Mockapetris
Date: Jan 17, 2009
Blog: (UK) Information security
re:
http://www.garlic.com/~lynn/2008q.html#13 Web Security hasn't moved since 1995
http://www.garlic.com/~lynn/2008r.html#42 Online Bill Payment Website Hijacked - Users were redirected to a page serving malware

U.S. plots major upgrade to Internet router security
http://www.networkworld.com/news/2009/012009-heartland-security-breach.html

from above:
DHS says its routing security effort will prevent routing hijack attacks as well as accidental misconfigurations of routing data. The effort is nicknamed BGPSEC because it will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). (A separate federal effort is under way to bolster another Internet protocol, DNS, and it is called DNSSEC.)

... snip ...

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Alternative approaches for bailing out the auto industry

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Alternative approaches for bailing out the auto industry
Date: Jan 17, 2009
Blog: Wealth Management
it might not have the anticipated results ....

Dumbest People' Industry Image May Cost Wagoner Job
http://www.bloomberg.com/apps/news?pid=20601109&sid=ap8pS2oslvn0&refer=home

a couple quotes from above:
"There's the feeling that next to financial services, automotive execs are the dumbest people in the world"

"It's pretty clear that management has made some pretty bad decisions over the last 20 years"

"Toyota generated pretax profit of $922 per vehicle on North American sales in 2007, while GM lost $729"


... snip ...

Honda reports record profit
http://www.foxnews.com/story/2008/07/25/honda-reports-record-profit-after-ford-suffers-huge-loss

There are claims that some of the cars with the highest "US" content aren't necessarily from of the "big 3". Also, if there is a loss on every auto sold ... just selling more ... doesn't correct the problems.

past posts also referencing the bloomberg article:
http://www.garlic.com/~lynn/2008p.html#82 Tell me why the taxpayer should be saving GM and Chrysler (and Ford) managers & shareholders at this stage of the game?
http://www.garlic.com/~lynn/2008q.html#10 realtors (and GM, too!)
http://www.garlic.com/~lynn/2008q.html#18 A few months of legislative vacuum - is this a good thing?
http://www.garlic.com/~lynn/2008q.html#22 Is Pride going to decimate the auto Industry?
http://www.garlic.com/~lynn/2008q.html#39 What do you think needs to happen with the auto makers to make them viable?
http://www.garlic.com/~lynn/2008s.html#17b What do you think needs to happen with the auto makers to make them viable

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

CROOKS and NANNIES: what would Boyd do?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: CROOKS and NANNIES: what would Boyd do?
Date: Jan 18, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#53 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#57 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#59 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#63 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#68 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#71 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#73 CROOKS and NANNIES: what would Boyd do?
http://www.garlic.com/~lynn/2009.html#74 CROOKS and NANNIES: what would Boyd do?

... as an aside ... the Wharton article was from last April

The estimate about 1000 executives responsible for 80% of the current crisis was a UofPenn Wharton paper ...
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)

was before the hearings last fall on the rating agencies, which discussed that both the issuers/sellers of toxic CDOs and the rating agencies knew that the toxic CDOs weren't worth triple-A ratings ... but the issuers/sellers were paying the rating agencies for the triple-A ratings. This mis-aligned business process showed up in the early 70s when the rating agencies switched from buyers paying for the ratings to the sellers paying for the ratings.

For other topic drift, post about IDC buying S&P pricing services division in '72 ... and news show commenting that IDC is currently helping the gov. price toxic assets.
http://www.garlic.com/~lynn/2009.html#31
some other recent comments about IDC archeology
http://www.garlic.com/~lynn/2009.html#21

and misc. past posts referencing the Wharton article
http://www.garlic.com/~lynn/2008g.html#32 independent appraisers
http://www.garlic.com/~lynn/2008g.html#44 Fixing finance
http://www.garlic.com/~lynn/2008g.html#66 independent appraisers
http://www.garlic.com/~lynn/aadsm28.htm#57 Who do we have to blame for the mortgage crisis in America?
http://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
http://www.garlic.com/~lynn/2008i.html#4 A Merit based system of reward -Does anybody (or any executive) really want to be judged on merit?
http://www.garlic.com/~lynn/2008i.html#67 Do you have other examples of how people evade taking resp. for risk
http://www.garlic.com/~lynn/2008k.html#71 Cormpany sponsored insurance
http://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
http://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
http://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
http://www.garlic.com/~lynn/2008n.html#74 Why can't we analyze the risks involved in mortgage-backed securities?
http://www.garlic.com/~lynn/2008n.html#95 Blinkylights
http://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
http://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
http://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
http://www.garlic.com/~lynn/2008o.html#35 The human plague
http://www.garlic.com/~lynn/2008o.html#80 Can we blame one person for the financial meltdown?
http://www.garlic.com/~lynn/2008p.html#8 Global Melt Down
http://www.garlic.com/~lynn/2008p.html#9 Do you believe a global financial regulation is possible?
http://www.garlic.com/~lynn/2008q.html#16 realtors (and GM, too!)
http://www.garlic.com/~lynn/2008q.html#18 A few months of legislative vacuum - is this a good thing?
http://www.garlic.com/~lynn/2008q.html#51 Obama, ACORN, subprimes (Re: Spiders)
http://www.garlic.com/~lynn/2008r.html#10 Blinkylights
http://www.garlic.com/~lynn/2009.html#42 Lets play Blame Game...?
http://www.garlic.com/~lynn/2009.html#50 Greed Is
http://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Double authentification for internet payment

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Double authentification for internet payment
Date: Jan 17, 2009
Blog: Financial Crime Risk, Fraud and Security
re:
http://www.garlic.com/~lynn/2009.html#69 Double authentification for internet payment
http://www.garlic.com/~lynn/2009.html#72 Double authentification for internet payment

We had been working with a couple people on large dbms cluster scaleup ... post mentioning a jan92 meeting on the subject
http://www.garlic.com/~lynn/95.html#13

two of the people (mentioned in the above meeting) later left and joined a small client/server startup responsible for something called the commerce server ... and we were brought in as consultants because they wanted to do payment transactions on the server (and the startup had this technology they had invented called SSL they wanted to use). The result is now frequently referred to as "electronic commerce".

Then in the mid-90s, we were asked to participate in the x9a10 financial standard working group, which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments (i.e. debit, credit, ach, check, gift, prepaid, POS, internet, face-to-face, unattended, wireless, ... i.e. ALL). Part of the effort involved doing detailed, in-depth, end-to-end threat and vulnerability studies of the various payment methods and environments.

The result was the X9.59 financial standard protocol for ALL retail payments ... misc. references
http://www.garlic.com/~lynn/x959.html#x959

which provided end-to-end transaction integrity and also slightly tweaked the paradigm so it separated the transaction details (something you know authentication) from the authentication mechanism. This eliminated the vulnerability of "knowing" the account number (and/or other transaction details) as a threat/vulnerability. It didn't do anything about crooks doing skimming, harvesting, data breaches, phishing, evesdropping, or other kinds of attacks ... it just eliminated the usefulness of the information to the crooks.

A side-effect was that the earlier "electronic commerce" effort, using SSL to hide transaction detail (still the largest use of SSL in the world today), became redundant and superfluous.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

The Credit Crunch: Why it happened?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The Credit Crunch: Why it happened?
Date: Jan 18, 2009
Blog: Payment Systems Network
re:
http://www.garlic.com/~lynn/2009.html#52 The Credit Crunch: Why it happened?

This is business school article
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)

... that includes discussion of the problems with toxic CDOs getting triple-A ratings ... and tarnishing reputation of the rating agencies. The article was before the congressional hearings claiming that both the toxic CDO issuers and the rating agencies knew that the toxic CDOs weren't worth the triple-A ratings.

The above article also makes reference to estimate that possibly 1000 executives are responsible for 80% of the current mess and it would go a long way to correcting the problem if the gov. could figure out how they would loose their job.

Part of the congressional hearings was that the rating agencies business process becaming mis-aligned in the early 70s when they switched from the buyers paying for the ratings to the issuers/sellers paying for the ratings.

oh ... and I finger-fumbled the URL reference to IDC currently helping the gov. price the toxic assets ... and also having purchased S&Ps pricing services division in '72
http://www.garlic.com/~lynn/2009.html#31
and some other IDC archeology
http://www.garlic.com/~lynn/2009.html#21

some number of post from last spring mentioning the Wharton article
http://www.garlic.com/~lynn/2008g.html#32 independent appraisers
http://www.garlic.com/~lynn/2008g.html#44 Fixing finance
http://www.garlic.com/~lynn/2008g.html#66 independent appraisers
http://www.garlic.com/~lynn/aadsm28.htm#57 Who do we have to blame for the mortgage crisis in America?
http://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
http://www.garlic.com/~lynn/2008i.html#4 A Merit based system of reward -Does anybody (or any executive) really want to be judged on merit?
http://www.garlic.com/~lynn/2008i.html#67 Do you have other examples of how people evade taking resp. for risk
http://www.garlic.com/~lynn/2008k.html#71 Cormpany sponsored insurance
http://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
http://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Are reckless risks a natural fallout of "excessive" executive compensation ?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Are reckless risks a natural fallout of "excessive" executive compensation ?
Date: Jan 18, 2009
Blog: Compensation and Benefits
It possibly is more a case of mis-written compensation plans. There was a recent study of 270 public companies that redid their executive compensation plans to better align them with the business viability (after having various kinds of problems with executives attempting to manipulate things to enhance their compensation).

GAO has been doing database of restatements of public company financial reports (in spite of SOX). Basically the executives are fiddling the reports to enhance their compensation. Later the reports may be restated, but the compensation is not forfeited. One example, was in 2004, Freddie was fined $400m for $10b fiddling in their public financial statements and the CEO replaced ... but the tens (hundred?) of millions bonus wasn't forfeited.

Part of the issue is that there may be extreme downside to the business operation ... but it appears that the executives still believe that they (personally) can come out ahead.

The Fed's Too Easy on Wall Street
http://www.businessweek.com/stories/2008-03-19/the-feds-too-easy-on-wall-streetbusinessweek-business-news-stock-market-and-financial-advice

from above:
Here's a staggering figure to contemplate: New York City securities industry firms paid out a total of $137 billion in employee bonuses from 2002 to 2007, according to figures compiled by the New York State Office of the Comptroller. Let's break that down: Wall Street honchos earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6 billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and $33.2 billion in 2007.

... snip ...

some part of the $700B wallstreet bailout possibly goes to replenish the $137B sucked out of the infrastructure (as reward for their part in creating the current situation).

... recent update

Bailed-Out Banks Dole Out Bonuses; Goldman Sachs, CitiGroup, Others Mum on How They Are Using TARP Cash
http://abcnews.go.com/WN/Business/story?id=6498680&page=1

from above:
Goldman Sachs, which accepted $10 billion in government money, and lost $2.1 billion last quarter, announced Tuesday that it handed out $10.93 billion in benefits, bonuses, and compensation for the year.

... snip ...

How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
and Subprime = Triple-A ratings? or 'How to Lie with Statistics' (gone 404 but lives on at the wayback machine)
https://web.archive.org/web/20071111031315/http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/

other recent articles:

Computer Models and the Global Economic Crash
http://news.slashdot.org/article.pl?sid=08/12/16/2048235&tid=98
Axioms, downturns, and a global (computer?) crash
http://arstechnica.com/news.ars/post/20081215-axioms-downturns-and-a-global-computer-crash.html

Some number of the institutions buying triple-A rated toxic CDOs were playing long/short mismatch ... even tho that has been known for centuries to take down institutions. Comment was that Bear-Stearn and Lehman had marginal change surviving (playing long/short mismatch)
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
decade old article from the fed
http://www.frbsf.org/economic-research/publications/economic-letter/2000/september/short-term-international-borrowing-and-financial-fragility/

The recent washington post series about CDS ... basically talked about CDS being sold on instruments that were totally unrelated to the original business case risk analysis.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003431_pf.html

There was a study last year that claimed that the ratio of avg executive compensation to avg worker compensation had recently exploded to 400:1 after having been 20:1 for a long time ... and 10:1 in most of the rest of the world.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Is SUN going to become x86'ed ??

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Is SUN going to become x86'ed ??
Newsgroups: comp.sys.sun.hardware,alt.folklore.computers
Date: Sun, 18 Jan 2009 15:06:09 -0500
Elliott Roper <nospam@yrl.co.uk> writes:
Pah! Whippersnapper! In 1976 I was hacking the RSTS terminal driver at a place called EPT (Electric Power Transmission) (so they could drive a Calcomp 960 roller bed plotter) They were doing FE analysis to design towers, driving CNC machines remotely to drill and cut angle girders, and (on-topic) trying to solve the hamper packing problem to make the most efficient cuts in their stocks of steel angle. All on a pretty modest PDP11-45.

this is reference to somebody modified CP67 at MIT USL ... to drive what I believe was an "ascii" plotter over at harvard. I had done the changes to add TTY/ascii terminal support to cp67 as undergraduate in the 60s. In the changes I played some games with one byte arithmatic for buffer calculations. My memory was that the (MIT/USL) modifications increased the max tty length from 80 to something like 1200 (for the plotter device) ... but didn't catch the hack with one byte operations.
http://www.multicians.org/thvv/360-67.html

now as part of the original work (adding tty/ascii terminal support to the 2741 & 1052 support) ... i had tried to make the 2702 (mainframe) terminal controller that it couldn't quite do. this somewhat was behind the motivation for the univ. to start a clone controller project ... reverse engineering the mainframe channel interface to build a channel board for an (initially) Interdata/3 ... and programming the Interdata/3 to emulate 2702 (plus what I wanted it to do). Some past posts ... including reference to some article blaming four of us for the mainframe clone controller project
http://www.garlic.com/~lynn/subtopic.html#360pcm

note that clone/pcm controllers were then blamed for the motivation behind the future system project ... some past posts
http://www.garlic.com/~lynn/submain.html#futuresys

recent specific quote ... in thread about clones:
http://www.garlic.com/~lynn/2008s.html#17 IBM PC competitors

and then the distraction of the future system (which was going to replace all 360/370) suspended much of the activity on new 360/370 products ... which contributed to allowing 370 processor cloans to gain a foothold ... another old reference:
http://www.garlic.com/~lynn/2001f.html#33 IBM's "VM for the PC" c.1984??

and as mentioned in the "IBM PC competitors" post ... after future system project was killed, there was a mad rush to get new software and hardware items back into the 370 product pipeline.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Evil weather

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Evil weather
Newsgroups: alt.folklore.computers
Date: Sun, 18 Jan 2009 15:12:31 -0500
bbreynolds <bbreynolds@aol.com> writes:
I was never in DEC's "The Mill", but another computer manufacturer, Honeywell, had its 16-bit manufacturing line in another old mill, in Lowell MA. The floors there were heavily coated with polyurethane, and the assembly areas were very clean, with no sign of any of the nasties which /BAH has spoken about being part of the DEC environment.

an offspring had a summer job in the 90s as part of constructing class-10 clean room for AMD fab(??) in austin (my sister's husband was the local executive/manager for the clean room construction) ... past reference
http://www.garlic.com/~lynn/2006l.html#56 DEC's Hudson fab

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

F111 related discussion x-over from Facebook

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: F111 related discussion x-over from Facebook
Date: Jan 18, 2009
Blog: Disciples of Boyd's Strategy
following reposted from John Boyd FB group
http://www.facebook.com/pages/Colonel-John-Boyd/42009445151?ref=mf

....

I did recent post in "Concorde" group
http://www.facebook.com/pages/Concorde/7940669913?ref=s

in the thread about "Why stopped?" ... where I mentioned being one of the original BCS employees at Boeing for a short time. Part of the answer references the wiki boeing SST web page:
https://en.wikipedia.org/wiki/Boeing_2707

the SST wiki page also mentions the F-111. This is a plane that Boyd repeatedly paned ... one of the main items was the weight penalty to support the swing-wing mechanism ... more than offset any benefit of the swing-wing. The "weight" topic also comes up in some of the bios ... when he was head of light-weight fighter plane design ... he removed significant weight from both F15 & F18 designs ... and then did F16 (Boyd had tales of the organization behind the F15 viewed his F16 as competition and even attempted to have him thrown in Leavenworth for his F16 activity)

Aussie air zealot savages prêt-à-porter stealth fighter
http://www.theregister.co.uk/2009/01/16/f35_controversy_kopp_latest/

from above:
Pulse-bomb prophet fears Russian tech dominance

... snip ...

above really savages the f35 .... although it does go on to say they should just stick with their F111s.

I visited the National Electronics Museum yesterday (near BWI airport)
http://www.hem-usa.org/

and they had display about Australian program doing upgrades for F111s in 98.

For other info ... the F111 wiki page:
https://en.wikipedia.org/wiki/General_Dynamics_F-111

I assume that Australian reference to sticking with F111s that the airframe can be upgraded with latest electronics and missiles at substantially lower cost than replacing them with F35. The F111 wiki page mentions Australia scheduled to replace F111 in 2010 with F18s (interim to moving to F35?).

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: what was the idea behind Citigroup's splitting up into two different divisions? what does this do for citigroup?
Date: Jan 19, 2009
Blog: Equity Markets
Citigroup's Pandit Tries to Save the Little That's Left to Lose
http://www.bloomberg.com/apps/news?pid=20601087
http://www.bloomberg.com/apps/news?pid=20601087&sid=aN81uQ4nU4e8&refer=home
Bury The Legacy Of Sandy Weill...
http://www.forbes.com/opinions/2009/01/14/citigroup-weill-summers-oped-cx_rs_0114smith.html related PBS program ... that included looking how it was put together along with the repeal of Glass-Steagall
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
long-winded, decade old post that discussed some of the issues
http://www.garlic.com/~lynn/aepay3.htm#riskm

A year ago there was betting that citi was going to "win" the bank "write-down" sweepstakes (i.e. declare the largest losses). This refers to even after citi had won the "write-down" sweepstakes for assets on their books ... citi still had $1.1T of toxic assets carried off-balance.
http://www.forbes.com/2007/11/13/citigroup-suntrust-siv-ent-fin-cx_bh_1113hamiltonmatch.html
and
http://www.nakedcapitalism.com/2008/07/wither-citigroups-11-trillion-of-off.html?showComment=1216055460000

and would eventually have to come back on the balance sheet (and the associated losses declared).

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Banks' Demise: Why have the Governments hired the foxes to mend the chicken runs?

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Banks' Demise: Why have the Governments hired the foxes to mend the chicken runs?
Date: Jan 19, 2009
Blog: Equity Markets
Here is an article from last spring that estimated something like 1000 executives are responsible for 80% of the current mess and that it would go a long way to correcting the problem if the gov. could figure out how they loose their job.
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1933 (gone 404 and/or requires registration)

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

F111 related discussion x-over from Facebook

Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: F111 related discussion x-over from Facebook
Date: Jan 18, 2009
Blog: Disciples of Boyd's Strategy
re:
http://www.garlic.com/~lynn/2009.html#83 F111 related discussion x-over from Facebook

This mentions the Boeing effort for F16 flight simulator/trainer (that was targeted reuse for F18 & F35):

DARTS: A DOMAIN ARCHITECTURE FOR REUSE IN TRAINING SYSTEMS
http://www.crispen.org/Bob/darts.pdf

We were on the technical advisory board for the XTP protocol effort. It was a high-speed protocol that supported reliable transactions, reliable multicast, rate-based pacing, and some number of other advanced features.

Participants in the XTP protocol effort included people from the Boeing F16 flight simulator group, NSWC, NOSC, SAFENET, SPAWAR.

SAFENET lightweight protocol
http://www.ccii.co.za/products/xtp.html

An Ada Binding to the SAFENET Lightweight Application Services
http://www.sei.cmu.edu/pub/documents/93.reports/pdf/tr19.93.pdf

and from above:
It is assumed that the reader has a general understanding of distributed systems as well as the SAFENET standard [NGCR92a]. The specification of the xpress transfer protocol (XTP) [PE92] on which the SAFENET lightweight protocol is based, is not required. However, readers who are interested in underlying details may wish to consult the references contained in the SAFENET standard, particularly the specification for XTP [PE92]. It is important to note that the Ada binding is not to XTP per se. Rather, it is a binding to services for which XTP is the intended underlying protocol.

... snip ...

for some topic drift ... a lot of National Electronics Museum was taken up with military radar systems (going back to ww2)
http://www.hem-usa.org/

and more topic drift, reference XTP for use in fire control system (radar information distribution):

SSC San Diego Command History
http://www.spawar.navy.mil/sti/publications/pubs/td/2985/td2985.pdf

from above:
The radar processing, control, and interfacing to LANs and CIFF is accomplished by Versa Module EuroCard (VME) circuit cards collocated in the radar signal users and distribution signal converter CV--3989. With the incorporation of DRVDD modifications, it becomes an analog-to-digital converter/converter cabinet that already has connectivity to all radar sources. This joint use of the cabinet reduces cost for installation and ongoing logistic support. This part of the DRVDD is called the radar broadcast equipment (RBE) and consists of commercial off-the-shelf central processing unit and FDDI LAN boards. The FDDI LAN has specialized express transfer protocol (XTP) firmware and driver and specialized radar processing boards.

Crucial to the success of this program was the analysis, design, development, implementation, and testing of the four FDDI LANs. These networks consist of dual-attached, dual-homed, VME-based, fiber-distributed data interface network boards running XTP, transmission control protocol (TCP) over the Internet protocol (IP). To sustain the high data rates for the digitized radar and map server, it was necessary to interface four fiber optic networks to each console. The network team was led by Charles Suggs, Engineering, D4121. Technical team members were Harry Gold, Mark Zabriskie, Merle Neer, Jim Morrow, and Bob Laughlin. The card cage supporting the tactical data computer includes the corresponding FDDI LAN boards, a RSC, and a VME-to-VME bus bridge. The bridge connects the TDC' master VME backplane with a secondary slave VME backplane that supports radar data being transferred from the FDDI boards to the RSC. This approach assures the radar system does not affect other console VME bus access activities.


... snip ...

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Cleaning Up Spaghetti Code vs. Getting Rid of It

Refed: **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Cleaning Up Spaghetti Code vs. Getting Rid of It...
Date: Jan 19, 2009
Blog: Software Development
Spaghetti Code frequently starts from reasonably designed and coded implementation ... and then, over the years, fixes/features/functions are added on here and there ... w/o bothering to do a re-architecture/re-design ... just slightly tweaking here & there ... until the original is no longer recognizable.

Usually, it was never felt that any, single individual tweak justified a re-architecture/re-design/re-implementation ... until the accumulation of all the individual tweaks overwhelms the original implementation.

Over the past couple decades, there have been quite an astonishing number of failed re-engineering projects involving major legacy implementations from the 60s&70s. A frequent failure ... is that somewhere in the middle of the spaghetti there is fundamental sound design & implementation ... that is no longer discernible by the re-engineering effort (and the people responsible for the original are long gone). As a result of the magnitude of some of these re-engineering failures, the approach has come into disrepute.

A contributing factor is a number of multi-billion dollar re-engineering failures in the financial industry during the 90s. Basically, there are a lot of financial operations that started as batch implementations during the 60s & 70s. During the 70s, there started to appear "online" frontends to several of these implementations (frequently almost appearing as if it was a real-time transactions). However, the actual operation continued to be completed in the batch processed ... which were being moved to 3rd-shift/overnight operation.

With the increase in the amount of business and globalization in the late 80s and early 90s, there started to be extreme pressure being placed on the overnight batch window (more & more work needed to be done in shorter & shorter period of time). A re-engineering solution was straight-through processing ... actually run every transaction to completion ... even the parts that were currently being done in the overnight batch window.

Real-time, straight-through processing was going to offset its inefficiency (compared to the legacy batch implementations) with the use of large number of parallel "killer micros" supported by various object-oriented technologies. The issue was that the speeds&feeds of the object-oriented technologies typically represented one hundred times more overhead (compared to the batch legacy implementations), which totally swamped any anticipated throughput improvements (from using large number of "killer micros"). This was frequently compounded by lack of any speeds&feeds measurements and only discovered during scaling up initial deployments (at which point, the project would be declared a success and canceled).

For other drift ... post with regard to enabling technology during the 70s & 80s for online transactions:
http://www.garlic.com/~lynn/2008p.html#27 Father Of Financial Dataprocessing

and a few related references
http://www.garlic.com/~lynn/2008p.html#28 Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.garlic.com/~lynn/2008p.html#30 Automation is still not accepted to streamline the business processes... why organizations are not accepting newer technolgies?
http://www.garlic.com/~lynn/2008s.html#25 Web Security hasn't moved since 1995

Not necessarily spagetti code ... but x-over from (linkedin) Financial Crime Risk, Fraud and Security
http://www.garlic.com/~lynn/2009.html#45 Security experts identify 25 coding errors
http://www.garlic.com/~lynn/2009.html#49 The 25 Most Dangerous Programming Errors
http://www.garlic.com/~lynn/2009.html#60 The 25 Most Dangerous Programming Errors
http://www.garlic.com/~lynn/2009.html#65 The 25 Most Dangerous Programming Errors

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Slow down to go faster!

From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Slow down to go faster!
Date: Jan 19, 2009
Blog: Payment Systems Network
Slow down to go faster!
http://tickledbylife.com/index.php/slow-down-to-go-faster/

Boyd's OODA-loop paradigm (which is started to show up in some MBA programs) with emphasis iterating the loop faster than your competition. However, an issue in OODA-loop is "observe and orient" before "decide and act".

Frequently "faster" these days implies lots of distractions and inability to focus. That would defeat the "observe and orient" aspect of OODA-loop, something that is required before "decide and act".

It is necessary to focus (observe & orient) to be more efficient ... within the OODA-loop paradigm the scenario is to go as fast as possible while still being able to observe and orient.

lots of past posts & URLs from around the WEB mentioning Boyd & OODA-loops.
http://www.garlic.com/~lynn/subboyd.html

--
40+yrs virtualization experience (since Jan68), online at home since Mar70




previous, next, index - home