Re: Security via hardware?
lynn_at_garlic.com
Date: 05/02/05
- Next message: David H. Lipman: "Re: Security Research Questionnaire"
- Previous message: Michael Pelletier: "Re: "Trusted Computing" SCAM?"
- In reply to: Anne & Lynn Wheeler: "Re: Security via hardware?"
- Next in thread: lynn_at_garlic.com: "Re: Security via hardware?"
- Reply: lynn_at_garlic.com: "Re: Security via hardware?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 2 May 2005 06:06:08 -0700
re:
http://www.garlic.com/~lynn/2005g.html#51 Security via hardware?
further addenda to evolution of software pricing and licensing of
software to specific processor (installing licensed software so that
it only ran on a specific processor ... and software being able to
recognize the specific processor that it had been licensed for)
initially just applciation software was priced (and licensed for
specifc processor) as part of the june 32rd, 1969 unbundling
announcement (note it might have been considered a violation of the
unbundling requirement if there was no per processor licensing
enforced ... aka customers still effectively being able to run
software for free).
However, it took almost another ten years before there was kernel
(operating system) pricing (& processor specific licensing). it
appeared that the company was arguing that kernel software should
continue to be free (required for correct operation of the hardware
so remained "bundled")
when i was an undergraduate i got involved in building a clone
of a mainframe control unit
http://www.garlic.com/~lynn/subtopic.html#360pcm
later there was a write up blaming four of us for starting the
mainframe plug compatable controller business.
supposedly the plug-compatible controller business was one of the
primary motivations behind the future system project. FS was going
to more radically different from 360, than 360 had been different
from the machines that went before it. some specific quotes
http://www.garlic.com/~lynn/2000f.html#16 FS - IBM Future System
other postings on FS
http://www.garlic.com/~lynn/subtopic.html#futuresys
FS was an extremely large project that was evnetually got killed
before it was even announced (very few people outside the company were
even aware of it at the time). I didn't make myself very popular
with the FS people. There was a long running "cult" film at a
theater down in central sq ... and I would liken a lot of FS to
the inmates being in charge of the asylum.
along the way, supposedly the radical departure of FS from 360 was
contributing factor in Amdahl leaving to build 360 mainframe procssor
clones. at a presentatio he gave at MIY in the early 70s, he was asked
what reasoning did he use with the VC people to fund his undertaken.
He replied that even if IBM were to completely walk away from 360 at
that moment (can be considered a vieled referene to FS), customers had
already invested over $100B in 360 application software, which would
keep him in buiiness at least thru the end of the century.
When i was an undergraduate, i was also doing a lot of operating
system performance and algorithm work, a lot of which was picked
up and shipped in standard product
http;//www.garlic.com/~lynn/subtopic.html#fairshare
http://www.garlic.com/~lynn/subtopic.html#wsclock
in the morphing of 360 product to 370, a lot of the performance work i
had done as an undergraduate was dropped from the product. In the
mid-70s there was a resolution raised by the SHARE user group to have
my performance work put back in the 370 operating systme.
This was at a time when clone mainframe was starting to make market
penetration. In the original unbundling, the execuse was used that
only application software should be licensed and charged for ... that
kernel software should still be "free" (aka bundled as part of the
hardware) since it was necessary for the operation of the computer.
With the advent of clone processors, the issue of not pricing and
licensing kernel (operating system) software was revisted (aka
customer could by their processors from clone manufactor and then get
the operating system for free from IBM ... the clone guys did have to
encour the significant expense associated with operating systems(.
My "new" resource manager was selected to be the guinee pig for
licensed/priced kernel software. I got to spend time on and off for
six months with the business people formulating the kernel software
pricing policies. The half-way measure taken for this round was that
"kernel" software that was direcxtly involved in hardware support (aka
device drivers, interrupt handlers, multiprocessor support, etc) would
still be free; everything else could be charged for. The "resource
manager" supposedly was better management of workload ...... so it
wasn't directly needed for the basic hardware operation. In theory,
customers buying large Amdahl clone machines might start paying IBM
for some kernel software stuff.
This did result in an unanticipated problem. I had done a lot of work
on multiprocessor support and there was a large part of the "resource
manager" that involved kernel restructure that had been done with
multiprocessor support in mind. When they decided that they would
ship multiprocessor support to customers in the next release
http://www.garlic.com/~lynn/subtopic.html#smp
.. they were faced with a dilemma.
Multiprocessing support had to be "free" (under the guidelines that
kernel code directly involved in hardware support was free) ... but it
was dependent on a lot of the kernel reorganization code that was
already in customer shops as part of the resource manager (which was
charged for kernel code), The solution was creation of "new" resource
manager ... all the code (about 80-90 percent) of the resource manager
that was involved in kernel restructuring required by SMP support
... was removed and made part of the "free" kernel. The new, improved
and drastically reduced (in number of lines of code) resource manager
continued to be licensed at its original price.
Along with the continued penetration of clone processors into the
market ... there was eventually a transition to charge for all kernel
software (whether it was required for direct hardware support or
not)).
for slight "security" authentication topic drift ... there was lots of
concern regarding any information leaking out about FS.
http://www.garlic.com/~lynn/subtopic.html#futuresys
a super-secure online system was put together with all the
documentation in soft copy ... people could only view the
documentation on 3270 terminals (real terminals ... before terminal
emulation, cut&paste, screen-scraping, etc) ... with no ability to
print or copy the information. For various reasons they made some
claim that even if I was in the machine room, even I wouldn't be able
to break the security (even I?, hard not to rise to that bait). So the
counter was that it would take less than a couple minutes. First thing
i had to do was cut off the machine totally from any outside access
... and then i flipped a bit in the memory of the machine and totally
defeated all their security. Typical authentication routine involves
calling a routine that validates the authentication information and
then branching based on the return code. I flipped a bit so that no
matter what condition the validation routine returned ... everything
would be treated as correct validation (it was a mistake to give me
the benefit of being in the same room with the machine).
possibly as revenge, i got assigned to help orientate the new
company CSO that had come for some high level job at some gov.
agency (at least in that period, CSOs coming to industry from
a fed. gov. career had physical security background)
- Next message: David H. Lipman: "Re: Security Research Questionnaire"
- Previous message: Michael Pelletier: "Re: "Trusted Computing" SCAM?"
- In reply to: Anne & Lynn Wheeler: "Re: Security via hardware?"
- Next in thread: lynn_at_garlic.com: "Re: Security via hardware?"
- Reply: lynn_at_garlic.com: "Re: Security via hardware?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
