[email protected] (Paul Gilmartin) writes: > I see the history differently. This is conjectural, but I believe > that UNIX had at least the user/group/others file protection facility > at a time when OS/360 had only the primitive data set passwords. I > recall, perhaps at MVS 3.8, systems programmers still relying on > passwords to control access to the master catalog or the resident > volume. (Where I was, the res pack password was the system ID spelled > backwards.) MVS bypassed the concept of resource ownership and went > directly to the ACL-like RACF.
I was working on IBM's HA/CMP cluster scaleup both technical/scientific (with national labs) and commercial (with RDBMS vendors) ... reference to JAN1992 meeting in Ellison's conference room http://www.garlic.com/~lynn/95.html#13 within a couple weeks, cluster scaleup is transferred, announced as IBM supercomputer (for technical & scientific only) and we were told we couldn't work on anything with more than four processors. some old email http://www.garlic.com/~lynn/lhwemail.html#medusa later, two of the oracle people in the ellison meeting have left and are at a small client/server startup responsible for something called the "commerce server". I'm brought in as consultant because they want to do payment transactions on the server. The startup had also invented this technology called "SSL" they wanted to use, the result is now frequently called "electronic commerce". I have complete authority over the webservers to payment networks gateway (but could only make recommendations on the client/server side, some of which were almost immediately violated, which continue to account for some number of exploits to this day). I have to do a whole lot of process documentation and compensating procedures for availability, dark room operation, and diagnostic processses (payment network call centers were use to doing 5min 1st level problem determination; 1st pilot electronic commerce service call was closed after 3hrs of effort with "no trouble found"). Part of the issue is lots of UNIX is oriented towards interacting with human ... with frequent implication that any problem is resolved by the responsible human. I contrasted this (for darkroom operation) that mainframe has long history of software where there is assumption that responsible person isn't present and therefor lots of processes grew up over decades to handle issues automagically. Disclaimer: while out marketing for IBM's HA/CMP, I coined the term "disaster survivability" and "geographic survivability" (to differentiate from disaster/recovery). I was then asked to write a section for the corporate continuous availability strategy document. However, the section got removed when both Rochester (as/400) and POK (mainframe) complained they couldn't meet the requirements. past availability posts http://www.garlic.com/~lynn/submain.html#available Later at the 1996 Moscone MDC, all the banners said "Internet" but the constant refrain in all the sessions was "preserve your investment". The issue was that they had single user dedicated systems that had history of business applications with executable scripts embedded in application data, that were automagically executed ... in purely stand-alone environment or small, safe, isolated business LANs. This was being extended to the wide anarchy of the internet with no additional security measures. trivia: I had worked with Jim Gray at IBM san jose research on various things including the original SQL/RDBMS, System/R. some past posts http://www.garlic.com/~lynn/submain.html#systemr When he left IBM, he palms off some number of things on me, including consulting for the IMS group. During 1996 Moscone MDC, he is head of the new SanFran research center and has open house. Then last decade, before he disappears, he cons me into interviewing for chief security architect in redmond. The interview drags on for a couple weeks, but we could never agree on what needed to be done. MVS trivia: in the 60s, there was lots of work on CP67 for 7x24 dark room operation. This was in period when IBM rented machines and charges were based on system meter that ran whenever the processor and/or any channel was active (everything had to be idle for at least 400ms before meter stopped). Initial deployments had little offshift & weekend use, but to encourage use, the systems had to be always available, even when totally idle. Part of minimize costs there was lots of work on channel programs that would allow channel to go idle (and system meter stop), but be immediately available for arriving characters. Long after IBM was selling machines, MVS still had a 400ms timer event that guaranteed the system meter would never stop. also CP67 from that period ... gone 404, but lives on at wayback machine. http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml authentication triva: Former head of POK and later head of Boca was CEO at a Kerberos software company that we were doing some joint projects. At the time, they also had contract to do the intitial Kerberos implementation for m'soft (what becomes active directory) https://msdn.microsoft.com/en-us/library/bb742424.aspx unix folklore: note that some of the CTSS people had gone to 5th flr to do Multics and others went to the science center on the 4th flr and did cp/40, cp/67, internal network, bunch of online stuff, lots of performance monitoring and modeling, also invented GML in 1969 (morphs into ISO standard SGML a decade later and after another decade morphs into HTML). Folklore is that some of the Multics Bell Lab people, returned home and did UNIX (as simplified Multics). past posts mentioning 545 tech sq. http://www.garlic.com/~lynn/subtopic.html#545tech When I was undergraduate and cp67 was installed at the univ., I completely rewrote a lot of the code. Something like 15-20yrs later, I found some code in unix that was similar to cp67 code I had completely replaced, conjecture was it traced common heritage back to CTSS. https://en.wikipedia.org/wiki/Compatible_Time-Sharing_System https://en.wikipedia.org/wiki/Multics https://en.wikipedia.org/wiki/Multics#Unix -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
