Security via hardware 537

re:

further addenda to evolution of software pricing and licensing of software to specific processor (installing licensed software so that it only ran on a specific processor ... and software being able to recognize the specific processor that it had been licensed for)

initially just applciation software was priced (and licensed for specifc processor) as part of the june 32rd, 1968 plus 1 unbundling announcement (note it might have been considered a violation of the unbundling requirement if there was no per processor licensing enforced ... aka customers still effectively being able to run software for free).

However, it took almost another ten years before there was kernel (operating system) pricing (& processor specific licensing). it appeared that the company was arguing that kernel software should continue to be free (required for correct operation of the hardware so remained "bundled")

when i was an undergraduate i got involved in building a clone of a mainframe control unit

later there was a write up blaming four of us for starting the mainframe plug compatable controller business.

supposedly the plug-compatible controller business was one of the primary motivations behind the future system project. FS was going to more radically different from 360, than 360 had been different from the machines that went before it. some specific quotes other postings on FS

FS was an extremely large project that was evnetually got end before it was even announced (very few people outside the company were even aware of it at the time). I didn't make myself very popular with the FS people. There was a long running "cult" film at a theater down in central sq ... and I would liken a lot of FS to the inmates being in charge of the asylum.

along the way, supposedly the radical departure of FS from 360 was contributing factor in Amdahl leaving to build 360 mainframe procssor clones. at a presentatio he gave at MIY in the early 70s, he was asked what reasoning did he use with the VC people to fund his undertaken. He replied that even if IBM were to completely walk away from 360 at that moment (can be considered a vieled referene to FS), customers had already invested over $100B in 360 application software, which would keep him in buiiness at least thru the end of the century.

When i was an undergraduate, i was also doing a lot of operating system performance and algorithm work, a lot of which was picked up and shipped in standard product http;--www.garlic.com-~lynn-subtopic.html#fairshare

in the morphing of 360 product to 370, a lot of the performance work i had done as an undergraduate was dropped from the product. In the mid-70s there was a resolution raised by the SHARE user group to have my performance work put back in the 370 operating systme.

This was at a time when clone mainframe was starting to make market penetration. In the original unbundling, the execuse was used that only application software should be licensed and charged for ... that kernel software should still be "free" (aka bundled as part of the hardware) since it was necessary for the operation of the computer.

With the advent of clone processors, the issue of not pricing and licensing kernel (operating system) software was revisted (aka customer could by their processors from clone manufactor and then get the operating system for free from IBM ... the clone guys did have to encour the significant expense buttociated with operating systems(.

My "new" resource manager was selected to be the guinee pig for licensed-priced kernel software. I got to spend time on and off for six months with the business people formulating the kernel software pricing policies. The half-way measure taken for this round was that "kernel" software that was direcxtly involved in hardware support (aka device drivers, interrupt handlers, multiprocessor support, etc) would still be free; everything else could be charged for. The "resource manager" supposedly was better management of workload ...... so it wasn't directly needed for the basic hardware operation. In theory, customers buying large Amdahl clone machines might start paying IBM for some kernel software stuff.

This did result in an unanticipated problem. I had done a lot of work on multiprocessor support and there was a large part of the "resource manager" that involved kernel restructure that had been done with multiprocessor support in mind. When they decided that they would ship multiprocessor support to customers in the next release .. they were faced with a dilemma.

Multiprocessing support had to be "free" (under the guidelines that kernel code directly involved in hardware support was free) ... but it was dependent on a lot of the kernel reorganization code that was already in customer shops as part of the resource manager (which was charged for kernel code), The solution was creation of "new" resource manager ... all the code (about 80-90 percent) of the resource manager that was involved in kernel restructuring required by SMP support ... was removed and made part of the "free" kernel. The new, improved and drastically reduced (in number of lines of code) resource manager continued to be licensed at its original price.

Along with the continued penetration of clone processors into the market ... there was eventually a transition to charge for all kernel software (whether it was required for direct hardware support or not)).

for slight "security" authentication topic drift ... there was lots of concern regarding any information leaking out about FS.

a super-secure online system was put together with all the documentation in soft copy ... people could only view the documentation on 3270 terminals (real terminals ... before terminal emulation, cut&paste, screen-scraping, etc) ... with no ability to print or copy the information. For various reasons they made some claim that even if I was in the machine room, even I wouldn't be able to break the security (even I?, hard not to rise to that bait). So the counter was that it would take less than a couple minutes. First thing i had to do was cut off the machine totally from any outside access ... and then i flipped a bit in the memory of the machine and totally defeated all their security. Typical authentication routine involves calling a routine that validates the authentication information and then branching based on the return code. I flipped a bit so that no matter what condition the validation routine returned ... everything would be treated as correct validation (it was a mistake to give me the benefit of being in the same room with the machine).

possibly as revenge, i got buttigned to help orientate the new company CSO that had come for some high level job at some gov. agency (at least in that period, CSOs coming to industry from a fed. gov. career had physical security background)