charl...@mcn.org (Charles Mills) writes: > Frankly, in the beginnings of computing, including in DOS and OS/360, > there was often an assumption that all users -- at least all "real" > (TSO and development, as opposed to CICS or application) users -- were > trusted. There was a lot of your gun, your bullet, your foot. The > assumption was that the threat of dismissal was a sufficient limit on > misbehavior.
well there is this ... going back around 50yrs http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml cambridge science center ... http://www.garlic.com/~lynn/subtopic.html#545tech was running its cp/67 service, allowing both other IBM locations to use it as well as non-employees (students, professors, etc) from universities (mit, harvard, bu) in cambridge area. science center had also ported apl\360 to cp67/cms for cms\apl ... expanding workspace size (from typical 16kbytes) to virtual memory size (required redoing apl storage management for virtual memory demand paged environment) and adding APIs to system facilities (like file read/write) ... significantly enabling real-world applications. One of the remote internal users was business planners at Armonk hdqtrs who loaded the most valuable corporate assets on the cambridge system for doing business modeling in cms\apl (and it was expected that all such information was protected from non-authorized users ... including students around the boston/cambridge area using the system. note before 370 virtual memory was announced ... a document somehow leaked to an industry publication ... which resulted in something like a "pentagon papers" event for the corporation. For the Future System project, they attempted a countermeasure with a significantly enhanced vm370 system where all FS documents were softcopy and could only be read from specially connected 3270 terminals (no file copy, printing, etc, before ibm/pc and things like screen scraping). some FS refs http://www.garlic.com/~lynn/submain.html#futuresys For the initial morph of CP67 to VM370, they simplified and/or dropped a bunch of features. During the FS period I continued to work on 360/370 stuff (even when 370 efforts were being shutdown) and would even periodically ridicule the FS efforts. Some old email about eventually getting around to migrating from CP67 to VM370 http://www.garlic.com/~lynn/2006v.html#email731212 http://www.garlic.com/~lynn/2006w.html#email750102 http://www.garlic.com/~lynn/2006w.html#email750430 I had some weekend test time at datacenter with one of these FS "secure" vm370 systems. I was in Friday afternoon to make sure everything was setup for my use. They couldn't resist claiming that their system was so secure that even if I was left alone in the machine room all weekend, I wouldn't be able to do anything. So one of the few times I took the bait. I asked them to disable all access from outside the machine room, and then from the front panel I changed one byte in storage ... which disabled all security measures. I suggested if they were serious, they had to secure/protect all machine facilities (including front panel). trivia: during the FS period, 370 efforts were being shutdown (lack of 370 offerings during the FS period is credited with giving clone processor makers market foothold). Then when FS finally implodes, there is mad rush to get products back into the 370 pipeline ... including kicking of quick&dirty efforts for 3033 and 3081. some refs: http://www.jfsowa.com/computer/memo125.htm this also contributes to decision for picking up various bits&pieces (from CSC/VM mentioned in above email) for release to customers. -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN