Re: Malware history was: Spectre & Meltdown

[Paul Koning via cctalk]

> On Jan 17, 2018, at 6:55 PM, Fred Cisin via cctalk  
> wrote:
> 
>>> I used to have a tiny portable manual card punch.
>>> An acquaintance used it to punch /* in the first two columns of his
>>> punchcard based utility bills.   (those characters have special meaning
>>> to 360 JCL.  They have multiple punches per column, so it required
>>> making a punch, then backspacing to make the other punch(es))
> 
> On Wed, 17 Jan 2018, Chuck Guzis via cctalk wrote:
>> /* = end of data set
>> /& = end of job
>> One wonders how a S/360 "C" compiler might deal with this. Preceding it
>> with a space might do the trick.
> 
> Yes, it would, but how would you get 100% compliance wiht no mistakes from 
> PROGRAMMERS?
> 
> A 360 s'posedly COULD be told to ignore, or to respond to something else, but 
> that wasn't usually available.

// DD DATA would ignore // in cols 1,2, but not /*.  I found // DD 
DATA,DLM='@@' -- not sure when that appeared.  I don't remember it from my 
OS/360 dabblings.

paul

Re: Malware history was: Spectre & Meltdown

[Fred Cisin via cctalk]

I used to have a tiny portable manual card punch.
An acquaintance used it to punch /* in the first two columns of his
punchcard based utility bills.   (those characters have special meaning
to 360 JCL.  They have multiple punches per column, so it required
making a punch, then backspacing to make the other punch(es))


On Wed, 17 Jan 2018, Chuck Guzis via cctalk wrote:

/* = end of data set
/& = end of job
One wonders how a S/360 "C" compiler might deal with this. Preceding it
with a space might do the trick.


Yes, it would, but how would you get 100% compliance wiht no mistakes from 
PROGRAMMERS?


A 360 s'posedly COULD be told to ignore, or to respond to something else, 
but that wasn't usually available.
Accordinglyly, when we needed to use a 360 to duplicate a deck that had 
JCL cards, we would turn the source/data deck upside down.  (hope that it 
didn't have '/' in column 80?)

Re: Malware history was: Spectre & Meltdown

[Chuck Guzis via cctalk]

On 01/17/2018 01:23 PM, Fred Cisin via cctalk wrote:
>> We might as well all contribute.
>> Back in college in 1969
> 
> I used to have a tiny portable manual card punch.
> An acquaintance used it to punch /* in the first two columns of his
> punchcard based utility bills.   (those characters have special meaning
> to 360 JCL.  They have multiple punches per column, so it required
> making a punch, then backspacing to make the other punch(es))

/* = end of data set
/& = end of job

One wonders how a S/360 "C" compiler might deal with this. Preceding it
with a space might do the trick.

--Chuck

Re: Malware history was: Spectre & Meltdown

[Fred Cisin via cctalk]

We might as well all contribute.
Back in college in 1969


I used to have a tiny portable manual card punch.
An acquaintance used it to punch /* in the first two columns of his 
punchcard based utility bills.   (those characters have special 
meaning to 360 JCL.  They have multiple punches per column, 
so it required making a punch, then backspacing to make the other 
punch(es))

Re: Malware history was: Spectre & Meltdown

[Richard Loken via cctalk]

On Tue, 16 Jan 2018, David C. Jenner via cctalk wrote:

This isn't malware, but back in 1962 when I was taking a college class in 
assembly language programming for the IBM 709, my innocence led to the 
following.


We might as well all contribute.

Back in college in 1969 we would submit our Fortran IV assignments on 
punched card of course.  One day I got back junk and discovered that it was 
not my card deck under the account ID card so I went through the pile of 
returned decks and printouts and found that another student had swiped my 
deck and put his name on top so I took back the deck and shuffled his deck 
well before returning his ID card to the top and resubmitting it.  I never

heard a thing about that episode but I sometimes wonder what his next
output looked like.

--
  Richard Loken VE6BSV: "...underneath those tuques we wear,
  Athabasca, Alberta Canada   : our heads are naked!"
  ** rllo...@telus.net ** :- Arthur Black

Re: Malware history was: Spectre & Meltdown

[Chuck Guzis via cctalk]

 On 1/16/18 4:27 PM, Sam O'nella via cctalk wrote:
> Enjoying the virus/malware history as its always interesting to see
> what people thought. Tricks, boredom, etc cause interesting results.
> For punch cards i thought someone was going to mention punching all
> the holes and jamming the reader. I'm not sure if thats real but heard
> some folks had to check their opcodes or it could potentially lead to
> that or flimsy card integrity if not.
> Did anyone here ever see animal or other shared system malware? Animal
> was just a nondestructive trojan (other than potential to take up disk
> space) but interesting that someone would run a program that appeared
> unexpected in their home folder.

Cards that were mostly holes were called "lace cards".  Not uncommon to
see one punched (and offset if the punch had the feature) to indicate
the start of a punched output file--usually showing the file name or job
ID in "see-thru" fashion.

High-speed punches generally could be very noisy when punching lace
cards (or column/row binary) and prone to errors as they heated up.  I'm
thinking of the CDC 415 punch as an example, but the 1402 could put out
quite a racket as well.

Never tried duping a lace card on an 029 or 514. It doubtless would have
been noisy as well.

--Chuck

Re: Malware history was: Spectre & Meltdown

[David C. Jenner via cctalk]

This isn't malware, but back in 1962 when I was taking a college class 
in assembly language programming for the IBM 709, my innocence led to 
the following.


Of course, I had, on the typewriter, for my high school years, always 
typed ' backspace . to get an exclamation point.  I did this in a 
comment in my first punched card submittal using an 026 keypunch.  The 
program was rejected, and I lost $0.25 from my lab fee.


So my first real computer program was a flaming failure.  Had to wait 
for the 029 to be emphatic in punching.


Dave

On 1/16/18 4:27 PM, Sam O'nella via cctalk wrote:

Enjoying the virus/malware history as its always interesting to see what people 
thought. Tricks, boredom, etc cause interesting results.
For punch cards i thought someone was going to mention punching all the holes 
and jamming the reader. I'm not sure if thats real but heard some folks had to 
check their opcodes or it could potentially lead to that or flimsy card 
integrity if not.
Did anyone here ever see animal or other shared system malware? Animal was just 
a nondestructive trojan (other than potential to take up disk space) but 
interesting that someone would run a program that appeared unexpected in their 
home folder.
 Original message 
(I'm unaware of any punch-card attacks, but trojans were possible when
people used prior subroutines)

Re: Malware history was: Spectre & Meltdown

[Charles Anthony via cctalk]

On Tue, Jan 16, 2018 at 4:27 PM, Sam O'nella via cctalk <
cctalk@classiccmp.org> wrote:

> Enjoying the virus/malware history as its always interesting to see what
> people thought. Tricks, boredom, etc cause interesting results.
> For punch cards i thought someone was going to mention punching all the
> holes and jamming the reader. I'm not sure if thats real but heard some
> folks had to check their opcodes or it could potentially lead to that or
> flimsy card integrity if not.
> Did anyone here ever see animal or other shared system malware? Animal was
> just a nondestructive trojan (other than potential to take up disk space)
> but interesting that someone would run a program that appeared unexpected
> in their home folder.
>  Original message 
> (I'm unaware of any punch-card attacks, but trojans were possible when
> people used prior subroutines)
>

For CDC 6000 SCOPE, the second card in the job deck was
'ACCOUNT,name,password' (or something like that; it was a long time ago).
In a corner of the keypunch room was a large card recycling bin right next
to a card sorter. One would set the card sorter to pull out cards that had
an 'A' in column one, and shovel cards out of the bin into card sorter and
end up with a tidy pile of user accounts and passwords, Or so I've heard.

-- Charles

Malware history was: Spectre & Meltdown

[Sam O'nella via cctalk]

Enjoying the virus/malware history as its always interesting to see what people 
thought. Tricks, boredom, etc cause interesting results.
For punch cards i thought someone was going to mention punching all the holes 
and jamming the reader. I'm not sure if thats real but heard some folks had to 
check their opcodes or it could potentially lead to that or flimsy card 
integrity if not. 
Did anyone here ever see animal or other shared system malware? Animal was just 
a nondestructive trojan (other than potential to take up disk space) but 
interesting that someone would run a program that appeared unexpected in their 
home folder.
 Original message 
(I'm unaware of any punch-card attacks, but trojans were possible when 
people used prior subroutines)

Re: Spectre & Meltdown

[Jon Elson via cctalk]

On 01/13/2018 06:38 PM, jim stephens via cctalk wrote:




And even worse, if he took too long, a fun feature of MVT 
and not corrected in MVS was if a console channel went 
unavailable for too long, the system would crash.  Luckily 
the game would print out a line, and a blob of console 
messages would come out then ask for another move.


Took 10 minutes to lose a game.

The system administrators regenerated the system to add 
privilege and authorization to jobs using WTOR which 
they'd missed.


We found other fun holes like that in MVT.

Yup, OS/360 had a number of holes wide enough to let 5 ocean 
liners through, abreast.  My favorite was the stock 
exception handler for the SPIE  (specify program 
interruption exit) allowed you to change a program from 
problem state to supervisor state.  Nobody ever thought 
anybody would ever abuse such a thing.


Jon

Re: Spectre & Meltdown

[Chuck Guzis via cctalk]

On 01/13/2018 05:40 PM, Chuck Guzis via cctalk wrote:

> All of this reminds me of a trick that I witnessed on a Model 40 running
> DOS/360.   Some guy wrote a chained CCW set with a TIC back to the
> beginning of the list of CCBs that rang the bell on the 1052 operator's
> console and locked the keyboard.   The din panicked at least one
> operator who pulled the "Emergency Stop" big red button.
> 

Typo--not "CCB" but "CCW".

--Chuck

Re: Spectre & Meltdown

[Chuck Guzis via cctalk]

On 1/13/2018 3:24 PM, Fred Cisin via cctalk wrote:
> (I'm unaware of any punch-card attacks, but trojans were possible when
> people used prior subroutines).
Depends on what you mean "attack".  CDC 6000 SCOPE had two PP programs
(which could be invoked via user control card).

One was "RPV"--reprieve job.   The purpose was to recover control after
a program error so that appropriate cleanup by the user could be
performed.   It was effective for *any* error, including operator
killing the job.

The other was "RSJ", reschedule job.  Usually, this was used when a
device or resource wasn't available--basically, it would put a job back
into the input queue and terminate the caller.

Unless, of course, the caller had included an RPV call also, in which
case it was something like the sorcerer's apprentice--you'd get *two*
copies of the job, which would then spawn 4 more copies, etc.  Operator
drop just exacerbated the situation, and eventually, the input queue
would be full of the malicious job and all available PPUs would be
allocated to doing nothing but RSJs and RPVs.

The only way out of the situation was to deadstart the system without
recovering the input queue.

After a couple of incidents of this, a memo came down from on high
saying that anyone attempting this gambit would be subject to discipline
and/or termination.   I think someone also did an EDITLIB and renamed
both RPV and RSJ and kept the new names on a "need to know" basis.

--

Another gambit I recall made use of a new I/O call in SCOPE 3.4, called
"Read List String".  Basically, the point of it was to streamline loader
(linkage editor) operation by presenting CIO and, by extension, the disk
stack processor overlay, 1SP with a list of disk addresses and lengths
to be read.   1SP would dutifully go through the list, advancing its
list pointer (so that the caller could keep track of progress).  It was
very effective and bypassed a lot of ancillary PP code.

Some enterprising fellow wondered what might happen, if his CP program
kept track of the READLS progress and kept backing the pointer up every
time it advanced.   Since 1SP attempted to complete an entire I/O
request before terminating, it never terminated and kept the disk busy
basically forever.

That one was fixed by checking the user's control point area for the
"DROP" flag--something that should have been done from the outset.

---

All of this reminds me of a trick that I witnessed on a Model 40 running
DOS/360.   Some guy wrote a chained CCW set with a TIC back to the
beginning of the list of CCBs that rang the bell on the 1052 operator's
console and locked the keyboard.   The din panicked at least one
operator who pulled the "Emergency Stop" big red button.

But then DOS/360 was easy to fool--it wasn't even much of a challenge.

Good times...

--Chuck

Re: Spectre & Meltdown

[Fred Cisin via cctalk]

Although reduction in sneaker-net has virtually eliminated boot-sector 
spread.

On Sun, 14 Jan 2018, Tapley, Mark wrote:


I never made that connection before! Glad you toed me.


There had already been some reduction.  The first PCs with a hard disk 
would always attempt to boot from floppy first.  Once it was possible to 
rearrange the boot sequence to try the hard disk first, we had a 
substantial reduction in boot sector virus incidents.


MOST boot sector virus infections on hard disks could be trivially solved 
by the [undocumented at that time] /MBR option of FDISK.COM



The "Alameda" Virus was first discovered [and thoroughly analyzed] in our 
("Merritt College") lab. 
(We had a good idea of who might have been the author)
One of the student workers at our sister college, "College Of Alameda", 
who was brother of a guy who wrote a book on the subject, asked nicely for 
naming rights.


A few years later, the administration informed me that they had waived the 
computer literacy requirement for a student transferring to Yale.  A few 
months later, Yale "discovered" it, and named it "Yale Virus".

Re: Spectre & Meltdown

[jim stephens via cctalk]

On 1/13/2018 3:24 PM, Fred Cisin via cctalk wrote:
(I'm unaware of any punch-card attacks, but trojans were possible when 
people used prior subroutines)
When I was using cards with our campus 360/50 MVT system and you could 
submit probably anything, a friend in EE (we were squatters in the CS 
area) had worked a summer job and had a really nice program they'd ran 
which now days would be called a text based football game.


All one had to do was stick a job card in front of a deck, and we 
submitted our own  jobs via a 2501 which was in the hall outside the 
computer room.  Users loaded and fed their own cards, so there was no 
restriction on when the job ran.


He decided to get a listing and figured if he stuck a job card in front 
if it and a couple of DD statements the job would blow up and he'd get a 
listing.


All of the I/O was with WTO and WTOR.  The operator that afternoon 
quickly discovered that WTOs were not disabled by the sysgen, and worse, 
there was only the single 1050 console, so the only way to get thru the 
job and get other things running was to play a game.


And even worse, if he took too long, a fun feature of MVT and not 
corrected in MVS was if a console channel went unavailable for too long, 
the system would crash.  Luckily the game would print out a line, and a 
blob of console messages would come out then ask for another move.


Took 10 minutes to lose a game.

The system administrators regenerated the system to add privilege and 
authorization to jobs using WTOR which they'd missed.


We found other fun holes like that in MVT.

When we were put over to a VS/1 system via TSO terminals, a console 
message monitor, and a password snarfing program was developed and ran 
quite a lot via remote access (system and terminals were in different 
cities).


That was all OS of course, and some of it was something that could be 
disabled by sysgen options.  The password snarfing was not.


thanks
Jim

Re: Spectre & Meltdown

[Tapley, Mark via cctalk]

On Jan 13, 2018, at 5:24 PM, Fred Cisin via cctalk  
wrote:

> Although reduction in sneaker-net has virtually eliminated boot-sector spread.

I never made that connection before! Glad you toed me.

Re: Spectre & Meltdown

[Fred Cisin via cctalk]

On Sat, 13 Jan 2018, Murray McCullough via cctalk wrote:

I wrote about Spectre and Meltdown recently: INTEL took its time to inform
the world! Did it inform the world back in earlier days about potential
flaws? Not to blame INTEL only: What about Zilog, etc.? Or did pre-Internet
era protect us computer-classic users? What about running emulation
software as I???ve been doing with ADAM?
Happy computing!


Few emulations are exact enough to duplicate all bugs.
Q: Should an emulator do an exact imitation, or should it work the way 
that it is s'posed to?   (behavior? or specs?)


Pre-internet protected against most web based malware.  But, there are 
instances of virus software ever since people exchanged files and disks.
(I'm unaware of any punch-card attacks, but trojans were possible when 
people used prior subroutines)
Most prevalent were boot-sector virus attacks and executable file virus 
attacks.  As software became too eager to help provide dancing kangaroos 
and yodelling jellyfish, harmful macros in "productivity software" macro 
capabilities also started to surface.


Internet made it much easier to acquire a trojan that would mess you up.
Although reduction in sneaker-net has virtually eliminated boot-sector 
spread.



How fast SHOULD the public response be?
If they become aware of that kind of flaw, and can delay public knowledge 
until they have patches, they significantly reduce the risk of actual 
instances of malware using the exploits.
Note: AFAIK, no examples of actual use of Spectre nor Meltdown have yet 
been encountered.
If Microsoft had been in less of a rush, would they still have shipped 
patches that gave a BSOD with AMD processors?


After public announcement, there ARE people actively working on developing 
malware using it.


Similarly, after the Michelangelo Virus media panic, one of the variants 
later encountered was a fairly obvious "wannabe" consisting of "Stoned" 
patched to behave like the publicized Michelangelo behavior.  The 
"thousands or millions of computers will be destroyed" was bogus.
(BTW, the name "Michelangelo" was based on looking at a calendar to see 
what was special about March 6.  If McAfee had had a Texas calendar, 
instead of a KQED (PBS) one, then it would have been named "Alamo")



Intel made some mistakes in handling the FDIV bug. First, they made the 
assumption that the bug would be amazingly rarely encountered due to their 
calculations of probability of randomly hitting "winning" combinations of 
numerator and denominator, but failed to allow for any of the "winning" 
numbers happening to be more commonly used.


THEN, they offered replacements to anybody who could PROVE that it 
actually affected their use of the machine.  A more appropriate response 
would have been, "We WILL replace all affected processors!  BUT, there 
aren't enough in stock right now to handle all immediately, so we will 
START by replacing those for all who can prove that they are affected, and 
then get to all others as we can manufacture more suitable replacements."
(Perhaps the majority of people would have already replaced their machine 
before their turn came around!  What is it? "a new machine every 18 
months"?)


Many of the general public had been led to believe that it would produce 
completely WRONG results, rather than the LOW ORDER bits of the mantissa 
being incorrect.  No, it was not capable of "causing the wrong amount of 
sales tax to be charged!"

Re: Spectre & Meltdown

[Warner Losh via cctalk]

On Jan 13, 2018 11:36 AM, "Paul Koning via cctalk" 
wrote:



> On Jan 13, 2018, at 1:22 PM, Dave Wade via cctalk 
wrote:
>
> ...
> It delayed telling the world to allow time for OS providers to apply
fixes. This is now standard and the delays are defined...
>
> http://abcnews.go.com/Technology/wireStory/intel-
fixing-security-vulnerability-chips-52122993
>
> but it looks like in this case it leaked early. Similar bugs affect ARM,
AMD and PowerPC but nothing from them either. IBM won't tell the world (it
will tell customers, but I am not a customer) if and how it affects Z.

There are two bugs that are largely unrelated other than the fact they both
start from speculative execution.  One is "Meltdown" which is specific to
Intel as far as is known.  The other is "Spectre" which is a pretty much
unavoidable side effect of the existence of speculative execution and
appears to apply to multiple architectures.  There may be variations; I
assume some designs have much shorter speculation pipelines than others and
if so would be less affected.

Meltdown has a software workaround (it could also be fixed in future chips
by changing how speculative loads work, to match what other companies
did).


Sorta. A 10% performance hit and tthe workaround is extensive. So it's
forcing everyone to eat a shit sandwich to work around it.

Spectre needs software fixes, possibly along with microcode changes (for
machines that have such a thing).  You're likely to hear more when the
fixes are available; it would not make sense to have much discussion before
then for the reason you mentioned at the top.


Spectre for Intel requires microcode changes and OS level changes to cope,
and changes to the compiler for retpoline support. The os guys need to talk
about their piece a lot, so it needs disclosure as well... it's a smaller
shit sandwich in terms of performance hit...

Warner

RE: Spectre & Meltdown

[Warner Losh via cctalk]

On Jan 13, 2018 11:22 AM, "Dave Wade via cctalk" <cctalk@classiccmp.org>
wrote:

> -Original Message-
> From: cctalk [mailto:cctalk-boun...@classiccmp.org] On Behalf Of Murray
> McCullough via cctalk
> Sent: 13 January 2018 18:09
> To: cctalk <cctalk@classiccmp.org>
> Subject: Spectre & Meltdown
>
> I wrote about Spectre and Meltdown recently: INTEL took its time to inform
> the world! Did it inform the world back in earlier days about potential
flaws?
> Not to blame INTEL only: What about Zilog, etc.? Or did pre-Internet era
> protect us computer-classic users? What about running emulation software
> as I’ve been doing with ADAM?

It delayed telling the world to allow time for OS providers to apply fixes.
This is now standard and the delays are defined...

http://abcnews.go.com/Technology/wireStory/intel-
fixing-security-vulnerability-chips-52122993


Linux, Windows and Mac got notified early November. FreeBSD just before
Christmas with no time to cope. All other BSDs and OpenSolaris found out on
release :(.

But this embargo was super long. Intel found out in June...

Warner


but it looks like in this case it leaked early. Similar bugs affect ARM,
AMD and PowerPC but nothing from them either. IBM won't tell the world (it
will tell customers, but I am not a customer) if and how it affects Z.


>
>
>
> Happy computing!
>
>
>
> Murray  J

Dave

Re: Spectre & Meltdown

[Paul Koning via cctalk]

> On Jan 13, 2018, at 1:22 PM, Dave Wade via cctalk  
> wrote:
> 
> ...
> It delayed telling the world to allow time for OS providers to apply fixes. 
> This is now standard and the delays are defined...
> 
> http://abcnews.go.com/Technology/wireStory/intel-fixing-security-vulnerability-chips-52122993
> 
> but it looks like in this case it leaked early. Similar bugs affect ARM, AMD 
> and PowerPC but nothing from them either. IBM won't tell the world (it will 
> tell customers, but I am not a customer) if and how it affects Z.

There are two bugs that are largely unrelated other than the fact they both 
start from speculative execution.  One is "Meltdown" which is specific to Intel 
as far as is known.  The other is "Spectre" which is a pretty much unavoidable 
side effect of the existence of speculative execution and appears to apply to 
multiple architectures.  There may be variations; I assume some designs have 
much shorter speculation pipelines than others and if so would be less affected.

Meltdown has a software workaround (it could also be fixed in future chips by 
changing how speculative loads work, to match what other companies did).  
Spectre needs software fixes, possibly along with microcode changes (for 
machines that have such a thing).  You're likely to hear more when the fixes 
are available; it would not make sense to have much discussion before then for 
the reason you mentioned at the top.

paul

Re: Spectre & Meltdown

[Paul Koning via cctalk]

> On Jan 13, 2018, at 1:08 PM, Murray McCullough via cctalk 
>  wrote:
> 
> I wrote about Spectre and Meltdown recently: INTEL took its time to inform
> the world! 

Of course, and for good reason.  The current practice has been carefully 
crafted by the consensus of security vulnerability workers.  That is: when a 
vulnerability is discovered, the responsible party is notified confidentially 
and given a reasonable amount of time to produce a fix before the issue is 
announced publicly.  There's a big incentive for that response to happen and 
typically it does.  If the issue is ignored, the announcement happens anyway 
along with public shaming of the part who didn't bother to respond.

With this approach, a fix can often be released concurrently with the 
disclosure of the issue, which dramatically reduces the oppportunity for 
criminals to take advantage of the problem.  This isn't a case of being nice to 
Intel; it's an attempt to benefit Intel's customers.

If you read the Meltdown and Spectre papers (by the researchers who discovered 
the problem, not the news rags reporting on it) you'll see this policy 
mentioned in passing.  

paul

RE: Spectre & Meltdown

[Dave Wade via cctalk]

> -Original Message-
> From: cctalk [mailto:cctalk-boun...@classiccmp.org] On Behalf Of Murray
> McCullough via cctalk
> Sent: 13 January 2018 18:09
> To: cctalk <cctalk@classiccmp.org>
> Subject: Spectre & Meltdown
> 
> I wrote about Spectre and Meltdown recently: INTEL took its time to inform
> the world! Did it inform the world back in earlier days about potential flaws?
> Not to blame INTEL only: What about Zilog, etc.? Or did pre-Internet era
> protect us computer-classic users? What about running emulation software
> as I’ve been doing with ADAM?

It delayed telling the world to allow time for OS providers to apply fixes. 
This is now standard and the delays are defined...

http://abcnews.go.com/Technology/wireStory/intel-fixing-security-vulnerability-chips-52122993

but it looks like in this case it leaked early. Similar bugs affect ARM, AMD 
and PowerPC but nothing from them either. IBM won't tell the world (it will 
tell customers, but I am not a customer) if and how it affects Z.


> 
> 
> 
> Happy computing!
> 
> 
> 
> Murray  J

Dave

RE: Spectre & Meltdown

[Ali via cctalk]

> I wrote about Spectre and Meltdown recently: INTEL took its time to
> inform the world! Did it inform the world back in earlier days about
> potential flaws? Not to blame INTEL only: What about Zilog, etc.? Or

Yes, of course it did. The famous Pentium FDIV bug comes immediately to mind. 
Of course pre-internet days and everything being online all the time security 
was a whole lot easier. If you could keep someone out of the building your data 
was secure. Now a day all it takes is a bad JS on a site to compromise you...

-Ali

Spectre & Meltdown

[Murray McCullough via cctalk]

I wrote about Spectre and Meltdown recently: INTEL took its time to inform
the world! Did it inform the world back in earlier days about potential
flaws? Not to blame INTEL only: What about Zilog, etc.? Or did pre-Internet
era protect us computer-classic users? What about running emulation
software as I’ve been doing with ADAM?



Happy computing!



Murray  J

Re: Spectre & Meltdown

[Chuck Guzis via cctalk]

On 01/06/2018 12:30 PM, Ken Seefried via cctalk wrote:

> The exploit effects the speculative execution facility, so no it's not
> "all P6 forward": nothing 32-bit or PAE, nothing just OOO, etc.  The
> current word I have (from my risk management folks, who got it from
> Intel) is the oldest chips verified to be affected are the Xeon 3400
> (server) and 2nd Gen Core (desktop) processors.  So, probably nothing
> later than 2009 or so.

Ken, I'm not sure I understand.  Do you mean nothing earlier than 2009
or so is affected?

--Chuck

Re: Spectre & Meltdown

[Ken Seefried via cctalk]

From: Murray McCullough 
>
>This may be off-topic but these latest uprocessor exploits has raised
>a question: Are the 'old/classic' uprocessors using x86 technology in
>the same boat?
>

The exploit effects the speculative execution facility, so no it's not
"all P6 forward": nothing 32-bit or PAE, nothing just OOO, etc.  The
current word I have (from my risk management folks, who got it from
Intel) is the oldest chips verified to be affected are the Xeon 3400
(server) and 2nd Gen Core (desktop) processors.  So, probably nothing
later than 2009 or so.

KJ

Re: Large discs (Was: Spectre & Meltdown

[Alexander Schreiber via cctalk]

On Thu, Jan 04, 2018 at 06:38:10PM -0800, Fred Cisin via cctalk wrote:
> On Thu, 4 Jan 2018, TeoZ wrote:
> >Hard drives NEVER keep up. Bragging about how many DVD's (90's technology)
> >you can store on current HD means little to people who have ultra HD
> >Blueray videos that take up to 100GB of space. Heck even a single game
> >download can be 50GB these days.
> 
> I'd be interested in hearing about opinions of the 100GB "M-disc".  I've
> heard that they have decent longevity, and, the "low" capacity ones are
> interchangeable with conventional DVDs.

I've recently turned to using 25 & 100 GB M-disc BD discs for archival
storage (mostly my digital camera image archive, so data that doesn't
change). One downside of the 100 GB ones: they forever to write (with
the defaults on growisofs, IIRC ~3h or so).
 
> I can still put 20 100GB DVDs (2017 technology) on a 2TB 2.5" Thin SATA.
> However, I'm also looking for multi-terabyte storage.
> Are higher capacity DVDs on their way?
> Howzbout multi-TearByte SSDs?

I wouldn't trust SSDs (or any flash based storage) for archival purposes,
those are strictly for online storage.

Kind regards,
   Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."  -- Thomas A. Edison

Re: Spectre & Meltdown

[James B DiGriz via cctalk]

On Fri, 5 Jan 2018 11:18:53 -0800
Rick Bensene via cctalk  wrote:

 Of course, update your OS as soon as updates are available,
> as patches (which will likely slow your system down) are forthcoming
> from Microsoft and various Linux trees. 
> 

You want to test those updates before you apply them to remote
production VM's. The latest CentOS 6.9 kernel update
(2.6.32-696.18.7.el6 64-bit, which addresses meltdown) is broken on at
least some Xen PV platforms and fails to boot. See
https://bugs.centos.org/view.php?id=14336. You can't even get into grub
from a remote console to select a working kernel. Well, you could set
"default x", in /etc/grub.conf, where x = working kernel, before you
update. Hindsight being 20/20.

jbdigriz

Re: R: Large discs (Was: Spectre & Meltdown

[Warner Losh via cctalk]

On Fri, Jan 5, 2018 at 1:13 PM, Fred Cisin via cctalk  wrote:

> On Fri, 5 Jan 2018, Mazzini Alessandro wrote:
>
>> I'm  not sure I would use SSD for long term "secure" storage, unless maybe
>> using enterprise level ones.
>> Consumer level SSD are, by specifics, guaranteed to retain data for 6
>> months
>>
>
The JEDEC spec for Consumer grade SSDs is 1 year unpowered at 30C at end of
life.
The JEDEC spec for Enterprise grade SSDs is 90 days, unpowered at 30C at
end of life.

As far as I've seen, all SATA and NVME drive vendors adhere to these specs
as a minimum, but there's also a new class of drive for 'cold storage'
which has high retention, but low endurance and longer data read times...


> if unpowered... any more time means being lucky. Would suck to save, store,
>> and after some years find the data mangled...
>>
>
> Yep!
> SSD would be very unsuitable for archiving.
>

Unworn (meaning only a few P/E cycles) SSDs made from MLC or SLC NAND have
data retention measured in the decade range. Stored at 0C, these would have
~300 year data retention since every 10C below the benchmark temperature
gives you 3x longer retention. Conversely, storing at 40C or 50C puts the
data at risk.

Worn (meaning near end of life) SSDs, especially those that have been
pushed past end of life, have issues.

But, it is a nice fast medium for short-term uses.
> AND, it MIGHT be the first to get a unit larger than 2TB that will fit in
> a thin 2.5" form factor.
> Probably better SHORT-TERM reliability than the Seagate 2TB thin SATA
> spinning rust.
>
>
> What is the archival life of a BDXL, other than M-disc?
> M-disc media is a bit expensive.
> It looks like an excellent medium for data collections a tenth the size of
> what I'm playing with.
>
>
> It seems that it is still necessary to maintain multiple copies
> (geographically separate - we had a 4.4 quake yesterday morning), on
> multiple different media, and make new copies on a regular basis.

Re: R: Large discs (Was: Spectre & Meltdown

[Fred Cisin via cctalk]

In cases where the source remains available, in case of problems, nothing 
can beat it for sneaker-net.  It does not contribute noticeably to the 
transfer speeds.



On Fri, 5 Jan 2018, Sam O'nella via cctalk wrote:
You're one of the first people I've heard quote that. Do you know where 
that is said? Years ago several friends and myself all picked up 64mb 
usb thumb drives so we could have multiple backups of a game and few 
other projects we were coding.  Maybe it was an extended period of time 
(we ended up switching to compatible removable drive bays) but 2 out of 
3 of us lost all the data on our thumb drives around the same time. 
I haven't heard may others share the concern but i wouldn't use ssd as a 
tech unless im forced to for that reason.



 Original message From: Mazzini Alessandro via cctalk  Date: 1/5/18  7:15 AM  (GMT-06:00) 
I'm  not sure I would use SSD for long term "secure" storage, unless maybe

using enterprise level ones.
Consumer level SSD are, by specifics, guaranteed to retain data for 6 months
if unpowered... any more time means being lucky. Would suck to save, store,
and after some years find (over snipped)

Re: R: Large discs (Was: Spectre & Meltdown

[Fred Cisin via cctalk]

On Fri, 5 Jan 2018, Mazzini Alessandro wrote:

I'm  not sure I would use SSD for long term "secure" storage, unless maybe
using enterprise level ones.
Consumer level SSD are, by specifics, guaranteed to retain data for 6 months
if unpowered... any more time means being lucky. Would suck to save, store,
and after some years find the data mangled...


Yep!
SSD would be very unsuitable for archiving.
But, it is a nice fast medium for short-term uses.
AND, it MIGHT be the first to get a unit larger than 2TB that will fit in 
a thin 2.5" form factor.
Probably better SHORT-TERM reliability than the Seagate 2TB thin SATA 
spinning rust.



What is the archival life of a BDXL, other than M-disc?
M-disc media is a bit expensive.
It looks like an excellent medium for data collections a tenth the size of 
what I'm playing with.



It seems that it is still necessary to maintain multiple copies 
(geographically separate - we had a 4.4 quake yesterday morning), on 
multiple different media, and make new copies on a regular basis.



--
Grumpy Ol' Fred ci...@xenosoft.com

RE: Re: Spectre & Meltdown

[Rick Bensene via cctalk]

Ed Sharpe wrote:
>what about  xenon processors??

Xenon?  You mean the processor jointly developed by Microsoft & IBM based on 
the PowerPC architecture, developed and used in the Xbox 360?

Or perhaps did you mean Xeon (note no N in the middle)?  There is a big 
difference.

Don't know if the Xenon is susceptible, but given that the problem is with the 
way VM works, it could be susceptible, but the code to exploit it would be 
completely different because of the PowerPC architecture.

Intel Xeon processors are marketed toward non-consumer computers such as 
servers and workstations.  All Xeon processors are susceptible because they all 
do speculative execution.

The solution to avoiding infection is not to use any web browser that has Java 
enabledat least for now.
Of course, get rid of Flash if you have it.  It could also be a vector, though 
that hasn't been proven.
Use no-script.
Better  yet, use a text-only browser that ignores all scripting of any kind.
Don't install /any/ software for any source for which you are not completely 
assured of safety  (good luck).
Get rid of any software on your machine that you are not 100% sure about, 
especially if it can automatically update itself.
If you have any third-party software that is set to auto-update, either turn 
the feature off, or only allow you to determine when updates are applied.
Of course, update your OS as soon as updates are available, as patches (which 
will likely slow your system down) are forthcoming from Microsoft and various 
Linux trees.
The best defense, however, is simply call your ISP and tell them you want your 
connection turned off. ;-)
It's getting really dangerous out there.

-Rick
---
Rick Bensene
The Old Calculator Museum
http://oldcalculatormuseum.com

Re: R: Large discs (Was: Spectre & Meltdown

[Sam O'nella via cctalk]

You're one of the first people I've heard quote that. Do you know where that is 
said? Years ago several friends and myself all picked up 64mb usb thumb drives 
so we could have multiple backups of a game and few other projects we were 
coding.  Maybe it was an extended period of time (we ended up switching to 
compatible removable drive bays) but 2 out of 3 of us lost all the data on our 
thumb drives around the same time. 
I haven't heard may others share the concern but i wouldn't use ssd as a tech 
unless im forced to for that reason.
 Original message From: Mazzini Alessandro via cctalk 
 Date: 1/5/18  7:15 AM  (GMT-06:00) 
I'm  not sure I would use SSD for long term "secure" storage, unless maybe
using enterprise level ones.
Consumer level SSD are, by specifics, guaranteed to retain data for 6 months
if unpowered... any more time means being lucky. Would suck to save, store,
and after some years find (over snipped)

Re: Spectre & Meltdown

[Jay Jaeger via cctalk]

A 6TB hard drive, available for about $130 (or less), would be
equivalent to about 60 of the 100GB BDXL disks, which seem to go for
about $6 each, so $360 for around 6TB.  And the hard disk will take less
time to read and write.  And the hard drive would take up less space.

JRJ

On 1/4/2018 7:50 PM, TeoZ via cctalk wrote:
> Hard drives NEVER keep up. Bragging about how many DVD's (90's
> technology) you can store on current HD means little to people who have
> ultra HD Blueray videos that take up to 100GB of space. Heck even a
> single game download can be 50GB these days.
> 
> And I wouldn't mind one of those old networked DVD changers (I think
> Sony sold them commercially) to play around with.
> 

R: Large discs (Was: Spectre & Meltdown

[Mazzini Alessandro via cctalk]

I'm  not sure I would use SSD for long term "secure" storage, unless maybe
using enterprise level ones.
Consumer level SSD are, by specifics, guaranteed to retain data for 6 months
if unpowered... any more time means being lucky. Would suck to save, store,
and after some years find the data mangled...

-Messaggio originale-
Da: cctalk [mailto:cctalk-boun...@classiccmp.org] Per conto di Fred Cisin
via cctalk
Inviato: venerdì 5 gennaio 2018 03:38
A: General Discussion: On-Topic and Off-Topic Posts
Oggetto: Large discs (Was: Spectre & Meltdown

On Thu, 4 Jan 2018, TeoZ wrote:
> Hard drives NEVER keep up. Bragging about how many DVD's (90's 
> technology) you can store on current HD means little to people who 
> have ultra HD Blueray videos that take up to 100GB of space. Heck even 
> a single game download can be 50GB these days.

I'd be interested in hearing about opinions of the 100GB "M-disc".  I've
heard that they have decent longevity, and, the "low" capacity ones are
interchangeable with conventional DVDs.

I can still put 20 100GB DVDs (2017 technology) on a 2TB 2.5" Thin SATA.
However, I'm also looking for multi-terabyte storage.
Are higher capacity DVDs on their way?
Howzbout multi-TearByte SSDs?


> And I wouldn't mind one of those old networked DVD changers (I think 
> Sony sold them commercially) to play around with.

I still want one of the ones that Kieth Hensen designed. Converting it from
CD to DVD would be completely TRIVIAL (finding DVD drives with suitable form
factors and loading options)

--
Grumpy Ol' Fred ci...@xenosoft.com




> I always wanted Keith Hensen's "Kubik"? CD changer.  Big "carousel 
> slide tray" full of 240?! CDs/DVDs, in a square box, with a drive in 
> each corner.  The drives were SCSI, and the load/unload/select control 
> was RS232. The big square boxes could be stacked, for a larger 
> collection, and there was a trivial mod to make the tray removable, so 
> that the top box could be swapped with as many trays as you had shelf
space for.
>
> 'course hard drives caught up, and I now have about a thousand DVDs in 
> MP4s on a shirt pocket HDD.  (including ALL of the Doctor Who's that 
> were released on DVD, Red Dwarf 1 - XII, Dark Matter, Torchwood, 
> Twilight Zone, Prisoner, Marx Brothers, Doc Martin, One Foot In The 
> Grave, etc.) The DVD images (V .MP4) take over 5TB.

Re: Large discs (Was: Spectre & Meltdown

[Eric Smith via cctalk]

On Jan 4, 2018 22:17, "TeoZ via cctalk"  wrote:

100GB M-Discs are dual layer BlueRay media correct (not readable on a DVD
player)? I actually have a BDXL BR burner.


They are three-layer, and will ONLY work on BDXL drives, not older BD
drives.

Re: Spectre & Meltdown

[Wayne Sudol via cctalk]

You forgot "Outer Limits". I put that show in the same category.




Wayne Sudol
Riverside PressEnterprise
A DigitalFirst Media Newspaper.


On Thu, Jan 4, 2018 at 3:53 PM, Fred Cisin via cctalk  wrote:

> On Thu, 4 Jan 2018, Chuck Guzis via cctalk wrote:
>
>> Funny,   I've been saying since the 1980s that it you have something
>> that's critical to your survival, keep it offline.
>> Until any of my PCs develop the ability to go to my storage cabinet and
>> fetch a DVD and load it into itself, I'm not sorried.
>>
>
> So, that Exabyte Tape/cartridge Silo might not be such a good idea.
>
> I always wanted Keith Hensen's "Kubik"? CD changer.  Big "carousel slide
> tray" full of 240?! CDs/DVDs, in a square box, with a drive in each
> corner.  The drives were SCSI, and the load/unload/select control was
> RS232. The big square boxes could be stacked, for a larger collection, and
> there was a trivial mod to make the tray removable, so that the top box
> could be swapped with as many trays as you had shelf space for.
>
> 'course hard drives caught up, and I now have about a thousand DVDs in
> MP4s on a shirt pocket HDD.  (including ALL of the Doctor Who's that were
> released on DVD, Red Dwarf 1 - XII, Dark Matter, Torchwood, Twilight Zone,
> Prisoner, Marx Brothers, Doc Martin, One Foot In The Grave, etc.) The DVD
> images (V .MP4) take over 5TB.
>

Re: Large discs (Was: Spectre & Meltdown

[dwight via cctalk]

For other reasons, I was just at costco and bought a 500Gig solid state for 
$150. It is about the size of a postcard ( only square ).

It is USB though, so loading that much may take a while.

Dwight



From: cctalk <cctalk-boun...@classiccmp.org> on behalf of TeoZ via cctalk 
<cctalk@classiccmp.org>
Sent: Thursday, January 4, 2018 9:16:43 PM
To: Fred Cisin; General Discussion: On-Topic and Off-Topic Posts
Subject: Re: Large discs (Was: Spectre & Meltdown

100GB M-Discs are dual layer BlueRay media correct (not readable on a DVD
player)? I actually have a BDXL BR burner. I also have the M-Disc capable
DVD burners but never tried that media on them.

-Original Message-
From: Fred Cisin via cctalk
Sent: Thursday, January 04, 2018 9:38 PM
To: General Discussion: On-Topic and Off-Topic Posts
Subject: Large discs (Was: Spectre & Meltdown

On Thu, 4 Jan 2018, TeoZ wrote:
> Hard drives NEVER keep up. Bragging about how many DVD's (90's technology)
> you can store on current HD means little to people who have ultra HD
> Blueray videos that take up to 100GB of space. Heck even a single game
> download can be 50GB these days.

I'd be interested in hearing about opinions of the 100GB "M-disc".  I've
heard that they have decent longevity, and, the "low" capacity ones are
interchangeable with conventional DVDs.



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Large discs (Was: Spectre & Meltdown

[TeoZ via cctalk]

100GB M-Discs are dual layer BlueRay media correct (not readable on a DVD 
player)? I actually have a BDXL BR burner. I also have the M-Disc capable 
DVD burners but never tried that media on them.


-Original Message- 
From: Fred Cisin via cctalk

Sent: Thursday, January 04, 2018 9:38 PM
To: General Discussion: On-Topic and Off-Topic Posts
Subject: Large discs (Was: Spectre & Meltdown

On Thu, 4 Jan 2018, TeoZ wrote:
Hard drives NEVER keep up. Bragging about how many DVD's (90's technology) 
you can store on current HD means little to people who have ultra HD 
Blueray videos that take up to 100GB of space. Heck even a single game 
download can be 50GB these days.


I'd be interested in hearing about opinions of the 100GB "M-disc".  I've
heard that they have decent longevity, and, the "low" capacity ones are
interchangeable with conventional DVDs.



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Spectre & Meltdown

[Jon Elson via cctalk]

On 01/04/2018 12:00 PM, Murray McCullough via cctalk wrote:

This may be off-topic but these latest uprocessor exploits has raised
a question: Are the 'old/classic' uprocessors using x86 technology in
the same boat? The very earliest ones, i.e., 1970s and early 80's.
probably not. How many are actually in use and/or on the Net?


No, these did not have a translation lookaside buffer or 
memory management.

In fact, they mostly all ran in real mode, no protection.

Jon

Re: Spectre & Meltdown

[Chuck Guzis via cctalk]

On 01/04/2018 05:50 PM, TeoZ via cctalk wrote:
> Hard drives NEVER keep up. Bragging about how many DVD's (90's
> technology) you can store on current HD means little to people who have
> ultra HD Blueray videos that take up to 100GB of space. Heck even a
> single game download can be 50GB these days.

In my case, it's mostly a matter of the following:

What can't I afford to lose?   This falls into the following general ares:

1.  Customer data (kept offline anyway, as it can be sensitive)
2.  Code I have written and would be hard put to reconstruct.
3.  Documentation that would be difficult to find again.
4.  Emails.
5.  Business records

The rest I can afford to lose and could be duplicated if needed.

This model has served me well for at least 40 years.

--Chuck

Re: Large discs (Was: Spectre & Meltdown

[Alexandre Souza via cctalk]

Files grew up in size, in an unbelieable scale.

I follow the tips of my friends: Buy new HDs and use old ones for 
storage. I have a 5TB (expensive) external 3 1/2 HD on my home server, 
and some 1TB HDs used as backups. If you count capacity, cheaper than 
DVDs-DL or BDs.


Em 05/01/2018 00:38, Fred Cisin via cctalk escreveu:

On Thu, 4 Jan 2018, TeoZ wrote:
Hard drives NEVER keep up. Bragging about how many DVD's (90's 
technology) you can store on current HD means little to people who 
have ultra HD Blueray videos that take up to 100GB of space. Heck even 
a single game download can be 50GB these days.


I'd be interested in hearing about opinions of the 100GB "M-disc".  I've 
heard that they have decent longevity, and, the "low" capacity ones are 
interchangeable with conventional DVDs.


I can still put 20 100GB DVDs (2017 technology) on a 2TB 2.5" Thin SATA.
However, I'm also looking for multi-terabyte storage.
Are higher capacity DVDs on their way?
Howzbout multi-TearByte SSDs?


And I wouldn't mind one of those old networked DVD changers (I think 
Sony sold them commercially) to play around with.


I still want one of the ones that Kieth Hensen designed. Converting it 
from CD to DVD would be completely TRIVIAL (finding DVD drives with 
suitable form factors and loading options)


--
Grumpy Ol' Fred ci...@xenosoft.com





I always wanted Keith Hensen's "Kubik"? CD changer.  Big "carousel slide
tray" full of 240?! CDs/DVDs, in a square box, with a drive in each
corner.  The drives were SCSI, and the load/unload/select control was
RS232. The big square boxes could be stacked, for a larger collection, 
and

there was a trivial mod to make the tray removable, so that the top box
could be swapped with as many trays as you had shelf space for.

'course hard drives caught up, and I now have about a thousand DVDs in
MP4s on a shirt pocket HDD.  (including ALL of the Doctor Who's that were
released on DVD, Red Dwarf 1 - XII, Dark Matter, Torchwood, Twilight 
Zone,

Prisoner, Marx Brothers, Doc Martin, One Foot In The Grave, etc.) The DVD
images (V .MP4) take over 5TB.

Large discs (Was: Spectre & Meltdown

[Fred Cisin via cctalk]

On Thu, 4 Jan 2018, TeoZ wrote:
Hard drives NEVER keep up. Bragging about how many DVD's (90's technology) 
you can store on current HD means little to people who have ultra HD Blueray 
videos that take up to 100GB of space. Heck even a single game download can 
be 50GB these days.


I'd be interested in hearing about opinions of the 100GB "M-disc".  I've 
heard that they have decent longevity, and, the "low" capacity ones are 
interchangeable with conventional DVDs.


I can still put 20 100GB DVDs (2017 technology) on a 2TB 2.5" Thin SATA.
However, I'm also looking for multi-terabyte storage.
Are higher capacity DVDs on their way?
Howzbout multi-TearByte SSDs?


And I wouldn't mind one of those old networked DVD changers (I think Sony 
sold them commercially) to play around with.


I still want one of the ones that Kieth Hensen designed. Converting it 
from CD to DVD would be completely TRIVIAL (finding DVD drives with 
suitable form factors and loading options)


--
Grumpy Ol' Fred ci...@xenosoft.com





I always wanted Keith Hensen's "Kubik"? CD changer.  Big "carousel slide
tray" full of 240?! CDs/DVDs, in a square box, with a drive in each
corner.  The drives were SCSI, and the load/unload/select control was
RS232. The big square boxes could be stacked, for a larger collection, and
there was a trivial mod to make the tray removable, so that the top box
could be swapped with as many trays as you had shelf space for.

'course hard drives caught up, and I now have about a thousand DVDs in
MP4s on a shirt pocket HDD.  (including ALL of the Doctor Who's that were
released on DVD, Red Dwarf 1 - XII, Dark Matter, Torchwood, Twilight Zone,
Prisoner, Marx Brothers, Doc Martin, One Foot In The Grave, etc.) The DVD
images (V .MP4) take over 5TB.

Re: Spectre & Meltdown

[TeoZ via cctalk]

Hard drives NEVER keep up. Bragging about how many DVD's (90's technology) 
you can store on current HD means little to people who have ultra HD Blueray 
videos that take up to 100GB of space. Heck even a single game download can 
be 50GB these days.


And I wouldn't mind one of those old networked DVD changers (I think Sony 
sold them commercially) to play around with.


-Original Message- 
From: Fred Cisin via cctalk

Sent: Thursday, January 04, 2018 6:53 PM
To: General Discussion: On-Topic and Off-Topic Posts
Subject: Re: Spectre & Meltdown

On Thu, 4 Jan 2018, Chuck Guzis via cctalk wrote:

Funny,   I've been saying since the 1980s that it you have something
that's critical to your survival, keep it offline.
Until any of my PCs develop the ability to go to my storage cabinet and
fetch a DVD and load it into itself, I'm not sorried.


So, that Exabyte Tape/cartridge Silo might not be such a good idea.

I always wanted Keith Hensen's "Kubik"? CD changer.  Big "carousel slide
tray" full of 240?! CDs/DVDs, in a square box, with a drive in each
corner.  The drives were SCSI, and the load/unload/select control was
RS232. The big square boxes could be stacked, for a larger collection, and
there was a trivial mod to make the tray removable, so that the top box
could be swapped with as many trays as you had shelf space for.

'course hard drives caught up, and I now have about a thousand DVDs in
MP4s on a shirt pocket HDD.  (including ALL of the Doctor Who's that were
released on DVD, Red Dwarf 1 - XII, Dark Matter, Torchwood, Twilight Zone,
Prisoner, Marx Brothers, Doc Martin, One Foot In The Grave, etc.) The DVD
images (V .MP4) take over 5TB. 



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

OT: MP4s (Was: Spectre & Meltdown

[Fred Cisin via cctalk]

On Thu, 4 Jan 2018, Wayne Sudol wrote:

You forgot "Outer Limits". I put that show in the same category.


I'll be adding the Original Series later this month.
I haven't made a decision about the revival.


I use a Seagate GoFlex-TV; 2TB is the largest thin 2.5" SATA currently 
available.  also in the "bay" of my Lenovo laptops.  Currently, the 
cheapest source is to buy it as a USB3 external, and strip off the case, 
and then put some of them in computers, and others into Seagate GoFlex 
cases (just a shell around a SATA)



--
Grumpy Ol' Fred ci...@xenosoft.com

Re: Spectre & Meltdown

[Fred Cisin via cctalk]

On Thu, 4 Jan 2018, Chuck Guzis via cctalk wrote:

Funny,   I've been saying since the 1980s that it you have something
that's critical to your survival, keep it offline.
Until any of my PCs develop the ability to go to my storage cabinet and
fetch a DVD and load it into itself, I'm not sorried.


So, that Exabyte Tape/cartridge Silo might not be such a good idea.

I always wanted Keith Hensen's "Kubik"? CD changer.  Big "carousel slide 
tray" full of 240?! CDs/DVDs, in a square box, with a drive in each 
corner.  The drives were SCSI, and the load/unload/select control was 
RS232. The big square boxes could be stacked, for a larger collection, and 
there was a trivial mod to make the tray removable, so that the top box 
could be swapped with as many trays as you had shelf space for.


'course hard drives caught up, and I now have about a thousand DVDs in 
MP4s on a shirt pocket HDD.  (including ALL of the Doctor Who's that were 
released on DVD, Red Dwarf 1 - XII, Dark Matter, Torchwood, Twilight Zone, 
Prisoner, Marx Brothers, Doc Martin, One Foot In The Grave, etc.) The DVD 
images (V .MP4) take over 5TB.

RE: Spectre & Meltdown

[Ali via cctalk]

> Funny,   I've been saying since the 1980s that it you have something
> that's critical to your survival, keep it offline.


Here here! I hope this is a wakeup call to all the people out there with all 
the unnecessary connected "lives". Forget all the social media BS but also the 
cloud storage, streaming everything (and not really having control of anything 
you "own"), IoT, and of course software as a service. As I understand it the 
exploits only work if run on the machine locally - which can occur if you run a 
malicious JavaScript through your browser So if you don't have to go on the 
internet just to run your email program to check your mail you (i.e. webmail or 
outlook online vs. POP/IMAP access) then you are more secure...

I've gone out of my way to make sure I buy only equipment that I can connect to 
directly and is not dependent on some ephemeral cloud service whenever humanly 
possible. It may be less convenient or more technical but at the end it is 
always more secure (well not always but you get the idea).

-Ali

Re: Spectre & Meltdown

[Chuck Guzis via cctalk]

On 01/04/2018 01:08 PM, Sophie Haskins via cctalk wrote:

> It's kind of fascinating to run in to a cross-platform vulnerability
> like this! Is anyone else aware of similar vulnerabilities from
> history that also affected multiple processors, but relied on their
> implementation details?

Funny,   I've been saying since the 1980s that it you have something
that's critical to your survival, keep it offline.

Until any of my PCs develop the ability to go to my storage cabinet and
fetch a DVD and load it into itself, I'm not sorried.

--Chuck

Re: Re: Spectre & Meltdown

[Sophie Haskins via cctalk]

I misspoke - Spectre potentially affects all processors that use
*pipelining and speculative execution*, not just superscalar ones (I
mis-parsed "all modern processors capable of keeping many instructions
in flight").

There's been ongoing patches to the Linux kernel for Meltdown (and for
other OSes, though we can't read their mailing lists). For Spectre,
though, it seems like solutions might take longer to distribute.

It's kind of fascinating to run in to a cross-platform vulnerability
like this! Is anyone else aware of similar vulnerabilities from
history that also affected multiple processors, but relied on their
implementation details?

On Thu, Jan 4, 2018 at 4:03 PM, Ed Sharpe <couryho...@aol.com> wrote:
> http://www.zdnet.com/article/intel-starts-issuing-patches-for-meltdown-spectre-vulnerabilities/?loc=newsletter_large_thumb_related=TREc64629f=46856739
>
> this  just  hit  my email box. Ed#
>
> In a message dated 1/4/2018 1:54:43 PM US Mountain Standard Time,
> cctalk@classiccmp.org writes:
>
> From the exploit homepage (https://spectreattack.com/) , it seems like the
> Meltdown vulnerability affects all out-of-order executing Intel *branded*
> CPUs (from the P6 onward), and the Spectre vulnerability potentially
> impacts all superscalar processors of...all brands potentially :(
>
> Sophie
>
> On Thu, Jan 4, 2018 at 3:44 PM, jim stephens via cctalk <
> cctalk@classiccmp.org> wrote:
>
>>
>>
>> On 1/4/2018 12:34 PM, Ed Sharpe via cctalk wrote:
>>
>>> what about xenon processors??
>>> ed#
>>> In a message dated 1/4/2018 1:18:14 PM US Mountain Standard Time,
>>> cctalk@classiccmp.org writes:
>>>
>>>
>>>
>> There is no difference between them and any other intel x86 or x64
>> processor as far as the flaw involved.
>>
>> Though they are not mentioning it, I suspect one can target P3 and P4
>> equally well with the exploit. It has been around that long.
>> thanks
>> Jim
>>
>>
>>> - Original Message -
>>> From: "Warner Losh via cctalk" <cctalk@classiccmp.org>
>>> To: "Murray McCullough" <c.murray.mccullo...@gmail.com>; "General
>>> Discussion: On-Topic and Off-Topic Posts" <cctalk@classiccmp.org>
>>> Sent: Thursday, January 04, 2018 1:05 PM
>>> Subject: Re: Spectre & Meltdown
>>>
>>>
>>> On Thu, Jan 4, 2018 at 11:00 AM, Murray McCullough via cctalk <
>>>> cctalk@classiccmp.org> wrote:
>>>>
>>>> This may be off-topic but these latest uprocessor exploits has raised
>>>>> a question: Are the 'old/classic' uprocessors using x86 technology in
>>>>> the same boat? The very earliest ones, i.e., 1970s and early 80's.
>>>>> probably not. How many are actually in use and/or on the Net?
>>>>>
>>>>> I've seen it reported, but haven't verified, that this bug extends
>>>> about 20
>>>> years back in the past to the Pentium Pro/Pentium II class of machines.
>>>> If
>>>> I read that correctly, there's only two generations of Pentium not
>>>> affected, the P54C and P55C, the former of F00F fame... 386 and 486 CPUs
>>>> apparently aren't affected since they didn't have speculative execution.
>>>> The 8088/8086/80186/80286 presumably are also immune... If you extend
>>>> things further back, CP/M on Z80/8080 is also fine, but I don't think
>>>> those
>>>> are properly x86 :)
>>>>
>>>> Warner
>>>>
>>> 
>>> Finally, an excuse to use all those old 486 boxes...
>>>
>>> m
>>>
>>>
>>>
>>

Re: Re: Spectre & Meltdown

[Ed Sharpe via cctalk]

http://www.zdnet.com/article/intel-starts-issuing-patches-for-meltdown-spectre-vulnerabilities/?loc=newsletter_large_thumb_related=TREc64629f=46856739
 
this  just  hit  my email box. Ed#
 
In a message dated 1/4/2018 1:54:43 PM US Mountain Standard Time, 
cctalk@classiccmp.org writes:

 
 From the exploit homepage (https://spectreattack.com/) , it seems like the
Meltdown vulnerability affects all out-of-order executing Intel *branded*
CPUs (from the P6 onward), and the Spectre vulnerability potentially
impacts all superscalar processors of...all brands potentially :(

Sophie

On Thu, Jan 4, 2018 at 3:44 PM, jim stephens via cctalk <
cctalk@classiccmp.org> wrote:

>
>
> On 1/4/2018 12:34 PM, Ed Sharpe via cctalk wrote:
>
>> what about xenon processors??
>> ed#
>> In a message dated 1/4/2018 1:18:14 PM US Mountain Standard Time,
>> cctalk@classiccmp.org writes:
>>
>>
>>
> There is no difference between them and any other intel x86 or x64
> processor as far as the flaw involved.
>
> Though they are not mentioning it, I suspect one can target P3 and P4
> equally well with the exploit. It has been around that long.
> thanks
> Jim
>
>
>> - Original Message -
>> From: "Warner Losh via cctalk" <cctalk@classiccmp.org>
>> To: "Murray McCullough" <c.murray.mccullo...@gmail.com>; "General
>> Discussion: On-Topic and Off-Topic Posts" <cctalk@classiccmp.org>
>> Sent: Thursday, January 04, 2018 1:05 PM
>> Subject: Re: Spectre & Meltdown
>>
>>
>> On Thu, Jan 4, 2018 at 11:00 AM, Murray McCullough via cctalk <
>>> cctalk@classiccmp.org> wrote:
>>>
>>> This may be off-topic but these latest uprocessor exploits has raised
>>>> a question: Are the 'old/classic' uprocessors using x86 technology in
>>>> the same boat? The very earliest ones, i.e., 1970s and early 80's.
>>>> probably not. How many are actually in use and/or on the Net?
>>>>
>>>> I've seen it reported, but haven't verified, that this bug extends
>>> about 20
>>> years back in the past to the Pentium Pro/Pentium II class of machines.
>>> If
>>> I read that correctly, there's only two generations of Pentium not
>>> affected, the P54C and P55C, the former of F00F fame... 386 and 486 CPUs
>>> apparently aren't affected since they didn't have speculative execution.
>>> The 8088/8086/80186/80286 presumably are also immune... If you extend
>>> things further back, CP/M on Z80/8080 is also fine, but I don't think
>>> those
>>> are properly x86 :)
>>>
>>> Warner
>>>
>> 
>> Finally, an excuse to use all those old 486 boxes...
>>
>> m
>>
>>
>>
>

Re: Spectre & Meltdown

[Sophie Haskins via cctalk]

>From the exploit homepage (https://spectreattack.com/) , it seems like the
Meltdown vulnerability affects all out-of-order executing Intel *branded*
CPUs (from the P6 onward), and the Spectre vulnerability potentially
impacts all superscalar processors of...all brands potentially :(

Sophie

On Thu, Jan 4, 2018 at 3:44 PM, jim stephens via cctalk <
cctalk@classiccmp.org> wrote:

>
>
> On 1/4/2018 12:34 PM, Ed Sharpe via cctalk wrote:
>
>> what about  xenon processors??
>> ed#
>>   In a message dated 1/4/2018 1:18:14 PM US Mountain Standard Time,
>> cctalk@classiccmp.org writes:
>>
>>
>>
> There is no difference between them and any other intel x86 or x64
> processor as far as the flaw involved.
>
> Though they are not mentioning it, I suspect one can target P3 and P4
> equally well with the exploit.  It has been around that long.
> thanks
> Jim
>
>
>> - Original Message -
>> From: "Warner Losh via cctalk" <cctalk@classiccmp.org>
>> To: "Murray McCullough" <c.murray.mccullo...@gmail.com>; "General
>> Discussion: On-Topic and Off-Topic Posts" <cctalk@classiccmp.org>
>> Sent: Thursday, January 04, 2018 1:05 PM
>> Subject: Re: Spectre & Meltdown
>>
>>
>> On Thu, Jan 4, 2018 at 11:00 AM, Murray McCullough via cctalk <
>>> cctalk@classiccmp.org> wrote:
>>>
>>> This may be off-topic but these latest uprocessor exploits has raised
>>>> a question: Are the 'old/classic' uprocessors using x86 technology in
>>>> the same boat? The very earliest ones, i.e., 1970s and early 80's.
>>>> probably not. How many are actually in use and/or on the Net?
>>>>
>>>> I've seen it reported, but haven't verified, that this bug extends
>>> about 20
>>> years back in the past to the Pentium Pro/Pentium II class of machines.
>>> If
>>> I read that correctly, there's only two generations of Pentium not
>>> affected, the P54C and P55C, the former of F00F fame... 386 and 486 CPUs
>>> apparently aren't affected since they didn't have speculative execution.
>>> The 8088/8086/80186/80286 presumably are also immune... If you extend
>>> things further back, CP/M on Z80/8080 is also fine, but I don't think
>>> those
>>> are properly x86 :)
>>>
>>> Warner
>>>
>> 
>> Finally, an excuse to use all those old 486 boxes...
>>
>> m
>>
>>
>>
>

Re: Spectre & Meltdown

[jim stephens via cctalk]

On 1/4/2018 12:34 PM, Ed Sharpe via cctalk wrote:

what about  xenon processors??
ed#
  
In a message dated 1/4/2018 1:18:14 PM US Mountain Standard Time, cctalk@classiccmp.org writes:


  
There is no difference between them and any other intel x86 or x64 
processor as far as the flaw involved.


Though they are not mentioning it, I suspect one can target P3 and P4 
equally well with the exploit.  It has been around that long.

thanks
Jim


- Original Message -
From: "Warner Losh via cctalk" <cctalk@classiccmp.org>
To: "Murray McCullough" <c.murray.mccullo...@gmail.com>; "General Discussion: On-Topic and 
Off-Topic Posts" <cctalk@classiccmp.org>
Sent: Thursday, January 04, 2018 1:05 PM
Subject: Re: Spectre & Meltdown



On Thu, Jan 4, 2018 at 11:00 AM, Murray McCullough via cctalk <
cctalk@classiccmp.org> wrote:


This may be off-topic but these latest uprocessor exploits has raised
a question: Are the 'old/classic' uprocessors using x86 technology in
the same boat? The very earliest ones, i.e., 1970s and early 80's.
probably not. How many are actually in use and/or on the Net?


I've seen it reported, but haven't verified, that this bug extends about 20
years back in the past to the Pentium Pro/Pentium II class of machines. If
I read that correctly, there's only two generations of Pentium not
affected, the P54C and P55C, the former of F00F fame... 386 and 486 CPUs
apparently aren't affected since they didn't have speculative execution.
The 8088/8086/80186/80286 presumably are also immune... If you extend
things further back, CP/M on Z80/8080 is also fine, but I don't think those
are properly x86 :)

Warner


Finally, an excuse to use all those old 486 boxes...

m

Re: Re: Spectre & Meltdown

[Ed Sharpe via cctalk]

what about  xenon processors??
ed#
 
In a message dated 1/4/2018 1:18:14 PM US Mountain Standard Time, 
cctalk@classiccmp.org writes:

 

- Original Message - 
From: "Warner Losh via cctalk" <cctalk@classiccmp.org>
To: "Murray McCullough" <c.murray.mccullo...@gmail.com>; "General Discussion: 
On-Topic and Off-Topic Posts" <cctalk@classiccmp.org>
Sent: Thursday, January 04, 2018 1:05 PM
Subject: Re: Spectre & Meltdown


> On Thu, Jan 4, 2018 at 11:00 AM, Murray McCullough via cctalk <
> cctalk@classiccmp.org> wrote:
> 
>> This may be off-topic but these latest uprocessor exploits has raised
>> a question: Are the 'old/classic' uprocessors using x86 technology in
>> the same boat? The very earliest ones, i.e., 1970s and early 80's.
>> probably not. How many are actually in use and/or on the Net?
>>
> 
> I've seen it reported, but haven't verified, that this bug extends about 20
> years back in the past to the Pentium Pro/Pentium II class of machines. If
> I read that correctly, there's only two generations of Pentium not
> affected, the P54C and P55C, the former of F00F fame... 386 and 486 CPUs
> apparently aren't affected since they didn't have speculative execution.
> The 8088/8086/80186/80286 presumably are also immune... If you extend
> things further back, CP/M on Z80/8080 is also fine, but I don't think those
> are properly x86 :)
> 
> Warner

Finally, an excuse to use all those old 486 boxes...

m

Re: Spectre & Meltdown

[Mike Stein via cctalk]

- Original Message - 
From: "Warner Losh via cctalk" <cctalk@classiccmp.org>
To: "Murray McCullough" <c.murray.mccullo...@gmail.com>; "General Discussion: 
On-Topic and Off-Topic Posts" <cctalk@classiccmp.org>
Sent: Thursday, January 04, 2018 1:05 PM
Subject: Re: Spectre & Meltdown


> On Thu, Jan 4, 2018 at 11:00 AM, Murray McCullough via cctalk <
> cctalk@classiccmp.org> wrote:
> 
>> This may be off-topic but these latest uprocessor exploits has raised
>> a question: Are the 'old/classic' uprocessors using x86 technology in
>> the same boat? The very earliest ones, i.e., 1970s and early 80's.
>> probably not. How many are actually in use and/or on the Net?
>>
> 
> I've seen it reported, but haven't verified, that this bug extends about 20
> years back in the past to the Pentium Pro/Pentium II class of machines. If
> I read that correctly, there's only two generations of Pentium not
> affected, the P54C and P55C, the former of F00F fame... 386 and 486 CPUs
> apparently aren't affected since they didn't have speculative execution.
> The 8088/8086/80186/80286 presumably are also immune... If you extend
> things further back, CP/M on Z80/8080 is also fine, but I don't think those
> are properly x86 :)
> 
> Warner

Finally, an excuse to use all those old 486 boxes...

m

Re: Spectre & Meltdown

[Warner Losh via cctalk]

On Thu, Jan 4, 2018 at 11:00 AM, Murray McCullough via cctalk <
cctalk@classiccmp.org> wrote:

> This may be off-topic but these latest uprocessor exploits has raised
> a question: Are the 'old/classic' uprocessors using x86 technology in
> the same boat? The very earliest ones, i.e., 1970s and early 80's.
> probably not. How many are actually in use and/or on the Net?
>

I've seen it reported, but haven't verified, that this bug extends about 20
years back in the past to the Pentium Pro/Pentium II class of machines. If
I read that correctly, there's only two generations of Pentium not
affected, the P54C and P55C, the former of F00F fame... 386 and 486 CPUs
apparently aren't affected since they didn't have speculative execution.
The 8088/8086/80186/80286 presumably are also immune... If you extend
things further back, CP/M on Z80/8080 is also fine, but I don't think those
are properly x86 :)

Warner

Spectre & Meltdown

[Murray McCullough via cctalk]

This may be off-topic but these latest uprocessor exploits has raised
a question: Are the 'old/classic' uprocessors using x86 technology in
the same boat? The very earliest ones, i.e., 1970s and early 80's.
probably not. How many are actually in use and/or on the Net?

Happy computing!

Murray  :)