of zXXP was Re: zIIP simulation
If, on the other hand, you're asking IBM (and other vendors) to spend some of
their precious engineering talents and efforts on new price discrimination
features specifically for monitoring, does that really make sense? Let's
suppose for sake of argument that such new
IBM has done some recent work improving SMF efficiency, for example via SMF
exploitation of the new zEnterprise Data Compression (zEDC) feature. If you
have moderate to heavy SMF activity then I would advise taking a close look
at the zEDC feature. (There are other reasons to consider zEDC, too.)
On 11/04/13 19:00, Ed Jaffe wrote:
On 11/4/2013 9:23 AM, Russ Teubner wrote:
I don't think customers mind using (and paying for) high-value MIPS
for high-value apps. However, everything else (e.g., integration and
plumbing) should be run on specialty engines (within the bounds of
IBM's
Farley, Peter x23353 wrote:
PMFJI here Ed, but PSPI and DMTI aren't acronyms that I recognize.
Translations please?
Peter
Product-Sensitive Programming Interface (The underlying software can change and
this interface can change or disappear.)
Diagnosis, Modification and Tuning
In 2048766999.1432321.1383584199930.javamail.r...@comcast.net, on
11/04/2013
at 04:56 PM, DASDBILL2 dasdbi...@comcast.net said:
SRBs can do I/O. They can't do SVC instructions, however. You
can start an I/O request without an SVC if you use the STARTIO
macro, which requires your code's
In 8610219510148556.wa.paulgboulderaim@listserv.ua.edu, on
11/04/2013
at 06:00 PM, Paul Gilmartin paulgboul...@aim.com said:
Is it GUPI?
No, but STARTIO is also not bare metal.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see
a flag bit that
means I/O is finished.
Bill Fairchild
Franklin, TN
- Original Message -
From: Shmuel Metz (Seymour J.) shmuel+ibm-m...@patriot.net
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Tuesday, November 5, 2013 9:39:34 AM
Subject: Re: Security exposure of zXXP was Re: zIIP
3:04:01 PM
Subject: Re: Security exposure of zXXP was Re: zIIP simulation
In 8610219510148556.wa.paulgboulderaim@listserv.ua.edu, on
11/04/2013
at 06:00 PM, Paul Gilmartin paulgboul...@aim.com said:
Is it GUPI?
No, but STARTIO is also not bare metal.
--
Shmuel (Seymour J
FWIW, the UNIX services for file I/O are callable in SRB mode. But if
you are in SRB mode you own the world in any case.
Tony H.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
Ed Jaffe wrote:
Agreed. For example, it would be good if monitors such a RMF and
others did not use costly machine cycles.
Leaving aside costly machine cycles (compared to what?), it would be
technically impossible, wouldn't it? It's at least very technically
difficult to monitor something
In
cae1xxdfgcowtd10wjbnrrp9rkikxca3uxqijgud49ffawqj...@mail.gmail.com,
on 11/03/2013
at 02:42 PM, John Gilmore jwgli...@gmail.com said:
I will limit myself to noting that 1) an SRB cannot attach a subtask
It can, however, create and schedule an IRB, which in turn can attach
a subtask.
--
On Sun, 3 Nov 2013 16:15:56 -0800 Jon Perryman jperr...@pacbell.net wrote:
:I think Itschak is saying that SRB's can't do I/O, therefore they can't write
files to embed a virus or read confidential data. I think he's under the
impression that SRB's can't get access to everything they desire.
Sent: Monday, November 04, 2013 7:01 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Security exposure of zXXP was Re: zIIP simulation
On Sun, 3 Nov 2013 16:15:56 -0800 Jon Perryman jperr...@pacbell.net wrote:
:I think Itschak is saying that SRB's can't do I/O, therefore they can't
write files
It is worth recalling Mr Perryman's name for this thread, viz.,
Security exposure of zXXP.
His riposte---It is not responsive---to my last post employs a
rhetorical device that was familiar to the Alexandrian Greeks.
In answer to my contention that position 1457 and position 1458 in a
Kama
On 4 Nov 2013 06:30:46 -0800, in bit.listserv.ibm-main you wrote:
It is worth recalling Mr Perryman's name for this thread, viz.,
Security exposure of zXXP.
His riposte---It is not responsive---to my last post employs a
rhetorical device that was familiar to the Alexandrian Greeks.
In answer
zAAP's are indeed used by Java code running on a TCB. However, to my
knowledge, it does not follow that: With zAAP on zIIP, they must be using
SRB's. IBM determines the rules in this regard.
To me (as both an ISV and System z developer), IBM allowing more code to run on
specialty engines is
What rhetoric? It's a fact that if any vendor other than IBM moved JAVA to
zIIP, it would have been done with SRB's and JAVA would run authorized. It's a
fact that IBM moved JAVA to zAAP because of $$ and customer demand. Why would
vendors be any different with that desire for their end user
On 11/4/2013 5:01 AM, Binyamin Dissen wrote:
SRB's certainly can do I/O - they just need to do it at the metal level.
I'm not sure I would call the venerable STARTIO interface the metal
level. It probably seems that way to most developers since it's so
poorly documented...
--
Edward E
On Mon, 4 Nov 2013 15:46:47 -0800, Ed Jaffe wrote:
On 11/4/2013 5:01 AM, Binyamin Dissen wrote:
SRB's certainly can do I/O - they just need to do it at the metal level.
I'm not sure I would call the venerable STARTIO interface the metal
level. It probably seems that way to most developers since
On 11/4/2013 9:23 AM, Russ Teubner wrote:
I don't think customers mind using (and paying for) high-value MIPS for high-value apps.
However, everything else (e.g., integration and plumbing) should be run on
specialty engines (within the bounds of IBM's rules).
Agreed. For example, it would be
On 11/4/2013 4:00 PM, Paul Gilmartin wrote:
On Mon, 4 Nov 2013 15:46:47 -0800, Ed Jaffe wrote:
I'm not sure I would call the venerable STARTIO interface the metal
level. It probably seems that way to most developers since it's so
poorly documented...
Is it GUPI? I understand that IBM had
: Security exposure of zXXP was Re: zIIP simulation
On 11/4/2013 4:00 PM, Paul Gilmartin wrote:
On Mon, 4 Nov 2013 15:46:47 -0800, Ed Jaffe wrote:
I'm not sure I would call the venerable STARTIO interface the metal
level. It probably seems that way to most developers since it's so
poorly
On 11/2/2013 7:34 PM, Peter Relson wrote:
SRBs are the same level of security exposure that APF-authorized tasks
are. So if an application is already APF-authorized, switching to
enclave SRBs is not intrinsically more of a security exposure than
already existed. It is true that SRBs are more
I suspect we need an SRB that is non-authorized and can never get into an
authorized state. I hate giving auditors information with which they can abuse
us but this probably needs to be discussed. By making zIIP so cheap, IBM and
customers are strongly encouraging us to offload as much work as
I could almost wish that Mr. Perryman's conjectures were correct.
They would greatly widen the market for strong assembly-language
programming skills, which is much shrunken from what it once was; and
that would be good for the platform.
Alas, however, . . .
John Gilmore, Ashland, MA 01721 - USA
SRB mode is only needed if you use IBM's supplied API to zIIP. WLM is the
part of z/os that schedules the TCB/SRB to the a proccessor and there is a
know-how to do this, and indead requires deep knowledge of mvs interfaces
and assembler coding.
THe SRBs scheduled on the zIIP (using IBM's supplied
Do vendor's have access to the WLM implementation that allows TCB's to run on a
zIIP? Since JAVA was implemented starting with z/OS 1.11, I suspect they may
use SRB's otherwise they could have easily retrofitted it to earlier versions.
As for the risk, an SRB can use cross memory facilities.
I will not comment on Mr. Perryman's suspicions, which are not arguments.
I will limit myself to noting that 1) an SRB cannot attach a subtask
and 2) a [different] SRB that it scheduled into another address space
would also disabled for I/O.
Peter Relson's point is the important one here.
The
On 11/3/13, John Gilmore jwgli...@gmail.com wrote:
I will not comment on Mr. Perryman's suspicions, which are not arguments.
I will limit myself to noting that 1) an SRB cannot attach a subtask
and 2) a [different] SRB that it scheduled into another address space
would also disabled for I/O.
On 11/3/2013 10:25 AM, Itschak Mugzach wrote:
THe SRBs scheduled on the zIIP (using IBM's supplied interfaces) are
running in the same address space, so it minimize the risk.
Not always.
SRB mode is
also disabled for IO, so you can't infect other libraries / files like a
virus.
Not sure
...@gmail.com
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Sunday, November 3, 2013 11:42 AM
Subject: Re: Security exposure of zXXP was Re: zIIP simulation
I will not comment on Mr. Perryman's suspicions, which are not arguments.
I will limit myself to noting that 1) an SRB cannot attach a subtask
and 2
On Sun, 3 Nov 2013 14:42:18 -0500, John Gilmore wrote:
The use of these facilities by the unwashed certainly has great
potential for bringing down z/OS.
Your implied faith in your coterie transcends mine I'm afraid - the pool of
talent seems to be diminishing.
Shane ...
I agree that the pool of talent is being diminished by deaths, low
recruitment because of poor perceived economic prospects, out
migration for the same reason, and---among the young---a perception
that the excitement is elsewhere.
This issue is, however, separable from that of competence to work
I think Itschak is saying that SRB's can't do I/O, therefore they can't write
files to embed a virus or read confidential data. I think he's under the
impression that SRB's can't get access to everything they desire.
Jon Perryman.
From: Ed Jaffe
That's true. You can't infect files/load modulesqetc.
ITschak
On Mon, Nov 4, 2013 at 2:15 AM, Jon Perryman jperr...@pacbell.net wrote:
I think Itschak is saying that SRB's can't do I/O, therefore they can't
write files to embed a virus or read confidential data. I think he's under
the
SRB's are a big security exposure so customers are unlikely to open them
to their programmers.
SRBs are the same level of security exposure that APF-authorized tasks
are. So if an application is already APF-authorized, switching to enclave
SRBs is not intrinsically more of a security exposure
On 1 Nov 2013 08:44:42 -0700, in bit.listserv.ibm-main you wrote:
Your code may be the best design possible but it still uses CPU. Redesigning
and rewriting code to be more efficient is not the point of zIIP processors.
They are simply an IBM sales tool to make the price if z hardware more
I think zAAP are somehow for Java but I'm not sure. I don't know how they
restrict their usage. I doubt it is thru an SRB.
zIIP is supposed to run vendor software. Most are APF authorized anyways so the
exposure is not any greater. My point was if a customer discovered how to do
this, they
38 matches
Mail list logo
