Re: Semi-OT: Government snooping was Re: Is there any MF shop using AWS service?
Maybe the people who are so vocal about the government should live/work in another country. Its their rules and your a guest. Been there twice. Regards, Scott www.identityforge.com From: Clark Morris Sent: Sunday, April 6, 2014 12:34 PM To: IBM Mainframe Discussion List On 6 Apr 2014 07:15:59 -0700, in bit.listserv.ibm-main you wrote: In 3c50k9hv2dscdvhsn3b7kvi84jaibbp...@4ax.com, on 04/05/2014 at 11:41 AM, Clark Morris cfmpub...@ns.sympatico.ca said: I remember my sister saying her European friends couldn't understand what the big deal about Watergate was. The same in Israel. The assumed that the snooping involved was common practice given their experience with their own governments. Perhaps, but I suspect that it was really a question of whose ox was gored. Certainly, people in Israel got very upset over what to me looked like minor scandals; the were more egregious than Watergate because they were local. Were the French as blasé over scandals in France as they were over Watergate? From what I recall from over 35 years ago was that her friends thought that the government snooping was a normal state of affairs. Given the records retention requirements in the United States (and maybe other countries), most organizations have to keep a huge amount of documentation including all e-mails so that the government can later troll through them to prove wrongdoing. For organizations the exposure is not snooping by the government of jurisdiction which can get the data anyway but by foreign governments doing it for other reasons. Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Semi-OT: Government snooping was Re: Is there any MF shop using AWS service?
In 00fe01cf51bd$96812ab0$c3838010$@mxg.com, on 04/06/2014 at 12:28 PM, Barry Merrill ba...@mxg.com said: And, I believe the actual company name with the SHARE code of CAD was listed as Northern Virginia Department of Highways, which I also think was the sign on the GW Parkway to the CIA. Way back then the sign read Fairbanks Highway Research Station, but these days they've come out of the closet. I believe that DOT still has a small facility their, but it no longer serves as a cover. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Semi-OT: Government snooping was Re: Is there any MF shop using AWS service?
In the late 70's, I was programming for 'Project Match', where large corporations voluntarily gave their employment data to the various state governments (via the FBI), and we matched them against welfare enrollment of some kind. Snooping's been going on for a while, don't you think? David -Original Message- From: Clark Morris cfmpub...@ns.sympatico.ca To: IBM-MAIN IBM-MAIN@LISTSERV.UA.EDU Sent: Sun, Apr 6, 2014 12:52 pm Subject: Semi-OT: Government snooping was Re: Is there any MF shop using AWS service? On 6 Apr 2014 07:15:59 -0700, in bit.listserv.ibm-main you wrote: In 3c50k9hv2dscdvhsn3b7kvi84jaibbp...@4ax.com, on 04/05/2014 at 11:41 AM, Clark Morris cfmpub...@ns.sympatico.ca said: I remember my sister saying her European friends couldn't understand what the big deal about Watergate was. The same in Israel. The assumed that the snooping involved was common practice given their experience with their own governments. Perhaps, but I suspect that it was really a question of whose ox was gored. Certainly, people in Israel got very upset over what to me looked like minor scandals; the were more egregious than Watergate because they were local. Were the French as blasé over scandals in France as they were over Watergate? From what I recall from over 35 years ago was that her friends thought that the government snooping was a normal state of affairs. Given the records retention requirements in the United States (and maybe other countries), most organizations have to keep a huge amount of documentation including all e-mails so that the government can later troll through them to prove wrongdoing. For organizations the exposure is not snooping by the government of jurisdiction which can get the data anyway but by foreign governments doing it for other reasons. Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
In 3c50k9hv2dscdvhsn3b7kvi84jaibbp...@4ax.com, on 04/05/2014 at 11:41 AM, Clark Morris cfmpub...@ns.sympatico.ca said: I remember my sister saying her European friends couldn't understand wheat (sic) the big deal about Watergate was. The same in Israel. The assumed that the snooping involved was common practice given their experience with their own governments. Perhaps, but I suspect that it was really a question of whose ox was gored. Certainly, people in Israel got very upset over what to me looked like minor scandals; the were more egregious than Watergate because they were local. Were the French as blasé over scandals in France as they were over Watergate? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Semi-OT: Government snooping was Re: Is there any MF shop using AWS service?
On 6 Apr 2014 07:15:59 -0700, in bit.listserv.ibm-main you wrote: In 3c50k9hv2dscdvhsn3b7kvi84jaibbp...@4ax.com, on 04/05/2014 at 11:41 AM, Clark Morris cfmpub...@ns.sympatico.ca said: I remember my sister saying her European friends couldn't understand what the big deal about Watergate was. The same in Israel. The assumed that the snooping involved was common practice given their experience with their own governments. Perhaps, but I suspect that it was really a question of whose ox was gored. Certainly, people in Israel got very upset over what to me looked like minor scandals; the were more egregious than Watergate because they were local. Were the French as blasé over scandals in France as they were over Watergate? From what I recall from over 35 years ago was that her friends thought that the government snooping was a normal state of affairs. Given the records retention requirements in the United States (and maybe other countries), most organizations have to keep a huge amount of documentation including all e-mails so that the government can later troll through them to prove wrongdoing. For organizations the exposure is not snooping by the government of jurisdiction which can get the data anyway but by foreign governments doing it for other reasons. Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Semi-OT: Government snooping was Re: Is there any MF shop using AWS service?
cfmpub...@ns.sympatico.ca (Clark Morris) writes: From what I recall from over 35 years ago was that her friends thought that the government snooping was a normal state of affairs. Given the records retention requirements in the United States (and maybe other countries), most organizations have to keep a huge amount of documentation including all e-mails so that the government can later troll through them to prove wrongdoing. For organizations the exposure is not snooping by the government of jurisdiction which can get the data anyway but by foreign governments doing it for other reasons. re: http://www.garlic.com/~lynn/2014e.html#23 Is there any MF shop using AWS service? http://www.garlic.com/~lynn/2014e.html#25 Is there any MF shop using AWS service? when the (virtual machine) cp67 development group split off from the science center and moved to the 3rd flr taking over the ibm boston program center ... they only had a part of the 3rd flr ... the rest of the 3rd flr was listed in the bldg registry as a law firm. However the telco closet for the 3rd flr was on the ibm side ... and it clearly listed the other occupant as a certain 3-letter agency. this agency was also member of share ... installation code CAD (supposedly for cloak-and-dagger). in aug76, tymshare started offerring its cms-based online computer conferencing to share for free ... archives here: http://vm.marist.edu/~vmshare CAD shows up periodcially in the postings. other reference ... gone 404 but lives on at the wayback machine: http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml vm370 profs email system was in extensive use by the gov ... deleting email didn't remove it from the backup tapes. the archived email played a role in investigation into http://en.wikipedia.org/wiki/Iran%E2%80%93Contra_affair note in the above ... possibly one of the reasons that the VP was out of the loop ... was he was administration point-person for deregulating the financial industry ... where some of his relatives played prominant roles ... one such http://en.wikipedia.org/wiki/Savings_and_loan_crisis#Silverado_Savings_and_Loan -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Semi-OT: Government snooping was Re: Is there any MF shop using AWS service?
And, I believe the actual company name with the SHARE code of CAD was listed as Northern Virginia Department of Highways, which I also think was the sign on the GW Parkway to the CIA. Barry Merrill -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Anne Lynn Wheeler Sent: Sunday, April 06, 2014 12:16 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Semi-OT: Government snooping was Re: Is there any MF shop using AWS service? cfmpub...@ns.sympatico.ca (Clark Morris) writes: From what I recall from over 35 years ago was that her friends thought that the government snooping was a normal state of affairs. Given the records retention requirements in the United States (and maybe other countries), most organizations have to keep a huge amount of documentation including all e-mails so that the government can later troll through them to prove wrongdoing. For organizations the exposure is not snooping by the government of jurisdiction which can get the data anyway but by foreign governments doing it for other reasons. re: http://www.garlic.com/~lynn/2014e.html#23 Is there any MF shop using AWS service? http://www.garlic.com/~lynn/2014e.html#25 Is there any MF shop using AWS service? when the (virtual machine) cp67 development group split off from the science center and moved to the 3rd flr taking over the ibm boston program center ... they only had a part of the 3rd flr ... the rest of the 3rd flr was listed in the bldg registry as a law firm. However the telco closet for the 3rd flr was on the ibm side ... and it clearly listed the other occupant as a certain 3-letter agency. this agency was also member of share ... installation code CAD (supposedly for cloak-and-dagger). in aug76, tymshare started offerring its cms-based online computer conferencing to share for free ... archives here: http://vm.marist.edu/~vmshare CAD shows up periodcially in the postings. other reference ... gone 404 but lives on at the wayback machine: http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml vm370 profs email system was in extensive use by the gov ... deleting email didn't remove it from the backup tapes. the archived email played a role in investigation into http://en.wikipedia.org/wiki/Iran%E2%80%93Contra_affair note in the above ... possibly one of the reasons that the VP was out of the loop ... was he was administration point-person for deregulating the financial industry ... where some of his relatives played prominant roles ... one such http://en.wikipedia.org/wiki/Savings_and_loan_crisis#Silverado_Savings_and_Loan -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
Shane, Down boy.there are lot of us Americans on here Scott ford www.identityforge.com from my IPAD On Apr 4, 2014, at 6:24 PM, Shane Ginnane ibm-m...@tpg.com.au wrote: On Fri, 4 Apr 2014 15:19:43 -0500, Russell Witt wrote: How is sending encrypted data to the Cloud any more or less dangerous then sending encrypted cartridges to an off-site vault via a truck? Because when some bloke in a balaclava hijacks the truck and makes off with your tapes you sure as hell know about it. But when one of Americas non-regulated intelligence (FSVO) agencies decides to scoop up all your data, they have all the time in the world to do as they wish. Undetected. And even if they miss it on the fly, the can just get an order to access it in the USA datacentre that is a backup. Secretly. Very bad all round, worse for everyone else in the world. And not just for the (paranoid ?) mainframers, *everyone*. At least the Europeans have made some attempt at privacy. Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
On 4 Apr 2014 18:32:32 -0700, in bit.listserv.ibm-main you wrote: On 5/04/2014 6:24 AM, Shane Ginnane wrote: On Fri, 4 Apr 2014 15:19:43 -0500, Russell Witt wrote: How is sending encrypted data to the Cloud any more or less dangerous then sending encrypted cartridges to an off-site vault via a truck? Because when some bloke in a balaclava hijacks the truck and makes off with your tapes you sure as hell know about it. But when one of Americas non-regulated intelligence (FSVO) agencies decides to scoop up all your data, they have all the time in the world to do as they wish. Undetected. And even if they miss it on the fly, the can just get an order to access it in the USA datacentre that is a backup. Secretly. And since the data is already on Amazons elastic cloud they can spin off a hundred thousand node supercomputer and crack your encryption in a matter of seconds :). Very bad all round, worse for everyone else in the world. And not just for the (paranoid ?) mainframers, *everyone*. At least the Europeans have made some attempt at privacy. I wouldn't include the UK with the rest of Europe. They're in cahoots! The French are notorious for snooping. I remember my sister saying her European friends couldn't understand wheat the big deal about Watergate was. The assumed that the snooping involved was common practice given their experience with their own governments. Clark Morris Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
David Crayford's interpolated comments in Shane Ginnane's post: begin extracts And since the data is already on Amazons elastic cloud they can spin off a hundred thousand node supercomputer and crack your encryption in a matter of seconds . . . . . . I wouldn't include the UK with the rest of Europe. They're in cahoots! /end extracts merit comment. It is true that text encrypted using DES and its lineal descendants can be decrypted readily by any entity that has the necessary computing capacity. Perhaps defensible in the past, their continued use [as more than a gesture of reassurance] is now wholly indefensible; and the indefensible is not enough. There are, however, alternatiives available. They are well described in Ekert, Artur, and Renato Renner. The ultimate physical limits of privacy, Nature, volume 507, pp, 443-447, 27 March 2014. This paper is accessible to anyone having an engineering or scientific education but not, unfortunately, to others; and it contains an excellent, well annotated bibliography. The methods of quantum cryptography it discusses make no use of a key or the like kept secret. They cannot be broken They exploit Heisenberg's indeterminacy principle instead About the culpability of the UK two quite different things need to be said. First, it is an active member, and not at all a junior partner in, Five Eyes, a consortium of the signal intelligence agencies of Australia, Canada, New Zealand, the UInited Kingdom, and the United States. In this sense it is certainly in cahoots. Its domestic privacy legislation is, on the other hand, much stronger than that of the US; and this legislation is enforced effectively against all but government itself by the UK's still independent courts. John Gilmore, Ashland, MA 01721 - USA -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
On 4/04/2014 1:35 PM, Tsai Laurence wrote: Dears, as the subject, if your shop using AWS service, what is it? Backup svc? Solution ? I doubt it. Mainframe customers are a paranoid lot and putting their data onto Amazons cloud would be risky. Maybe when IBM get's it's act together with mainframe cloud services? Laurence 蔡宗志 from my HTC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
In mainframe parlance, AWS could stand for Automated Workload Scheduler, such as TWS from IBM/Tivoli. Regards, Mitch McCluhan -Original Message- From: Tsai Laurence ltsai85...@gmail.com To: IBM-MAIN IBM-MAIN@LISTSERV.UA.EDU Sent: Thu, Apr 3, 2014 10:35 pm Subject: Is there any MF shop using AWS service? Dears, s the subject, if your shop using AWS service, what is it? Backup svc? olution ? Laurence 蔡宗志 from my HTC -- or IBM-MAIN subscribe / signoff / archive access instructions, end email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
ltsai85...@gmail.com (Tsai Laurence) writes: as the subject, if your shop using AWS service, what is it? Backup svc? Solution ? How Boeing merges its data centers with the Amazon and Microsoft clouds; Carving data up into puzzle pieces keeps sensitive information secure. http://arstechnica.com/information-technology/2014/04/how-boeing-merges-its-data-centers-with-the-amazon-and-microsoft-clouds/ sounds a little like effort to consolidate all Boeing dataprocessing into BCS the spring of 1969 ... I had been talked into giving a one week computer class (during spring break, I was still undergraduate and taking classes) to four people that were part of the startup BCS team ... and the IBMers assigned to the effort. then that summer spent in Seattle helping setup Boeing computer services ... one of the half dozen or so 1st employees ... basically consolidate all dataprocessing in single business unit to better monetize the investment. Part of this was Renton datacenter which I thought was possibly the largest in the world with something like $300m in large IBM mainframes (that summer 360/65s were arriving faster than they could be installed, there were constantly pieces of 360/65s in the hallways around the machine room). However, they had a D/R scenario where Mt. Rainier warms up and massive mud slide takes out the Renton datacenter. the estimate was the loss of the Renton datacenter for a week would cost Boeing more than the cost of the data center ... so Renton was being replicated at the new 747 plant up in Everett. note communities closer to Mt. Rainier have civil defense sirens for such mud slide emergency ... reference http://www.citizenreviewonline.org/june2004/danger.htm and http://en.wikipedia.org/wiki/Mount_Rainier_Volcano_Lahar_Warning_System Later I would meet John Boyd and sponsor his briefings at IBM. His biographies have him doing stint in command of spook base (at the same time I was at Boeing) claiming it was a $2.5B windfall for IBM (nearly ten times that of Renton datacenter and over $17B in today's dollars). spook base reference, gone 404, but lives on at the wayback machine http://web.archive.org/web/20030212092342/http://home.att.net/~c.jeppeson/igloo_white.html -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
Laurence Both CA Technologies and Luminex offer Virtual Tape solutions that would allow for AWS to be the offsite copy of the virtual-volumes. Using AWS as the back-end of a Virtual Tape offering allows you (the client) to decide which which backups you want, and how long you want them to be stored at one of the many Amazon data centers. Actually, a great way for a smaller z/OS site to have a replicated Virtual Tape solution without having to pay the up-front cost of a replicated storage appliance and without having to worry if the replicated storage appliance is big enough for your growth. And of course, you can get to your data from any location that has TCP/IP connectivity (as long as you have your passwords/credentials of course). Russell Witt CA Technologies On 04/04/14, Tsai Laurenceltsai85...@gmail.com wrote: Dears, as the subject, if your shop using AWS service, what is it? Backup svc? Solution ? Laurence ���v�� from my HTC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
Why would you say that MF customers are too paranoid for Cloud storage? How is sending encrypted data to the Cloud any more or less dangerous then sending encrypted cartridges to an off-site vault via a truck? Personally, I would think that a TCP/IP connection that gets the data to a secure Cloud provider in seconds is a lot more secure then a couple of hours in a truck and having shippers moving the cartridges multiple times. Granted, you want to make sure you are using a secure Cloud provider that and one that will be around for years to come. But the same is true for the off-site storage company. And if you trust encryption for your cartridges, why wouldn't you trust encryption for the Cloud? Granted, if you are big enough to have multiple data centers and already do replicated virtual tape from one data center to another for DR purposes, you don't have a need for using the Cloud or off-site storage for DR. But maybe for long-long-term storage. And you still have questions to answer. If the data is stored for 99 years, how often to you bring it back to the data center to copy onto newer media? For a Cloud provider, that is their responsibility. Of course, you also have to ask will either the off-site storage company or the Cloud provider be around for 99 years? And if not, how hard will it be to move the data? I think strongly encrypted Cloud storage for MF clients is a real possibility. Either for DR purposes for sites not large enough to have multiple data centers or for long-long-term storage. But these are just my opinions (and I do have lots of those). Russell On 04/04/14, David Crayforddcrayf...@gmail.com wrote: On 4/04/2014 1:35 PM, Tsai Laurence wrote: Dears, as the subject, if your shop using AWS service, what is it? Backup svc? Solution ? I doubt it. Mainframe customers are a paranoid lot and putting their data onto Amazons cloud would be risky. Maybe when IBM get's it's act together with mainframe cloud services? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
On Fri, 4 Apr 2014 15:19:43 -0500, Russell Witt wrote: How is sending encrypted data to the Cloud any more or less dangerous then sending encrypted cartridges to an off-site vault via a truck? Because when some bloke in a balaclava hijacks the truck and makes off with your tapes you sure as hell know about it. But when one of Americas non-regulated intelligence (FSVO) agencies decides to scoop up all your data, they have all the time in the world to do as they wish. Undetected. And even if they miss it on the fly, the can just get an order to access it in the USA datacentre that is a backup. Secretly. Very bad all round, worse for everyone else in the world. And not just for the (paranoid ?) mainframers, *everyone*. At least the Europeans have made some attempt at privacy. Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
re: http://www.garlic.com/~lynn/2014e.tml#23 Is there any MF shop using AWS service? TCP/IP Might Have Been Secure From the Start If Not For the NSA http://beta.slashdot.org/story/200323 Note NSFNET backbone was precursor to modern internet (and cloud computing). http://www.technologyreview.com/featuredstory/401444/grid-computing/ we had been working with various players and were suppose to get $20M to tie together the various NSF supercomputer sites. Then congress cuts the budget and some other things happen. Finally they come out with an RFP but internal politics prevent us from bidding. The director of NSF tries to help by writing the company a letter, but that just makes the internal politics worse (as does comments about what we already have running is at least 5yrs ahead of bid responses). Some old nsfnet related email http://www.garlic.com/~lynn/lhwemail.html#nsfnet posts mentioning NSFNET backbone http://www.garlic.com/~lynn/subnetwork.html#nsfnet We had project with T1 and faster speed links on the internal network .. some of the past posts http://www.garlic.com/~lynn/subnetwork.html#internalnet ... one of the differences was that all internal links had to be encrypted ... which effectively required link encryptors. some old crypt related email http://www.garlic.com/~lynn/lhwemail.html#crypto includes some proposal for a PGP-like implementation in 1981. One of the issues was that software DES for sustained full-duplex T1 would have required dedicating 100% of both processors of large mainframe 3081K. Now I didn't like what I had payed for T1 link encryptors and finding link encryptors faster than T1 was really hard ... so I got involved in doing our own; the design was to be able to handle several megabytes (not megabits) per second sustained and could be built for under $100. At first the corporate crypto product group claimed that it significantly reduced DES crypto strength. It took me 3months to figure out how to explain to them what was going on and convince them it was significantly stronger than DES rather than significantly weaker. However it was hollow victory, and I realized that there were three kinds of crypto 1) the kind they don't care about, 2) the kind you can't do, 3) the kind you can only do for them (I was told I could build as many as I wanted, but they would have to all be sent to an address in Maryland; and I couldn't use any of them). Later (after we left), we were brought in as consultants to a small client/server startup that wanted to do payments on their server; they had developed this technology they called SSL they wanted to use, the result is now frequently called electronic commerce. We had to map the technology to payment business process, audit/walk-thru these new businesses selling SSL digital certificates, and establish deployment requirements. Almost immediately webservers found that SSL cut their throughput 80-90% and they dropped back to just using SSL for checkout/payment. Note, basic SSL assumption was that users understood the relationship between the webserver they wanted to talk to and the URL they typed in. The browser would then use SSL to validate that the webserver being talked to corresponded with the URL typed in. Both were needed for the webserver being talked to was the webserver the user thought they were talking to. Webservers dropped back to only using SSL for checkout/payment. Now the URL the user typed in was no longer validated. Then payment URL was provided by clicked on button from the unvalidated webserver. The result was that now SSL established that the webserver being talked to was the webserver it claimed to be (but not necessarily the webserver the user thought it was). -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Is there any MF shop using AWS service?
On 5/04/2014 6:24 AM, Shane Ginnane wrote: On Fri, 4 Apr 2014 15:19:43 -0500, Russell Witt wrote: How is sending encrypted data to the Cloud any more or less dangerous then sending encrypted cartridges to an off-site vault via a truck? Because when some bloke in a balaclava hijacks the truck and makes off with your tapes you sure as hell know about it. But when one of Americas non-regulated intelligence (FSVO) agencies decides to scoop up all your data, they have all the time in the world to do as they wish. Undetected. And even if they miss it on the fly, the can just get an order to access it in the USA datacentre that is a backup. Secretly. And since the data is already on Amazons elastic cloud they can spin off a hundred thousand node supercomputer and crack your encryption in a matter of seconds :). Very bad all round, worse for everyone else in the world. And not just for the (paranoid ?) mainframers, *everyone*. At least the Europeans have made some attempt at privacy. I wouldn't include the UK with the rest of Europe. They're in cahoots! Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Is there any MF shop using AWS service?
Dears, as the subject, if your shop using AWS service, what is it? Backup svc? Solution ? Laurence 蔡宗志 from my HTC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
