The idea behind Open Firmware came from Sun during their transition from MC68000 CPUs to SPARC. Problem: two different CPU architectures, and you want to write add-in board device drivers just once, rather than N times for N different processors.
Solution: put an interpreter on the motherboard, written native for the processor on the motherboard, and write the drivers for the peripheral boards (which go into PROMs on the peripheral boards) in the interpreted language. This way, the system can boot from devices that were never envisioned when the motherboard was designed.
This is a standard that WinTel world would do well to adopt.
I remember the good old days of the ARPANET, when you had to have a government research contract to be on the network at all, and everyone on the net was smart and polite and helpful, there were no advertisements, and no AOL, and no one much bothered with computer security because it was uncool not to share your computing resources.
Gosh, if we could only go back to those wonderful days of the elitist ARPANET...
The section which describes the Ukranian reminded me of a piece from Analog Science Fiction/Science Fact magazine from the late 70's or early 80's by G. Harry Stine whose title I've long since forgotten (a science fact piece?).
In it, he describes taking a visiting engineer from behind the Iron Curtain to Disneyland for an afternoon's diversion. The man became increasingly agitated as the afternoon wore on. When Harry finally asked why, the man said,
"Look at all the technology in this place, and you use it just for
fun! It makes me worry about what you're not showing me."
One man's high technology is another man's toy, and vice versa.
When the Engineers are allowed to make the decision, a good standard usually results. The catch is that sometimes things are compromised by a (bogus) requirement for backwards compatability. This is why IA-32 sucks so bad.
The Black Budget (i.e. the part of the US Federal government budget for intelligence activities) is on the order of $100 billion. That's annually - every year they get that much money to spend.
The EFF built a DES (56-bit) key cracker with custom hardware for $250,000. Assuming a similar level of difficulty and hardware that scales up, a 64-bit RC5 key can be cracked in a similar period of time using hardware that costs $64 million (256 times bigger; remember - key space searches scale linearly with the amount of hardware you throw at them).
Note carefully that $64m is less than $100b by three orders of magnitude. How many such machines can they buy in a single year?
Now, consider what "Echelon" is supposed to do: monitor foreign communications. If you are interested just in the United States, how many trans-oceanic cables, cross-border cables, and satellite transponders do you have to tap? I bet it's less than 1,000...
The Black Budget is very large. It is not infinite (after all the taxpayers of the USA do have limits), but it can do quite a lot. The trick in this game is to make what you're doing, cryptographically, hard enough that they won't have the money to build the machine to brute it.
IPv6 is most certainly about alleviating the IP address space shortage. Everything else was a case of "well, if we're redesigning the world, there's this one small thing I want to add..."
Network Address Translation (NAT) is an unmitigated Evil in that it breaks the End-to-End model - the basic design assumption of the Internet (you know, smart end hosts, with stupid routers in the middle who are not supposed to muck with the packets in any way?). There's also one other small gotcha with NAT - if you NAT, you can't use IP security. How can the NAT translate IP addresses hiding in an encrypted packet?
The 32-bit IPv4 address space will exhaust, and when it does, we allmust have IPv6 stacks in our kernels, and our applications converted and working in both the old and the new address space.
Anything else is just an egregious hack, and must not be tolerated.
The Brits get us colonials back in their own British Museum of Science & Industry in London, which was (and may still be) running an exhibit on the history of computers this summer when I visited. It mentions various developments in America here and there, but you'd think that computers were invented in Britan if that's all you saw.
Alan Turing devised most of the theoretical basis for computers in mathematics, but all the modern computers that we use are called Von Neumann machines for a reason.
Some of us who were around for the Morris Internet Worm have been screaming about the need for better Software Quality Assurance (SQA). Bad SQA was the proximate cause of the fingerd buffer overflow that Morris exploited.
Much more worrisome is the proliferation of proper, Turing-complete interpreted languages in unsafe contexts, e.g. Microsoft Word Macros, JavaScript and ActiveX in web pages, etc. We should not be designing and deploying programs which allow for execution of "foreign" code from untrusted sources without prior, explicit permission from the computer user, each time!
Unfortunately, the pull of additional functionality has been greater than the pushback of potential security flaws in the basic model, so these incredibly dangerous systems get deployed, and those of us who speak out against them as decried as alarmists.
And do I need to mention that the vast majority of desktop Operating Systems (e.g. MacOS, Microsoft Windows) do not use the MMUs for any kind of application address space protection, which makes any incursion that much more serious?
Teasing parallelism out of computer programs is a desperation move when you can't speed up the basic logic of the chip.
A 2X increase in clock speed (and associated I/O channels) really does mean a 2X increase in performance for all programs, but adding parallelism (extra execution units, VLIW, Vector Processors, etc) only wins for those programs which can be made parallel, and only a fraction of the computing world works that way.
Everything else is serial, and requires those clock rate increases to get more performance.
As for Intel "keeping up" with the PowerPC, a friend of mine who used to work for NASA is fond of quoting this aphorism:
With enough thrust, anything will fly.
With tens of billions in sales, and a 26% profit margin (see Yahoo's financial profile of Intel), they've got a whole lot of thrust to put under the obsolete, bloated IA-32 architecture.
Ah, if it were only as simple as the technical merits...
I was all set to blast this as a silly thing to implement, until I read that they're implementing IP security. If it were just link-layer encryption, it would be a waste of time.
Unfortunately, I don't see any mention of IP security in the chip for IP version 6 (and yes, IPsec is required in IPv6).
The Fast Ethernet switch market has been competing hard lately around the 8-port switch models - that's the sweet spot. Go check out the prices on CNET's Shopper.com; they even show the state where the mail order company is based so that you can avoid sales taxes.
When I went to work for Apple Computer in 1988, the company was hiring like mad (went from 8,000 to 10,000 employees in one year), and it was returning 54% margin on sales (that is, 54 cents of every dollar was profit). They were rolling in money. The mantra of the time was, "spend money, not time; money we have..."
As for disabling G4 processor upgrades for the existing G3 machines, this is almost certainly because the MacOS has to be changed to support the extra AltiVec context from the G4. The MMX stuff in the Pentiums were overloaded on the FPU registers to avoid this (and probably to cut down on the silicon real estate required for implementation), but that "optimization" has, in practice, been bad for performance.
Apple is just taking the up-front hit to make the G4 support work right, as opposed to having a whole lot of unhappy customers who buy a "G4 upgrade", only to find that their existing MacOS 8.6 fails in funny ways...
As for the RAM bandwidth issue, Motorola was aware of that, and included some L1/L2 cache manipulation instructions to explicitly make data available to the vector processor.
Cray Supercomputers don't have L1/L2 caches because they build their RAM subsystems to deliver data fast enough to keep the processors fed and full, however that's expensive and not a viable strategy outside the "money is no object" computing market where Cray plays.
Unless you want to pay L2 cache prices for regular RAM, be happy, and deal with reality as it is. The G4 kicks ass, and, provided that the software guys don't eat up all the new performance and then some with code bloat, some really cool stuff will result from all this power.
Actually, today we're celebrating the birth of the ARPANET, which preceeded the Internet.
The ARPANET was born on this day in 1968, and was finally laid to rest in March of 1991 when the IMPs (subsequently called Packet Switch Nodes (PSNs)) were finally decommissioned (long live 1822!).
The Internet was born on January 1, 1983 when the ARPANET was switched from Network Control Protocol (NCP) to the TCP/IP that we know today with not-so-gentle prodding from what was then the Defense Communications Agency (DCA, now the Defense Information Systems Agency), which had taken over operation of the ARPANET from the Advanced Research Projects Agency (ARPA).
Before that day, you had to have a computer attached to an IMP on the ARPANET to be on the network. After that day, with a router, you could be on any old LAN, and exchange IP packets with any other host anywhere, whether it was attached to an IMP, an Ethernet, a Chaosnet, an ARCnet, or whatever. The growth of the network accelerated from that point on to the world-embracing network we see today.
Now, if we can just get IP version 6 (and IP Security!) deployed to solve the address space problem. Unfortunately, we don't have any one organization with control over the Internet who can cause such a change to happen (i.e. they order it, and they have guns to back it up their authority).
Of course, there are anarchists who say that this is better...
another place doing maps & interesting analysis
on
Mapping the Internet
·
· Score: 1
A correction, and what's competitive?
on
Cisco, IBM to ally
·
· Score: 1
Actually, the Cisco AGS was a MultiBus system, not a VMEbus system. The "cBus" looks vaguely like a VME, but that came later, in the AGS+
As for the anti-competitive aspects of this alliance, you might want to ask IBM why they 86'd their network products - could it be that they weren't even vaguely competitive, and perhaps they see more market advantage selling Cisco's products instead?
Everyone forgets that in computer neworking, delay (latency) is deadly - it's time that you can't get back. For Beowulf clusters to be effective across the widest range of parallel problems, they have to be packed together as closely as possible, to keep the node-to-node delays down to a minimum. Put another way: the more node-to-node communication required, the more that trivial increments in node-to-node communication delay will suck serious multiples of performance from the application.
A Canada-wide Beowulf cluster might work fine for RC5-64 cracking or SETI@HOME, but only because those problems require essentially no node-to-node communication, and the work-sets per node can be set arbitrarily large.
As for Canarie, they did a silly thing: they're using Asynchronous Transfer Mode (ATM), when they could be using raw SONET or SDH instead. ATM eats ten percent of the bandwidth right off the top, without adding any value at all. What could you do with an additional 8Gb/s out of the original 80Gb/s?
Jordan is right about the PR war, as far as he goes. However, in the BSD world, it's FreeBSD that is getting the PR; those of us working on NetBSD are even more obscure, despite the fact that NetBSD runs on a lot more platforms (i.e. CPUs/systems other than Intel) than just about anything.
The reality is that it's hard to get hackers to do marketing because they're not really good at it (and most of them know it), and the people who are good at it are either insufferable, or attempt to control the engineering side and thus have to be jettisoned.
Where does one find good marketing people who know their purpose and their place?
Patents are to encourage publication, yes, but in the modern age, the patent period is far too long. It should be no more than five years from the patent application (not grant) date. How long have we all been waiting for the RSA patent to expire?
To make matters worse, the US Patent and Trademark Office (PTO) keeps issuing completely isane software patents. I think the PTO patent examiners are completely incompetent to rule on anything related to software, and the PTO should either hire competent examiners, or stop accepting software patent applications.
In addition, just because the content of a patent is public doesn't mean you can just use it! You must get a license from the patent holder, and he can charge you whatever he likes as a license fee. The comparion to Open Source is wrong.
As for "trade secret" - those are easily broken by reverse engineering. A "trade secret" is established by a contract between two parties, the holder of the secret, and someone to whom the holder discloses the secret under the condition that the secret not be further disclosed to anyone not already under contract not to disclose. When a trade secret is disclosed beyond the parties to the non-disclosure agreement, there are no criminal penalties if there was no crime committed to come into possession of the secret (i.e. you didn't break into a lab and steal it in order to publish it), there is only a "tort" (a civil cause of action) potentially against the publisher, if and only if the publisher was party to the non-disclosure agreement!
To put it another way, "trade secret" is easily broken with no recourse for the holder of the secret if they didn't protect it well enough. Exactly like National Security Top Secret stuff: it does no good to sue China after they've stolen your plans for the W88 nuclear warhead...
This implies Network Address Translators (NATs, which the Linux weenies renamed "IP Masquerading" for no good reason) at every national border. There's only one teeny-tiny problem with that: you can't build a NAT that's fast enough to handle that amount of traffic!
IP Security is going to take out all the NATs anyway (and not a moment too soon): you can't translate encrypted packets.
Why not the Apple Newton 2100? That beast has a 162 MHz StrongARM CPU (optimized for "MIPS per milli-ampere" to begin with), 8MB of RAM, and a 4-bit greyscale touch screen, plus optional keyboard, and two PCMCIA slots.
Sure, it's orphaned, but it'd be a kick-ass system...
Slashdot Mirror
NetBSD/macppc already runs on the iMac. We've been there for over a year (since the 1.4 release in May 1999).
Open Firmware is IEEE 1275. The home page is
http://playground.sun.com/1275/
The idea behind Open Firmware came from Sun during their transition from MC68000 CPUs to SPARC. Problem: two different CPU architectures, and you want to write add-in board device drivers just once, rather than N times for N different processors.
Solution: put an interpreter on the motherboard, written native for the processor on the motherboard, and write the drivers for the peripheral boards (which go into PROMs on the peripheral boards) in the interpreted language. This way, the system can boot from devices that were never envisioned when the motherboard was designed.
This is a standard that WinTel world would do well to adopt.
I remember the good old days of the ARPANET, when you had to have a government research contract to be on the network at all, and everyone on the net was smart and polite and helpful, there were no advertisements, and no AOL, and no one much bothered with computer security because it was uncool not to share your computing resources.
Gosh, if we could only go back to those wonderful days of the elitist ARPANET...
All modern computers are "von Neumann" machines: one memory for program and data. A brilliant man.
The section which describes the Ukranian reminded me of a piece from Analog Science Fiction/Science Fact magazine from the late 70's or early 80's by G. Harry Stine whose title I've long since forgotten (a science fact piece?).
In it, he describes taking a visiting engineer from behind the Iron Curtain to Disneyland for an afternoon's diversion. The man became increasingly agitated as the afternoon wore on. When Harry finally asked why, the man said,
One man's high technology is another man's toy, and vice versa.
Not True.
For counter-examples, see
TCP/IP versus OSI
Which one does the Internet use?
CDMA versus GSM
When the Engineers are allowed to make the decision, a good standard usually results. The catch is that sometimes things are compromised by a (bogus) requirement for backwards compatability. This is why IA-32 sucks so bad.
The Black Budget (i.e. the part of the US Federal government budget for intelligence activities) is on the order of $100 billion. That's annually - every year they get that much money to spend.
The EFF built a DES (56-bit) key cracker with custom hardware for $250,000. Assuming a similar level of difficulty and hardware that scales up, a 64-bit RC5 key can be cracked in a similar period of time using hardware that costs $64 million (256 times bigger; remember - key space searches scale linearly with the amount of hardware you throw at them).
Note carefully that $64m is less than $100b by three orders of magnitude. How many such machines can they buy in a single year?
Now, consider what "Echelon" is supposed to do: monitor foreign communications. If you are interested just in the United States, how many trans-oceanic cables, cross-border cables, and satellite transponders do you have to tap? I bet it's less than 1,000...
The Black Budget is very large. It is not infinite (after all the taxpayers of the USA do have limits), but it can do quite a lot. The trick in this game is to make what you're doing, cryptographically, hard enough that they won't have the money to build the machine to brute it.
IPv6 is most certainly about alleviating the IP address space shortage. Everything else was a case of "well, if we're redesigning the world, there's this one small thing I want to add..."
Network Address Translation (NAT) is an unmitigated Evil in that it breaks the End-to-End model - the basic design assumption of the Internet (you know, smart end hosts, with stupid routers in the middle who are not supposed to muck with the packets in any way?). There's also one other small gotcha with NAT - if you NAT, you can't use IP security. How can the NAT translate IP addresses hiding in an encrypted packet?
The 32-bit IPv4 address space will exhaust, and when it does, we all must have IPv6 stacks in our kernels, and our applications converted and working in both the old and the new address space.
Anything else is just an egregious hack, and must not be tolerated.
The Brits get us colonials back in their own British Museum of Science & Industry in London, which was (and may still be) running an exhibit on the history of computers this summer when I visited. It mentions various developments in America here and there, but you'd think that computers were invented in Britan if that's all you saw.
Alan Turing devised most of the theoretical basis for computers in mathematics, but all the modern computers that we use are called Von Neumann machines for a reason.
... that a backhoe can cause even more damage to the network than ever before.
... are not competant to examine software patents. If they were, they wouldn't approve the howlers that we regularly see from these incredible idiots.
Two things must be done:
The USPTO must take its examiners out of their offices, line them up against a wall, and terminate them.
The Congress must amend the patent act to cut the period of time that a patent is viable to five years.
As things are, progress is being impeded, not accelerated, by the patent system.
Some of us who were around for the Morris Internet Worm have been screaming about the need for better Software Quality Assurance (SQA). Bad SQA was the proximate cause of the fingerd buffer overflow that Morris exploited.
Much more worrisome is the proliferation of proper, Turing-complete interpreted languages in unsafe contexts, e.g. Microsoft Word Macros, JavaScript and ActiveX in web pages, etc. We should not be designing and deploying programs which allow for execution of "foreign" code from untrusted sources without prior, explicit permission from the computer user, each time!
Unfortunately, the pull of additional functionality has been greater than the pushback of potential security flaws in the basic model, so these incredibly dangerous systems get deployed, and those of us who speak out against them as decried as alarmists.
And do I need to mention that the vast majority of desktop Operating Systems (e.g. MacOS, Microsoft Windows) do not use the MMUs for any kind of application address space protection, which makes any incursion that much more serious?
Why does this remind me of the "Delphi Pools" from "Shockwave Rider" by John Brunner?
I also recall that, in the book, the government was found to be manipulating the pools...
Teasing parallelism out of computer programs is a desperation move when you can't speed up the basic logic of the chip.
A 2X increase in clock speed (and associated I/O channels) really does mean a 2X increase in performance for all programs, but adding parallelism (extra execution units, VLIW, Vector Processors, etc) only wins for those programs which can be made parallel, and only a fraction of the computing world works that way.
Everything else is serial, and requires those clock rate increases to get more performance.
As for Intel "keeping up" with the PowerPC, a friend of mine who used to work for NASA is fond of quoting this aphorism:
With tens of billions in sales, and a 26% profit margin (see Yahoo's financial profile of Intel), they've got a whole lot of thrust to put under the obsolete, bloated IA-32 architecture.
Ah, if it were only as simple as the technical merits...
I was all set to blast this as a silly thing to implement, until I read that they're implementing IP security. If it were just link-layer encryption, it would be a waste of time.
Unfortunately, I don't see any mention of IP security in the chip for IP version 6 (and yes, IPsec is required in IPv6).
There are two companies offering Fast, FDX Ethernet switches for $25/port, not $50/port. They are:
D-Link DSS-8+
NetGear FS108
The Fast Ethernet switch market has been competing hard lately around the 8-port switch models - that's the sweet spot. Go check out the prices on CNET's Shopper.com; they even show the state where the mail order company is based so that you can avoid sales taxes.
Enjoy!
When I went to work for Apple Computer in 1988, the company was hiring like mad (went from 8,000 to 10,000 employees in one year), and it was returning 54% margin on sales (that is, 54 cents of every dollar was profit). They were rolling in money. The mantra of the time was, "spend money, not time; money we have..."
Looking at the latest financial statements for Apple at Yahoo, I see a 9.4% margin. By comparision, the financials for Dell show 8% margin, and Gateway's financials show 4.9%; By this measure, Apple is not being any more "greedy" than any other computer hardware company.
As for disabling G4 processor upgrades for the existing G3 machines, this is almost certainly because the MacOS has to be changed to support the extra AltiVec context from the G4. The MMX stuff in the Pentiums were overloaded on the FPU registers to avoid this (and probably to cut down on the silicon real estate required for implementation), but that "optimization" has, in practice, been bad for performance.
Apple is just taking the up-front hit to make the G4 support work right, as opposed to having a whole lot of unhappy customers who buy a "G4 upgrade", only to find that their existing MacOS 8.6 fails in funny ways...
As for the RAM bandwidth issue, Motorola was aware of that, and included some L1/L2 cache manipulation instructions to explicitly make data available to the vector processor.
Cray Supercomputers don't have L1/L2 caches because they build their RAM subsystems to deliver data fast enough to keep the processors fed and full, however that's expensive and not a viable strategy outside the "money is no object" computing market where Cray plays.
Unless you want to pay L2 cache prices for regular RAM, be happy, and deal with reality as it is. The G4 kicks ass, and, provided that the software guys don't eat up all the new performance and then some with code bloat, some really cool stuff will result from all this power.
Actually, today we're celebrating the birth of the ARPANET, which preceeded the Internet.
The ARPANET was born on this day in 1968, and was finally laid to rest in March of 1991 when the IMPs (subsequently called Packet Switch Nodes (PSNs)) were finally decommissioned (long live 1822!).
The Internet was born on January 1, 1983 when the ARPANET was switched from Network Control Protocol (NCP) to the TCP/IP that we know today with not-so-gentle prodding from what was then the Defense Communications Agency (DCA, now the Defense Information Systems Agency), which had taken over operation of the ARPANET from the Advanced Research Projects Agency (ARPA).
Before that day, you had to have a computer attached to an IMP on the ARPANET to be on the network. After that day, with a router, you could be on any old LAN, and exchange IP packets with any other host anywhere, whether it was attached to an IMP, an Ethernet, a Chaosnet, an ARCnet, or whatever. The growth of the network accelerated from that point on to the world-embracing network we see today.
Now, if we can just get IP version 6 (and IP Security!) deployed to solve the address space problem. Unfortunately, we don't have any one organization with control over the Internet who can cause such a change to happen (i.e. they order it, and they have guns to back it up their authority).
Of course, there are anarchists who say that this is better...
The Cooperative Association for Internet Data Analysis (CAIDA) is also doing interesting Internet data capture, analysis, and mapping.
Actually, the Cisco AGS was a MultiBus system, not a VMEbus system. The "cBus" looks vaguely like a VME, but that came later, in the AGS+
As for the anti-competitive aspects of this alliance, you might want to ask IBM why they 86'd their network products - could it be that they weren't even vaguely competitive, and perhaps they see more market advantage selling Cisco's products instead?
Everyone forgets that in computer neworking, delay (latency) is deadly - it's time that you can't get back. For Beowulf clusters to be effective across the widest range of parallel problems, they have to be packed together as closely as possible, to keep the node-to-node delays down to a minimum. Put another way: the more node-to-node communication required, the more that trivial increments in node-to-node communication delay will suck serious multiples of performance from the application.
A Canada-wide Beowulf cluster might work fine for RC5-64 cracking or SETI@HOME, but only because those problems require essentially no node-to-node communication, and the work-sets per node can be set arbitrarily large.
As for Canarie, they did a silly thing: they're using Asynchronous Transfer Mode (ATM), when they could be using raw SONET or SDH instead. ATM eats ten percent of the bandwidth right off the top, without adding any value at all. What could you do with an additional 8Gb/s out of the original 80Gb/s?
Jordan is right about the PR war, as far as he goes. However, in the BSD world, it's FreeBSD that is getting the PR; those of us working on NetBSD are even more obscure, despite the fact that NetBSD runs on a lot more platforms (i.e. CPUs/systems other than Intel) than just about anything.
The reality is that it's hard to get hackers to do marketing because they're not really good at it (and most of them know it), and the people who are good at it are either insufferable, or attempt to control the engineering side and thus have to be jettisoned.
Where does one find good marketing people who know their purpose and their place?
Patents are to encourage publication, yes, but in the modern age, the patent period is far too long. It should be no more than five years from the patent application (not grant) date. How long have we all been waiting for the RSA patent to expire?
To make matters worse, the US Patent and Trademark Office (PTO) keeps issuing completely isane software patents. I think the PTO patent examiners are completely incompetent to rule on anything related to software, and the PTO should either hire competent examiners, or stop accepting software patent applications.
In addition, just because the content of a patent is public doesn't mean you can just use it! You must get a license from the patent holder, and he can charge you whatever he likes as a license fee. The comparion to Open Source is wrong.
As for "trade secret" - those are easily broken by reverse engineering. A "trade secret" is established by a contract between two parties, the holder of the secret, and someone to whom the holder discloses the secret under the condition that the secret not be further disclosed to anyone not already under contract not to disclose. When a trade secret is disclosed beyond the parties to the non-disclosure agreement, there are no criminal penalties if there was no crime committed to come into possession of the secret (i.e. you didn't break into a lab and steal it in order to publish it), there is only a "tort" (a civil cause of action) potentially against the publisher, if and only if the publisher was party to the non-disclosure agreement!
To put it another way, "trade secret" is easily broken with no recourse for the holder of the secret if they didn't protect it well enough. Exactly like National Security Top Secret stuff: it does no good to sue China after they've stolen your plans for the W88 nuclear warhead...
This implies Network Address Translators (NATs, which the Linux weenies renamed "IP Masquerading" for no good reason) at every national border. There's only one teeny-tiny problem with that: you can't build a NAT that's fast enough to handle that amount of traffic!
IP Security is going to take out all the NATs anyway (and not a moment too soon): you can't translate encrypted packets.
Why not the Apple Newton 2100? That beast has a 162 MHz StrongARM CPU (optimized for "MIPS per milli-ampere" to begin with), 8MB of RAM, and a 4-bit greyscale touch screen, plus optional keyboard, and two PCMCIA slots.
Sure, it's orphaned, but it'd be a kick-ass system...