On Fri, 29 Mar 2024 21:36:28 +0000
And, pre-Internet, it was a much better bet that, if some random luser
were to bring the whole system down by some dumb stunt, they'd be
located within a reasonable approximation of swift-kick-in-the-ass
range ;)

I'm pretty sure he misunderstands how CP worked.

On Fri, 29 Mar 2024 21:36:28 +0000
Very true. When I got my account on the University 370 along with
the rest we were all told that, unlike the Titan where attempting to hack it
was encouraged, the 370 was trivial to hack and nobody would be impressed if
we tried. Instead we'd just get banned and possibly sent down - so nobody
bothered. Of course a lot of the more popular utilities that circulated
among students exploited oddities of the system creatively - but they were
well tested and didn't tend to bring the system down so they were tolerated.

I had a case where it was a bug in the hardware. And it was hard to fix.

Once the University of Kent had moved to using EMAS (a third party OS), it
was enjoying a rolling MTBF averaging about 2000 hours over a 13 week
period. This was much better than the 20 hours we had been getting from
VME/K. People were very happy.

And then one day it all began to fall apart. The machine just stopped. No
crash, nothing. The engineer's panel indicated that the microcode had
halted. We re-IPLed the system, and an hour or two later it stopped again.
Eventually we called the engineers, and they ran tests. Lots of them. They
pronounced that there was nothing wrong.

Then the 'crashes' stopped, for a couple of weeks. Then they started
again. We couldn't get a handle on what was wrong at all. It was
eventually decided that, the next time it happened, I should use the
engineer's panel, for as long as it took, to investigate the state of the
machine. In the event, I simply dumped out all the target machine
registers, and the microcode PC.

Our engineers obligingly left a microcode training manual lying around,
together with a microfiche listing of the microcode. Oh, and some circuit
diagrams. I retired to a darkened room for much of that day; and the next.
Eventually I emerged with the reason for the crashes. Without going into
too much technical detail, it seemed that the microcode and the hardware
handed off tasks to each other; in particular, a part of the hardware
called the 'scheduler' was responsible for validating the type field in
the descriptor register during the execution of any instruction that used
a descriptor to access an operand. Any invalid type was trapped, and sent
back to the microcode to force an exception (known as a 'contingency').
All other type values were considered valid, and passed back to the
microcode to be used in accessing a jump table, thence invoking the right
bit of microcode for that descriptor type.

So, what was going wrong? It turned out that there was what can only be
described as a hardware design error. The scheduler didn't detect one
particular invalid type code, so it handed it back to the microcode, which
accessed the jump table with it. This of course accessed an entry marked
'can never happen', and the microcode halted. We later discovered that a
physicist's errant FORTRAN program was overwriting a descriptor, and
generating the bad type value. If the machine stopped, he just submitted
the job again until he got fed up and went off for a week or two. Then he
tried again, never noticing the causal connection.

We contacted ICL, but we never seemed to reach anyone who either
understood what the problem was, or had the power or inclination to get it
fixed (which would not have been a quick job, in any case).

So I decided I had better fix this another way. Back to the microcode
listing. I found an empty patch area, and hand assembled a new bit of
microcode which I linked to the right jump table entry. All this did was
generate a 'descriptor error' contingency with a hitherto unused subtype
code. I then wrote a tool to extract the microcode from the system disk,
patch it, and put it back again. We IPLed the system, and tested it (by
this time I had a test program). Success - it correctly triggered the new
contingency and the microcode didn't halt!

The only thing left to do was to modify the various components of the
operating system to do the right thing, culminating in a change to the
FORTRAN run-time system to generate a suitable message. That only took me
a few minutes.

We had no more microcode halts and the users were happy.

and RSCS/VNET also forwarded the (virtual unit record) spool files to
users on different machines ... was used for several different "email"
implementations.

GML website seems to have gone 404, but lives on at wayback machine
https://web.archive.org/web/20230402212558/http://www.sgmlsource.com/history/jasis.htm
"Actually, the law office application was the original motivation for
the project, something I was allowed to do part-time because of my
knowledge of the user requirements. My real job was to encourage the
staffs of the various scientific centers to make use of the CP-67-based
Wide Area Network that was centered in Cambridge."

CSC member responsible for CP67 wide-area network (morphs into the
corporate internal network larger than arpanet/internet from just about
beginning until sometime mid/late 80s ... technology also used for the
corporate sponsored univ bitnet/earn, also for a time larger than
internet)
https://en.wikipedia.org/wiki/Edson_Hendricks

"In June 1975, MIT Professor Jerry Saltzer accompanied Hendricks to
DARPA, where Hendricks described his innovations to the principal
scientist, Dr. Vinton Cerf. Later that year in September 15-19 of 75,
Cerf and Hendricks were the only two delegates from the United States,
to attend a workshop on Data Communications at the International
Institute for Applied Systems Analysis, 2361 Laxenburg Austria where
again, Hendricks spoke publicly about his innovative design which paved
the way to the Internet as we know it today."

SJMerc article about Edson (passed aug2020) and "IBM'S MISSED
OPPORTUNITY WITH THE INTERNET" (gone behind paywall but lives free at
wayback machine)
https://web.archive.org/web/20000124004147/http://www1.sjmercury.com/svtech/columns/gillmor/docs/dg092499.htm
Also from wayback machine, some additional (IBM missed INTERENET)
references from Ed's website
https://web.archive.org/web/20000115185349/http://www.edh.net/bungle.htm

corporate sponsored univ bitnet/earn
https://en.wikipedia.org/wiki/BITNET

Note, Pisa Science Center had done "SPM" for CP/67 (inter virtual
machine communication) ... which never ships to customers ... although
the VM/370 RSCS/VNET that shipped to customers included support for
using "SPM". "SPM" was superset combination of the later VM/370 "VMCF",
"IUCV", and "SMSG" (functions).

triva: internally within IBM a VM370/CMS, 3270 client/server "space war"
game was implemented using "SPM" ... and since RCSC/VNET supported
"SPM", clients could be almost anywhere on the internal network. aside:
almost immediately robotic clients appeared, beating all humans (with
their faster response time) ... server then was modified to increase
energy use non-linearly as command intervals dropped below nominal human
response ... somewhat leveling the playing field.

other triva: 1st webserver in the US was on Stanford SLAC VM370 system
https://www.slac.stanford.edu/history/earlyweb/history.shtml
https://www.slac.stanford.edu/history/earlyweb/firstpages.shtml

SLAC also sponsored the monthly VM370 user group meetings ("BAYBUNCH")

Sort of. I seem to recall that Algol “stream procedures” bypassed a lot of
checks for memory access.

It comes as a bit of a surprise to me to learn that it was the advent of
timesharing, not batch operation, that drove the development of hardware
protection systems.

there was early case where a MIT student "hung" the IBM cambridge system
by writing a channel program that looped, locking up the i/o channel.
system had to be re-ipled and the student contacted to not do that
again, he did it again and his user login was disabled. he then
complained that IBM wasn't allowed to block his user (apparently didn't
realize that it wasn't a MIT system).

the commercial online CP67 services dealt with it early on by adding a
new security class that wouldn't simulate the SIO instruction that
invoked channel programs ... restricting CMS I/O to just "diagnose"
instruction (which already started being used for CMS I/O) ... some
vmshare discussion about sandbox'ing users.

mid-90s there was small conference of cal. univ computer science
graduate school professors ... who complained that graduate students
were getting more "peer points" by demonstrating how to crash systems as
opposed to building systems that were crash proof.