Passionate About Tandem
Ross Systems International Limited
Development & Test Solutions
Archive Issue 2008
December 30th, 2008
For some time it has struck me that the throughput through HSMs is not what it should be and as a result of that I have invested the effort into looking at the potential bottlenecks in the processing of host commands and am in the process of writing a white paper, to be released in January.
Suffice it to say that I have identified three areas of concern:
I hope you like it when it arrives.
At the same time, I have also been busy implementing more host commands in HSEMM, our HSM emulator and development suite.
As usual it is not the complexity of the cryptography which is challenging but merely the vast range of options offered by each an every host command.
However, it was great fun doing the research and very revealing what the HSM manufacturers try to keep secret. For instance the speed of the HSM processors give a good idea of the maximum number of transactions that it is possible to perform per second.
I have good reason to believe that for a top of the range HSM one manufacturer is using a 2GHz processor which does not equate well with a quoted maximum transaction rate of 800 tps for PIN Translates.
This entire area need to be cleaned up which will start with accurate transaction timing for the same command on a processor with a known clocking rate which will give an accurate count of the number of cycles for that transaction. It is then possible from that point, nowing the clocking rate of the HSM processor, which I will find, to determine the true maximum cryptographic transaction rate for the HSM. It is also possible also to calculate the amount of dead wood processing being carried out in the presentation of the command to the relevant part of the firmware and predict the amount of speedup expected by blocking a command. Watch this space.
BITUG BIG SIG
The BITUG BIG SIG at the start of December in London was a big success. The education day following by a bash at the Royal Ocean Racing Club with a whole variety of presentations the following day at Trinity House was a golden opportunity to network, find out what is happening in the NonStop world and celebrate Tandem's 30 years anniversary in the UK. Of which I have had personal experience of virtually all, 29.5 years to be exact.
It is obvious that HP NonStop is due to continue for many years to come and that HP is totally committed to the platform. Which is very good news for all of us.
The only thing which marred the occasion was the comments of more than one delegate which showed me that discrimination, of the type which has been illegal for many years now, is still rife in the IT industry.
Anyway, have a very prosperous 2009 and I look forward to meeting you at the Security SIG.
November 27th, 2008
Today in America is Thanksgiving Day, a public holiday which originated from the original settlers giving thanks that the survived the first year and had successfully brought the crops in.
So, what have we all to be happy about?
Well, although we face hard times ahead with recession looming, not even the majority of the banks totally failed, and although there was considerable turbulence on the world financial markets, they did not totally meltdown, and although many people face redundancy and hardship there are jobs out there and work to be done and some people are still hiring and best of all we have a new president elect in America who will certainly bring the winds of change to the White House together with a huge amount of hope and pride to a large percentage of the American population who were in living memory disenfranchised.
When the going gets tough the tough get going. So lets be happy that we are still alive and well and lets dig ourselves out of this mess and build a better future for ourselves and our children.
Have a happy Thanksgiving Day.
November 17th, 2008
New Page Change
I have finally realised that this page is getting too big, so I have split off all of the news prior to 2008 and placed it on a back issue page.
I will repeat this operation in future on July 1st each year so that the new page will always contain at least half a year's news and comments.
Madness Strikes the Banks Again.
It appears that the Banks have still not had their fill of loony behaviour. Firstly they lent money to anyone which led to large sums disappearing down a proverbial black hole, taking one or two of them with it and now realising that their coffers are empty. They have stopped spending on almost anything including security.
Sadly for the banks the crooks of this world, who have their own very effective means of handling people who try to default on their debts, have managed to keep full coffers and are inventing better and better ways of defrauding the same institutions.
The banks at the same time, for 'fiscal' reasons, seem to have ceased to engage in the proactive action of investing in better and better security to counteract these shady types.
Thus, these entrepreneurs on the dark side will continue to ream out the bottom of the banks' coffers.
In England we have an expression
"To close the stable door after the horse has bolted"
In German it comes out in translation as
"To cover the well after the child has drowned."
We also have another which the banks could well take notice of
"Penny wise pound foolish".
Ross Anderson's famous expression also comes to mind,
"Programming the Devils Computer."
Thus, if you do not proactively counterattack in any conflict situation you are bound to lose. Money is very precious now and it is a good idea not to throw it away.
FINFO Version 2.7
Hope springs eternal and certain people have seen the light and are on their way to becoming proud owners of fully licensed versions of FINFO. I thought initially that they would use the spreadsheet extract functions to get their reports, but no, the product was OK as it stood.
In celebration of this fact and also the feedback which they have given me, intentional or unintentional it does not matter. I have realised that there is no partitioning information in the displays and also no select on partitioned function.
This of course gave rise to a new version to address these lacks and since alterations were required in the commands, a new manual.
I have also decided to put this version into test (Version 2.7) and of course release the corresponding manual. To get it working, as usual upload the code in binary and alter the file code to 700. Enjoy.
I have also not forgotten you old timers with CISC systems and the Itanium community. The CISC version with the same functionality as 2.7 is Version 1.5 and will work until the end of 2008. To get Version 1.5 working upload it onto your Tandem and change the file code to 100. For the smart set with Itanium you can also accelerate it.
BITUG Bonanza 2008.
Hope to see you all there. If you have not signed up yet, do so
November 12th, 2008
Community Connect Europe
Today is the last day of the new European HP User Community Event in Manheim which replaces the annual ITUG event, the last of which was held in Brighton.
I am sorry to say that I have not gone this year because of other commitments and for a pure NonStop company, in comparison to Brighton there appear to be many fewer Tandem based presentations with the corresponding limitation of subjects covered. Whereas the price has remained unaltered.
So, if you wanted to see me you will have to telephone or mail me to make an appointment or wait until December when I will be attending the BITUG event in London.
Anyway, for those of you who are attending, I hope that it is interesting and fruitful, and I look forward to hearing reports of it in December.
I have just realised that file partitioning information is not displayed by FINFO and so in the next release I will make sure that at least the number of partitions for a partitioned file are displayed and if required an error indicator to show if a partitioned file has missing partitions.
October 14th, 2008
"As flies to wanton boys are we to the gods; they kill us for their sport." - King Lear
The randomness of life is of course not all bad. Random good things can happen too.
Indeed, there are some things which we need to be random to secure us, for instance none of us would be secure if all the front door keys in a street were the same. It would be better to have no lock at all.
It is the same in cryptography. In order for the cryptographic keys which we use to be truly effective they need to be provably random, to stop people guessing them, and for the most part we simply assume that the cryptographic hardware which we use is performing that job.
However, the situation changes when we are trying to prove the correct functioning of cryptographic equipment and sometimes in the rush to show that DES, AES, Diffie-Hellman, RSA, SHA-? or whatever is working properly we forget to test the other aspect of HSMs and that is that of a random number generator.
Thus is was in our HSM Test suite, capable of beating a HSM into a pulp with
a thousand different tests a minute, when I decided to read Secrets and Lies by
The outcome of this is that I dived into my library (Cryptography for Developers, Numerical Recipes in C, Knuth Semi-Numerical Algorithms, Handbook of Applied Cryptography, and other sources on the internet) which lead to the measurement the entropy of these devices using Statistical Tests such as Bit Count, Word Count, Gap Space Count, Autocorrelation Tests, Chi-square, Kolmogorov-Smirnov, and a multitude of Trend testing Techniques, intuitive and stochastic (Martingales, Markov Chains, Petri Nets, Wiener Stochastic process patterns, Ito's formula) and some others which I thought might be interesting. All of which yield that fact that a sequence of 1000 1's or 1, 2, 3... are all possible random number sequences but at the same time are neither very probable nor desirable in the context of HSMs where supplying a range of different non-predictable keys is the aim. Maybe we don't want them to be quite that random!
Anyway, computers are much faster than HSM's. So we can do all the tests at once, between generating the random numbers from the HSM which is what I am doing. Having Telos as a C++ basis is a great help in dealing with this. The process is boring but the maths is fantastic and the possibilities are endless. Watch this space.
The financial markets also appear to be recovering after the last months of madness. Is this a glimmer of hope or merely the eye of the storm? We will see!
October 8th, 2008
There is an ancient Chinese curse
"May you live in interesting times!"
Which was a complete mystery to my entire generation since our times were interesting and good, so why the curse?
Of course it is now obvious to all, we do "Live in Interesting Times" and it is not nice or secure and there is a feeling that anything could happen next.
We also are looking over our shoulders and looking backwards 80 years to 1929 when the Wall Street Crash happened followed by the Great Depression in the time of our Grandfathers and hope the history will not repeat itself.
So how has it happened? I suppose that the one word we need to say is Risk.
The world of 2000 was a world in which the generations who had known risk and the consequences of ignoring it had died out. There is virtually nobody alive today who was involved in the 1929 crash and if they are they certainly are in no position of authority and likewise their children who realised risk in the form of getting mangled in the 1939 - 1945 war are very old.
So it is the baby boomers who are in charge and quite frankly that generation have never known real risk en masse until 2008, now. As in the 1920's it appeared that the wheels of industry could be oiled by greater and greater lending, with no real thought of how all the money was to be repaid, until the day of reckoning, when one by one the wheels came off the industrial nations and the greatest recession to the present day took hold.
We live in interesting times and it will take all our art and skill to make sure that economic depression and political extremism does not follow the crash we are now experiencing.
One thing is for sure, we will not forget this year in a long time and we will be very careful from now on.
Good luck and hopefully we will win through.
September 10th, 2008
HSEMM and other Application Development Tools
A few years ago there was a general feeling the the NonStop Platform was doomed. Then thanks to the vision and investment of HP, who decided to take it as their flagship high end platform, interest in HP NonStop or Tandem, as we veterans like to call it, has blossomed. The result of this is that many financial institutions have decided to stay with it and continue to invest in it.
However, the self same institutions, because of their vision of the limited life span of their NonStop Systems, decided not to invest in the development of new systems and instead performed the minimum maintenance to keep these systems up and running. This led to the years of famine which the NonStop development community has just experienced, relieved only by the NHS project.
The situation now is that these institutions have a great number of creaking applications which are in great need of modernisation, in many areas, including cryptography, since as we all are only too aware, although investment by the banks etc may have come to a halt, computer based fraud is roaring ahead and the only way of countering this is by building better security systems, which of course includes the information based infrastructure and HSMs.
It seems, therefore, that the financial institutions are about to invest heavily in their Tandem based security infrastructure. At the same time they have had a number of years experience of developing systems with very efficient tools, especially on the Wintel and Linux platforms, and will of course be expecting the same on the HP NonStop platform.
Now, whereas HP have upgraded their development environment to include a nice flashy ADE (Application Development Environment) there remains a few of nasty thorns in the side of any potential developer of security solutions.
1. It takes a huge amount of time to development and implement new HSM based security solutions. Principally because of the methods used to specify and implement new HSM firmware.
2. The methods used to generate test sets for functional testing are not very efficient at automatically covering the entire range of test scenarios and when the tests are run the methods for the automatic collection and analysis of results appear to be in their infancy.
3. In updating their HSM estates to the newest HSMs. They are having to convert their means of communication to the HSMs from other protocols such as SDLC to TCP/IP or UDP/IP. This quite often involves program changes.
We have responded to these challenges by developing the HSEMM, RSI Test (PIRA), HSSPOOL and the R-IPPS Products.
Also, the requirement for efficient multi-threaded applications has grown and grown. Whereas the skill pool for developing these on the Tandem platform has shrunk. The Telos product solves this problem by enabling C++ application developers to develop these applications on the Tandem platform as if they were single threaded.
Finally, in modifying old code estates it is often very difficult to determine where a structure or routine is used, it frequently involves ploughing though entire libraries of code. This task is greatly helped by our FINFO product which enables its user to search for given strings in these estates.
I have just read an article about the massive carbon footprint of ICT caused from manufacturing, running, cooling and disposing of the various components in our wired information age.
It appears that it is the same as the complete aviation industry, which was a surprise to me, but then again I remember being told that a fully stacked blade served has a power consumption of 30 kW per hour, which when you think about it, is quite obscene.
It means that during the course of a year, that one device, and there are many of then in the average date centre will be using about 263,000 kWh at a cost of about £27,500. A figure which can easily be doubled when you add on the cost of cooling. This is 40 times the average power consumption of a domestic consumer.
Fifteen years ago, when the Himalaya series was released, it was proudly boasted that they did not require a special computer room and could be located in a normal office. The air conditioned computer suite was a thing of the past. So what happened?
Well, on-line transaction processing and the internet drove the processing requirements onwards and upwards, plus a couple of large system integration fiascos. Thus Tandem, as they were called then, realised that they had to make their systems very powerful to handle the flood of transactions. These powerful systems were very hungry beasts and consequently required huge amounts of power, which also had to be got rid of, so the server was once again sent to the air-conditioned computer room.
The trouble is that these drivers are still at work in the computer industry. So, in spite of all the hype, servers are becoming less and less green and also because computer managers are really afraid of their systems crashing owing to overload they greatly over-engineer their systems. Also, the institutions who are developing these systems are also required to have a fall back system, which is often used for development.
There is also the problem of image. Suppose I am the CEO of a huge multi-national company. Am I really going to be content with a ten year old system running say Windows 98, even though it is perfectly good for everything I want to do? No! Of course not! What I want is the latest hugest whiz-bang system running say Visa, MultiCored, 4Gb of memory and a 1Tb disk, plus naturally a huge TFT or Plasma Screen, or an equally over powered laptop. This spec will of course keep on going up every year as new kit becomes available and it won't be just the CEO who will be doing this dance. it will carry on throughout the organisation down to the most humble employees. The end result of this is the organisation wastes enough power to keep a small town going and twice as much as that in manufacturing all the new systems and disposing of the waste energy and kit.
Finally, the ICT industry is full of go getters who need to fly everywhere, once again a huge waste of resources when the train based infrastructure in Europe and many other countries is perfectly adequate. OK it takes perhaps an hour or two longer, but that time is usable since it is much easier to work on a train that on a plane or in a queue waiting to get on a plane. On the other hand communications are getting better and better and a lot more business is done using conference calls and emails. So, in certain areas we are getting better. The problem is fixing the others.
Sadly, it appears that your interest in FINFO does not extend to
asking for a free test copy, which you could have done by mailing
August 6th, 2008
Last month I said that I will probably add a case free text search command. This has in fact has been done and FINFO Version 2.4, which is valid until the end of August, is now on free release.
To get it just send me a mail to email@example.com and I will be only too happy to send you a copy. Once again after receipt alter the file code to 700 on your Tandem system and all will be well.
By the way, I have also noticed attempts to download earlier, out of date versions. These of course will not work. In addition, if you have an integrity or blade system and ask for a copy, I will generate a CISC version of FINFO for you, which you can then accelerate. All you need to do is ask.
As they say "It's a jungle out there" and "It's the survival of the fittest".
However, it is easy to forget the various ways in which
companies can face extinction. A fault which I have just made in assuming that a
certain company would slowly die from loss of market share and the associated
cash flow problems. It is also possible for a company to have major problems
following a takeover of another sick company, which is alike to poisoning.
However, the most dramatic one for a company of any size is to be eaten alive!
Snap, chomp, gulp!
Now to more happy news. I don't think it is just me but I do really think that there is a Tandem / HP NonStop revival on the way. Not that anyone is saying much yet, but I do notice the smiles getting wider. Integrity, Blades and HP's sensitivity to the corporate marketplace is well on the way to paying dividends. All of this has a knock on effect all that way down the supply chain.
Good news at last. Well done HP and a big thanks to keeping us informed at the last BITUG SIG on all the platform changes on their way.
Well, that's about it for this month. Except that we have found
a new HSM supplier: Utimaco
People who deal with cryptography and security and never idle for long. There are so many people in the old soviet block, South America and the far East working away at one form of computer fraud or another that the only way of surviving is to build systems with defence in depth, keep on reading and hope that everything has been covered.
Kaspersky gave an excellent seminar on HMS Belfast in June on malware attacks and how to prevent and recover from them. They appear to be better than the competition and also their software runs faster. So there is no guessing who is in the frame next time we re-order.
Till next month. Happy Hunting and much success.
July 1st, 2008
As promised in my last news letter I have now extended the test version of FINFO until 31st July.
Also, I have put a fix into the code so that the date stamps are not altered when searching by content on non text files.
Next month I will probably add a case free text search command.
Anyway, download FINFO 2.3 and then alter the file code to 700, enjoy!
June 13th, 2008
There is a long tradition when selling, especially in the software industry, that the client is king and the supplier is there just to be kicked around, which is why any decent software house has fairly rigid contracts to limit the capability of the client to commit mayhem. However, before reaching that point the supplier has to be 'nice' to the client and not muck about.
Now, I have been in contact with an organisation which has been trying to get into a certain market sector for a long time and I was willing to give them the assistance they required to make the breakthrough. Then one huge reorganisation later everything changed and the project was shelved, no surprise there, that happens lots of times to suppliers like us.
Then, through the grape vine, I heard of something I could not credit, they were also doing the same thing to their prospects, some of whom are very major corporations and at the same time they are wanting to double their revenue. You may have already guessed who they are, but when they hit the deck, I'll let you know!
I have also seen from my site statistics that you are now trying out FINFO Version 2.2, thank you for your understanding. I'm thinking of rewarding you with an extra free months use and will let you know at the end of this month, watch this space. Anyway if you feel like ordering now, I'll give you this free month anyway. How about that!
May 14th, 2008
Found out that I had loaded garbage onto the site instead of FINFO 2.2, now corrected.
Sorry all. I am feeling a twit! Compensation is that it is valid until the end of June.
March 27th, 2008
Earlier this month BITUG held a very successful education day on how to migrate NonStop applications (RISC AND CISC) to the Integrity (EPIC) NonStop Platform.
Bert van Es, who was presenting, gave us an enormous wealth of detail on all the steps required to successfully migrate an application to NonStop Integrity (TNS/E, remember E for EPIC) and buried in all of this were four all important facts about Integrity object code:
It was also mentioned that it is much easier to migrate from source code which has been converted to compile with the RISC native compilers rather than the old CISC compilers.
So, the message was clear: "Make sure your code can compile native to be ready for TNS/E"
I listened and went back to my office determined to go native and this is what I did and found:
I was rewarded at the end with a program which ran like lightening and was compatible with the Integrity native compilers. However, it is RISC native and will not run on Integrity, but if you would like to try it out on your Himalaya or S-Series machine, here it is:
Enjoy! How about plucking up your courage and going Native too?
February 20th, 2008
Ah, the best laid plans of mice and men! So it happens to us all!
But a foolish man never learns form experience and all you need to do is to keep your eyes open.
A multitude of things have happened since I last wrote in this column but there are two which I would like to share with you.
Firstly, why the sigh? As you probably know I have been programming in C++ for many years now and a very interesting possibility came up last week. It was an incredibly interesting opportunity in investment banking requiring years of C++ experience an opportunity really to shine and to learn a lot in exchange, but in the side line there was a requirement, non essential, for Java experience, which I do not have. Inquiries were made, CVs were sent , plus more information, other possibilities were put on hold and gentle pressure put on the agencies. The Result! Java is now an essential! Some banks are not very ethical in their recruitment procedures. However, the big plus is that now I have a new set of documents, papers and books dealing with stochastic processes. What! STOCHASTIC! what does that mean? Does it exist in Computer Science? Sure thing! but you will need to go to numerical analysis to find it. The thing is that, in life, as we know, things tend to hit us out of the blue, in a sort of random manner, but here is the rub, they may appear to be random but there are fundamental forces driving these processes, lust for money, survival etc. which has the effect that these so called random events are not random at all but conform to a rather erudite set of differential equations. Solve these and you will be able to judge on average how things will turn out. So, was I going to go into academia and look at the way populations of newts spread? No way! The same equations can be used to predict how the stock market will move, money, if you know when to buy and sell before the majority, it is unlikely you will lose money, but the problem is vast, thousands of shares will have to be tracked and analysed over time in order to determine what to buy or sell and when, or if you want to be more risky derivatives. Success is measured in big smiles and huge mounds of money, failure is not to be contemplated. So, what do you do build the model, let it run see if it works and then use it, but remember other people are doing the same and that will skew the way the market works, so be careful, not quite so huge gains but adequate, never the less, and in compensation risk is minimised. Berings and Banque de France take note and as they say to the aficionado don't try this at home. Great fun, satisfying a job to be well done, but alas...
BITUG had an operations management SIG last week which as usual
for such events started with the normal mantra of how great it will be when it
comes type of thing. You know, we have one operations management console from
which you will be able to direct the universe. Yea! Get real! All I am trying to
do is to keep my NonStop system stable and I don't have any of the other stuff,
type of comment.
Well, that's it for now. One up for HP and BITUG and one down for the organisation which purports to be a world wide philanthropist and enabler, including the formation of GE, but who in reality turned out to be a somewhat disingenuous institution.
Till whenever. I'll let you know what happens.
January 3rd, 2008
Firstly, Happy New Year to you all! I hope this year brings you great success and happiness.
Secondly, all good things do come to an end and sadly the trial period for FINFO is at an end. However, you can still get a time limited trial version on request, see the FINFO order page.
I am sure that there will be much to report this year with the Tandem fundamentals of scalability and reliability being brought to the forefront as the size of business critical systems continue to grow. For our part we will continue to deliver the tools which you will need to make best use of your infrastructure and provide a solid basis for the further development of your systems.
This week will prove to be a busy one, so I will let you know what happens.
Copyright © 2006-2010 Ross Systems International Ltd.
Registered in England No.2407494