Su Tech Ennui: October 2007

Saturday, October 27, 2007

Myer and Sutherland's Great Wheel of Reincarnation

Back in the early 70's, Myer & Sutherland (the latter of Evans & Sutherland high-end graphics fame) suggested that trends in graphics workstations (and by extension, computing in general) followed the 'great wheel of reincarnation' principle; an example being the zugzwang between diskless workstations and local storage, which in my lifetime has gone back and forth I think about three times. (We're currently in the 'migrating away from local storage' phase, with both data files and applications moving to some generic cloud on the net.)
I was reminded of this when about a week ago I was given access to a compute cluster through my job - a farm of about 6000 CPUs (4 per chip and 1 chip per box) of which I can use up to 512 CPUs at a time, dedicated to me alone, for up to 48 hours. Generally the wait to run a job is less than a day. Pretty damned good fun, I can tell you.
Anyway, back to our story... I won't bore you with the details, but the essence of it is that this cluster is being run extremely similarly to the way that mainframes were run in the 60's; batch queues, no interactive work, and no multitasking.
For those of you who've grown up with Moore's Law (probably better called Moore's Postulate, but who am I to argue), we're starting to wonder if it will bottom out soon as there has to be a limit to the feature size and speed you can get on a chip as we finally approach atomic levels - we've improved performance until now by increasing CPU speed, and in the last few years, by trading huge RAMs for CPU power in our algorithms, and by trading expanding disk storage for CPU (eg Rainbow Tables)... but to continue doubling space X time perfomance every 18 months into the future, I'm convinced (and have thought this for some years now) that the next big step will have to be more CPU cores. I don't mean just 4 or 8 on a chip, I mean desktops where the owners are bragging 'Yeah, I've got 16K in mine' and they're referring to CPUs, not memory.
Which brings us back to my original subject: supercomputing using multiple desktop computers as a replacement for the mainframes of yore. If the Texas supercomputer cluster is anything to judge the state of the art by, there needs to be a major wakeup call in terms of operating systems, multitasking, multi-user use and interactive response if the desktop systems of ten years from now are to be built using what is basically the architecture of today's supercomputer clusters.
In other words, we need to parallel the progress from 1960's mainframes through 1970's multiuser systems, ending up with 1980's desktops which were as powerful as the mainframes of the 60's and as usable as the OS's of the 70's.
It's time for Myer and Sutherland's Great Wheel of Reincarnation to go round again.

Monday, October 15, 2007

Mechanized Reasoning

I recently came into possession of a copy of an old paper (1951) that described a relay-based custom computer which enumerated arbitrary boolean expressions. It's pretty damned interesting and well worth a read:

I think it would be a fun project to write a graphical emulator for this (or even better, build a real one from relays which you can get cheaply and easily at Radio Shack).

Wednesday, October 10, 2007

Stupid Company Tricks

Back in the usenet days, I was a subscriber and occasional poster to a group called "risks digest" where we would highlight the stupid stuff that organisations and businesses would do which actually made things worse for their customers. Twenty years later I'm sad to see that corporate common sense has not improved in any way and people are still doing Really Dumb Things:
  • Take our cell phone company for example. ("Please!", as Rodney Dangerfield might add)... I forgot the account name associated with my phone so I went to their online page where you can ask for a reminder to be mailed to you. So far, so good. So I enter the phone number, and what do I see... "Your account information has been mailed to". Yup, they don't just mail it out, they tell you to whom it has been mailed. So anyone wanting to find out who owns a phone number with this company can just submit an account reminder request and immediately see what email account is associated with the phone number, from which it is usually trivial to work out the person associated with it.
  • Here's a big computer company that heavily touts the security of their products... they have a web system for users which is where you download their software as well as being a chat forum. If you go to their 'lost password' page and request a reminder, they don't just email you with your password - nope, that would be a security risk because they'd need to keep your password unencrypted, so they helpfully change your password and send you the new one. No, you read that correctly - they don't send you a link where you can change your password, they go ahead and change it immediately. Never heard of 'denial of service' attacks, guys? You can lock anyone out of their service by requesting a forgotten password (no ID required, just the email address) until they receive that email and log back in to change it back.
  • Here's the worst forgotten password story of all. I forgot the password to my online bank account. Because I'ld never entered any initial 'security questions' on the web site, I couldn't get an email reminder and had to call in. Again, so far so good. Unfortunately they asked me the same 'security questions' that the web site would have asked - which I had never entered so I couldn't give them answers. God knows what answers they expected to hear. So they used their fallback procedure - asking me questions about things they knew the answers to, like where did I stay when I lived in Ohio, or which of these three Ohio businesses did I ever work for. Just one problem, I've never been to Ohio. I'm reasonably sure that an illegal immigrant migrant farm worker got my SSN here in the valley and used it while working in the fields up there. Unfortunately this info has got into my credit file with the big three companies (Experian etc). Here's the rub - my bank trusts the data from the credit companies implicitly and would not believe me that all the info they were using to ID me was wrong. I finally convinced them I was me by telling them at which bank branch I opened my account. Well duh - there's only one for this bank in the town where I live, and anyone can find out where I live pretty damned easily (especially if they've already got a copy of my erroneous credit report, which apparently is all that is needed to spoof someone's ID at this idiotic bank).

It amazes me that these are huge companies with large staffs and presumably they hire information security professionals. Just what sorts of idiots are running the security in these companies? I despair at times.