The Unix Guardian--IBM Taps TopSpin for InfiniBand Gear for eServers

Newsletters

Subscriptions

Forums

Store

Media Kit

About Us

Contact

Home

Volume 1, Number 3 -- January 29, 2004

But Wait, There's More

E-Mail 2.0: How to Fix the Mess That E-Mail Has Become

by Justin Ward

It is hard to say how many of the hundreds of millions of people on the Internet were affected by the Mimail, Novarg, and MyDoom variants of the new virus that was going around last week, but it is probably a very high percentage, especially among IT shops who not only have workers who get these e-mails, but who also have to cope with the floods of them that their end users get and sometimes inadvertently activate, wreaking considerable havoc. The reason this happens is that the e-mail protocol, SMTP, is outdated and needs to be extended. There's a simple solution, but it is a daring one.

SMTP, or Simple Message Transfer Protocol, comes from an age when network security meant keeping your password to yourself and not much more. It is a trusting protocol: you tell the mail server who you are, and it believes you. While taking the sender's identity on blind faith worked very well in 1980, and even reasonably well in 1995, it just barely works at all today. Unfortunately, SMTP is the e-mail protocol, the agreed upon worldwide standard. Worse yet, there's no way to fix this problem in the protocol. It is the fundamental flaw upon which the spam industry thrives and viruses proliferate. This flaw also leaves e-mail servers vulnerable to both being a part of and being a victim of distributed denial of service attacks. It degrades the credibility of e-mail messages. And yet you can't send or receive e-mail without abiding by these broken rules. The SMTP protocol must change.

There's a very simple solution, at least on the technical end. Every domain needs to list all the other domains that are allowed to send it messages. If domainA.com wants domainB.com to be able to send messages from user@serverA.com, it has to list that. Otherwise, any attempts at this will be refused. The Domain Name System (DNS) servers that tell Web browsers all over the world where to go, are well suited for this sort of application, due to its distributed nature and authoritative records. If this DNS approach were extended, it could ensure that mail from getrichnow.com doesn't claim to come from microsoft.com. The only requirement for this is that every domain has to publish its list. Not publishing a list would be equivalent to saying that anybody could send e-mail to you or as you, allowing anybody to hide their real identity by claiming to be you. This brings us to the real problem: social change.

E-mail is too entrenched, and we are all dependent on it. Nobody is willing to be the first to make the change, because they may be the only ones to make the change. Everybody's list has to be published for the system to be used, and nobody's list is worth anything if the system isn't being used.

We may need this to be imposed upon us from above by law, or it can start as a grassroots movement among companies and end users who have had enough. Either by government, by the Internet backbone domains, or by our own free will, we need to do this. If AOL, Hotmail, MSN, Yahoo, Earthlink, and SBC all announce that they will not exchange e-mail with domains that have not added this information to their DNS records after a certain date, we would have an immediate solution. If every small ISP in America announced the same, it would probably be enough to get the larger ISPs to do something. If every commercial company in the world said this was a good idea, and built up a grassroots movement for DNS+ and SMTP+ and set a deadline--say January 1, 2005--we could fix a lot of the problems with e-mail. Linux started with one person, Linus Torvalds, who was dissatisfied with the operating system on his PC.

What won't fix the dismal e-mail solution is only having some servers support it. That would split the Internet in two, and render both sides useless. It's all or nothing, with the usability of the entire network at stake. So what do we do now? Send me your thoughts at jward@itjungle.com. You have my permission.

Justin Ward is a Linux consultant with a bachelor's degree in computer science who works part-time as IT manager for Guild Companies' Linux and Windows cluster. He is looking for full-time work, and comes highly recommended by us.

SCO Offers Bounty for the Capture of MyDoom Virus Writer

The MyDoom worm that slowed down Internet traffic this week and cluttered everyone's email boxes was an annoyance to most of us, but it was particularly bad for Unix operating system maker The SCO Group. SCO has not made many friends in the Linux and open because of its legal attack on IBM, which SCO alleges released Unix intellectual property owned by SCO and licensed by IBM into the Linux 2.4 kernel. The company's Web site has been the target of a number of distributed denial of service (DDOS) attacks, and the MyDoom virus launched yet another one at SCO this week.

On Wednesday, after the worst of the DDOS attack had subsided and antivirus software makers Symantec and Network Associates had issued updates to combat the MyDoom worm, SCO announced that it was offering a $250,000 reward for any information that leads to the capture and conviction of the hackers who made and released MyDoom. The worm is set to launch a DDOS attack on SCO's site on February 1. We will see just how many people are infected by the worm on Sunday if SCO's site is unavailable. SCO must be getting pretty tired of buying extra network bandwidth to ride out these attacks and try to keep its site online. Both the Secret Service and the Federal Bureau of Investigation are trying to crack who the hackers are--not an easy task.

Sun Rolls Out January 2004 Solaris 10 Beta

Since last October, Sun Microsystems has been previewing the upcoming enhancements to the future Solaris 10 operating system, which is due in the fourth quarter of 2004, through a program it calls Software Express for Solaris, or Solaris Express for short. Every month, Sun has put a few more features out that will eventually come in Solaris 10, giving customers a sneak preview of what is in store so they can prepare. Solaris Express also helps Sun build up demand for the new product as customers play with the new code.

This week, Sun rolled out the January 2004 edition of Solaris Express, which added two main features to Solaris: dynamic resource pools and expanded disk support in the Solaris Volume Manager. When Sun announced the "container" partitioning technology in Solaris 9 two years ago, it implemented these containers in two ways. Containers could be shared for a particular set of users or they could be set up as resource pools for a particular set of applications. With the latest Solaris Express, Sun has made the resource pools dynamic, which means that processor, memory, and network bandwidth can be allocated and reallocated on the fly to resources pools as their applications need more of any of these resources. With Solaris 9, Sun integrated the Solaris Resource Manager workload manager into the core operating system (it used to be an external feature), and with the latest beta, now SRM is integrated with the containers that are implemented as resource pools. Policies set by system administrators can enlarge or shrink resources for containers are applications require. In a sense, these function somewhat like virtual partitions, but the real "zone" partitions that will ultimately be delivered with Solaris 10 will provide this dynamism as well as fault and security isolation.

The Solaris Volume Manager, which was also integrated into Solaris 9 for free, has been tweaked for Solaris 10. With the improvements in this beta of Solaris 10, customers can move and rearrange physical disks within a RAID or volume group without having to rebuild those RAID sets or volume groups. This has been a tedious task with Solaris 9 (and indeed, any other Unix platform). According to sources at Sun, the metadata that describes RAID arrays and disk volumes is stored on the disks themselves now and RAID sets are not dependent on SCSI addresses for independent drives.

Solaris 10 is "bug for bug compatible" on both Sparc and X86 platforms. Prior enhancements available in the Solaris Express program is the DTrace function, which allows system administrators and developers to poke around the Solaris kernel as it is running and see what is going on inside the system through some 30,000 probes in the Solaris operating environment. These probes are software, not hardware, and the probes capture data that can be captured by simple C programs or system administration tools that will presumably be tweaked to take advantage of DTrace. The data gathering of DTrace is non-invasive, says Sun, which means running traces on active machines cannot cause them to crash.

Sun has also previewed a whole new TCP/IP stack, code-named "Fire Engine," which was redesigned from the ground up to allow it to take advantage of new protocols like Gigabit Ethernet and to lay the groundwork for a more efficient support of future protocols like 10 Gigabit and 100 Gigabit Ethernet. The new stack has a more efficient way of dealing with TCP/IP packets than the current stack in Solaris 9. The net effect is that the Fire Engine TCP/IP stack can boost the performance of applications by as much as 10 percent. The new stack can also bring multiple processors to bear on a single, intelligent NIC, and thereby give it a serious performance advantage over rival TCP/IP stacks in Unix or Linux. The Solaris 10 beta also includes the basic framework Sun will use to support InfiniBand system interconnections in future Sun servers and with future Solaris releases.

The Solaris Express previews are available for free for non-commercial users on Sun's web site. Commercial customers have to pay $99 to participate, but they get the preview software and all sorts of detailed roadmaps.

IBM Brings Back Low Rate Financing Deal to Peddle Products

The name of the deal has changed, but the concept is still the same. Despite some signs of improvement in the economy and IT market researchers who are predicting a rebound in spending in 2004, IT managers who hold the purse strings are taking a wait-and-see attitude. To that end, IBM's Global Financing unit this week revived a low-rate financing deal to encourage customers to spread the costs of IT acquisitions across years instead of worrying about blowing all their budgets upfront.

The Power of Zero Plus deal that IBM announced last fall was given to customers who spent between $25,000 and $1 million per IBM-branded product line, and who finance their acquisitions with fixed terms between 24 and 60 months, can get gear at an interest rate of 3.75 percent for all hardware except PCs, which carry a rate of 4.35 percent. Software is being offered at a rate of 3.15 percent. These low rates are effective until December 31, which is also the last day that customers can take delivery of their gear or software from IBM under this deal. All models and upgrades in the iSeries, pSeries, and xSeries servers can be financed under these terms, and the new zSeries z800 entry mainframe can be, too, but not the high-end zSeries 900s and 990s. All models of IBM PCs, IBM's TotalStorage tape and disk storage, printers, retails systems, and software sold on a one-time-charge basis can also be financed under the above terms.

With the Low Rate Financing deal announced last week, IBM is offering a rate of 3.25 percent for hardware (which is lower) and 3.75 percent for software and services (which is higher). The financing rates apply to any one product family, in which a customer may spend up to $1 million each under the deal. All IBM servers excepting its high-end zSeries 900 and 990 machines can be financing under this deal. On the hardware side, it applies to acquisitions and financing of whole new machines and upgrades to new machines. Business consulting services and systems integration services can be bought and financed under this deal, as can any IBM software that is sold under a one-time charge licensing scheme, as OS/400 and the iSeries systems programs are. IBM's mainframe software, which is sold on a month-to-month rental basis on its big iron, is not eligible for such financing.

Meta Group Says ERP Vendors Gearing Up to Go After SMB Customers

If you are a Unix shop, the odds favor that you are a mid-sized firm, or maybe if you bought a turnkey solution, you might even be a relatively small company. According to IT analysts at Meta Group, makers of ERP software are going to be banging on your doors a lot in the next two years to try to drum up some business. The SMB market accounts for about half of total worldwide IT spending, reckons Meta, and it is commonly said that the SMB space is growing at twice the rate of the large enterprise section of the IT biz, even in this down economy. So you can see why ERP vendors want to talk to you.

According to a recent analysis by Meta, SMBs who sell their products into larger enterprises are going to need ERP software makers, too, since larger enterprises are automating their supply chains to try to wring efficiencies and profits out of those chains. If you are an SMB, you are going to have to do EDI, B2B, RFID, and a whole alphabet soup of different kinds of things to link your systems into those of the companies that buy from you. This is going to mean either bolting on solutions to the sides of homegrown or third party code or buying an integrated suite of products that provide such functions.

But sophisticated ERP software with SCM and CRM features has been very expensive to buy and implement, and the features for larger enterprises are usually overkill for an SMB customer that has to manage fewer products, fewer customers, fewer pricing schemes, and fewer suppliers of its own. Meta says that SMBs have to get more sophisticated not only about what ERP software they buy, but how they buy it. Carl Lehmann, vice president with Meta's technology research services unit, says that software makers are going to be rejiggering their technology, product lines, selling techniques, and pricing structures so they are more appealing to SMBs in 2004 and 2005. This probably means less price for less function.

But Lehmann says that SMBs have to get more sophisticated, even as prices come down. "Vendors often try to base maintenance contract prices on the 'list price' of software licenses--usually 20 to 22 percent--when dealing with SMB buyers," he said. "It is important for SMB buyers to leverage the interest in their market and negotiate maintenance agreements based on 'as sold' prices, or contract deliverables in return for their business." He said that even SMBs could negotiate down to the 18 percent industry average for maintenance fees, or even lower. Telling customers what other people are paying is part of accomplishing this, which is why this story is in this newsletter. Information is power. Meta is also advising that SMBs who can't get low prices they like to add maintenance contract deliverables such as support--troubleshooting, help desk, and patch administration--and future release updates to the deals they strike. This may not lower the initial sticker price on ERP software, but it does lower ongoing costs. This is how the big companies do it.

SANs Will Dominate By 2007, Says IDC

According to a recent analysis of the disk array market performed by IDC, combined shipments for storage area networks (SANs) and network-attached storage (NAS) arrays will exceed those for direct-attached storage (DAS) arrays by 2007 in the United States. In 18 of 20 markets that IDC examined, NAS plus SAN will outsell DAS; the utility and retail industries are going to keep preferring DAS by a margin, presumably because of the local nature of much of their servers.

Between 2002 and 2007, IDC says that overall sales of disk arrays will be relatively stable, but SAN sales will grow at a compound annual growth rate of 7.5 percent and NAS sales will grow at 5.4 percent, offsetting declines in sales of DAS units. By 2007, IDC reckons that in the U.S., sales of SAN arrays, which can share storage across switched fabric with many servers, will comprise $3.8 billion, or about 65 percent of the $5.8 billion external disk array market in the States.

IBM, UT Austin Designing Morphable Teraflops Chip

It wasn't that long ago when a teraflops of aggregate number-crunching power in a parallel supercomputer sounded like a lot. The University of Texas at Austin and IBM Research are tag teaming on a radical new design for a processor that could ultimately pack as much as a teraflops of computing power onto a single chip by 2010. The project could have implications for future Power-based machines that run OS/400, Unix, and Linux.

The new design, which is being developed under the code-name TRIPS (short for Teraops Reliable Intelligent Processing System) and which is being funded by the U.S. government's Defense Advanced Research Projects Agency, is about more than packing lots more transistors onto a single piece of silicon and cranking up the clock speed. That's relatively easy, as the last 35 years of processor development demonstrates. The TRIPS project is much more ambitious.

Processors today are very specific pieces of electronics: this one is a microprocessor for a server, this one is a digital streaming processor, and this one is an embedded chip for a controller or PDA. Even IBM's BlueGene project, which seeks to pack one million minimalist RISC processors running at 500MHz and delivering 1 petaflops (1 million gigaflops) of power in a single machine to crack tough genomics problems, is not as ambitious as the TRIPS project. TRIPS is about creating a new type of processor that can change its personality as a workload demands it.

With the proper design, explains Jeff Burns, technical strategist for IBM Research on the TRIP project, a multiple-core processor with memory and floating point units arranged in a certain way could be fabricated and controlled by software to emulate a multithreaded server processor, a DSP, or other embedded microprocessors as the application software on them demanded. The researchers at IBM and the University of Texas will be exploring how to do this, but they have what appear to be some pretty good ideas even though this project is just starting.

TRIPS includes a new "block-oriented execution" scheme that sounds suspiciously like the very long instruction word (VLIW) processing techniques that IBM's supercomputing gurus have been playing around with since the mid-1980s. With this block-oriented execution scheme, a TRIPS processor will crank through large blocks of instructions mapped to an array of instruction units on each chip. This is a contrast to superscalar processors, which can handle two, three, or maybe four instructions per clock with multiple pipelines.

IBM and UT Austin researchers have also figured out that the key to creating powerful servers using symmetric multiprocessors is to have very fast uniprocessors. One hundred 1 GHz processors will scale better than one thousand 100 MHz processors. So the polymorphism that IBM and UT Austin are working on will divide up powerful uniprocessors into smaller virtualized units that can be configured to behave like DSPs or other kinds of processors. The memory hierarchy surrounding the instruction units will have to be polymorphic, too, so memory circuits can be converted from L2 cache to a FIFO unit, for instance, when switching from SMP server mode to DSP mode.

Over the next two and a half years, IBM and UT Austin will develop a prototype TRIPS processor, which will very likely be fabbed by IBM Microelectronics using 130 nanometer or 90 nanometer chip technologies. (The fab and the technology have not been settled yet, says Burns.) In the fall of 2001, IBM expected the TRIPS chip to be implemented in 130 nanometer technology, run at 300 MHz, have an area of about 350 to 400 square millimeters, and have about 250 million transistors. IBM has raised the projected prototype clock speed to 500 MHz. On each prototype TRIPS chip, IBM expects to pack four processor cores, each capable of executing 16 floating point or integer instructions per clock cycle.

A working prototype system will have four of these TRIPS chips in a box, with 32 GB of main memory, and will deliver about 128 gigaflops of processing power. Tape out for TRIPS is expected in the fourth quarter of 2004, with prototype demonstration in December 2005.

IBM's long-term goal is to demonstrate a TRIPS chip by 2010 that can jam 1 teraflops of computing power into a single chip. How IBM will do this is unclear, but it will be able to ramp up clock speed and jam up to one billion transistors--and therefore more cores and memory--onto a single chip by then. Given that the target clock speed of the TRIPS chip in 2010 is 10 GHz, which is 20 times the clock speed of the prototype, just the ramp up in clock speed alone would make a four-core TRIPS processor capable of doing 640 gigaflops (in a perfectly linear universe). The quadrupling of transistor count suggests that IBM and UT Austin could pack as much as 16 cores on a single TRIPS chip by 2010, but the math on the teraflops suggests that eight cores is also a possibility. There's a lot of hedge in these numbers, and given that this is far-out research, that is no surprise.

The TRIPS prototype system is being developed under an $11.1 million contract from DARPA, and the processor research is intended to dovetail with the PERCS high-performance contract that IBM and a bunch of other universities (including UT Austin) have just signed with DARPA. In July 2003, DARPA awarded $146 million to Cray, IBM, and Sun Microsystems for a project called the High Productivity Computing Systems (HPCS) initiative. This project is akin to the Accelerated Strategic Computing Initiative (ASCI) undertaken by the U.S. Department of Energy to drive supercomputing technology from the hundreds of gigaflops to the hundreds of teraflops level in the late 1990s and early 2000s. HPCS is shooting for creating supercomputers that can deliver petaflops--a million teraflops--of computing capacity in the 2009 to 2010 timeframe.

IBM was awarded a $53.3 million contract to fund research into a future Power-based supercomputer called PERCS, which is short for Productive, Easy-to-use, Reliable Computing System. While IBM won't say this, odds are that TRIPS will be an optional processor in the PERCS setup. The two projects are managed by the same people at IBM. That is probably not a coincidence.

IBM hasn't said this, either, but TRIPS probably has a lot in common with Power6, which is due in 2006. While the TRIPS chip will have a minimalist core compared to the current Power4 and future Power5 chips, the ideas that IBM learns from TRIPS, if they pan out, will be woven into Power6. It only makes sense. Servers based on Power6 will, of course, support OS/400, AIX, and Linux.