<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Yes, perhaps I wrote that poorly; my apologies. Accounts and
directories are quite clearly separated; you can run Tops-20
without <u>any</u> accounts whatsoever. PANDA does this as does
the standard DEC distribution. We (Columbia) didn't because we
had to do charge back and sold time and you can use the account
functionality to do some nifty things, like set your scheduler
class.</p>
<p>We also had a RSTS/E System, running on a PDP-11/70 (possibly one
of the finest computers <i>ever</i><i></i>). I don't remember
what we were using for DASD, but it wasn't RM03. That was an
white platter disk that I remember remember mounting when we
switching between RT-11, RSX and a very early version of Unix on a
PDP-11/40 in the CS lap at <font size="+1"><tt>WPI</tt></font>.
I think maybe Columbia had something larger like an RP04. Anyway,
I remember it being separate, whereas the RM03 is in the tower.
We sadly unplugged the RSTS system when we got our fourth 20. The
only Basic that I ever saw that had RSTS muscle was on the DTSS.<br>
</p>
<div class="moz-cite-prefix">
<p>Doing sub-dirs on the 20 <i>is</i> beautiful and there are
features that I appreciate today over everything else I've
seen. The grammar was extremely well thought out. But under
the covers, if you had 20 to 30 thousand users ids to run after
and frequent turn over, you had to write custom software to do
the group management and id creation. I know, I wrote some of
it. <tt>BUILD</tt> <i>is </i>dandy, but consider all the
confusing options you have to do get the access right, viz:</p>
</div>
<div class="moz-cite-prefix"><tt> ABORT
DEFAULT-FILE-PROTECTION </tt><tt>DIRECTORY-GROUP
FILES-ONLY </tt><tt><br>
</tt><tt> </tt><tt><tt>GENERATIONS</tt> KILL</tt><tt>
LIST </tt><tt>MAXIMUM-SUBDIRECTORIES</tt></div>
<div class="moz-cite-prefix"><tt> PASSWORD</tt><tt> PERMANENT
</tt><tt>PROTECTION PUSH</tt><tt><br>
</tt></div>
<div class="moz-cite-prefix"><tt> SECURE</tt><tt>
SUBDIRECTORY-USER-GROUP</tt><tt>
TOPS10-PROJECT-PROGRAMMER-NUMBER </tt><tt><br>
</tt><tt> </tt><tt><tt>USER-OF-GROUP</tt>
WORKING</tt><br>
<br>
</div>
<div class="moz-cite-prefix">
<p>See that <tt>PUSH</tt> command? That's so you can go
recursive when (not if) something breaks and come back and try
it again. Groups are far more powerful than Unix's laughable
excuse, but they are not straightforward to implement as clash
is not a bug, but rather a feature. And you can't just have a
user of a group unless it's allowed in the sub-directory user
group. Get any of that wrong and you just created a
sub-directory that the user can't use and they're ... not happy
...</p>
</div>
<div class="moz-cite-prefix">
<p>The quotas are just plain tedious because unless you set the
magic bit, you have to grab it from the superior and then guess
how much (which is never right) or ask the user (who has no idea
or wants everything). And then you have to explain why <tt>SECURE
</tt>isn't necessary...</p>
</div>
<div class="moz-cite-prefix">
<p>And then there are all these other goofy things that they
should have just ditched and put into in <tt>^ECREATE</tt> so
your phone doesn't ring.</p>
</div>
<div class="moz-cite-prefix"><tt> ABSOLUTE-INTERNET-SOCKETS
ACCOUNT-DEFAULT ADMINISTRATOR
ARCHIVE-ONLINE-EXPIRED-FILES</tt></div>
<div class="moz-cite-prefix"><tt> CHARGE-LIMITED</tt><tt>
CONFIDENTIAL DECNET-ACCESS </tt><tt>DISABLE</tt></div>
<div class="moz-cite-prefix"><tt> ENABLE</tt><tt>
ENQ-DEQ EXPIRATION-OF-PASSWORD</tt><tt>
EXPIRE </tt><tt><br>
</tt><tt>
FROZEN INTERNET-ACCESS INTERNET-WIZARD</tt><tt>
IPCF</tt></div>
<div class="moz-cite-prefix"><tt> MAINTENANCE
MUST-RUN-PROGRAM</tt><tt> NUMBER</tt><tt>
OFFLINE-EXPIRATION-DEFAULT</tt></div>
<div class="moz-cite-prefix"><tt> ONLINE-EXPIRATION-DEFAULT</tt><tt>
OPERATOR </tt><tt>PRESERVE</tt><tt>
</tt><tt> REPEAT-LOGIN-MESSAGES</tt></div>
<div class="moz-cite-prefix"><tt> SEMI-OPERATOR </tt><tt>WHEEL
</tt></div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">This is visible list and t it
guarantees your phone rings because if they try the <tt>BUILD</tt>
and of them, it will break. As a matter of fact, except for a
very limited subset (which does not include creating
sub-directories), it is going to break. So that's fine if you
feel like chatting, but it's almost never a short call.</div>
<blockquote>
<div class="moz-cite-prefix">Why isn't <tt>secure </tt><i>secure</i>?<br>
Because our ACJ doesn't need enable the hooks.</div>
<div class="moz-cite-prefix">Why?</div>
<div class="moz-cite-prefix"> Because we don't need them.</div>
<div class="moz-cite-prefix">Well, shouldn't <b><i>I</i></b> be
secure?</div>
<div class="moz-cite-prefix"> Yes, you should be... I mean, you
are. (he sighs)<br>
</div>
</blockquote>
<div class="moz-cite-prefix">
<p>And, my favorite:</p>
</div>
<blockquote>
<div class="moz-cite-prefix">What's a WHEEL??</div>
<div class="moz-cite-prefix"> "<font face="Times New Roman,
Times, serif">Blessed are they who run around in circles</font>"
(he begins intoning)</div>
<div class="moz-cite-prefix"><i>??</i></div>
<div class="moz-cite-prefix"> "<font face="Times New Roman,
Times, serif">For they shall be known as Wheels</font>" (he
finishes intoning)</div>
<div class="moz-cite-prefix"><i>????</i></div>
<div class="moz-cite-prefix"> It means you have complete
unfettered and limited system access. Beyond root or
administrator.</div>
<div class="moz-cite-prefix">Oh!! Well I should have that.</div>
<div class="moz-cite-prefix"> Indeed? Why?</div>
<div class="moz-cite-prefix">Because my: (pick one)<br>
</div>
<div class="moz-cite-prefix">
<ol type="a">
<li>Thesis Advisor<br>
</li>
<li>Dean</li>
<li>Manager</li>
<li>Mother</li>
<li>Spiritual Advisor<br>
</li>
<li>Boyfriend</li>
<li>Dog<br>
</li>
</ol>
thinks I should...</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"> And yet I remain unconvinced.
However, don't let that stop them from hiring you.<br>
</div>
</blockquote>
<div class="moz-cite-prefix">
<p>Now, let's compare that whole saga with the effortlessness of <tt>mkdir</tt>
or <tt>md--</tt>boom you're done and no phone call. Of course
you have a point that <tt>BUILD</tt> isn't *that* hard in
theory. However, in practice as compared with the former two,
was a serious pain in the ass and I think it annoying in this
day and age. It was that complicated because it had to be
because of the huge user populations.<br>
</p>
</div>
<div class="moz-cite-prefix">
<p>Yes, we had bunches of disks, too; we had at least one RP07, a
number of RA81's on an HSC50 (clustered) and I believe something
on the order of 20 RP06's (I'd have to look at my copy of the
machine room diagram), 8 tape drives to back everything up and
printers and ... Remember that population? It still wasn't
enough. It's one thing to write a small program for an
introductory class, but when you really start getting on it;
writing papers, simulators or compilers. You just swallow disk
space and that's before you even talk about anything remotely
approaching multimedia, which was unthinkable.</p>
<p>Perhaps the following example is illustrative: In order to
validate my FTP server, I needed some 'decent' sized data
sets--things I could look at and immediately notice any obvious
problems. So I downloaded some of my favorite Sherlock Holmes
and Oscar Wilde novels from Project Gutenberg along with some
other goodies. All told, over 9,000 pages.</p>
<p>Now, let's suppose you wanted to do a longitudinal textual
analysis of stylistic changes in Abraham Lincoln's speeches. It
is instructive to compare the first and second inaugural
addresses using the Gettysburg address as a linking document.
Well, that's 12 pages right there before you've written
anything, over 10% of your quota. We were always screaming for
more disk. And CPU. And memory.</p>
<p>My KLH10 is over 200 times faster than a KL and I have 5
RP07's, with one piggy user (me), two medium users (my wife and
brother) and some assorted guests. If you compare that with a
KL10B with 70 signed on and 20,000 trying to sign on, you can
see why those disk drives simply weren't enough. Nothing but a
3850 would have been and we weren't allowed to use that. We
have one holding the 1980 census, the equivalent of 4,720 RP06's
(on the order of a terabyte). There was a lot of drooling on
the floor, but it was dedicated to research.<br>
</p>
</div>
<div class="moz-cite-prefix">
<p>I wasn't aware that Unix was older than Tops-20. What basis
do you have for making this statement? I had though it
younger. The initial Unix release date is November 3, 1971
whereas TENEX came on the air in June 15, 1970, more than a year
beforehand. Unfortunately, I don't have my Bell System
Technical Journals handy (still in boxes), so I don't
immediately recall the period between Bell pulling the plug on
Multics and Thompson began playing with that cast off PDP-7.
Clearly however, BBN was working on TENEX in the late 1960's and
sold the page box as a commercial product.</p>
</div>
<blockquote type="cite"
cite="mid:2b54ad8b-8439-0ea5-dcc3-22577384b3da@softjar.se">
<hr width="100%" size="2">On 7/5/2019 3:40 PM, Johnny Billquist
wrote:<br>
<br>
Well, accounts and directories are not clearly separated things
under TOPS-20, as you yourself noted.
<br>
And disk quotas were annoying to deal with.
<br>
<br>
Back around the same time, I was using RSTS/E at school, and there
you had disk quotas too, and no subdirectories. Also, the default
quota was 20 blocks (10 Kbyte). Felt quite acceptable at the time.
One RM03 for four schools sharing one PDP-11/70.
<br>
<br>
But creating directories under TOPS-20 was not *that* hard. There
was the BUILD command, which sorted out most things rather simply.
But I don't know how you'd do it programmatically.
<br>
<br>
The fact that you could have sub-users on the other hand was one
of the most beautiful things of TOPS-20. And it implicitly already
gave you groups. At university, each course there was a user, and
all students were sub-user to that, belonging thus to the same
group. Managed by the teacher, who had the parent account.
<br>
<br>
As for maximum disk, well... You could have RP07 disks. At half a
gig, that was pretty decent. Each of our -2060 had one RP07. And
one had one RP06, while the other one had three RP06 drives.
<br>
<br>
And Unix is older than TOPS-20, and ran on more limited resources,
and still handled subdirectories and quotas cleaner. So I don't
think it's fair to just blame old age or limited resources. A
PDP-10 had vast resources compared to many other things...
<br>
<br>
Johnny
<br>
<br>
On 2019-07-05 20:57, Thomas DeBellis wrote:
<br>
<blockquote type="cite">Oh, it's something beyond annoying, but
it's not the accounting system confounding you; that can be
completely disabled (I have it off on my systems). The policy
is actually built into the Tops-20 file system itself.
<br>
<br>
Directories under Tops-20 are vastly different--both in concept
and implementation--from anything else that I've seen (and I did
a lot of research into file system design at one particular
job). Directory creation is cumbersome, typically requiring
expert level intervention or significant programming. However,
it's whaay better than what Tops-10 had at the time (nothing),
ITS (don't ask), WAITS (nothing) or MVS (partitioned data sets,
a true hack).
<br>
<br>
Create a directory under Unix? mkdir. Easyn peasy. Windows?
md, unless you are running quotas. Also no heavy lift.
<br>
<br>
Tops-20 got more and more complex. In addition to having to
take quota away from the superior and hand it over to the
sub-directory, unless you are running PANDA modifications, you
have to create an access group and allocate it or the poor user
can't see his own sub-directory. Group management can be
confusing if you are running super-domestic structures and
downright tedious for regular structures, otherwise. There was
more; Yeesh... Instead of trying to check for every possible
problem beforehand, it was sometimes easier to catch errors from
the CRDIR%, go recursive and modify the superior (and on up).
<br>
<br>
You can defeat some of this. Setting CD%NSQ will cause CRDIR%
to no update the the superior, but you need rights to do it. I
always thought that there was a better way to do this, perhaps
with an IPCF% based client/server application, coupled with some
changes to the access control job.
<br>
<br>
Why all this hair? Directories were considered precious
resources. Why would that be? Consider what happens when you
try to fit (or cram) a user population of over 25,000 students
onto the triple 180 MB disk structures of the time (the maximum
you could do in 1980's). You get measly user permanent quotas
of 100 pages (250KB), working of 1,000. Not much.
<br>
<br>
It's a vastly different world now. So Tops-20 needs a mkdir,
but that would need to talk to a privileged backend with policy
and directory creation smarts. I think that would be pretty
friendly; definitely easier than trying to suss out BUILD or
^ECREATE.
<br>
<blockquote type="cite">------------------------------------------------------------------------
<br>
On 7/4/2019 2:48 PM, Johnny Billquist wrote:
<br>
<br>
The one annoying detail of the account system in TOPS-20 is
that user disk quotas are on a per directory basis. So you
have to manually move your disk quota around for your
subdirectories.
<br>
<blockquote type="cite">------------------------------------------------------------------------
<br>
On 2019-07-04 04:01, Thomas DeBellis wrote:
<br>
<br>
Tops-20 is vastly different from Unix (and I believe also
VMS) as to how it manages user ids and accounts. Parts of
the authentication paradigm are very tightly woven into the
the file system. Briefly,
<br>
<br>
* A user id is a login-able directory (I.E., one that
doesn't have
<br>
apassword and is not set FILES-ONLY). In addition to
basic OS
<br>
restrictions which prevent you from viewing file system
meta-data
<br>
unless you have appropriate authorization, an access
control job
<br>
(ACJ) is layered on top of this which can even restrict
<br>
privileged users.
<br>
* Accounts are either validated out of a binary accounting
file in
<br>
monitor space (which is compiled from ASCII source) or
via the
<br>
ACJ. Accounts can have multiple users or systems
processes
<br>
(such as spoolers) creating billing records. Users can
switch
<br>
between accounts on a per-job, per-fork and
intra-program basis
<br>
(a program can decide to bill certain portions of its
activity to
<br>
different accounts).
<br>
* The obvious benefit is that there is no password file to
attack
<br>
or steal and you can't even tell that there is an
accounting
<br>
file; probing passwords is monitored and a certain
amount of
<br>
intervention is done. It is /extremely/ fast. No
/etc/passwd to
<br>
grovel.
<br>
<br>
However, a deleterious side-effect is that once an id is
created, it can be used for _anything_, including online
interactive login.
<br>
<br>
On a PANDA monitor, is possible to specify a user id as
FTP-ONLY, but neither the supplied 5 series ACJ nor the EXEC
do anything with it. Historically, the Tops-20 FTP server
implemented ANONYMOUS usage by parsing for the login user
atom ANONYMOUS and then swallowing anything for the password
(what was typically supplied was an email addresses). This
was then hardwired into a local id.
<br>
<br>
Artifacts of this still exist in certain browers. Guess who
supplies IEUSER@ as the email address password for ANONYOUS
usage?
<br>
<br>
I recall that this is the approach that we had to use with
Tops-20 FAL. The Extended Mode FTP server that I wrote is
configurable via a file to specify the underlying id and
password. More productization would probably including
having the ACJ enforce FTP-ONLY on LOGIN% or CRJOB% and
having the EXEC parse for and display FTP-ONLY. Probably
about two weeks' part time work as I recall. Might have to
consider Batch policy.
<br>
<br>
One approach here could be to lift the ANONYMOUS code out of
EFTPSR and drop it into FAL and then do the changes to the
ACJ and EXEC. I'm just surprised none of the HECnet Tops-10
or Tops-20 nerds have done it (there is some commonality in
some of the sources).
<br>
<br>
Since Tops-20 has a BLISS compiler which implements BLISS
COMMON (my first training at DEC as an employee was to write
code that would cross compile under VMS, RSX, Tops-10 and
Tops-20). I think it might be useful to review some of the
VMS DECnet source, if any of that is available. It might be
possible to lift some functionality, which could be fun.
<br>
<br>
Does the VMS hobbiest license get you source code?
<br>
<blockquote type="cite">------------------------------------------------------------------------
<br>
On 7/3/2019 7:21 PM, Johnny Billquist wrote:
<br>
<br>
VMS, as someone else mentioned, have a default account for
FAL.
<br>
<br>
RSX does not have that. However, you can use proxy access
in RSX to achieve something similar. Enable incoming and
outgoing proxy, and define a default account that incoming
requests should be using that way.
<br>
<br>
If TOPS-20 can do this I don't know. But it's a
suggestion for something else/more to check.
<br>
<br>
Johnny
<br>
<blockquote type="cite">------------------------------------------------------------------------
<br>
On 2019-07-03 14:15, Thomas DeBellis wrote:
<br>
<br>
I have some software that I'd like to post, but don't
recall how to configure FAL to allow for an anonymous
connection; to download from a restricted directory.
<br>
<br>
I know how to do it for the FTP server (seeing as I
wrote it), but ... different code base.
<br>
<br>
I can only vaguely remember what we did for CCnet at
Columbia University in the 1980's, but I think it was
kind of a hack.
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
<br>
</blockquote>
</body>
</html>