1 INFO-VAX	Mon, 27 Feb 2006	Volume 2006 : Issue 116       Contents: Re: AMD blew it big time!  Re: AMD blew it big time! & Re: Building SSL support on VMS V7.3-2% Re: CSWS 2.1 + Tomcat 5.5.9 + mod_jk2 1 Re: Differences between RUN/PROC and SPAWN/NOWAIT 1 Re: Differences between RUN/PROC and SPAWN/NOWAIT  Re: Error message Help?  Generic PN for AHV15D Need a little help moving from a Microvax3900 to VAXstation 4000-90.H Re: Need a little help moving from a Microvax3900 to VAXstation 4000-90. Re: OpenVMS screenshots?1 Re: Plain truth is that unix/linux is NOT secure! 1 Re: Plain truth is that unix/linux is NOT secure! 1 Re: Plain truth is that unix/linux is NOT secure! 1 Re: Plain truth is that unix/linux is NOT secure! 1 Re: Plain truth is that unix/linux is NOT secure! $ Problem with SDA extension using C++( Re: Problem with SDA extension using C++( Re: Problem with SDA extension using C++P Re: Protection Modes/Rings, and Security (was: Re: Plain truth is that unix/linu# Re: question about VMS732_LMF-V0200 , Re: Rich Marcello in VMS mention shocker :-)$ Security holiday over for Mac users!( Re: Security holiday over for Mac users!( Re: Security holiday over for Mac users!( Re: Security holiday over for Mac users!
 soyMAIL redux  Re: soyMAIL redux  Re: soyMAIL redux  Re: SYS and EXE file specs?  TCPIP$SMTP_SFF.EXE suggestion : TCPIP: Detecting lost connections + defined service server> Re: TCPIP: Detecting lost connections + defined service server> Re: TCPIP: Detecting lost connections + defined service server> Re: TCPIP: Detecting lost connections + defined service server* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?* Re: Whats MORE Secure? OpenVMS or OpenBSD?  F ----------------------------------------------------------------------  # Date: Mon, 27 Feb 2006 07:12:13 GMT  From: "Scott" <scott@scott.com> " Subject: Re: AMD blew it big time!, Message-ID: <hDxMf.76351$H%4.28919@pd7tw2no>  B I would like to try running Win 2000 on my DEC Multia/UDB (Alpha) @ I recently acquired. Is the Beta CD available for download from 
 somewhere?  ' <bob@instantwhip.com> wrote in message  < news:1140717990.943345.24660@g14g2000cwa.googlegroups.com...B > no x86 emulated processor will ever run the high end as well as  > alpha  > does.  > A > I said AMD could still have their x86 64 bit emulator chip for   > the  > masses? > who feel trapped on x86 but could have still beat IBM, Intel   > and 
 > everyone* > else also in the high end with alpha ... > B > and by the way, alpha runs windoze 2000 ... I know where to get 	 > you the  > beta 3 CD if you want one ...  >    ------------------------------    Date: 27 Feb 2006 06:48:09 -0800- From: "Andrew" <andrew_harrison@symantec.com> " Subject: Re: AMD blew it big time!C Message-ID: <1141051689.684003.142260@e56g2000cwe.googlegroups.com>    Bill Todd wrote: > Andrew wrote:  >  > ...  > J > > In the circumstances your opening salvo looks more and more like folly > > and bravado on your part.  > F > That's only because you carefully snipped out the drivel of yours to& > which I was specifically responding. > ( > So let's refresh your memory:  it read > I > "Exactly how much quicker do you think the EV8 would have been than the - > current Alpha processor ? 1.5x 2x perhaps."  > I > So when I went on to demonstrate that EV8 would not only have been over J > 2x 'quicker' than the current EV7 running a single thread but would haveI > been over 5x 'quicker' than the current EV7 running multiple threads in G > a typical server workload, it was not exactly 'folly and bravado' but A > more like a successful refutation of your blatantly incompetent 6 > statement (quoted again above for your edification). >   B You seem have combined apparent missunderstanding of my point with. clear overhype of EV8's projected performance.  E EV8 single threaded performance was projected to be 140-200 SPECint95 C and 300-400 SPECfp95 assuming that EV8 met its intro-speed and then  projected clock rate ramp.  G The best case estime of speedup for SMT/TLP based workloads for EV8 put & integer speedup at 210% and fp at 150%  6 The 1.3Ghz EV7z does ~101 SPECint95 and ~255 SPECfp95.  E Its pretty clear that for your point to be correct and for mine to be G incorrect EV8 would need to have hit its top end frequency goal of 2Ghz G now, since this is a trifle unlikely your point hardly holds water does  it.   F What I was talking about is what is available/would be available todayC and its clear that AMD if they ever considered Alpha made the right C choice by staying with Opteron at least from a performance, thermal E footprint, cost and application availability perspective. If there is F anything else that you want to dispute then please feel free to do so.   regards  Andrew Harrison    ------------------------------  + Date: Mon, 27 Feb 2006 10:02:07 -0600 (CST) * From: sms@antinode.org (Steven M. Schweda)/ Subject: Re: Building SSL support on VMS V7.3-2 2 Message-ID: <06022710020688_20331674@antinode.org>  ( > From: Frank da Cruz <fdc@columbia.edu> > F > > Right, as noted on the website the FTP client is available only in2 > > the Unix version of C-Kermit and in Kermit 95. > = >    Anyone desperate for entertainment might wish to peruse:  > 2 >       http://antinode.org/ftp/kermit/2006-02-25/- >       ftp://antinode.org/kermit/2006-02-25/   B    The CKVKER.COM and CKVKER.MMS there today are a little bit less- embarassing than the ones I posted initially.   H ------------------------------------------------------------------------  4    Steven M. Schweda               (+1) 651-699-98183    382 South Warwick Street        sms@antinode-org     Saint Paul  MN  55105-2547    ------------------------------  % Date: Mon, 27 Feb 2006 09:42:49 +0200 - From: "Kari Keronen" <kari.keronen@digita.fi> . Subject: Re: CSWS 2.1 + Tomcat 5.5.9 + mod_jk29 Message-ID: <G9yMf.4983$sB5.2935@reader1.news.jippii.net>   ( <tim.beaudin@hp.com> kirjoitti viestiss= news:1140800285.098917.313730@e56g2000cwe.googlegroups.com...  > Hi,  > H >  Just a thought - have you restarted both csws and csws_java? from the > release notes posted at: >  >  > M http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java_relnotes.html  > I >                     Error during initial creation of shared memory file  > F > If the mod_jk2 (Apache 2.1) adapter is enabled for CSWS_JAVA Version > 3.0, an error  > A > can occur during the initial creation of the shared memory file = > (shm.file).  The error_log will report the following error:  >  > A > [Thu Jan 15 09:38:50 2004] [error] shm.create(): error creating ; > /apache$root/logs/shm.file 0 22 0x2e0c30 invalid argument  > A > [Thu Jan 15 09:38:50 2004] [error] shm.create(): error mmapping  > /apache$root/logs/shm.file >  > G > If this error occurs, restart both CSWS and CSWS_JAVA using supported @ > command procedures. Creation of the shared memory file will beI > completed during the first shutdown of CSWS. Do not delete the shm.file  > between restarts.  >  > 	 > Thanks.  > Tim  >  Found solution. AddingL JkSet config.file /SYS$COMMON/APACHE/JAKARTA/TOMCAT/CONF/workers2.properties  C to httpd.conf solved the problem. Not easy to find in Apache/Tomcat  documentation.   -Kari-   ------------------------------  % Date: Mon, 27 Feb 2006 13:08:04 +0200 4 From: Mike Rechtman <michael.rechtman.nospam@hp.com>: Subject: Re: Differences between RUN/PROC and SPAWN/NOWAIT& Message-ID: <4402F9B4.639870E4@hp.com>   JF Mezei wrote:  > A > I was under the impression that RUN/PROC=xxx without the DETACH H > privilege would create a separate job from process quota point of viewC > (but without ability to specify another user, which DETACH does).  > F > I just found out that in fact, RUN/PROC creates what appears to be aE > normal subprocess which consumes your own job's quotas (and which I A > assume would not survive you logging out since it is shown as a  > subprocess in SHOW PROC/ALL  > I > So, is RUN/PROC the same as SPAWN/NOWAIT except you don't get access to  > DCL ?  > E > Does the image executed in RUN/PROCESS have access to CLI functions 6 > (symbols etc) or is it like a true detached process? > J > Is there a way to have RUN/PROCESS create a new job that doesn't consumeF > your onw job's quotas ? (or is that what teh DETACH provilege really
 > gives ?) > D > (and I take it such new job woudln't inherit any of your processes' > symbols, logicals, default directory)    RUN   	   Process   A        Creates a subprocess or a detached process to run an image D        and deletes the process when the image completes execution. AE        subprocess is created if any of the qualifiers except the /UIC E        or the /DETACHED qualifier is specified. A detached process is F        created if the /UIC or the /DETACHED qualifier is specified andG        you have the DETACH user privilege.                         ^^^^ +        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^      --  E --------------------------------------------------------------------- E Usual disclaimer: All opinions are mine alone, perhaps not even that. ? Mike Rechtman                            *rechtman@tzora.co.il* F Kibbutz Tzor'a.                          Voice (home): 972-2-9908337  B   "20% of a job takes 80% of the time, the rest takes another 80%"E ---------------------------------------------------------------------  -----BEGIN GEEK CODE BLOCK-----  Version: 3.1: GCM/CS d(-)pu s:+>:- a++ C++ U-- L-- W++ N++ K? w--- V+++$6 PS+ PE-- t 5? X- tv-- b+ DI+ D-- G e++ h--- r+++ y+++@ ------END GEEK CODE BLOCK------    ------------------------------    Date: 27 Feb 2006 08:04:43 -0600 From: briggs@encompasserve.org: Subject: Re: Differences between RUN/PROC and SPAWN/NOWAIT3 Message-ID: <9hYC2XNr921M@eisner.encompasserve.org>   ] In article <4402F9B4.639870E4@hp.com>, Mike Rechtman <michael.rechtman.nospam@hp.com> writes:  > JF Mezei wrote:  >>  B >> I was under the impression that RUN/PROC=xxx without the DETACHI >> privilege would create a separate job from process quota point of view D >> (but without ability to specify another user, which DETACH does). >>  G >> I just found out that in fact, RUN/PROC creates what appears to be a F >> normal subprocess which consumes your own job's quotas (and which IB >> assume would not survive you logging out since it is shown as a >> subprocess in SHOW PROC/ALL >>  J >> So, is RUN/PROC the same as SPAWN/NOWAIT except you don't get access to >> DCL ? >>  F >> Does the image executed in RUN/PROCESS have access to CLI functions7 >> (symbols etc) or is it like a true detached process?  >>  K >> Is there a way to have RUN/PROCESS create a new job that doesn't consume G >> your onw job's quotas ? (or is that what teh DETACH provilege really  >> gives ?)  >>  E >> (and I take it such new job woudln't inherit any of your processes ( >> symbols, logicals, default directory) >  > RUN  >  >   Process  > C >        Creates a subprocess or a detached process to run an image F >        and deletes the process when the image completes execution. AG >        subprocess is created if any of the qualifiers except the /UIC G >        or the /DETACHED qualifier is specified. A detached process is H >        created if the /UIC or the /DETACHED qualifier is specified andI >        you have the DETACH user privilege.                         ^^^^ - >        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^   G From VMS 4.0 through at least 7.2-1, this HELP page would be incorrect.   I /DETACH requires no privilege and permits any unprivileged user to create / a detached process running under their own UIC.   F /UIC requires no privilege and permits any unprivileged user to create/ a detached process running under their own UIC.   H What _DOES_ require privilege is using the /UIC qualifier and specifying a UIC other than your own.  C There is no fallback behavior such that lack of privilege creates a B different kind of process.  If you lack privilege you get an error) message and the RUN command does nothing.    ------------------------------  % Date: Mon, 27 Feb 2006 08:56:24 -0500 , From: "Display Name" <someone@microsoft.com>  Subject: Re: Error message Help?G Message-ID: <ccydnfuKhqSVmJ7ZnZ2dnUVZ_smdnZ2d@metrocastcablevision.com>   5 Greatly appreciate all the responses to this message.   3 And the tangential discussions are,,, illuminating.    Many thanks.   ------------------------------  % Date: Mon, 27 Feb 2006 10:24:55 -0500 C From: "David Turner, Island Computers US Corp" <dbturner@icusc.com>  Subject: Generic PN for AHV15 : Message-ID: <RIEMf.32326$Ly6.24323@bignews5.bellsouth.net>  L I was wondering if anyone knew the OEM part number for the 3X-AVH15-AA Sound
 card for DS15 8 My guess it is Ensoniq but I need the actual part number   Thanks   --     David B Turner Island Computers US Corp 2700 Gregory St, Suite 180 Savannah GA 31404  Tel: 912 447 6622 X201 Cell: 912 447 6622 X252  Fax: 912 201 0402  Email: dbturner@icusc.com  Web: http://www.islandco.com% ===================================== < All orders are subject to the following terms and conditions. of sale. These should be read before ordering.% http://www.islandco.com/warranty.html    ------------------------------  % Date: Mon, 27 Feb 2006 11:34:47 -0500 - From: "Jim Agnew" <brainwavesurfer@gmail.com> M Subject: Need a little help moving from a Microvax3900 to VAXstation 4000-90. I Message-ID: <a184d6630602270834v1ae7673es27d9b37e2cf7c90b@mail.gmail.com>   ( ------=_Part_6877_15946421.1141058087686, Content-Type: text/plain; charset=ISO-8859-1+ Content-Transfer-Encoding: quoted-printable  Content-Disposition: inline    Dear Group,   L We've been running an ancient Microvax 3900 that's still running strong, bu= t H my paranoia says we have no spare parts for it and therefore no disaster
 recovery..  J We have several VAXstations and RZ disks, so the logical thing to do is toK use standalone backup to copy the system disk to another RA90, then use the , cluster to backup/image the RA90 to a RZ28..  K Then, trying to boot off of the RZ28 on the vaxstation, i got the following 	 errors...    -DKA0  VMB-F-ERR, PC =3D 00001334 VMB-I-STS, R0 =3D 00000912  E One kind person noted that the DKDRIVER probably is not loaded on the F Microvax, but is needed for boot on the vaxstation...  On bumping intoK something in the FAQ, a vaxstation 4000-90 needs vms 5.5-2HW to boot, but a K VAXstation 4000-90A only needs 5.5-2, which is what version of vms we have. J Having 3 of these beasties, how can I tell if one of them is a 90A ?  I doG have a 4000-60, but besides from having less ram, i'm back to having no  disaster backup if it goes...   H If anyone has any pointers, advice, or whatever, lemme know!   Jim Agnew  ( ------=_Part_6877_15946421.1141058087686+ Content-Type: text/html; charset=ISO-8859-1 + Content-Transfer-Encoding: quoted-printable  Content-Disposition: inline   L Dear Group,<br><br>We've been running an ancient Microvax 3900 that's still=L  running strong, but my paranoia says we have no spare parts for it and the=L refore no disaster recovery..&nbsp; <br><br>We have several VAXstations and=L  RZ disks, so the logical thing to do is to use standalone backup to copy t=L he system disk to another RA90, then use the cluster to backup/image the RA= 90 to a RZ28..L <br><br>Then, trying to boot off of the RZ28 on the vaxstation, i got the f== ollowing errors...<br><br>-DKA0<br>VMB-F-ERR, PC =3D 00001334 L <br>VMB-I-STS, R0 =3D 00000912<br><br>One kind person noted that the DKDRIV=L ER probably is not loaded on the Microvax, but is needed for boot on the va=L xstation...&nbsp; On bumping into something in the FAQ, a vaxstation 4000-9= 0 needs vms=20L 5.5-2HW to boot, but a VAXstation 4000-90A only needs 5.5-2, which is what =L version of vms we have.&nbsp; Having 3 of these beasties, how can I tell if=L  one of them is a 90A ?&nbsp; I do have a 4000-60, but besides from having == less ram, i'm back to having no disaster backup if it goes... L <br><br>If anyone has any pointers, advice, or whatever, lemme know!&nbsp;&= nbsp; Jim Agnew<br>     * ------=_Part_6877_15946421.1141058087686--   ------------------------------    Date: 27 Feb 2006 09:51:10 -0800- From: "mb301@hotmail.com" <mb301@hotmail.com> Q Subject: Re: Need a little help moving from a Microvax3900 to VAXstation 4000-90. C Message-ID: <1141062670.929805.316430@v46g2000cwv.googlegroups.com>   ? ...no spares why not try a charon-vax it runs on a standard PC,   % http://www.softresint.com/charon-vax/        Jim Agnew wrote:
 > Dear Group,  > N > We've been running an ancient Microvax 3900 that's still running strong, butJ > my paranoia says we have no spare parts for it and therefore no disaster > recovery.. > L > We have several VAXstations and RZ disks, so the logical thing to do is toM > use standalone backup to copy the system disk to another RA90, then use the . > cluster to backup/image the RA90 to a RZ28.. > M > Then, trying to boot off of the RZ28 on the vaxstation, i got the following  > errors...  >  > -DKA0  > VMB-F-ERR, PC = 00001334 > VMB-I-STS, R0 = 00000912 > G > One kind person noted that the DKDRIVER probably is not loaded on the H > Microvax, but is needed for boot on the vaxstation...  On bumping intoM > something in the FAQ, a vaxstation 4000-90 needs vms 5.5-2HW to boot, but a M > VAXstation 4000-90A only needs 5.5-2, which is what version of vms we have. L > Having 3 of these beasties, how can I tell if one of them is a 90A ?  I doI > have a 4000-60, but besides from having less ram, i'm back to having no  > disaster backup if it goes...  > J > If anyone has any pointers, advice, or whatever, lemme know!   Jim Agnew > * > ------=_Part_6877_15946421.1141058087686- > Content-Type: text/html; charset=ISO-8859-1 - > Content-Transfer-Encoding: quoted-printable  > X-Google-AttachSize: 1177  > > Dear Group,<br><br>We've been running an ancient Microvax 3900 that's still running strong, but my paranoia says we have no spare parts for it and therefore no disaster recovery..&nbsp; <br><br>We have several VAXstations and RZ disks, so the logical thing to do is to use standalone backup to copy the system disk to another RA90, then use the cluster to backup/image the RA90 to a RZ28..  > <br><br>Then, trying to boot off of the RZ28 on the vaxstation, i got the following errors...<br><br>-DKA0<br>VMB-F-ERR, PC = 00001334 > <br>VMB-I-STS, R0 = 00000912<br><br>One kind person noted that the DKDRIVER probably is not loaded on the Microvax, but is needed for boot on the vaxstation...&nbsp; On bumping into something in the FAQ, a vaxstation 4000-90 needs vms > 5.5-2HW to boot, but a VAXstation 4000-90A only needs 5.5-2, which is what version of vms we have.&nbsp; Having 3 of these beasties, how can I tell if one of them is a 90A ?&nbsp; I do have a 4000-60, but besides from having less ram, i'm back to having no disaster backup if it goes...` > <br><br>If anyone has any pointers, advice, or whatever, lemme know!&nbsp;&nbsp; Jim Agnew<br> >  > , > ------=_Part_6877_15946421.1141058087686--   ------------------------------    Date: 27 Feb 2006 08:14:50 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) ! Subject: Re: OpenVMS screenshots? 3 Message-ID: <+zYc$DQw1v31@eisner.encompasserve.org>   i In article <1140844741.961897.71030@j33g2000cwa.googlegroups.com>, "as400" <vin42and99@yahoo.com> writes: > > Since I now know that OpenVMS may be the most secure UNIX OSE > around...Can anyone please provide me with a link to view some nice ! > screenshots of OpenVMS? Please?   9    Ouch.  You're going to get a lot of "VMS is not UNIX".    ------------------------------    Date: 27 Feb 2006 08:02:40 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) : Subject: Re: Plain truth is that unix/linux is NOT secure!3 Message-ID: <BDMawRV9S0a6@eisner.encompasserve.org>   V In article <469qieFa5varU4@individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes:  L > By the way, that reminds me.  For those who are so in love with terminals,E > we used to have a lot of problems in the terminal rooms (VT100's on H > DECServers) with students leaving behind programs that faked the loginF > prompts with a failed attempt each time thus capturing the passwordsD > of other unsuspecting istudents who would never notice the lack ofE > "failed login" notices when they finally got on.  What was that you 4 > said about no way to hack into a VMS machine?  :-)  F    I had somebody try this on me on a campus TOPS-10 system just once.  -    Amoung other faults, he forgot to trap ^C.       . del *.*    Delete *.*, are you sure? Y    .  F    Amoung other things, I figured I deleted the file where he recorded,    my password.  Then I changed my password.   ------------------------------    Date: 27 Feb 2006 08:11:53 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) : Subject: Re: Plain truth is that unix/linux is NOT secure!3 Message-ID: <7XrQbiYaSJ68@eisner.encompasserve.org>   k In article <440010ca$0$78281$157c6196@dreader1.cybercity.dk>, Karsten Nyblad <nospam@nospam.nospam> writes:  > Bob Koehler wrote: >>   >>     You suggst maybe C? >>  / > Even C is better than VMS command language...   ?    I'll be glad I'm nver responsible for security in your shop.    ------------------------------    Date: 27 Feb 2006 08:10:48 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) : Subject: Re: Plain truth is that unix/linux is NOT secure!3 Message-ID: <DxHau8btuwOn@eisner.encompasserve.org>   k In article <44000529$0$78280$157c6196@dreader1.cybercity.dk>, Karsten Nyblad <nospam@nospam.nospam> writes:  > Bob Koehler wrote:G >>    The two mode OS is a primitive and outdated (late 1960's) design. C >>    I haven't even heard Andrew claim Solaris has gotten past it.  > H > The idea of using several modes has also been given up, and VMS shows J > why:  It is too difficult to add extra security by organizing and an OS , > into a few more and more privileged modes.  B    No, it requires the system be properly designed from the start.@    You may not be able to hack a current UNIX os into a properly6    designed OS, but Sun ahs made significant progress.  F > If you think that it is important that an OS should be divided into K > multiple blocks, each with no more privileges than they need, then buy a  I > Mac OS X computer.  It is based on the MACH kernel, which puts as much  J > as possible into separate processes.  Yes, the Mac OS X kernel is a bit J > slow because of that.  Ooohhh and the Mac OS X is normally considered a  > Unix dialect.   G    I have OS X.  Deep, deep, down inside it's still a UNIX, even though =    the UNIX kernel is running on top of the Mach microkernel.   $ > Oh, and IA64 has only two modes...  (    Guess again.  VMS on IA64 is using 4.   ------------------------------    Date: 27 Feb 2006 07:54:46 -0800 From: bob@instantwhip.com : Subject: Re: Plain truth is that unix/linux is NOT secure!B Message-ID: <1141055686.606172.19460@z34g2000cwc.googlegroups.com>  / I hope you mean C on OpenVMS ... we can all see " what C code does in unix/linux ...   ------------------------------  % Date: Mon, 27 Feb 2006 19:26:03 +0100 + From: Karsten Nyblad <nospam@nospam.nospam> : Subject: Re: Plain truth is that unix/linux is NOT secure!= Message-ID: <44034431$0$67256$157c6196@dreader2.cybercity.dk>    bob@instantwhip.com wrote:1 > I hope you mean C on OpenVMS ... we can all see $ > what C code does in unix/linux ... > F Actually I consider it more important to get a better runtime library H such that you do not have to use C's old string handling functions, and G such that you can do I/O with automatic checks against buffer overflow.    ------------------------------    Date: 26 Feb 2006 23:46:52 -0800' From: "Kaushal" <etheticgame@gmail.com> - Subject: Problem with SDA extension using C++ C Message-ID: <1141026412.071436.112610@v46g2000cwv.googlegroups.com>   C I had created a simple SDA extension using c++. When i compile that C file, it gives many information (kind of warning) and completes the F compilation phase and creates a obj file. But when i start using it in" SDA then it give a following error  9 %LIB-W-EOMWARN, compilation warnings in module STRING$SDA ' %LIB-E-KEYNOTFOU, key not found in tree ; %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual : address=000000007D13C4CC, PC=00000000000AE030, PS=0000001B  G I am also not sure, whether we can write a sda extension in c++ or not.  Please help me for that.   Regards  Parikh Kaushal   ------------------------------  % Date: Mon, 27 Feb 2006 11:19:50 +0200 7 From: "Guy Peleg" <guy.peleg@remove_this_header@hp.com> 1 Subject: Re: Problem with SDA extension using C++ , Message-ID: <4402c439$1@usenet01.boi.hp.com>  2 "Kaushal" <etheticgame@gmail.com> wrote in message= news:1141026412.071436.112610@v46g2000cwv.googlegroups.com... E > I had created a simple SDA extension using c++. When i compile that E > file, it gives many information (kind of warning) and completes the H > compilation phase and creates a obj file. But when i start using it in$ > SDA then it give a following error > ; > %LIB-W-EOMWARN, compilation warnings in module STRING$SDA ) > %LIB-E-KEYNOTFOU, key not found in tree = > %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual < > address=000000007D13C4CC, PC=00000000000AE030, PS=0000001B > I > I am also not sure, whether we can write a sda extension in c++ or not.  > Please help me for that. > 	 > Regards  > Parikh Kaushal >   ( Are you internal to HP working for GDIC?  @ If the answer is yes, please use internal channels for reporting	 problems.    Guy    ------------------------------  # Date: Mon, 27 Feb 2006 16:02:43 GMT & From: John Reagan <john.reagan@hp.com>1 Subject: Re: Problem with SDA extension using C++ 1 Message-ID: <DoFMf.3699$o%.3535@news.cpqcorp.net>    Kaushal wrote:E > I had created a simple SDA extension using c++. When i compile that E > file, it gives many information (kind of warning) and completes the H > compilation phase and creates a obj file. But when i start using it in$ > SDA then it give a following error > ; > %LIB-W-EOMWARN, compilation warnings in module STRING$SDA ) > %LIB-E-KEYNOTFOU, key not found in tree = > %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual < > address=000000007D13C4CC, PC=00000000000AE030, PS=0000001B > I > I am also not sure, whether we can write a sda extension in c++ or not.  > Please help me for that. > 
 > Regards  > Parikh Kaushal >   C I'm guessing that the C++ compiler mangled the names such that SDA  I couldn't find them.  You'll need to prevent C++ from mangling the global   entry point names.   --   John Reagan / HP Pascal/{A|I}MACRO for OpenVMS Project Leader  Hewlett-Packard Company    ------------------------------  # Date: Mon, 27 Feb 2006 18:57:43 GMT # From: hoff@hp.nospam (Hoff Hoffman) Y Subject: Re: Protection Modes/Rings, and Security (was: Re: Plain truth is that unix/linu 2 Message-ID: <HYHMf.3713$i21.2346@news.cpqcorp.net>  k In article <44000529$0$78280$157c6196@dreader1.cybercity.dk>, Karsten Nyblad <nospam@nospam.nospam> writes:  :Bob Koehler wrote: G :>    The two mode OS is a primitive and outdated (late 1960's) design. C :>    I haven't even heard Andrew claim Solaris has gotten past it.  : G :The idea of using several modes has also been given up, and VMS shows  I :why:  It is too difficult to add extra security by organizing and an OS  + :into a few more and more privileged modes.  ..# :Oh, and IA64 has only two modes...   G   VAX, IA-32 and IA-64 all have four modes.  VAX has user (PSL$C_USER), C   supervisor (PSL$C_SUPER), executive (PSL$C_EXEC) and kernel modes E   (PSL$C_KERNEL), in order of increasing level of access.  IA-32 and  C   IA-64 have four numbered rings (from three to zero in increasing  B   levels of access).  On IA-64, see the Page Access Rights and theA   Privilege Level mechanisms -- see the TLB.ar and TLB.pl fields. 5   (The basics are very similar to those of VAX, too.)   E   IA-64 also adds what are called Protection Keys, something which is B   analogous to an ACL-like page protection scheme within the page @   tables -- and something which does not exist on Alpha nor VAX.  B   Alpha is the hardware odd-ball here, as it only has two modes inC   hardware, and the other modes expected by OpenVMS are implemented C   using the architected PALcode firmware interfaces.  (Many OpenVMS A   users never really fully recognized how really different Alpha  D   really is, as compared with VAX.  The differences were hidden very   well, obviously.)   D   As for OpenVMS, OpenVMS itself effectively has only two modes.  InC   simplest terms, there is user-mode, and there is privileged mode; C   everything else.  Having four modes does provide a very clean way G   to handle constructs like image run-down (and OpenVMS does use this), G   but -- in terms of security -- there are only really two modes around F   that really matter.  If code is operating in supervisor mode or in aE   more privileged mode, then the code is inherently fully privileged.   F   Obviously various operating systems expect two modes, and various doE   expect more.  In some operating environments, you might well see as F   many as five modes, maybe even more.  As for what works and for what9   might be secure, well, that depends on various factors.     N  ---------------------------- #include <rtfaq.h> -----------------------------K     For additional, please see the OpenVMS FAQ -- www.hp.com/go/openvms/faq N  --------------------------- pure personal opinion ---------------------------G        Hoff (Stephen) Hoffman   OpenVMS Engineering   hoff[\0100]hp.com    ------------------------------  % Date: Mon, 27 Feb 2006 07:39:57 -0500 2 From: "Stanley F. Quayle" <squayle@insight.rr.com>, Subject: Re: question about VMS732_LMF-V0200/ Message-ID: <4402ACCD.30056.1C672D81@localhost>   ( On 26 Feb 2006 at 22:49, JF Mezei wrote:E > One can be realistic, expect VAX VMS 8.3 without every feature that E > alpha has at 8.3, just like we got 7.2 7.3 etc without all the same + > features as the equivalent Alpha release.   C What's the point?  It's already possible to set the VMS version to   8.3 -- it's in the FAQ.  :-)  B > And of all people, I would have though you would have understoodA > that giving VAX VMS modern features (even if ODS5 and Java) are E > missing) would helop sell VMS on the 8086 which is the solution you 
 > provide.  E What usually locks a client at a particular version of VMS is a piece A of software -- an ISV that's gone, something sold by DEC to a 3rd A party, missing source code, etc.  Updating VMS to 8.x won't help   those customers at all.   A If they can go to Alpha or Itanium, I provide that solution, too.   A > Now, if Alpha on 8086 emulators really do work, perhaps it will = > allow VMS to run on 8086s with modern features so continued 1 > development of VAX VMS would be less important.   @ Of course it works.  The big question is "how fast is it?"  I'm @ hoping that Moore's Law continues to hold for another 10+ years.  E > However, if HP wants any credibility in all its promises, it shoudl > > at least deliver on its promise of a 8.x version of VAX VMS.  D VAX 8.x disappeared from the roadmap over a year ago.  I questioned F it then, and still do now.  But my question doesn't carry much weight D -- customers who buy stuff from HP are in the driver's seat, as they
 should be.  
 --Stan Quayle  Quayle Consulting Inc.  
 ----------8 Stanley F. Quayle, P.E. N8SQ  Toll free: 1-888-I-LUV-VAX3 8572 North Spring Ct., Pickerington, OH  43147  USA 0 stan-at-stanq-dot-com       http://www.stanq.com) "OpenVMS, when downtime is not an option"    ------------------------------   Date: 27 Feb 2006 13:33:52 GMT( From: bill@cs.uofs.edu (Bill Gunshannon)5 Subject: Re: Rich Marcello in VMS mention shocker :-) + Message-ID: <46gddvFatkemU1@individual.net>   + In article <440273A4.FC21062C@comcast.net>, 5 	David J Dachtera <djesys.nospam@comcast.net> writes:  > Bill Gunshannon wrote: >>  / >> In article <4400FE97.49CBCF3C@teksavvy.com>, : >>         JF Mezei <jfmezei.spamnot@teksavvy.com> writes: >> > Rob Young wrote: G >> >>         Doesn't matter.  You're comparing/contrasting VMS to MPE. 7 >> >>         Smells like your old death FUDding to me.  >> > >> >L >> > Do you have any hard evidence that HP will not do to VMS what it did to
 >> > MPE ? >>  I >> There you go, proof by lack of evidence.  I seem to remember something ) >> about that from my logic classes.  :-)  >  > So, no news is good news?   H Sometimes.  But wether it is or not doesn't change the above.  I supposeH I could just as easily said, "Do you have any hard evidence that HP will do to VMS what it did to MPE ?"    >  >> >! >> > Has HP begun to market VMS ?  >>  I >> So the status quo continues.  After all, they are not marketing it any  >> less either.  > - > How do you go less than zero in that arena?   D You don't, but we have been thru all this a hindred time already. HPD doesn't market VMS.  HP has never marketed VMS.  I would no hold my 4 breath waiting for it to start.  It's just old news.   >  >> >M >> > Does HP intend to change its policy to restrict VMS to only the high end = >> > and within the high end, to within a few market niches ?  >>  H >> As far as I kow, that is the market they envision for it so why would >> they? > G > Google this group for some possible answers. A good keyword to use is  > "marketing".  K "Marketing" has nothing to do with HP and VMS.  Isn't that the whole point?    >  >> >L >> > How do you think HP strategists and bean counters think when they learn2 >> > that the installed base has shrunk big time ? >>  L >> That it is still business as usual and the cash cow is still giving milk. > D > So? The babbling brook is still flowing - never mind that it was aH > raging torrent 100 yards wide and forty feet deep 50 years ago. What's
 > your point?   C I might have asked JF the same question.  My point is just that his B desire to continuously act like HP is going to change its strategy@ regardin VMS is just a waste of time.  And continuing to push itB here is, well, preaching to the choir.  But you already knew that.   >  >> >? >> > Despite corporate downsizing, has HP grown VMS engineering D >> > budgets/staffing so that they can increase development of VMS ? >>  L >> They are not increasing development, so why would they increase staffing?M >> Development continues as it has been with the staff it already had. What's  >> your point? > * > I think you just made his point for him.  D No, his point is that somehow HP should be doing all this stuff likeE growing VMS engineering.  It ain't gonna happen.  And he can continue E to call for it till the cows come home.  It still ain't gonna happen.    >  >> >H >> > Do you really have trust in a company whose top managers state thatI >> > there isn't much growth potential for VMS, when and tell Wall Street 6 >> > Casono analists that they focus on growth areas ? >>  I >> I realize english is not your mother tongue, but I couldn't make heads  >> or tails out of this one. > H > It *IS* a bit scrambled. His point (as I read it) is that it's hard toD > trust folks who, on the one hand, say that there isn't much growthE > potential for VMS, and the other hand tell the "Wall Street Casino" B > analysts that their primary focus is on growth areas, and on theH > third(?) hand give every indication that stagnation in VMS-land can be > expected to continue.   D And that's old news too.  The answer is simple, don't trust them.  IF have to admit that I am amazed at the staunch support of HP's policiesF by those employees who sing their praises here (you know who you are!)J as they have the most to loose when the bubble bursts.  But, to be honest,D any outsider who gets burned when the bubble bursts was just a fool.K The handwritting is on the wall. I am not predicting the "Death of VMS"(tm) D but it is admittedly in cash cow status now and anyone who has takenE Business 101 knows where that leads. Fool me once......  Its probably G a self fulfilling prophecy, but at this stage of the game it seems like D it is becoming more and more difficult to bet the farm on VMS.  I amC in a (dubiously) safer position.  If VMS went away tomorrow, no one F besides me would care.  But others are much more precarious positions.   > I >> That's enough.  No reason to continue as the rambling just gets worse. G >> May not have liked what Marcello said, but it doesn't do any good to : >> try reading a lot more into than what he actually said. > G > Well, yes and no. What you don't do or say often "speaks louder" than  > what you actually do or say.  H People here have been speaking here, quite loudly at times.  What has it accomplished??      Quiters never win.       Winners never quit.<      But someone who never wins and never quits is na idiot.A    (Shamelessly stolen from one of those inspirational posters!!)    > C > The classic example is the old Grouch Marx bit: "Have you stopped H > beating your wife?" Because the question contains a pre-supposition, a1 > simple "yes" or "no" answer is not appropriate.  > I > Similarly, not actively marketing VMS tells the world that (everyone in H > unison now - you too, Rob Y.!) "VMS is dead", where actively marketing3 > VMS tells the world that "VMS is alive and well".   E Of course, your right.  But, what's your (and JF's) point?  HP is not D marketing it.  HP is not going to market it.  Allt he screaming hereD over the past decade (it did start before HP even got involved!) hasE not had any effect on it.  And, it is not going to.  So, I ask again,  what's your point?  :-)    bill      --  J Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolvesD bill@cs.scranton.edu     |  and a sheep voting on what's for dinner. University of Scranton   |A Scranton, Pennsylvania   |         #include <std.disclaimer.h>       ------------------------------    Date: 27 Feb 2006 07:46:52 -0800 From: bob@instantwhip.com - Subject: Security holiday over for Mac users! C Message-ID: <1141055212.683516.153480@i39g2000cwa.googlegroups.com>   G I think that about closes the debate on weither Mac os x is more secure  than OpenVMS ...     Q http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html    ------------------------------  % Date: Mon, 27 Feb 2006 12:53:21 -0500 , From: "Richard Tomkins" <tomkinsr@istop.com>1 Subject: Re: Security holiday over for Mac users! < Message-ID: <44033d94$0$1101$6d36acad@titian.nntpserver.com>  H As Ken would have said, there is a lot of Snake Oil and FUD out there on this Macintosh Virus stuff.   G With the exception of the now patched Safari opening, all the other Mac L Viruses require the user to introduce the Virus to his system, to unpack theD Virus for installation and then to actually provide an Administrator password to install the Virus.  F The article claims something like 100 Macintosh Viruses. That's  a bigL number and a lot of non-knowledgeable journalists like to throw 100 out ontoI the desk because it feels safe. It is however, wrong. Under the 68000 OS, H the were possibly 15 Viruses and under the PowerPC OS, maybe another 12.< Under the current Mac OS X, we have seen 3 distinct Viruses.  J On a more serious note, the FUD and Snake Oil in the press caused a numberK of individuals and firms to rush out and purchase Anti-Virus software, none D of which has had any extensive testing and the results for some wereG disastrous. One firm using Sophos ended up with the belief that all the H positive tested files were infected and deleted them. They ended up with2 hundreds of dead Mac's. There was a bug in Sophos.  G I have in the past attempted to use Virex, but it prevented my Mac from F operating properly, it could never go to sleep automatically, which of? course is one way of making a battery last as long as possible.   L Many of the Anti-Virus programs being sold for Macintosh are in fact WindowsH variants and they do detect Windows Viruses, but hey, those won't hurt a Mac.  B OpenVMS is as secure as the person that manages the system and the; procedures they follow and likewise with Macintosh systems.   I Let's cut down on the FUD and Snake Oil, it juts makes a mess of the real  world.   rtt     & <bob@instantwhip.com> wrote in message= news:1141055212.683516.153480@i39g2000cwa.googlegroups.com... I > I think that about closes the debate on weither Mac os x is more secure  > than
 > OpenVMS ...  >  >  > Q http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html  >     . *** Free account sponsored by SecureIX.com ***X *** Encrypt your Internet usage with a free VPN account from http://www.SecureIX.com ***   ------------------------------  % Date: Mon, 27 Feb 2006 19:19:20 +0100 + From: Karsten Nyblad <nospam@nospam.nospam> 1 Subject: Re: Security holiday over for Mac users! = Message-ID: <4403429e$0$78280$157c6196@dreader1.cybercity.dk>    bob@instantwhip.com wrote:I > I think that about closes the debate on weither Mac os x is more secure  > than
 > OpenVMS ...  >  > S > http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html   G No.  First to make a meaningful comparison of the two OSes you have to  F compare systems with the same capabilities.  The most critical of the I errors mentioned in the above article is an error in the Safari browser,  F but then you can only compare VMS to Mac OS X if you add a modern web  browser to VMS.   G No doubt VMS is a very secure OS, but some of that security comes from  G having less capable applications, and very few bothering to attack VMS  I machines.  Only so many VMS people surf sites were you can hope to place   malicious code.     E Be sure there are security bugs in VMS.  Current technology does not  K allow for writing so much code without including at least one security bug.    ------------------------------    Date: 27 Feb 2006 10:24:38 -0800 From: bob@instantwhip.com 1 Subject: Re: Security holiday over for Mac users! B Message-ID: <1141064678.557999.84470@e56g2000cwe.googlegroups.com>  D security bugs can't run on vms if you don't have privileges ... that, includes browsers, web servers, anything ...   ------------------------------  % Date: Mon, 27 Feb 2006 17:48:17 +1030 * From: Mark Daniel <mark.daniel@vsm.com.au> Subject: soyMAIL redux0 Message-ID: <12058oumod8862a@corp.supernews.com>  > There's a new v0.3.8 BETA kit available from the download page      http://wasd.vsm.com.au/wasd/   G A few bugfixes (very few considering) and functionality refinements as   described in the release notes  ?    http://wasd.vsm.com.au/ht_root/src/soymail/release_notes.txt   I If you are interested in following the soyMAIL BETA you should check the  G download page every couple of weeks until the initial non-BETA release  ; (which when it happens I will also announce in this forum).   I The Install and Admin documentation has also received some work based on  6 reported errors and omissions.  Available soyMAIL info      Overview:@        http://wasd.vsm.com.au/soymail/-/doc/soymail_overview.pdfA        http://wasd.vsm.com.au/soymail/-/doc/soymail_overview.html     Install and Admin: =        http://wasd.vsm.com.au/soymail/-/doc/soymail_admin.pdf >        http://wasd.vsm.com.au/soymail/-/doc/soymail_admin.html    On-line user Help: 2        http://wasd.vsm.com.au/cgi-bin/soymail?help  I If you're updating from v0.3.7 then don't forget to use use the 'update'   INSTALL option.       $ @INSTALL UPDATE <server>   3 You know where to find me (even if ITRC doesn't :-)    ------------------------------  % Date: Mon, 27 Feb 2006 02:10:45 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com>  Subject: Re: soyMAIL redux, Message-ID: <4402A5E1.D6468BE2@teksavvy.com>   Mark Daniel wrote: > @ > There's a new v0.3.8 BETA kit available from the download page  $ I have a question for you (general).  F How does Soy/Yah mail handle "logged in sessions" ?  Is it one processG which just keeps multiple mail contexts/mail files opened at a time and G chooses the right one upon reception of an HTTP transaction from a user H ? Or does it create a subrpocess/detached process for each user and thatA process is then re-used for every transaction for that one user ?   F Or is context fully kept by the remote browser and sent as a cookie orD GET/POST parameters and the Soy/Yah mail process then re-establishes8 context to the proper mail files for every transaction ?   ------------------------------  % Date: Mon, 27 Feb 2006 19:04:32 +1030 * From: Mark Daniel <mark.daniel@vsm.com.au> Subject: Re: soyMAIL redux0 Message-ID: <1205d7ufrk93ac0@corp.supernews.com>   JF Mezei wrote:  > Mark Daniel wrote: > @ >>There's a new v0.3.8 BETA kit available from the download page >  > & > I have a question for you (general). > H > How does Soy/Yah mail handle "logged in sessions" ?  Is it one processI > which just keeps multiple mail contexts/mail files opened at a time and I > chooses the right one upon reception of an HTTP transaction from a user J > ? Or does it create a subrpocess/detached process for each user and thatC > process is then re-used for every transaction for that one user ?   H It's based on CGI (the lowest common denominator supported by the three I servers) and so each HTTP request is pretty much independent and handled  D by an autonomous scripting process.  That said, soyMAIL stores some G state in it's own request data.  Of course this is all used internally  @ by soyMAIL and does not relate to the server environment itself.  H soyMAIL's authentication and authorization is handled by the supporting B server environment.  soyMAIL neither performs nor stores any data G related to this.  It just uses whatever the server passes along in the  H REMOTE_USER CGI variable.  The browser must supply with each request to ; the server the authorization credentials (in request field  F "Authorization:..").  Hence, and in common with anything of this ilk, E should only be used with SYSUAF authentication on the most secure of  % intranets or via SSL on the Internet.   H > Or is context fully kept by the remote browser and sent as a cookie orF > GET/POST parameters and the Soy/Yah mail process then re-establishes: > context to the proper mail files for every transaction ?  G As explained above, no sensitive data is handled or stored by soyMAIL.  D soyMAIL-internal data is passed from request-to-request in internal E 'state' variables (which can be seen encoded towards the bottom of a  4 soyMAIL page HTML source).  It does not use cookies.  E VMS callable mail context must be opened and then closed during each  H request cycle.  This does not seem to be prohibitive for either soyMAIL E performance, request latency or system impact.  soyMAIL code goes to  I significant lengths to perform well against callable mail and RMS.  Some  I of these optimisations will be described in a forthcoming 'Ping' article   from the UK hpUG      http://www.hpug.org.uk/  H (for subscribers).  You'll probably also find it on the WASD site after  publication.   ------------------------------  # Date: Mon, 27 Feb 2006 18:33:44 GMT # From: hoff@hp.nospam (Hoff Hoffman) $ Subject: Re: SYS and EXE file specs?1 Message-ID: <cCHMf.3710$i21.136@news.cpqcorp.net>   o In article <ztednaNVQdutdGLenZ2dnUVZ_sKdnZ2d@comcast.com>, "Timothy Stark" <fsword7_nospam@comcast.net> writes:   N :Does anyone know about SYS and EXE file specs for programming (compilers and D :loader, etc)?  Which OpenVMS manuals that provides information for  :programmig?  D   The source listings provide details on the image headers and such,C   and the general IDSM materials and the header files can help with ,   a general discussion of the image formats.  B   If you are writing a compiler, others have pointed at the objectB   language documentation in the LINKER manual.  (Compilers try to B   avoid getting into the LINKER's bailiwick, and the LINKER tries 5   to stay out of the image activator's domain, FWIW.)   B   If you are considering generating a compiler product for OpenVMSC   as an ISV, you may want to consider the DSPP program, and you may D   want to make more direct and formal contact with folks here withinE   HP -- depending on the particular local goals or requirements here, E   obviously.  This could easily branch out into a number of different D   technologies and discussions, of course, including code generation2   optimization and debugger support, for instance.  A   Related OpenVMS tools include ANALYZE/IMAGE and ANALYZE/OBJECT.   H :About SYS files, I reviewed a few dumps of SYS files on OpenVMS system.  F   SYS files vary.  System images are special cases of standard images.%   Other SYS files are firmware files.   N :About EXE files, Alpha and VAX has very different header formats (1024-bytes < :header) execpt system files like VMB.EXE (no headers), etc.  D   OpenVMS VAX and OpenVMS Alpha images are comparatively similar, ifE   you are using the constants, though there are certainly a number of B   differences.  OpenVMS I64 images use an extended version of ELF.  C   There is code that conditionally assumes the presence of an image E   header on APB.EXE or VMB.EXE, for instance -- the primary bootstrap E   images are, well, somewhat unusual in their purpose, structure, and D   organization.   IPB.EXE has a similar purpose, but is itself quite$   different from APB.EXE or VMB.EXE.  N  ---------------------------- #include <rtfaq.h> -----------------------------K     For additional, please see the OpenVMS FAQ -- www.hp.com/go/openvms/faq N  --------------------------- pure personal opinion ---------------------------G        Hoff (Stephen) Hoffman   OpenVMS Engineering   hoff[\0100]hp.com    ------------------------------  % Date: Mon, 27 Feb 2006 04:06:43 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> & Subject: TCPIP$SMTP_SFF.EXE suggestion+ Message-ID: <4402C109.1335C77@teksavvy.com>   F A small suggestion for the "Send from File" utility that allows one to# submit a file to the SMTP symbiont.   < If this utility is executed on a node where SMTP hasn't been# configued/running, all it issues is ! 			 "RMS-E-RNF, Record not found" 
 and exits.  G Perhaps it should issue a message to the effect that SMTP service isn't  configured on this node.    ? I would still prefer if you made the documentation for the real D TCPIP$xxxx routines that allow one to build teh control file and theA content file and submit them directly to the symbiont. This would ? alleviate superfluous copying of large messages across multiple  temporary files.   ------------------------------  % Date: Mon, 27 Feb 2006 02:59:41 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> C Subject: TCPIP: Detecting lost connections + defined service server , Message-ID: <4402B157.DBE9F77C@teksavvy.com>  F With TCPIP Sedvices, $QIO programming, it is possible to have some AST@ or a mailbox message triggered when a connection has been lost ?  C For instance, if i have a channel oepned to a foreign host, and the F internet link is lots (or the remote closes their end abruptly), it isD possible for my application to be notified of the event ? (as is the case with decnet programming).       Second question:    F The documentation shows how to program a server and specify which port$ the application wishes to listen to.  F However, if one wants to TCPIP SET SERVICE/PORT=xx,  this will get theD TCPIP services to create a process when there is a call coming in toC port XX. How does the application that is started by TCPIP Services H handle the establishement of the connection since it doesn't necessarily> know which port was configured in the TCPIP services utility ?   ------------------------------  % Date: Mon, 27 Feb 2006 17:38:38 +0800 3 From: "Richard Maher" <maher_rj@hotspamnotmail.com> G Subject: Re: TCPIP: Detecting lost connections + defined service server 1 Message-ID: <dtuhaj$f2s$1@news-02.connect.com.au>    Hi JF,  J Not sure if this helps (just had a quick read before heading out the door)  J For the first question, can the KEEPALIVE and FULLDUPLEXCLOSE options help you out?  J For the second question, here's an example of an INETd process accepting aD connection. It updates a row in the Rdb database MF_PERSONNEL in theL EMPLOYEES table in cooperation with a Windows2000 .NET job that is insertingK a row into the Northwind database. Commit them all or roll them all back. I " like it! But maybe that's just me?   Cheers Richard Maher $!& $ server_user = f$getjpi(0,"username")/ $ home_dir    = f$trnlnm("sys$login","lnm$job")  $ set default 'home_dir  $! $ create demo_tip_auxs.cobL **************************************************************************** ******** *  * E *              COPYRIGHT (c) TIER3 SOFTWARE LTD. ALL RIGHTS RESERVED.  *  *  * J *    THIS SOFTWARE IS FURNISHED UNDER A LICENSE AND MAY BE USED AND COPIED	 ONLY    * K *    IN ACCORDANCE  WITH THE TERMS AND CONDITIONS OF SUCH LICENSE AND  WITH  THE    *I *    THE INCLUSION  OF THE ABOVE COPYRIGHT NOTICE.  THIS SOFTWARE  OR ANY 
 OTHER    *J *    COPIES  THEREOF MAY NOT  BE PROVIDED  OR OTHERWISE MADE AVAILABLE  TO ANY    *G *    OTHER  PERSON.  NO  TITLE TO  AND OWNERSHIP  OF  THE  SOFTWARE  IS  HEREBY    *  *    TRANSFERRED.  *  *  * K *    THE INFORMATION  IN THIS SOFTWARE  IS SUBJECT TO CHANGE WITHOUT NOTICE  AND    *C *    SHOULD NOT BE CONSTRUED AS A COMMITMENT BY TIER3 SOFTWARE LTD.  *  *  * L **************************************************************************** ******** identification division. program-id.    demo_tip_auxs.  data division. working-storage section.L 01  out_msg                                         pointer value   external out_msg.L 01  io$_setmode                     pic s9(9)       comp    value   external io$_setmode.L 01  io$_writevblk                   pic s9(9)       comp    value   external io$_writevblk.L 01  io$_readvblk                    pic s9(9)       comp    value   external
 io$_readvblk. L 01  io$_deaccess                    pic s9(9)       comp    value   external
 io$_deaccess. L 01  ddtm$m_nowait                   pic s9(9)       comp    value   external ddtm$m_nowait.L 01  ddtm$_aborted                   pic s9(9)       comp    value   external ddtm$_aborted.L 01  ss$_abort                       pic s9(9)       comp    value   external
 ss$_abort.L 01  ss$_normal                      pic s9(9)       comp    value   external ss$_normal. 9 01  sys_status                      pic s9(9)       comp.  * < 01  reply_addr                                      pointer.9 01  reply_len                       pic 9(4)        comp. 9 01  out_len                         pic 9(4)        comp. / 01  abort_msg                       pic x(256). 9 01  bintim                          pic s9(11)v9(7) comp.  * 
 01  msg_buff. -     03  msg_type                    pic x(2). /     03                              pic x(510).  * = 01  insert_employee_msg             redefines       msg_buff.      03  employee_msg. -         05                          pic x(2).          05  employee_detais..             07  EmployeeId          pic 9(10)..             07  LastName            pic x(20)..             07  FirstName           pic x(10)..             07  BirthDate           pic x(23).             07  Address..                 09  line1           pic x(30)..                 09  line2           pic x(30)..             07  City                pic x(15)..             07  Region              pic x(15)..             07  PostalCode          pic x(10)./     03  tip_txn_url                 pic x(128).  *  01  comp_status.I     03                              pic x(2)                value   "22". -     03  commit_flag                 pic x(1).  * 9 01  inet_chan                       pic 9(4)        comp. 	 01  iosb. 9     03  cond_val                    pic 9(4)        comp. 9     03  msg_size                    pic 9(4)        comp. -     03                              pic x(4).  *  01  create_socket.L     03                              pic s9(4)       comp    value   external
 ucx$c_tcp.L     03                              pic s9(4)       comp    value   external	 auxs_def.  * 9 01  sqlcode                         pic 9(9)        comp. E 01  rdb$message_vector                                      external. 9     03 rdb$lu_num_arguments         pic 9(9)        comp. 9     03 rdb$lu_status                pic 9(9)        comp. D     03 rdb$alu_arguments                            occurs 18 times.9         05 rdb$lu_arguments         pic 9(9)        comp.  *  01  sql_ctx.F     03                              pic 9(9)        comp    value   1.F     03                              pic 9(9)        comp    value   1.G     03                              pic 9(9)        comp    value   16. .     03  db_tid                      pic x(16).9     03                              pic 9(9)        comp.  * . 01  tip_tid                         pic x(16).. 01  tip_bid                         pic x(16). * 
 01  dtm_iosb. 9     03  dtm_iosb_status             pic 9(4)        comp. -     03                              pic x(2). 9     03  reason_code                 pic 9(9)        comp.  *  01  syi_item_list.     03  item_nodename.F         05                          pic s9(4)       comp    value   6.L         05                          pic s9(4)       comp    value   external syi$_nodename.A         05                                          pointer value  reference       local_node. A         05                                          pointer value  reference       local_node_len. 9     03                              pic s9(9)       comp.  * - 01  local_node                      pic x(6). 9 01  local_node_len                  pic 9(4)        comp.  * 
 01  syi_iosb. 9     03  syi_cond                    pic s9(9)       comp. -     03                              pic x(4).  *  procedure division.  kick_off section.  00.      call "sys$getsyiw"'         using   by value        0, 0, 0 7                 by reference    syi_item_list, syi_iosb $                 by value        0, 0         giving  sys_status. ;     if sys_status = ss$_normal move syi_cond to sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.        perform open_socket.     perform read_socket.!     perform until msg_type = "99"            evaluate  msg_type@             when    "20"            perform insert_employee_pushD             when    other           display "Unknow message type: ", msg_typeL                                     call "lib$stop" using by value ss$_abort         end-evaluate           perform read_socket        end-perform.       perform close_socket.   
     stop run.  *  open_socket section. 00.      call "sys$assign" *         using   by descriptor   "sys$net:")                 by reference    inet_chan '                 by value        0, 0, 0          giving  sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.        call "sys$qiow" 9         using   by value        0, inet_chan, io$_setmode $                 by reference    iosb$                 by value        0, 0-                 by reference    create_socket -                 by value        0, 0, 0, 0, 0          giving  sys_status. ;     if sys_status = ss$_normal move cond_val to sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.  *  read_socket section. 00.      call "sys$qiow" :         using   by value        0, inet_chan, io$_readvblk$                 by reference    iosb$                 by value        0, 0(                 by reference    msg_buff/                 by value        512, 0, 0, 0, 0          giving  sys_status. ;     if sys_status = ss$_normal move cond_val to sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.   <     display "Rec = *", insert_employee_msg(1:msg_size), "*". *  write_socket section.  00.      call "sys$qiow" :         using   by value       0, inet_chan, io$_writevblk#                 by reference   iosb F                 by value       0, 0, reply_addr, reply_len, 0, 0, 0, 0         giving  sys_status. ;     if sys_status = ss$_normal move cond_val to sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.  *  close_socket section.  00.      call    "sys$qiow">             using   by value        0, inet_chan, io$_deaccess(                     by reference    iosb:                     by value        0, 0, 0, 0, 0, 0, 0, 0             giving  sys_status. ;     if sys_status = ss$_normal move cond_val to sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.   A     call "sys$dassgn" using by value inet_chan giving sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.  *  insert_employee_push section.  00. 6     move function upper-case (BirthDate) to BirthDate.       call "sys$bintim" )         using   by descriptor   BirthDate &                 by reference    bintim         giving  sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.        call "t3$tip_url_to_tid"B         using   by descriptor   tip_txn_url of insert_employee_msg7                                 (1:(msg_size - function  length(employee_msg)))0                 by reference    tip_tid, tip_bid         giving  sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.        call "sys$start_branchw"$         using   by value        0, 0(                 by reference    dtm_iosb$                 by value        0, 0'                 by reference    tip_tid <                 by descriptor   local_node(1:local_node_len)'                 by reference    tip_bid          giving  sys_status. B     if sys_status = ss$_normal move dtm_iosb_status to sys_status.A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.  *      move tip_tid to db_tid.      perform the_insert.  * ,     set reply_addr to reference comp_status.     move 3 to reply_len.     perform write_socket.        if commit_flag = "Y"          perform commit_trans      else perform abort_trans.  *  fini.  *  the_insert section.  00. /     call "set_trans_rw" using sqlcode, sql_ctx. %     if rdb$lu_status not = ss$_normal 2         call "sys$putmsg" using rdb$message_vector1         call "lib$stop" using by value ss$_abort.        call "insert_employee"         using   sqlcode,                  EmployeeId(6:5),                 LastName,                  FirstName,                 Bintim,                  line1,                 line2,                 City,                  Region,                  PostalCode,                  sql_ctx.  %     if rdb$lu_status not = ss$_normal          move "N" to commit_flag          call "sys$putmsg" :                 using   by reference    rdb$message_vector2                         by value        out_msg, 01                         by reference    inet_chan "                 giving  sys_status&         if sys_status not = ss$_normal5             call "lib$stop" using by value sys_status          end-if     else          move "Y" to commit_flag. *  fini.  *  commit_trans section.  00.      call "sys$end_branchw"$         using   by value        0, 0(                 by reference    dtm_iosb$                 by value        0, 00                 by reference    tip_tid, tip_bid         giving  sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.  * "     if dtm_iosb_status = ss$_abort1         display "Couldn't commit - " no advancing "         if reason_code not = zeros             call "sys$getmsg" 3                 using   by value        reason_code /                         by reference    out_len 1                         by descriptor   abort_msg +                         by value        0,0 !                 giving sys_status +              if sys_status not = ss$_normal 9                 call "lib$stop" using by value sys_status               end-if *              display abort_msg (1:out_len)         else)              display "and don't know why"      else+         if dtm_iosb_status not = ss$_normal =               call "lib$stop" using by value dtm_iosb_status.  *  abort_trans section. 00.      call "sys$abort_transw" 0         using   by value        0, ddtm$m_nowait(                 by reference    dtm_iosb$                 by value        0, 0'                 by reference    tip_tid -                 by value        ddtm$_aborted '                 by reference    tip_bid          giving  sys_status. B     if sys_status = ss$_normal move dtm_iosb_status to sys_status.A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.  *  end program demo_tip_auxs. identification division. program-id.    out_msg.  data division. working-storage section.@ 01  io$_writevblk           pic 9(9)    comp    value   external io$_writevblk.L 01  ss$_normal              pic 9(9)    comp    value   external ss$_normal.- 01  sys_status              pic 9(9)    comp.  * 	 01  iosb. -     03  cond_val            pic s9(4)   comp. %     03                      pic x(6).  * 0 01  reply_addr                          pointer.- 01  reply_len               pic 9(4)    comp.  *  01  reply_hdr.=     03  error_id            pic xx              value   "88". %     03  error_len           pic 9(3).  *  linkage section. * 
 01  msg_desc. -     03  msg_len             pic 9(4)    comp. -     03  msg_class           pic 9(4)    comp. 0     03  msg_addr                        pointer. * - 01  inet_chan               pic 9(4)    comp.  *  procedure division         using   msg_desc,                  inet_chan          giving  ss$_normal.  00. 1     move function length(reply_hdr) to reply_len.      move msg_len to error_len.*     set reply_addr to reference reply_hdr.     perform write_socket.        move msg_len to reply_len.      move msg_addr to reply_addr.     perform write_socket.  *  fini.      exit program.  * 
 write_socket.  *      call "sys$qiow" :         using   by value       0, inet_chan, io$_writevblk#                 by reference   iosb F                 by value       0, 0, reply_addr, reply_len, 0, 0, 0, 0         giving  sys_status. ;     if sys_status = ss$_normal move cond_val to sys_status. A     if sys_status not = ss$_normal call "lib$stop" using by value  sys_status.  *  end program out_msg. $! $ cobol/lis demo_tip_auxs.cob  $! $ create demo_tip_auxs_def.mar  L             .title          DEMO_TIP_AUXS_DEF Demo example TIP external data ;+K ;  The following command can be used to create a macro library INET in your  default ' ;  area if one does not already exist:-  ; B ;           $library/create/macro inet.mlb sys$library:ucx$inetdef ; , ;           .library        "sys$login:inet" ; " ;           $inetsymdef     GLOBAL" ;           $siocdef        GLOBAL" ;           $inetacpfsymdef GLOBAL" ;           $inetacpsymdef  GLOBAL" ;           $ineterrdef     GLOBAL ;-"             $ddtmdef        GLOBAL"             $ddtmmsgdef     GLOBAL  +             ucx$c_auxs         ==       127 +             ucx$c_af_inet      ==         2 +             ucx$c_tcp          ==         6 J             auxs_def           ==       <ucx$c_auxs * 256 + ucx$c_af_inet>               .end  ! $ macro/lis demo_tip_auxs_def.mar  $!! $ create demo_tip_auxs_sql.sqlmod    module    dist_sql language  cobol  parameter colons  ( declare pers alias filename mf_personnel   procedure set_trans_rw         sqlcode;  "         set transaction read write:                 reserving pers.employees for shared write;   procedure insert_employee          sqlcode,(         :employee_id            char(5),)         :last_name              char(20), )         :first_name             char(10), )         :birthday               date vms, )         :address_data_1         char(30), )         :address_data_2         char(30), )         :city                   char(15), )         :state                  char(15), (         :postal_code            char(10)	         ;   "         insert into pers.employees                 (                  employee_id,                 last_name,                 first_name,                  birthday,                  address_data_1,                  address_data_2,                  city,                  state,                 postal_code,                 middle_initial,                  sex,                 status_code                  )          values                 (                  :employee_id,                  :last_name,                  :first_name,                 :birthday,                  :address_data_1,                  :address_data_2,                 :city,                 :state,                  :postal_code,                  ' ',                 '?',                 'N'                  ) 	         ;  $! $ sqlmod:==$sql$mod ? $ sqlmod/lis/context=(set_trans_rw,insert_employee)/const=immed " demo_tip_auxs_sql.sqlmod/nowarning $!. $ define/nolog lnk$library sys$library:t3$userE $ link demo_tip_auxs,demo_tip_auxs_def,demo_tip_auxs_sql,sql$user/lib  $!  $ create demo_tip_auxs_input.com $ deck( $! define mf_personnel to_where_it_lives $  run sys$login:demo_tip_auxs $  exit  $ eod  $!) $ ucx set service tip_inetd             - )         /port           = 303           - )         /protocol       = tcp           - )         /process        = tip_auxs      - )         /user_name      = 'server_user' - 7         /file           = 'home_dir'demo_tip_auxs_input  $! $ ucx enable service tip_inetd $! $ exit  : "JF Mezei" <jfmezei.spamnot@teksavvy.com> wrote in message& news:4402B157.DBE9F77C@teksavvy.com...H > With TCPIP Sedvices, $QIO programming, it is possible to have some ASTB > or a mailbox message triggered when a connection has been lost ? > E > For instance, if i have a channel oepned to a foreign host, and the H > internet link is lots (or the remote closes their end abruptly), it isF > possible for my application to be notified of the event ? (as is the  > case with decnet programming). >  >  >  > Second question: > H > The documentation shows how to program a server and specify which port& > the application wishes to listen to. > H > However, if one wants to TCPIP SET SERVICE/PORT=xx,  this will get theF > TCPIP services to create a process when there is a call coming in toE > port XX. How does the application that is started by TCPIP Services J > handle the establishement of the connection since it doesn't necessarily@ > know which port was configured in the TCPIP services utility ?   ------------------------------  % Date: Mon, 27 Feb 2006 04:54:04 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> G Subject: Re: TCPIP: Detecting lost connections + defined service server , Message-ID: <4402CC1F.ED44BA72@teksavvy.com>   Richard Maher wrote: > open_socket section. > 00.  >     call "sys$assign" , >         using   by descriptor   "sys$net:"+ >                 by reference    inet_chan ) >                 by value        0, 0, 0  >         giving  sys_status.     H Thanks, so SYS$NET: is the one to use. I take it translates to something like "_BGxxx:" ?  E And I assume one must then use whatever routies are needed to get the H socket information from which one could find out which local port number
 is involved ?   G (for instance, if the same iamge is used for 2 separate services mapped  to different ports).      I I have to admit, COBOL's interface to system services is certainly clean.    ------------------------------  % Date: Mon, 27 Feb 2006 14:59:49 +0100 , From: Albrecht Schlosser <ajs567@tiscali.de>G Subject: Re: TCPIP: Detecting lost connections + defined service server , Message-ID: <ol0vtd.a2i.ln@news.hus-soft.de>   JF Mezei wrote:  > Richard Maher wrote: >> open_socket section.  >> 00. >>     call "sys$assign"- >>         using   by descriptor   "sys$net:" , >>                 by reference    inet_chan* >>                 by value        0, 0, 0 >>         giving  sys_status. >  > J > Thanks, so SYS$NET: is the one to use. I take it translates to something > like "_BGxxx:" ?   right.    G > And I assume one must then use whatever routies are needed to get the J > socket information from which one could find out which local port number > is involved ?  > I > (for instance, if the same iamge is used for 2 separate services mapped  > to different ports).   You should have:  = SYS$COMMON:[SYSHLP.EXAMPLES.TCPIP]TCPIP$TCP_SERVER_QIO_AUXS.C   ) This might answer most of your questions.    Albrecht   ------------------------------  % Date: Mon, 27 Feb 2006 11:45:46 +0100 + From: Karsten Nyblad <nospam@nospam.nospam> 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? = Message-ID: <4402d851$0$78283$157c6196@dreader1.cybercity.dk>    as400 wrote:H > And no one seemed to answered this question...What make OpenVMS soooooG > secure?? Does it have most services disabled by defualt like OpenBSD? C > Or, does it have full grade military type encryption schematics??   I Secure from what?  Is it going to be secure from some amateur hacker, an  H identity thief, or is it going to be secure from spy organizations?  Is H it going to be secure from tacks from insiders with legal access to the I machine?  Is it going to be secure from hackers attacking it through the   network?  F And what is the machine going to be used for?  Is it going to protect G information of national security, great value, or it it very important  C that the machine is operating 24/7?  E.g., can you accept that the  : operation of the machine gets interrupted by a DOS attack?  H Your nick is as400.  That is the former name of IBMs iSeries computers. 5   What is you interest in the subject of OS security?    ------------------------------  # Date: Mon, 27 Feb 2006 11:56:14 GMT " From:   VAXman-  @SendSpamHere.ORG3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 0 Message-ID: <00A51EF3.5CED251B@SendSpamHere.ORG>  V In article <46f8ksFarqc6U1@individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >  > 4 >In article <JSXX5SVltcKX@eisner.encompasserve.org>,1 >	Kilgallen@SpamCop.net (Larry Kilgallen) writes: m >> In article <1140997192.353939.188310@t39g2000cwt.googlegroups.com>, "as400" <vin42and99@yahoo.com> writes: J >>> And no one seemed to answered this question...What make OpenVMS soooooI >>> secure?? Does it have most services disabled by defualt like OpenBSD?  > ) >Isn't it time to stop feeding the troll?    Feed a reader; starve a troll.   --  K VAXman- A Bored Certified VMS Kernel Mode Hacker   VAXman(at)TMESIS(dot)COM              5   "Well my son, life is like a beanstalk, isn't it?"     ------------------------------  + Date: Mon, 27 Feb 2006 13:34:57 +0000 (UTC)  From: david20@alpha2.mdx.ac.uk3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? ) Message-ID: <dtuv61$5cg$1@news.mdx.ac.uk>   i In article <1140931496.402770.53130@e56g2000cwe.googlegroups.com>, "as400" <vin42and99@yahoo.com> writes: G >What Governent agencies use this highly secure OS?? CIA? NSA? Homeland 8 >Security? Or, is it just used for Scientific Analysis?? > O Stock exchanges, Health care, Lotteries , Chip production (Intel for instance),  Telecom etc   O For a list of a few companies who have given permission for their use of VMS to  be publicised by HP see   . http://h71000.www7.hp.com/success-stories.html   Goverment agencies - probably ! The military certainly eg J-STARS      L There has in the past been some discussion on the number of Military systemsM running VMS on this group  Keith Cayemberg  posted the following in June 2005   ? http://groups.google.com/group/comp.os.vms/msg/5d1dcf1b90744b9c       
 David Webb Security team leader CCSS Middlesex University   ------------------------------    Date: 27 Feb 2006 05:54:34 -0800 From: bob@instantwhip.com 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141048474.227069.290590@i39g2000cwa.googlegroups.com>   3 what are you talking about?  TCPware has the latest / bind, SSH2, captive FTP accounts ... and vms is 2 unhackable as a mail server and webserver at least- with purveyor, because it has no privilidges!    ------------------------------  % Date: Mon, 27 Feb 2006 07:06:46 -0700 6 From: "Michael D. Ober" <obermd.@.alum.mit.edu.nospam>3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? - Message-ID: <iHDMf.3$fp6.608@news.uswest.net>      J MAC OS-X, based on linux, is only secure because very, very few people useL it.  This means that it isn't a target because the assholes who write viruiiJ and trojans go after the biggest guy on the block.  Last year, the US CertL database recorded more security vulnerabilities in linux than Windows XP.  IL don't think any vulnerabilities were recorded in the Core VMS product, but aK handful were recorded in layered products on top of VMS.  For raw security, D I would rate VMS the best, Windows  second, and MAC OS-X third.  ForG practical security, I would rate VMS best, MAX OS-X second (due to tiny ! market share), and Windows third.   # I don't know how secure OpenBSD is.   
 Mike Ober.  / "as400" <vin42and99@yahoo.com> wrote in message < news:1140844548.307730.87790@e56g2000cwe.googlegroups.com...G > I really thought that the UNIX-like OS called OpenBSD www.openbsd.org E > was the most secure unix-like operating system in the world....And,   > maybe even the MacOS-X also... > G > Can someone here please provide me on what makes OpenVMS so secure? I I > know that OpenBSD by dfault comes very secure by default out of the box F > with alot of system services being disabled....But I dont know aboutH > what makes OpenVMS unhackable....Please explain the difference between) > OpenVMS, OpenBSD, or even the MACOSX???  > : > I though the MOST secure OS would be like this in order: > 
 > 1. Mac-OS-X  >  > 2. OpenBSD > C > OpenVMS???? Well.....I dont know about this...Care to explain how  > secure it is?  >  >    ------------------------------    Date: 27 Feb 2006 08:13:39 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 3 Message-ID: <kL2wm0+ZcX4+@eisner.encompasserve.org>   i In article <1140844548.307730.87790@e56g2000cwe.googlegroups.com>, "as400" <vin42and99@yahoo.com> writes:  > C > OpenVMS???? Well.....I dont know about this...Care to explain how  > secure it is?  >   #     "Cool and Unhackable" - DEFCON9   @    Mostly because security isn't based on a faulty design and is    designed in.    ------------------------------  % Date: Mon, 27 Feb 2006 15:27:28 +0100 - From: "Martin Vorlaender" <mv@pdv-systeme.de> 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? + Message-ID: <46ggikFaug47U1@individual.net>    <bob@instantwhip.com> wrote... > TCPware has the latest bind   4 TCPware (and Multinet, too) BIND implementations are still based on version 8.x. ) Certainly NOT the latest and most secure.   & TCP/IP Services comes with a BIND 9.x.   cu,    Martin --  >                         | Martin Vorlaender  |  OpenVMS rules!1  VMS is today what      | work: mv@pdv-systeme.de D  Microsoft wants        |   http://www.pdv-systeme.de/users/martinv/8  Windows NT 8.0 to be!  | home: martin@radiogaga.harz.de   ------------------------------    Date: 27 Feb 2006 08:17:25 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 3 Message-ID: <iCQdV1arFGkK@eisner.encompasserve.org>   i In article <1140931496.402770.53130@e56g2000cwe.googlegroups.com>, "as400" <vin42and99@yahoo.com> writes: H > What Governent agencies use this highly secure OS?? CIA? NSA? Homeland9 > Security? Or, is it just used for Scientific Analysis??  >       All of them.    ------------------------------    Date: 27 Feb 2006 08:19:21 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 3 Message-ID: <N0pUQyxkWIRd@eisner.encompasserve.org>   j In article <1140996029.402274.227160@e56g2000cwe.googlegroups.com>, "as400" <vin42and99@yahoo.com> writes:G > So was it ture that OpenVMS is unkackable claim by many hackers?? Or,  > is it just a "bluff" story?? > B > Im my true opinion, I think the MacOS-X is much much secure thanF > OpenVMS....Now I dont want to start a falme war here, but I I AM NOT= > and repeat.....NOT a MAC-OS fan nor user and will not be...  > @ > The "unhackable" stories told by hackers at the Vegas DEFCON 9F > Convention, was the original OpenVMS, or the Trusted version of VMS? >   A    OS X is good, but not as secure as VMS.  The devil _is_ in the     details.   3    The unhackable attribution from DEFCON9 is real.    ------------------------------  # Date: Mon, 27 Feb 2006 14:25:50 GMT " From:   VAXman-  @SendSpamHere.ORG3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 0 Message-ID: <00A51F08.433BB53D@SendSpamHere.ORG>  f In article <iHDMf.3$fp6.608@news.uswest.net>, "Michael D. Ober" <obermd.@.alum.mit.edu.nospam> writes: >  >  > K >MAC OS-X, based on linux, is only secure because very, very few people use M >it.  This means that it isn't a target because the assholes who write viruii K >and trojans go after the biggest guy on the block.  Last year, the US Cert M >database recorded more security vulnerabilities in linux than Windows XP.  I M >don't think any vulnerabilities were recorded in the Core VMS product, but a L >handful were recorded in layered products on top of VMS.  For raw security,E >I would rate VMS the best, Windows  second, and MAC OS-X third.  For H >practical security, I would rate VMS best, MAX OS-X second (due to tiny" >market share), and Windows third.  H If you're going to contribute to this conversation, please get the factsD straight first.  OS X is NOT based on Linux; it is based on OpenBSD.  J I have also seen the argument -- which I have always felt as been support-J ed by specious correlation -- that the volume player will be the one that J is going to have worst track record because it's being targetted the most.H Perhaps, it's just because it's so easy to hack and not because there is just more there to be hacked.      --  K VAXman- A Bored Certified VMS Kernel Mode Hacker   VAXman(at)TMESIS(dot)COM              5   "Well my son, life is like a beanstalk, isn't it?"     ------------------------------    Date: 27 Feb 2006 08:26:06 -0600- From: Kilgallen@SpamCop.net (Larry Kilgallen) 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 3 Message-ID: <$kcscd7B882t@eisner.encompasserve.org>   \ In article <44026EA7.F971632B@teksavvy.com>, JF Mezei <jfmezei.spamnot@teksavvy.com> writes: > Larry Kilgallen wrote:D >> Even if one accepts that paragraph, it in no way matches the term >> "Encryption Schematics".  > I > In a way it does. If VMS lags behind the others with software, it means F > it cannot implement the lastest and greatest encryption and security, > technologies that the others systems have.  A That may be "encryption", and it might even be a VMS shortcoming, , but it is still not "encryption schematics".   ------------------------------    Date: 27 Feb 2006 08:28:33 -0600- From: Kilgallen@SpamCop.net (Larry Kilgallen) 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 3 Message-ID: <jQlKmxnpdoSY@eisner.encompasserve.org>   \ In article <44027BEB.4EDE0E7F@teksavvy.com>, JF Mezei <jfmezei.spamnot@teksavvy.com> writes: > David J Dachtera wrote: K >> VMS itself (not including the IP stacks) resists break-ins in many ways, / >> not the least of which is break-in evasion.   > D > VMS didn't always have the current level of break-in detection and& > evasion, the intrusion database etc.  = And the very first version of VMS did not have indexed files.   < But breakin evasion has been there for 15 years.  The recent= change (5 years ago) has to make the accounting cluster-wide.    ------------------------------    Date: 27 Feb 2006 06:58:51 -0800- From: "Andrew" <andrew_harrison@symantec.com> 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141052331.943570.107180@z34g2000cwc.googlegroups.com>    Bob Koehler wrote:k > In article <1140844548.307730.87790@e56g2000cwe.googlegroups.com>, "as400" <vin42and99@yahoo.com> writes:  > > E > > OpenVMS???? Well.....I dont know about this...Care to explain how  > > secure it is?  > >  > % >     "Cool and Unhackable" - DEFCON9  >   D I don't have an opinion on the relative merits of OpenVMS or OpenBSDE though one would conclude that the ready availability of source makes  OpenBSD easier to compromise  F That said as you may well remember that 99.9% of the hackers attendingE DEFCON9 and participating in the capture the flag excercise you refer G to had no idea what OpenVMS was. On the other hand most of them had the C kernel/library source code for the vunerabilities they attempted to B exploit on the other platforms. In the circumstances it would been: truly remarkable if anyone had sucessfully hacked OpenVMS.  < Regretably these facts reduce the impact of your point to 0.   Regards  Andrew Harrison    ------------------------------  % Date: Mon, 27 Feb 2006 16:09:38 +0100 - From: "Martin Vorlaender" <mv@pdv-systeme.de> 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? + Message-ID: <46gj1mFb2su1U1@individual.net>   0 "Andrew" <andrew_harrison@symantec.com> wrote... > Bob Koehler wrote:' > >     "Cool and Unhackable" - DEFCON9  ... H > That said as you may well remember that 99.9% of the hackers attendingG > DEFCON9 and participating in the capture the flag excercise you refer I > to had no idea what OpenVMS was. On the other hand most of them had the E > kernel/library source code for the vunerabilities they attempted to ! > exploit on the other platforms.   C I don't think so. The people you are thinking of are called "Script 	 Kiddies", * and those certainly don't attend a DEFCON.  $ > In the circumstances it would been< > truly remarkable if anyone had sucessfully hacked OpenVMS.  , See http://www.vmsone.com/~opcom/defcon9.htm  I "...a lot of interest was generated by it. In the spirit of spreading the I good word and educating the people about VMS, we ended up answering a lot G of questions about VMS, and showing how the machine automagically added H user accounts, and demonstrated the various terminal games and web pagesG which had been created. We were also aware that, in this crowd of 5000+ J hackers, someone might be able to weasel their way into the machine if any& security measures were taken lightly."   cu,    Martin --  B    Emacs would be a great   | Martin Vorlaender  |  OpenVMS rules!5    operating system,        | work: mv@pdv-systeme.de H    if only it came with     |   http://www.pdv-systeme.de/users/martinv/<    a decent editor...       | home: martin@radiogaga.harz.de   ------------------------------    Date: 27 Feb 2006 07:13:55 -0800- From: "Andrew" <andrew_harrison@symantec.com> 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141053235.545279.179730@j33g2000cwa.googlegroups.com>    JF Mezei wrote:  > David J Dachtera wrote: L > > VMS itself (not including the IP stacks) resists break-ins in many ways,/ > > not the least of which is break-in evasion.  > D > VMS didn't always have the current level of break-in detection and& > evasion, the intrusion database etc. >  > I > Some have said that for Unix, there is "nothing or everything" level of H > privileges and only 2 modes/rings of OS protection. Can anyone confirm? > that this is STILL true of all Unix systems including Tru64 ?  >   B Its certainly not true for Solaris at least from the administrator< perspective. You can do away with the root user if you wish.   Regards  Andrew Harrison    ------------------------------    Date: 27 Feb 2006 07:47:37 -0800 From: bob@instantwhip.com 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141055257.792587.156710@i39g2000cwa.googlegroups.com>   ; here you go Andrew, another unix variant bites the dust ...   Q http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html    ------------------------------    Date: 27 Feb 2006 07:48:53 -0800 From: bob@instantwhip.com 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141055333.066039.219400@p10g2000cwp.googlegroups.com>   E ok, how about we compare it with something more recent, say mac os x?   Q http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html    ------------------------------    Date: 27 Feb 2006 07:49:26 -0800 From: bob@instantwhip.com 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141055366.133982.258860@t39g2000cwt.googlegroups.com>   , os x is good?  read this and try that again!  Q http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html    ------------------------------    Date: 27 Feb 2006 07:50:33 -0800 From: bob@instantwhip.com 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141055433.603264.169710@i39g2000cwa.googlegroups.com>   / and trying them on OpenVMS would just result in    "ACCESS VIOLATION ERROR"   ------------------------------  + Date: Mon, 27 Feb 2006 15:45:34 +0000 (UTC)  From: david20@alpha2.mdx.ac.uk3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? ) Message-ID: <dtv6qu$7k8$1@news.mdx.ac.uk>   S In article <00A51F08.433BB53D@SendSpamHere.ORG>, VAXman-  @SendSpamHere.ORG writes: g >In article <iHDMf.3$fp6.608@news.uswest.net>, "Michael D. Ober" <obermd.@.alum.mit.edu.nospam> writes:  >> >> >>  L >>MAC OS-X, based on linux, is only secure because very, very few people useN >>it.  This means that it isn't a target because the assholes who write viruiiL >>and trojans go after the biggest guy on the block.  Last year, the US CertN >>database recorded more security vulnerabilities in linux than Windows XP.  IN >>don't think any vulnerabilities were recorded in the Core VMS product, but aM >>handful were recorded in layered products on top of VMS.  For raw security, F >>I would rate VMS the best, Windows  second, and MAC OS-X third.  ForI >>practical security, I would rate VMS best, MAX OS-X second (due to tiny # >>market share), and Windows third.  > I >If you're going to contribute to this conversation, please get the facts E >straight first.  OS X is NOT based on Linux; it is based on OpenBSD.  > K >I have also seen the argument -- which I have always felt as been support- K >ed by specious correlation -- that the volume player will be the one that  K >is going to have worst track record because it's being targetted the most. I >Perhaps, it's just because it's so easy to hack and not because there is   >just more there to be hacked.   >   M Yes the idea that Windows is as secure as other operating systems but it just M gets more security alerts because there are so many more systems to attack is D easily disproved. Just compare the security record of IIS to Apache.I There are far far more Apache webservers than IIS webservers yet although : Apache has had a few vulnerabilities IIS has had far more.    
 David Webb Security team leader CCSS Middlesex University     >-- L >VAXman- A Bored Certified VMS Kernel Mode Hacker   VAXman(at)TMESIS(dot)COM >           6 >  "Well my son, life is like a beanstalk, isn't it?"    ------------------------------   Date: 27 Feb 2006 16:24:48 GMT( From: bill@cs.uofs.edu (Bill Gunshannon)3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? + Message-ID: <46gnegFb42kqU1@individual.net>   C In article <1141055257.792587.156710@i39g2000cwa.googlegroups.com>,  	bob@instantwhip.com writes:= > here you go Andrew, another unix variant bites the dust ...  > S > http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html  >   B Yeah Bob, and your very own reference may explain why VMS is still (apparently) invuulnerable.     I       "All it takes is a certain level of interest on the part of hackers G        and security researchers to increase the threats associated with          any platform, they said."  H Thus, no threats is just as likely to mean no interest as real security.  D      ""All software has bugs, and a certain percentage of those bugsH       will be security vulnerabilties," said Ira Winkler, an independent>       security analyst and author of the book Spies Among Us.   I       And given enough of an installed base and interest in a technology, K       the likelihood of such vulnerabilties being discovered also increases J       significantly, said Pete Lindstrom, an analyst at Spire Security LLC       in Malvern, Pa."    H Not arguing that VMS isn't secure, only that it may well be its relativeI obscurity  and sinking installed base that keeps it that way.  Of course, H the good news is that isn't likely to change any time soon.  And the bad5 news is that it isn't likely to change any time soon.    bill   --  J Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolvesD bill@cs.scranton.edu     |  and a sheep voting on what's for dinner. University of Scranton   |A Scranton, Pennsylvania   |         #include <std.disclaimer.h>       ------------------------------    Date: 27 Feb 2006 08:37:02 -0800- From: "Andrew" <andrew_harrison@symantec.com> 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? B Message-ID: <1141058222.858986.36720@u72g2000cwu.googlegroups.com>   bob@instantwhip.com wrote:= > here you go Andrew, another unix variant bites the dust ...  > S > http://www.computerworld.com/securitytopics/security/story/0,10801,109008,00.html   D In case you hadn't noticed OS-X is not a Solaris derivative. LumpingB all the UNIX platforms together is excatly the same tactic used byC Microsoft to try to prove that Windows is statistically more secure 
 than UNIX.  E It didn't work for them so what made you think it would work for you.    Regards  Andrew Harrison    ------------------------------    Date: 27 Feb 2006 11:38:15 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? 3 Message-ID: <L43dDRfQTjsM@eisner.encompasserve.org>   f In article <iHDMf.3$fp6.608@news.uswest.net>, "Michael D. Ober" <obermd.@.alum.mit.edu.nospam> writes: >   L > MAC OS-X, based on linux, is only secure because very, very few people use  F    OS X is not based on Linux.  It does not have the Linux kernel.  It:    does use some of the same gnu tools.  gnu is not Linux.   ------------------------------    Date: 27 Feb 2006 10:21:47 -0800 From: bob@instantwhip.com 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141064507.485135.115500@v46g2000cwv.googlegroups.com>   , osx = openbsd = unix = linux = security risk! windoze = windoze = security risk < openvms = 13 certs in 15 years = defcon9 unhackable = secure   ------------------------------    Date: 27 Feb 2006 10:07:28 -0800- From: "Andrew" <andrew_harrison@symantec.com> 3 Subject: Re: Whats MORE Secure? OpenVMS or OpenBSD? C Message-ID: <1141063648.210059.187500@t39g2000cwt.googlegroups.com>    Michael Moroney wrote:( > "as400" <vin42and99@yahoo.com> writes: > F > >Can someone here please provide me on what makes OpenVMS so secure? > : > The reasons are far too many to list, but here are some: > J > 0) VMS was written by paranoid people who knew what they were doing. :-) > J > 1) So many Unix and Mickeysoft exploits are buffer overruns by supplyingK >    something which expects a null terminated string a huge amount of data H >    with no nulls, which overwrites something.  VMS system services useI >    descriptors, with a fixed or maximum length.  That much data, and no 
 >    more. > K > 2) VMS has 4 layers of security between user code and the kernel, so even K >    if you find a buffer overrun you just kill just the image and you find G >    yourself back at the prompt.  Unix just has two (user and kernel). K >    The four are user, supervisor (equivalent to protecting the unix shell I >    from user programs), executive (filesystem) and kernel.  VMS code at I >    the inner layers check whether data or memory supplied by outer code & >    can be acessed by the outer code. > N > 3) Unix has two levels of accounts, ordinary accounts, and root with godlikeH >    powers.  VMS can give accounts limited privilege to do one or a fewM >    types of privileged function _and nothing else_.  Granted, some of these F >    can be taken advantage of to give you everything, but most don't. >   @ Some UNIX's only have 2 levels of account but the largest volumeD commercial UNIX Solaris has similar account capabilities to OpenVMS.  K > 4) Same as 3) but for specific programs/images.  Kinda like an executable G >    file owned by root with 's' file protection, but only for specific K >    privileged functions.  For example, ordinary processes can't affect or N >    even see processes owned by another user unless it has a privilege calledJ >    'world'.  But you can type $ SHOW SYSTEM and see all the processes onH >    the system from any account because that command runs an image withM >    'world' privilege.  But that image can't be taken advantage of to bypass " >    file protection, for example. >    Ditto    Regards  Andrew Harrison    ------------------------------   End of INFO-VAX 2006.116 ************************