INFO-VAX Mon, 02 Jul 2007 Volume 2007 : Issue 357 Contents: Re: cURL 7.16.3 available Re: gSOAP on OpenVMS? VMS as Web Service *client* Re: Mildly good news for OMX Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option RE: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option RE: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option RE: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option RE: Question to Kerry Main Re: Question to Kerry Main Re: SIMH networking Re: SOA and VMS stuff Re: SOA and VMS stuff Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: TCPIP$GET_MX: getmxrr() failed Re: TCPIP$GET_MX: getmxrr() failed Ten years ago... Re: Ten years ago... Re: Ten years ago... Re: Ten years ago... RE: Ten years ago... Re: UCX Printer connection Via LPD Re: VMS - Alpha Server - Software AG Tamino Replacement Re: VMS - Alpha Server - Software AG Tamino Replacement VMS security vulnerability (POP server) Re: VMS security vulnerability (POP server) Re: VMS security vulnerability (POP server) ---------------------------------------------------------------------- Date: Sun, 01 Jul 2007 20:30:44 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: cURL 7.16.3 available Message-ID: <46884734$0$90270$14726298@news.sunsite.dk> Jean-François Piéronne wrote: > is there any interest to include pycURL in Python for VMS? > I remember it was request once. > > From http://pycurl.sourceforge.net/ > """ > PycURL is a Python interface to libcurl. PycURL can be used to fetch > objects identified by a URL from a Python program, similar to the urllib > Python module. PycURL is mature, very fast, and supports a lot of features. > """ As a general rule: the more freeware available for VMS the better ! Arne ------------------------------ Date: Sun, 01 Jul 2007 16:03:32 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: gSOAP on OpenVMS? VMS as Web Service *client* Message-ID: <46880894$0$90275$14726298@news.sunsite.dk> Bill Gunshannon wrote: > In article <468717cc$0$90266$14726298@news.sunsite.dk>, > Arne Vajhøj writes: >> JF Mezei wrote: >>> Malcolm Dunnett wrote: >>>>> Same here. I currently do SOAP client >>> We don't really to know what you do to your clients :-) >>> >>> I use SOAP in the shower every morning though :-) >> You don't capitalize all letters in that SOAP. > > Of course you do. People here have long said that mixed case is > not necessary. That's why VMS only has uppercase. :-) :-) That was a fine point !!!! Arne ------------------------------ Date: Sun, 01 Jul 2007 20:32:35 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: Mildly good news for OMX Message-ID: <468847a3$0$90270$14726298@news.sunsite.dk> JF Mezei wrote: > Sounds like a chess game. > > LSE (London Stock Exchange) wants to buy the italian bourse. (stock > exchange). > > During its failed attempt to buy LSE, NSADAQ did acquire a 30% stake of > LSE, and according to an analyst heard on BBC, it also struck a deal > with LSE where NASDAQ could dictate technology used by the LSE. > > The analyst then pointed to NASDAQ obtaining OMX and being able to > dictate the LSE use that platform. > > But the plot thickens. If LSE does buy the Boursa Italiana, it would > dilute the NASDAQ stake in the combined bourses and thus reduce its > decision power at the LSE. > > This is more heresay than fact, but it is a sign that NASDAQ may see the > OMX platform as an asset instead of just wanting to convert OMX > customers to the NASDAQ platform. I can not really see anything in the previous that leads to that conclusion. Arne ------------------------------ Date: Sun, 01 Jul 2007 14:14:40 -0400 From: JF Mezei Subject: Re: OpenVMS - When downtime is not an option Message-ID: <86b1$4687ef38$cef8887a$1335@TEKSAVVY.COM> Bill Todd wrote: > Please explain exactly how a virus, trojan, or worn can infect a server > via any legitimate use of email on that server. Over the years, there have been plenty of pathces issued to prevent such things from happening on many of the unix SMTP servers. (think buffer overflow with a TO FROM etc that are way too long and contain code). ------------------------------ Date: Sun, 01 Jul 2007 14:36:11 -0400 From: Bill Todd Subject: Re: OpenVMS - When downtime is not an option Message-ID: JF Mezei wrote: > Bill Todd wrote: >> Please explain exactly how a virus, trojan, or worn can infect a >> server via any legitimate use of email on that server. > > Over the years, there have been plenty of pathces issued to prevent such > things from happening on many of the unix SMTP servers. (think buffer > overflow with a TO FROM etc that are way too long and contain code). You're as welcome as Paul is to provide a *specific* example of such an exposure in a current Windows environment, JF. Otherwise, stop blowing the same kind of hot air that Kerry so often does: it's not responsive to the challenge that I posed (but then hot air never is, is it). - bill ------------------------------ Date: Sun, 1 Jul 2007 15:53:18 -0500 From: "Paul Raulerson" Subject: RE: OpenVMS - When downtime is not an option Message-ID: <001301c7bc21$daa7a130$8ff6e390$@com> I replied to you in private with at least one example, but if you insist on going public with this rudeness, look at MS07-026. It was a MIME vulnerability that allowed remote code execution. And it was rated as CRITICAL for all versions of MS Exchange Server that it applied to. That was from May the 8th. There were also three other important patches to apply - in the same release. Depending upon what version of exchange server you are running. http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx Oh yes, and if you are thinking that in only one, you need to go read the patch database, and also realize a :Windows: installation usually includes not only Windows, but Office, Exchange, IIS, DNS, DHCP, RPC, Active Directory, and tens or hundreds of other components. And as I pointed out in private, Microsoft, SAN, and CERT *all* recommend keeping your server patches up to date. You may believe you know more than all three of those organizations put together... there may even be one or two people around who believe you. -Paul > -----Original Message----- > From: Bill Todd [mailto:billtodd@metrocast.net] > Sent: Sunday, July 01, 2007 1:36 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: OpenVMS - When downtime is not an option > > JF Mezei wrote: > > Bill Todd wrote: > >> Please explain exactly how a virus, trojan, or worn can infect a > >> server via any legitimate use of email on that server. > > > > Over the years, there have been plenty of pathces issued to prevent > such > > things from happening on many of the unix SMTP servers. (think buffer > > overflow with a TO FROM etc that are way too long and contain code). > > You're as welcome as Paul is to provide a *specific* example of such an > exposure in a current Windows environment, JF. Otherwise, stop blowing > the same kind of hot air that Kerry so often does: it's not responsive > to the challenge that I posed (but then hot air never is, is it). > > - bill ------------------------------ Date: Sun, 01 Jul 2007 18:51:03 -0400 From: Bill Todd Subject: Re: OpenVMS - When downtime is not an option Message-ID: <59udnexKr8aFrRXbnZ2dnUVZ_rLinZ2d@metrocastcablevision.com> Paul Raulerson wrote: > I replied to you in private with at least one example, but if you insist on > going public with this rudeness, If you consider what I wrote to JF to be rude, you're as incompetent in that area of analysis as you appear to be elsewhere. I'll attempt to educate you in both subjects at once - don't bother to thank me. > look at MS07-026. It was a MIME > vulnerability that allowed remote code execution. And it was rated as > CRITICAL for all versions of MS Exchange Server that it applied to. That was > from May the 8th. Well, the first thing one notices about MS07-026 is that it has nothing to do with Windows per se but is rather a group of Exchange-Server-specific exposures. So these are exposures which only people who elect to use Exchange Server are liable to (and anyone with the option to use a different OS platform/email server in the first place could instead just elect to use a different email server on Windows to avoid such exposure while still using the Windows platform). The second thing one notices is that, despite the dire warnings that Microsoft rightly cries out, the apparent effect of a successful MIME exploit is to obtain the rights under which Exchange Server is running. Now, it's not immediately clear why an email server should require any special execution rights on the server OS: it obviously needs to implement its own security perimeter covering the services that it provides to clients, but that needn't entail running privileged locally. Still, if all the box does is provide Exchange services, then even Exchange-Server-specific compromises count as server outages, I guess - just another good reason to run non-MS email software (an option I tangentially touched upon in an earlier response, by the way) but hardly a reason to fault Windows as a server platform. > > There were also three other important patches to apply - in the same > release. Depending upon what version of exchange server you are running. > > http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx All right - might as well take a look at those while we're at it: The first such 'important patch' fixes an exposure that requires that a user open a specially-crafted email attached script *while* accessing that email via Outlook Web Access (rather than via normal email access mechanisms such as Outlook and its non-MS alternatives already provide - note that Microsoft recommends disabling OWA as its first suggested 'work-around'). Even for users (and the administrators who presumably control their environments) rash enough to allow unsupervised script execution in email in the first place (by default the 'Restricted Zone' used by Outlook does not, last I knew) *and* to open unknown attachments, all that happens is that the attacker acquires whatever power that user has in the context of that OWA session - likely less power than uncontrolled script execution could attain in a malicious email attachment that such an imprudent user chose to execute *outside* OWA. The second such 'important patch' fixes a denial-of-service exposure, whereby a malformed calendar/scheduling email attachment could bring down the Exchange Server application. So unless an enterprise actually has some reason to believe that it's about to be attacked in such a fashion, it could quite reasonably just file the patch for application at some future date; otherwise, it has the option to require connection authentication for SMTP (by default Exchange already does for other protocols) as a temporary work-around to guard against external attack if installing the patch immediately is inconvenient. The third such 'important patch' was another DOS exposure involving deliberately-malformed IMAP requests. Again, unless an organization had reason to believe that such an attack was likely, it could just wait for a convenient time to apply the patch; otherwise, it could avoid external exposure by blocking incoming IMAP requests on TCP port 143 in its perimeter firewall. By the way, not one of the four exposures described in this bulletin had actually been encountered in the wild: they were all discovered by researchers and reported to MS. Since you brought up http://www.microsoft.com/technet/security/bulletin/MS07-031.mspx in a private continuation of your drivel, I might as well address that too. Since this involves at worst a DOS attack in Win2K (and Windows Server 2003) I didn't find it all that important for our systems; it does appear to be more critical for XP - though even there the *likely* result of an attack is DOS rather than seriously compromising security (e.g., by allowing an attacker to acquire more local privileges than the user had). In all cases, a user must be persuaded to visit a Web site that attempts to instantiate a maliciously-malformed SSL/TLS connection - something that really shouldn't happen on a *server* anyway. > > Oh yes, and if you are thinking that in only one, you need to go read the > patch database, and also realize a :Windows: installation usually includes > not only Windows, but Office, Exchange, IIS, DNS, DHCP, RPC, Active > Directory, and tens or hundreds of other components. Which people like you and Kerry would love to include in your monthly-patch-count alarmism, while conveniently ignoring the fact that exposures in equivalent layered applications don't appear in the CERT stats for competing platforms (and the fact that the same application software used on those other server platforms more often than not can be used on Windows as well). > > And as I pointed out in private, Microsoft, SAN, and CERT *all* recommend > keeping your server patches up to date. You may believe you know more than > all three of those organizations put together... there may even be one or > two people around who believe you. I think most people here have a pretty good understanding of whom to believe and who the bullshit artists are in this forum, Paul. Stick around for a while and you may as well. Hey, *I* recommend keeping patches up to date - when there's no good reason not to. I just understand the difference between generalizations and specifics (and any competent server administrator had better learn the difference as well). - bill ------------------------------ Date: Sun, 01 Jul 2007 20:52:57 -0400 From: JF Mezei Subject: Re: OpenVMS - When downtime is not an option Message-ID: Bill Todd wrote: > Now, it's not immediately clear why an email server should require any > special execution rights on the server OS: Dah ! Write into any user's mailbox. Do me a favour and look at the privs given to the SMTP_node_01 process on your node ? You don't have one, let me show you: > $ show proc/id=23800569/priv > > 1-JUL-2007 20:51:41.99 User: SYSTEM Process ID: 23800569 > Node: CHAIN Process name: "SMTP_CHAIN_01" > > Authorized privileges: > AUDIT CMKRNL SETPRV > > Process privileges: > ALTPRI may set any priority value > AUDIT may direct audit to system security audit log > BYPASS may bypass all object access controls > CMKRNL may change mode to kernel > LOG_IO may do logical i/o > NETMBX may create network device > OPER may perform operator functions > SETPRV may set any privilege bit > SYSPRV may access objects via system protection > TMPMBX may create temporary mailbox > WORLD may affect other processes in the world > > Process rights: > SYSTEM resource > > System rights: > SYS$NODE_CHAIN > > Soft CPU Affinity: off And that is not all, it makes use of the callable mail to actually deposit messages to people's local mailboxes, and the callable mail is also installed with privileges. Remember that Windows software has traditionally been installed with way mre privileges than absolutely required. So if VMS's symbiont ha SMKRNL and SETPRV and AUDIT, just think about what Exchange might have ? ------------------------------ Date: Sun, 1 Jul 2007 20:23:51 -0500 From: "Paul Raulerson" Subject: RE: OpenVMS - When downtime is not an option Message-ID: <000a01c7bc47$a638aae0$f2aa00a0$@com> Oh- I don't think I have any problem discerning who is full of cow droppings. When you get rid of that huge chip on your shoulder and grow up, you may be fun to discuss things with. Currently, your idea of conversation is sophomoric; further, you exhibit little or no real experience about what you are speaking of. I do not, by any stretch of the imagination claim expert status in VMS or anything DEC except for old Singer-Link Flight Simulators. I doubt any of those are still in service, they are about as long in the tooth as I am. On the other hand, I have a lot of multi-system experience, I ain't dumb, I work for people even smarter than I am, and I have a lot of friends who are even smarter than they are. Shrug - talk to me in a few years. Time will prove one of us wrong. -Paul > -----Original Message----- > From: Bill Todd [mailto:billtodd@metrocast.net] > Sent: Sunday, July 01, 2007 5:51 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: OpenVMS - When downtime is not an option > > Paul Raulerson wrote: > > I replied to you in private with at least one example, but if you > insist on > > going public with this rudeness, > > If you consider what I wrote to JF to be rude, you're as incompetent in > that area of analysis as you appear to be elsewhere. I'll attempt to > educate you in both subjects at once - don't bother to thank me. > > > look at MS07-026. It was a MIME > > vulnerability that allowed remote code execution. And it was rated as > > CRITICAL for all versions of MS Exchange Server that it applied to. > That was > > from May the 8th. > > Well, the first thing one notices about MS07-026 is that it has nothing > to do with Windows per se but is rather a group of > Exchange-Server-specific exposures. So these are exposures which only > people who elect to use Exchange Server are liable to (and anyone with > the option to use a different OS platform/email server in the first > place could instead just elect to use a different email server on > Windows to avoid such exposure while still using the Windows platform). > > The second thing one notices is that, despite the dire warnings that > Microsoft rightly cries out, the apparent effect of a successful MIME > exploit is to obtain the rights under which Exchange Server is running. > Now, it's not immediately clear why an email server should require > any > special execution rights on the server OS: it obviously needs to > implement its own security perimeter covering the services that it > provides to clients, but that needn't entail running privileged > locally. > > Still, if all the box does is provide Exchange services, then even > Exchange-Server-specific compromises count as server outages, I guess - > just another good reason to run non-MS email software (an option I > tangentially touched upon in an earlier response, by the way) but > hardly > a reason to fault Windows as a server platform. > > > > > There were also three other important patches to apply - in the same > > release. Depending upon what version of exchange server you are > running. > > > > http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx > > All right - might as well take a look at those while we're at it: > > The first such 'important patch' fixes an exposure that requires that a > user open a specially-crafted email attached script *while* accessing > that email via Outlook Web Access (rather than via normal email access > mechanisms such as Outlook and its non-MS alternatives already provide > - > note that Microsoft recommends disabling OWA as its first suggested > 'work-around'). Even for users (and the administrators who presumably > control their environments) rash enough to allow unsupervised script > execution in email in the first place (by default the 'Restricted Zone' > used by Outlook does not, last I knew) *and* to open unknown > attachments, all that happens is that the attacker acquires whatever > power that user has in the context of that OWA session - likely less > power than uncontrolled script execution could attain in a malicious > email attachment that such an imprudent user chose to execute *outside* > OWA. > > The second such 'important patch' fixes a denial-of-service exposure, > whereby a malformed calendar/scheduling email attachment could bring > down the Exchange Server application. So unless an enterprise actually > has some reason to believe that it's about to be attacked in such a > fashion, it could quite reasonably just file the patch for application > at some future date; otherwise, it has the option to require connection > authentication for SMTP (by default Exchange already does for other > protocols) as a temporary work-around to guard against external attack > if installing the patch immediately is inconvenient. > > The third such 'important patch' was another DOS exposure involving > deliberately-malformed IMAP requests. Again, unless an organization > had > reason to believe that such an attack was likely, it could just wait > for > a convenient time to apply the patch; otherwise, it could avoid > external > exposure by blocking incoming IMAP requests on TCP port 143 in its > perimeter firewall. > > By the way, not one of the four exposures described in this bulletin > had > actually been encountered in the wild: they were all discovered by > researchers and reported to MS. > > Since you brought up > http://www.microsoft.com/technet/security/bulletin/MS07-031.mspx in a > private continuation of your drivel, I might as well address that too. > Since this involves at worst a DOS attack in Win2K (and Windows Server > 2003) I didn't find it all that important for our systems; it does > appear to be more critical for XP - though even there the *likely* > result of an attack is DOS rather than seriously compromising security > (e.g., by allowing an attacker to acquire more local privileges than > the > user had). > > In all cases, a user must be persuaded to visit a Web site that > attempts > to instantiate a maliciously-malformed SSL/TLS connection - something > that really shouldn't happen on a *server* anyway. > > > > > Oh yes, and if you are thinking that in only one, you need to go read > the > > patch database, and also realize a :Windows: installation usually > includes > > not only Windows, but Office, Exchange, IIS, DNS, DHCP, RPC, Active > > Directory, and tens or hundreds of other components. > > Which people like you and Kerry would love to include in your > monthly-patch-count alarmism, while conveniently ignoring the fact that > exposures in equivalent layered applications don't appear in the CERT > stats for competing platforms (and the fact that the same application > software used on those other server platforms more often than not can > be > used on Windows as well). > > > > > And as I pointed out in private, Microsoft, SAN, and CERT *all* > recommend > > keeping your server patches up to date. You may believe you know more > than > > all three of those organizations put together... there may even be > one or > > two people around who believe you. > > I think most people here have a pretty good understanding of whom to > believe and who the bullshit artists are in this forum, Paul. Stick > around for a while and you may as well. > > Hey, *I* recommend keeping patches up to date - when there's no good > reason not to. I just understand the difference between > generalizations > and specifics (and any competent server administrator had better learn > the difference as well). > > - bill ------------------------------ Date: Sun, 01 Jul 2007 22:50:30 -0400 From: Bill Todd Subject: Re: OpenVMS - When downtime is not an option Message-ID: JF Mezei wrote: > Bill Todd wrote: > >> Now, it's not immediately clear why an email server should require >> any special execution rights on the server OS: > > Dah ! Write into any user's mailbox. Well, I suppose an incompetent implementation might. A more reasonable implementation certainly wouldn't require a client account on the server for every remote email recipient that it served: it would instead collect all email under its server account storage, use its own security mechanisms to gate external access to those resources appropriately, and run unprivileged on the server so that should its own integrity be compromised it would not also compromise the integrity of all other server applications that might be running there (and vice versa). Such an approach would, incidentally, also make the code considerably more portable, as it would be largely OS-independent. Now, limited portions of the software that distributes email on a multi-user *end-user* system might want to be privileged in order to be able to dump each recipient's email in a location where a per-client email application could then read it upon user request - especially in cases where there was no remote server to hold such email until an on-demand unprivileged client application might ask for it remotely. Perhaps you're just confused about the difference between client and server software here: that would be pretty typical for you. - bill ------------------------------ Date: Sun, 01 Jul 2007 23:03:45 -0400 From: Bill Todd Subject: Re: OpenVMS - When downtime is not an option Message-ID: Paul Raulerson wrote: ... I have a lot of multi-system experience, I ain't dumb, I > work for people even smarter than I am, and I have a lot of friends who are > even smarter than they are. Ah, yes: when you have nothing substantive to offer and the few flailing attempts you have made to be specific have had the legs thoroughly knocked out from beneath them, just fall back on vague appeals to alleged authority and hope that the audience will be undiscerning enough to swallow them whole. It's the American Way, after all - and has been to a large degree since well before "The Peter Principle" entered our lexicon almost four decades ago. If you wonder why such behavior is treated with a fair amount of derision here, it's to a significant degree because it's the same kind of incompetence that brought VMS and its customers to the uncomfortable state they face today. Maybe by the standards of your peer group you really aren't that dumb, but I'm afraid that the standards I became accustomed to at DEC 20 - 30 years ago are considerably higher than you can possibly imagine in this area. So I guess there's really not much common ground here, and on that note I'll sign off. - bill ------------------------------ Date: Sun, 1 Jul 2007 22:33:54 -0500 From: "Paul Raulerson" Subject: RE: OpenVMS - When downtime is not an option Message-ID: <000e01c7bc59$d1271860$73754920$@com> I can recommend some good mental health counselors. You would be well advised to take advantage of them, something is definitely not going well for you. Paul > -----Original Message----- > From: Bill Todd [mailto:billtodd@metrocast.net] > Sent: Sunday, July 01, 2007 10:04 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: OpenVMS - When downtime is not an option > > Paul Raulerson wrote: > > ... > > I have a lot of multi-system experience, I ain't dumb, I > > work for people even smarter than I am, and I have a lot of friends > who are > > even smarter than they are. > > Ah, yes: when you have nothing substantive to offer and the few > flailing attempts you have made to be specific have had the legs > thoroughly knocked out from beneath them, just fall back on vague > appeals to alleged authority and hope that the audience will be > undiscerning enough to swallow them whole. It's the American Way, > after > all - and has been to a large degree since well before "The Peter > Principle" entered our lexicon almost four decades ago. > > If you wonder why such behavior is treated with a fair amount of > derision here, it's to a significant degree because it's the same kind > of incompetence that brought VMS and its customers to the uncomfortable > state they face today. > > Maybe by the standards of your peer group you really aren't that dumb, > but I'm afraid that the standards I became accustomed to at DEC 20 - 30 > years ago are considerably higher than you can possibly imagine in this > area. So I guess there's really not much common ground here, and on > that note I'll sign off. > > - bill ------------------------------ Date: Mon, 02 Jul 2007 00:55:37 -0400 From: Bill Todd Subject: Re: OpenVMS - When downtime is not an option Message-ID: Paul Raulerson wrote: > I can recommend some good mental health counselors. You would be well > advised to take advantage of them, something is definitely not going well > for you. Oh, my - when I received this message in my personal email it didn't cross my mind that you might have felt such profoundly irrelevant drivel worthy of posting to c.o.v. as well. But since you did, I'll include my response here (just for completeness): Actually, I'm doing fine, thank you. I'm just *really* (and very publicly) intolerant of incompetent blowhards and take some satisfaction in outing them in excruciating detail: I attribute no small part of our country's rapid decline to their influence on the easily gulled, and don't intend to sit idly by (at least in the small corners of the universe where I maintain a personal presence) while that state of affairs continues. - bill ------------------------------ Date: Sun, 1 Jul 2007 15:54:57 -0500 From: "Paul Raulerson" Subject: RE: Question to Kerry Main Message-ID: <001401c7bc22$154ce7a0$3fe6b6e0$@com> Here Here- well said! The only issue I see is that you are really seeing the doom and gloom bit more than is perhaps strictly justified! To give you an example, in 1990, everyone said the (IBM) mainframe was dead. Common wisdom was that fast little UNIX machines, like Sun Workstations and so forth were going to kill it. Distributed computing was the key and so and on so forth. So much so that IBM, behemoth that it is, found itself with BU's within the organization believing that and promoting it. Upper management even began to listen. This despite the fact that income from mainframe products at IBM at that time exceeded the GNP for most small countries... It did not happen, and in fact, the entire mainframe market re-energized. So much so that today, IBM is thinking they no longer need the small developers. Such a thing can happen at HP too. HP is still "digesting" Compaq, and Compaq never completely digested DEC either. So it is going to take vision, dedication, and a hell of a lot of hard work to turn things around, but 10 years from now, the VMS you know today may be the descendent of a vibrant, healthy, population. At least it will if *I* have anything to say about it! I flat out intend to make money off of selling software that runs under VMS, and integrates neatly with Windows and so forth. Linux is the more popular choice right now, I know, but as you note, VMS does some things better. Heck, people told me I was totally nuts to bet on the mainframe in 1990- a lot of those people worked for companies that no longer exist, or have serious survival problems. I'm not sure in my mind about Itanium yet; I am thinking that porting VMS to x86 may well be the way of the future, but HP has chosen Itanium for (presumably) very good reasons. What do you think about the platform choice? -Paul > -----Original Message----- > From: David J Dachtera [mailto:djesys.no@spam.comcast.net] > Sent: Sunday, July 01, 2007 11:50 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Question to Kerry Main > > "Main, Kerry" wrote: > > > > > -----Original Message----- > > > From: JF Mezei [mailto:jfmezei.spamnot@vaxination.ca] > > > Sent: June 30, 2007 8:31 PM > > > To: Info-VAX@Mvb.Saic.Com > > > Subject: Question to Kerry Main > > > > > > Mr Main, your arguments on c.o.v. are often rebutted as part of > normal > > > debating process. (And you rebutt other arguments with your own > > > responses). > > > > > > In real life, do you also find customers and potential customers > > > having > > > similar questions ? Or do you conclude that we, in c.o.v. are a > > > sepcial > > > bunch living in a totally different universe without a clue of what > is > > > happening in real life ? > > > > Those who participate in c.o.v. have passionate beliefs in OpenVMS or > > they would not be participating. > > That may be, at least in part, an over-generalization. > > For my part, yes - I find certain tasks much easier to accomplish in > the VMS > world than in the UN*X world. On the other hand, the reverse is also > true. > Certain tasks are much easier to accomplish in the UN*X world than on > VMS. > Searches using "regular expressions" are but one example, and hardly > even the > tip of the iceberg. > > A common theme here is that the doom artificially brought upon VMS by > its > proprietors threatens our livelihoods. Arguments about skills updating > aside, > the job market right now is nothing if not "challenging". Having what > it takes > to get another job pales in stature when measured against the challenge > of > actually "marketing" (there's that word AGAIN! DAMN!) those skills to > propective > new employers. > > ...and that doesn't begin to mention the challenges of assimilating > into a new > employer's organization. > > > Hence, while I certainly do not agree with everything that happens or > is > > stated here, I do believe the passion is a good thing. > > Indeed. > > As always, moderation is the key. > > -- > David J Dachtera > dba DJE Systems > http://www.djesys.com/ > > Unofficial OpenVMS Marketing Home Page > http://www.djesys.com/vms/market/ > > Unofficial Affordable OpenVMS Home Page: > http://www.djesys.com/vms/soho/ > > Unofficial OpenVMS-IA32 Home Page: > http://www.djesys.com/vms/ia32/ > > Unofficial OpenVMS Hobbyist Support Page: > http://www.djesys.com/vms/support/ ------------------------------ Date: Mon, 02 Jul 2007 02:18:48 -0000 From: ultradwc@gmail.com Subject: Re: Question to Kerry Main Message-ID: <1183342728.795639.98680@q75g2000hsh.googlegroups.com> On Jul 1, 8:51 am, "Main, Kerry" wrote: > > Question - Are Windows and Linux good platforms for centralized > computing? > > I would say no, but I am sure there are many who would disagree with me, > but that's fine - to each their own. windoze and linucks were not designed for centralized computing ... windoze is a single user OS trying to something it was not designed to do, and linux is a poor mans unix, and VMS developers in the 70s/80s designed VMS to avoid all the problems unix has ... nothing has changed ... the other OSs have tried to throw patchwork software out there and even Bill Gates tried to steal VMS (Cutler, mica) and neither can still do what VMS can do ... the answer to your question is a definitive NO and anyone else staing otherwise either knows nothing about VMS or are telling fibs to protect their job ... ------------------------------ Date: Mon, 02 Jul 2007 03:19:15 GMT From: John Santos Subject: Re: SIMH networking Message-ID: JF Mezei wrote: > Bill Gunshannon wrote: > >> Only if it is a very broken router!!! > > > > Why. Router gets packet destined for subnet X, it routes it to the > interface where subnet X is located. The fact that the packet arrives > from the same interface shouldn't really matter shouldn't really matter. > The router *may* forward the packet (I'm not sure what "correct" behavior is), but it should send an ICMP redirect back to the VAX IP address telling it to send the packets direct to the Mac IP address (and the same for the first packet sent to the VAX IP address via the router from the Mac. So only the 1st packet (maybe) should get through. On the other hand if both the VAX and Mac IP stacks ignore the ICMP redirect, things will continue to work, but there will be lots of superfluous IP redirect packets on the Ethernet. On the 3rd hand, the router may just drop the misdirected packets and expect the sender to see its ICMP redirects and retransmit the original packet with the correct address on it. On the 4th paw, some routers are configurable as to whether or not they'll send ICMP redirects for misdirected packets, so this feature could be disabled. On the 5th insect leg, the router might forward the 1st packet, send its redirect, and then ignore any future packets (or not forward them, but just send more redirects.) (I'll be getting to a millipede limb-count soon!) > That is how I had gotten my old mac to talk to my psion via IP. > > psion was at 10.1.0.20 routed by VELO at 10.0.0.7 > > the router had a permanent route to 10.1.* via 10.0.0.7 > > the old mac didn't have the concept of routes, only a default gateway. > So it sent the packet to the router and the router sent it back to > 10.0.0.7. > > > Oh, another possible way to deal with this would be to get your vax in a > 10.*.*.* subnet. And have the router serve both the 192.168 and 10.* > subnets. Nodes on the lan would have to go through the router to get to > the vax. This might work, depending on if the router is happy to forward packets back to the same Ethernet segment indefinitely, but it might still insist on sending redirects, even if the the two addresses are in different subnets. But I vaguely recall from many many years ago that one of the disadvantages of the way IP over Ethernet was originally implemented was that if you had two different IP subnets on the same physical Ethernet, all the packets crossing the subnets had to go through a router and thus took up double the bandwidth, even though in principle this should be unnecessary. -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 ------------------------------ Date: Sun, 01 Jul 2007 15:59:10 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: SOA and VMS stuff Message-ID: <4688078e$0$90275$14726298@news.sunsite.dk> Main, Kerry wrote: >> .NET web services use SOAP and fully supports WS-I Basic. >> >> The only .NET specific thingy I know about is the DISCO protocol >> that complement/superseede UDDI (which was a complete fiasco). > > Sounds like another kick at the common data dictionary can ..DISCO > name is appropriate as that was the name of the popular dance of the > time when common data dictionaries first started getting industry > hype. It may sound like it, but it is not. It describes services not data. > If it is, then good luck to them - as I mentioned before, the typical > failure of things like common data models being used effectively > across large companies are not technical. > > To many conflicting priorities, lack of standards (or even desire to > have formal stds) and basically it would cost to much to implement > (IT is under huge pressure to reduce costs) and would take to long > (IT already has huge backlog of things they need to do). The need for standardization is less and the necessary standards are there. Arne ------------------------------ Date: Sun, 01 Jul 2007 17:30:28 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: SOA and VMS stuff Message-ID: <46881cf5$0$90264$14726298@news.sunsite.dk> Stephen Hoffman wrote: > Oh, and "SOA" is a new marketing name for client-server computing. > Nothing we haven't had for eons. Clients and Servers and details > change, but the techniques remain the same. I don't think that the similarities are that big. Different purpose, different coupling level, different technologies. Arne ------------------------------ Date: Sun, 01 Jul 2007 14:19:46 -0400 From: JF Mezei Subject: Re: SSH newbie question Message-ID: Phillip Helbig---remove CLOTHES to reply wrote: > When you telnet into your router (presumably from outside your LAN), > everything echoed on your screen is potentially available. From the outside, one can only reach one machine (a vms box). The router is not reacheable from the outside, nor is the mac or any other machine from a telnet point of view. So telnet traffic is really just confined to within my lan to access rourters, switches, test the tcpip stack of another vms box etc etc. It is ridiculous to incur the additional overhead of ssh for such simple tasks. Now, if my systems were handling bank transactions and I had no many employees I couldn't know all of them, then I would consider blocking telnet since some folks might be listening onto the ethernet. (although with switches, this is getting harder to do). ------------------------------ Date: Sun, 01 Jul 2007 17:01:38 -0400 From: "Richard B. Gilbert" Subject: Re: SSH newbie question Message-ID: <46881632.8010501@comcast.net> JF Mezei wrote: > Phillip Helbig---remove CLOTHES to reply wrote: > >> When you telnet into your router (presumably from outside your LAN), >> everything echoed on your screen is potentially available. > > > > From the outside, one can only reach one machine (a vms box). The > router is not reacheable from the outside, nor is the mac or any other > machine from a telnet point of view. > > So telnet traffic is really just confined to within my lan to access > rourters, switches, test the tcpip stack of another vms box etc etc. It > is ridiculous to incur the additional overhead of ssh for such simple > tasks. > > Now, if my systems were handling bank transactions and I had no many > employees I couldn't know all of them, then I would consider blocking > telnet since some folks might be listening onto the ethernet. (although > with switches, this is getting harder to do). If you have the privileged password to a Cisco switch, monitoring the traffic on a port on that switch can be done with relative ease. It's not so easy for "Joe User" to monitor traffic on a switched ethernet these days. ------------------------------ Date: Mon, 2 Jul 2007 05:06:09 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: SSH newbie question Message-ID: In article , JF Mezei writes: > Phillip Helbig---remove CLOTHES to reply wrote: > > When you telnet into your router (presumably from outside your LAN), > > everything echoed on your screen is potentially available. > > From the outside, one can only reach one machine (a vms box). The > router is not reacheable from the outside, nor is the mac or any other > machine from a telnet point of view. And from the outside, access is via SSH rather than TELNET? If the former, OK; if the latter, then you are still vulnerable. ------------------------------ Date: Sun, 01 Jul 2007 14:23:47 -0400 From: JF Mezei Subject: Re: TCPIP$GET_MX: getmxrr() failed Message-ID: Phillip Helbig---remove CLOTHES to reply wrote: > getmxrr: name = 87.139.7.213]) > getmxrr: res_search() failed > TCPIP$GET_MX: getmxrr() failed Do you have any idea to whom this IP belongs to ? This part of a Deutsche Telekom block. But it has no reverse transation. And it would then become impossible to find the MX record since you can't find the host name from the IP. Is this the IP of a sender or your own IP ? ------------------------------ Date: Mon, 2 Jul 2007 05:07:13 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: TCPIP$GET_MX: getmxrr() failed Message-ID: In article , JF Mezei writes: > Phillip Helbig---remove CLOTHES to reply wrote: > > getmxrr: name = 87.139.7.213]) > > getmxrr: res_search() failed > > TCPIP$GET_MX: getmxrr() failed > > Do you have any idea to whom this IP belongs to ? No. > This part of a > Deutsche Telekom block. But it has no reverse transation. And it would > then become impossible to find the MX record since you can't find the > host name from the IP. > > Is this the IP of a sender or your own IP ? It's not my own IP nor is it the IP of anything I use (nameserver or whatever). ------------------------------ Date: Sun, 01 Jul 2007 13:05:16 -0700 From: Neil Rieck Subject: Ten years ago... Message-ID: <1183320316.026387.57230@g4g2000hsf.googlegroups.com> Ten years ago DEC was purchased by Compaq and I may have been a little indifferent to DEC employees who were affected by the event (sorry). Today, my employer (Bell Canada) was purchased and will be taken private. Never in a million years did I expect this to happen. Oh well it just goes to show that no one is immune from this kind of stuff. On a related note it looks like lots of companies will be taken private in order to maximize profits for their new owners (public + private pension funds) while wrestling control away from do-nothing upper management leaches. This might signal a paradigm shift for western businesses. p.s. Shell Oil of Canada was just taken private. Neil Rieck Kitchener/Waterloo/Cambridge, Ontario, Canada. http://www3.sympatico.ca/n.rieck/ ------------------------------ Date: Sun, 01 Jul 2007 17:12:48 -0400 From: "Richard B. Gilbert" Subject: Re: Ten years ago... Message-ID: <468818D0.2050706@comcast.net> Neil Rieck wrote: > Ten years ago DEC was purchased by Compaq and I may have been a little > indifferent to DEC employees who were affected by the event (sorry). > > Today, my employer (Bell Canada) was purchased and will be taken > private. Never in a million years did I expect this to happen. Oh well > it just goes to show that no one is immune from this kind of stuff. > > On a related note it looks like lots of companies will be taken > private in order to maximize profits for their new owners (public + > private pension funds) while wrestling control away from do-nothing > upper management leaches. This might signal a paradigm shift for > western businesses. > > p.s. Shell Oil of Canada was just taken private. > > Neil Rieck > Kitchener/Waterloo/Cambridge, > Ontario, Canada. > http://www3.sympatico.ca/n.rieck/ > I hope your resumé is up to date! Maximizing profits means cutting expenses and YOU are an expense! You may get lucky but there WILL be layoffs! ------------------------------ Date: Sun, 01 Jul 2007 17:24:09 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: Ten years ago... Message-ID: <46881b7a$0$90268$14726298@news.sunsite.dk> Neil Rieck wrote: > Ten years ago DEC was purchased by Compaq and I may have been a little > indifferent to DEC employees who were affected by the event (sorry). > > Today, my employer (Bell Canada) was purchased and will be taken > private. Never in a million years did I expect this to happen. Oh well > it just goes to show that no one is immune from this kind of stuff. > > On a related note it looks like lots of companies will be taken > private in order to maximize profits for their new owners (public + > private pension funds) while wrestling control away from do-nothing > upper management leaches. This might signal a paradigm shift for > western businesses. > > p.s. Shell Oil of Canada was just taken private. [I will assume that it is a private equity company that has bought] There are some good aspects of this: focus is on value of company in 3-5 years instead of EPS next quarter. But the buyers usually do not know anything about the business and when they sell again they go for the best price - and if best price is achieved by selling in pieces, then they will do that. Arne ------------------------------ Date: Sun, 01 Jul 2007 21:15:58 -0400 From: JF Mezei Subject: Re: Ten years ago... Message-ID: Neil Rieck wrote: > Ten years ago DEC was purchased by Compaq and I may have been a little > indifferent to DEC employees who were affected by the event (sorry). Was it in 1997 ? I thought it was announced sometime in 1998 and implementation began in 1999 ? > Today, my employer (Bell Canada) was purchased and will be taken > private. Never in a million years did I expect this to happen. When Sabia took over a few years ago, he seemed to do a good job of cleaning up the mess left from the .com era. Then, he tried to switch Bell into those income trust thingy, which the government promptly put a stop to. At that point, I started to suspect something was wrong. When companies start to play financial tricks it is usually because their core operations aren't doing as well as they lead us to believe. When Comapq fired Pfeiffer and was not able to find a suitable replacement, they gave the accountant permanency, but his first task was to contact M&A bankers to find a buyer for Compaq (since it was clear he wasn't of calibre to fix it). Sabia didn't strike me of being of the level of incompetance as Capellas. So it makes me wonder why, all of a sudden, Bell became open to takeover offers. When Videotron (cable company in Quebec that was "family" owned) realised it didn't have the funds to upgrade its cable plant to support more TV channels and higher internet speeds, it struct a deal with Rogers to buy Videotron with garantee of investment to upgrade facilities. (this deal was scuttled for political reasons). Perhaps Bell is in the same boat now. It realises it doesn't have the funds necessary to upgrade its old copper cable plant to fibre to the homes. Question is whether the new owners will allow such long term investments. That is one beauty of taking a company private: no more constant scrutiny by authorities and that saves a lot of money. (consider Sarbanes Oxley in the USA which affects public companies). I have no idea how quickly the new owners would start to make changes within Bell. Perhaps if their are honest, they will get Bell to stop advertising services at $20 in large letters when the fine print is in an unreadable font size and stipulates that the $20 is only for the first 3 monthsn and there is no mention of the actual price after that. ------------------------------ Date: Sun, 1 Jul 2007 23:45:02 -0400 From: "Main, Kerry" Subject: RE: Ten years ago... Message-ID: > -----Original Message----- > From: Neil Rieck [mailto:n.rieck@sympatico.ca] > Sent: July 1, 2007 4:05 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Ten years ago... >=20 > Ten years ago DEC was purchased by Compaq and I may have been a little > indifferent to DEC employees who were affected by the event (sorry). >=20 > Today, my employer (Bell Canada) was purchased and will be taken > private. Never in a million years did I expect this to happen. Oh well > it just goes to show that no one is immune from this kind of stuff. >=20 > On a related note it looks like lots of companies will be taken > private in order to maximize profits for their new owners (public + > private pension funds) while wrestling control away from do-nothing > upper management leaches. This might signal a paradigm shift for > western businesses. >=20 > p.s. Shell Oil of Canada was just taken private. >=20 > Neil Rieck > Kitchener/Waterloo/Cambridge, > Ontario, Canada. > http://www3.sympatico.ca/n.rieck/ Neil,=20 Re: takeovers .. I still remember laughing when someone suggested to me that Compaq might buy Digital. "Heck, we are worth $10B - who in the world has that type of money?" And as they say, the rest is history. Fwiw, I can almost guarantee that your new organization will be adopting much more centralized IT strategies that emphasize real cost savings (as opposed to OS religion cost savings), so it will be interesting to see how all this shakes out. Imho, those with real DC experience are going to be in demand. Having been through 2 takeovers, you can either look at this Bell acquisition with a view that says the glass is half full or half empty. There are some things you can influence and some things you can not.=20 Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Sun, 01 Jul 2007 22:51:36 -0500 From: Chris Subject: Re: UCX Printer connection Via LPD Message-ID: <46887648.3040006@bellsouth.net> Paul Anderson wrote: > In article > <7dd80f60706200848y58bfcdefmfe656d2e474e7d5b@mail.gmail.com>, > "Ken Robinson" wrote: > >> You could try using DCPS. The latest version have the capability of >> using LPD for printing. > > Yeah, and we even send the right number of control and data files. > > But I find it hard to believe that TCP/IP Services is doing the wrong > thing. What version are you running? > > Paul > Found out this is an older version of OpenVMS and TCPIP. VMS 7.2-1 TCPIP 5.1 ECO4 Any one Know if this Double dfA in an LPR stream thing was specifically addressed? or do you have a link to where I can research it? They are being *difficult* about considering updating... I appreciate your responses Paul, Printing is a bit of a lost art these days. tia, Chris ------------------------------ Date: Sun, 01 Jul 2007 20:34:43 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: VMS - Alpha Server - Software AG Tamino Replacement Message-ID: <46884823$0$90270$14726298@news.sunsite.dk> David J Dachtera wrote: > Chuck Aaron wrote: >> I'm curious what you are using as a replacement for SAG's TAMINO. >> >> http://www.softwareag.com/Corporate/products/tamino/default.asp > > What is "Tamino"? An XML database. As shown in the link. Arne ------------------------------ Date: Sun, 01 Jul 2007 20:36:06 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: VMS - Alpha Server - Software AG Tamino Replacement Message-ID: <46884875$0$90270$14726298@news.sunsite.dk> Chuck Aaron wrote: > I'm curious what you are using as a replacement for SAG's TAMINO. > > http://www.softwareag.com/Corporate/products/tamino/default.asp I would say that very few people use XML databases. If you want something that can run on VMS then look at eXists http://exist.sourceforge.net/ - it runs in Tomcat and Tomcat runs on VMS. Arne ------------------------------ Date: Sun, 01 Jul 2007 21:27:57 -0400 From: JF Mezei Subject: VMS security vulnerability (POP server) Message-ID: <46f0a$468854c7$cef8887a$4054@TEKSAVVY.COM> OK, it has been a couple of weeks and haven't heard anything back from HP). When a pop client requests access to the VMS POP server (Alpha VMS 8.3, TCPIP Services 5.6) and provides incorrect username/password, this event is not logged in the audit server. A simple message is sent to OPCOM. This message does not contain any clue on the origin of the request. So overnight, it becomes possible to run brute force attempts on usernames via POP since no intrusion detection/evasion is made, and short of many messages in operator.log, there is nothing in AnA/AUDIT and no information on the IP address of the client that made those attempts. (I got such an attack with thousands of attempts). The whole intrusion detection scheme needs to apply to ALL services which grant access to VMS via user/password combination and all such application should comply to whateer calling standards to ensure that all attempts with invalid credentials are properly logged, including IP address and the username that was attempted. ------------------------------ Date: Mon, 02 Jul 2007 02:06:14 -0000 From: ultradwc@gmail.com Subject: Re: VMS security vulnerability (POP server) Message-ID: <1183341974.248665.142300@k29g2000hsd.googlegroups.com> On Jul 1, 9:27 pm, JF Mezei wrote: > OK, it has been a couple of weeks and haven't heard anything back from HP). > > When a pop client requests access to the VMS POP server (Alpha VMS 8.3, > TCPIP Services 5.6) and provides incorrect username/password, this event > is not logged in the audit server. A simple message is sent to OPCOM. > This message does not contain any clue on the origin of the request. > > So overnight, it becomes possible to run brute force attempts on > usernames via POP since no intrusion detection/evasion is made, and > short of many messages in operator.log, there is nothing in AnA/AUDIT > and no information on the IP address of the client that made those attempts. > > (I got such an attack with thousands of attempts). > > The whole intrusion detection scheme needs to apply to ALL services > which grant access to VMS via user/password combination and all such > application should comply to whateer calling standards to ensure that > all attempts with invalid credentials are properly logged, including IP > address and the username that was attempted. you need pmdf ... ------------------------------ Date: Mon, 2 Jul 2007 02:55:49 +0000 (UTC) From: moroney@world.std.spaamtrap.com (Michael Moroney) Subject: Re: VMS security vulnerability (POP server) Message-ID: That is a nasty one, since much of what makes VMS resistant to such attacks is the ability to sense a breakin attempt and deny access from the breakin source even when it gets the password correct. Did the attempt seem to target VMS or was it a script kiddie hacking at a Windoze box or Unix box (accounts like administrator or root being tried) ------------------------------ End of INFO-VAX 2007.357 ************************