INFO-VAX Tue, 02 Sep 2008 Volume 2008 : Issue 480 Contents: 1985-1999 Digital Systems & Options Catalogs Re: Advanced Server 7.3B & VISTA Get Mr Griswald back his car! Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) OT: ESD Bench Grounding & Resistive Test Gear VAXstation 3100 & 4000/VLC + BA350's and some RZ drives + SCSI cables + Serial C ---------------------------------------------------------------------- Date: Mon, 01 Sep 2008 11:24:57 -0700 From: Treahy Subject: 1985-1999 Digital Systems & Options Catalogs Message-ID: <48BC3379.3020103@MMaz.com> If anyone in the Phoenix area (I'm not willing to pack and ship) has an interest in more than a dozen SOC's from 1985 through 1999, please let me know and be prepared to pick them up before Friday September 5th otherwise I'll be recycling them... Barry ------------------------------ Date: Mon, 1 Sep 2008 20:44:15 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: Advanced Server 7.3B & VISTA Message-ID: In article <25CdnaLunpedfibVnZ2dnUVZ_oTinZ2d@comcast.com>, "Richard B. Gilbert" writes: >David J Dachtera wrote: >> Bobby wrote: >>> Well, I finally made progress, just in time to forget about it over >>> the upcoming holiday weekend. It turns out that if the password is >>> typed on the Vista side in "all caps", then connection to >>> AdvancedServer is successful. Entering the password in "small caps" >>> fails with a "logon_not_valid" SMB message. >> >> What are "small caps"? >> >> D.J.D. > >Perhaps he means "lower case"? Almost certainly that is what was meant. However "small caps" means uppercase characters set at the same height as surrounding lowercase letters see http://en.wikipedia.org/wiki/Small_caps and http://ilovetypography.com/2008/02/20/small-caps/ David Webb Security team leader CCSS Middlesex University ------------------------------ Date: Tue, 2 Sep 2008 07:01:55 +0800 From: "Richard Maher" Subject: Get Mr Griswald back his car! Message-ID: Hi Kerry, > Cust: I want a blue car. > Vendor: All we sell are red trucks. > Cust: Ok. I'll take a red truck. No, more like: - Cust: I want the Arctic-Blue Sports-Wagon VMS: What you really want is the Wagon Queen Family Truxter in Metallic-Pea. And if you don't take the WSIT-Family-Truxter, you're stuck with a flattened-out DECforms :-( Cheers Richard Maher "Main, Kerry" wrote in message news:9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5EBD946@GVW1158EXB.americas.hpqcorp.net... > -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@vaxination.ca] > Sent: August 31, 2008 3:02 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) > > Main, Kerry wrote: > > > No - all vendors (not just VMS) are only responding to what Cust's > say > > they want. > > > Oh come on now. This is like supermarkets. Supermarkets don't carry > what > customers say they want. They carry what manufacturers tell them to > carry (and pay them to carry). > > HP doesn't respond to customers, they identify potential additional > profit sources and then make pretty speeches and powerpoints to try to > set new trends that will get the clueless CIOs to say "we need to do > that too". > Geeeez, you seem to have a very low opinion of Cust IT capabilities. Cust: I want a blue car. Vendor: All we sell are red trucks. Cust: Ok. I'll take a red truck. Not my idea of today's typical Sales discussion. I have a somewhat higher view of Cust IT depts. skills than you do. While CIO's might discuss going in a certain direction, they typically will not boldly go in a new direction without support from some groups within their IT groups and the business. > Carly was especially good at that, with lots of pretty speeches that > trying to convince CIOs it was necessary to adopt her new philosophy to > survice. (I use "philosophy" here because stuff like "Adaptive > enterprise" were more a question of a marketing than tangible products. Oh come on, these phrases and terms have been going on since the first Marketing campaign of the first computer series. Remember these? - "The Network is the Computer" (Sun) - "Real Time Enterprise" (Gartner) - "Autonomic Computing" (project eLiza - IBM) http://www.ibm.com/developerworks/autonomic (see retirement notices) - "IT as a Utility" (don't know source, but that was internal IT buzz phrase even back in the Digital days) Btw, the concept of the "Adaptive Enterprise" was also The subject of a book from the Meta Group: http://www.intel.com/intelpress/sum_book2.htm http://www.intel.com/intelpress/toc-book2.pdf (one does not have to agree with everything in this book, but it does have good points) And to HP's credit, the AE was never position as a set of products that you buy off the shelf, but rather an approach that mixed services and products (and it did not have to be HP products, but of course Sales preferred HP products) to develop a 2-3 project roadmap to upgrade your companies IT to help it support the companies business's to be more competitive. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-254-8911 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Mon, 01 Sep 2008 16:03:06 -0400 From: JF Mezei Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <48bc4ab4$0$12384$c3e8da3@news.astraweb.com> Doug Phillips wrote: > The most successful vendors listen to what the marketplace is saying: > what people are buying and what people might want to buy based upon > technical and social trends. Unfortunatly, many vendors (especially HP under Carly) wanted to set trends by announcing newfangled philosophies. Their real goal was to get customers to buy consulting services from HP to help them adopt that new trend that everyone *had* to adopt to stay "modern". So it isn't just "listening to customers" anymore. Many vendors are telling customers what they need, and customers then adopt those strategies because they are conditioned to adopt whatever new trends appear on the horizon. The is not too different from your local supermarket. It doesn't cater to its retail customers. It caters to suppliers who decide what goes on what shelf and how much space it takes. If you like product X, but product Y buys the whole shelf space for its soaps, then you will not be able to buy product X. And if you tell the store manager, there is nothing he can do because those deals are signed by headquarters with proctor and gamble or whatever. ------------------------------ Date: Mon, 1 Sep 2008 18:22:21 -0700 (PDT) From: bugs@signedness.org Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <98806cee-a3cd-4fd4-8a3c-74e312e3ddda@z72g2000hsb.googlegroups.com> On Sep 1, 3:55=A0pm, "Main, Kerry" wrote: > > -----Original Message----- > > From: JF Mezei [mailto:jfmezei.spam...@vaxination.ca] > > Sent: August 31, 2008 3:02 PM > > To: Info-...@Mvb.Saic.Com > > Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) > > > Main, Kerry wrote: > > > > No - all vendors (not just VMS) are only responding to what Cust's > > say > > > they want. > > > Oh come on now. This is like supermarkets. Supermarkets don't carry > > what > > customers say they want. They carry what manufacturers tell them to > > carry (and pay them to carry). > > > HP doesn't respond to customers, they identify potential additional > > profit sources and then make pretty speeches and powerpoints to try to > > set new trends that will get the clueless CIOs to say "we need to do > > that too". > > Geeeez, you seem to have a very low opinion of Cust IT capabilities. > > Cust: I want a blue car. > Vendor: All we sell are red trucks. > Cust: Ok. I'll take a red truck. > > Not my idea of today's typical Sales discussion. I have a somewhat higher > view of Cust IT depts. skills than you do. > > While CIO's might discuss going in a certain direction, they typically > will not boldly go in a new direction without support from some groups > within their IT groups and the business. > > > Carly was especially good at that, with lots of pretty speeches that > > trying to convince CIOs it was necessary to adopt her new philosophy to > > survice. (I use "philosophy" here because =A0stuff like "Adaptive > > enterprise" were more a question of a marketing than tangible products. > > Oh come on, these phrases and terms have been going on since the first > Marketing campaign of the first computer series. > > Remember these? > - "The Network is the Computer" (Sun) > > - "Real Time Enterprise" (Gartner) > > - "Autonomic Computing" (project eLiza - IBM)http://www.ibm.com/developer= works/autonomic(see retirement notices) > > - "IT as a Utility" (don't know source, but that was internal IT buzz > phrase even back in the Digital days) > > Btw, the concept of the "Adaptive Enterprise" was also The subject of a > book from the Meta Group:http://www.intel.com/intelpress/sum_book2.htmhtt= p://www.intel.com/intelpress/toc-book2.pdf > (one does not have to agree with everything in this book, but it does > have good points) > > And to HP's credit, the AE was never position as a set of products that > you buy off the shelf, but rather an approach that mixed services > and products (and it did not have to be HP products, but of course > Sales preferred HP products) to develop a 2-3 project roadmap to upgrade > your companies IT to help it support the companies business's to be > more competitive. > > Regards > > Kerry Main > Senior Consultant > HP Services Canada > Voice: 613-254-8911 > Fax: 613-591-4477 > kerryDOTmainAThpDOTcom > (remove the DOT's and AT) > > OpenVMS - the secure, multi-site OS that just works.- Hide quoted text - > > - Show quoted text - I'm sorry to break up this discussion (however I fail to see how it is related to anything in the original thread)... Anyway I was preparing updated slides for a presentation we are doing in Stockholm, when I stumbled upon what I think are two new security bugs in VMS ( It is hard to tell because as someone pointed out earlier ""bugs" wouldn't recognize a VMS security flaw if it danced naked on his head and sang =93Happy Days Are Here Again" ).... I was hoping someone could tell us if there is a better place to report them at HP than the security-alert email address since they just stopped replying and ended all communications with us last time we reported something there.. ------------------------------ Date: Mon, 01 Sep 2008 20:50:56 -0500 From: BRAD@rabbit.turquoisewitch.com (Brad Hamilton) Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: In article <98806cee-a3cd-4fd4-8a3c-74e312e3ddda@z72g2000hsb.googlegroups.com>, bugs@signedness.org wrote: [...] >I'm sorry to break up this discussion (however I fail to see how it is >related to anything in the original thread)... Anyway I was preparing >updated slides for a presentation we are doing in Stockholm, when I >stumbled upon what I think are two new security bugs in VMS ( It is >hard to tell because as someone pointed out earlier ""bugs" wouldn't >recognize a VMS security flaw if it danced naked on his head and sang >=93Happy Days Are Here Again" ).... > >I was hoping someone could tell us if there is a better place to >report them at HP than the security-alert email address since they >just stopped replying and ended all communications with us last time >we reported something there.. Although I'm not privy to your interactions with HP, I still think that it was the interaction here that quickly got HP's (VMS Engineering) attention last time. If I were you, I would still report through "normal" channels, and then return "here" to find a way to communicate "off-line" with folks here who may have the ability to raise the visibility of your findings with the "proper" VMS Engineering folks. All that being said, please realize that a resolution may not happen quickly - I believe that regression testing and other vetting must take place before an ECO or MUP is released to customers. ------------------------------ Date: Mon, 1 Sep 2008 21:15:49 -0700 (PDT) From: Hein RMS van den Heuvel Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <9d88fa91-a000-4de4-897f-cf089ccb92ad@z66g2000hsc.googlegroups.com> On Sep 1, 9:50=A0pm, B...@rabbit.turquoisewitch.com (Brad Hamilton) wrote: > In article <98806cee-a3cd-4fd4-8a3c-74e312e3d...@z72g2000hsb.googlegroups= .com>,=A0b...@signedness.org wrote: : > >stumbled upon what I think are two new security bugs in VMS ( It is : > >I was hoping someone could tell us if there is a better place to > >report them at HP than the security-alert email address since they > Although I'm not privy to your interactions with HP, I still think that i= t was > the interaction here that quickly got HP's (VMS Engineering) attention la= st time. Right. Please at least give them the benefit of the doubt. From my modest interactions with them, I got the distinct impression that a patch was triggered thanks to your report. and a basic patch kit was available well before the C.O.V. reporting. If you were not properly thanked for that, then I am a little dissapointed, but do not knwo the full context. > If I were you, I would still report through "normal" channels, and then r= eturn > "here" to find a way to communicate "off-line" with folks here who may ha= ve > the ability to raise the visibility of your findings with the "proper" VM= S > Engineering folks. Right. For example, send me (I'm not HP) or Kerry Main or John Reagan an Email and one of us can poke folks, or try to connect you more directly if deemed appropriate/useful. No need to send details, unless you want a quick sanity check. Other readers/replies know names to contact as well. fwiw, Hein. > > All that being said, please realize that a resolution may not happen quic= kly - > I believe that regression testing and other vetting must take place befor= e an > ECO or MUP is released to customers. Right. Allthough not much of an excuse, this SMG report happened just while office and systems where being move. That did not help. Cheers, Hein. ------------------------------ Date: Mon, 01 Sep 2008 12:16:15 -0700 From: Treahy Subject: OT: ESD Bench Grounding & Resistive Test Gear Message-ID: <48BC3F7F.1030207@MMaz.com> I know this is way off-topic from the other related VAX, VMS, and connectivity 'stuff' I've already posted today but if someone has a need for some ESD grounding gear and a resistive bench test unit with a calibration pad and are in the Phoenix area (I'm not willing to pack and ship), please let me know and be prepared to pick them up before Friday September 5th otherwise I'll be pitching them... Barry ------------------------------ Date: Mon, 01 Sep 2008 12:08:12 -0700 From: Treahy Subject: VAXstation 3100 & 4000/VLC + BA350's and some RZ drives + SCSI cables + Serial C Message-ID: <48BC3D9C.7010804@MMaz.com> If anyone in the Phoenix area (I'm not willing to pack and ship) has an interest in one or more of: VAXstation 3100 VAXstation 4000/VLC Multiple BA350's with some RZ drives Box of SCSI cables Box of Serial cables Box of Standard Power Cables No fishing for one-off, if you want one cable, you get the box -- same with drives, etc. please let me know and be prepared to pick them up before Friday September 5th otherwise I'll be pitching them... Barry ------------------------------ End of INFO-VAX 2008.480 ************************