INFO-VAX Mon, 15 Sep 2008 Volume 2008 : Issue 507 Contents: Getting started with an rx2600 Re: Getting started with an rx2600 Re: Getting started with an rx2600 Re: Getting started with an rx2600 Re: How do I diagnose a server that crashes every night? Re: Intermittent RWSCS state Re: Intermittent RWSCS state Re: License generator... Re: Loose Cannon-dian RE: Loose Cannon-dian Re: Loose Cannon-dian Re: Loose Cannon-dian Re: OT: The end of the world in roughly 3 hours Re: OT: The end of the world in roughly 3 hours Re: Security alarm msg Re: Security alarm msg Re: Security alarm msg ---------------------------------------------------------------------- Date: Mon, 15 Sep 2008 07:25:25 -0700 (PDT) From: sampsal@gmail.com Subject: Getting started with an rx2600 Message-ID: <2f591539-4615-4562-83a9-f0870287887a@d1g2000hsg.googlegroups.com> Guys, I've just received an rx2600 and am trying to get into the console / MP menus but am having no luck so far. The Management Processor is connected (via ethernet) to a Cisco PIX 501 that is handing out addresses via DHCP. However, it does not appear to be grabbing one. Also, the MP led is solid amber which according to the docs means self test. Connecting a serial terminal to the console line (DB9 connector labelled CONSOLE, not the DB25 on the MP) simply loops the following messages: 2 0 0x0002A1 0x28000000FFF21130 Processor PSP 2 0 0x000115 0x0000000000000000 MCA: Uncorrected Machine Check 3 0 0x000107 0x0000000000000000 OS MCA address not registered 1 0 0x0000A4 0x0000000000000000 start memory discovery 1 0 0x0000FB 0x0000000000000000 initialize memory only (don't test) 1 0 0x000081 0x0000000000000000 start I/O discovery 2 0 0x000285 0x0000000000000000 SAL_CHECK Initialized Store 7 0 0x000098 0x0000000000000000 Machine Check initiated Note that this machine does not have a drive attached at all at the moment, could this be a problem? How do I get an EFI menu or something up? Sampsa ------------------------------ Date: Mon, 15 Sep 2008 07:47:00 -0700 From: "Tom Linden" Subject: Re: Getting started with an rx2600 Message-ID: On Mon, 15 Sep 2008 07:25:25 -0700, wrote: > 7 0 0x000098 0x0000000000000000 Machine Check initiated I would try reseating all the boards. -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Mon, 15 Sep 2008 09:53:40 -0700 (PDT) From: sampsal@gmail.com Subject: Re: Getting started with an rx2600 Message-ID: <6ab0f3a8-7953-409b-9db2-ab683c6b2650@t54g2000hsg.googlegroups.com> On Sep 15, 3:47=A0pm, "Tom Linden" wrote: > On Mon, 15 Sep 2008 07:25:25 -0700, wrote: > > 7 0 0x000098 0x0000000000000000 Machine Check initiated > > I would try reseating all the boards. > > -- > PL/I for OpenVMSwww.kednos.com You mean the RAM and CPU, the PCI cage is empty? Sampsa ------------------------------ Date: Mon, 15 Sep 2008 10:12:07 -0700 (PDT) From: sampsal@gmail.com Subject: Re: Getting started with an rx2600 Message-ID: <7b91b214-8ea2-4f77-aead-f6dd05cbef03@k30g2000hse.googlegroups.com> On Sep 15, 5:53=A0pm, samp...@gmail.com wrote: > On Sep 15, 3:47=A0pm, "Tom Linden" wrote: > > > On Mon, 15 Sep 2008 07:25:25 -0700, wrote: > > > 7 0 0x000098 0x0000000000000000 Machine Check initiated > > > I would try reseating all the boards. I just reseated all the RAM and it boots up into an EFI shell. Thanks! Sampsa ------------------------------ Date: 15 Sep 2008 11:36:24 -0500 From: clubley@remove_me.eisner.decus.org-Earth.UFP (Simon Clubley) Subject: Re: How do I diagnose a server that crashes every night? Message-ID: In article , Michael Austin writes: > Simon Clubley wrote: >> >> The OP should also be aware that although a machine check is usually a >> hardware issue, it can be caused by a faulty device driver as well. >> >> Personal experience here: I have caused VMS to issue machine checks while >> I have been developing VMS device drivers in the past. >> >> Simon. >> > > While I would agree that one can cause MCHK with a device driver, on a > system that has been in use for years without change (as stated by the > OP), I would have to say that it is either a PS or possibly memory. I > would check the logfiles for ECC errors as well. Not having access to > the full error logs, diagnosing will be an exercise in divination. The OP mentioned that workloads had been increasing, so I wondered if a load related or general timing bug was been triggered. However, I agree that the likely cause is hardware. If the OP's still around, it would be interesting to know what the root cause turned out to be. Simon. -- Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP Microsoft: Bringing you 1980's technology to a 21st century world ------------------------------ Date: Mon, 15 Sep 2008 10:55:43 +0100 From: "Richard Brodie" Subject: Re: Intermittent RWSCS state Message-ID: "JF Mezei" wrote in message news:48cad299$0$12384$c3e8da3@news.astraweb.com... > This runs on a node that has direct access to all the necesasry disks. > So no clustering features should be needed, right ? You still need to co-ordinate lock operations for file open/close etc. > But SHOW PROC/CONT never shows it in RWSCS. It does show it in MWAIT as > well as normal COM/HIB/LEF states. RWSCS is a subtype of MWAIT. ------------------------------ Date: 15 Sep 2008 11:47:43 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Intermittent RWSCS state Message-ID: In article , "Richard Brodie" writes: > > "JF Mezei" wrote in message > news:48cad299$0$12384$c3e8da3@news.astraweb.com... > >> This runs on a node that has direct access to all the necesasry disks. >> So no clustering features should be needed, right ? > > You still need to co-ordinate lock operations for file open/close etc. > I had a fellow set up to HP-UX systems with their sendmail accessing a shared data store via NFS mount (i.e. no locking). Lasted abot 20 minutes until someone broadcast an email that both those systems saw. ------------------------------ Date: 15 Sep 2008 11:54:41 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: License generator... Message-ID: In article , Mark McIntyre writes: > > Hobbyist licenses cost 12.5p per day, and include a huge number of > products. Hobbyist licenses for VMS are free. ------------------------------ Date: Mon, 15 Sep 2008 03:36:39 -0700 (PDT) From: bugs@signedness.org Subject: Re: Loose Cannon-dian Message-ID: <1cddb0fc-c644-4c38-9d33-0825a9a4b269@s50g2000hsb.googlegroups.com> On Sep 13, 10:30=A0am, johnwalla...@yahoo.co.uk wrote: > On Sep 12, 1:38 pm, koeh...@eisner.nospam.encompasserve.org (Bob > > > > > > Koehler) wrote: > > In article , Michael Kraemer writes: > > > > This doesn't answer my question. > > > The claim was that VMS is more secure than Unix, > > > and I asked for certifications to prove that claim. > > > But as far as I can see, VMS is just on par as > > > far as obsolete criteria are concerned (C2/B1), > > > and it is not certified at all for the more recent > > > common criteria. > > > =A0 =A0The problem is the asumption behind your question. =A0Just becau= se > > =A0 =A0VMS is more secure than UNIX does not prove tham somone bothered > > =A0 =A0to write down a certification that covers the differences. > > > =A0 =A0Nor does the existence of a certification criteria make it the l= ast > > =A0 =A0and complete word on security. > > Indeed. I'll ask the community again, what mechanisms do best > practices on various Windozes and Unixes have to prevent a resource- > exhaustion Denial of Service, one which on a properly managed VMS is > easily preventable, but which (from what I've seen to date) is > impossible to prevent on many other OSes. What do the Common Criteria > have to say on the subject, or is a resource exhaustion DoS a figment > of my imagination ? > > On a desktop OS you probably don't care about this, and on a desktop- > derived server OS you probably can't care about this, but on a true > multi-tasking multi-user OS serving one or more business-critical > applications, it ought to be of more interest. If the underlying OS > doesn't have the necessary real-time resource accounting capability > built in, best for the industry if they keep quiet about it?- Hide quoted= text - > > - Show quoted text - To answer your question, it is possible to do in UNIX too. For example see http://www.freebsd.org/doc/en/books/handbook/users-limiting.html This can protect you from simple resource exhaustion attacks, and while that is cool it doesn't necessary make you any more secure. If someone exploits a privileged program or the kernel to obtain root/ SYSTEM access then they can still DoS you back to the stone age, but more likely they steal/modify your data which in almost all cases is even worse than *just* disrupting a service. So let me ask you what mechanisms VMS have in place to make it harder/ prevent buggy programs from being exploited? On UNIX we have among other things: W^X - Different vendors use different names, but the general idea is that by default a page that is writable is not executable. The idea is to prevent attackers from executing code in memory they control. ASLR - Address space layout randomization. With W^X alone, overwriting stack return address and returning into a library function would be trivial. ASLR makes that much harder since the address of the function the attacker wants to return to is not known to him. Compiler hacks - Stack canaries/cookies etc, an overwriten return address on the stack for example will be detected before the return branch is taken. "Even" Windows supports these features with DEP, Vista got ASLR, and their compiler had the /GS switch for stack protection for quite some time now. Of course these features are not perfect. There are special cases where they are trivial to by pass even. They do help, but the only real solution to getting secure is to look for and fix security bugs not trying to compensate by introducing features that makes it harder to exploit them. This is where UNIX has a real advantage and head start.. A LOT of people have been looking for and killing UNIX bugs for a very long time. Look at the bugs being discussed here, I doubt that you'll find that simple and exploitable stack overflows in any BSD, modern version of Solaris or even Linux (there are default binaries with simple stack overflows, but I'm talking about suid/sgid etc binaries where a bug potentially leads to a system compromise) Just in case your counter argument is that we only found 3 bugs and argue that you can name more kernel vulns published in Linux this year alone... Keep in mind that we are only 3 people looking at it for fun, and only when we got a few minutes / hours to spare from doing "real work". And our bug count is up to 5 reported bugs to HP now.. ------------------------------ Date: Mon, 15 Sep 2008 13:03:18 +0000 From: "Main, Kerry" Subject: RE: Loose Cannon-dian Message-ID: <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5FEC0F9@GVW1158EXB.americas.hpqcorp.net> > -----Original Message----- > From: bugs@signedness.org [mailto:bugs@signedness.org] > Sent: Monday, September 15, 2008 6:37 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Loose Cannon-dian > > On Sep 13, 10:30 am, johnwalla...@yahoo.co.uk wrote: > > On Sep 12, 1:38 pm, koeh...@eisner.nospam.encompasserve.org (Bob > > [snip..] > > This is where UNIX has a real advantage and head start.. A LOT of > people have been looking for and killing UNIX bugs for a very long > time. Look at the bugs being discussed here, I doubt that you'll find > that simple and exploitable stack overflows in any BSD, modern version > of Solaris or even Linux (there are default binaries with simple stack > overflows, but I'm talking about suid/sgid etc binaries where a bug > potentially leads to a system compromise) > > Just in case your counter argument is that we only found 3 bugs and > argue that you can name more kernel vulns published in Linux this year > alone... Keep in mind that we are only 3 people looking at it for fun, > and only when we got a few minutes / hours to spare from doing "real > work". And our bug count is up to 5 reported bugs to HP now.. Well, I will not comment on the other Unix's, but Red Hat publishes 5-20+ security patches *per month* on its web site. Reference: https://www.redhat.com/archives/enterprise-watch-list/ (click on thread for each month and add them up - feel free to go back as far as you like). As I stated before, no OS is perfect (and that includes OpenVMS), and everyone here appreciates those who identify potential issues, but imho, it remains to be seen just what the other bugs you found are and the criticality of them. However, as I said, if there are issues, then of course, they need to be addressed. As a fyi, to your questions, if you would like a better understanding of OpenVMS security arch, then here are a few public doc pointers: http://h71028.www7.hp.com/ERC/downloads/4AA0-2896ENW.pdf (overview) http://h71000.www7.hp.com/doc/os83_index.html (See security doc's) Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-254-8911 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: 15 Sep 2008 08:56:27 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Loose Cannon-dian Message-ID: In article <1cddb0fc-c644-4c38-9d33-0825a9a4b269@s50g2000hsb.googlegroups.com>, bugs@signedness.org writes: > > To answer your question, it is possible to do in UNIX too. For example > see http://www.freebsd.org/doc/en/books/handbook/users-limiting.html In my experience, that depends very much on which UNIX you're using. Since you site a FreeBSD site, I assume I can do it on FreeBSD. But I've worked with other BSD variants where I couldn't. ------------------------------ Date: 15 Sep 2008 11:42:32 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Loose Cannon-dian Message-ID: In article <1cddb0fc-c644-4c38-9d33-0825a9a4b269@s50g2000hsb.googlegroups.com>, bugs@signedness.org writes: > > So let me ask you what mechanisms VMS have in place to make it harder/ > prevent buggy programs from being exploited? On VMS, even if you have a fully priviledges account, you don't automagically get to exhaust any resource other than disk space. For all the others you have to add code to raise your limits. > W^X - Different vendors use different names, but the general idea is > that by default a page that is writable is not executable. The idea is > to prevent attackers from executing code in memory they control. A great many hardware platforms won't support that, no matter what UNIX tries to do about it. > This is where UNIX has a real advantage and head start.. A LOT of > people have been looking for and killing UNIX bugs for a very long > time. Look at the bugs being discussed here, I doubt that you'll find > that simple and exploitable stack overflows in any BSD, modern version > of Solaris or even Linux (there are default binaries with simple stack > overflows, but I'm talking about suid/sgid etc binaries where a bug > potentially leads to a system compromise) A lot of people have been looking for and killing VMS bugs for a long time, too. There just haven't been as many. Even back in the day when "get a VAX" was The Solution to almost every compute problem and VMS was all over the networks, there weren't many. > Just in case your counter argument is that we only found 3 bugs and > argue that you can name more kernel vulns published in Linux this year > alone... Keep in mind that we are only 3 people looking at it for fun, > and only when we got a few minutes / hours to spare from doing "real > work". And our bug count is up to 5 reported bugs to HP now.. The idea that quality software is impossible is one that I completely reject. ------------------------------ Date: 15 Sep 2008 11:51:37 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: OT: The end of the world in roughly 3 hours Message-ID: In article , AEF writes: > > As for running the accelerator itself and its detectors and what not > -- I really don't know. I know that people in the physics group I was > in at graduate school used to use VAX/VMS and recently (if not still) > use Linux to analyze their data. I don't know about running the accelerator, but when I was introduced to particle physics I was told that you "collect your data on a PDP-11 and analyze it on a PDP-10". That was a couple years before DECshipped the first 11/780. The particle physics group bought the cheapest system DEC would ship: 1MB RAM, 64MB disk (I think), one 9 track, one LA36, no FPA. We added 1 DZ-11. ------------------------------ Date: Mon, 15 Sep 2008 09:56:45 -0700 (PDT) From: DaveG Subject: Re: OT: The end of the world in roughly 3 hours Message-ID: <003c2467-7e1d-44db-aef0-d4b35e140a7e@l42g2000hsc.googlegroups.com> On Sep 14, 1:05=A0am, wins...@SSRL.SLAC.STANFORD.EDU (Alan Winston - SSRL Central Computing) wrote: > In article , AEF writes: > > > > > > >On Sep 10, 5:15 am, JF Mezei wrote: > >[...] > >> BTW: > > >> $ curl -Ihttp://www.cern.ch > >> HTTP/1.1 302 Found > >> Date: Wed, 10 Sep 2008 09:11:05 GMT > >> Server: Microsoft-IIS/6.0 > >> X-Powered-By: ASP.NET > >> X-AspNet-Version: 1.1.4322 > >> Location:http://public.web.cern.ch/public/ > >> Cache-Control: private > >> Content-Type: text/html; charset=3Dutf-8 > >> Content-Length: 150 > > >> And I thought CERN was populated by intelligent and educated people wh= o > >> would know not to use microsoft products. > > >That's only their website. I seriously doubt the physicists themselves > >run it, let alone set it up. They probably hired the services of some > >company to do it, but I'm not sure. Besides, their talent is physics, > >not computer shopping. And how would people in this newsgroup, and any > >other IT people, no matter how "intelligent", be able to pick out > >equipment and set up the largest, most powerful accelerator facility > >ever built? (OK, that's a slightly bogus argument, but physicists > >don't give such matters a whole lot of thought. And keeping a website > >running is far less important than the accelerator itself.) > > (Kinda funny argument, given that webservers were invented at CERN.) > > >As for running the accelerator itself and its detectors and what not > >-- I really don't know. I know that people in the physics group I was > >in at graduate school used to use VAX/VMS and recently (if not still) > >use Linux to analyze their data. Places where I did experiments used > >VAX/VMS to analyze data. What did they use to run the accelerators? > >Some places, like the lab at Ohio U., used their own contraptions. In > >fact, many of them may be like that. I think the actual equipment in > >use is more important. It's been a long time since I was involved with > >such stuff. > > >So I wouldn't read too much into this. > > I'm at SLAC. =A0 (First site in North America to have a web site, which > originally ran on now-mothballed big IBM iron.) =A0 There are multiple > accelerators and equipment here. =A0In my division, SSRL, we have a synch= rotron > ring and a dedicated injector. Those are primarily run by VMS systems. = =A0The big > Linac is primarily run by VMS systems. > > I'm given to understand that the accelerator physics community has largel= y > gotten behind a control system called EPICS, which is developed on Unix > systems, and many new installations therefore use Unix/Linux systems. =A0= People > here have ported Epics to VMS. =A0Some of our experimental stations run o= n Unix, > and we have a big facility that, last I looked, was on Irix. > > SLAC has an assortment of web servers for internal and external use, and > the ones run by central IT are on Windows (mostly) and some Linux systems= . =A0 > SSRL's webservers (which I'm in charge of) are VMS-based (Alpha and > Itanium). =A0 What runs your webserver has very little to do with what ru= ns > your physics hardware. > > -- Alan- Hide quoted text - > > - Show quoted text - Has the linear accelerator that paralles the San Andreas been shaken not stirred lately? ------------------------------ Date: Mon, 15 Sep 2008 06:23:20 -0400 From: JF Mezei Subject: Re: Security alarm msg Message-ID: <48ce37f9$0$9669$c3e8da3@news.astraweb.com> Tom Linden wrote: > I noted following on opcon. Why is the remote node id in decimal format? > This is on 8.3 Itanium. > > Message from user AUDIT$SERVER on REX > Security alarm (SECURITY) and security audit (SECURITY) on REX, system id: > 2060 > Auditable event: Network breakin detection > Event time: 6-SEP-2008 06:49:14.22 > PID: 20F0B1A8 > Process name: TCPIP$FTPC00079 > Username: newuser > Remote node id: 998090410 > Remote node fullname: 59-125-166-170.HINET-IP.hinet.net > Remote username: FTP_3B7DA6AA > Status: %LOGIN-F-NOSUCHUSER, no such user > > Note, when the IP is not backtranslatable: %%%%%%%%%%% OPCOM 15-SEP-2008 06:19:09.14 %%%%%%%%%%% Message from user AUDIT$SERVER on CHAIN Security alarm (SECURITY) and security audit (SECURITY) on CHAIN, system id: 103 5 Auditable event: Network breakin detection Event time: 15-SEP-2008 06:19:09.14 PID: 20202C8D Process name: TCPIP$FTPC0002C Username: admin Remote nodename: 218.80.215.198 Remote node id: 3662731206 (53.966) Remote username: FTP_DA50D7C6 Status: %LOGIN-F-NOSUCHUSER, no such user So it would probably be far better if the software didn't try to translate the IP address and log the IP address as the nodename instead of a useless integer number. ------------------------------ Date: Mon, 15 Sep 2008 08:39:09 -0400 From: "Richard B. Gilbert" Subject: Re: Security alarm msg Message-ID: JF Mezei wrote: > Tom Linden wrote: >> I noted following on opcon. Why is the remote node id in decimal format? >> This is on 8.3 Itanium. >> >> Message from user AUDIT$SERVER on REX >> Security alarm (SECURITY) and security audit (SECURITY) on REX, system id: >> 2060 >> Auditable event: Network breakin detection >> Event time: 6-SEP-2008 06:49:14.22 >> PID: 20F0B1A8 >> Process name: TCPIP$FTPC00079 >> Username: newuser >> Remote node id: 998090410 >> Remote node fullname: 59-125-166-170.HINET-IP.hinet.net >> Remote username: FTP_3B7DA6AA >> Status: %LOGIN-F-NOSUCHUSER, no such user >> >> > > Note, when the IP is not backtranslatable: > > %%%%%%%%%%% OPCOM 15-SEP-2008 06:19:09.14 %%%%%%%%%%% > Message from user AUDIT$SERVER on CHAIN > Security alarm (SECURITY) and security audit (SECURITY) on CHAIN, system > id: 103 > 5 > Auditable event: Network breakin detection > Event time: 15-SEP-2008 06:19:09.14 > PID: 20202C8D > Process name: TCPIP$FTPC0002C > Username: admin > Remote nodename: 218.80.215.198 > Remote node id: 3662731206 (53.966) > Remote username: FTP_DA50D7C6 > Status: %LOGIN-F-NOSUCHUSER, no such user > > So it would probably be far better if the software didn't try to > translate the IP address and log the IP address as the nodename instead > of a useless integer number. A few years ago when I was still working, some research on the origins of the spam I was receiving suggested that blocking the 218 net would eliminate 90%! One of nicer aspects of spam from 218 is the thought that the Chinese could simply shoot the bastards! ------------------------------ Date: Mon, 15 Sep 2008 19:44:28 +0200 From: Michael Unger Subject: Re: Security alarm msg Message-ID: <6j7lb3F1rs03U1@mid.individual.net> On 2008-09-15 14:39, "Richard B. Gilbert" wrote: > A few years ago when I was still working, some research on the origins > of the spam I was receiving suggested that blocking the 218 net would > eliminate 90%! One of nicer aspects of spam from 218 is the thought > that the Chinese could simply shoot the bastards! Well, according to the RIPE database [1] these network is spread around the whole world -- it's not "just China": | The country is really worldwide. | This address space is assigned at various other places in | the world and might therefore not be in the RIPE database. Michael [1] -- Real names enhance the probability of getting real answers. My e-mail account at DECUS Munich is no longer valid. ------------------------------ End of INFO-VAX 2008.507 ************************