INFO-VAX Sat, 25 Oct 2008 Volume 2008 : Issue 577 Contents: AS200 and DE500 Re: AS200 and DE500 Re: AS200 and DE500 Re: AS200 and DE500 Re: AS200 and DE500 Re: Banana Republic (was Re: OpenVMS Book Wins award) Re: History of the qio efn issue Re: Restricting Access to TCP/IP and DECnet Re: Restricting Access to TCP/IP and DECnet Re: Restricting Access to TCP/IP and DECnet Re: Selective record extraction/copy? ---------------------------------------------------------------------- Date: Sat, 25 Oct 2008 10:21:04 -0500 From: David J Dachtera Subject: AS200 and DE500 Message-ID: <49033960.5066437D@spam.comcast.net> I acquired a DE500 ethernet card recently and was wondering if anyone knows will it work in my AlphaStation 200? I'd like to retire the Jensen and go back to the AS200 as my local name-server and VMS "toy". D.J.D. ------------------------------ Date: Sat, 25 Oct 2008 10:34:08 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: AS200 and DE500 Message-ID: <08102510340833_202032EE@antinode.info> From: David J Dachtera > I acquired a DE500 ethernet card recently and was wondering if anyone > knows will it work in my AlphaStation 200? How long would it take to try it? There's more than one "-xx" in "DE500-xx". As I recall, I used a -BA in my AlpSta 200 4/233 systems (back when I used my AlpSta 200 4/233 systems). I'm too far away to check at the moment. I'd expect the SPD or some other official document to have an authoratative answer. A search of comp.os.vms over the past decade might offer some hints, too. What's wrong with the built-in (slower) interface? Not very many PCI slots to waste in there. ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Sat, 25 Oct 2008 09:46:47 -0600 From: Dan O'Reilly Subject: Re: AS200 and DE500 Message-ID: <6.1.2.0.2.20081025094625.01dcb1f0@raptor.psccos.com> I run a couple in AS200. At 09:21 AM 10/25/2008, David J Dachtera wrote: >I acquired a DE500 ethernet card recently and was wondering if anyone >knows will it work in my AlphaStation 200? > >I'd like to retire the Jensen and go back to the AS200 as my local >name-server and VMS "toy". > >D.J.D. ------ +-------------------------------+----------------------------------------+ | Dan O'Reilly | "There are 10 types of people in this | | Principal Engineer | world: those who understand binary | | Process Software | and those who don't." | | http://www.process.com | | +-------------------------------+----------------------------------------+ ------------------------------ Date: Sat, 25 Oct 2008 12:57:50 -0400 From: "Richard B. Gilbert" Subject: Re: AS200 and DE500 Message-ID: David J Dachtera wrote: > I acquired a DE500 ethernet card recently and was wondering if anyone > knows will it work in my AlphaStation 200? > > I'd like to retire the Jensen and go back to the AS200 as my local > name-server and VMS "toy". > > D.J.D. I can't see any reason why it should not work. Do you need a second Ethernet interface? My Alphastation 200 has a built in interface with connectors for UTC and BNC. ------------------------------ Date: Sat, 25 Oct 2008 13:02:06 -0400 From: "Richard B. Gilbert" Subject: Re: AS200 and DE500 Message-ID: Steven M. Schweda wrote: > From: David J Dachtera > >> I acquired a DE500 ethernet card recently and was wondering if anyone >> knows will it work in my AlphaStation 200? > > How long would it take to try it? > > There's more than one "-xx" in "DE500-xx". As I recall, I used a -BA > in my AlpSta 200 4/233 systems (back when I used my AlpSta 200 4/233 > systems). I'm too far away to check at the moment. I'd expect the SPD > or some other official document to have an authoratative answer. A > search of comp.os.vms over the past decade might offer some hints, too. > > What's wrong with the built-in (slower) interface? Not very many PCI > slots to waste in there. > The built in interface is 10/100, the same as the DE500. Installing a DE500 is pointless unless you need a second Ethernet interface or you somehow fried the built in interface. ------------------------------ Date: Sat, 25 Oct 2008 22:49:10 +0930 From: Mark Daniel Subject: Re: Banana Republic (was Re: OpenVMS Book Wins award) Message-ID: <011308d4$0$20645$c3e8da3@news.astraweb.com> Richard Maher wrote: > Hi Mark, > >> (I purchased it when AU$ was almost at US$ parity :-) > > Aaah, it seems like only weeks ago :-( I bought it through Barnes and Noble in late May '08 for US$36.00 plus US$13.00 P&P, and I think my credit card statement said something like AU$52.00 so it was right at the 'peak'. Why the AU$ currently should be at US$0.65 now escapes me - perhaps that's one reason I'm still working for wages. It was a good 'background' read but not directly applicable to my daytime duty statement these days. I had not (as I indicated to Roland I might) gotten around to a public review (that would have required a second read). Willem Grooters provided one I'd generally endorse. At around the same time I purchased Heller's, "Catch 22" (shipped to one of my daughters), Earl's, "Digital Equipment Corporation (MA) (Images of America)", and Schein's, "DEC Is Dead, Long Live DEC"; all good reads and all for different reasons. With the exchange rate more like 2:3 I might have to think think more carefully. (The Earl soft-cover is a particularly easy but also interesting 'read' I'd recommend to all interested in DEC :-) > Cheers Richard Maher > > PS. Just in case you don't subscribe to the WHATWG mailing list, do you have > any interest in, or opinions on the following: - No I don't and indirectly I guess I do. That any network connectivity has some sandboxing doesn't exactly surprise me. A network conduit (like SSH or HTTP CONNECT) is carte blanche for whatever the agent wishes to transfer. No constraint would be considered negligence. I'm guessing you mention this because the suggestion below that "that the time could be better spent providing guidelines for communication via an asynchronous CGI [originally I read GUI :-] interface." sounds remarkably like Tier3 :-) I agree; why would anyone spend time abstracting interfaces if a monolithic solution is all that is currently required? Of course this is an entirely fresh (if not novel) discussion point ... > ----- Original Message ----- > From: "Shannon" > To: "WHAT working group" > > Sent: Tuesday, October 14, 2008 7:22 AM > Subject: [whatwg] WebSocket and proxies > > >> In the process of testing my WebSocket proposal I discovered the CONNECT >> method has a major restriction. Most proxies disable CONNECT to anything >> but port 443. >> >> The following is from "Squid and the Blowfish": >> ------------------ >> It is very important that you stop CONNECT type requests to non-SSL >> ports. The CONNECT method allows data transfer in any direction at any >> time, regardless of the transport protocol used. As a consequence, a >> malicious user could telnet(1) to a (very) badly configured proxy, enter >> something like: >> ... snip example ... >> and end up connected to the remote server, as if the connection was >> originated by the proxy. >> ------------------- >> >> I verified that Squid and all public proxies I tried disable CONNECT by >> default to non-SSL ports. It's unlikely many internet hosts will have >> 443 available for WebSockets if they also run a webserver. It could be >> done with virtual IPs or dedicated hosts but this imposes complex >> requirements and costs over alternatives like CGI. >> >> The availability and capabilities of the OPTIONS and GET protocols also >> varied from proxy to proxy. The IETF draft related to TLS >> (http://tools.ietf.org/html/draft-ietf-tls-http-upgrade-05) has this to > say: >> ------------------- >> 3.2 Mandatory Upgrade >> >> If an unsecured response would be unacceptable, a client MUST send >> an OPTIONS request first to complete the switch to TLS/1.0 (if >> possible). >> >> OPTIONS * HTTP/1.1 >> Host: example.bank.com >> Upgrade: TLS/1.0 >> Connection: Upgrade >> ------------------- >> >> So according to this draft spec OPTIONS is the only way to do a >> *mandatory* upgrade of our connection. Once again this failed in testing >> >> ------------------- >> => OPTIONS * HTTP/1.1 >> => Proxy-Connection: keep-alive >> => Connection: Upgrade >> => Upgrade: WebSocket/1.0 >> => Host: warriorhut.org:8000 >> => >> <= HTTP/1.0 400 Bad Request >> <= Server: squid/3.0.STABLE8 >> -------------------- >> >> Other proxies gave different errors or simply returned nothing. The >> problem may be related to the Upgrade and Connection headers rather than >> OPTIONS, since I had similar issues using Connection: Upgrade with GET. >> >> I had the most success using GET without a Connection: Upgrade header. >> It seems that the proxy thinks the header is directed at it so it does >> not pass it on to the remote host. In many cases it will abort the >> connection. Using the Upgrade: header without Connection allows the >> Upgrade header through to the actual websocket service. >> >> It seems to me that whatever we try in many cases the connection will be >> silently dropped by the proxy and the reasons will be unclear due to the >> lack of error handling. There seems to be a wide variation in proxy >> behaviour for uncommon operations. I suppose proxy developers could fix >> these issues but whether a significant rollout could be achieved before >> HTML5 is released is questionable. >> >> Given that an asynchronous connection cannot be cached the only reasons >> remaining for going through a proxy are anonymity and firewall >> traversal. Automatically bypassing the users proxy configuration to >> solve the issues above has the potential to break both of these. It >> would be a significant breach of trust for a UA to bypass the users >> proxy and some networks only allow connections via a proxy (for security >> and monitoring). >> >> It seems that we're stuck between a rock and hard place here. In light >> of this I reiterate my earlier suggestion that the time could be better >> spent providing guidelines for communication via an asynchronous CGI >> interface. This would allow reuse of existing port 80 and 443 web >> services which would resolve the cross-domain issues (the CGI can relay >> the actual service via a backend connection) and most of the proxy >> issues above (since proxy GET and CONNECT are more reliable on these > ports). >> Shannon >> > > "Mark Daniel" wrote in message > news:01110d0c$0$20616$c3e8da3@news.astraweb.com... >> yyyc186 wrote: >>> The Minimum You Need to Know About Service Orieted Architecture by >>> Roland Hughes >>> >>> Award-Winner in the Business: Technology/Computers/Internet category >>> of the National Best Books 2008 Awards, sponsored by USA Book News >> Congratulations Roland! >> >> (I purchased it when AU$ was almost at US$ parity :-) >> >>> You can find this book in Island Computer's Web store. ------------------------------ Date: Sat, 25 Oct 2008 07:46:18 -0700 (PDT) From: IanMiller Subject: Re: History of the qio efn issue Message-ID: <32b53052-5f01-4dcc-9f75-8a01c27dea6d@m44g2000hsc.googlegroups.com> On Oct 24, 10:47=A0pm, moro...@world.std.spaamtrap.com (Michael Moroney) wrote: > JF Mezei writes: > >IanMiller wrote: > >> In some version of VMS a special event flag (number 128) was invented > >> as a better answer. > >Seriously tough, prior to this invention, was "128" blocked from the > >SYS$GETEF service, or was the later able to give a caller that flag numb= er ? > > Perhaps someone with an old version of VMS could tell us for sure, but > I'd bet the mortgage it would just give the same %SYSTEM-F-ILLEFC error a= s > any other out-of-range event flag number, like -1, or 123456. > > EFN 128 was chosen simply because it was the next one available. 0-63 > are "normal" event flags, and 64-127 are common event flags, in 2 > clusters that can be shared between processes. > > (since they come in clusters of 32, I wonder if any other EF in the 5th > cluster, other than 128, "do" anything. =A0But I don't wonder enough to > try) > > >AKA: if you run a new application that uses the 128 flag onto an old > >version of VMS, it is possible that $GETEF will give the application a > >flag number 128 at which point, there would be a conflict because the > >application would use 128 as a real flag (obtained via $GETEF) as well > >as using it as a NOOP ? If you are really curious you can look though the listings for use of event flag 129 ------------------------------ Date: Sat, 25 Oct 2008 10:54:00 +0200 From: Johnny Billquist Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: glen herrmannsfeldt skrev: > PacoLinux wrote: > (snip) > >>>> Is it possible to restrict access to TCP/IP (5.1) and DECnet (IV) on a >>>> per-user basis? In other words I would like someone to be able to >>>> access my >>>> machine, but not to go from that machine to anywhere else on the >>>> network. > (snip) > >> -> I'm not aware of a way to do this in UN*X, either, without breaking >> -> almost the entire system. > >> You can use a restricted shell : > > > http://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell > > I believe it can be done with the restricted shell, but it still isn't > easy. > > You have to give the user a read only directory, otherwise executable files > can be loaded and executed. I believe rsh restricts cd and the ability to > execute files by path, such as /tmp/xyz. > > You then need to supply commands that do what the user is supposed to > be allowed to do. chroot helps a lot, too. I havaen't seen the start of this, but in VMS, shouldn't just not having TMPMBX solve this? Is there something else you might want to run that requires TMPMBX? Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Sat, 25 Oct 2008 11:25:17 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: <00A819FB.4AD32773@SendSpamHere.ORG> In article , Johnny Billquist writes: >glen herrmannsfeldt skrev: >> PacoLinux wrote: >> (snip) >> >>>>> Is it possible to restrict access to TCP/IP (5.1) and DECnet (IV) on a >>>>> per-user basis? In other words I would like someone to be able to >>>>> access my >>>>> machine, but not to go from that machine to anywhere else on the >>>>> network. >> (snip) >> >>> -> I'm not aware of a way to do this in UN*X, either, without breaking >>> -> almost the entire system. >> >>> You can use a restricted shell : >> > >> http://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell >> >> I believe it can be done with the restricted shell, but it still isn't >> easy. >> >> You have to give the user a read only directory, otherwise executable files >> can be loaded and executed. I believe rsh restricts cd and the ability to >> execute files by path, such as /tmp/xyz. >> >> You then need to supply commands that do what the user is supposed to >> be allowed to do. chroot helps a lot, too. > >I havaen't seen the start of this, but in VMS, shouldn't just not having TMPMBX >solve this? Is there something else you might want to run that requires TMPMBX? Remove TMPMBX? No! Take away the NETMBX privilege. TMPMBX privilege is needed to do some basic things such as SPAWN and PIPE. If these are features (and some others) that are not needed then by all means limit TMPMBX privilege too. However, the lack of TMPMBX will not limit DECnet and TCP/IP. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Sat, 25 Oct 2008 07:49:42 -0400 From: "Richard B. Gilbert" Subject: Re: Restricting Access to TCP/IP and DECnet Message-ID: Johnny Billquist wrote: > glen herrmannsfeldt skrev: >> PacoLinux wrote: >> (snip) >> >>>>> Is it possible to restrict access to TCP/IP (5.1) and DECnet (IV) on a >>>>> per-user basis? In other words I would like someone to be able to >>>>> access my >>>>> machine, but not to go from that machine to anywhere else on the >>>>> network. >> (snip) >> >>> -> I'm not aware of a way to do this in UN*X, either, without breaking >>> -> almost the entire system. >> >>> You can use a restricted shell : >> > >> http://www.gnu.org/software/bash/manual/bashref.html#The-Restricted-Shell >> >> I believe it can be done with the restricted shell, but it still isn't >> easy. >> >> You have to give the user a read only directory, otherwise executable >> files >> can be loaded and executed. I believe rsh restricts cd and the >> ability to >> execute files by path, such as /tmp/xyz. >> >> You then need to supply commands that do what the user is supposed to >> be allowed to do. chroot helps a lot, too. > > I havaen't seen the start of this, but in VMS, shouldn't just not having > TMPMBX solve this? Is there something else you might want to run that > requires TMPMBX? > > Johnny > Did you, by chance, mean NETMBX? ------------------------------ Date: Sat, 25 Oct 2008 11:16:19 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Selective record extraction/copy? Message-ID: <00A819FA.0AA6A931@SendSpamHere.ORG> In article <4902a4be$0$1559$c3e8da3@news.astraweb.com>, JF Mezei writes: >David J Dachtera wrote: > >> Now, I'm learning ksh93... > >Which reminds me. Yesterday, while looking at the library setup in front >of the supermarket checkout aisle, I noticed a cover page title which >surprised me. > >It seems that Brad Pitt no longer wants to mary Angelina Jolie because >she has allegedly had a love affair with someone else. > >I tried $HELP BRAD_PITT but VMS 8.3 doesn't yet have any information >about this. > >I was under the impression that the two had married some time ago ? Or >are they just together with all sorts of adopted kids ? > >It goes to show, when one is too focused on VMS, one looses focus on the >truly important issues of this world :-) :-) :-) :-) Hollywood is truly important? NOT! >Hopefully, next week, they will reveal that Jolie's love interest is non >other than Jennifer Aniston. This would complete the story about that >love triangle those serious publications at checkout counters have been >covering for years. I don't follow TV or Hollywood. I recognize these names but if these individuals walked up to me, I wouldn't know them by face nor would I even care. >Also, since it is mostly men that do the grocery shopping, how come the >magazines are mostly for women ? Shouldn't the check-out aisles have >magazines such as Playboy , Sports Illustrated, Popular Science and Mad ? Where'd you find this statistic? Granted, I go to the store and I do do the grocery shopping but only because the Mrs. doesn't drive. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ End of INFO-VAX 2008.577 ************************