1 INFO-VAX	Sun, 28 Apr 2002	Volume 2002 : Issue 233       Contents: Re: Best DIGITAL product ever?2 Re: comparison chart: pros and cons of WWW servers+ Re: DCL labels out of scope after ON ERROR?  Re: download VMS Re: download VMS Re: download VMS Re: download VMS Re: download VMS Re: IBM and aviation Re: IBM and aviation Re: Netscape and Mozilla Re: Netscape and Mozilla> Re: Problems changing the "remote password" on a DECserver 90M Re: Purify or equiv. on OpenVMS P Re: put up or shut up (was: RE: AMD To Announce Microsoft Support For New Chip FP Re: put up or shut up (was: RE: AMD To Announce Microsoft Support For New Chip FP Re: put up or shut up (was: RE: AMD To Announce Microsoft Support For New Chip F Re: Security question....   Re: Suggestion: SET DEVICE/RESET" Re: VMS 6.2 file ownership problem Re: web hosting   F ----------------------------------------------------------------------    Date: 27 Apr 2002 16:38:11 -0700, From: jeremybarker@email.com (Jeremy Barker)' Subject: Re: Best DIGITAL product ever? = Message-ID: <5b86b9ee.0204271538.4f2aeb3f@posting.google.com>   K danco@pebble.org wrote in message news:<slrnabi0tl.ijc.danco@pebble.org>... ? > In article <3CB86DA6.3ED3D33A@Free.fr>, Didier Morandi wrote: O > > I just realized that, since 1957, DEC has produced *many* amazing products:  > = > The Basic+ Run-Time System on RSTS/E.  That was a real gem.   @ Except that although DEC sold it they didn't produce it.  It was> largely produced by an outside company to a DEC specification.   jb   ------------------------------    Date: 27 Apr 2002 15:06:10 -0700( From: bob@instantwhip.com (Bob Ceculski); Subject: Re: comparison chart: pros and cons of WWW servers = Message-ID: <d7791aa1.0204271406.735c9016@posting.google.com>   s "Doc.Cypher" <doc_cypher@redneck.gacracker.org> wrote in message news:<20020427075644.14296.qmail@gacracker.org>... 7 > NOTE: This message was sent thru a mail2news gateway. : > No effort was made to verify the identity of the sender.: > -------------------------------------------------------- > ; > On 26 Apr 2002, bob@instantwhip.com (Bob Ceculski) wrote: G > >Phillip Helbig <HELBPHI@sysdev.deutsche-boerse.com> wrote in message : > >news:<01KH12X67B068Y7GCV@sysdev.deutsche-boerse.com>...J > >> Does anyone have (or can anyone point me to) a GENERAL comparison of C > >> various HTTP servers for VMS (OSU, CSWS, WASD, Purveyor,...)?   > >  > >here's purveyor!  > > 6 > >http://www.sss.co.nz/software/purveyor/purveyor.htm > ! > that wasn't what was asked for!  > I > .. Phillip wanted a comparison ... not an advert for your favourite web 	 > server.  >  > A > I think the best bet is probably Alan's book when it comes out.  >  >  > Doc.  D Except Alan didn't include Purveyor in his book ... so maybe not ...   ------------------------------  # Date: Sun, 28 Apr 2002 03:14:31 GMT 1 From: "David J. Dachtera" <djesys.nospam@fsi.net> 4 Subject: Re: DCL labels out of scope after ON ERROR?' Message-ID: <3CCB6BF3.5CC44F59@fsi.net>    Chris Olive wrote: >  > Actually, yes the block it calls from is inside an "If F$Mode .EQS. "INTERACTIVE"" if-then-endif block.  So...  That's probably it.  Thanks.  C In general, I recommend that you avoid GOTO-ing out of an IF block.   9 Newer DCL doesn't get as confued as earlier versions did.   C Also, DEC BASIC will yell at you at compile time if you try that in  BASIC.  7 GOSUB or CALL within an IF block is always good, AFAIK.   C ...and yes, a missing ENDIF can lead to all kinds of debugging fun!    --   David J. Dachtera  dba DJE Systems  http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  % Date: Sat, 27 Apr 2002 16:19:12 -0400 - From: JF Mezei <jfmezei.spamnot@videotron.ca>  Subject: Re: download VMS , Message-ID: <3CCB07BF.E0732109@videotron.ca>   Robert Deininger wrote: J > Distribution is easier.  Kits can clearly be made available via network,I > but they won't be useable until they are placed on an ODS device in the 8 > vicinity of the system where they are to be installed.  N But that vicinity might include a system with bootp capabilities for instance.  (see later)  G > Which files?  The number of kits and components in VMS land is fairly  > large.  M But those kits already exist and are already managed by competent VMS people. N All that is needed is to zip the kits and place them in a directory accessible; via FTP or a web server. Even a windows weenie can do this.   A > Changing the kitting and installation mechanisms is technically G > non-trivial.  It WILL introduce a large number of configuration bugs, 2 > which will have to be hunted down and squashed.   N Does PCSI use BACKUP internally ? VMSINSTAL does.  If both use backup, then itK would be just a question of getting BACKUP to support an operation such as:   = BACKUP  "10.0.0.2/vaxvms072.B"/bootp/save  DKA100:/IMAGE/INIT   ) (or replace BOOTP with TFTP or whatever).   I Consider the integration advantages if you were able to store your backup E savesets on an NFS disk, and restore a broken system via BACKUP/TFTP.   G (obviously, a minimal IP stack would be needed, perhaps with a fixed IP   address and no gateway/routing).  J > VMSINSTAL is more or less dead.  PCSI should have completely replaced itF > years ago.  I doubt even VMS engineering wants to enhance VMSINSTAL.  I If the change is made at the BACKUP level, then there would be no changes  needed for VMSinstall.  I > it make the customers happy?  I doubt it.  There is an expectation that H > downloadable kits should be "cheap", so the bean counters would likely > fear the loss of revenue.   M Funny how folks in the wintel industry don't fear lowering prices and will do M so agressively because they recognize who their competition is. If VMS became M comatosed because Digital refused to allow VMS to compete for fear of loss of K revenue. Repeating that mistake would be a very fatal mistake. Finding ways M for Compaq/HP to distribute software more effectively to reduce both internal M costs and costs to customers should be priority. And if internet distribution 7 can helpo achieve this goal, what is so wrong with it ?   L Maximising revenu is the wrong attitude. Maximizing profit is the right one.    L > Of course, lowering the prices would attract more customers. Planning suchJ > a strategy requires ADVANCED bean-counting, and IMHO that has never been > Compaq's strength.  < How did Compaq ever manage to beat IBM at the PC game ??????   ------------------------------  % Date: Sat, 27 Apr 2002 18:24:45 -0400 * From: "Stanley F. Quayle" <stan@stanq.com> Subject: Re: download VMS - Message-ID: <3CCAECED.5004.E598013@localhost>   ) On 27 Apr 2002, at 16:19, JF Mezei wrote: P > Does PCSI use BACKUP internally ? VMSINSTAL does.  If both use backup, then itM > would be just a question of getting BACKUP to support an operation such as:  > ? > BACKUP  "10.0.0.2/vaxvms072.B"/bootp/save  DKA100:/IMAGE/INIT    No need to change BACKUP.   F Just install DECnet-Plus and use DECnet-over-IP.  I use it across the  Internet all the time.  F And I just happen to have a disk with most VAX and Alpha condist's on 	 it...  :)     
 --Stan Quayle ! President, Quayle Consulting Inc.   
 ----------G Stanley F. Quayle, P.E.   N8SQ   +1 614-868-1363   Fax: +1 614 868-1671 1 8572 North Spring Ct. NW, Pickerington, OH  43147 = Preferred address:  stan@stanq.com       http://www.stanq.com    ------------------------------  # Date: Sun, 28 Apr 2002 03:00:58 GMT 1 From: "David J. Dachtera" <djesys.nospam@fsi.net>  Subject: Re: download VMS ' Message-ID: <3CCB68C4.9F10F4C2@fsi.net>    Dean Woodward wrote: >  > Brian Wheeler wrote: > > 6 > > In article <3cc82bbb.16519531@news.cable.ntl.com>,C > >         peter.watkinson1@ntlworld.com (Peter Watkinson) writes:  > > > 	 > > > Hi,  > > > L > > > I was wondering if it would be a good idea for Compaq (HP?) to let youK > > > download VMS through the internet. Particularly the Hobbyist version. K > > > With Linux and BSD it so easy to download and install via FTP so long H > > > as you have a fast connection. I don't think it would be neccesaryL > > > with windows as a 5min drive to the local PC world can pick up a copy.> > > > Could be a good idea to bring VMS into the 21st century. > > >  > > >  > > >  > > > Peter Watkinson # > > > peter.watkinson1@ntlworld.com  > > N > > I think it would be great, especially if they included some of the layeredK > > products.  Since you have to have a license anyway to use the binaries, ? > > making the media freely available can't hurt license sales.  > I > Being able to run VMSINSTAL and specify a URL as the kit location would I > be sweet!  And, as stated in another thread, CONDIST kits are available I > next to free on ebay now, and it takes a slew of licenses to make it go E > in any case, so it's not entirely like there's a huge concern about   > unlicensed VMS running around. > B > What about making the enough of the hobbyist kit to get a systemH > bootstrapped (Say, the VMS base CD? I installed off of work's CONDIST,I > so I haven't even a poor, soggy clue how the hobbyist kit is organized) D > and connected to the net available for download as an ISO images?   B I can see we're in danger of genericising a mis-applied term here.9 Probably too late to stem the tide, but here goes anyway:   B An "ISO image" generally refers to the "image" of a CD recorded inA ISO-9660 format, or a similar image on any medium in that format.   E As you may know, VMS uses a "format" known as "ODS" (ODS-2, ODS-5 and  others).  E Some who purchase or subscribe to the OpenVSM Source listings distro. B have stated that there appears to be latent support for RMS withinF ISO-9660 filesystem containers/media; however, that support appears toH be read-only and I suspect largely untested. There is currently no knownF software for writing ISO-9660 with RMS metadata properly placed withinE those structures. Perhaps there ought to be, but let's not start that  thread up again, shall we?   > ThatE > would be enough to keep a lot of beginners happy for some time, I'd 	 > think.    E Provided those beginners have high-bandwidth links to the 'net. As of F the last statistics I saw, broadband access is still extremely limitedC (less than 12% total market penetration). Speaking for myself here, F short of actually providing fixed wireless broadand, I see no hope forE my current home town getting *ANY* broadband (cable, DSL, etc.) other / than satellite any time in the next five years.   = > Is there an official opinion on the copyright implications?    I've not seen any.   --   David J. Dachtera  dba DJE Systems  http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  % Date: Sat, 27 Apr 2002 23:37:34 -0400 - From: JF Mezei <jfmezei.spamnot@videotron.ca>  Subject: Re: download VMS , Message-ID: <3CCB6E7E.66EA489B@videotron.ca>   "David J. Dachtera" wrote:G > Provided those beginners have high-bandwidth links to the 'net. As of H > the last statistics I saw, broadband access is still extremely limited+ > (less than 12% total market penetration).   > Market penetration for broadband is higher in other countries.  J In the USA, large company's misunderstanding of the internet which lead toL such silliness as the AOL-Time-Warner merger and more importantly the mergerM of excite and @HOME resulting in the bankrupcy of @HOME would not have helped  broadband at all.   K I do not know what the actual numbers are, but broadband internet access in K canada has significantly higher penetration rate. Perhaps because a greater N percentage of our population lives in more urban areas served by Cable and the telco's DSL.  G Also, in canada, one of the big TV satellite provider happens to be the L traditional landline telco as well as a major ISP, and it gives you deals onG one service if are are a subscriber of another service (likewise, cable H companies give you a deal on internet via cable if you buy cable for TV.   ------------------------------  # Date: Sun, 28 Apr 2002 03:37:48 GMT 1 From: "David J. Dachtera" <djesys.nospam@fsi.net>  Subject: Re: download VMS ' Message-ID: <3CCB7167.1F842306@fsi.net>    JF Mezei wrote:  > [snip]M > I do not know what the actual numbers are, but broadband internet access in M > canada has significantly higher penetration rate. Perhaps because a greater P > percentage of our population lives in more urban areas served by Cable and the > telco's DSL.   The problem here is two-fold:   E 1. The cable infrastructure was not installed as two-way capable. The F current vendor/owner (AT&T who did not install it) has no incentive to upgrade.  A 2. Likewise the telco service. There is currently no incentive to # provide remote terminal and DSLAMs.   G Sprint Broadband Direct is not accepting new customers, AFAIK, which is D just as well. This far from Sears tower, coverage is very spotty, at best.   E Based on demographic info. available from local municipal websites, I D guesstimate there are some 40,000 households waiting for a broadbandC option other than satellite in the area surrounding my home (5 mile  radius).  E So, unless someone can negotiate with the local municipalities to get B fixed wirless towers up and running, satellite is the only option.   --   David J. Dachtera  dba DJE Systems  http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  % Date: Sat, 27 Apr 2002 15:57:09 -0400 - From: JF Mezei <jfmezei.spamnot@videotron.ca>  Subject: Re: IBM and aviation , Message-ID: <3CCB0295.E6D7A0F0@videotron.ca>   Hans Vlems wrote: L > The next decision is make or buy the software; these days that's buy, more > often than not.   L But this is where IBM is different. IBM has no problems developping industryL specific applications such as airline self-check-in kiosk (both hardware andI software) and then selling it to the airlines, and now working on selling N wireless wearable computers so that airline staff can check-in someone without' actually being at the check-in-counter.   L This example, as well as the IBM solution that the local hardware store usesJ to give all its employees access to prices, inventory etc, from a wirelessE handheld scanner says a hell of a lot more than Compaq just selling a N "commodity" Ipaq with claims of wireless capabilities. Where are the solutions< in this ? (besides, is there a ruggedised version of Ipaq ?)  M Now, if Compaq were to sell an integrated inventory management solution based L on VMS as central host and wireless ruggedized ipaqs, then it would start toE attract serious business. But until then, Compaq will truly be just a  commidity box maker.   ------------------------------  % Date: Sat, 27 Apr 2002 16:04:47 -0400 1 From: Michael Austin <maustin@firstdbasource.com>  Subject: Re: IBM and aviation 2 Message-ID: <3CCB045F.4B78805D@firstdbasource.com>   JF Mezei wrote:  >  <snip>  > > in this ? (besides, is there a ruggedised version of Ipaq ?) >   H Sort-of, there is a ruggedized case that it will fit in, cost $100. (for maybe $1.00 worth of plastic.   G > attract serious business. But until then, Compaq will truly be just a  > commidity box maker.  C In reality, that is all they have always been.  Not a real solution 	 provider.  --   Regards,  7 Michael Austin            Registered Linux User #261163 7 First DBA Source, Inc.    http://www.firstdbasource.com    ------------------------------  # Date: Sun, 28 Apr 2002 02:25:23 GMT * From: John Reagan <john.reagan@compaq.com>! Subject: Re: Netscape and Mozilla ' Message-ID: <3CCB5C67.90405@compaq.com>    Carl Perkins wrote:   ? > In this particular case, it sounds more like a poorly written  > piece of software. >     G Not directed at Carl, but if people want to help make Mozilla "faster,  E smaller, better, etc.", just hop on over to www.mozilla.org, roll up   your sleaves, and lend a hand.         --   John Reagan ' Compaq Pascal/{A|I}MACRO Project Leader    ------------------------------  # Date: Sun, 28 Apr 2002 05:12:58 GMT L From: winston@SSRL.SLAC.STANFORD.EDU ("Alan Winston - SSRL Admin Cmptg Mgr")! Subject: Re: Netscape and Mozilla28 Message-ID: <00A0D1C1.271EF43C@SSRL04.SLAC.STANFORD.EDU>  T In article <3CCB5C67.90405@compaq.com>, John Reagan <john.reagan@compaq.com> writes: >Carl Perkins wrote: >R@ >> In this particular case, it sounds more like a poorly written >> piece of software.V >> e >B >nH >Not directed at Carl, but if people want to help make Mozilla "faster, F >smaller, better, etc.", just hop on over to www.mozilla.org, roll up  >your sleaves, and lend a hand.M   A commendable sentiment.    O It might not totally work in this case; I've  gotten the impression - certainly I subject to correction from somebody who knows something - that the reason O Mozilla (and the commercial Netscapes  derived from it) is such a memory hog is.N that it was decided at a strategic level to use the platform-independent GeckoJ rendering engine so Mozilla would look the same everywhere, and that Gecko! chews up an awful lot of  memory.3  M It might be easier to make a slender Mozilla spinoff than to do the politicalAO work necessary to change a basic strategic decision in a very large open-source  project.   -- Alano  O ===============================================================================D0  Alan Winston --- WINSTON@SSRL.SLAC.STANFORD.EDUM  Disclaimer: I speak only for myself, not SLAC or SSRL   Phone:  650/926-3056hM  Physical mail to: SSRL -- SLAC BIN 69, PO BOX 4349, STANFORD, CA  94309-0210uO ===============================================================================m   ------------------------------  # Date: Sat, 27 Apr 2002 19:25:45 GMTa. From: "Richard L. Dyson" <rickdyson@mchsi.com>G Subject: Re: Problems changing the "remote password" on a DECserver 90M ) Message-ID: <3CCAFB3B.1B82AD34@mchsi.com>4  > > Rick - You should be able to set up your unit so that telnetG > connections to port 20 are prompted ("#") for a password.  Here's thec' > sequence of steps that worked for me:n > E > CHANGE SERVER REMOTE PASSWORD &#8220;password&#8221;    (default isf	 > ACCESS). > CHANGE PORT nn ACCESS REMOTE- > CHANGE TELNET LISTENER 20nn PORTS nn ENABLE00 > CHANGE TELNET LISTENER 20nn CONNECTIONS ENABLE' > CHANGE PORT nn REMOTE PASSWORD ENABLEb > LOGOUT PORT nn > H > The next time you connect to port nn, you should be prompted ("#") for@ > the REMOTE PASSWORD.  This should be whatever you typed in forG > "password"...unless you are using my 90M, and then it would be ACCESS   E 	Can you confirm this when you telnet to the server's IP @ port 2020?oJ Not telnet to the terminal server.  I always get the "#" prompt for that.  BTW,J I don't mean I start from something directly connected to port 20.  I meanL an "inbound" device is connected to port 20 and I am trying to connect to it	 remotely.t  B 	But when I "telnet 1.2.3.4 2020", I am immediately connected.  NoM "#" prompt for any of the 12+ DECServer 900TM (v2.4) I have still in service.d   	Here are some of my settings:   Local> Show Port 20l  5 Port 20:                               Server: XXXXXX.  F Character Size:            8           Input Speed:               9600F Flow Control:            XON           Output Speed:              9600F Parity:                 None           Signal Control:        DisabledF Stop Bits:           Dynamic           Signal Select:  CTS-DSR-RTS-DTR  F Access:               Remote           Local Switch:                 |F Backwards Switch:       None           Name:                   PORT_20F Break:                 Local           Session Limit:                1F Forwards Switch:        None           Type:                      AnsiF Default Protocol:     Telnet           Default Menu:              NoneF Autolink Timer One:10 Two:10           Dialer Script:             None   Preferred Service: None  Authorized Groups:   0 (Current)  Groups:   0   Enabled Characteristics:? Autobaud,  Broadcast,  Input Flow Control,  Output Flow Controli    Local> Show Telnet Listener 2020  D Listener TCP-port:  2020                     Listener Type:  TELNET $ Identification:     Important_Device Ports:              20 Connections:        Enabled  IP Address:         1.2.3.4u    G 	Anyone know if it is possible to get the simple security working here?    Thanks!) Rick   ------------------------------  # Date: Sun, 28 Apr 2002 02:23:12 GMT - From: "John E. Malmberg" <wb8tyw@qsl.network>a( Subject: Re: Purify or equiv. on OpenVMS* Message-ID: <3CCB78F7.7040108@qsl.network>   Doc.Cypher wrote:r >  e2 >      /standard=ansi89/prefix=all/warn=enable=all >  nK >    and you'll save yourself a lot of trouble later on.  It will also makel >    your code more portable.r   For newer releases of Compaq C:o   /warn=enable=(level4)v  
 And I prefer:w   /warn=enable=(level4,questcode)A   -Johnr wb8tyw@qsl.network Personal Opinion Only,   ------------------------------    Date: 27 Apr 2002 15:15:36 -0700( From: bob@instantwhip.com (Bob Ceculski)Y Subject: Re: put up or shut up (was: RE: AMD To Announce Microsoft Support For New Chip Fo< Message-ID: <d7791aa1.0204271415.8d434c5@posting.google.com>  { Doc.Cypher <Use-Author-Supplied-Address-Header@[127.1]> wrote in message news:<20020427065618.10491.qmail@gacracker.org>...e; > On 26 Apr 2002, bob@instantwhip.com (Bob Ceculski) wrote:g >  > <snip> >  > >disclaimer:L > >The opinions expressed by myself on this board do not necessarily reflectJ > >those of other self appointed vms experts on this board.  I am the onlyJ > >poster on this board who is totally clueless ... all other posters knowH > >all the future holds for vms, and should not be confused with myself. > J > Look, it's not a board. It is a NEWSGROUP, or for some people, a mailing* > list. Please get your terminology right. > K > As to your comments about "other self appointed vms experts", well I findtL > what they post far more plausible. Stating that Alpha will live in ItaniumM > suggests that Itanium will either change to using the Alpha instruction setaM > or the EPIC core will be replaced with the RISC core from Alpha. Neither ofbI > these seems likely to happen. What does seem likely is that some of thecF > non-specific features from the Alpha processor will be grafted on toF > Itanium. This will not make the damn thing an Alpha processor. Okay? >  > Doc.  F well I say you are wrong ... I say for Intel to stay competitive, theyE will have to drop the epic boat anchor ... are you saying there is no H chance at all of this happening?  And the last time I checked, the firstF ammendment was still in force ... or has communism already got to thisG board?  Should I refer to you as heir doc and Bill Todd as heir genius?m   ------------------------------    Date: 27 Apr 2002 21:53:15 -0000= From: Doc.Cypher <Use-Author-Supplied-Address-Header@[127.1]> Y Subject: Re: put up or shut up (was: RE: AMD To Announce Microsoft Support For New Chip Fe5 Message-ID: <20020427215315.5056.qmail@gacracker.org>   9 On 27 Apr 2002, bob@instantwhip.com (Bob Ceculski) wrote:.I >Doc.Cypher <Use-Author-Supplied-Address-Header@[127.1]> wrote in messageP3 >news:<20020427065618.10491.qmail@gacracker.org>....< >> On 26 Apr 2002, bob@instantwhip.com (Bob Ceculski) wrote: >>  	 >> <snip>i >> t >> >disclaimer:pM >> >The opinions expressed by myself on this board do not necessarily reflectIK >> >those of other self appointed vms experts on this board.  I am the only1K >> >poster on this board who is totally clueless ... all other posters know J >> >all the future holds for vms, and should not be confused with myself.  >> -K >> Look, it's not a board. It is a NEWSGROUP, or for some people, a mailingy+ >> list. Please get your terminology right.  >> sL >> As to your comments about "other self appointed vms experts", well I findM >> what they post far more plausible. Stating that Alpha will live in Itanium N >> suggests that Itanium will either change to using the Alpha instruction setN >> or the EPIC core will be replaced with the RISC core from Alpha. Neither ofJ >> these seems likely to happen. What does seem likely is that some of theG >> non-specific features from the Alpha processor will be grafted on toiG >> Itanium. This will not make the damn thing an Alpha processor. Okay?l >> n >> Doc.  > G >well I say you are wrong ... I say for Intel to stay competitive, they F >will have to drop the epic boat anchor ... are you saying there is noI >chance at all of this happening?  And the last time I checked, the first G >ammendment was still in force ... or has communism already got to thisfH >board?  Should I refer to you as heir doc and Bill Todd as heir genius?  I That's right, bring the Nazi's into it. All I, and others, are asking forlJ is a bit of a reality-check. Also, the first amendment is only in force inF the USA. Please remember this is an internationally carried newsgroup.  I As to Intel dropping EPIC, that would involve a serious loss of face, notmI to mention a serious write-off of investment. I for one do not think that D is particularly likely if Itanic can be given reasonable performance
 improvements.o     Doc. -- e6 The bigger the humbug, the better people will like it.K ~ Phineas Taylor Barnum.                             https://vmsbox.cjb.neth   ------------------------------  # Date: Sun, 28 Apr 2002 02:49:29 GMTl1 From: "David J. Dachtera" <djesys.nospam@fsi.net> Y Subject: Re: put up or shut up (was: RE: AMD To Announce Microsoft Support For New Chip F ' Message-ID: <3CCB6613.4809B716@fsi.net>r   Bob Ceculski wrote:D > } > Doc.Cypher <Use-Author-Supplied-Address-Header@[127.1]> wrote in message news:<20020427065618.10491.qmail@gacracker.org>...O= > > On 26 Apr 2002, bob@instantwhip.com (Bob Ceculski) wrote:i > > 
 > > <snip> > >e > > >disclaimer:N > > >The opinions expressed by myself on this board do not necessarily reflectL > > >those of other self appointed vms experts on this board.  I am the onlyL > > >poster on this board who is totally clueless ... all other posters knowJ > > >all the future holds for vms, and should not be confused with myself. > >rL > > Look, it's not a board. It is a NEWSGROUP, or for some people, a mailing, > > list. Please get your terminology right. > >yM > > As to your comments about "other self appointed vms experts", well I findhN > > what they post far more plausible. Stating that Alpha will live in ItaniumO > > suggests that Itanium will either change to using the Alpha instruction set O > > or the EPIC core will be replaced with the RISC core from Alpha. Neither ofyK > > these seems likely to happen. What does seem likely is that some of thetH > > non-specific features from the Alpha processor will be grafted on toH > > Itanium. This will not make the damn thing an Alpha processor. Okay? > >r > > Doc. > H > well I say you are wrong ... I say for Intel to stay competitive, theyG > will have to drop the epic boat anchor ... are you saying there is noaJ > chance at all of this happening?  And the last time I checked, the firstH > ammendment was still in force ... or has communism already got to thisI > board?  Should I refer to you as heir doc and Bill Todd as heir genius?h   Um, Bob?  % Do you know anyone who speaks German?i  G I don't speak it myself, but the little I know includes this: "heir" istB an Angloid extraction, generally meaning one who stands to inheritG (whatever). The word you probably want is "herr", roughly equivalent tooD "mister", "sir", or perhaps "brother", depending upon the supporting
 context...  D ...to the best of my extremely limited knowledge. Perhaps one of theH German posters can offer a better explanantion, if they are so inclined.   -- t David J. Dachterat dba DJE Systemse http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/e   ------------------------------  % Date: Sat, 27 Apr 2002 14:32:20 -0400'' From: Glenn Everhart <Everhart@gce.com> " Subject: Re: Security question....' Message-ID: <3CCAEEB4.ED6B20BB@gce.com>a  K You can set things up so a system manager might not tracelessly mess with af logfile but it isn't easy.  N The attempt at a solution involves a security officer who is distinct from theL normal sys manager who installs a cryptodisk system which is set up not onlyL to encipher its contents (which it does only to protect the abstraction) butT to write only once to any block, and to prohibit overwrite, overfilling directories,R or delete. The security officer must set up the key management (done with a coupleN specialized drivers one of which only allows itself to run at startup) and the" logs must be kept on this thing...  0 It is hard to alter them without leaving traces.  N It is however still easier to move the logging to a separate box and just give# the admin no rights to that box....(   R One thing about log files: if enough is known about how they are made, it is oftenN possible to head the info off before the logging system sees it. For example IP believe mba3: is used for one of the system log processes in VMS. A kernel patchR that causes writes there to just report success writing all bytes, but do nothing,K could shut down traffic through there with no readily visible command for arM system that knows only the audit subsystem to understand. Once your attackerstQ start understanding enough to patch the kernel, it's game over for any "security"tL vendor who is not able to work in that space and understand attacks thereto.  K If your attacker has system privs, defending the kernel is quite difficult. J Best you can REASONABLY try to do is keep info from accidental disclosure.N An honest system manager can get curious, but if he knows some info should notO be touched and there's something in place to remind him if a wildcard operation:L ventures too far, he may stop. A truly determined system manager with enough: knowledge can undo anything you care to devise eventually.     David Froble wrote:e >  > Michael Austin wrote:h >  > > Vic Mendham wrote: > > @ > >>We're having a discussion at work about log file security...H > >>Can a user (system or root) manipulate a logfile without anyone ever" > >>knowing about it. If so how???H > >>I don't think so cause the revised date on the file would be changedF > >>and it should indicate the user who last accessed the file. If theI > >>file is open, you can't edit it or copy it as this is a file access (g > >>sharing ) violation. > >>H > >>Anyone have any thoughts on the matter. Our security guy is freaking
 > >>out... > >> > >sK > > First, if you can't trust a person with system or system privs like theeI > > system admin, dba and network admin, then you might as well power off)H > > the box and go home because that is the only security you will have. > >eJ > > Anyone with sufficient privs can get around everything except the file > > sharing violation. > M > I agree with your thoughts, but have to ask, are you SURE that with privs I-L > couldn't get around the file sharing violation?  Hint.  LOG_IO and PHY_IO. > 5 > > (I supposse you could come up with something thataL > > could.. but) if the file has acls to prevent all but a select few accessJ > > to those log files they can't even do that.  You can lock a VMS systemI > > down so tight that normal users can't even get to the files let alones > > try and change them. > >  > 	 > Agreed.  >  > Dave   ------------------------------  # Date: Sun, 28 Apr 2002 02:35:08 GMT 1 From: "David J. Dachtera" <djesys.nospam@fsi.net>a) Subject: Re: Suggestion: SET DEVICE/RESET ' Message-ID: <3CCB62B9.F3B45E09@fsi.net>    Stuart Fuller wrote: >  > David J. Dachtera wrote: >  > > JF Mezei wrote:u > >>I > >> Got caught with a TK70 tape that broke  where there is a hole in the J > >> magnetic tape about 2 feet from the leader. Of course, the TK70 drive > >> became confused.5 > >>I > >> I powered it off, removed the cassette and remaining tape inside theoH > >> unit, reset the tape "catcher" and powered the unit back on. It canJ > >> succesfully load and unlaod tapes. However, VMS still complains about > >> "medium is offline".r > >>K > >> I let it rest overnight, hoping it would timeout, but alas no. So I amR1 > >> having to reboot my master node to fix this.  > >>N > >> Shouldn't there be some sort of SET DEV/RESET that would send a signal toH > >> the driver/hardware to reset itself ? (perhaps followed by a SYSGEN- > >> AUTOCONFIGURE ALL to reload the device).. > >4I > > I recently discovered - these drives and their younger cousins (TZ88,nH > > etc.) do this to the HSJs, as well. Ya gotta delete them and add 'em7 > > back before youy can use 'em again after a failure.n > >p >  > No you don't.> >  > From the HSJ> prompt, do a:b >  >         HSJ> show device fulla > J > Find the device that's "misconfigured" or "not found at this PTL", then: > * >         HSJ> clear unknown <device-name> > J > Then, show the devices again to ensure that it's seen now.  If not, thenH > the device really is broken.  If it shows up again, you're good to go.  H Thanx, Stu! I'll pass that along to my partner at work (the senior guy).   -- s David J. Dachterai dba DJE Systemse http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/o   ------------------------------  , Date: Sat, 27 Apr 2002 23:27:26 +0200 (CEST): From: "Gotfryd Smolik, VMS lists" <gotfryd@stanpol.com.pl>+ Subject: Re: VMS 6.2 file ownership problemsJ Message-ID: <Pine.LNX.4.21.0204272316370.32232-100000@irys.stanpol.com.pl>  % On Sat, 27 Apr 2002, Bart Zorn wrote:=   >+David wrote:E >+> Is there a simple way [0] I can setup the security on a directory ? >+> so that files created in the directory are owned by whoever68 >+> created them rather than whoever owns the directory. >+> > >+> I want to do this mainly so the files don't get added onto, >+> to the the directory owner's disk quota. [...]-F >+Well, the solution may be simpler than you think! Revoke the SYSPRV J >+privilege from your users and grant them write access to the directory,  >+either by protection or ACL. >+H >+Only users with SYSPRV privilege can create files with an other owner I >+than their own! In this case the default is the situation you describe.p  ?  To be precise: "SYSPRV only" IMHO is not the best description.rB  Sure, meaning BYPASS is a malice :) but AFAIK the right to create> any owner UIC file depends of something like control access to the volume !B  I have no chance to check today, but I am sure that at least with? some previous version (of VMS) have check, that owner of volumeO> *can* create file with any owner UIC (and that *has* logic !),D and suspect that the C(ontrol) access may be the right need. Really,B with SYSPRV/BYPASS you always have C to volumes and the alghorithm) manifests *mostly* for the reason. But...i  A  With the description above we must also think about some "funny"t? setting, like hidden ACLs ! Be aware: when user has SYSPRV thenT0 he/she don't must bother about disk quotas... :)3  May be, some friend sets up a "engineering job" ;)c    Regards - Gotfryd   -- tE =====================================================================,F $ ON F$ERROR("LANGUAGE","ENGLISH","IN_MESSAGE").GT.F$ERROR("NORMAL") - 		THEN EXCUSE/OBJECT=MEl. $!                        GS@stanpol.zabrze.plE =====================================================================e   ------------------------------  % Date: Sun, 28 Apr 2002 06:48:16 +0930 / From: Mark Daniel <mark.daniel@wasd.vsm.com.au>O Subject: Re: web hosting/ Message-ID: <3CCB1598.730728DF@wasd.vsm.com.au>a   Paul Repacholi wrote:d > , > bob@instantwhip.com (Bob Ceculski) writes: > C > > depends what you want to do ... Apache is good, WASD don't knowi > 7 > WASD stands for Wide Area Survailance (sic) Division.     Wide Area Surveillance Division.  :F > of Defence Research Establishment, Salsbury. (or what ever they call > it this week!)  D Surveillance Systems Division (SSD) for the last couple of years :^)  t!   http://www.dsto.defence.gov.au/   2   http://www.dsto.defence.gov.au/dstoresearch.html  4   http://www.dsto.defence.gov.au/esrl/ssd/index.html  G (The last couple of links actually should be framed by the first and sou look a bit odd stand-alone.)  E I *think* the reorganisation due for July this year is still a goer. iG After that we'll be Intelligence, Surveillance, Reconnaissance Divisioni (ISR) if memory serves ;^)  E Much as we tend to poke fun at reorgs and name changing, I guess to a F certain extent it reflects a constantly shifting set of expertises and< emphases required in this area.  I sometimes think about theH state-of-the-art computing equipment available 14 years ago when I firstH joined the Division, where PDPs and a small number of VAXes were made toD do marvels by some clever people, then on to the commodity computingE available today, where processing is distributed out to farms of COTSeH systems over ubiquitous networking.  I have three quite powerful systemsG in my office alone!  It's an entirely different environment in which to4 approach things.  0 > Draw your own conclustions about its security.  G IMO, drawing any conclusion about WASD, in any respect, from it origins E could be misleading.  Just for starters, WASD is a 'personal' projectlG and so not subject to peer or normal task reviews, etc.  It's very muchSF "just hanging out there".  I pretty much do with it what I like.  DSTOE is a *research* organisation and as such lots of things are tried and H often "thrown-away".  Things found valuable become subject to the rigorsH of good engineering practice and project management in larger tasks, butD developments that find there way into operational systems often bearG little resemblance to what the boffins originally were "playing" with.  G In summary; WASD should not be considered as representative of anythingsE apart from my continued interest in VMS and the facilities it offers.l   *** PURE PERSONAL OPINION *** C These comments are my own;  I am not a media representative for themA Organisation or the Department, and do not represent any officialr& position in respect of these comments.   > --> > Paul Repacholi                               1 Crescent Rd.,9 > +61 (08) 9257-1001                           Kalamunda.lB >                                              West Australia 60760 > Raw, Cooked or Well-done, it's all half baked.H > EPIC, The Architecture of the future, always has been, always will be.   Great signature Paul.c   ------------------------------   End of INFO-VAX 2002.233 ************************