1 INFO-VAX	Mon, 29 Sep 2003	Volume 2003 : Issue 540       Contents:
 Re: <None> Re: AMD64 sales figures  Re: AMD64 sales figures  BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement  Re: BEA WebLogic and VMS  Re: DS10 vs. DS40 and HP support  Re: DS10 vs. DS40 and HP support0 Re: Elapsed time through the lex. func. f$getjpi@ Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)@ Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...) Re: How to uninstall?  Re: How to uninstall? 7 Re: HP to Linux users: "Go ahead.  I've got your back." 7 Re: HP to Linux users: "Go ahead.  I've got your back." 6 Re: HP to Linux users: "Go ahead. I've got your back."% Re: Info on Known VMS Exploits/Cracks % Re: Info on Known VMS Exploits/Cracks % Re: Info on Known VMS Exploits/Cracks ( Re: Linux is the favourite hacker target( Re: Linux is the favourite hacker target Re: Nice touch, AMD  Re: Nice touch, AMD ! OT: Talk about bad luck (Halifax) % Re: OT: Talk about bad luck (Halifax) % Re: OT: Talk about bad luck (Halifax) % Re: OT: Talk about bad luck (Halifax) D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?< Re: Question: In DCL Can One Check To See If A File Is Open?* Re: Read VMS Backup *.bck files in Windows Re: RSX.EXE under OpenVMS 7.3? Re: RSX.EXE under OpenVMS 7.3? Re: RSX.EXE under OpenVMS 7.3? Re: RSX.EXE under OpenVMS 7.3?0 Re: suggestion: TCPIP$SMTP_PERSONAL_NAME logical symbiont housekeeping ? ! Re: Talk about bad luck (Halifax)  Re: Translating COM jobs Re: Translating COM jobs7 Re: Unexplained DECwindows activity - security concern? 7 Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC 7 Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC 7 Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC 7 Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC < Re: VMS Cracked! [was: Linux is the favourite hacker target]= Re: VMS on a simh VAX simulator, how do I get TCP/IP to work? = Re: VMS on a simh VAX simulator, how do I get TCP/IP to work?  VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS system on the web 2 Re: VMS Technical Update seminar (the Netherlands)  F ----------------------------------------------------------------------  % Date: Mon, 29 Sep 2003 08:29:14 +0200 " From: Didier Morandi <no@spam.com> Subject: Re: <None> 4 Message-ID: <3f77d13b$0$10409$626a54ce@news.free.fr>  . http://help.vpi.net/netscapemail/html/fcc.html   :-)   ; (yeah, me too, I sometimes forget about good old google :-)    D.   Paul Sture wrote:   A > So, sick of aall the Swen spams, I thought of creating a NOSPAM * > account and using Netscape 3.03 to post. > F > I can read newsgroup messages fine, and can compse replies, but whenN > I hit the send button, Netscape comes up with "Netscape Error, Couldn't open > FCC file". > % > Anyone any idea WTF an FCC file is?    --  - Didier Morandi sarl au capital de 8 000 euros                      Tout VMS.   5 avenue Albert Durand, 31700 Blagnac France.   Tl: 33(0)5 6131 6287  Fax: 33(0)5 6171 3500&           http://www.didiermorandi.com$             RCS Toulouse 448 694 851   ------------------------------  % Date: Mon, 29 Sep 2003 09:52:55 +0100 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com>   Subject: Re: AMD64 sales figures0 Message-ID: <bl8rt7$8g9$1@new-usenet.uk.sun.com>   rob kas wrote:, >>OK - sorry. Must have missed that one 8^). >  > 9 >  Yes but you always respond with single word   "ECache"  > L >   Big Difference between Early IA64 machines and what should mature Stable > High End Sparcs. >  >   A Can you tell the difference between a batch process manufacturing & problem and a processor design fault ?       Regards  Andrew Harrison  >  >  >  >  >>--   >>Greg Cagle >>gregc at gregcagle dot com >> >  >  >    ------------------------------  % Date: Mon, 29 Sep 2003 09:55:28 +0100 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com>   Subject: Re: AMD64 sales figures0 Message-ID: <bl8s20$8g9$2@new-usenet.uk.sun.com>   Main, Kerry wrote: >>-----Original Message-----* >>From: Andrew Harrison SUNUK Consultancy 1 >>[mailto:Andrew_No.Harrison_No@nospamn.sun.com]  # >>Sent: September 26, 2003 12:11 PM  >>To: Info-VAX@Mvb.Saic.Com  >> >>Greg Cagle wrote:  >>+ >>>Andrew Harrison SUNUK Consultancy wrote:  >>>  >>>  >>> F >>>>IA64 high quality, tell that to the customers who Intel suggested ? >>>>should clock their 1000 GHz units at 800 MHz to avoid data   >>>  >>integrity  >>
 >>>>problems.  >>>  >>> ' >>>1) Do you have a reference for this?  >>> < >>>2) If I were you I wouldn't be bringing up data integrity >>>   problems.  >>% >>If I were you I wouldn't have asked  >>1 >>http://www.computerweekly.com/Article121736.htm  >>	 >>Regards  >>Andrew Harrison  >> >> >  > 1 > And if I were you, I'd remember the old phrase:  > "those in glass houses ..."  >   3 Kerry since you now work for HP ask one of your new : collegues about the HP K series, or the memory controllers
 in the N4000.   ? You will find that the glass house you are in has just enlarged  a bit.   Regards  Andrew Harrison    ------------------------------  % Date: Mon, 29 Sep 2003 10:03:18 -0500 ( From: brandon@dalsemi.com (John Brandon)& Subject: BACKUP Throughput measurement1 Message-ID: <03092910031819@dscis6-0.dalsemi.com>   K I have a backup application using the VMS BACKUP utility.  OK, it is just a J bunch of command files that use scripts to backup the disks.  No big deal.  M However, I have always wanted to measure the throughput of the BACKUP utility 3 and wanted to know if anyone is doing this and how.    At current, I do the following:    $!# $ starttime = f$cvtime(,"ABSOLUTE") 0 $ freeblocks = f$getdvi(bup_device,"FREEBLOCKS"), $ maxblock = f$getdvi(bup_device,"MAXBLOCK")$ $ usedblocks = maxblock - freeblocks $! $ backup ... $!! $ endtime = f$cvtime(,"ABSOLUTE")  $!  N I take the delta of start and end time and using the number of usedblocks I amL able to (roughly) calculate the throughput.  It may not be exact, however itG does provide me with a value with which I can make general esitmates of  throughput.   < Anyone else do something different?  Just kind of curious...     J*o*h*n B*r*a*n*d*o*n  VMS Systems Administrator * firstname.lastname.spam.me.not@dalsemi.com   ------------------------------  % Date: Mon, 29 Sep 2003 16:49:33 +0100 0 From: Chris Sharman <chris.sharman@sorry.nospam>* Subject: Re: BACKUP Throughput measurement4 Message-ID: <bl9kad$i42$1$8302bc10@news.demon.co.uk>   John Brandon wrote: M > I have a backup application using the VMS BACKUP utility.  OK, it is just a L > bunch of command files that use scripts to backup the disks.  No big deal. > O > However, I have always wanted to measure the throughput of the BACKUP utility 5 > and wanted to know if anyone is doing this and how.  > ! > At current, I do the following:  >  > $!% > $ starttime = f$cvtime(,"ABSOLUTE") 2 > $ freeblocks = f$getdvi(bup_device,"FREEBLOCKS"). > $ maxblock = f$getdvi(bup_device,"MAXBLOCK")& > $ usedblocks = maxblock - freeblocks > $! > $ backup ... > $!# > $ endtime = f$cvtime(,"ABSOLUTE")  > $! > P > I take the delta of start and end time and using the number of usedblocks I amN > able to (roughly) calculate the throughput.  It may not be exact, however itI > does provide me with a value with which I can make general esitmates of 
 > throughput.  > > > Anyone else do something different?  Just kind of curious...  > Doesn't take account of /nobackup files (dump,page,swap & any  site-specific).   A A count of io to the tape device, together with knowledge of the  A blocksize specified to backup, and the /verify setting, gives an  G apparently accurate figure for the (uncompressed) data written to tape.    Chris    ------------------------------  % Date: Mon, 29 Sep 2003 11:33:38 -0500 ( From: brandon@dalsemi.com (John Brandon)* Subject: Re: BACKUP Throughput measurement1 Message-ID: <03092911333883@dscis6-0.dalsemi.com>    Chris Sharman wrote:@ > Doesn't take account of /nobackup files (dump,page,swap & any  > site-specific).   J That is correct - and in a one or two disk environment you would have someO erroneous data however we have at least 40 drives and that helps to balance out  the no-data-backup.     C > A count of io to the tape device, together with knowledge of the  C > blocksize specified to backup, and the /verify setting, gives an  I > apparently accurate figure for the (uncompressed) data written to tape.   N Now I find this an attractive idea - however would not the I/O be misleading? O Would not the I/O include non-tape I/O?  I would believe that there is I/O from L disk?  How would one account for that?  I would assume division by two but IO know beter - not always that easy and I/O from disk is certainly different than  I/O to tape.    B What about the group size - that would also have a play on things.  J Then the block size - from scanning the openvms.org archives I find that a7 block size above 32K (aprox) has little or no impact...            J*o*h*n B*r*a*n*d*o*n  VMS Systems Administrator * firstname.lastname.spam.me.not@dalsemi.com   ------------------------------    Date: 29 Sep 2003 11:58:18 -0500 From: briggs@encompasserve.org* Subject: Re: BACKUP Throughput measurement3 Message-ID: <rhOTGWDYDsiF@eisner.encompasserve.org>   \ In article <03092911333883@dscis6-0.dalsemi.com>, brandon@dalsemi.com (John Brandon) writes: > Chris Sharman wrote:A >> Doesn't take account of /nobackup files (dump,page,swap & any   >> site-specific). > L > That is correct - and in a one or two disk environment you would have someQ > erroneous data however we have at least 40 drives and that helps to balance out  > the no-data-backup.    > D >> A count of io to the tape device, together with knowledge of the D >> blocksize specified to backup, and the /verify setting, gives an J >> apparently accurate figure for the (uncompressed) data written to tape. > P > Now I find this an attractive idea - however would not the I/O be misleading? Q > Would not the I/O include non-tape I/O?  I would believe that there is I/O from N > disk?  How would one account for that?  I would assume division by two but IQ > know beter - not always that easy and I/O from disk is certainly different than  > I/O to tape.    K You're not sampling process I/O counts.  You're sampling device I/O counts.     F$GETDVI ( "MKA0", "OPCNT" )    rather than     F$GETJPI ( "", "DIOCNT" )  H Hard to get disk I/O mixed in with the operation count on a tape device.   	John Briggs   ------------------------------  % Date: Mon, 29 Sep 2003 12:35:32 -0500 ( From: brandon@dalsemi.com (John Brandon)* Subject: Re: BACKUP Throughput measurement1 Message-ID: <03092912353234@dscis6-0.dalsemi.com>    John Briggs wrote:M > You're not sampling process I/O counts.  You're sampling device I/O counts.  >  >  F$GETDVI ( "MKA0", "OPCNT" )  > 
 > rather than  >  >  F$GETJPI ( "", "DIOCNT" ) > J > Hard to get disk I/O mixed in with the operation count on a tape device.  O Yeah, I was scratching my head on that one - missed the OPCNT.  Thanks.  I will  run some tests on this...z  3 But - how does that account for /GROUP or /BLOCK ?       J*o*h*n B*r*a*n*d*o*n  VMS Systems Administrator * firstname.lastname.spam.me.not@dalsemi.com   ------------------------------  % Date: Mon, 29 Sep 2003 14:02:12 +0200 ( From: "John Apps" <john.apps@compaq.com>! Subject: Re: BEA WebLogic and VMS , Message-ID: <3f78204a$1@usenet01.boi.hp.com>  I Please let me know how much detail you want via email and I'll reply with H what I have. Most of the customers using WebLogic on OpenVMS do not wishE that fact to be know to a wide audience, hence the request for email.    John   --  L This email is confidential and intended solely for the use of the individualL to whom it is addressed. Any views or opinions presented are solely those ofJ the author and do not necessarily represent those of Compaq Computer GmbH.H If you are not the intended recipient, be advised that you have receivedJ this email in error and that any use, dissemination, forwarding, printing,0 or copying of this email is strictly prohibited.  5 "John Brandon" <brandon@dalsemi.com> wrote in message + news:03092315035563@dscis6-0.dalsemi.com...  > John Smith wrote:  > > John Brandon wrote: D > > > Anyone out there running BEA WebLogic on VMS V7.2?  (or V7.3?) > > > I > > > Looking for some blood and guts information on BEA WebLogic besides  > > > the posted sales pitch.  > > I > > I'm looking at the same combo.....if I find anything out I'll let you  know.  > 	 > Thanks.  > H > My conversations with BEA have produced very little - though they seem willing > > to work with us on license package and configuration issues. >  >  >  >  > J*o*h*n B*r*a*n*d*o*n  > VMS Systems Administrator , > firstname.lastname.spam.me.not@dalsemi.com   ------------------------------  % Date: Mon, 29 Sep 2003 10:21:59 +0100 * From: Nic Clews <sendspamhere@[127.0.0.1]>) Subject: Re: DS10 vs. DS40 and HP support ' Message-ID: <bl8th7$nek$1@lore.csc.com>    Homer Simpson wrote: > J > I agree, getting a good refurbished DAT drive was *very* challenging.  IF > came to the conclusion that they usually just can't be refurbed.  WeN > sometimes had to run a cleaning tape through the replacement unit 6 times inG > order for it to start working.  If it took more than 6 times, we just # > re-ordered and red-tagged it DOA.  > J > DLT is a much better way to go.  I don't remember ever getting a DOA DLTN > drive.  They have a much longer duty cycle too.  I steer everybody away fromJ > DAT.  They are not ready for prime time.  They will cause you more grief, > than the higher price of a DLT ever would.  D I've used DAT in its audio form, and found drives to be problematic.F Generally if mastering from a live performance you'd have a minimum ofC two DAT machines running, because in practice the likelihood of one  failing is quite high.  F Also, you worked pretty quickly to transfer to another digital medium.A You could put the tape in a drive, and the tape could be rendered  useless by a bad drive.   ( I'd never trust archive data to a DAT...  C DAT is 4 mm, very thin base for a helical scan drive. 8mm figures a H little better for reliability but lost favour (others experiences of 8mm may differ!)  H I think Quantum had a campaign starting "For DIS use DAT..." which was aG reference to the music industry of the time, and it compared data rates % for DLT to helical scan technologies.   E DAT is OK for data transfer and a backup process where if the current C tape fails you're OK recovering from an earlier copy, and you don't  intend any long-term recovery.   --  ? Regards, Nic Clews a.k.a. Mr. CP Charges, CSC Computer Sciences  nclews at csc dot com    ------------------------------  % Date: Mon, 29 Sep 2003 10:23:19 -0700 ' From: David Mathog <mathog@caltech.edu> ) Subject: Re: DS10 vs. DS40 and HP support 8 Message-ID: <20030929102319.5919a0e2.mathog@caltech.edu>  " On Sat, 27 Sep 2003 17:01:09 -0500) Rich Jordan <duodec@speakeasy.net> wrote:   G > If you are referring to my post (bashing) I would like to state that  D > once I actually got a person (not in India, apparently) they were  > helpful.    A Basically service in general sucks for most companies and it just 3 sucks a little less for some companies than others.   9 We went through a month where our Adelphia cable modem at ? home would only connect intermittently.  Days and days and days 9 with no service.  The on line technicians had no hardware 8 level tools to let them trace a fault back from the main8 machines to my cable modem.  All they could do was check: the DHCP logs, which showed no connections (duh!). Finally4 they sent out a repair person who ran diagnostics on8 the modem, and the line - of course during a period when4 we were actually able to connect - technicians never7 come during a failure when the failure is intermittent. ? He said the modem was fine, but the signal was "a little high", ' so he put a 9db attenuator in the line.   / Afterwards we were never able to connect again.   B Giving up on that particular set of turkeys we closed the account,A called up SBC, and ordered DSL. They provided 3 phone numbers, in B addition to the one where the order was placed.  10 days go by, noF DSL hardware arrives.  Call one of the 3 lines. Wander around in phone2 hell a while.  Snarl slightly at the message that I I should use their online web site to check the status of my order - just D a little hard to do when you're at home and have no network access. D Finally reached an operator who said there was some sort of a recordB present but that she couldn't open it and that it was time to call the order folks.   Back to square one and...   @ First try, operator 1 transfers me to a problem resolution site,A that operator says hello, and then the connection breaks when the  first operator hangs up.  I Second try,  operator 2 tells me I'm being transferred to the same place,  and puts me on permahold.   L Third try,  operator 3 tells me their computers are down, and have been downG for over a day, and she can't see or do anything.  She tries restarting H her software and rebooting her machine but still cannot connect.  She isJ kind enough to inform me that since she can't do anything it's likely thatA nobody else can either.  And then, miracle of miracles, she takes J down my name and number and promises to call when the systems come back up/ on Monday.  We'll see today how that turns out.   H And you know what the first thing the operators all say at SBC when they answer the phone?   4   How can we provide excellent service to you today?   Regards,   David Mathog mathog@caltech.edu> Manager, Sequence Analysis Facility, Biology Division, Caltech   ------------------------------  + Date: Mon, 29 Sep 2003 14:15:20 +0000 (UTC) , From: lewis@PROBE.mitre.org (Keith A. Lewis)9 Subject: Re: Elapsed time through the lex. func. f$getjpi . Message-ID: <bl9epo$9dj$1@newslocal.mitre.org>   "David J. Dachtera" <djesys.nospam@fsi.net> writes in article <3F74E850.B6C4DA36@fsi.net> dated Fri, 26 Sep 2003 20:30:56 -0500:C >This will work as long as the actual "Connect time" doesn't exceed 
 >23:59:59.99:   & ..and the process is home by midnight.  9 >$ start = f$cvtime( f$getjpi( 0, "LOGINTIM" ),, "time" )  >$ now = f$cvtime( ,, "time" ). >$ et = f$cvtime( "''now'-''start'",, "time" ) >$ write sys$output et  + --Keith Lewis              klewis$mitre.org > The above may not (yet) represent the opinions of my employer.   ------------------------------   Date: 29 Sep 2003 09:00:40 GMT< From: gartmann@non.immunbio.mpg.de.sens (Christoph Gartmann)I Subject: Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...) 0 Message-ID: <bl8sbo$76d$1@n.ruf.uni-freiburg.de>  W In article <vneq85k9t5cm83@news.supernews.com>, "John Vottero" <John@mvpsi.com> writes: M >How is my ISP going to count the e-mails that I send?  They don't go through L >the ISP's SMTP server.  The ISP only sees raw packets.  Good luck trying to+ >turn packets into a count of e-mails sent.   J As I stated, it is manageable. It is sufficient to get an estimate number.  > >How are you going to prevent spoofing the sending IP address?  J No need for that. From the ISPs point of view, it simply needs to count orK observe the packets that come via your interface or channel or whatever you L call it. The sender's IP address is simply not relevant. The only thing thatN counts is that it is a packet dedicated to port 25 and coming to your ISP fromM your site. The ISP will have to make sure that it counts each connection only  once.   K >> >> Again, I suggest that only large network carriers are required to pay  >the >> >fee. >> >A >> >Large network carriers don't send e-mail, they route packets.  >>M >> Of course, but with my approach they'll have to look at the packets. It is  >notJ >> much that I require, only packets to port 25 from outside their network >have to8 >> be considered and only the first few in a connection. >> > ? >How do they know which ones are the first few in a connection?   F Shouldn't be that difficult. A typical firewall does this already. The& algorithm should be easy to implement.   Regards,    Christoph Gartmann    --  E  Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452   ImmunbiologieI  Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de   D-79011  Freiburg, Germany 9                http://www.immunbio.mpg.de/home/menue.html    ------------------------------  % Date: Mon, 29 Sep 2003 10:53:46 -0400 % From: "John Vottero" <John@mvpsi.com> I Subject: Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...) / Message-ID: <vnghrrpkropqff@news.supernews.com>   I "Christoph Gartmann" <gartmann@non.immunbio.mpg.de.sens> wrote in message * news:bl8sbo$76d$1@n.ruf.uni-freiburg.de...@ > In article <vneq85k9t5cm83@news.supernews.com>, "John Vottero" <John@mvpsi.com> writes:G > >How is my ISP going to count the e-mails that I send?  They don't go  through K > >the ISP's SMTP server.  The ISP only sees raw packets.  Good luck trying  to- > >turn packets into a count of e-mails sent.  > L > As I stated, it is manageable. It is sufficient to get an estimate number. > @ > >How are you going to prevent spoofing the sending IP address? > L > No need for that. From the ISPs point of view, it simply needs to count orI > observe the packets that come via your interface or channel or whatever  you I > call it. The sender's IP address is simply not relevant. The only thing  thatK > counts is that it is a packet dedicated to port 25 and coming to your ISP  fromJ > your site. The ISP will have to make sure that it counts each connection only > once.  >   I So, if I want to annoy someone, I just connect to their web server with a I source port of 25 and when their web server responds, the packets will be E counted against their e-mail bill because the destination port is 25.    ------------------------------  % Date: Mon, 29 Sep 2003 11:53:49 -0400 & From: David M Smith <dsmit115@csc.com> Subject: Re: How to uninstall?8 Message-ID: <palgnv033qu06iobqeu1mh6j3u1s8ldeo7@4ax.com>  B On 26 Sep 2003 18:42 CDT, carl@gerg.tamu.edu (Carl Perkins) wrote:  G >Note that VMSINSTAL does create an xxx.VMI_DATA file in the SYS$UPDATE ' >directory which tells you what it did.  >  >This info could be helpfull.   L Carl, note that this is an Alpha-only feature of VMSINSTAL, and the original& poster is asking about a VAX system...I ------------------------------------------------------------------------- I David M. Smith 302.391.8533                       dsmit115 at csc dot com I Computer Sciences Corporation     (Opinions are those of the writer only) I -------------------------------------------------------------------------    ------------------------------    Date: 29 Sep 2003 11:27:34 -0500- From: Kilgallen@SpamCop.net (Larry Kilgallen)  Subject: Re: How to uninstall?3 Message-ID: <04XKJ+5I4aqs@eisner.encompasserve.org>   a In article <palgnv033qu06iobqeu1mh6j3u1s8ldeo7@4ax.com>, David M Smith <dsmit115@csc.com> writes: D > On 26 Sep 2003 18:42 CDT, carl@gerg.tamu.edu (Carl Perkins) wrote: > H >>Note that VMSINSTAL does create an xxx.VMI_DATA file in the SYS$UPDATE( >>directory which tells you what it did. >> >>This info could be helpfull. > N > Carl, note that this is an Alpha-only feature of VMSINSTAL, and the original( > poster is asking about a VAX system...  > Did the original poster also specify an older version of VMS ?  = VMI_DATA is referenced in VMSINSTAL on VAX/VMS V7.3, which is  the current release.   ------------------------------    Date: 29 Sep 2003 07:48:51 -0500B From: clubley@remove_me.eisner.decus.org-Earth.UFP (Simon Clubley)@ Subject: Re: HP to Linux users: "Go ahead.  I've got your back."3 Message-ID: <UEUioLumg82f@eisner.encompasserve.org>    In article <bl12gi$i7v$1@new-usenet.uk.sun.com>, Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes: > Simon Clubley wrote: >>  L >> The other position is that the SCO license offered Sun a way to finance aM >> campaign against Linux without Sun having to get directly involved in that  >> campaign. >>   >  > Ok.  > A > So who is the largest contributor to the OpenSource community ?  > > > It isn't HP, it isn't despite all the noise IBM its Sun by a > rather wide margin.  > B > So Sun's corporate policy is to release our a huge raft of IP toC > the OpenSource community that totally dwarfs any other commercial  > contributor. > A > Java, OpenOffice, Grid, Chillsoft, CubicSpline, chunks of Gnome . > IP for Apache, OpenSLL, NFS, LinCat etc etc. > B > The fact that no one is suing us for doing this is just an added > bonus. > A > Take one donation Java without it most of the x86/linux servers 2 > in investment banking would have nothing to run. > B > At the same time we have developed a desktop environment working@ > with SuSE which relies on Linux as the OS if its hosted on x86 > which it mostly will be. > ? > And you think that despite all this we are actively trying to  > kill OpenSource/Linux !!!! >   J I am not going to get into a long detailed point by point debate with you;H experience of watching others go down this road has shown that this is aH pointless exercise and does not change any opinions, so I will just make these observations:   J Isn't it just possible that Sun has done it's Open Source work, not out ofI the goodness of it's heart, but because it's trying hard to find a way to K appear relevant in a world that considers Linux, and not Solaris/Sun, to be  the cool fashionable thing ?  E Isn't it also possible that if there was damage to Linux's image then H people could start coming back to Sun, especially if Sun were not blamed# as the company that damaged Linux ?   M In other words, isn't it all about Sun trying to find a strategy that ensures , that Sun remains relevant to today's world ?  F [The image I have is one half of Sun saying we must remain relevant byF embracing the open source ideals, the other half saying we must remain relevant by attacking Linux...]    Simon.   --  B Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP       P SCO: Proudly pushing Microsoft down to #2 on the list of most disliked companies   ------------------------------  % Date: Mon, 29 Sep 2003 17:01:04 +0100 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> @ Subject: Re: HP to Linux users: "Go ahead.  I've got your back."0 Message-ID: <bl9l01$hm2$1@new-usenet.uk.sun.com>   Simon Clubley wrote: > In article <bl12gi$i7v$1@new-usenet.uk.sun.com>, Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes: >  >>Simon Clubley wrote: >>L >>>The other position is that the SCO license offered Sun a way to finance aM >>>campaign against Linux without Sun having to get directly involved in that  >>>campaign. >>>  >> >>Ok.  >>A >>So who is the largest contributor to the OpenSource community ?  >>> >>It isn't HP, it isn't despite all the noise IBM its Sun by a >>rather wide margin.  >>B >>So Sun's corporate policy is to release our a huge raft of IP toC >>the OpenSource community that totally dwarfs any other commercial  >>contributor. >>A >>Java, OpenOffice, Grid, Chillsoft, CubicSpline, chunks of Gnome . >>IP for Apache, OpenSLL, NFS, LinCat etc etc. >>B >>The fact that no one is suing us for doing this is just an added >>bonus. >>A >>Take one donation Java without it most of the x86/linux servers 2 >>in investment banking would have nothing to run. >>B >>At the same time we have developed a desktop environment working@ >>with SuSE which relies on Linux as the OS if its hosted on x86 >>which it mostly will be. >>? >>And you think that despite all this we are actively trying to  >>kill OpenSource/Linux !!!! >> >  > L > I am not going to get into a long detailed point by point debate with you;J > experience of watching others go down this road has shown that this is aJ > pointless exercise and does not change any opinions, so I will just make > these observations:  > L > Isn't it just possible that Sun has done it's Open Source work, not out ofK > the goodness of it's heart, but because it's trying hard to find a way to M > appear relevant in a world that considers Linux, and not Solaris/Sun, to be  > the cool fashionable thing ? >   > Of course its possible, however a big chunk of Sun's donations; pre-date the current Linux fashion which suggests that your = hypothesis doesn't hold water. Either that or Sun forcast the ? Linux fashion and thought that we should start establishing our  relevance as early as possible.   G > Isn't it also possible that if there was damage to Linux's image then J > people could start coming back to Sun, especially if Sun were not blamed% > as the company that damaged Linux ?  >     O > In other words, isn't it all about Sun trying to find a strategy that ensures . > that Sun remains relevant to today's world ? >   / Isn't that the struggle that all vendors have ? H > [The image I have is one half of Sun saying we must remain relevant byH > embracing the open source ideals, the other half saying we must remain! > relevant by attacking Linux...]  >   F You make it sound as if Sun only recently embraced OpenSource. This isD a distortion Sun has a long history of supporting OpenSource we gave= NFS away years ago and have followed it many other donations.   ? The argument only really works if you can show that Sun saw the ? Linux bandwagon developing and reacted by offering up IP to the ? OpenSource community. In fact Sun has been pretty consistent in @ its support for OpenSource and Open Standards a key element that* makes many OpenSource programmes possible.   regards  Andrew Harrison    ------------------------------  % Date: Mon, 29 Sep 2003 10:22:41 +0100 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> ? Subject: Re: HP to Linux users: "Go ahead. I've got your back." 0 Message-ID: <bl8tl1$956$1@new-usenet.uk.sun.com>   John Santos wrote:? > On Fri, 26 Sep 2003, Andrew Harrison SUNUK Consultancy wrote:  >  >  >>Simon Clubley wrote:   >>+ >>If you want a sub 30K 4 CPU server ditto.  >  > F > Why would they care one iota about how many CPU's it has?  Shouldn'tB > people be concerned with price and performance, whether it's one > CPU or a hundred?  >   " Do you really think that, how odd.  @ Utilisation is one of the biggest issues facing IT organisations? when we started replacing all the HP's at my current engagement A the average utilisation for their datacenter HP servers was ~10%. A This is lower than a lot of IT shops, with 15-20% being closer to 	 the norm.   @ So price is important, footprint is important, performance isn't@ unless you don't have enough to meet the throughput requirements for you peak load.  < We are rolling out 120 V240's for a supply chain applicationD the alternative were HP DL380 2 CPU Wintel Servers. The ISV providedH a spec for the HW platform for SPARC/Solaris and x86/Windows using their? capacity planning throughput tests. They ended up with the same > number of systems SPARC or x86, the customer chose Sun because0 over 3 years we were way cheaper than the DL380.  @ The hardware is pretty much the same price but you get stung forC ~6K over 3 years for Windows plus support, Solaris is included with  the Sun.   Regards  Andrew Harrison    ------------------------------    Date: 29 Sep 2003 08:27:18 -0500 From: briggs@encompasserve.org. Subject: Re: Info on Known VMS Exploits/Cracks3 Message-ID: <F4$QUUYaCq$g@eisner.encompasserve.org>   V In article <3F7633EB.710A4078@istop.com>, JF Mezei <jfmezei.spamnot@istop.com> writes: > Andy Bustamante wrote: >>  O >> Do you have more than one network card?  If so check that no one has enabled2O >> IP forwarding, allowing your system to act as a router between different LAN  >> segments. > L > If that were the case, would a "netstat" or a "tcpip show dev" provide anyN > indication of connections that are being routed by that VMS node but did not( > originate nor terminate on that node ?   No, they would not..  H Packet forwarding does not require the maintenance of any per-connectionD data structures on intermediate routers.  There would be nothing for) "netstat" or "tcpip show dev" to look at.i   	John Briggs   ------------------------------    Date: 29 Sep 2003 07:23:29 -0700' From: jnez367@yahoo.com (Jerry Nezlick)d. Subject: Re: Info on Known VMS Exploits/Cracks= Message-ID: <4f27336e.0309290623.25b9a918@posting.google.com>a  [ JF Mezei <jfmezei.spamnot@istop.com> wrote in message news:<3F7633EB.710A4078@istop.com>...i > Andy Bustamante wrote: > > P > > Do you have more than one network card?  If so check that no one has enabledP > > IP forwarding, allowing your system to act as a router between different LAN
 > > segments.x > L > If that were the case, would a "netstat" or a "tcpip show dev" provide anyN > indication of connections that are being routed by that VMS node but did not( > originate nor terminate on that node ?  E Most of the outgoing connections are to addresses in Asia.  Found two C more today.  I know client ports are usually ramdomly assigned, but B the client port is usually 51225 for my server.  I have scanned myE server with a port scanner, but I do not find anything unusual open.  D It seems like something is poping these connections open and closing them.e  E We use Multinet.  I have looked at the open sockets and the processes.< that own them.  I do not see anything that I cannot explain.  E I guess I will have to watch this for the next few weeks and see if ap patern develops.   Thanks for the suggestions.r    E Sep 27 23:01:02 X.X.X.X 12199: *Mar 10 07:02:40: %SEC-6-IPACCESSLOGP:t@ list 130 denied tcp X.X.X.X(51225) -> 218.22.13.49(80), 1 packet  E Sep 29 08:19:58 X.X.X.X 13461: *Mar 11 16:21:33: %SEC-6-IPACCESSLOGP:RC list 130 denied tcp X.X.X.X(51225) -> 219.139.240.170(80), 1 packeta    3 OrgName:    Asia Pacific Network Information Centre  OrgID:      APNICx Address:    PO Box 2131t City:       Milton StateProv:  QLDo PostalCode: 4064 Country:    AU  ' ReferralServer: whois://whois.apnic.nete  ' NetRange:   218.0.0.0 - 218.255.255.255e CIDR:       218.0.0.0/8e NetName:    APNIC4 NetHandle:  NET-218-0-0-0-1    ------------------------------    Date: 29 Sep 2003 10:49:37 -0500 From: briggs@encompasserve.org. Subject: Re: Info on Known VMS Exploits/Cracks3 Message-ID: <Py84TSjN1uQD@eisner.encompasserve.org>   g In article <4f27336e.0309290623.25b9a918@posting.google.com>, jnez367@yahoo.com (Jerry Nezlick) writes:-] > JF Mezei <jfmezei.spamnot@istop.com> wrote in message news:<3F7633EB.710A4078@istop.com>.... >> Andy Bustamante wrote:  >> > -Q >> > Do you have more than one network card?  If so check that no one has enabledmQ >> > IP forwarding, allowing your system to act as a router between different LAN  >> > segments. >> oM >> If that were the case, would a "netstat" or a "tcpip show dev" provide anycO >> indication of connections that are being routed by that VMS node but did not ) >> originate nor terminate on that node ?h > G > Most of the outgoing connections are to addresses in Asia.  Found twoiE > more today.  I know client ports are usually ramdomly assigned, butiD > the client port is usually 51225 for my server.  I have scanned myG > server with a port scanner, but I do not find anything unusual open. 3F > It seems like something is poping these connections open and closing > them.4 > G > We use Multinet.  I have looked at the open sockets and the processes5> > that own them.  I do not see anything that I cannot explain. > G > I guess I will have to watch this for the next few weeks and see if a8 > patern develops. >  > Thanks for the suggestions.K >  > G > Sep 27 23:01:02 X.X.X.X 12199: *Mar 10 07:02:40: %SEC-6-IPACCESSLOGP:iB > list 130 denied tcp X.X.X.X(51225) -> 218.22.13.49(80), 1 packet > G > Sep 29 08:19:58 X.X.X.X 13461: *Mar 11 16:21:33: %SEC-6-IPACCESSLOGP:oE > list 130 denied tcp X.X.X.X(51225) -> 219.139.240.170(80), 1 packetn  C If you deny the traffic with a Cisco router ACL, you'll have a hard H time seing the connection on the VMS box.  This is especially true sinceC Cisco's respond to denied traffic with an ICMP unreachable datagram D with a code of "administratively prohibited" (ICMP type 3, code 13)., That tends to shut down the connection fast.  @ I just tested this.  Yep.  The connection dies so fast you never see it in the connection table.g  E My firewall just drops the offending traffic on the floor.  If you'reaE quick enough (a minute or so), you can catch the connection before itoA times out of the TCP "SYN_SENT" state.  Here's a test I did usinga% port 23456 (my firewall blocks that).   ) $ multi show /conn=(all,pid) /out=xyz.datt $ sea xyz.dat "23456 00025531       0     0  ALPHA.TST.TRACOR.COM(2879)                      208.19.133.18(23456)                           SYN_SENT>  * PID 00025531 -- That's the guy who did it.  = I do not know how to configure IOS to silently drop offendingy6 traffic rather than doing the default drop-and-notify.  O You might try a "deny icmp host <router-ip> any administratively-prohibited" asn; an entry in the output filter on the returnbound interface.m   	John Briggs   ------------------------------  % Date: Mon, 29 Sep 2003 10:59:59 +0100 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> 1 Subject: Re: Linux is the favourite hacker targete0 Message-ID: <bl8vr0$9ol$1@new-usenet.uk.sun.com>  * Alan Winston - SSRL Admin Cmptg Mgr wrote:w > In article <Pine.GSO.4.58-035.0309261128550.2751@unix2.andrew.cmu.edu>, Lord Isildur <isildur@andrew.cmu.edu> writes:a > A >>>why don't you apologize for being such a dope yourself and nota= >>>reading your own postings because the cert you posted justsB >>>validated my claims ... "ACCESS VIOLATION" ... and that is goodA >>>that that particular process died because I will take that anyh? >>>day instead of thing allowing you in and do what you want in C >>>the system ... that is called SECURITY Andrew, of course you and D >>>all the other brain dead unix/linux/windoze users are conditioned? >>>to reboots and the patch of the day club bit so you wouldn't=  >>>understand the concept ... :) >>>. >>F >>One of the things which has never ceased to impress me about so manyB >>VMS people is how closely they resemble micro$oft users in theirG >>vitriolic attitude toward _anything_ else. I have watched through theeF >>90s as VMS slowly disappeared, and at almost every turn in the road,H >>where VMS people might have found an ally in the un*x community (sinceJ >>by and large, un*x is not like most VMS people imagine it to be, and theG >>things VMS people tend to boast about endlessly are pretty common and0H >>expected in the un*x world as well), instead of taking the opportunityI >>to be friendly with the un*x people and join efforts, so to speak, theynE >>almost invariably visit the most arrogant, usually misinformed, and C >>affrontive flames at the very people who _do_ know and appreciatefC >>what theyre talking about, as opposed to the legions of microsofteL >>weenies (and nowadays often linux weenies too) who have no clue and reallyK >>_could_ use some education about what a real computing environment is andeK >>what to demand of it. I've been impressed with how well the VMS communitysC >>has done at alienating themselves completely from the rest of theiG >>community of people who use and demand 'real computers' over the past.% >>decade that I've been on the scene.L >  > K > Bob Ceculski's a bad example of this, since his endless cheerleading has eL > succeeded in alienating him from a significant number of VMS _supporters_, > at least here on comp.os.vms.  > J > On the other hand, he's arguing with a guy from Sun who generally arguesJ > about revenue, market share, profit forecasts, etc, and who hasn't - as L > far as I know - ever adequately explained why he's even on this newsgroup.H > (Not that it isn't his absolute right as a netizen to be here, but it 
 > seems odd.)u  G Actually I have explained on a number of occasions, Rob Young started a(D Sun FUDfest on this newsgroup a few years ago which turned out to be complete BS.  F No one likes to see people concocting arrant BS about the company theyE work for (even if as Rob suggests this was just a cut and paste error1( on his part) and I was bound to respond.  D When I did I also discovered a group with a prevailing attitude that/ previous posters points describe only too well.n  G So I have stayed and its rather like walking with dinsoaurs some of thev time.a   Regards  Andrew Harrisont   ------------------------------  % Date: Mon, 29 Sep 2003 08:23:04 -0700p1 From: Greg Cagle <news@*removethis*gregcagle.com>s1 Subject: Re: Linux is the favourite hacker targeti/ Message-ID: <vngjira5djp34f@corp.supernews.com>n  ( Andrew Harrison SUNUK Consultancy wrote:  I > So I have stayed and its rather like walking with dinsoaurs some of thel > time.   H Pretty funny - of course you don't see yourself as one of the dinosaurs, do you? 8^)a   -- f
 Greg Cagle gregc at gregcagle dot com   ------------------------------  % Date: Mon, 29 Sep 2003 10:52:07 +0100fO From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com>a Subject: Re: Nice touch, AMD0 Message-ID: <bl8vc7$9mr$1@new-usenet.uk.sun.com>   Rick Jones wrote: R > Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> wrote: > E >>I may be missing a point here but most 32 bit OS's support multiple D >>32 bit apps each using ~4GB RAM but with total available memory of >> >>>4GB.c >> > E >>Linux x86, Solaris x86, multiple variants of Windows, Dynix FreeBSDD >>etc all support this.e >  > C >>Older 32 bit versions of RISC/UNIX OE's also do the same, Solariso >>2.x, AIX, HP-UX 10 etc.  >  > B > I'm afraid that at least some of your understanding is in error. >    Humm  3 http://docs.hp.com/hpux/pdf/A2375-90003.pdf page 37o  ? Suggests that HP-UX 10.xx when running on the HP K Series couldw address up to 8 GB of RAM.  > Sun's running Solaris 2.5/2.6 etc could address up to 64 GB of5 RAM but a single process could only address ~3.75 GB.l   Regards  Andrew HarrisoneH > While it is indeed the case that HP-PA (aka PA-RISC) has been "64-bit"G > from the beginning in 1986 or 1987 (I forget when FCS happened to be,tF > it was slightly before my HP time) (PA 1.0 having a segmented 64-bitC > virtual address space consisting of a 32-bit spaceid and a 32-bitIA > offset, the upper two bits of the offset selecting the space-iddG > register from which was determined the correct spaceid) the HP-UX 10 sC > operating system did not make use of the feature to the extent itn8 > would enable using more than 4GB of RAM in the system. > H > Only "64-bit" versions of the HP-UX kernel would make use of more thanG > 4GB or RAM in a system. The first of those was HP-UX 11, FCS NovembervD > 1997.  I do know that MPE/iX, (MPE/XL) make extensive use of "longG > pointers" or what it called globalanyptr's, but I do not know if theyjF > had support in their "32-bit" kernel for using more than 4GB of RAM.G > I'm sure that the curious and motivated could ask in comp.sys.hp.mpe./ > D > I also do not know when in their history the PA-RISC CPUs had moreH > than 32-bits of physical addressing, but do know that to have happenedB > by the time of the 'PA-8000' (PCX-U, the first "PA 2.0" CPU withD > 64-bit offsets) CPU which I believed shipped somewhere around late > 1994 or so, perhaps 1995.s > C > I suspect that some searching the web with google would find more ) > about the history of PA-RISC and HP-UX.i > D > I'll have to leave it to others to validate/correct the assertionsH > about "32-bit" AIX and Solaris SPARC kernels.  My (possibly incorrect)F > understanding until this time at least was that the only place where9 > "32-bit" kernels did > 4GB of RAM was in the x86 space.m >  > rick jones   ------------------------------  % Date: Mon, 29 Sep 2003 08:21:41 -0700W1 From: Greg Cagle <news@*removethis*gregcagle.com>w Subject: Re: Nice touch, AMD/ Message-ID: <vngjga6msrtke3@corp.supernews.com>i  ( Andrew Harrison SUNUK Consultancy wrote:     > Humm > 5 > http://docs.hp.com/hpux/pdf/A2375-90003.pdf page 37e > A > Suggests that HP-UX 10.xx when running on the HP K Series could  > address up to 8 GB of RAM.  A Wrong. The document only says that the *hardware* can address 8G.e( Says nothing about the operating system.   -- m
 Greg Cagle gregc at gregcagle dot com   ------------------------------  % Date: Mon, 29 Sep 2003 01:59:45 -0400.* From: JF Mezei <jfmezei.spamnot@istop.com>* Subject: OT: Talk about bad luck (Halifax)) Message-ID: <3F77CA24.B9D6A207@istop.com>o  N Halifax Canada, well north of the tropics, has just been hit with a category 1K hurricane. While this is not a big deal for areas build in hurricane zones,lM when a densely populated city which hasn't had such a storm in half a centuryI& gets hit, a lot of damage is possible.  M It is still early to get full report of the damage (this area is not built ton> widthstand such a storm). However, there is one big sad story:  L There is at least one fatality. A tree fell onto an ambulance just as it was2 pulling in near the hospital. Talk about bad luck.  M Environment Canada had to vacate their offices on the 16th floor of an office L building for a while, at at that point, "control" was handed over to anotherN weather office in Fredericton NB. I was listening to radio when the staff wereL allowed to go back to their  Environment Canada offices. They seemed to haveI generators because the staff were right back into their terminals pullingnE information out to give to the media. One rep was able to pull "live"tK information from one of the boueys some 120 nautical miles south of HalifaxrN which was clocking winds of 145km/h and waves of 13 metres. (40 feet).  Pretty7 amazing that they would retain links to those sensors. y  K The lesson ? Even cities that seem to be quite safe in terms of weather cantL get some severe weather at times. And those cities may be the least preparedA and thus the most vulnerable to damage when such a storm happens.b  G While hurricanes in the USA tend to just skirt the coast and are rarelyuL destructive over a large area, the cyclones that hit Australia can be prettyK nasty (I lived through a cat 4) and the typhoons that hit asian cities willrF also cause major flooding over wide areas. This means that in terms ofL disaster recovery, one may really need the distance of a few hundred km that VMS is capable of.  I Oh, if you have vehicles that may be used in an emergency, best to keep aeM fresh can of fuel because in cases of widespread power failures, you won't beuG able to refuel a vehicle since gas/petrol stations won't be functional.    ------------------------------   Date: 29 Sep 2003 12:20:12 GMT, From: bill@gw5.cs.uofs.edu (Bill Gunshannon). Subject: Re: OT: Talk about bad luck (Halifax)9 Message-ID: <bl981r$9fbsf$1@ID-135708.news.uni-berlin.de>l  ) In article <3F77CA24.B9D6A207@istop.com>,m- 	JF Mezei <jfmezei.spamnot@istop.com> writes:r > I > While hurricanes in the USA tend to just skirt the coast and are rarely-! > destructive over a large area,    F Say what????  This last huricane passed up through western PA and OhioG before crossing into Canada.  Many places waited till this past weekendtJ to finally get their power and telephones back.  The flood that devestatedI the area I live in (NEPA, but about 200 mles from the nearest shore) backlC in 1972 was also caused by a hurricane (Agnes) that passed through.    bill   -- yJ Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolvesD bill@cs.scranton.edu     |  and a sheep voting on what's for dinner. University of Scranton   |A Scranton, Pennsylvania   |         #include <std.disclaimer.h>   e   ------------------------------    Date: 29 Sep 2003 08:00:17 -0500; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)a. Subject: Re: OT: Talk about bad luck (Halifax)3 Message-ID: <f0vEkGzKECfg@eisner.encompasserve.org>e  V In article <3F77CA24.B9D6A207@istop.com>, JF Mezei <jfmezei.spamnot@istop.com> writes:P > Halifax Canada, well north of the tropics, has just been hit with a category 1M > hurricane. While this is not a big deal for areas build in hurricane zones,eO > when a densely populated city which hasn't had such a storm in half a century ( > gets hit, a lot of damage is possible.  A    Having just been through Isabel, we have some feeling for whatlG    they're going through.  Our part of the USA isn't exactly accustomed     to hurricanes, either.r   ------------------------------  # Date: Mon, 29 Sep 2003 13:52:54 GMTo" From:   VAXman-  @SendSpamHere.ORG. Subject: Re: OT: Talk about bad luck (Halifax)0 Message-ID: <00A269F7.EF1B6FBB@SendSpamHere.ORG>  q In article <f0vEkGzKECfg@eisner.encompasserve.org>, koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes:nW >In article <3F77CA24.B9D6A207@istop.com>, JF Mezei <jfmezei.spamnot@istop.com> writes: Q >> Halifax Canada, well north of the tropics, has just been hit with a category 1.N >> hurricane. While this is not a big deal for areas build in hurricane zones,P >> when a densely populated city which hasn't had such a storm in half a century) >> gets hit, a lot of damage is possible.y >oB >   Having just been through Isabel, we have some feeling for whatH >   they're going through.  Our part of the USA isn't exactly accustomed >   to hurricanes, either.  L In 1985 I lived in a beach front apt. on the New Jersey shore (Long Branch).J In September of that year was Gloria.  Gloria skirted right up the eastern8 seaboard and plowed into the western end of Long Island.  K I was standing on the boardwalk with several friends watching surf like I'doK never seen before.  I was holding on the heavy steel pipe hand-rails of theMI boardwalk when one of my friends noted that if we jumped, the winds would J hold us aloft like a waving flag (85-100mph).  This same wind bent street L signs (stop signs, etc.) almost down to the sidewalks.  Gloria was teeteringJ between a Cat 2 and Cat 1 hurricane at that point.  I lived for close to aK week without power or telephone.  I also couldn't drive anywhere because of J a huge fallen oak tree blocking the apt parking lot's access way which ranJ between two buildings.  Fortunately, both the oven and stove were natural I gas and I kept the freezer/fridge food cold with dry ice.  Burned lots of3 candles too!  K Unless you've actually experienced the power of one of these things, it is tJ not easy to imagine.  Fortunately, for me anyway, Isabel took a route wellL inland of me.  Lots of strong winds here but, as storms go, I've experienced worse Noreasters in the area.t   --  L VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)COM             5   "Well my son, life is like a beanstalk, isn't it?" r   ------------------------------  % Date: Mon, 29 Sep 2003 10:36:42 +0200e+ From: "Rik Steenwinkel" <rsteenw@xs4all.nl>nM Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?R: Message-ID: <Ysd2q9KROUC1-pn2-jf7go4YcqfWe@news.xs4all.nl>  F On Thu, 25 Sep 2003 18:41:38 UTC, JF Mezei <jfmezei.spamnot@istop.com> wrote:  O } Yes, there is need to be concerned with NAT.  The sending server doesn't knowhM } what its real IP is, and thus is unable in the SMTP discussions to tell therD } receiving SMTP server "call me back at nn.nn.nn.nn on port xxxxx".  F You, as the receiver, explicitely _don't_ want the sender to tell you > his IP. You resolve the sender's domain yourself, and ask the ! designated MX for the message-ID.    -- e> // Rik Steenwinkel  #  VMS mercenary  #  Enschede, Netherlands // 1024D/CDBAE5C1    ------------------------------  + Date: Sun, 28 Sep 2003 11:23:28 +0000 (UTC)i From: david20@alpha2.mdx.ac.ukM Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?S) Message-ID: <bl6gbg$948$1@news.mdx.ac.uk>e  W In article <3F738C38.6050807@tsoft-inc.com>, David Froble <davef@tsoft-inc.com> writes:e >Bob Ceculski wrote: >uy >> usenet_vms@lehrerfamily.com (Joshua Lehrer) wrote in message news:<477e0934.0309230702.2874cf3b@posting.google.com>...u >> h^ >>>JF Mezei <jfmezei.spamnot@istop.com> wrote in message news:<3F6FDA1B.359A6B91@istop.com>... >>>tQ >>>>Another issue is that of viruses. It would be best to simply educate everyone R >>>>to simply avoid anything microsoft. But if that won't happen, there isn't muchF >>>>to be done to prevent viri since microsoft is such an easy target. >>>> >>>eD >>>Not a solution.  Most OS'es have holes.  The virus writers targetI >>>whatever the mainstream OS is because that is how they get the highest F >>>infection rate.  If we all switched over to Apple instead, then theA >>>virus writers would target MacOS and poke holes all over that.  >>>  >>>This isn't MSFT's fault./ >>>m >>>-josh >>>- >> -I >> yes it is Micro$ofts fault!  Instead of trying to steal mica code theyhE >> should have bought vms and threw out dos and ran windows on top ofoF >> VMS ... now there would have been a platform ... VMS has few if anyI >> holes to poke ... 25 years have proven that and defcon9 reinforced it!e >> e >gM >If VMS sources were given to some hackers who were instructed to put in the wO >fancy stuff, not to worry about securuty, and paid only for what was desired, g- >the result would be the same as MS is today.g > R >It's not the OS, it's the concept.  VMS gets bought for lots of reasons, but the P >fancy MS auto-execution of stuff that makes their systems seem so great to the M >casual user isn't one of them.  I'd suggest you compare VMS sales to windoz g8 >sales and then determine what the casual user will buy. >oI >Why should MS spend any resources on security?  Why should MS spend any  O >resources on quality?  Why should MS spend any resources on anything but what .P >the majority of purchasers will buy?  My only surprise is that they aren't the > >leading anti-virus vendor.  They missed an opportunity there. >   : Would anyone trust an anti-virus solution from Microsoft ?  
 David Webb VMS and Unix team leader CCSS Middlesex University         >Daven >t >-- 5 >David Froble                       Tel: 724-529-0450r5 >Dave Froble Enterprises, Inc.      Fax: 724-529-0596i? >DFE Ultralights, Inc.              E-Mail: davef@tsoft-inc.com- >170 Grimplin Road >Vanderbilt, PA  15486 >    ------------------------------  + Date: Sun, 28 Sep 2003 17:47:15 +0000 (UTC)  From: david20@alpha2.mdx.ac.ukM Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?u) Message-ID: <bl76r3$ge3$1@news.mdx.ac.uk>S  T In article <3F74CF7F.9D265CA@pacbell.net>, Don Sykes <anonymous@pacbell.net> writes: >  >d  >david20@alpha2.mdx.ac.uk wrote: >>  Z >> In article <vn5s22g2nrds0e@news.supernews.com>, "John Vottero" <John@mvpsi.com> writes:/ >> ><david20@alpha2.mdx.ac.uk> wrote in message-' >> >news:bkuhsq$dk3$1@news.mdx.ac.uk...-; >> >> In article <3F71D664.D92AAC37@pacbell.net>, Don Sykes # >> ><anonymous@pacbell.net> writes:S >> >> >o& >> >> >david20@alpha2.mdx.ac.uk wrote: >> >> >>> >> >> >> In article <3F70934A.3C36DD45@pacbell.net>, Don Sykes# >> ><anonymous@pacbell.net> writes:-
 >> >> >> > >> >> > O >> The 10 address is a private address hence must use NAT to contact systems onc >> the public internet.  >> g >DI >I don't think your seeing this correctly. Which tells me I'll need to bee >clearer in the next update. dB >This protocol is designed to be used between domain Email ServiceE >Providers (ESPs), which must be resolveable thru a DNS lookup, whichc0 >IIRC MUST be a staic IP or range of static IPs. >t   Obviously not.    J You need to be a lot more clear. As far as I am concerned their are upto 43 parties involved in sending and receiving an email.l   1) Client sending system   2) Client's ISP's mailhubg   3) Receiver's ISP's mailhube  $ 4) Receiver's mailbox holding system    I (I am ignoring the fact that within organisations there may well be other-J mailhubs through which a mail message may pass between 1 and 2 or between 	 3 and 4).r  + With current protocols mail may transverse R  H 1 -> 2 -> 3 -> 4    (mail passes between organisations central mailhubs)   or  M 1 -> 3 -> 4         (1st organisation doesn't have central mailhub or doesn'td3                      force mail to pass through it)@   or  H 1 -> 2 -> 4         (2nd organisation does not have a central mailhub or9                      doesn't force mail to go through it)a     or  J 1 -> 4              (Neither organisation has a central mailhub or neither3                      force mail to go through them)u          R >> So in the real world you have a client on a small home network connecting to an/ >> ISP using dynamic NAT with port overloading.c >> aR >> 10.11.12.1  is the clients real address and it opens a connection from its portP >> 32100 this is mapped to  21.22.5.20 port 7521  on the public side of his homeS >> NAT/firewall. (21.22.5.20 is the single public address given out to this user byt >> his ISP). >> tQ >> This connection connects to the IPS's receiver on 21.22.0.10 (10 rather than 0n0 >> to make it a valid address) for your phase 1. >>  S >> Negotiation proceeds as you describe on your link and the receiver sends back tolI >> say it will contact the sender on port 1398. Then the link is dropped.e >> f# >> 10.11.12.1 listens on port 1398.  >> bQ >> Receiver (21.22.0.10) attempts to open connection to  21.22.5.20 on port 1398.eH >> Attempt fails. There is  either no entry in the NAT mapping table forQ >> 21.22.5.20 port 1398  or if there is it would be accidental and might point atw6 >> another machine or port on the user's home network. >> The connection is dropped.a >> hO >> With dynamic NAT with port overloading (which is the most common form of NAToP >> used on home networks where the home user has multiple machines hiding behindQ >> one external address) there is no preservation of port numbers - unless a portbM >> number has been placed in the NAT mapping table by an internally initiatedmO >> connection to an external machine having been made or by the user explicitlySM >> setting up a manual mapping then an externally initiated connection cannot' >> be made to it.t >>   >> Your system falls apart.e > G >Only if you're not the registered owner of the domain you're trying toh >implement this on. H >Basically, if you can run your own SMTP service (ie direct inbound portI >25 connections to find their way to port 25 on a specific computer), youi >can also run this.rI >As I said in a previous response, this is an implementation issue, whichd1 >will be resolved differently by different users.  >-  H I misread your protocol specification. I was assuming that the receiver K randomly generated the port number and communicated that back to the senderuK before closing the connection. Instead you have the sender picking the portbN number. That makes it simpler for the spammer to send to multiple systems theyJ can always specify the same port which they will listen on for the phase 2 connections.  P The other thing I don't understand is why you think closing down the connection / stops the spammer impersonating another system. L (Though at the moment I doubt any spammer really impersonates another systemH anyway - they try to obfurscate received lines but I seriously doubt anyN actually spoof ip addresses - why should they when they can get a free account$ from tons of ISPs no question asked)  G For a fee based system you would have to be 100% certain of the sendersoE identity. Your protocol is based on the IP address this is inherently  unreliable..  
 For instance n  4 client connects to his ISP and gets address  a.b.c.d  J Client uses public domain tool like dsniff to poison the local routers arpE cache so that packets to and from a.b.c.e are directed to his system.t  * Client then sends mail as if from a.b.c.e       M All responses, opening of new connections to a.b.c.e etc go to the machine ata a.b.c.dp  G As far as proving identity of users sending mail there do already existOM protocols which could do this - unfortunately they suffer from the problem ofs# not being implemented by everybody.t  K 1) SMTP AUTH and SASL provide for authentication between the sender and thenJ    ISP's central mailhub. Note this is based on the user sending the mail /    message NOT on the IP address of the client.n   2) SMTP over SSL/TSL.oO    This primarily provides for encryption between mail systems. However as a bytN    product the certificates involved provide for mutual authentication between    central mail servers.    tM But as stated above as long as ISPs give out free accounts without requiring iL proof of the identity of the person who is going to use that account then noN amount of technical identification of the IP address or user account used will, have any effect on the amount of spam sent.     
 David Webb VMS and Unix team leader CCSS Middlesex University         >--  >t >Have VMS, Will Travel >Wire paladin, San Francisco >  >(paladinATalphaseDOTcom)s   ------------------------------  % Date: Mon, 29 Sep 2003 12:15:16 +0200s+ From: "Rik Steenwinkel" <rsteenw@xs4all.nl>rM Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ? : Message-ID: <Ysd2q9KROUC1-pn2-GYX3nYN6KCoF@news.xs4all.nl>  / On Sat, 27 Sep 2003 22:08:14 UTC, Pussy Galore  " <P.Galore@pussy_galore.com> wrote:   } Don Sykes wrote:I } > facet of the FBEM protocol. If the receiver decides for ANY reason itmI } > doesn't want to deal with the incoming request, it doesn't have to doe. } > anything and the message dies on the vine. } L } And with current SMTP specifications, if the received doesn't want to dealP } with the incoming request, it can simply send the appropriate error message atP } a RCPT TO, DATA or after the end of the DATA phase and the message dies on the } vine as well.i  F Not every recipient has sufficient control over their assigned MTA to  be able to implement that.  F And often the recipient has way insufficient info to decide whether to; accept or reject the message before entring the DATA phase..   -- a> // Rik Steenwinkel  #  VMS mercenary  #  Enschede, Netherlands // 1024D/CDBAE5C11   ------------------------------  % Date: Mon, 29 Sep 2003 12:41:44 +0200_+ From: "Rik Steenwinkel" <rsteenw@xs4all.nl>xM Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?u: Message-ID: <Ysd2q9KROUC1-pn2-tn8Iv2d2WoN9@news.xs4all.nl>  A On Tue, 23 Sep 2003 13:49:54 UTC, david20@alpha1.mdx.ac.uk wrote::  J } How will you enforce this. To work it has to be applied worldwide to allN } "ISPs" (or at least a majority - since I suppose you would refuse to receive% } mail from those who don't sign up).oK } However until a majority have signed up it pays for an ISP NOT TO charge.tM } They will get more customers if they don't charge and their competitor downc } the road does charge.r }  eN } Also until all systems are charging you will be causing chaos since you will? } have destroyed any hope of consistent reliable mail delivery.   D Leaving the mail fees issue for a moment, Don's mail protocol still D has merit without it. As said, it allows the recipient much greater D control whether to accept (rather: collect) a message or not. Also, F the meta-message gives a From: someone@sender.domain , so your MUA or D MTA then resolves sender.domain and requests its MX to hand out the F actual message associated with the Message-ID in the meta-message. So F then, even if a spammer puts a plausible-looking From: and Subject: inA the meta-message (based on which you decide to accept), the mail d? servers in the From: domain won't have the message the spammer rE intended to send you, and will probably not even have a message with   matching Message-ID at all.    -- -> // Rik Steenwinkel  #  VMS mercenary  #  Enschede, Netherlands // 1024D/CDBAE5C1s   ------------------------------  # Date: Mon, 29 Sep 2003 12:39:52 GMT$3 From: hammond@not@peek.ssr.hp.com (Charlie Hammond)FE Subject: Re: Question: In DCL Can One Check To See If A File Is Open?:1 Message-ID: <sKVdb.5851$7B7.677@news.cpqcorp.net>r  k In article <TJJcb.4437$%G1.1314@newsfep4-winn.server.ntli.net>, Antonio Carlini <arcarlini@iee.org> writes:s >Charlie Hammond wrote:nE >> HOWEVER, Note well that the comment line documents what that value F >> in $STATUS represents.  It can be "wonderful" to work with somebodyH >> else's old that checks values in $STATUS _without_ any indicatin what( >> the values are supposed to represent. >aA >A judicious SET MESSAGE and F$MESSAGE would "comment" it just ass= >well wouldn't it? Or am I just being pedantic in my old age?   A At run time, if the error occured, but not of much use to someone- reading the code.-     -- eJ       Charlie Hammond -- Hewlett-Packard Company -- Ft Lauderdale  FL  USAF           (hammond@not@peek.ssr.hp.com -- remove "@not" when replying)J       All opinions expressed are my own and not necessarily my employer's.   ------------------------------  # Date: Mon, 29 Sep 2003 14:20:07 GMT + From: "David Pikcilingis" <dcpik@bosbc.com>e3 Subject: Re: Read VMS Backup *.bck files in Windows > Message-ID: <rcXdb.371264$2x.113230@rwcrnsc52.ops.asp.att.net>  H Boston Business Computing produces and sells OpenVMS emulation tools for
 UNIX systems.o  I We have a product, Vbackup, which will read and write OpenVMS BACKUP save  sets on most UNIX platforms.2 More information regarding options can be found at www.bosbc.com/vbackup.html  L Boston Business Computing also produces EDT+, a complete VMS EDT for WindowsJ and UNIX to reduce frustration when moving from OpenVMS or when working in< an environment with a number of different operating systems.   Regards,   David Pikcilingis  Boston Business Computingo
 www.bosbc.coma  / "Dave" <mullins_david@bah.com> wrote in messagee7 news:d4436197.0309261006.31b0f757@posting.google.com... G > We have a large number of VMS Backup tapes that contain VMS savesets.tG > We no longer have a VMS system or access to one but we still have thefF > tape reader. Thanks to some software from Novasoft we have been ableE > to transfer the *.bck files from those tapes to our Windows system.1D > Now we are looking for a way to read those saveset and recover theH > files from the archives. Is there a windows application out there thatA > can read those files and make them available to a windows user?n >nE > We are primarily a windows shop but we have access to Linux and Sun @ > boxes if necessary, though that would certainly complicate theH > process. But as I said earlier the files are already on a Windows 2000G > system and we would like to keep them inside our windows environment.  > 	 > Thanks,- > Dave   ------------------------------  % Date: Mon, 29 Sep 2003 08:52:15 +0100o) From: Antonio Carlini <arcarlini@iee.org>/' Subject: Re: RSX.EXE under OpenVMS 7.3?e? Message-ID: <KwRdb.2400$QH3.1908@newsfep4-winn.server.ntli.net>s   Howard Shubs wrote:61 > In article <nMJdb.455718$Oz4.260388@rwcrnsc54>,f& >  "JamesG" <jglando@yahoo.net> wrote:M >>    Need to run some old college prog's written on a PDP-11 under RSX-11M+.>H >>OpenVMS 7.3 (off Hobbyist CD) doesn't seem to have it. Any pointers to8 >>where/how I can get this work would be great.. Thanks,  G > I expect you'll need hardware which can do compatability mode, too.   ; > That's any VAX-11 and a few of the more recent ones IIRC.>  = The last VAX to incorporate compatibility mode was, IIRC, the < VAX 8600 (and VAX 8650) from the mid 1980s. I'm not sure I'd: count that as recent! From about the same time period, the; RSX emulation software became a layered product (whose namer: escapes me) but I don't think it needs compatibility mode.  8 The easiest thing to do would be to try this using SIMH.   Antonioo   -- n   --   ---------------3- Antonio Carlini             arcarlini@iee.orgn   ------------------------------  % Date: Mon, 29 Sep 2003 08:03:12 -0400t% From: Howard Shubs <howard@shubs.net> ' Subject: Re: RSX.EXE under OpenVMS 7.3?t< Message-ID: <howard-EB850C.08031229092003@enews.newsguy.com>  ? In article <KwRdb.2400$QH3.1908@newsfep4-winn.server.ntli.net>,s+  Antonio Carlini <arcarlini@iee.org> wrote:1   > Howard Shubs wrote:0  I > > I expect you'll need hardware which can do compatability mode, too.  .= > > That's any VAX-11 and a few of the more recent ones IIRC.a > ? > The last VAX to incorporate compatibility mode was, IIRC, the1> > VAX 8600 (and VAX 8650) from the mid 1980s. I'm not sure I'd > count that as recent!,  F True.  However, they were more recent than any VAX-11, which is all I G said.  After all, is ANY VAX recent at this point?  IIRC, they ran out a of new VAXen around 1998.d    < > escapes me) but I don't think it needs compatibility mode.  F How can it support instructions which the VAX doesn't actually have?  C RSX.EXE, as I understand it, is OS support, not hardware emulation.    -- wD You are what you eat, therefore, I'm a vegetable!  Cows and chickens and Pop Tarts are too.   ------------------------------    Date: 29 Sep 2003 07:58:08 -0500; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)l' Subject: Re: RSX.EXE under OpenVMS 7.3?l3 Message-ID: <sEHGv6iVYxkz@eisner.encompasserve.org>   d In article <howard-10CBAD.22141028092003@enews.newsguy.com>, Howard Shubs <howard@shubs.net> writes:1 > In article <nMJdb.455718$Oz4.260388@rwcrnsc54>,o& >  "JamesG" <jglando@yahoo.net> wrote: > N >>     Need to run some old college prog's written on a PDP-11 under RSX-11M+.I >> OpenVMS 7.3 (off Hobbyist CD) doesn't seem to have it. Any pointers top9 >> where/how I can get this work would be great.. Thanks,b > G > I expect you'll need hardware which can do compatability mode, too.  o; > That's any VAX-11 and a few of the more recent ones IIRC.o  F    I think he's looking for the AME.  Originally this was bundled intoI    VMS and utilized the compatability mode instruction set.  Later it wasoG    both unbundled and had an emulator built in so it would run on VAxen4;    that didn't have the compatability mode instruction set.r  H    Is the AME still offered as a layered product?  Does it run on Alpha,H    will it run on IA64?  According to the Wizard, it's a Mentec product.(    Mentec's web site hasn't heard of it.  B    Nowdays, getting a simulator like simh running a copy of RSX isG    probably a less daunting task, or maybe scarf up a cheap PDP-11 off oD    eBay.  Mentec is also the place to look for RSX licensing issues.   ------------------------------    Date: 29 Sep 2003 07:13:02 -0700$ From: gspamtackett@yahoo.com (Galen)' Subject: Re: RSX.EXE under OpenVMS 7.3?u= Message-ID: <bdc65a53.0309290613.276b9824@posting.google.com>   B Mentec (www.mentec-inc.com) sells VAX-11 RSX, the old RSX emulatorF from the early days of VMS on the VAX. It should run on just about anyD VAX or MicroVAX platform, even without hardware PDP-11 compatibilityC mode. Mentec bought RSX-11 and related products from DEC some yearse back.   C I don't know anything about Mentec's prices (or anything else aboute the company, for that matter).    Y "JamesG" <jglando@yahoo.net> wrote in message news:<nMJdb.455718$Oz4.260388@rwcrnsc54>... 	 > Hi all,c > M >     Need to run some old college prog's written on a PDP-11 under RSX-11M+.yH > OpenVMS 7.3 (off Hobbyist CD) doesn't seem to have it. Any pointers to8 > where/how I can get this work would be great.. Thanks, > 
 > - Jim L.   ------------------------------   Date: 29 Sep 2003 09:25:34 GMT) From: Tony Arnold <tony.arnold@man.ac.uk> 9 Subject: Re: suggestion: TCPIP$SMTP_PERSONAL_NAME logical 9 Message-ID: <bl8tqe$99t71$1@ID-207001.news.uni-berlin.de>s  Q Phillip Helbig---remove CLOTHES to reply <helbig@astro.multiclothesvax.de> wrote: K > One can use the TCPIP$SMTP_FROM logical to specify the From: header of a aE > message.  It would be nice to have a similar functionality for the  I > personal name.  While it is true that one can change the personal-name  F > setting from within VMS MAIL and not the name of the sender, such a E > logical would still be useful since it could change the value on a iA > process (or job) basis while leaving the "default" value to be  % > determined by the VMS MAIL setting.   : Have you tried setting the FROM logical to be of the form   ) "Phillip Helbig <username@mydomain.org>"?n  F This is the full syntax of the from field and might do what you need?    Just a thought.t   Tony.i -- hF Tony Arnold, Deputy to the Head of COS Division, Manchester Computing,: University of Manchester, Oxford Road, Manchester M13 9PL.F T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039E E-mail: tony.arnold@man.ac.uk, Home: http://www.man.ac.uk/Tony.ArnoldB   ------------------------------  % Date: Mon, 29 Sep 2003 15:59:49 +0100 0 From: Chris Sharman <chris.sharman@sorry.nospam>  Subject: symbiont housekeeping ?+ Message-ID: <3F7848E5.8080200@sorry.nospam>   2 We seem to have a lot of symbionts hanging around.B We believe they're mostly lpd symbionts, possibly not dying after 
 stop/q/reset.aD We had to reboot today, because they'd filled all the available pcb  slots (after 9 months).3   tcpip 5.1 eco 3, vms 7.3.<  F Can you confirm where these symbionts come from, and suggest a way of + distinguishing & killing off the dead ones.s   Thanks,m Chrisn   ------------------------------  # Date: Mon, 29 Sep 2003 13:51:01 GMTe# From: "John Smith" <a@nonymous.com> * Subject: Re: Talk about bad luck (Halifax)D Message-ID: <9NWdb.1875$lKj.98@news04.bloor.is.net.cable.rogers.com>   JF Mezei wrote:tE > Halifax Canada, well north of the tropics, has just been hit with aeG > category 1 hurricane. While this is not a big deal for areas build inoF > hurricane zones, when a densely populated city which hasn't had suchB > a storm in half a century gets hit, a lot of damage is possible. >HF > It is still early to get full report of the damage (this area is notB > built to widthstand such a storm). However, there is one big sad > story: >2G > There is at least one fatality. A tree fell onto an ambulance just as4; > it was pulling in near the hospital. Talk about bad luck.W >oE > Environment Canada had to vacate their offices on the 16th floor ofrA > an office building for a while, at at that point, "control" wasU@ > handed over to another weather office in Fredericton NB. I wasD > listening to radio when the staff were allowed to go back to theirD > Environment Canada offices. They seemed to have generators becauseD > the staff were right back into their terminals pulling informationG > out to give to the media. One rep was able to pull "live" informationoG > from one of the boueys some 120 nautical miles south of Halifax whichdB > was clocking winds of 145km/h and waves of 13 metres. (40 feet).? > Pretty amazing that they would retain links to those sensors.w >sA > The lesson ? Even cities that seem to be quite safe in terms oftG > weather can get some severe weather at times. And those cities may be G > the least prepared and thus the most vulnerable to damage when such a  > storm happens. >tB > While hurricanes in the USA tend to just skirt the coast and areG > rarely destructive over a large area, the cyclones that hit AustraliaoE > can be pretty nasty (I lived through a cat 4) and the typhoons thatwG > hit asian cities will also cause major flooding over wide areas. ThiswC > means that in terms of disaster recovery, one may really need them6 > distance of a few hundred km that VMS is capable of. >lD > Oh, if you have vehicles that may be used in an emergency, best to? > keep a fresh can of fuel because in cases of widespread poweruB > failures, you won't be able to refuel a vehicle since gas/petrol > stations won't be functional.e    I I'll ignore the sweeping generalization about whether hurricanes cause or I don't cause damage in non-costal areas of the USA (clearly they do),  the 9 point I believe JF is making is about disaster tolerance.m  F Which is something HP ought to be doing with prospective *new* VMS and' existing VMS customers. But they don't.d    	 <soapbox> F Forgive me for saying so, but every so often a comment/observation  isL posted here which makes eminent sense even if it is poorly communicated (ie.L disaster tolerance issues and whatnot). Yet many times we (collectively) areI quick to snipe at some inconsistency in the message rather than embracingx the heart of the message.s  K But to some extent I can understand that too. Most here are reasonably wellrJ aware of DT issues, and by now also realize that getting HP to do ANYTHINGL substantive in the way of advertising, marketing, or promoting VMS is a lostD cause. So we ignore the opportunity to take a run at our HP reps and1 contacts to pressure them to do said advertising.x  G Day after day and instance after instance, there are golden examples ofrB where VMS disaster tolerance and security can be leveraged into an7 advertising and marketing bonanza -- but it isn't done.e  J I just wonder how Marcello, Gorham, and all above them in the HP heirarchyL can look at themselves while shaving (faces or legs) each day and think that they are doing a good job.
 </soapbox>   ------------------------------  % Date: Mon, 29 Sep 2003 09:24:44 +0100h* From: Nic Clews <sendspamhere@[127.0.0.1]>! Subject: Re: Translating COM jobsb' Message-ID: <bl8q5t$m83$1@lore.csc.com>s  	 pt wrote:nH >      I'm working on a COM job parser, trying to pick out the logicals,$ > executables and included com jobs. > = > My question is what patterns should in look for in COM jobst > C > like for example f$logical("XXXX") translates to the logical XXXX: > G > Im quite new to Openvms any help would be appriciated in tackling thew > issue. > @ > Is there any tool which will speed up the process, i.e help me; > identify the logicals, executables and included com jobs.l  # Depends what you mean by a COM job.n  5 Do you mean COM as in COMputable (OpenVMS job state)?r  D Be aware this is a transient state, and when you come to inspect the process, it may not be COM...   F Or do you mean COM "services", yet another hole in Microsoft security?  B Some background on what you're trying to achieve would be helpful.   --  ? Regards, Nic Clews a.k.a. Mr. CP Charges, CSC Computer Sciences  nclews at csc dot comh   ------------------------------    Date: 29 Sep 2003 10:22:25 -0500 From: briggs@encompasserve.org! Subject: Re: Translating COM jobss3 Message-ID: <+ZYTcUgsO+pS@eisner.encompasserve.org>   T In article <bl8q5t$m83$1@lore.csc.com>, Nic Clews <sendspamhere@[127.0.0.1]> writes: > pt wrote: I >>      I'm working on a COM job parser, trying to pick out the logicals,p% >> executables and included com jobs.e >>  > >> My question is what patterns should in look for in COM jobs >> tD >> like for example f$logical("XXXX") translates to the logical XXXX >> 4H >> Im quite new to Openvms any help would be appriciated in tackling the	 >> issue.r >> TA >> Is there any tool which will speed up the process, i.e help met< >> identify the logicals, executables and included com jobs. > % > Depends what you mean by a COM job.a > 7 > Do you mean COM as in COMputable (OpenVMS job state)?s > F > Be aware this is a transient state, and when you come to inspect the > process, it may not be COM...u > H > Or do you mean COM "services", yet another hole in Microsoft security? > D > Some background on what you're trying to achieve would be helpful.  A It sounds to me as if he's trying to do some static analysis workb' on DCL command procedures (.COM files).0   What logicals does it use? What logicals does it set?+ What other command procedures does it call?t What executables does it run?r   A daunting challenge.r  
 For the OP...    Logical name translation:i  9 	F$TR[NLNM] ( string-expression-to-be-translated [,...] )n3 	F$LOG[ICAL] ( string-expression-to-be-translated )t   Logical name creation:   	$ DEF[INE] logical-name value! 	$ AS[SIGN] value logical-name[:]n   Global symbol creation:f  + 	$ symbol :== literal-text  OR  quoted-textc 	$ symbol == expressione   Local symbol creation:  * 	$ symbol := literal-text  OR  quoted-text 	$ symbol = expression   Sub-procedure invocation:.  % 	$ @some-other-procedure [parameters]    Program execution:   	$ R[UN] programnameA 	$ MCR programname 	! Default directory for program is SYS$SYSTEMe 	$ foreign-command 	$ user-defined-command9 but not  	$ alias-symbolr and note 	$ predefined-commands  A Recognition of foreign commands and defined commands is somewhereaF between difficult and impossible with simple one-file static analysis.  ? A foreign command is set up by defining a symbol and then usingwC that symbol as the first token on a subsequent line.  For instance:t  F 	$ myprog = "$mydisk:[mydir]someprog.exe"   ! The $ is required syntax 	$ ... 	$ myprog xyz.dat   C A defined command is set up by either putting that command into thee? predefined command interpreter tables or by adding that commandt+ to those tables at run time.  For instance:r  & 	$ set command my_private_commands.cld 	$ ... 	$ myprog xyz.data  I An alias symbol is set up by defining a symbol and then using that symbola7 as the first token on a subsequent line.  For instance:d   	$ wso = "WRITE SYS$OUTPUT"T 	$ ... 	$ wso "Hello, world!"  ? A defined alias symbol or foreign command trumps a user definedGD command.  And a user defined command trumps a built in or predefined command.  ; Just to complicate matters, symbols can be wildcarded.  For 	 instance:z  A 	$ DIR*ECTORY = "WRITE SYS$OUTPUT ""Directory command disabled"""t 	$ DIRE XYZ.DATb 	Directory command disabled>  ? That symbol definition will match "DIR", "DIRE", "DIRECT", etc.n1 It will not match "DI", "DIREXXX" or "DIRECTORYY"s   	John Briggs   ------------------------------    Date: 29 Sep 2003 04:38:48 -0700. From: martinkirby12@yahoo.co.uk (Martin Kirby)@ Subject: Re: Unexplained DECwindows activity - security concern?< Message-ID: <224291b.0309290338.2a0f9bb9@posting.google.com>   Mike,    DTSCREEN is the screen-saver.   ? It should have been a detached process and not a sub-process ofa DECW$CLOCK.r  > There is a known race condition, to be addressed in DECwindowsD V1.3-1, which can cause DTSCREEN to be left unseen in the backgroundE and in a loop where it keeps getting X error messages. These messagesaE go to a mailbox which DTSESSION then writes to the DECW$SM.LOG which dF fills up - this explains the disk activity. You would have had to lookH at the DTSESSION process to see the DIO activity. The loop explains the  CPU and BIO activity.   B The race condition is to do with unlocking the display at the sameB time as a new instance of DTSCREEN is started - by having only oneE screen-saver or setting the time per display as long (zero might alsoh; work although I haven't tried it) the risks can be reduced.g  % Killing the looping DTSCREEN is safe.w  @ This is unrelated to the DECwindows security MUP - which I would recommend everyone applies.    Martin Kirby DECwindows Engineering  v Mike Duffy <Duffy@process.com> wrote in message news:<63D30D6E10CFD11190A90000F805FE860492B333@lespaul.process.com>..., > OpenVMS V7.3 on an Alphastation 200 4/233. > / > I came back from lunch today to find the diskh1 > activity light indiciating substantial activityn* > on what should have been an idle system. > 4 > I narrowed it to a subprocess of a process running6 > DECW$CLOCK.  The subprocess was running DTSCREEN.EXE- > and was consuming about 5% of the CPU time.n > 3 > I killed the subprocess to see what would happen.i > 0 > I didn't notice any effect other than the disk0 > activity stopping.  In 20 seconds of CPU time,/ > the process had performed 39 DIOs, 37879 BIOsz, > and 403 page faults. The process had 10910/ > virtual pages, and was running at priority 0.e > - > The DECwindows clock program running in thea2 > parent process continued normally after I killed > the subprocess.P > 2 > The PC when I killed it was EXE$QIO_C+530, which4 > I know doesn't reveal much.  While it was running,4 > I did some SHOW DEVICE/FILES commands, but nothing > stood out. > / > Seeing unexplained activity from a DECwindows-3 > component made me think of the mandatory security,3 > patch that came out some time ago, but I'll admit-6 > I never installed it.  I assumed it was unnecessary 1 > because I don't run any TCP/IP product on that P > particular machine.t > 7 > Why did the subprocess exist?  What does DTSCREEN do?$ > Do I need the security patch?c > " > Looking forward to any insights, > 
 > -Mike Duffyo   ------------------------------  # Date: Mon, 29 Sep 2003 05:36:00 GMTy6 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOEGER)@ Subject: Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC5 Message-ID: <4xPdb.174568$hd6.2206219@news.chello.at>5  ] In article <3F77ACE4.12B03F57@sture.homeip.net>, Paul Sture <nospam@sture.homeip.net> writes:a >Michael Unger wrote:m: >> On 2003-09-26 01:57, "Peter 'EPLAN' LANGSTOEGER" wrote:X >> > In article <00A2671D.3178AD0C@SendSpamHere.ORG>, VAXman-  @SendSpamHere.ORG writes:< >> >>I registered and all I get when I search for a patch is >> >> , >> >>Another extremely *useful* HP web site. >> >N >> > I cannot disagree (though it works for me, most likely because of cookies0 >> > and/or JS), but I never relied on www only. >> >1 >> >       ftp://ftp.itrc.hp.com/openvms_patches/s >> >T >> > is my new (but not the only) friend (though it has a lot of ECOs still missing) >>  H >> I finally managed to register with ITRC (just as a hobbyist, i.e., noA >> valid support contract) with JavaScript *disabled* and cookiesfB >> temporarily *enabled* (session cookies, not permanent cookies).  : I use Session cookies, too ("delete all cookies on exit").  eF >> I also managed to subscribe to the VMS (VAX and Alpha) patch digestG >> mailing lists. But what is really annoying: the mailing frequency iseI >> "weekly" which is absolutely *inadequate* for security-related issues.c >e+ >And can I please ask you how long it took?    About 2min.   E >For the record, it took me about 20 minutes to get past registrationcC >and actually log on. Half an hour later I still could not find thei >patch tree.  M There is no registration neccessary to find the patch tree on the FTP server.r  # >"Weekly" isn't good for me either.e >aI >Did the system prompt you for a (very time consuming) survey as well? My I >attempt did, but I could not answer until I had tried it out for a while G >(another 40 minutes of wasted time). Most responses were in the "Don't 7 >know", "Very disatisfied" or just plain "disatisfied".r >MK >> Really annoying too: the entire registration process (including transfery5 >> of passwords) is done in simple HTTP, *not* HTTPS.  >>  E >And it gave me a meaningless user name, which means another piece of0 >paper to file somewhere..  G Or you can enter the mail address instead of the username during login.,C This one you know and using the same password on many such internet 7 registered services prevents the requirement for paper.k= btw Why didn't they use the mail address as username at all ?e   -- s Peter "EPLAN" LANGSTOEGERr% Network and OpenVMS system specialist< E-mail  peter@langstoeger.atF A-1030 VIENNA  AUSTRIA              I'm not a pessimist, I'm a realist   ------------------------------  % Date: Mon, 29 Sep 2003 10:44:06 +0200n$ From: Michael Unger <unger@decus.de>@ Subject: Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC9 Message-ID: <bl8u3k$9fhq3$1@ID-152801.news.uni-berlin.de>@  ( On 2003-09-29 03:54, "Paul Sture" wrote:   > Michael Unger wrote: >> > >> [...] >> pH >> I finally managed to register with ITRC (just as a hobbyist, i.e., noA >> valid support contract) with JavaScript *disabled* and cookies>B >> temporarily *enabled* (session cookies, not permanent cookies). >> oF >> I also managed to subscribe to the VMS (VAX and Alpha) patch digestG >> mailing lists. But what is really annoying: the mailing frequency is I >> "weekly" which is absolutely *inadequate* for security-related issues.a > , > And can I please ask you how long it took?  B About 15 minutes -- including registration, reading the "terms and: conditions" and subscribing to the relevant mailing lists.  F > For the record, it took me about 20 minutes to get past registrationD > and actually log on. Half an hour later I still could not find the
 > patch tree.a   I didn't search for patches.  $ > "Weekly" isn't good for me either. > J > Did the system prompt you for a (very time consuming) survey as well? MyJ > attempt did, but I could not answer until I had tried it out for a whileH > (another 40 minutes of wasted time). Most responses were in the "Don't8 > know", "Very disatisfied" or just plain "disatisfied".  D There were two buttons: one to take the survey route and one to skipH that. I did a short look into the survey but immediately discovered that? it would be meaningless for a hobbyist -- just business relatedv# questions. So I went the short way.   K >> Really annoying too: the entire registration process (including transferi5 >> of passwords) is done in simple HTTP, *not* HTTPS.  >>  F > And it gave me a meaningless user name, which means another piece of > paper to file somewhere.  E It isn't a user *name* but a user *id* -- a combination of characterso1 and numbers and, as you said, pretty meaningless.e   Michaela   -- p; Real names enhance the probability of getting real answers.1@ Please do *not* send "Security Patch Notifications" or "SecurityA Updates"; this system isn't running a Micro$oft operating system.b= And don't annoy me <mailto:postmaster@[127.0.0.1]> please ;-)s   ------------------------------  # Date: Mon, 29 Sep 2003 10:53:16 GMT)4 From: brad@.gateway.2wire.net (Bradford J. Hamilton)@ Subject: Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC> Message-ID: <waUdb.370363$2x.112555@rwcrnsc52.ops.asp.att.net>   !>Michael Unger wrote: !snip!G !>> I also managed to subscribe to the VMS (VAX and Alpha) patch digesttH !>> mailing lists. But what is really annoying: the mailing frequency isJ !>> "weekly" which is absolutely *inadequate* for security-related issues.  L I received my first "weekly update" recently - I'm *extremely* disappointed.  L The "update" was actually a cumulative list of *all* patches issue since theO O/S was released.  To my futher disappointment, the "update" was grouped in theeF same manner as the ECO's on the FTP site - *all* version "V7.2X" patchM notifications were released in the same e-mail".  And if that weren't enough, M there was no discernable "sorting order" for the patches - the latest patches H did not appear at the beginning of the e-mail, as I might have expected.  N Three strikes, hp (or perhaps one strike and two loud, long foul balls!)  ThenO again, what else can one expect for free?  It's just so discouraging to see thetL quality of notification drop so precipitously from the standard to which we  were accustomed.  O I would send feedback to ITRC, but as I noted in a previous post, they have yetrL to respond to my previous inquiries, now several weeks old.  I'm hoping thatM folks here that have a good connection to the right people will pass this on,rI or that perhaps the VMS engineers/marketers who lurk here can pass on ourw	 concerns.   H I don't really feel that this is unjustified whining on our part, just a4 request to return to a previous standard of quality.  e !snip!  J __________________________________________________________________________A Bradford J. Hamilton                    "All opinions are my own"tK bMradAhamiPltSon-at-coMmcAast.nPeSt     "Lose the MAPS, and replace '-at-'  0                                          with @"   ------------------------------  % Date: Mon, 29 Sep 2003 09:29:38 -0400t From: norm.raphael@metso.com@ Subject: Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC? Message-ID: <OF35E1F423.07E38BED-ON85256DB0.0048BA6F@metso.com>r  K I just tried to open the OpenVMS Alpha Patch Digest email from this weekendq andoJ the body of the message contains too many bytes for my NotesMail client to open it.I (It has an internal limit of 64K bytes for any field - including "body" -e and reports thenC entire message at 3033 KB, including headers).  I guess I need thisl "digest" as an attachment.lI I surmise that it will include lots of ECO summaries which I have alreadyo received as K ECO notices under the soon-to-be-defunct system, and it will not be easy to  separate6 the wheat from the chaff, base on the note here below. -Norme  I From:  brad@.gateway.2wire.net (Bradford J. Hamilton) on 09/29/2003 06:53l	        AMO  @ Please respond to brad@.gateway.2wire.net (Bradford J. Hamilton)   To:    Info-VAX@Mvb.Saic.Com cc:y  C Subject:    Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRCn     !>Michael Unger wrote: !snip!G !>> I also managed to subscribe to the VMS (VAX and Alpha) patch digestNH !>> mailing lists. But what is really annoying: the mailing frequency isJ !>> "weekly" which is absolutely *inadequate* for security-related issues.  > I received my first "weekly update" recently - I'm *extremely*
 disappointed.n  H The "update" was actually a cumulative list of *all* patches issue since thenK O/S was released.  To my futher disappointment, the "update" was grouped ins thetF same manner as the ECO's on the FTP site - *all* version "V7.2X" patchE notifications were released in the same e-mail".  And if that weren't  enough, E there was no discernable "sorting order" for the patches - the latest  patchesvH did not appear at the beginning of the e-mail, as I might have expected.  H Three strikes, hp (or perhaps one strike and two loud, long foul balls!) ThenK again, what else can one expect for free?  It's just so discouraging to seee theAK quality of notification drop so precipitously from the standard to which we3 were accustomed.  K I would send feedback to ITRC, but as I noted in a previous post, they haveo yetmG to respond to my previous inquiries, now several weeks old.  I'm hopingc thatI folks here that have a good connection to the right people will pass thise on,tI or that perhaps the VMS engineers/marketers who lurk here can pass on our 	 concerns.r  H I don't really feel that this is unjustified whining on our part, just a4 request to return to a previous standard of quality.   !snip!  J __________________________________________________________________________A Bradford J. Hamilton                    "All opinions are my own"nJ bMradAhamiPltSon-at-coMmcAast.nPeSt     "Lose the MAPS, and replace '-at-'0                                          with @"   ------------------------------  % Date: Mon, 29 Sep 2003 11:09:27 +0100-O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com>EE Subject: Re: VMS Cracked! [was: Linux is the favourite hacker target]40 Message-ID: <bl90co$a10$1@new-usenet.uk.sun.com>   JF Mezei wrote:P > Keith Parris wrote:t > A >>Microsoft DOS was analogous to a hang glider -- very simple and-E >>inexpensive, yet actually capable of flight with one person.  Since2H >>then, they've scaled it up to a larger size and added engines, but tooB >>much of the design still reflects the original crude single-seatG >>focus.  They claim it's an airliner now, but most people can tell thei
 >>difference.e >  > N > But when they hired Cuttler and al to write NT, (and windows 95), they couldO > have decided to start from a clean slate and stop adding security issues withh$ > each bell and whistle they wanted. >   A They could have but Microsoft has the same problem that Intel hasa< the need to remain compatible ish with their installed base.  H So Cutler was saddled with being upwardly compatible with Windows 3.1/95  O > I think that one problem is that Billy Gates was so late in acknowledging theeP > internet that the early versions just didn't think about internet as a vehicleI > for viri, and by the time Gates acknowledged the internet, the securitys6 > problems were already well rooted into his software.  > Version 1.0 of Billys book rubbished the Internet, we were all$ apparently going to use MSN instead.  E Version 1.1 added 140 pages extolling the virtues of the Internet and C positioned MS as the platform that enabled the Internet, a bit of aeF stretch since the Internet was based on IP something that up till then MS had avoided like the plague.    Regardsn Andrew Harrisonr   ------------------------------  % Date: Mon, 29 Sep 2003 12:04:51 +0200-( From: Andreas Davour <ante@update.uu.se>F Subject: Re: VMS on a simh VAX simulator, how do I get TCP/IP to work?- Message-ID: <bl9043$m1a$1@Tempo.Update.UU.SE>   ' Markus Weber <x13317@yahoo.com> writes:.  F > On Wed, 24 Sep 2003 12:27:32 +0100, Edward Brocklesby <ejb@goth.net> > wrote: >> >nJ >>The easiest way to check if it's working at all is to run tcpdump on theH >>interface and look for outgoing packets from the simulator.  You'll beJ >>able to see them, the OS just ignores them.  (Well, the pcap layer never7 >>passed them to the *incoming* packet handler at all).h >> >H >>You should be able to install another ethernet card, and connect it toL >>your first one (either via a hub/switch or crossover), then attach simh toK >>the new card.  The packets will then go out of the first card, come in touL >>the second and be seen by the host OS.  Kind of overcomplicated IMO, whichK >>is why I hacked up the tun/tap stuff.  (All the tun/tap stuff really doespI >>is simulate the second ethernet card, with the /dev/net/tun 'interface'w3 >>being the first card, and tap0 being the second).- >- > See-M > http://www.itsecuritygeek.com/index.php?module=htmlpages&func=display&pid=2b: > for a Linux workaround, code courtesy of Hans Rosenfeld.   Thanks!g   /andreas   ------------------------------  % Date: Mon, 29 Sep 2003 12:06:21 +0200r( From: Andreas Davour <ante@update.uu.se>F Subject: Re: VMS on a simh VAX simulator, how do I get TCP/IP to work?- Message-ID: <bl906t$m1a$2@Tempo.Update.UU.SE>t  ( Edward Brocklesby <ejb@goth.net> writes:  < > Andreas Davour wrote in <bkq4hg$9hk$1@Tempo.Update.UU.SE>:   H >> Ah! So maybe it works after all, but I can't see it. Now I'll have toD >> find out how the heck I can connect to my dhcp assigned PC with a* >> "private" IP range behind a firewall... >.J > The easiest way to check if it's working at all is to run tcpdump on theH > interface and look for outgoing packets from the simulator.  You'll beJ > able to see them, the OS just ignores them.  (Well, the pcap layer never7 > passed them to the *incoming* packet handler at all).   G Maybe it's time to do that postponed install of tcpdump after all then.   H > You should be able to install another ethernet card, and connect it toL > your first one (either via a hub/switch or crossover), then attach simh toK > the new card.  The packets will then go out of the first card, come in toiL > the second and be seen by the host OS.  Kind of overcomplicated IMO, whichK > is why I hacked up the tun/tap stuff.  (All the tun/tap stuff really doeseI > is simulate the second ethernet card, with the /dev/net/tun 'interface'p3 > being the first card, and tap0 being the second).s  F Well, considering how much a network card costs these days, I might as well get another one.    Thanks for your help!    /andreas   ------------------------------   Date: 29 Sep 2003 09:13:52 GMT- From: robrpm2222@aol.comInternet (RobRPM2222)u Subject: VMS Security RundownS: Message-ID: <20030929051352.00305.00000001@mb-m27.aol.com>  N some questions for the group. I'm interested in security, and Ive been readingN articles about older OS's and their approaches to security. Since some of themN are quite different from the typical *nix and Windows approaches, I've decided5 to do some looking into them to see what I can learn.   3 Multics is interesting, but it's functionally dead.t   VMS seems to be still alive.  J 1. what are the best info sources for information on VMS security? I couldM Google search, but it would be hard for me to judge which sites are best with M the limited VMS background I have. I would appreciate it if you could give mee
 some insight.t  O 2. How much of VMS's security is due to the fact that it's not very common, andnO most of the admins/programmers for it are well past the age where breaking intohN things looks technically interesting, AND how much is due to proper design andF the wisdom of age? I'm not trying to be insulting in any fashion, just
 wondering.  F 3. provided this won't cause a useless flamewar, how would you compareB out-of-the-box OpenVMS security to that of other operating systemsN out-of-the-box you use regularly? Then how would you compare the security of aM locked-down VMS box with an admin knowledgable about VMS security, versus theoO security of a locked down box in the other OS you use regularly with an equallyc compentant admin for that OS?   M 4. if you were given free rein to add a security feature or cause a change in > the security implimentation of OpenVMS, what would you change?   -- 0L Rob Meyer                            |  "There are only so many ways to hurt> Goshinbudo Jujitsu (MMA)      |  the human body, and everyone M                                             |  invented them." - Dan InosantoV            ------------------------------  % Date: Mon, 29 Sep 2003 11:18:15 +0100 ( From: "John Travell" <john@jomatech.com>! Subject: Re: VMS Security Rundown.9 Message-ID: <bl90ta$966qd$1@ID-120847.news.uni-berlin.de>i  : "RobRPM2222" <robrpm2222@aol.comInternet> wrote in message4 news:20030929051352.00305.00000001@mb-m27.aol.com...H > some questions for the group. I'm interested in security, and Ive been readingnK > articles about older OS's and their approaches to security. Since some of3 themH > are quite different from the typical *nix and Windows approaches, I've decided47 > to do some looking into them to see what I can learn.. >>5 > Multics is interesting, but it's functionally dead.5 >o > VMS seems to be still alive. >rL > 1. what are the best info sources for information on VMS security? I couldJ > Google search, but it would be hard for me to judge which sites are best withL > the limited VMS background I have. I would appreciate it if you could give me > some insight.r >hE > 2. How much of VMS's security is due to the fact that it's not veryf common, andeL > most of the admins/programmers for it are well past the age where breaking intoL > things looks technically interesting, AND how much is due to proper design and H > the wisdom of age? I'm not trying to be insulting in any fashion, just > wondering. > H > 3. provided this won't cause a useless flamewar, how would you compareD > out-of-the-box OpenVMS security to that of other operating systemsK > out-of-the-box you use regularly? Then how would you compare the securitye of aK > locked-down VMS box with an admin knowledgable about VMS security, versus  theaI > security of a locked down box in the other OS you use regularly with an  equally  > compentant admin for that OS?c >iL > 4. if you were given free rein to add a security feature or cause a change in@ > the security implimentation of OpenVMS, what would you change? >V  . If you have not seen it, the DEFCON9 report atB http://dahmer.vistech.net/defcon.txt may make interesting reading.F In principle, VMS security is the result of careful engineering. It isG reasonably secure OOTB, and really only needs care when setting up user ; account access to avoid compromising the built-in security.p     -- John Travell" Independent VMS crashdump analyst. john- at - jomatech - dot - comt +44-(0)23-92552229 http://www.jomatech.com/       ---m& Outgoing mail is certified Virus Free.: Checked by AVG anti-virus system (http://www.grisoft.com).A Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/2003n   ------------------------------    Date: 29 Sep 2003 05:39:02 -0500- From: Kilgallen@SpamCop.net (Larry Kilgallen)w! Subject: Re: VMS Security Rundown 3 Message-ID: <FxlQIG4n1XO9@eisner.encompasserve.org>9  j In article <20030929051352.00305.00000001@mb-m27.aol.com>, robrpm2222@aol.comInternet (RobRPM2222) writes:  D > 1. what are the best info sources for information on VMS security?   	1. Guide to VMS Securityv( 	2. Internals and Data Structures Manual 	3. VMS Source  A In general, understanding VMS security properly takes more efforta@ than will be expended reading an online document (even though #1 above is online).   M > 2. How much of VMS's security is due to the fact that it's not very common,n  H That is a matter of opinion and conjecture.  There has been at least oneJ white hat tiger team attack feeding information back into VMS Development.J The result was changes to plug loopholes, but the whole effort was treatedG quite confidentially at the time.  When those changes were entered intorH the source they were not commented as a security defect present in prior	 versions.o  H One advantage VMS has over less orderly operating systems is that entireI modules are not rewritten on a whim.  I have heard estimates that as muchrJ as 30% of Windows NT v.whatever was replaced from v.(whatever-1).  That isI bound to introduce more defects.  Although it is possible that results ofcF the tiger team attack to which I referred could have accidentally come5 undone, it is much less likely due to code stability.   G Another factor is VMS Development's responsive attitude toward security?F defects.  By and large, outsiders have no need to "go public" to shame" VMS Development into going public.  H > 3. provided this won't cause a useless flamewar, how would you compareD > out-of-the-box OpenVMS security to that of other operating systems# > out-of-the-box you use regularly?.  G I don't use it regularly, but the only comparison I see as viable wouldsF be MVS.  While VMS may lack certain features (e.g., setting protectionF of a file that does not exist), the VMS feature set makes better senseG for the way VMS systems are actually used.  VMS security is much easieruH to manage, and if there are problems managing security errors in the use# of security features will creep in.   O > 4. if you were given free rein to add a security feature or cause a change in1@ > the security implimentation of OpenVMS, what would you change?  > 	1. Integrate Security Enhanced VMS features into the mainline 	   product.  ? 	2. Add to the SEVMS features a "test mode" (announcing but not B 	   preventing MAC policy violations) similar to what is availableA 	   with MVS security products.  (That is an example of a featuret@ 	   aimed at easing use of strong security at individual sites.)  H All that said, the greatest flaw in VMS security these days is the habitI VMS Development has of adopting code from other operating systems, mostlyoB Unix.  But MVS, the other serious contender, has the same problem.   ------------------------------  % Date: Mon, 29 Sep 2003 11:20:05 +0100t. From: Peter Jackson <peter.jackson@oracle.com>! Subject: Re: VMS Security Rundowna* Message-ID: <3F780755.3CCE3EC2@oracle.com>  , This is a multi-part message in MIME format.& --------------9738F83874BBC5F355E1BCE2* Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bith       RobRPM2222 wrote:l  P > some questions for the group. I'm interested in security, and Ive been readingP > articles about older OS's and their approaches to security. Since some of themP > are quite different from the typical *nix and Windows approaches, I've decided7 > to do some looking into them to see what I can learn.y > 5 > Multics is interesting, but it's functionally dead.d >g > VMS seems to be still alive.  6 VMS is 9 years younger than UNIX, and very much alive.  L > 1. what are the best info sources for information on VMS security? I couldO > Google search, but it would be hard for me to judge which sites are best with O > the limited VMS background I have. I would appreciate it if you could give me  > some insight.d   An intro with links is atl= http://www.blacksheepnetworks.com/security/resources/openvms/e9 http://www.vmsone.com/~opcom/defcon9.htm is good reading.   Q > 2. How much of VMS's security is due to the fact that it's not very common, and Q > most of the admins/programmers for it are well past the age where breaking intotP > things looks technically interesting, AND how much is due to proper design andH > the wisdom of age? I'm not trying to be insulting in any fashion, just > wondering.   Mostly good design.i  H > 3. provided this won't cause a useless flamewar, how would you compareD > out-of-the-box OpenVMS security to that of other operating systemsP > out-of-the-box you use regularly? Then how would you compare the security of aO > locked-down VMS box with an admin knowledgable about VMS security, versus theiQ > security of a locked down box in the other OS you use regularly with an equally) > compentant admin for that OS?n  A Compared to VMS the others (Windows and UNIX) seem very insecure.a  O > 4. if you were given free rein to add a security feature or cause a change inr@ > the security implimentation of OpenVMS, what would you change? >N > --N > Rob Meyer                            |  "There are only so many ways to hurt? > Goshinbudo Jujitsu (MMA)      |  the human body, and everyoneaO >                                             |  invented them." - Dan Inosanton >a  & --------------9738F83874BBC5F355E1BCE2- Content-Type: text/x-vcard; charset=us-ascii;a  name="peter.jackson.vcf"e Content-Transfer-Encoding: 7bitb+ Content-Description: Card for Peter Jacksonl  Content-Disposition: attachment;  filename="peter.jackson.vcf"h   begin:vcard  n:;Peter x-mozilla-html:FALSE
 adr:;;;;;; version:2.1d' email;internet:peter.jackson@oracle.com- fn:Peter Jackson	 end:vcard   ( --------------9738F83874BBC5F355E1BCE2--   ------------------------------  # Date: Mon, 29 Sep 2003 10:37:31 GMTs5 From: rdeininger@mindspringdot.com (Robert Deininger) ! Subject: Re: VMS Security Rundown L Message-ID: <rdeininger-2909030646360001@user-uinj43t.dialup.mindspring.com>  : In article <20030929051352.00305.00000001@mb-m27.aol.com>,. robrpm2222@aol.comInternet (RobRPM2222) wrote:  O >some questions for the group. I'm interested in security, and Ive been readingeO >articles about older OS's and their approaches to security. Since some of themcO >are quite different from the typical *nix and Windows approaches, I've decided 6 >to do some looking into them to see what I can learn. >i4 >Multics is interesting, but it's functionally dead. >t >VMS seems to be still alive.m  
 Indeed it is.   @ The authoritative reference for the VMS security model is in the+ documentation set, available on the web at:b  ( http://h71000.www7.hp.com/doc/index.html  6 You'll want to look at the "Guide to System Security".  C (For some reason, the doc page does not have any of the VMS manuals-; available at the moment.  It appears to be an empty shell.)     K >1. what are the best info sources for information on VMS security? I couldgN >Google search, but it would be hard for me to judge which sites are best withN >the limited VMS background I have. I would appreciate it if you could give me >some insight. >yP >2. How much of VMS's security is due to the fact that it's not very common, andP >most of the admins/programmers for it are well past the age where breaking intoO >things looks technically interesting, AND how much is due to proper design andeG >the wisdom of age? I'm not trying to be insulting in any fashion, justI >wondering.o  J VMS security is mostly due to good design.  When Hackerz try to break intoA VMS, they fail.  Exceptions are very rare from what I have heard.C    G >3. provided this won't cause a useless flamewar, how would you compare C >out-of-the-box OpenVMS security to that of other operating systems O >out-of-the-box you use regularly? Then how would you compare the security of arN >locked-down VMS box with an admin knowledgable about VMS security, versus theP >security of a locked down box in the other OS you use regularly with an equally >compentant admin for that OS?  I VMS is secure out of the box.  I've never seen a "you better change this"?G list of things to do to secure a VMS system.  (Well, not in the last 15r years, at least.)   H The paranoid system manager might enable more security auditing than the? default settings, to make it easier to track  breakin attempts.n    N >4. if you were given free rein to add a security feature or cause a change in? >the security implimentation of OpenVMS, what would you change?a  # Offhand, I can't think of anything.R   ------------------------------  # Date: Mon, 29 Sep 2003 12:03:33 GMTs- From: "John E. Malmberg" <wb8tyw@qsl.network>o! Subject: Re: VMS Security Rundowno: Message-ID: <pcVdb.689$Vb3.596869@news1.news.adelphia.net>   Robert Deininger wrote:o > B > The authoritative reference for the VMS security model is in the- > documentation set, available on the web at:n > * > http://h71000.www7.hp.com/doc/index.html > 8 > You'll want to look at the "Guide to System Security". > E > (For some reason, the doc page does not have any of the VMS manualsf= > available at the moment.  It appears to be an empty shell.)   L Look on the left side of the screen.  There is a list of documentation sets.   -Johnn wb8tyw@qsl.network Personal Opinion Onlyg   ------------------------------    Date: 29 Sep 2003 08:08:25 -0500; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)h! Subject: Re: VMS Security Rundownt3 Message-ID: <PEWEmjlawhdw@eisner.encompasserve.org>r  j In article <20030929051352.00305.00000001@mb-m27.aol.com>, robrpm2222@aol.comInternet (RobRPM2222) writes:   > VMS seems to be still alive.      To put it midly, yep.  L > 1. what are the best info sources for information on VMS security? I couldO > Google search, but it would be hard for me to judge which sites are best withoO > the limited VMS background I have. I would appreciate it if you could give me  > some insight.   @    The security docs for VMS should be at the doc web site.  TryB    www.openvms.compaq.com/docs (actually an HP site with a readily    forgettable URL).  Q > 2. How much of VMS's security is due to the fact that it's not very common, andRQ > most of the admins/programmers for it are well past the age where breaking intoJP > things looks technically interesting, AND how much is due to proper design andH > the wisdom of age? I'm not trying to be insulting in any fashion, just > wondering.  G    Very little of VMS security relies on obscurity.  Most of it grew upgE    in the days when everybody had a VAX.  It's in their by design, bye@    good engineering, and from having a history of development inC    languages where allowing a buffer overrun would be a non-trivial3    exersize.  H > 3. provided this won't cause a useless flamewar, how would you compareD > out-of-the-box OpenVMS security to that of other operating systemsP > out-of-the-box you use regularly? Then how would you compare the security of aO > locked-down VMS box with an admin knowledgable about VMS security, versus thecQ > security of a locked down box in the other OS you use regularly with an equallyd > compentant admin for that OS?h  I    Simply the best, it's quite well locked down out of the box and offerscF    both features not seen elsewhere as well as a history of few holes.  O > 4. if you were given free rein to add a security feature or cause a change inT@ > the security implimentation of OpenVMS, what would you change?  @    Modify the ANSI C language definition so that it would becomeF    difficult to set up a buffer overrun.  This isn't really up to VMS,    but you did say "free rein".5  H    Modify the TCP/IP RFC's so that no one could open up a socket without7    going through authentication.  Same comment applies.s  H    As for things really part of VMS, it's just getting lowercase lettersF    in passwords and needs to allow a lot more special characters.  NotD    that that guarantees better passwords, but it gives the user more
    choice.   ------------------------------  % Date: Mon, 29 Sep 2003 08:04:25 -0400o% From: Howard Shubs <howard@shubs.net> ! Subject: Re: VMS Security Rundowni< Message-ID: <howard-479744.08042529092003@enews.newsguy.com>  : In article <20030929051352.00305.00000001@mb-m27.aol.com>,/  robrpm2222@aol.comInternet (RobRPM2222) wrote:   I > some questions for the group. I'm interested in security, and Ive been o	 > readinguL > articles about older OS's and their approaches to security. Since some of  > themI > are quite different from the typical *nix and Windows approaches, I've  	 > decidedO7 > to do some looking into them to see what I can learn.   ; Older, huh?  It's newer than UNIX.  Careful, there.  <grin>e   -- nD You are what you eat, therefore, I'm a vegetable!  Cows and chickens and Pop Tarts are too.   ------------------------------  + Date: Mon, 29 Sep 2003 15:07:39 +0000 (UTC)o. From: Dale Dellutri <ddelQQQlutr@panQQQix.com>! Subject: Re: VMS Security Rundowno, Message-ID: <bl9hrr$neq$1@reader2.panix.com>  K On 29 Sep 2003 09:13:52 GMT, RobRPM2222 <robrpm2222@aol.cominternet> wrote:-O > 4. if you were given free rein to add a security feature or cause a change ine@ > the security implimentation of OpenVMS, what would you change?  % Integrate encryption into VMS backup.-   -- P7 Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)7   ------------------------------    Date: 29 Sep 2003 11:17:17 -0500+ From: young_r@encompasserve.org (Rob Young)0! Subject: Re: VMS Security RundownG3 Message-ID: <o2l15EUG+HBv@eisner.encompasserve.org>a  c In article <FxlQIG4n1XO9@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes:cl > In article <20030929051352.00305.00000001@mb-m27.aol.com>, robrpm2222@aol.comInternet (RobRPM2222) writes:   > P >> 4. if you were given free rein to add a security feature or cause a change inA >> the security implimentation of OpenVMS, what would you change?i > @ > 	1. Integrate Security Enhanced VMS features into the mainline > 	   product. > A > 	2. Add to the SEVMS features a "test mode" (announcing but notoD > 	   preventing MAC policy violations) similar to what is availableC > 	   with MVS security products.  (That is an example of a feature B > 	   aimed at easing use of strong security at individual sites.) >   < 	Add something as slick as Multinet for a TCP/IP stack.  By 2 	example, for no additional cost I now have S-Key ; 	as my access method.  I download the tokens to my passworduD 	protedted palm/pocketPC (token list kept elsewhere in a safe place  	just in case):      Username: youngr! Challenge: s/key 133 7135tt6ewq4ut% Response: PAY JUDD SHY GAFF CERN AVONa    2                            OpenVMS Computer System  6                         UNAUTHORIZED USE IS PROHIBITED    =     Last interactive login on Monday, 29-SEP-2003 09:11:30.32rA     Last non-interactive login on Friday, 26-SEP-2003 22:04:12.28m  ! <NDOENAME>$ ! Vms login completedd    ( <NODENAME>$ @MULTINET:SECUREIP_CONFIGURE  MultiNet Secure/IP Configuration  I * Do you want to configure the MultiNet Secure/IP client software [YES]? iI * Do you want to configure the MultiNet Secure/IP server software [YES]? e  H * Enter the Internet address for the authentication server [127.0.0.1]: H * Enter the privileged port number for the authentication server [702]:   A MultiNet Secure/IP supports the following authentication methods:e       1 - Plaintext Passwordsf:     2 - Digital Pathways SecureNet Key (SNK-004 & SNK-010)1     3 - Security Dynamics SecurID (SD200 & SD520)s     4 - Bellcore S/KEY     5 - CRYPTOCard (RB-1)h  A * Enter the default authentication method for non-local logins: 1e  > %SECUREIP-S-UPDATED, MultiNet Secure/IP configuration modified    7 	By default everyone is plaintext password, except for:    <NODENAME>$ multi profile/show0 Username                        Preferred Method0 --------                        ----------------. youngr                          Bellcore S/KEY   ---u  2 	Yes, there is a bit of maintenance involved, etc.I 	But this keeps the co-workers/kids from shoulder surfing my password(s).:   				Robe   ------------------------------    Date: 29 Sep 2003 11:24:26 -0500- From: Kilgallen@SpamCop.net (Larry Kilgallen)l! Subject: Re: VMS Security Rundownt3 Message-ID: <DnaeTL1zFGDh@eisner.encompasserve.org>e  ] In article <bl9hrr$neq$1@reader2.panix.com>, Dale Dellutri <ddelQQQlutr@panQQQix.com> writes:AM > On 29 Sep 2003 09:13:52 GMT, RobRPM2222 <robrpm2222@aol.cominternet> wrote:fP >> 4. if you were given free rein to add a security feature or cause a change inA >> the security implimentation of OpenVMS, what would you change?5 > ' > Integrate encryption into VMS backup.h   Why do you want that ?  A Is management unwilling to spend money on the encryption option ?t   ------------------------------    Date: 29 Sep 2003 06:14:01 -0700- From: djesys@earthlink.net (David J Dachtera)t" Subject: Re: VMS system on the web= Message-ID: <66a00d01.0309290514.46a28f71@posting.google.com>i  [ JF Mezei <jfmezei.spamnot@istop.com> wrote in message news:<3F774FB2.7B445B71@istop.com>...u > Bill Gunshannon wrote:J > > The students already have more than enough extra-curricular activitiesF > > to occupy their time.  Considering that VMS has nothing to do with2 > > current course content, why would they bother? > O > If you put porn on the VMS system, the students will come :-) :-) ;-) ;-) :-)y  > As long as they wipe it up when they're done, what's the harm?   ---  David J Dachtera,. dba DJE Systemso   ------------------------------  % Date: Mon, 29 Sep 2003 17:31:19 +0200i( From: "H Vlems" <hvlems.nieuw@zonnet.nl>; Subject: Re: VMS Technical Update seminar (the Netherlands)e9 Message-ID: <bl9jbh$9p0m0$1@ID-143435.news.uni-berlin.de>   6 "Neil Rieck" <n.rieck@sympatico.ca> schreef in bericht2 news:gpEdb.1114$ab5.42609@news20.bellglobal.com... >d5 > "H Vlems" <hvlems.nieuw@zonnet.nl> wrote in messagee5 > news:bl3tjh$7o071$1@ID-143435.news.uni-berlin.de...e >  > [snip] >eK > > happened but handled it very well. It does prove that VMS is still very  muchK > > alive, at least in this country. It also proved without a doubt that HPp isJ > > backing VMS and that the OS does have a future. I've got to admit that sincerK > > the dark days of Bob Palmer, let alone Compaq, I did not have much hopee thatH > > VMS would ever live to be 30 years old but this symposium absolutely removed.H > > that doubt. VMS engineering is improving parts of the OS that hadn't been > > touched in the last decade.d >s > [snip] >nK > I came away with the exact same feeling after attending the VMS Technicalw# > Update seminar in Ottawa, Canada.e >iK > p.s. Did they talk about the good stuff happening at the Bank of Austria?r >l@ No, but it may have been mentioned on Friday. Can you elaborate?   ------------------------------   End of INFO-VAX 2003.540 ************************