1 INFO-VAX	Tue, 30 Sep 2003	Volume 2003 : Issue 541       Contents:
 Re: <None>0 Re: A flood of spams - another virus on the way? RE: AMD64 sales figures ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement ! Re: BACKUP Throughput measurement  Re: BEA WebLogic and VMS
 Re: BootCamp? 
 Re: BootCamp?   Re: DS10 vs. DS40 and HP support  Re: DS10 vs. DS40 and HP support0 Re: Elapsed time through the lex. func. f$getjpi2 Re: EVA question: How many vdisks should I create?@ Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)@ Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)@ Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)@ Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)@ Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...) HP ITRC lameness7 Re: HP to Linux users: "Go ahead.  I've got your back." 6 Re: HP to Linux users: "Go ahead. I've got your back."% Re: Info on Known VMS Exploits/Cracks ( RE: Linux is the favourite hacker target( Re: Linux is the favourite hacker target( RE: Linux is the favourite hacker target Logical names question Re: Logical names question Re: Logical names question Re: Logical names question Re: Nice touch, AMD  OT: sort of - To Sue% Re: OT: Talk about bad luck (Halifax) % RE: OT: Talk about bad luck (Halifax) % Re: OT: Talk about bad luck (Halifax) % Re: OT: Talk about bad luck (Halifax) D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?D Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?* Re: Read VMS Backup *.bck files in Windows Re: RSX.EXE under OpenVMS 7.3? Re: SSH for VMS  Re: SSH for VMS 0 Re: suggestion: TCPIP$SMTP_PERSONAL_NAME logical Re: symbiont housekeeping ?  Re: symbiont housekeeping ?  Re: symbiont housekeeping ? < Re: TCPWARE v5.4-3 Patch 19.0, TCPware_FTP process "hanging" Re: Translating COM jobs7 Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC 7 Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC 7 Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC  RE: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown Re: VMS Security Rundown2 Re: VMS Technical Update seminar (the Netherlands)" WTB:  Dectape II (TU58) Cartridges  F ----------------------------------------------------------------------  % Date: Mon, 29 Sep 2003 20:13:48 +0200 * From: Paul Sture <nospam@sture.homeip.net> Subject: Re: <None> 0 Message-ID: <3F78927C.3CA1AA44@sture.homeip.net>   Didier Morandi wrote:  > 0 > http://help.vpi.net/netscapemail/html/fcc.html >  > :-)  > = > (yeah, me too, I sometimes forget about good old google :-)  >  > D. >  > Paul Sture wrote:  > C > > So, sick of aall the Swen spams, I thought of creating a NOSPAM , > > account and using Netscape 3.03 to post. > > H > > I can read newsgroup messages fine, and can compse replies, but whenP > > I hit the send button, Netscape comes up with "Netscape Error, Couldn't open > > FCC file". > > ' > > Anyone any idea WTF an FCC file is?    Thanks, that does the trick.   --  
 Paul Sture   ------------------------------  # Date: Mon, 29 Sep 2003 22:11:18 GMT ' From: Don Sykes <anonymous@pacbell.net> 9 Subject: Re: A flood of spams - another virus on the way? + Message-ID: <3F78AEB3.52052ECC@pacbell.net>    Bill Gunshannon wrote: > - > In article <3F7743C5.5B63DE63@pacbell.net>, 3 >         Don Sykes <anonymous@pacbell.net> writes:  > >  > >  > > Bill Gunshannon wrote: > >>0 > >> In article <3F74D1E3.8BB8F946@pacbell.net>,6 > >>         Don Sykes <anonymous@pacbell.net> writes: > >> >? > >> > I and others in this NG are trying to do something - see . > >> > http://alphase.com/vms/FBEProtocol.html > >>H > >> Yet another hair-brained idea with little if any real fore-thought. > >>J > >>          Depending on the recipients and other criteria, the receiverI > >>          software can demand a fee from the sender's ISP for passing  > >>          on the e-mail. > >>M > >> What ISP is likely to agree to pay some arbitrary "fee" in order to pass M > >> mail to you?  Do you really think your that important?  It is simpler to N > >> just notify the sender that their mail is undeliverable and let them sortL > >> it out.  If you rely on email for your business, you will start to feelI > >> the pinch in very short order.  Your potential customers will merely H > >> find you unreachable, not understand why, think your are not a very; > >> reliable company and look elsewhere for their answers.  > > J > > You obviously don't understand how this works and it's clear from your > > tone, you just want to.  > J > So clarify it.  What I saw was a plan that punishes the victim by makingI > ordinary users pay for a service that has always been free in the past. M > Systems like that stifle legitimate use but allow comercial use to flourish N > as all they have to do is make more money then they have to spend.  What didM > I have wrong about the parts I cut&pasted in the last message?  Are you now N > saying your not proposing that Jane Doe pay $0.21 for every email she sends?L > Or that you think it would be as easy for a 100 customer ISP in Winder, GA9 > to post a $1M bond as it would be for Earthlink or AOL?  > J > >                         And I gave up trying to argue with "Comic Book > > Guy" types, soo... > J > Not having read a "Comic Book" in about 4 decades I'm afraid this one is> > lost on me, but I'll assume it was supposed to be an insult.  @ What do you expect, when you begin your reply with: "Yet anotherC hair-brained idea with little if any real fore-thought." (BTW: it's   HARE-brained, not HAIR-brained).  H When I said I gave up on trying to argue with "Comic Book Guy" types, itF was a reference to a character on the Simpsons TV show (Google to findF out more), whose mission in life is to be condescending and insulting.F He gains his self esteem from arrogantly correcting others on minutia.  E I do not want to continue a diatribe with you. If you want to discuss H this as colleagues, fine, we'll forget it and move on, but I will not be  fodder for anyone's insult mill.   --     Have VMS, Will Travel  Wire paladin, San Francisco    (paladinATalphaseDOTcom)   ------------------------------  % Date: Mon, 29 Sep 2003 19:55:33 -0400 ' From: "Main, Kerry" <kerry.main@hp.com>   Subject: RE: AMD64 sales figuresR Message-ID: <FD827B33AB0D9C4E92EACEEFEE2BA2FB0D870C@tayexc19.americas.cpqcorp.net>   >=20 > -----Original Message-----, > From: Andrew Harrison SUNUK Consultancy=203 > [mailto:Andrew_No.Harrison_No@nospamn.sun.com]=20 " > Sent: September 29, 2003 4:55 AM > To: Info-VAX@Mvb.Saic.Com  >=20 > Main, Kerry wrote: > >>-----Original Message-----. > >>From: Andrew Harrison SUNUK Consultancy=202 > >>[mailto:Andrew_No.Harrison_No@nospamn.sun.com]% > >>Sent: September 26, 2003 12:11 PM  > >>To: Info-VAX@Mvb.Saic.Com  > >> > >>Greg Cagle wrote:  > >>- > >>>Andrew Harrison SUNUK Consultancy wrote:  > >>>  > >>>  > >>> J > >>>>IA64 high quality, tell that to the customers who Intel suggested=20@ > >>>>should clock their 1000 GHz units at 800 MHz to avoid data > >>> 
 > >>integrity  > >> > >>>>problems.  > >>>  > >>> ) > >>>1) Do you have a reference for this?  > >>> > > >>>2) If I were you I wouldn't be bringing up data integrity > >>>   problems.  > >>' > >>If I were you I wouldn't have asked  > >>3 > >>http://www.computerweekly.com/Article121736.htm  > >> > >>Regards  > >>Andrew Harrison  > >> > >> > >=20 > >=203 > > And if I were you, I'd remember the old phrase:  > > "those in glass houses ..."  > >=20 >=20B > Kerry since you now work for HP ask one of your new collegues=20@ > about the HP K series, or the memory controllers in the N4000. >=20H > You will find that the glass house you are in has just enlarged a bit. >=20	 > Regards  > Andrew Harrison  >=20   Andrew,   H Hey, I'm not saying all HP HW is perfect. That's not the issue, so don't change the subject.   B The references on the Sun site that I provided illustrate *recent*F examples of Sun HW causing data corruption, so you highlighting issuesE in IA64 is a great example of those living in glass houses should not 
 throw stones.    :-)    Regards   
 Kerry Main Senior Consultant  HP Services Canada Voice: 613-592-4660  Fax: 613-591-4477  Email: kerryDOTmainAThpDOTcom . (remove the DOT's and AT for email address)=20   ------------------------------  + Date: Mon, 29 Sep 2003 18:01:49 +0000 (UTC) , From: lewis@PROBE.mitre.org (Keith A. Lewis)* Subject: Re: BACKUP Throughput measurement. Message-ID: <bl9s2d$65j$1@newslocal.mitre.org>   brandon@dalsemi.com (John Brandon) writes in article <03092910031819@dscis6-0.dalsemi.com> dated Mon, 29 Sep 2003 10:03:18 -0500: N >However, I have always wanted to measure the throughput of the BACKUP utility4 >and wanted to know if anyone is doing this and how.  J If you run the BACKUP command interactively, ^T will give you current timeI and block number.  Wait a few minutes and then ^T again, and do the math. K Don't forget to take into account that BACKUP blocks are not 512b (see HELP  BACKUP_C /BLOCK).   L This method is extremely useful for answering the question "Should I go have7 dinner now or wait for my standalone backup to finish?"   + --Keith Lewis              klewis$mitre.org > The above may not (yet) represent the opinions of my employer.   ------------------------------    Date: 29 Sep 2003 13:07:10 -0500 From: briggs@encompasserve.org* Subject: Re: BACKUP Throughput measurement3 Message-ID: <R2Lkn05BIzaY@eisner.encompasserve.org>   \ In article <03092912353234@dscis6-0.dalsemi.com>, brandon@dalsemi.com (John Brandon) writes: > John Briggs wrote:N >> You're not sampling process I/O counts.  You're sampling device I/O counts. >>    >>  F$GETDVI ( "MKA0", "OPCNT" ) >>   >> rather than >>   >>  F$GETJPI ( "", "DIOCNT" )  >>  K >> Hard to get disk I/O mixed in with the operation count on a tape device.  > Q > Yeah, I was scratching my head on that one - missed the OPCNT.  Thanks.  I will  > run some tests on this...z > 5 > But - how does that account for /GROUP or /BLOCK ?    C Multiply the number of operations by the blocksize to get number of  bytes stored to tape.   G Multiply that by groupsize/(groupsize+1) to get number of bytes fetched 
 from disk.   	John Briggs   ------------------------------  % Date: Mon, 29 Sep 2003 13:23:06 -0500 ( From: brandon@dalsemi.com (John Brandon)* Subject: Re: BACKUP Throughput measurement1 Message-ID: <03092913230655@dscis6-0.dalsemi.com>    Keith Lewis wrote:L > If you run the BACKUP command interactively, ^T will give you current timeK > and block number.  Wait a few minutes and then ^T again, and do the math. M > Don't forget to take into account that BACKUP blocks are not 512b (see HELP  > BACKUP_C /BLOCK).   G Unfortanently the process runs in BATCH - no ^T option available to me.    John Briggs wrote:E > Multiply the number of operations by the blocksize to get number of  > bytes stored to tape.  > I > Multiply that by groupsize/(groupsize+1) to get number of bytes fetched  > from disk.  4 Thanks John.  I kind of figured that may be the case  K However, I was reading in the archives that a block size value greater than I 32K (aprox) will not produce faster throughput/performance.  If I use the N /BLOCK_SIZE then I could produce erroneous data if that value was greater than) 32K.  Is there another lexical out there?   O Also I notice that the f$getdvi(device,"OPCNT") reports the accumulated count.  N Is there a way to ZERO this value?  I see potential for overflows here or am I wrong?         J*o*h*n B*r*a*n*d*o*n  VMS Systems Administrator * firstname.lastname.spam.me.not@dalsemi.com   ------------------------------  + Date: Mon, 29 Sep 2003 18:56:50 +0000 (UTC) . From: Dale Dellutri <ddelQQQlutr@panQQQix.com>* Subject: Re: BACKUP Throughput measurement, Message-ID: <bl9v9i$sl4$1@reader2.panix.com>  M On Mon, 29 Sep 2003 10:03:18 -0500, John Brandon <brandon@dalsemi.com> wrote: M > I have a backup application using the VMS BACKUP utility.  OK, it is just a L > bunch of command files that use scripts to backup the disks.  No big deal.O > However, I have always wanted to measure the throughput of the BACKUP utility 5 > and wanted to know if anyone is doing this and how. ! > At current, I do the following:  > $!% > $ starttime = f$cvtime(,"ABSOLUTE") 2 > $ freeblocks = f$getdvi(bup_device,"FREEBLOCKS"). > $ maxblock = f$getdvi(bup_device,"MAXBLOCK")& > $ usedblocks = maxblock - freeblocks > $! > $ backup ... > $!# > $ endtime = f$cvtime(,"ABSOLUTE")  > $!P > I take the delta of start and end time and using the number of usedblocks I amN > able to (roughly) calculate the throughput.  It may not be exact, however itI > does provide me with a value with which I can make general esitmates of 
 > throughput.   F I use the difference of the OPCNT on the backup tape device before andD after the backup, then take into account the /verify and /block_size setting.  > A long time ago, I asked that backup get a /statistics command= modifier (like sort /statistics), which would give this info.    --  7 Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)    ------------------------------  % Date: Mon, 29 Sep 2003 21:01:42 +0200 * From: Paul Sture <nospam@sture.homeip.net>* Subject: Re: BACKUP Throughput measurement0 Message-ID: <3F789DB5.399FD462@sture.homeip.net>   John Brandon wrote:  > M > I have a backup application using the VMS BACKUP utility.  OK, it is just a L > bunch of command files that use scripts to backup the disks.  No big deal. > O > However, I have always wanted to measure the throughput of the BACKUP utility 5 > and wanted to know if anyone is doing this and how.  > ! > At current, I do the following:  >  > $!% > $ starttime = f$cvtime(,"ABSOLUTE") 2 > $ freeblocks = f$getdvi(bup_device,"FREEBLOCKS"). > $ maxblock = f$getdvi(bup_device,"MAXBLOCK")& > $ usedblocks = maxblock - freeblocks > $! > $ backup ... > $!# > $ endtime = f$cvtime(,"ABSOLUTE")  > $! > P > I take the delta of start and end time and using the number of usedblocks I amN > able to (roughly) calculate the throughput.  It may not be exact, however itI > does provide me with a value with which I can make general esitmates of 
 > throughput.  > > > Anyone else do something different?  Just kind of curious... >   ? I do my backups with a /LIST=filename, and keep the listings on B disk. I have a procedure which extracts the file and block counts,F and compares the creation and modification dates of the listing files.  B I'd have to dig into the code for further details, as it's several years since I wrote it.   A BTW, keeping the listing files on disk is extremely handy when it H comes to restoring files from a multivolume tape set, as you can quicklyE locate which tape(s) the required files are on, and skip any previous  tapes.   ------------------------------  % Date: Mon, 29 Sep 2003 14:00:40 -0500 ( From: brandon@dalsemi.com (John Brandon)* Subject: Re: BACKUP Throughput measurement1 Message-ID: <03092914004087@dscis6-0.dalsemi.com>    Dale Dellutri wrote:H > I use the difference of the OPCNT on the backup tape device before andF > after the backup, then take into account the /verify and /block_size
 > setting.  C With the /VERIFY I assume you would divide by two if it is enabled?   , Do you consider the /GROUP qualifier at all?  @ > A long time ago, I asked that backup get a /statistics command? > modifier (like sort /statistics), which would give this info.    I like that.       J*o*h*n B*r*a*n*d*o*n  VMS Systems Administrator * firstname.lastname.spam.me.not@dalsemi.com   ------------------------------  % Date: Mon, 29 Sep 2003 14:07:42 -0500 ( From: brandon@dalsemi.com (John Brandon)* Subject: Re: BACKUP Throughput measurement1 Message-ID: <03092914074273@dscis6-0.dalsemi.com>   A > I do my backups with a /LIST=filename, and keep the listings on D > disk. I have a procedure which extracts the file and block counts,H > and compares the creation and modification dates of the listing files. > D > I'd have to dig into the code for further details, as it's several > years since I wrote it.  > C > BTW, keeping the listing files on disk is extremely handy when it J > comes to restoring files from a multivolume tape set, as you can quicklyG > locate which tape(s) the required files are on, and skip any previous  > tapes.  G I create the JOURNAL files - I had to create a command file to scan the E journals for me - specify the filename and backup date - allowing for J wildcards of course.  Too bad the list information is not contained in the
 journal...       J*o*h*n B*r*a*n*d*o*n  VMS Systems Administrator * firstname.lastname.spam.me.not@dalsemi.com   ------------------------------    Date: 29 Sep 2003 13:35:32 -0500+ From: young_r@encompasserve.org (Rob Young) * Subject: Re: BACKUP Throughput measurement3 Message-ID: <xXSpY+1KnmoS@eisner.encompasserve.org>   \ In article <03092913230655@dscis6-0.dalsemi.com>, brandon@dalsemi.com (John Brandon) writes: > Keith Lewis wrote:M >> If you run the BACKUP command interactively, ^T will give you current time L >> and block number.  Wait a few minutes and then ^T again, and do the math.N >> Don't forget to take into account that BACKUP blocks are not 512b (see HELP >> BACKUP_C /BLOCK). > I > Unfortanently the process runs in BATCH - no ^T option available to me.  >  > John Briggs wrote:F >> Multiply the number of operations by the blocksize to get number of >> bytes stored to tape. >>  J >> Multiply that by groupsize/(groupsize+1) to get number of bytes fetched
 >> from disk.  > 6 > Thanks John.  I kind of figured that may be the case > M > However, I was reading in the archives that a block size value greater than K > 32K (aprox) will not produce faster throughput/performance.  If I use the P > /BLOCK_SIZE then I could produce erroneous data if that value was greater than+ > 32K.  Is there another lexical out there?  > Q > Also I notice that the f$getdvi(device,"OPCNT") reports the accumulated count.  P > Is there a way to ZERO this value?  I see potential for overflows here or am I > wrong? >   > 	This came up before.  Paul Sture actually wrote a nice little! 	snippet to calculate throughput:   Y http://groups.google.com/groups?selm=3PktsJGcSIfx%40elias.decus.ch&oe=UTF-8&output=gplain   ) From: p_sture@elias.decus.ch (Paul Sture)  Newsgroups: comp.os.vms K Subject: Re: What features/capabilities would you like to see available on   OpenVMS? Date: 7 Sep 02 11:10:39 +0200      [snip]  C If you perform your backups using /LIST=some.file, then the snippet  below gets some rough totals.   5 (I've squashed the last bit to try to avoid wrapping)    -------- snip ---------   > $! full_name contains the full name of the BACKUP listing file2 $! temp_file contains a unique temporary file name $!B $       search 'full_name' total, of, files, blocks /match = and -%                 /output = 'temp_file' 4 $       open /read /error=get_file input 'temp_file' $       delete 'temp_file';** $       read input/end=no_search_info data $       close input  $       goto process_search < $no_search_info:             ! No data in search output file $       close input  $       goto get_file  $process_search:0 $       data = f$edit(data,"LOWERCASE,COLLAPSE")9 $       data = data - "files" - "total" - "of" - "blocks" # $       comma = f$locate(",", data) / $       no_of_files = f$extract(0, comma, data)  $       no_of_blocks = -B             f$extract(comma + 1, f$length(data) - comma - 1, data)& $       no_of_mb = no_of_blocks / 2048 $! $! round up if necessary $!> $ if f$extract (f$length(no_of_blocks) - 1, 1, no_of_blocks) -       .ges. 5 - "       then no_of_mb = no_of_mb + 16 $ output = file_name + " " + f$string(no_of_files) + -.       " files, " +  f$string(no_of_mb) + " Mb"= $ no_of_files = no_of_files - 0 ! convert variable to integer  $!= $ output = f$fao("!30AS !10SL !10SL !4SL !11AS", file_name, - 4   no_of_files, no_of_mb, elapsed_days, elapsed_time)   -------- snip ---------   8 (Those last 2 variables, elapsed_days, elapsed_time were8 derived earlier from the following code (I jumped into a) HLL for the time difference calculation).    $!F $! Get file creation and revision dates, to calculate the elapsed time $!5 $       created = f$file_attributes(full_name, "CDT") 5 $       revised = f$file_attributes(full_name, "RDT")    __
 Paul Sture Switzerland    ---    				Rob    ------------------------------  % Date: Mon, 29 Sep 2003 21:59:00 +0200 * From: Paul Sture <nospam@sture.homeip.net>* Subject: Re: BACKUP Throughput measurement0 Message-ID: <3F78AB24.618F79F3@sture.homeip.net>   John Brandon wrote:  > C > > I do my backups with a /LIST=filename, and keep the listings on F > > disk. I have a procedure which extracts the file and block counts,J > > and compares the creation and modification dates of the listing files. > > F > > I'd have to dig into the code for further details, as it's several > > years since I wrote it.  > > E > > BTW, keeping the listing files on disk is extremely handy when it L > > comes to restoring files from a multivolume tape set, as you can quicklyI > > locate which tape(s) the required files are on, and skip any previous 
 > > tapes. > I > I create the JOURNAL files - I had to create a command file to scan the G > journals for me - specify the filename and backup date - allowing for L > wildcards of course.  Too bad the list information is not contained in the > journal...  F I also have found journal files handy, and they are compressed too, ifE disk space is a concern. But I was very glad I wasn't using them when  VMS V7.2 broke them:    } >http://groups.google.ch/groups?q=comp.os.vms+backup+journal&hl=en&lr=&ie=UTF-8&selm=3770447F.78BC7B30%40winternet.com&rnum=9  --  
 Paul Sture   ------------------------------    Date: 29 Sep 2003 15:03:14 -0500 From: briggs@encompasserve.org* Subject: Re: BACKUP Throughput measurement3 Message-ID: <ocTBUNYbkHmt@eisner.encompasserve.org>   \ In article <03092913230655@dscis6-0.dalsemi.com>, brandon@dalsemi.com (John Brandon) writes: > John Briggs wrote:F >> Multiply the number of operations by the blocksize to get number of >> bytes stored to tape. >>  J >> Multiply that by groupsize/(groupsize+1) to get number of bytes fetched
 >> from disk.  > 6 > Thanks John.  I kind of figured that may be the case > M > However, I was reading in the archives that a block size value greater than K > 32K (aprox) will not produce faster throughput/performance.  If I use the P > /BLOCK_SIZE then I could produce erroneous data if that value was greater than+ > 32K.  Is there another lexical out there?   E Maybe I'm missing something.  You want to figure out how much data is G making it onto the tape, right?  How fast it gets there is not relevant $ to the correctness of those numbers.  < If you are using 65024 byte blocks, multiply OPCNT by 65024.< If you are using 32768 byte blocks, multiply OPCNT by 32768.  > As block sizes get larger and larger, performance is dominated> by transfer time.  It takes almost twice as long to transfer a8 65024 byte block as a 32768 byte block.  So at the 650248 block size, your backup involves half the OPCNT and eachB operation takes twice as long.  Elapsed time is just about a wash.  @ If you want to figure out how fast data makes it to tape, divide total bytes by elapsed time.   Simple.   Q > Also I notice that the f$getdvi(device,"OPCNT") reports the accumulated count.  P > Is there a way to ZERO this value?  I see potential for overflows here or am I > wrong?  C Unless you are planning on tracking a BACKUP job that is backing up B more than 16 terabytes to tape, OPCNT overflows are not a concern.  
 For instance:    $ start_count = %x7fffffff $ end_count = %x80000000* $ write sys$output end_count - start_count 1   B So even when the count wraps from maximum positive back to maximum1 negative, you won't have problems with the delta.   @ Eventually, you could get into issues with a delta of 2 billion.? Multiply that by the minimum block size of 8192 and you get the ? 16 terabyte figure I mentioned earlier.  Probably not a serious  concern.  Yet.  9 If you're incautious with your multiplication, and you're : dealing with 2+ gigabyte save sets, you could overflow the7 byte count.  Personally, I'd probably divide block size 7 by 512 and OPCNT by 2 before multiplying.  Then you get 3 your answer in kilobytes instead of bytes.  And you 6 overflow at 2 terabytes instead of 2 gigabytes.  Since8 block size is known to be a multiple of 512, this should( cost you a negligible loss in precision.   	John Briggs   ------------------------------  % Date: Mon, 29 Sep 2003 16:44:17 -0500 ( From: brandon@dalsemi.com (John Brandon)* Subject: Re: BACKUP Throughput measurement1 Message-ID: <03092916441765@dscis6-0.dalsemi.com>    John Briggs wrote:G > Maybe I'm missing something.  You want to figure out how much data is I > making it onto the tape, right?  How fast it gets there is not relevant & > to the correctness of those numbers.  E Yes, you are correct.  I believe you answered my question on the next 
 statement.  > > If you are using 65024 byte blocks, multiply OPCNT by 65024.> > If you are using 32768 byte blocks, multiply OPCNT by 32768.@ > As block sizes get larger and larger, performance is dominated@ > by transfer time.  It takes almost twice as long to transfer a: > 65024 byte block as a 32768 byte block.  So at the 65024: > block size, your backup involves half the OPCNT and eachD > operation takes twice as long.  Elapsed time is just about a wash.  1 That was my concern - as you expressed - thanks!    K > > Also I notice that the f$getdvi(device,"OPCNT") reports the accumulated 	 > count.  P > > Is there a way to ZERO this value?  I see potential for overflows here or am > I 
 > > wrong? > E > Unless you are planning on tracking a BACKUP job that is backing up D > more than 16 terabytes to tape, OPCNT overflows are not a concern.  M Since I do not do backups of anything larger than 100-GB (potential) then the 6 delta is not the problem - and I did not think it was.  N However - if the OPCNT is not recylced until a REBOOT, and if the server is upI for a number of months (or years) and backups are performed daily... what  then?    uptime = 300 days  OPCNT = 302,327,142   N My concern is what is the limit of OPCNT?  At what point does OPCNT roll-over?     Thanks John, good stuff!     J*o*h*n B*r*a*n*d*o*n  VMS Systems Administrator * firstname.lastname.spam.me.not@dalsemi.com   ------------------------------  # Date: Mon, 29 Sep 2003 19:09:11 GMT L From: winston@SSRL.SLAC.STANFORD.EDU ("Alan Winston - SSRL Admin Cmptg Mgr")! Subject: Re: BEA WebLogic and VMS 6 Message-ID: <00A26A0A.F4760F83@SSRL.SLAC.STANFORD.EDU>  W In article <3f78204a$1@usenet01.boi.hp.com>, "John Apps" <john.apps@compaq.com> writes:   J >Please let me know how much detail you want via email and I'll reply withI >what I have. Most of the customers using WebLogic on OpenVMS do not wish F >that fact to be know to a wide audience, hence the request for email. >   I Curious, not challenging: Why wouldn't they want that known?  And is the  A WebLogic part or the VMS part that they're trying to keep secret?    -- Alan  --  O =============================================================================== 0  Alan Winston --- WINSTON@SSRL.SLAC.STANFORD.EDUM  Disclaimer: I speak only for myself, not SLAC or SSRL   Phone:  650/926-3056 M  Paper mail to: SSRL -- SLAC BIN 99, 2575 Sand Hill Rd, Menlo Park CA   94025 O ===============================================================================    ------------------------------    Date: 29 Sep 2003 15:40:15 -0500- From: Kilgallen@SpamCop.net (Larry Kilgallen)  Subject: Re: BootCamp?3 Message-ID: <1CYAUGGITKMa@eisner.encompasserve.org>   c In article <BWxypJ9sISzW@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes:   L > I ended up sending email to Sue to get confirmation that I was registered,N > since the institutional confirmation mechanism is incompatible with VMSmail.  F After at least three failed attempts, the official registration people7 today managed to send confirmation email in plain text:   , > Content-type: text/plain; charset=us-ascii! > Content-transfer-encoding: 7BIT    ------------------------------  # Date: Mon, 29 Sep 2003 20:59:21 GMT " From:   VAXman-  @SendSpamHere.ORG Subject: Re: BootCamp?0 Message-ID: <00A26A33.81EF7855@SendSpamHere.ORG>  c In article <1CYAUGGITKMa@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes: d >In article <BWxypJ9sISzW@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes: > M >> I ended up sending email to Sue to get confirmation that I was registered, O >> since the institutional confirmation mechanism is incompatible with VMSmail.  > G >After at least three failed attempts, the official registration people 8 >today managed to send confirmation email in plain text: > - >> Content-type: text/plain; charset=us-ascii " >> Content-transfer-encoding: 7BIT     Lucky you... I got:    Content-Type: text/plain;          charset="iso-8859-1"+ Content-Transfer-Encoding: quoted-printable    Cursed Billywarez.  I ... and the invoice in Micro$not M$weird format.  Their only solution was 6 to snail mail me.  I'll be watching the snail mailbox.   --  L VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)COM             5   "Well my son, life is like a beanstalk, isn't it?"     ------------------------------  % Date: Mon, 29 Sep 2003 20:41:33 +0200 * From: Paul Sture <nospam@sture.homeip.net>) Subject: Re: DS10 vs. DS40 and HP support / Message-ID: <3F7898FD.74E672D@sture.homeip.net>    Nic Clews wrote: >  > Homer Simpson wrote: > > L > > I agree, getting a good refurbished DAT drive was *very* challenging.  IH > > came to the conclusion that they usually just can't be refurbed.  WeP > > sometimes had to run a cleaning tape through the replacement unit 6 times inI > > order for it to start working.  If it took more than 6 times, we just % > > re-ordered and red-tagged it DOA.  > > L > > DLT is a much better way to go.  I don't remember ever getting a DOA DLTP > > drive.  They have a much longer duty cycle too.  I steer everybody away fromL > > DAT.  They are not ready for prime time.  They will cause you more grief. > > than the higher price of a DLT ever would. > F > I've used DAT in its audio form, and found drives to be problematic.H > Generally if mastering from a live performance you'd have a minimum ofE > two DAT machines running, because in practice the likelihood of one  > failing is quite high. > H > Also, you worked pretty quickly to transfer to another digital medium.C > You could put the tape in a drive, and the tape could be rendered  > useless by a bad drive.  > * > I'd never trust archive data to a DAT... >   E Coincidentally, a DAT drive mangled a tape for me this week. Not just > stretched or snapped, more like powder. I've never seen a tape destroyed as badly before.  E > DAT is 4 mm, very thin base for a helical scan drive. 8mm figures a J > little better for reliability but lost favour (others experiences of 8mm > may differ!) > J > I think Quantum had a campaign starting "For DIS use DAT..." which was aI > reference to the music industry of the time, and it compared data rates ' > for DLT to helical scan technologies.  > G > DAT is OK for data transfer and a backup process where if the current E > tape fails you're OK recovering from an earlier copy, and you don't   > intend any long-term recovery. >  > --A > Regards, Nic Clews a.k.a. Mr. CP Charges, CSC Computer Sciences  > nclews at csc dot com    --     --  
 Paul Sture   ------------------------------  % Date: Mon, 29 Sep 2003 21:36:09 -0500 ( From: Rich Jordan <duodec@speakeasy.net>) Subject: Re: DS10 vs. DS40 and HP supportr2 Message-ID: <zSCdnX9XMuFFduWiXTWc-w@speakeasy.net>   Nic Clews wrote: > Homer Simpson wrote: > J >>I agree, getting a good refurbished DAT drive was *very* challenging.  IF >>came to the conclusion that they usually just can't be refurbed.  WeN >>sometimes had to run a cleaning tape through the replacement unit 6 times inG >>order for it to start working.  If it took more than 6 times, we justd# >>re-ordered and red-tagged it DOA.  >>J >>DLT is a much better way to go.  I don't remember ever getting a DOA DLTN >>drive.  They have a much longer duty cycle too.  I steer everybody away fromJ >>DAT.  They are not ready for prime time.  They will cause you more grief, >>than the higher price of a DLT ever would. >  > F > I've used DAT in its audio form, and found drives to be problematic.H > Generally if mastering from a live performance you'd have a minimum ofE > two DAT machines running, because in practice the likelihood of one  > failing is quite high. >  >... > * > I'd never trust archive data to a DAT... > E > DAT is 4 mm, very thin base for a helical scan drive. 8mm figures akJ > little better for reliability but lost favour (others experiences of 8mm > may differ!) >  >   F We've actually used DAT as the primary backup and archive media since F 1989; DLT was/is not affordable, and DAT had the capacity.  We rotate G daily tapes and weekly tapes (dailys last about 4 months used once per  F week), and each quarter run a brand new tape for archive.  I recently F had occasion to search through 1989-1991 archives (60M tapes) using a C TLZ09 in a VAX; only one tape failed, and one tape had recoverable MF errors.  Really not too bad for 12 year old recordings, though I told G the powers that be that they should consider alternate methods if they n% need to keep that data around longer.?  F Additionally our first Archive Python and our first TLZ04 both lasted C for many many years doing nightly backups.  Seems the higher drive eH capacity gets (and perhaps the thinner the tape gets) the worse overall I reliability gets.  A new Seagate 12/24 died a few weeks after its 1 year SD warranty, and we have a 10 month old Sony 9000 12/24 that is giving  signs of impending doom too.   Rich Jordan    ------------------------------  % Date: Mon, 29 Sep 2003 21:24:03 -0500t1 From: "David J. Dachtera" <djesys.nospam@fsi.net> 9 Subject: Re: Elapsed time through the lex. func. f$getjpie' Message-ID: <3F78E943.6983771C@fsi.net>n   "Keith A. Lewis" wrote:i >  > "David J. Dachtera" <djesys.nospam@fsi.net> writes in article <3F74E850.B6C4DA36@fsi.net> dated Fri, 26 Sep 2003 20:30:56 -0500:E > >This will work as long as the actual "Connect time" doesn't exceede > >23:59:59.99:n > ( > ..and the process is home by midnight.  	 Well, ...e  3 $ say f$cvtime( "03:00:00.00-23:45:00.00",,"time" )r 03:15:00.00a   Looks good to me...(   -- a David J. Dachtera- dba DJE Systems- http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/u   ------------------------------  # Date: Mon, 29 Sep 2003 17:38:06 GMT.& From: jlsue <jefflsxxxz@sbcglobal.net>; Subject: Re: EVA question: How many vdisks should I create?.8 Message-ID: <0drgnv0lllsqi50p2gqveam31r0n1pa6ij@4ax.com>  D On 25 Sep 2003 14:09:35 -0700, svieth@wi.rr.com (Scott Vieth) wrote:   >Hi: > F >In one of the EVA-related sessions in Atlanta (HP World) a few monthsE >back, there was a discussion about the "queue depth" of various OS'seC >and that it beneficial to create more vdisks to present to a givenpF >host to increase the throughput that you would see from the EVA.  The+ >chatter centered around Windows and Tru64.n >  >What about VMS? >   B This is all news to me.  Our normal config would be as few LUNs asJ possible, with as many disk spindles in the group as possible.  Regardless
 of the OS.  I There are other more pressing considerations in the area of managing verynI large LUNs (backup, restore, dept. ownership of xxGB, whatever).  Most of.G these can be alleviated by changes in operating procedures (though, not I always the political ones can be solved).  If that's not an issue in yourl> shop, then larger LUNs should work fine, regardless of the OS.   ------------------------------  # Date: Mon, 29 Sep 2003 18:02:41 GMT ' From: Don Sykes <anonymous@pacbell.net>.I Subject: Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)-* Message-ID: <3F78746B.D335831@pacbell.net>  9 The protocol draft has been updated. The changes include: E 1) Defining the parties involved as Email Service Providers (ESP) and : referencing them as domain names instead of IP addresses. F 2) Adding explicit attachment info in phase 1 describing MIME type and
 size for eachu= 3) Adding explicit attachment steps in phase 2 to receive thee attachmentsmH 4) Removed the explicit $1M bond requirement, for a general statement of financial worthiness. 1 5) Added "suggested" actions for the receiver ESPd$ 6) Modified the no relay requirement; 7) Added explicit info that must be maintained by the ESP'su  H Most of these changes were made due to specific comments from cov users.H For those interested in making this a workable solution, please keep theC comments coming. At some point (4-6 weeks?) I would like to issue aIG press release and include the names of all who provided suggestions (iff they don't object).    Don Sykes wrote:   > H > At this point I'm fairly convinced that the implementation of fees viaI > central gateways &/or routers is not workable. So I have come up with apF > protocol that implements e-mail in 2 phases: a meta phase and a dataF > phase. In phase 1, all the info about the email is sent to the open,D > listening port of the receiver. Then the link is dropped, by both.D > Phase 2 must be initiated by the receiver, so they are in completeG > control of the transmission and final delivery and at that point theyu > can also charge a fee. > G > A first draft is available at http://alphase.com/vms/FBEProtocol.htmlu > G > Serious suggestions are more than welcome, but please no nit-picking.o9 > This is a early, early draft. A suggestion, if you willy >  > -- >  > Have VMS, Will Traveln > Wire paladin, San Francisco  >  > (paladinATalphaseDOTcom)   -- d   Have VMS, Will Travelh Wire paladin, San Francisco    (paladinATalphaseDOTcom)   ------------------------------  + Date: Mon, 29 Sep 2003 22:22:45 +0000 (UTC)i From: david20@alpha2.mdx.ac.ukI Subject: Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)r) Message-ID: <blabbl$ivi$1@news.mdx.ac.uk>   o In article <bl8sbo$76d$1@n.ruf.uni-freiburg.de>, gartmann@non.immunbio.mpg.de.sens (Christoph Gartmann) writes: X >In article <vneq85k9t5cm83@news.supernews.com>, "John Vottero" <John@mvpsi.com> writes:N >>How is my ISP going to count the e-mails that I send?  They don't go throughM >>the ISP's SMTP server.  The ISP only sees raw packets.  Good luck trying to , >>turn packets into a count of e-mails sent. >gK >As I stated, it is manageable. It is sufficient to get an estimate number.p >r? >>How are you going to prevent spoofing the sending IP address?i > K >No need for that. From the ISPs point of view, it simply needs to count or L >observe the packets that come via your interface or channel or whatever youM >call it. The sender's IP address is simply not relevant. The only thing thatoO >counts is that it is a packet dedicated to port 25 and coming to your ISP frommN >your site. The ISP will have to make sure that it counts each connection only >once.  I Your site ? A fee based system cannot possibly work without 100% accuracy L in determining who sent a message. Nowadays you can spoof a switched network with publicly available tools.   >tL >>> >> Again, I suggest that only large network carriers are required to pay >>the 	 >>> >fee.o >>> >vB >>> >Large network carriers don't send e-mail, they route packets. >>>nN >>> Of course, but with my approach they'll have to look at the packets. It is >>noteK >>> much that I require, only packets to port 25 from outside their networka	 >>have ton9 >>> be considered and only the first few in a connection.r >>>,   Receiving ISP :-  K Hotmail my records show a port 25 connection from a.b.c.d at 23:30:00.05 ono 28th september 2003 BSTy  
 Hotmail :-  A Our records show that noone had that address at that time. Sorry.0    
 Now what ?G Receiving ISP tries to sue hotmail across international boundaries for   a miniscule sum ?w  , Receiving ISP blocks all mail from hotmail ?  D There are some ISPs like hotmail which are so widely used that it isH politically impossible to block them even if they are harbouring tons ofJ spammers. I'd be lynched by my management if I suggested blocking hotmail.   >>@ >>How do they know which ones are the first few in a connection? >oG >Shouldn't be that difficult. A typical firewall does this already. Thei' >algorithm should be easy to implement.3 >1  N Port 25 connections tell you a connection attempt was made. Doesn't tell you aN mail message was delivered. If a message has to be retried because of problemsO with the receiver's system the sender would be being charged for every deliveryp= attempt even if this ran into thousands of delivery attempts.   J Also this would be a lovely new game for hackers. Spoof an IP address and ? connect repeatedly to port 25 on a "fee based systems" mailhub.     
 David Webb VMS and Unix team leader CCSS Middlesex University        	 >Regards,  >   Christoph Gartmann >  >-- F > Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452 > ImmunbiologieuJ > Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de > D-79011  Freiburg, Germany: >               http://www.immunbio.mpg.de/home/menue.html   ------------------------------  % Date: Mon, 29 Sep 2003 20:15:17 -0400   From: John Santos <JOHN@egh.com>I Subject: Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...) 4 Message-ID: <1030929201031.403C-100000@Ives.egh.com>  - On Sat, 27 Sep 2003, David J. Dachtera wrote:9   > JF Mezei wrote:5 > >  > > Bill Todd wrote:: > > > > You are assuming all ISPs would charge for emails. > > >LG > > > Yes, because it would be a legal requirement for their operation.- > > I > > Nop. Go back to the roots of the internet. A collection of *separate* O > > interconnected networks. The USA has no jurisdiction over a Korean network.>3 > > Getting everyone to agree would not make sense.  > 4 > Many things happen even though they make no sense. > B > Take so-called "opt-in" lists, for example. By using the serviceG > generating the list (home delivery of a purchased item, for example),sH > you are assumed to have opted-into the list and any generated from it.3 > Makes no sense, but that's how "the world" works.o  E That's not an "opt-in" list.  If you don't have to explicitly opt-in,uD (with the default being "NO"), but you do have an opportunity to optF out, then it's an "opt-out" list.  If neither, then it's SPAM pure and simple.e  D Just because the spammer claims it is an opt-in list doesn't make it" so.  Remember the 3 rules of SPAM:   1) Spammers lie. 2) See rule #1 3) Otherwise see rule #1.e   -- t John Santosr Evans Griffiths & Hart, Inc. 781-861-0670 ext 539   ------------------------------  % Date: Mon, 29 Sep 2003 21:20:31 -0500a1 From: "David J. Dachtera" <djesys.nospam@fsi.net>nI Subject: Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)t' Message-ID: <3F78E86F.A8AE636A@fsi.net>    John Santos wrote: > / > On Sat, 27 Sep 2003, David J. Dachtera wrote:e >  > > JF Mezei wrote:t > > >u > > > Bill Todd wrote:< > > > > > You are assuming all ISPs would charge for emails. > > > >rI > > > > Yes, because it would be a legal requirement for their operation.y > > > K > > > Nop. Go back to the roots of the internet. A collection of *separate*rQ > > > interconnected networks. The USA has no jurisdiction over a Korean network. 5 > > > Getting everyone to agree would not make sense.  > > 6 > > Many things happen even though they make no sense. > > D > > Take so-called "opt-in" lists, for example. By using the serviceI > > generating the list (home delivery of a purchased item, for example),lJ > > you are assumed to have opted-into the list and any generated from it.5 > > Makes no sense, but that's how "the world" works.  > & > That's not an "opt-in" list.  [snip]  G You know that. I know that. I suspect the bulk of the group knows that.i  - Trouble is, your legislators DON'T know that!t   -- g David J. Dachtera@ dba DJE Systems> http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  % Date: Mon, 29 Sep 2003 21:53:18 -0400m( From: David Froble <davef@tsoft-inc.com>I Subject: Re: Fee Based Email (From Re: Process's PreciseMail AntiSpam...)h, Message-ID: <3F78E20E.2010100@tsoft-inc.com>   >>JF Mezei wrote:  >> >>>Bill Todd wrote:e >>> 7 >>>>>You are assuming all ISPs would charge for emails.L >>>>> E >>>>Yes, because it would be a legal requirement for their operation.t >>>>H >>>Nop. Go back to the roots of the internet. A collection of *separate*N >>>interconnected networks. The USA has no jurisdiction over a Korean network.2 >>>Getting everyone to agree would not make sense.  M The real issue is that if something isn't done to stop, or at least put some eP limits on spam, it will totally destroy the usefulness of internet e-mail.  For K the last several weeks over 90% of what I've received, was unsolicited and c/ undesired.  And I may be one of the lucky ones!c  O So, why a fee?  It's really a bad thing, but possibly the only thing that will gQ get those who use spam for marketing to be a bit more descreet in whom they send nQ e-mails.  If it's possible to do it without fees, I'm all for it, but rules just -N don't work with spammers.  The almighty dollar will get their attention, even I better than a 2x4 up alongside their head, (though the 2x4 might be more s satisfying to some of us).  P So, if the USA has no jurisdiction over a Korean ISP, so what, all traffic from I the Korean ISP (and any others who refuse to combat spam) can be totally  J blocked.  If that doesn't bother them, fine.  If they start losing paying L customers, they might choose to reconsider.  Spammers usually aren't paying C customers.  Why would any business choose to defend their activity?   I I keep getting spam from the same sources.  If the spammer would see the (P futility of sending me e-mails, and it cost him to do so, he would quit.  As it O is, it doesn't cost him anything to continue to dump on me, and John was a bit eL wrong when he stated the 3 rules about spammers, with all of them being the Q same.  Either change one, or add a fourth, 'spammers don't care'!  Well, they'll  , care when it costs them to send the e-mails.   Dave   --  4 David Froble                       Tel: 724-529-04504 Dave Froble Enterprises, Inc.      Fax: 724-529-0596> DFE Ultralights, Inc.              E-Mail: davef@tsoft-inc.com 170 Grimplin Roado Vanderbilt, PA  15486e   ------------------------------  + Date: Mon, 29 Sep 2003 21:37:09 -0500 (CDT)i From: sms@antinode.org Subject: HP ITRC lameness ) Message-ID: <03092921370897@antinode.org>t  D    Ok, I finally got around to registering st the HP ITRC site.  CanG anyone tell me why, when a user ID looks like "CA1000000", that a "UservD ID or E-mail" should be "(case-sensitive)"?  This sort of thoughtful= design makes results like the following easier to understand:-  @ message is specified by the uiMsgKey stored in ErrorInfoBean -->F The service you are trying to access is currently unavailable.  Please try again later.   <BR><BR>   <!-- Finally, add errorCode -->l <I>  UNKNOWN  </I>  F    That was with Mozilla 1.4 with JavaScript enabled.  With Netscape 3& and no JavaScript, I got a much nicer:   service unavailable   E The service you are trying to access is currently unavailable. Pleasee try again later. c  
 CISS-10000  G    Yes, this is clearly a major advance over the old, Compaq Web site. t? Transmitting the password as plain text in an URL may provide aiF potential cracker with a punishment to fit his crime, namely access to this "service".   H ------------------------------------------------------------------------  4    Steven M. Schweda               (+1) 651-699-98183    382 South Warwick Street        sms@antinode,orgo    Saint Paul  MN  55105-2547    ------------------------------  # Date: Mon, 29 Sep 2003 19:18:17 GMTfL From: winston@SSRL.SLAC.STANFORD.EDU ("Alan Winston - SSRL Admin Cmptg Mgr")@ Subject: Re: HP to Linux users: "Go ahead.  I've got your back."6 Message-ID: <00A26A0C.3A02A3B5@SSRL.SLAC.STANFORD.EDU>  x In article <UEUioLumg82f@eisner.encompasserve.org>, clubley@remove_me.eisner.decus.org-Earth.UFP (Simon Clubley) writes: >In article <bl12gi$i7v$1@new-usenet.uk.sun.com>, Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes:e >> Simon Clubley wrote:n >>>  >yK >Isn't it just possible that Sun has done it's Open Source work, not out ofdJ >the goodness of it's heart, but because it's trying hard to find a way toL >appear relevant in a world that considers Linux, and not Solaris/Sun, to be >the cool fashionable thing ?   M It's unlikely, given that Sun has invented and released intellectual propertytN (like NFS, for example) since before either Linux or Open Source (tm, I think)N was invented.  (Not before freeware and shareware exchange was invented; DECUS. was doing that stuff before Sun was invented.)  J That might be a motivation to _continue_ Open Source development, freeware; contributions, etc, but it can't be the reason Sun started.>  F >Isn't it also possible that if there was damage to Linux's image thenI >people could start coming back to Sun, especially if Sun were not blamedm$ >as the company that damaged Linux ?   Maybe.   >PN >In other words, isn't it all about Sun trying to find a strategy that ensures- >that Sun remains relevant to today's world ?    But isn't everybody?     > G >[The image I have is one half of Sun saying we must remain relevant by>G >embracing the open source ideals, the other half saying we must remain   >relevant by attacking Linux...]  9 Which aren't, in fact, entirely irreconcilable positions.b   -- Alan    -- oO =============================================================================== 0  Alan Winston --- WINSTON@SSRL.SLAC.STANFORD.EDUM  Disclaimer: I speak only for myself, not SLAC or SSRL   Phone:  650/926-3056 M  Paper mail to: SSRL -- SLAC BIN 99, 2575 Sand Hill Rd, Menlo Park CA   94025oO ===============================================================================s   ------------------------------    Date: 29 Sep 2003 13:09:45 -0700( From: bob@instantwhip.com (Bob Ceculski)? Subject: Re: HP to Linux users: "Go ahead. I've got your back."t= Message-ID: <d7791aa1.0309291209.28c32d22@posting.google.com>S   Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> wrote in message news:<bl8tl1$956$1@new-usenet.uk.sun.com>...t > John Santos wrote:A > > On Fri, 26 Sep 2003, Andrew Harrison SUNUK Consultancy wrote:  > >  > >  > >>Simon Clubley wrote: >  a > >>- > >>If you want a sub 30K 4 CPU server ditto.  > >  > > H > > Why would they care one iota about how many CPU's it has?  Shouldn'tD > > people be concerned with price and performance, whether it's one > > CPU or a hundred?! > >  > $ > Do you really think that, how odd. > B > Utilisation is one of the biggest issues facing IT organisationsA > when we started replacing all the HP's at my current engagement=C > the average utilisation for their datacenter HP servers was ~10%.dC > This is lower than a lot of IT shops, with 15-20% being closer too > the norm.  > B > So price is important, footprint is important, performance isn'tB > unless you don't have enough to meet the throughput requirements > for you peak load. > > > We are rolling out 120 V240's for a supply chain applicationF > the alternative were HP DL380 2 CPU Wintel Servers. The ISV providedJ > a spec for the HW platform for SPARC/Solaris and x86/Windows using theirA > capacity planning throughput tests. They ended up with the sameo@ > number of systems SPARC or x86, the customer chose Sun because2 > over 3 years we were way cheaper than the DL380. > B > The hardware is pretty much the same price but you get stung forE > ~6K over 3 years for Windows plus support, Solaris is included with"
 > the Sun. > 	 > Regards_ > Andrew Harrison   . and of course security like windoze is not ...   ------------------------------  # Date: Mon, 29 Sep 2003 18:08:05 GMTd# From: hoff@hp.nospam (Hoff Hoffman)-. Subject: Re: Info on Known VMS Exploits/Cracks2 Message-ID: <9y_db.5889$PY7.1838@news.cpqcorp.net>  g In article <4f27336e.0309270611.6372563b@posting.google.com>, jnez367@yahoo.com (Jerry Nezlick) writes:s  K   No offense is intended here, but why should I trust someone posting from eK   a generic Yahoo username that is requesting a list of exploits?  (Please  J   look at this from my perspective, too -- this question could be entirelyH   honest and entirely reasonable, or could easily be one of the classic I   social-engineering technique used to breach system security.  How can ID   differentiate which?)e  M :I think my VMS server was cracked some time in the past.  I see connections m@ :opening on strange ports when no one should be on the system.    D   You have auditing and alarms enabled, right?  If not, start there.?   You have a firewall established, right?  If not, start there. G   You have audited who has privileged on your system, right?  If not...tG   You are familiar with the information on securing your system, right?d  : :(Outgoing to ports 113, 80, 6667, 6668.  Destinations are :usually in Asia.)    I   80 is http.  113 is the ident protocol.  6667 and 6668 are usually irc.u  ' :Is there a source that will list knownfA :exploits/cracks of VMS?  I have tried CERT and security focus.  m :Have not found much.e  G   There are few such bugs and few such lists.  Various of the security iH   breaches I am most familiar with were "inside jobs"; security breaches/   or unauthorized actions taken by local users.   J   Once you confirm you have actually had a security breach, it is best to I   follow the "what to do after a security breach" section of the securityuI   manual -- and getting to the current versions and ECOs, and get to work ;   verifying your trusted users and your code and your data.p  H   Knowing the exploits is interesting to some folks (and to the hackers,I   in particular), but will not help you in your current situation seeking G   to clean up the mess.  (Exploits can show how to get in but not what JG   specific technique was used, nor what to do once your system has beenrC   compromised.  What you will want to be centrally interested in is>F   cleaning up after the mess -- hackers have a habit of leaving trojanG   horses or backdoors, which is why knowing the exploit(s) is generally I   less useful than the brute-force cleanup and upgrade/ECO efforts -- andl)   the security manual covers that topic.)o  N  ---------------------------- #include <rtfaq.h> -----------------------------K     For additional, please see the OpenVMS FAQ -- www.hp.com/go/openvms/faqlN  --------------------------- pure personal opinion ---------------------------E         Hoff (Stephen) Hoffman   OpenVMS Engineering   hoff[at]hp.coms   ------------------------------  % Date: Mon, 29 Sep 2003 15:11:36 -04000' From: "Main, Kerry" <kerry.main@hp.com> 1 Subject: RE: Linux is the favourite hacker targetbR Message-ID: <FD827B33AB0D9C4E92EACEEFEE2BA2FB0D86FD@tayexc19.americas.cpqcorp.net>   >=20 > -----Original Message-----= > From: Greg Cagle [mailto:news@*removethis*gregcagle.com]=20t# > Sent: September 29, 2003 11:23 AMn > To: Info-VAX@Mvb.Saic.Comh >=20* > Andrew Harrison SUNUK Consultancy wrote: >=20J > > So I have stayed and its rather like walking with dinsoaurs some of=20
 > > the time.e >=20B > Pretty funny - of course you don't see yourself as one of the=20 > dinosaurs, do you? 8^) >=20 > -- > Greg Cagle > gregc at gregcagle dot com >=20 >=20 Greg,    Re: dinosaurs ..  F Well, since Solaris is based on an architecture that pre-dates OpenVMSF V1 by about 8 years, I guess that would put Andrew in the pre-dinosaur age.  3 Anyone know what the offical name for that age was?_   :-)   
 Kerry Main Senior Consultantd HP Services Canada Voice: 613-592-4660t Fax: 613-591-4477  Email: kerryDOTmainAThpDOTcomm. (remove the DOT's and AT for email address)=20   ------------------------------    Date: 29 Sep 2003 13:05:31 -0700( From: bob@instantwhip.com (Bob Ceculski)1 Subject: Re: Linux is the favourite hacker targetn< Message-ID: <d7791aa1.0309291205.f447e46@posting.google.com>   Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> wrote in message news:<bl8vr0$9ol$1@new-usenet.uk.sun.com>...l > I > Actually I have explained on a number of occasions, Rob Young started aTF > Sun FUDfest on this newsgroup a few years ago which turned out to be > complete BS. > H > No one likes to see people concocting arrant BS about the company theyG > work for (even if as Rob suggests this was just a cut and paste error * > on his part) and I was bound to respond. > F > When I did I also discovered a group with a prevailing attitude that1 > previous posters points describe only too well.D > I > So I have stayed and its rather like walking with dinsoaurs some of thes > time.h > 	 > Regardst > Andrew Harrisonc  ? actually, Andrew is like most other unix/linux users and is in r? complete denial of the current and past cert figures ... what I,: gather from him is that "cert" is a dirty word in the unix, community, certainly the slowaris one ... :)   ------------------------------  % Date: Mon, 29 Sep 2003 21:53:30 -0400s  From: John Santos <JOHN@egh.com>1 Subject: RE: Linux is the favourite hacker targetm4 Message-ID: <1030929214814.403B-100000@Ives.egh.com>  ' On Mon, 29 Sep 2003, Main, Kerry wrote:    > >  > > -----Original Message-----= > > From: Greg Cagle [mailto:news@*removethis*gregcagle.com] t% > > Sent: September 29, 2003 11:23 AMi > > To: Info-VAX@Mvb.Saic.Coms > > , > > Andrew Harrison SUNUK Consultancy wrote: > > J > > > So I have stayed and its rather like walking with dinsoaurs some of  > > > the time.w > > B > > Pretty funny - of course you don't see yourself as one of the  > > dinosaurs, do you? 8^) > >  > > -- > > Greg Cagle > > gregc at gregcagle dot com > >  > >  > Greg,t >  > Re: dinosaurs .. > H > Well, since Solaris is based on an architecture that pre-dates OpenVMSH > V1 by about 8 years, I guess that would put Andrew in the pre-dinosaur > age. > 5 > Anyone know what the offical name for that age was?i >  > :-)r  D The Paleozoic era, consisting of the Cambrian, Ordovician, Silurian,; Devonian, Mississippian, Pennsylvanian and Permian periods.    -- c John Santost Evans Griffiths & Hart, Inc. 781-861-0670 ext 539   ------------------------------  % Date: Mon, 29 Sep 2003 16:46:03 -0400t From: norm.raphael@metso.com Subject: Logical names question ? Message-ID: <OF68011B10.FA0C1519-ON85256DB0.00717C34@metso.com>1  = <I define a logical name, and an executive_mode logical name,L: then delete one and the other stays (as I expected) but if5 I delete the executive_mode one, they are both gone.>n   $ defi/proc norm foo $ defi/proc/exec norm foop   $ sho log norm*q   (LNM$PROCESS_TABLE)s     "NORM" [super] = "FOO"   "NORM" [exec] = "FOO"I     $ deass/proc norm  $ sho log norm*    (LNM$PROCESS_TABLE)c     "NORM" = "FOO"     $ sho log norm*/full    (LNM$PROCESS_TABLE)     [kernel]3                         [no protection information]o     "NORM" [exec] = "FOO"?  
 <As expected>e   $ defi/proc norm foo $ sho log norm*t   (LNM$PROCESS_TABLE)      "NORM" [super] = "FOO"   "NORM" [exec] = "FOO"=     $ deass/proc/exec norm $ sho log norm*    (LNM$PROCESS_TABLE)O   (LNM$JOB_8118ED40)     (DECW$LOGICAL_NAMES)5 %SHOW-S-NOTRAN, no translation for logical name NORM*  $P  0 <DEASSIGN /EXEC seems to have deleted _both_ the4 executive_mode and non-executive_mode logical names.& Is this expected/documented behavior?>   ------------------------------  % Date: Mon, 29 Sep 2003 22:50:38 +02005* From: Paul Sture <nospam@sture.homeip.net># Subject: Re: Logical names questione0 Message-ID: <3F78B73E.463126B0@sture.homeip.net>   norm.raphael@metso.com wrote:e > ? > <I define a logical name, and an executive_mode logical name, < > then delete one and the other stays (as I expected) but if7 > I delete the executive_mode one, they are both gone.>n >  > $ defi/proc norm foo > $ defi/proc/exec norm foot >  > $ sho log norm*  >  > (LNM$PROCESS_TABLE)e >  >   "NORM" [super] = "FOO" >   "NORM" [exec] = "FOO"t >  > $ deass/proc normt > $ sho log norm*a >  > (LNM$PROCESS_TABLE)c >  >   "NORM" = "FOO" >  > $ sho log norm*/full > " > (LNM$PROCESS_TABLE)     [kernel]5 >                         [no protection information]  >  >   "NORM" [exec] = "FOO"S >  > <As expected>n >  > $ defi/proc norm foo > $ sho log norm*> >  > (LNM$PROCESS_TABLE)r >  >   "NORM" [super] = "FOO" >   "NORM" [exec] = "FOO"c >  > $ deass/proc/exec norm > $ sho log norm*g >  > (LNM$PROCESS_TABLE)d >  > (LNM$JOB_8118ED40) >  > (DECW$LOGICAL_NAMES)7 > %SHOW-S-NOTRAN, no translation for logical name NORM*  > $n > 2 > <DEASSIGN /EXEC seems to have deleted _both_ the6 > executive_mode and non-executive_mode logical names.( > Is this expected/documented behavior?>     From HELP/DEASSIGN :  	  DEASSIGNt     /EXECUTIVE_MODE-  @      Requires SYSNAM (system logical name) privilege to deassign"      executive-mode logical names.  A      Deletes only entries that were created in the specified mode B      or an outer (less privileged) mode. If you do not have SYSNAM(         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @     privilege for executive mode, a supervisor-mode operation is
      assumed.       -- M
 Paul Sture   ------------------------------  % Date: Mon, 29 Sep 2003 17:37:55 -0400a From: norm.raphael@metso.com# Subject: Re: Logical names question,? Message-ID: <OF54C34182.5BAC82DF-ON85256DB0.0076B940@metso.com>i  
 Thanks, Paul.R@ I guess that _is_ expected/documented behavior.  Test and Learn. -Norme  B From:  Paul Sture <nospam@sture.homeip.net> on 09/29/2003 04:50 PM  6 Please respond to Paul Sture <nospam@sture.homeip.net>   To:    Info-VAX@Mvb.Saic.Com cc:i  & Subject:    Re: Logical names question     [snip]  2 > <DEASSIGN /EXEC seems to have deleted _both_ the6 > executive_mode and non-executive_mode logical names.( > Is this expected/documented behavior?>     From HELP/DEASSIGN :  	  DEASSIGN      /EXECUTIVE_MODEm  @      Requires SYSNAM (system logical name) privilege to deassign"      executive-mode logical names.  A      Deletes only entries that were created in the specified modeyB      or an outer (less privileged) mode. If you do not have SYSNAM'         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^u@     privilege for executive mode, a supervisor-mode operation is
      assumed.s     --
 Paul Sture   ------------------------------  % Date: Mon, 29 Sep 2003 20:17:57 -0400p* From: JF Mezei <jfmezei.spamnot@istop.com># Subject: Re: Logical names questionp) Message-ID: <3F78CB9A.1CA12CB4@istop.com>l   Paul Sture wrote: B >      Requires SYSNAM (system logical name) privilege to deassign$ >      executive-mode logical names. > C >      Deletes only entries that were created in the specified modea* >      or an outer (less privileged) mode.  G Perhaps the "OR" should be changed to an "AND" to make it more obvious.r  H I guess the thought behind all this was that when you have an "official"L definition for a logical name (for instance, pointing to a shareable image),N if you delete that exec logical, you woudn't want lower level logicals to come( into force, pointing to some other file.   ------------------------------  # Date: Mon, 29 Sep 2003 17:58:34 GMTa& From: Rick Jones <foo@bar.baz.invalid> Subject: Re: Nice touch, AMD2 Message-ID: <ep_db.5887$vX7.2037@news.cpqcorp.net>  P Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> wrote: > Rick Jones wrote:CC >> I'm afraid that at least some of your understanding is in error.o   > Humm  5 > http://docs.hp.com/hpux/pdf/A2375-90003.pdf page 37-  A > Suggests that HP-UX 10.xx when running on the HP K Series could@ > address up to 8 GB of RAM.  C Which page number of the 146 in the document says that HP-UX 10 cane address > 4GB of RAM?  t  F Indeed, the system hardware of the K Series could hold up to that muchD RAM, (page 2.13 for example) but to address that much RAM required a 64-bit HP-UX 11 kernel.   E I suspect the reference to HP-UX 10 you saw on page 1-1 was vestigialuD from the pre-HP-UX 11 days - the first versions of the document dataA from 1995, two years before HP-UX 11 shipped.  The version of the ; document online at docs.hp.com is the January 1998 version.D  
 rick jones -- h= portable adj, code that compiles under more than one compilerrF these opinions are mine, all mine; HP might not want them anyway... :)A feel free to post, OR email to raj in cup.hp.com  but NOT BOTH...e   ------------------------------  # Date: Mon, 29 Sep 2003 21:38:42 GMTa# From: "John Smith" <a@nonymous.com>n Subject: OT: sort of - To SuewH Message-ID: <CD1eb.43655$3r1.16542@news02.bloor.is.net.cable.rogers.com>   Bill Gunshannon wrote: > In articleC > <rdeininger-2509031945070001@user-105n8gg.dialup.mindspring.com>,s9 > rdeininger@mindspringdot.com (Robert Deininger) writes: < >> In article <bkv3r6$6bigf$1@ID-135708.news.uni-berlin.de>, >> bill@cs.uofs.edu wrote: >>E >>> Ummmm..  I'm the one who proposed the possibility of some portingLE >>> projects that would count for academic credit (at least we have aa@ >>> projects course here where that would work)  Compaq (yes, itB >>> predated the merger) provided a machine and one years worth of
 >>> licenses.nD >>> And it was greatly appreciated.  Sadly, more is needed.  WithoutE >>> experience no student is going to commit to a project he can't beaB >>> sure of being able to finish.  And that comes back to the sameH >>> argument again.  We need the ability to set up labs that can supportF >>> multiple servers and multiple users.  The current EDU program does >>> not do this. >>D >> The Edu program does allow for multiple systems, and 25 users per+ >> system. And a bunch of layered products.i >rG > I am not sure which EDYU program you are talking about, but the last4G > official one I saw required every user to have their opwn license anddG > have that licens loaded when they used the system.  Classroom machinerF > required the administration and control of the appropriate professor@ > (yeah, like that's ever going to happen, shows a total lack of@ > knowledge and understanding of the academic world)  The use of? > machines in labs is not addressed in a meaningful way at all.  >v >>@ >> Is that not enough, or is there something about the terms and+ >> conditions that keeps you from using it?5 >0C > See above!  When it first came out, numerous people from academiceD > environments commented on this.  To the best of my knowledge, noneC > of this has changed.  I must say again, I find it totally amazingrB > that HP now (in publicly stated messages) accepts the use of theD > Hobbyist Program for at least the early development of potentiallyD > commercial products and yet can not put a simple sentence into theB > License itself stating that it is acceptable for educational useH > where that is purely educational and not related to the administration! > of the educational institution.l       Sue,  L Ask carly(tm) to come to the November VMS fest in New Hampshire. She's aboutL due back for a new t-shirt anyway (I'm sure she wore out the 1st one she was given last year).s  J She can meet some real customers for a change and hear firsthand what theyJ have to say about the educational licensing issue, lack of advertisng, andL all the other negatives, as well as all the positive things they have to say
 about VMS.  > Or is she in Davos then, eating caviar and swilling champagne?   ------------------------------  % Date: Mon, 29 Sep 2003 14:47:25 -0400 * From: JF Mezei <jfmezei.spamnot@istop.com>. Subject: Re: OT: Talk about bad luck (Halifax)) Message-ID: <3F787E37.57E7F328@istop.com>n   Bill Gunshannon wrote:H > Say what????  This last huricane passed up through western PA and OhioI > before crossing into Canada.  Many places waited till this past weekende2 > to finally get their power and telephones back.   N How far inland did Isabel remain "hurricane" before being downgraded to just a tropical storm ?    N Hurricanes/Cyclones/Typhoons generally need water at 30 or warmer to survive.I (It is the hot water from ocean that feed it the energy it needs).  WatersN temperature of ocean near Halifax is presently at 18. As soon as such a beastK reaches land, it quickly loses its energy, and onces it reaches waters thandL are cooler than the minimum, the beast loses its energy.  This is why it wasP unusual for this hurricane to remain a hurricane by the time it reached Halifax.  M This morning, one Halifax TV station didn't have its normal live morning show M and instead re-ran last friday's show. At that time, the weather guy was justcG talking about some rain from Juan which was, at that time, still in theMM vicinity of Bermuda. So the expectations were still that Juan would have beendH downgraded to just an extra tropical storm well before reaching halifax.  (which is the normal behaviour).   ------------------------------  % Date: Mon, 29 Sep 2003 19:57:42 -0400A' From: "Main, Kerry" <kerry.main@hp.com> . Subject: RE: OT: Talk about bad luck (Halifax)R Message-ID: <FD827B33AB0D9C4E92EACEEFEE2BA2FB0D870D@tayexc19.americas.cpqcorp.net>   >=20 > -----Original Message-----8 > From: Bill Gunshannon [mailto:bill@gw5.cs.uofs.edu]=20" > Sent: September 29, 2003 8:20 AM > To: Info-VAX@Mvb.Saic.Comt >=20+ > In article <3F77CA24.B9D6A207@istop.com>, / > 	JF Mezei <jfmezei.spamnot@istop.com> writes:h > >=20G > > While hurricanes in the USA tend to just skirt the coast and are=20d) > > rarely destructive over a large area,e >=20B > Say what????  This last huricane passed up through western PA=20> > and Ohio before crossing into Canada.  Many places waited=20: > till this past weekend to finally get their power and=20@ > telephones back.  The flood that devestated the area I live=20A > in (NEPA, but about 200 mles from the nearest shore) back in=20 B > 1972 was also caused by a hurricane (Agnes) that passed through. >=20 > bill >=20 > --=20 B > Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n. =20 > Three wolvesF > bill@cs.scranton.edu     |  and a sheep voting on what's for dinner. > University of Scranton   |E > Scranton, Pennsylvania   |         #include <std.disclaimer.h>  =20B >=20    F For those that would like to re-visit what one of the worst hurricanes was like, check out:  1 http://www.sptimes.com/2002/webspecials02/andrew/m   Regardsu  
 Kerry Main Senior Consultanta HP Services Canada Voice: 613-592-4660@ Fax: 613-591-4477, Email: kerryDOTmainAThpDOTcom>. (remove the DOT's and AT for email address)=20   ------------------------------  % Date: Mon, 29 Sep 2003 21:32:27 -0500 1 From: "David J. Dachtera" <djesys.nospam@fsi.net>n. Subject: Re: OT: Talk about bad luck (Halifax)' Message-ID: <3F78EB3B.DAD6FB74@fsi.net>e  ! VAXman-, @SendSpamHere.ORG wrote:> > [snip]L > Unless you've actually experienced the power of one of these things, it isL > not easy to imagine.  Fortunately, for me anyway, Isabel took a route wellN > inland of me.  Lots of strong winds here but, as storms go, I've experienced > worse Noreasters in the area.t  F Fall of 1998, we had 24+ hours of sustained winds in excess of 40 MPH,A gusting over 100. Coming home from work that day, the leaves werekF blowing up the street faster than I was driving. We had one small treeE in the parkway with maybe a bushel of leaves on it total. I bagged 17gG bags of leaves after that! It had been a rainy period, and I was unableiD to get the grass cut before the big wind. They just tumbled into the$ grass, and that's where they stayed.   -- > David J. Dachtera> dba DJE Systemsc http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/e   ------------------------------  % Date: Tue, 30 Sep 2003 00:59:55 -0400t* From: JF Mezei <jfmezei.spamnot@istop.com>. Subject: Re: OT: Talk about bad luck (Halifax)) Message-ID: <3F790D9C.CAA0A18C@istop.com>    "David J. Dachtera" wrote:N > > Unless you've actually experienced the power of one of these things, it is > > not easy to imagine.    H > Fall of 1998, we had 24+ hours of sustained winds in excess of 40 MPH,  L Fall of 1996. I met Olivia head on. 3 days of very strong headwinds going upM by bike the west coast of Australia. Then when I got to Karatha, the road was N closed and I was forced to hunker down in the backpackers. It was a category 4K with 250km winds. Very little damage to the town, and everyone knew exactlynK what to do. I was wondering why all the neighbours had parked their cars in J the front of the building on the lawn. But when Olivia arrived, I realisedL that the neighbours knew exactly what would happen. (the building acted as a shelter for the winds).n  M And while ABC radio was stating that there were long lines at the stores withlH people buying essentials, that was not the case. Folks were buying coke,M chips, beer for the cyclone parties. (they already had the emergency suppliesnH in their homes) And there, people don't "board" their windows, they haveO grills alwasy on during the cyclone season (or often, they are just always on).t  N And yes, there were fireworks when transformers blew, but by 04:00am the crewsK were out working and we had power restored. By noon, I was back on the road-E (this time with a tail wind !). Very impressive show of nature's fury4N (understatement) but I felt quite safe because the locals knew exactly what toL do and when to do it. The building, 2 stories high, with very thick concreteN walls felt like the hull of a ship hitting waves. You'd feel and hear bands of, water/rain hitting the outside of the walls.  L It wasn't until a couple weeks later when I visited the Tracy exhibit at theK Darwin museum that I realised that the cyclone I had experienced was of theSN same power as that which whad almost completely destroyed Darwin in 1974. ThatM was the scary part. But it is also a tribute to how Australia has learned how F to deal with cyclones, both with better building codes, and with great education of the citizens.  L Interstingly, I am baffled by the CNN reports when a hurricane hits the USA.M They never mention the sound of the wind. Yet, when I experienced Olivia, theeM sound is what struck me. A true expression of the sheer amount of power beings unleashed by the winds."    E http://www.bom.gov.au/info/cyclone/ gives a good summary of cyclones.m   ------------------------------  % Date: Mon, 29 Sep 2003 15:04:30 -0400p. From: Mike Bartman <omni@foolie.omniphile.com>M Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?s8 Message-ID: <ie0hnv4t7qifjsfhmgugehdk5rcu0t8i90@4ax.com>  F On Thu, 25 Sep 2003 21:27:56 -0400, David Froble <davef@tsoft-inc.com> wrote:  R >Human nature allows us to succumb to temptation.  If a bank leaves it's money on J >the sidewalk, and not in the vault, there are those that might decide to  >appropriate such money.    E However, if you cover the money with a couple of hair-trigger machineiF guns, fewer people are likely to try to take it, even from a sidewalk.  N >Remove the ease which causes the temptation and the problem is a long way to  >being solved.  @ Or increase the risk in yeilding to temptation.  Make spamming aE capital offense and offer a bounty on tracking down spammers, and you @ might get somewhere, while still having a nice open and friendly* net...for those who are open and friendly.   -- Mike Bartmans@ ----------------------------------------------------------------=   To reply via e-mail, remove the 'foolie.' from the address. %   I'm getting sick of all the SPAM...f@ ----------------------------------------------------------------   ------------------------------  % Date: Mon, 29 Sep 2003 14:21:44 -0400 * From: JF Mezei <jfmezei.spamnot@istop.com>M Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?a) Message-ID: <3F787834.25E1833D@istop.com>t   Rik Steenwinkel wrote:G > the meta-message gives a From: someone@sender.domain , so your MUA or E > MTA then resolves sender.domain and requests its MX to hand out theeD > actual message associated with the Message-ID in the meta-message.    L You are assuming that the message originator is still online at the time theM recipient gets the request to send the message. What happens if you have just D walked out of a wifi coverage area and the sending node is no longer reacheable ?  M You have to take into account the concept of relaying. When a client sends an-J email to multiple recipients, it first goes to a relay SMTP server who canJ then take its own time to distribute the message, especially if one of theH destination nodes is temporarily unreachable. As a result, by the time aH recipient server gets the message, there is no garantee that the sending system will still be on-line.>   ------------------------------  % Date: Mon, 29 Sep 2003 15:00:34 -0400>. From: Mike Bartman <omni@foolie.omniphile.com>M Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ? 8 Message-ID: <61ugnv8kbsim5t3tfdr9tgg9h7ge9evg2b@4ax.com>  5 On Mon, 29 Sep 2003 12:41:44 +0200, "Rik Steenwinkel"s <rsteenw@xs4all.nl> wrote:  E >Leaving the mail fees issue for a moment, Don's mail protocol still nE >has merit without it. As said, it allows the recipient much greater i> >control whether to accept (rather: collect) a message or not.  F That means the user has to do more work, and take more time, and couldF STILL get SPAM, since SPAMmers tend to lie.  The user might think it'sF a message he wants to read, request it, pay for it, and then find thatD the headers were inaccurate and he just got to pay for junk mail.  I don't think that's a benefit...   D There's a mail add-on for servers out there now that solves at leastC some of the problem of SPAM by preventing delivery of messages fromUF senders who lie about their return address.  It's called TMDA, and you can read about it at:t   http://tmda.net/  D The basic idea is that when mail gets sent to you, your server sends< back an address verification before you get to the mail.  NoD verification and the mail is deleted.  If the sender does respond toE the verification request, the message is released and is delivered to E you, and that sender is marked as "verified" so they won't have to god? through the process again.  You can stick a given sender in the B "verified" category to start with if you like, so your friends and& family don't have to verify even once.  E Since SPAMmers tend to lie about their address, they will tend to getoC blocked completely by such a system.  It's not too much trouble foreC the valid senders either, and doesn't involve any huge new internet A bureaucracy to handle billing at various levels.  It doesn't even < require any new protcols or changes to the way firewalls are5 implemented.  Oh, and it's free...what's not to like?t  C Ok, SPAM could still get past this system, with a smart enough bulk3A e-mailer, but it would require the SPAMmer to give a valid returnm/ address...something most are not willing to do.t  F There's also a problem for commercial mail systems, such as those at a> company that needs to accept mail from the world at large (new? customers for instance), without any inconvenience to them (anyoD barrier to entry costs you clients...).  For them a better system is; one that filters based on content...the smarter the better.r   -- Mike Bartmane@ ----------------------------------------------------------------=   To reply via e-mail, remove the 'foolie.' from the address.l%   I'm getting sick of all the SPAM...i@ ----------------------------------------------------------------   ------------------------------  # Date: Mon, 29 Sep 2003 20:02:36 GMT ' From: Don Sykes <anonymous@pacbell.net>aM Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?o+ Message-ID: <3F789087.7B990DE0@pacbell.net>r   david20@alpha2.mdx.ac.uk wrote:x > V > In article <3F74CF7F.9D265CA@pacbell.net>, Don Sykes <anonymous@pacbell.net> writes: > >o > >s" > >david20@alpha2.mdx.ac.uk wrote: > >>\ > >> In article <vn5s22g2nrds0e@news.supernews.com>, "John Vottero" <John@mvpsi.com> writes:1 > >> ><david20@alpha2.mdx.ac.uk> wrote in messaget) > >> >news:bkuhsq$dk3$1@news.mdx.ac.uk... = > >> >> In article <3F71D664.D92AAC37@pacbell.net>, Don Sykes8% > >> ><anonymous@pacbell.net> writes:O	 > >> >> >a( > >> >> >david20@alpha2.mdx.ac.uk wrote:
 > >> >> >>@ > >> >> >> In article <3F70934A.3C36DD45@pacbell.net>, Don Sykes% > >> ><anonymous@pacbell.net> writes:  > >> >> >> >	 > >> >> >eQ > >> The 10 address is a private address hence must use NAT to contact systems one > >> the public internet.1 > >> > >eK > >I don't think your seeing this correctly. Which tells me I'll need to beo > >clearer in the next update.D > >This protocol is designed to be used between domain Email ServiceG > >Providers (ESPs), which must be resolveable thru a DNS lookup, whichb2 > >IIRC MUST be a staic IP or range of static IPs. > >t >  > Obviously not. > # > You need to be a lot more clear. t  ' I agree. Please read the latest update.l  + > As far as I am concerned their are upto 4e5 > parties involved in sending and receiving an email.e >  > 1) Client sending system >  > 2) Client's ISP's mailhube >  > 3) Receiver's ISP's mailhube > & > 4) Receiver's mailbox holding system > K > (I am ignoring the fact that within organisations there may well be otherdK > mailhubs through which a mail message may pass between 1 and 2 or betweent > 3 and 4).t > , > With current protocols mail may transverse > J > 1 -> 2 -> 3 -> 4    (mail passes between organisations central mailhubs) >  > or > O > 1 -> 3 -> 4         (1st organisation doesn't have central mailhub or doesn't 5 >                      force mail to pass through it)  >  > or > J > 1 -> 2 -> 4         (2nd organisation does not have a central mailhub or; >                      doesn't force mail to go through it)b >  > or > L > 1 -> 4              (Neither organisation has a central mailhub or neither5 >                      force mail to go through them)l  < Not sure I understand this one. Is #4 listening on port 25?    > T > >> So in the real world you have a client on a small home network connecting to an1 > >> ISP using dynamic NAT with port overloading.  > >>T > >> 10.11.12.1  is the clients real address and it opens a connection from its portR > >> 32100 this is mapped to  21.22.5.20 port 7521  on the public side of his homeU > >> NAT/firewall. (21.22.5.20 is the single public address given out to this user by: > >> his ISP). > >>S > >> This connection connects to the IPS's receiver on 21.22.0.10 (10 rather than 0r2 > >> to make it a valid address) for your phase 1. > >>U > >> Negotiation proceeds as you describe on your link and the receiver sends back tocK > >> say it will contact the sender on port 1398. Then the link is dropped.n > >>% > >> 10.11.12.1 listens on port 1398.a > >>S > >> Receiver (21.22.0.10) attempts to open connection to  21.22.5.20 on port 1398.yJ > >> Attempt fails. There is  either no entry in the NAT mapping table forS > >> 21.22.5.20 port 1398  or if there is it would be accidental and might point ata8 > >> another machine or port on the user's home network. > >> The connection is dropped.h > >>Q > >> With dynamic NAT with port overloading (which is the most common form of NAThR > >> used on home networks where the home user has multiple machines hiding behindS > >> one external address) there is no preservation of port numbers - unless a portoO > >> number has been placed in the NAT mapping table by an internally initiatedpQ > >> connection to an external machine having been made or by the user explicitlyrO > >> setting up a manual mapping then an externally initiated connection cannoto > >> be made to it.i > >> > >> Your system falls apart.8 > >PI > >Only if you're not the registered owner of the domain you're trying toS > >implement this on.uJ > >Basically, if you can run your own SMTP service (ie direct inbound portK > >25 connections to find their way to port 25 on a specific computer), you3 > >can also run this.pK > >As I said in a previous response, this is an implementation issue, whichg3 > >will be resolved differently by different users.p > >S > I > I misread your protocol specification. I was assuming that the receiver M > randomly generated the port number and communicated that back to the sender M > before closing the connection. Instead you have the sender picking the portjP > number. That makes it simpler for the spammer to send to multiple systems theyL > can always specify the same port which they will listen on for the phase 2 > connections.  H The sender defines the port number, because he has to be listening on itG for the phase 2 transfer. Wheather it's randomly generated or not is antH implementation issue. I would expect it to be random, or assigned from aG list, if the receiver ESP can make that work. If not, they can define arG fixed one, but even so, it's no more spam-easy then the current port 25  expectation.   > Q > The other thing I don't understand is why you think closing down the connections1 > stops the spammer impersonating another system.g  D I don't think that. Closing the connection in phase 1, just ends the@ meta phase. Phase 2, as far as the receiver ESP is concerned, is	 optional.l  N > (Though at the moment I doubt any spammer really impersonates another systemJ > anyway - they try to obfurscate received lines but I seriously doubt anyP > actually spoof ip addresses - why should they when they can get a free account& > from tons of ISPs no question asked) > I > For a fee based system you would have to be 100% certain of the sendersIG > identity. Your protocol is based on the IP address this is inherentlyt
 > unreliable.e  @ Yes. This was addressed. It now uses the domain name. Now if theG receiver wants to "pick up" the message that was defined in phase 1, hemF does a DNS lookup for the domain name and requests a connection to theD port defined by the sender. If a spammer connected to that port theyH would have to know the mailid of a pending email. Unlikely and of course- they still wouldn't be able to send anything.-   >  > For instance > 6 > client connects to his ISP and gets address  a.b.c.d > L > Client uses public domain tool like dsniff to poison the local routers arpG > cache so that packets to and from a.b.c.e are directed to his system.l > + > Client then sends mail as if from a.b.c.ee > O > All responses, opening of new connections to a.b.c.e etc go to the machine ate	 > a.b.c.dn > I > As far as proving identity of users sending mail there do already exist O > protocols which could do this - unfortunately they suffer from the problem ofb% > not being implemented by everybody.o > M > 1) SMTP AUTH and SASL provide for authentication between the sender and theeK >    ISP's central mailhub. Note this is based on the user sending the mailt1 >    message NOT on the IP address of the client.u >  > 2) SMTP over SSL/TSL.-Q >    This primarily provides for encryption between mail systems. However as a bymP >    product the certificates involved provide for mutual authentication between >    central mail servers. >  > N > But as stated above as long as ISPs give out free accounts without requiringN > proof of the identity of the person who is going to use that account then noP > amount of technical identification of the IP address or user account used will- > have any effect on the amount of spam sent.. >  > David Webb > VMS and Unix team leader > CCSS > Middlesex University >  > >--r > >l > >Have VMS, Will Travel > >Wire paladin, San Francisco > >X > >(paladinATalphaseDOTcom)w   -- o   Have VMS, Will Travel: Wire paladin, San Franciscoa   (paladinATalphaseDOTcom)   ------------------------------  # Date: Mon, 29 Sep 2003 20:51:38 GMTe' From: Don Sykes <anonymous@pacbell.net> M Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?m+ Message-ID: <3F789C06.E661A73F@pacbell.net>e   Mike Bartman wrote:s > 7 > On Mon, 29 Sep 2003 12:41:44 +0200, "Rik Steenwinkel"e > <rsteenw@xs4all.nl> wrote: > F > >Leaving the mail fees issue for a moment, Don's mail protocol stillF > >has merit without it. As said, it allows the recipient much greater@ > >control whether to accept (rather: collect) a message or not. > H > That means the user has to do more work, and take more time, and couldH > STILL get SPAM, since SPAMmers tend to lie.  The user might think it'sH > a message he wants to read, request it, pay for it, and then find thatF > the headers were inaccurate and he just got to pay for junk mail.  I! > don't think that's a benefit...r  E You misunderstand it's the SENDER that pays, NOT the receiver. If youuD want to send junk to someone, it's gonna cost you. This is the whole% point of the payment aspect of this.  G Put another way, imagine if the post office would deliver your mail for H free and Kinkos didn't charge anything for making 1,000,000 copies. What* do you think your mailbox would look like?     > F > There's a mail add-on for servers out there now that solves at leastE > some of the problem of SPAM by preventing delivery of messages fromtH > senders who lie about their return address.  It's called TMDA, and you > can read about it at:l >  > http://tmda.net/ > F > The basic idea is that when mail gets sent to you, your server sends> > back an address verification before you get to the mail.  NoF > verification and the mail is deleted.  If the sender does respond toG > the verification request, the message is released and is delivered tonG > you, and that sender is marked as "verified" so they won't have to go3A > through the process again.  You can stick a given sender in the D > "verified" category to start with if you like, so your friends and( > family don't have to verify even once.  H So everytime I want to send out a million spams, I just get a new, validE email address - I won't lie, I'll verify as the sender. Tomorrow I'll3 use a new valid email address.   > G > Since SPAMmers tend to lie about their address, they will tend to getIE > blocked completely by such a system.  It's not too much trouble for E > the valid senders either, and doesn't involve any huge new internetsC > bureaucracy to handle billing at various levels.  It doesn't evene> > require any new protcols or changes to the way firewalls are7 > implemented.  Oh, and it's free...what's not to like?a > E > Ok, SPAM could still get past this system, with a smart enough bulklC > e-mailer, but it would require the SPAMmer to give a valid returno1 > address...something most are not willing to do.a > H > There's also a problem for commercial mail systems, such as those at a@ > company that needs to accept mail from the world at large (newA > customers for instance), without any inconvenience to them (any-F > barrier to entry costs you clients...).  For them a better system is= > one that filters based on content...the smarter the better.-  E There also seems to be some confusion about the fact that a charge isoH required. It is not. You can still use this protocol and charge nothing.F The sender wouldn't be inconvenienced at all. He wouldn't even realize he was using this new protocol.    >  > -- Mike BartmancB > ----------------------------------------------------------------? >   To reply via e-mail, remove the 'foolie.' from the address. ' >   I'm getting sick of all the SPAM... B > ----------------------------------------------------------------   -- r   Have VMS, Will Travel  Wire paladin, San Franciscon   (paladinATalphaseDOTcom)   ------------------------------  % Date: Mon, 29 Sep 2003 16:51:21 -0400E* From: JF Mezei <jfmezei.spamnot@istop.com>M Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?E) Message-ID: <3F789B3B.6938F873@istop.com>$   Mike Bartman wrote:-G >> There's a mail add-on for servers out there now that solves at leastmE > some of the problem of SPAM by preventing delivery of messages fromi. > senders who lie about their return address.   K Whoopty doo. I have received spam allegedly sent from me. So a verification ) would have yielded a "this guy is legit".   H And if I send email with some spam-counter-measures activated but with aK proper reply-to, then that email would be rejected because the MAIL-FROM in E the SMTP negotiation would be the address with spam counter measures.t   ------------------------------  + Date: Mon, 29 Sep 2003 23:45:48 +0000 (UTC). From: david20@alpha2.mdx.ac.ukM Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?e) Message-ID: <blag7c$kfg$1@news.mdx.ac.uk>"  U In article <3F789087.7B990DE0@pacbell.net>, Don Sykes <anonymous@pacbell.net> writes:c >  >   >david20@alpha2.mdx.ac.uk wrote: >> /W >> In article <3F74CF7F.9D265CA@pacbell.net>, Don Sykes <anonymous@pacbell.net> writes:f >> > >> ># >> >david20@alpha2.mdx.ac.uk wrote:  >> >>e] >> >> In article <vn5s22g2nrds0e@news.supernews.com>, "John Vottero" <John@mvpsi.com> writes:R2 >> >> ><david20@alpha2.mdx.ac.uk> wrote in message* >> >> >news:bkuhsq$dk3$1@news.mdx.ac.uk...> >> >> >> In article <3F71D664.D92AAC37@pacbell.net>, Don Sykes& >> >> ><anonymous@pacbell.net> writes:
 >> >> >> >) >> >> >> >david20@alpha2.mdx.ac.uk wrote:S >> >> >> >>mA >> >> >> >> In article <3F70934A.3C36DD45@pacbell.net>, Don Sykesd& >> >> ><anonymous@pacbell.net> writes:
 >> >> >> >> >r
 >> >> >> >R >> >> The 10 address is a private address hence must use NAT to contact systems on >> >> the public internet. >> >>n >> >L >> >I don't think your seeing this correctly. Which tells me I'll need to be >> >clearer in the next update.nE >> >This protocol is designed to be used between domain Email Service^H >> >Providers (ESPs), which must be resolveable thru a DNS lookup, which3 >> >IIRC MUST be a staic IP or range of static IPs.S >> > >> - >> Obviously not.- >> -$ >> You need to be a lot more clear.  >a( >I agree. Please read the latest update. >L, >> As far as I am concerned their are upto 46 >> parties involved in sending and receiving an email. >>   >> 1) Client sending systemc >> e >> 2) Client's ISP's mailhub >> e >> 3) Receiver's ISP's mailhub >> o' >> 4) Receiver's mailbox holding systeme >> oL >> (I am ignoring the fact that within organisations there may well be otherL >> mailhubs through which a mail message may pass between 1 and 2 or between >> 3 and 4). >> e- >> With current protocols mail may transversee >>  K >> 1 -> 2 -> 3 -> 4    (mail passes between organisations central mailhubs)I >>   >> orS >>  P >> 1 -> 3 -> 4         (1st organisation doesn't have central mailhub or doesn't6 >>                      force mail to pass through it) >> l >> ore >> tK >> 1 -> 2 -> 4         (2nd organisation does not have a central mailhub or.< >>                      doesn't force mail to go through it) >> u >> orr >> gM >> 1 -> 4              (Neither organisation has a central mailhub or neithera6 >>                      force mail to go through them) > = >Not sure I understand this one. Is #4 listening on port 25? . >>  N 4 is where the user's mail is actually delivered and stored. The mail may then3 be picked up from that mail store via pop, imap etcmL Typically the central mailhub will deliver the message to that mailstore via SMTP.      eg       mail from outsider         |e       |        SMTP       \ /    9 3)    Middlesex university central mailhub - running PMDFg        |         SMTPi      |     \ /   ,     Internal systems holding users mailboxes     eg   4)  Sun System     PMDF VMS systemg     Microsoft Exchange servern     etca           >>  U >> >> So in the real world you have a client on a small home network connecting to anr2 >> >> ISP using dynamic NAT with port overloading. >> >>-U >> >> 10.11.12.1  is the clients real address and it opens a connection from its port S >> >> 32100 this is mapped to  21.22.5.20 port 7521  on the public side of his homenV >> >> NAT/firewall. (21.22.5.20 is the single public address given out to this user by >> >> his ISP).I >> >>iT >> >> This connection connects to the IPS's receiver on 21.22.0.10 (10 rather than 03 >> >> to make it a valid address) for your phase 1.t >> >>UV >> >> Negotiation proceeds as you describe on your link and the receiver sends back toL >> >> say it will contact the sender on port 1398. Then the link is dropped. >> >>t& >> >> 10.11.12.1 listens on port 1398. >> >> T >> >> Receiver (21.22.0.10) attempts to open connection to  21.22.5.20 on port 1398.K >> >> Attempt fails. There is  either no entry in the NAT mapping table foroT >> >> 21.22.5.20 port 1398  or if there is it would be accidental and might point at9 >> >> another machine or port on the user's home network.p  >> >> The connection is dropped. >> >> R >> >> With dynamic NAT with port overloading (which is the most common form of NATS >> >> used on home networks where the home user has multiple machines hiding behindiT >> >> one external address) there is no preservation of port numbers - unless a portP >> >> number has been placed in the NAT mapping table by an internally initiatedR >> >> connection to an external machine having been made or by the user explicitlyP >> >> setting up a manual mapping then an externally initiated connection cannot >> >> be made to it. >> >>e >> >> Your system falls apart. >> >J >> >Only if you're not the registered owner of the domain you're trying to >> >implement this on.K >> >Basically, if you can run your own SMTP service (ie direct inbound port>L >> >25 connections to find their way to port 25 on a specific computer), you >> >can also run this.L >> >As I said in a previous response, this is an implementation issue, which4 >> >will be resolved differently by different users. >> > >>  J >> I misread your protocol specification. I was assuming that the receiverN >> randomly generated the port number and communicated that back to the senderN >> before closing the connection. Instead you have the sender picking the portQ >> number. That makes it simpler for the spammer to send to multiple systems theytM >> can always specify the same port which they will listen on for the phase 2  >> connections.t >.I >The sender defines the port number, because he has to be listening on it H >for the phase 2 transfer. Wheather it's randomly generated or not is anI >implementation issue. I would expect it to be random, or assigned from aiH >list, if the receiver ESP can make that work. If not, they can define aH >fixed one, but even so, it's no more spam-easy then the current port 25
 >expectation.  >t  < If the sender defines it then you can't insist it is random.O As I said above I'm not quite sure in your protocol who the sender and receiver  actually are. O If the sender is a desktop system in an organisation utilising NAT and firewallnM rules then it is highly unlikely that outside systems will be able to connectyL to port 25 on such systems. Furthermore the owner of the desktop system willN have NO control over this. The management of the organisation is not likely toJ look favouribly on the idea of opening up an equivalent to port 25 on suchJ systems and if using dynamic NAT would probably find it impossible anyway.     >> mR >> The other thing I don't understand is why you think closing down the connection2 >> stops the spammer impersonating another system. >sE >I don't think that. Closing the connection in phase 1, just ends theyA >meta phase. Phase 2, as far as the receiver ESP is concerned, isi
 >optional. >nJ In that case I really don't see the point of having these two connections.N Setting up a new connection doesn't really give the receiver any more control.N After phase 1 completes it can just shutdown the connection if it doesn't wantK to continue or continue using that same connection if it wants to continue.nN This is what happens currently with ESMTP. The receiver can reject the messageG after receiving the from, rcpt or data. It can inform the sender beforetJ anything is sent that it will not accept messages above a certain size etc      O >> (Though at the moment I doubt any spammer really impersonates another system:K >> anyway - they try to obfurscate received lines but I seriously doubt anycQ >> actually spoof ip addresses - why should they when they can get a free accounth' >> from tons of ISPs no question asked)n >> nJ >> For a fee based system you would have to be 100% certain of the sendersH >> identity. Your protocol is based on the IP address this is inherently >> unreliable. >dA >Yes. This was addressed. It now uses the domain name. Now if thenH >receiver wants to "pick up" the message that was defined in phase 1, heG >does a DNS lookup for the domain name and requests a connection to thea >port defined by the sender. A  M Thats real great security. If you do a reverse lookup for a middlesex addresseK it will tell you absolutely nothing. We have a B class address which mostly K consists of a couple of NAT pools. All the addresses in those NAT pools areiL registered in our external DNS with dummy names just so reverse lookups willK work. All it will tell you is that it came from some dynamic address at ourmM site. Now in our case we force all outgoing mail through our internal mailhubhL (where we record the originating internal 10.x.x.x address) and then throughL our external mailhub and thence to the outside world. Hence we can trace any message that way..      ) >If a spammer connected to that port they-I >would have to know the mailid of a pending email. Unlikely and of courseK. >they still wouldn't be able to send anything. >b  O As I described below they would just spoof the whole thing not just the phase 29O connection. IP numbers, DNS entries etc are easily spoofed. To be anything likenJ sure of identity you need to be dealing in certificates or shared secrets.' In the two protocols I mention below :-t  L SMTP AUTH generally uses a shared secret ( the user's username and password) whereas  TSL/SSL uses certificates.           >> t >> For instancec >> a7 >> client connects to his ISP and gets address  a.b.c.d= >>  M >> Client uses public domain tool like dsniff to poison the local routers arpfH >> cache so that packets to and from a.b.c.e are directed to his system. >> i, >> Client then sends mail as if from a.b.c.e >> hP >> All responses, opening of new connections to a.b.c.e etc go to the machine at
 >> a.b.c.d >> bJ >> As far as proving identity of users sending mail there do already existP >> protocols which could do this - unfortunately they suffer from the problem of& >> not being implemented by everybody. >> .N >> 1) SMTP AUTH and SASL provide for authentication between the sender and theL >>    ISP's central mailhub. Note this is based on the user sending the mail2 >>    message NOT on the IP address of the client. >> t >> 2) SMTP over SSL/TSL.R >>    This primarily provides for encryption between mail systems. However as a byQ >>    product the certificates involved provide for mutual authentication between  >>    central mail servers.r >> m >> hO >> But as stated above as long as ISPs give out free accounts without requiring-O >> proof of the identity of the person who is going to use that account then noeQ >> amount of technical identification of the IP address or user account used will3. >> have any effect on the amount of spam sent. >> O  David Webb   VMS and Unix team leaderu  CCSSp  Middlesex Universityn >> t >> >-- >> > >> >Have VMS, Will Travel. >> >Wire paladin, San Franciscob >> > >> >(paladinATalphaseDOTcom) >L >--  >r >Have VMS, Will Travel >Wire paladin, San Francisco >s >(paladinATalphaseDOTcom)    ------------------------------  % Date: Mon, 29 Sep 2003 21:00:36 -0400u* From: JF Mezei <jfmezei.spamnot@istop.com>M Subject: Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?n( Message-ID: <3F78D597.BE208A7@istop.com>   david20@alpha2.mdx.ac.uk wrote:gQ > As I described below they would just spoof the whole thing not just the phase 2o= > connection. IP numbers, DNS entries etc are easily spoofed.t  L While I realise that an IP is easily spoofed inside a network, can it really be spoofed outside a network ?  K If I were to spoof some IP, how would response packets get back to me since N existing network level routes would send the packets back to the "real" IP  ? F So I wouldn't get the acks back, and the real IP would receive packetsF (including acks) that don't belong to an existing connection and hence$ wouldn't know what to do with them).   ------------------------------  % Date: Mon, 29 Sep 2003 21:21:33 -0500m1 From: "David J. Dachtera" <djesys.nospam@fsi.net>t3 Subject: Re: Read VMS Backup *.bck files in Windowse' Message-ID: <3F78E8AD.3DA0F0A2@fsi.net>e   David Pikcilingis wrote: > J > Boston Business Computing produces and sells OpenVMS emulation tools for > UNIX systems.h > K > We have a product, Vbackup, which will read and write OpenVMS BACKUP save  > sets on most UNIX platforms.4 > More information regarding options can be found at > www.bosbc.com/vbackup.html > N > Boston Business Computing also produces EDT+, a complete VMS EDT for WindowsL > and UNIX to reduce frustration when moving from OpenVMS or when working in> > an environment with a number of different operating systems.  2 What do you have for reading RMS files on non-VMS?   -- s David J. Dachteran dba DJE Systemss http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/n   ------------------------------  % Date: Mon, 29 Sep 2003 19:53:08 +0100l) From: Antonio Carlini <arcarlini@iee.org>o' Subject: Re: RSX.EXE under OpenVMS 7.3?e> Message-ID: <jc%db.2838$QH3.939@newsfep4-winn.server.ntli.net>   Howard Shubs wrote:i  A > In article <KwRdb.2400$QH3.1908@newsfep4-winn.server.ntli.net>,   H > True.  However, they were more recent than any VAX-11, which is all I   D Being a quibbler, I'd have to count the VAX 8600 as a VAX-11: it wasD initially slated to be the VAX-11/790, until it shipped so late thatA some bright spark thought completely changng the numbering schemea? might help (must have been a slow Friday, I guess). It was also ? internally more or less a 780-on-steroids (ECL rather than TTL,i9 admittedly, but still with an SBI and architecturally notI( *terribly* different to the 780 series).  I > said.  After all, is ANY VAX recent at this point?  IIRC, they ran out c > of new VAXen around 1998.i  H Something like that. The NVAX chips stopped being made some time before F then: those last systems were using stocks of already produced wafers.D Foolishly, the various groups were made to forecast end-of-life buysA and build the chips into modules. So they ended up running out of G VAX 4000/7000 modules and having uVAX 3100-9x/VAX4000-108A modules leftu6 over at the end (or maybe it was the other way round).  H > How can it support instructions which the VAX doesn't actually have?  E > RSX.EXE, as I understand it, is OS support, not hardware emulation.   D I couldn't find the AME SPD but the one I did find suggested that it< emulated stuff (a bit like FX!32) if the h/w did not support compatibility mode.e  G But as I've never used it, I'm willing to stand corrected here, and the<A original poster is back to needed 1984 hardware or earlier. SIMH t> emulates a KA650 or KA655 (IIRC) and so will probably not haveC compatibility mode. Charon-VAX emulates a MicroVAX 3100 so the sameaC probably applies. TS10 started out as a uVAX II emulator (IIRC) andh1 again, probably does not have compatibility mode.   F SIMH can, of course, emulate a PDP-11, so running RSX on that is still the best option.   Antoniom   -- o   --   ---------------.- Antonio Carlini             arcarlini@iee.orgi   ------------------------------  # Date: Mon, 29 Sep 2003 20:34:58 GMT / From: "Richard L. Dyson" <rick-dyson@uiowa.edu>i Subject: Re: SSH for VMS/ Message-ID: <SH0eb.630607$YN5.454151@sccrnsc01>l  ? I believe (same is true for Process Software's SSH for OpenVMS)-D that you can not run an SSH or SCP session from a command proc.  No C combination of "Define ..." will work for you.  It always goes back-> to the interactive terminal device.  It would be sure nice for a batch job, wouldn't it!e  1 (Just like you can't run Telnet from one either).f  A I have talked with the product and engineering teams for both and B asked to make this possible (as well as the SCP transfers too) but, I have no idea when/if it will be available.  J If I am wrong, PLEASE! someone help me too.  As I have struggled with thisG for the PSC version for many months!  We had to essentially give up anda/ completely rethink the process we needed to do.s   Rick   Sam Rozenfeld wrote:   > Hello, > N > I am just wondering if anyone came across this problem or may otherwise knowJ > a way around it: We are using SSH for OpenVMS EAK  (June 20, 2003). I amD > trying to write a pretty simple DCL procedure utilizing public keyN > authentication to BSD server to execute a command there. Procedure works butL > it seems to be hanging waiting for input after it performs ssh command and: > never releases control back to DCL to continue past SSH: >  > $ set verm% > $ define/user sys$input sys$commandh/ > $ ssh2 -t -l testuser mybsdbox.dls.net ls -lae > $ show default > $ exit >  >  > This is the output I get:  >  > ICE:\> @test.com% > $ define/user sys$input sys$command0) > Authentication successful.rsteer ls -la.
 > total 168 > drwx------   3 testuser  testuser   512 Sep 28 01:06 .; > drwxr-xr-x  18 root       wheel       512 Sep 15 14:29 ..g@ > -rw-r--r--   1 testuser  customers    22 Sep 27 19:17 .forward; > drwx------   2 testuser  testuser   512 Sep 27 19:22 .ssh ? > -rwxr-xr-x   1 testuser  testuser  3381 Sep 28 01:06 mailstatw >  > I >>>>At this point I must hit "Return" otherwise script hangs and does note >  > move further.a > $ show default >   DISK$USER:[ROZENFELD]o > $ exit > K > I am not sure if I am doing something wrong here but if I do not redefineT= > sys$input procedure errors out when trying to bring up ssh:t >  > $ set ver & > $! define/user sys$input sys$command5 > FATAL: ssh_io_register_fd: fd 3 already registered!n >  > 8 > %TCPIP-F-SSH_FATAL, non-specific fatal error condition > ( > Any help would be greatly appreciated. >  > Sincerely, > Sam Rozenfeldo > DLS Internet Services  >  >      -- iJ Richard L. Dyson                                      rick-dyson@uiowa.eduK   _   _  _____                      http://www-pi.physics.uiowa.edu/~dyson/rJ | | | ||_   _|  Senior Systems Analyst   --   INFORMM-Cerner Systems Group< | | | |  | |    The University of Iowa Hospitals and ClinicsJ | \_/ | _| |_   Information Systems Dept. BT1000 GH   Office: 319/384-7016K   \___/ |_____|  Iowa City, IA 52242-1052                 FAX: 319/384-7020 E                  (Consulting to the Physics and Astronomy Department)t   ------------------------------  % Date: Tue, 30 Sep 2003 00:35:22 +0200v From: Dirk Munk <munk@home.nl> Subject: Re: SSH for VMS2 Message-ID: <blacdp$ho0$1@news3.tilbu1.nb.home.nl>  9 Did you try FTP tunneling over SSH instead of using SCP ? N I haven't tried it so far, but it looks to me as it is more flexible then SCP.   Richard L. Dyson wrote:.A > I believe (same is true for Process Software's SSH for OpenVMS)fF > that you can not run an SSH or SCP session from a command proc.  No E > combination of "Define ..." will work for you.  It always goes back-@ > to the interactive terminal device.  It would be sure nice for > a batch job, wouldn't it!n > 3 > (Just like you can't run Telnet from one either).a > C > I have talked with the product and engineering teams for both andmD > asked to make this possible (as well as the SCP transfers too) but. > I have no idea when/if it will be available. > L > If I am wrong, PLEASE! someone help me too.  As I have struggled with thisI > for the PSC version for many months!  We had to essentially give up and-1 > completely rethink the process we needed to do.m >  > Rick >    ------------------------------  + Date: Mon, 29 Sep 2003 20:03:30 +0000 (UTC)-P From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)9 Subject: Re: suggestion: TCPIP$SMTP_PERSONAL_NAME logicale$ Message-ID: <bla36i$q10$1@online.de>  E In article <bl8tqe$99t71$1@ID-207001.news.uni-berlin.de>, Tony Arnolds  <tony.arnold@man.ac.uk> writes:   < > Have you tried setting the FROM logical to be of the form  > + > "Phillip Helbig <username@mydomain.org>"?@  F I did think of that, but didn't try it.  Just tried it, got an access B violation!  I'll see if it still gives an access violation when I  upgrade to 5.3!>   ------------------------------  % Date: Mon, 29 Sep 2003 21:00:10 +0200u" From: labadie <labadie_g@decus.fr>$ Subject: Re: symbiont housekeeping ?2 Message-ID: <bl9vpi$ks5$1@news-reader4.wanadoo.fr>   Chris Sharman wrote:4 > We seem to have a lot of symbionts hanging around.D > We believe they're mostly lpd symbionts, possibly not dying after  > stop/q/reset.nF > We had to reboot today, because they'd filled all the available pcb  > slots (after 9 months).  >  > tcpip 5.1 eco 3, vms 7.3.p > H > Can you confirm where these symbionts come from, and suggest a way of - > distinguishing & killing off the dead ones.  > 	 > Thanks,  > Christ >  Helloi  D I can't suggest a way of killing  the dead ones, but I am sure that  Tcpip 5.1 Eco 5 is the latest  :-)p   regards    Grard   ------------------------------  % Date: Mon, 29 Sep 2003 21:34:56 -0500o1 From: "David J. Dachtera" <djesys.nospam@fsi.net> $ Subject: Re: symbiont housekeeping ?' Message-ID: <3F78EBD0.F79ADE0C@fsi.net>t   labadie wrote: >  > Chris Sharman wrote:6 > > We seem to have a lot of symbionts hanging around.E > > We believe they're mostly lpd symbionts, possibly not dying aftera > > stop/q/reset.mG > > We had to reboot today, because they'd filled all the available pcbb > > slots (after 9 months).w > >a > > tcpip 5.1 eco 3, vms 7.3.1 > >2I > > Can you confirm where these symbionts come from, and suggest a way ofe/ > > distinguishing & killing off the dead ones.o > >s > > Thanks,l	 > > Chris  > >  > Hello  > E > I can't suggest a way of killing  the dead ones, but I am sure that' > Tcpip 5.1 Eco 5 is the latestm > :-)p   $ STOP/ID=nnnnnnnn ?   --   David J. Dachtera  dba DJE Systemso http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  % Date: Tue, 30 Sep 2003 16:46:08 +1200u6 From: Martin Hunt <martin.hunt@fairfaxnz.REMOVE.co.nz>$ Subject: Re: symbiont housekeeping ?8 Message-ID: <dj2invoo3ip09p9sd9o2oo7tl4tpl7i9g1@4ax.com>  @ On Mon, 29 Sep 2003 21:00:10 +0200, labadie <labadie_g@decus.fr> wrote:   >Chris Sharman wrote:w5 >> We seem to have a lot of symbionts hanging around.lE >> We believe they're mostly lpd symbionts, possibly not dying after t >> stop/q/reset.G >> We had to reboot today, because they'd filled all the available pcb ( >> slots (after 9 months). >> d >> tcpip 5.1 eco 3, vms 7.3. >>  I >> Can you confirm where these symbionts come from, and suggest a way of 2. >> distinguishing & killing off the dead ones. >>  
 >> Thanks, >> Chris >>   >Hello >NE >I can't suggest a way of killing  the dead ones, but I am sure that   >Tcpip 5.1 Eco 5 is the latest >:-)  # It can't be. I'm running V5.3 ECO 2d   >d >regards >> >Grard.     ---  Martin Hunta Systems Administrator2 Fairfax New Zealand Limitedo
 Wellington New Zealandn   ------------------------------  % Date: Mon, 29 Sep 2003 23:02:42 +0100i9 From: "covendotartdottalk21dotcom" <postmaster@127.0.0.1>wE Subject: Re: TCPWARE v5.4-3 Patch 19.0, TCPware_FTP process "hanging" 3 Message-ID: <h9WcnQkdvr-eMeWiU-KYgA@brightview.com>p  5 "Bob Ceculski" <bob@instantwhip.com> wrote in messagew7 news:d7791aa1.0309250511.735648a6@posting.google.com...eF > "covendotartdottalk21dotcom" <postmaster@127.0.0.1> wrote in message/ news:<bMKdnad6EtFNuO-iU-KYjQ@brightview.com>...r7 > > X-posted to c.o.v because it seems that nobody usesnG > > vmsnet.networks.tcp-ip.tcpware any more, other than film pirates...  > >nL > > I don't suppose anyone here is still running TCPWARE at v5.4-3, is using7 > > Patch #19, and is having FTP work with no problems?o > > > we have had no problems with it, although we are not running. > 1000 simultaneous connections at once ... :)  # Apologies for the delay in posting.t  7 I should have said that OpenVMS/AXP is running at 7.2-1i  H We don't have 1000 simultaneous connections...  In fact, we don't use itH at all (but it has to be on the system because customers have it, and we* are migrating away from DECnet to TCP/IP).  K If I create a .COM file to simply connect, get file, disconnect, and repeat H in a loop, the FTP server will eventually "hang" after <=650 connections* (or maybe it is the GET that is doing it).  H I suspect it's probably something been introduced in P19, but because so8 few people are using it, it hasn't been encountered yet.  E Unfortunately, we are also migrating away from TCPware back to TCP/IPa> services, so that's even less incentive for Process to fix it.  I [I think the licence fees were far more favourable with HP than they evereH would be with Process;  I gather that TCP/IP services is more stable now than UCX (ever) was]     Mark   ------------------------------  % Date: Mon, 29 Sep 2003 21:26:31 -0500c1 From: "David J. Dachtera" <djesys.nospam@fsi.net>n! Subject: Re: Translating COM jobsn' Message-ID: <3F78E9D7.4F75654B@fsi.net>   	 pt wrote:. >  > Hi ,H >      I'm working on a COM job parser, trying to pick out the logicals,$ > executables and included com jobs. > = > My question is what patterns should in look for in COM jobs  > C > like for example f$logical("XXXX") translates to the logical XXXXs > G > Im quite new to Openvms any help would be appriciated in tackling thel > issue. > @ > Is there any tool which will speed up the process, i.e help me; > identify the logicals, executables and included com jobs.h  D If you're that new to VMS, I'd suggest taking on a smaller task. You# will quickly get in over your head.    -- y David J. Dachtera  dba DJE Systemsh http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  # Date: Mon, 29 Sep 2003 20:18:07 GMTv/ From: "Richard L. Dyson" <rick-dyson@uiowa.edu>d@ Subject: Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC/ Message-ID: <3s0eb.632743$Ho3.121717@sccrnsc03>r   Michael Unger wrote:E > I also managed to subscribe to the VMS (VAX and Alpha) patch digestnF > mailing lists. But what is really annoying: the mailing frequency isH > "weekly" which is absolutely *inadequate* for security-related issues. > J > Really annoying too: the entire registration process (including transfer4 > of passwords) is done in simple HTTP, *not* HTTPS.  M Agreed!  The Readme lists of the patches are also cumulative.  I.e., all the  O content of ALL the past patch announcements are concatenated in one file.  So,  J if you accidentally select PRINT on your browser, be prepared to sacrafice? an entire forest!  It is all done with HTML "index page" links.h  I The weekly "digests" I just started getting, but have not had a chance to H open yet.  I suspect they will be the same.  We will have to capture theK data and then cut and paste into others files so we can then do 2-up duplexi< printing for specific patches (or whatever your prefs are!).  N Very unsatisfying!  BTW, I have a service contract on my hardware and softwareG and I still can't seem to get it registered in the ITRC.  And noone hasf> ever answered my e-mail requesting assistance in the matter...   Rick -- sJ Richard L. Dyson                                      rick-dyson@uiowa.eduK   _   _  _____                      http://www-pi.physics.uiowa.edu/~dyson/ J | | | ||_   _|  Senior Systems Analyst   --   INFORMM-Cerner Systems Group< | | | |  | |    The University of Iowa Hospitals and ClinicsJ | \_/ | _| |_   Information Systems Dept. BT1000 GH   Office: 319/384-7016K   \___/ |_____|  Iowa City, IA 52242-1052                 FAX: 319/384-7020(E                  (Consulting to the Physics and Astronomy Department)n   ------------------------------  # Date: Mon, 29 Sep 2003 20:22:43 GMT-/ From: "Richard L. Dyson" <rick-dyson@uiowa.edu>m@ Subject: Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC/ Message-ID: <nw0eb.637920$uu5.102002@sccrnsc04>m    Peter 'EPLAN' LANGSTOEGER wrote:0 >>>>      ftp://ftp.itrc.hp.com/openvms_patches/ >>>>S >>>>is my new (but not the only) friend (though it has a lot of ECOs still missing)g >>>mF >>For the record, it took me about 20 minutes to get past registrationD >>and actually log on. Half an hour later I still could not find the
 >>patch tree.( > O > There is no registration neccessary to find the patch tree on the FTP server.d  @ 	True, and my FTP script directly from OpenVMS DCL works fine toN "get_patches". :)  However, I have found a very annoying latency in the systemK that I can only hope is cleaned up with some time.  The old announcement ofpL patches will come out (yeah!  discrete e-mail for each one!) and when I lookL for it on the NEW site, I find it can take more than a week to show up.  OR,J a patch will show up that requires an important UPDATE patch be installed B first and it is not there (even though it came out weeks earlier!)   Rick --  J Richard L. Dyson                                      rick-dyson@uiowa.eduK   _   _  _____                      http://www-pi.physics.uiowa.edu/~dyson/oJ | | | ||_   _|  Senior Systems Analyst   --   INFORMM-Cerner Systems Group< | | | |  | |    The University of Iowa Hospitals and ClinicsJ | \_/ | _| |_   Information Systems Dept. BT1000 GH   Office: 319/384-7016K   \___/ |_____|  Iowa City, IA 52242-1052                 FAX: 319/384-7020tE                  (Consulting to the Physics and Astronomy Department)    ------------------------------  # Date: Mon, 29 Sep 2003 20:40:40 GMTd4 From: brad@.gateway.2wire.net (Bradford J. Hamilton)@ Subject: Re: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC/ Message-ID: <bN0eb.635209$o%2.292216@sccrnsc02>o  a In article <nw0eb.637920$uu5.102002@sccrnsc04>, "Richard L. Dyson" <rick-dyson@uiowa.edu> writes:y! !Peter 'EPLAN' LANGSTOEGER wrote:i !snip!P !> There is no registration neccessary to find the patch tree on the FTP server. ! A !	True, and my FTP script directly from OpenVMS DCL works fine toeO !"get_patches". :)  However, I have found a very annoying latency in the system L !that I can only hope is cleaned up with some time.  The old announcement ofM !patches will come out (yeah!  discrete e-mail for each one!) and when I lookoM !for it on the NEW site, I find it can take more than a week to show up.  OR,s  I I have sent e-mail to ITRC twice regarding this very issue, on 27-AUG andfI 5-SEP, shortly after seeing announcements of new patches that were on the M ftp.support.compaq.com site, but did not show up on ITRC.  I have received nolL human acknowledgement of either e-mail, although machine-generated responsesJ from ITRC assured me that I would receive a human contact within 24 hours.  J 0-for-2, hp!  Let's hope the A's perform as poorly this week (Go SOX!)	:-)  K !a patch will show up that requires an important UPDATE patch be installed tC !first and it is not there (even though it came out weeks earlier!)e !r !Rick  !-- K !Richard L. Dyson                                      rick-dyson@uiowa.edueL !  _   _  _____                      http://www-pi.physics.uiowa.edu/~dyson/K !| | | ||_   _|  Senior Systems Analyst   --   INFORMM-Cerner Systems Groupi= !| | | |  | |    The University of Iowa Hospitals and ClinicsiK !| \_/ | _| |_   Information Systems Dept. BT1000 GH   Office: 319/384-7016-L !  \___/ |_____|  Iowa City, IA 52242-1052                 FAX: 319/384-7020F !                 (Consulting to the Physics and Astronomy Department) !-  J __________________________________________________________________________A Bradford J. Hamilton                    "All opinions are my own")K bMradAhamiPltSon-at-coMmcAast.nPeSt     "Lose the MAPS, and replace '-at-'  0                                          with @"   ------------------------------  % Date: Mon, 29 Sep 2003 14:55:10 -0400e' From: "Main, Kerry" <kerry.main@hp.com> ! Subject: RE: VMS Security RundownaR Message-ID: <FD827B33AB0D9C4E92EACEEFEE2BA2FB0D86FA@tayexc19.americas.cpqcorp.net>  
 Hello Rob,  H Re: Comparing OpenVMS security to the older UNIX architectures available today and Windows.  G As some earlier replies have pointed out, most of the OpenVMS doc's area available online.=20  B Here are some references to the PDF versions relating to security: (url's will wrap)   6 http://h71000.www7.hp.com/doc/ (Main OpenVMS doc site)  H http://h71000.www7.hp.com/doc/731FINAL/DOCUMENTATION/PDF/OVMS_731_sys_se c.PDF (main security guide)-  H http://h71000.www7.hp.com/doc/731FINAL/DOCUMENTATION/PDF/OVMS_731_OPEN_S OURCE_SSL.PDF (SSL)k  H http://h71000.www7.hp.com/doc/731FINAL/DOCUMENTATION/PDF/OVMS_731_OPEN_S OURCE_CDSA.PDF (CDSA)7   Regardss  
 Kerry Main Senior Consultant0 HP Services Canada Voice: 613-592-4660y Fax: 613-591-4477r Email: kerryDOTmainAThpDOTcom.. (remove the DOT's and AT for email address)=20 =20C   >=20 > -----Original Message-----9 > From: RobRPM2222 [mailto:robrpm2222@aol.comInternet]=20." > Sent: September 29, 2003 5:14 AM > To: Info-VAX@Mvb.Saic.Comw >=20B > some questions for the group. I'm interested in security, and=209 > Ive been reading articles about older OS's and their=20d9 > approaches to security. Since some of them are quite=20nA > different from the typical *nix and Windows approaches, I've=20 ? > decided to do some looking into them to see what I can learn.> >=205 > Multics is interesting, but it's functionally dead.> >=20 > VMS seems to be still alive. >=20= > 1. what are the best info sources for information on VMS=20 A > security? I could Google search, but it would be hard for me=20.B > to judge which sites are best with the limited VMS background=20B > I have. I would appreciate it if you could give me some insight. >=20? > 2. How much of VMS's security is due to the fact that it's=20v? > not very common, and most of the admins/programmers for it=20 ; > are well past the age where breaking into things looks=20>B > technically interesting, AND how much is due to proper design=20A > and the wisdom of age? I'm not trying to be insulting in any=20  > fashion, just wondering. >=20? > 3. provided this won't cause a useless flamewar, how would=20eA > you compare out-of-the-box OpenVMS security to that of other=20 A > operating systems out-of-the-box you use regularly? Then how=20sA > would you compare the security of a locked-down VMS box with=20eB > an admin knowledgable about VMS security, versus the security=20@ > of a locked down box in the other OS you use regularly with=20* > an equally compentant admin for that OS? >=20@ > 4. if you were given free rein to add a security feature or=20> > cause a change in the security implimentation of OpenVMS,=20 > what would you change? >=20 > --=20>? > Rob Meyer                            |  "There are only so=20e > many ways to hurt4B > Goshinbudo Jujitsu (MMA)      |  the human body, and everyone=20< >                                             |  invented=20 > them." - Dan Inosanto  >        =20 >=20 >=20   ------------------------------  + Date: Mon, 29 Sep 2003 18:58:01 +0000 (UTC) . From: Dale Dellutri <ddelQQQlutr@panQQQix.com>! Subject: Re: VMS Security Rundown., Message-ID: <bl9vbp$sl4$2@reader2.panix.com>  F On Mon, 29 Sep 2003 18:18:39 GMT, Hoff Hoffman <hoff@hp.nospam> wrote:_ > In article <bl9hrr$neq$1@reader2.panix.com>, Dale Dellutri <ddelQQQlutr@panQQQix.com> writes:aN > :On 29 Sep 2003 09:13:52 GMT, RobRPM2222 <robrpm2222@aol.cominternet> wrote:R > :> 4. if you were given free rein to add a security feature or cause a change inC > :> the security implimentation of OpenVMS, what would you change?i > :s( > :Integrate encryption into VMS backup.  D >   Already implemented and available, with the installation of the C >   "Encryption for OpenVMS" product.  With the Encryption product tF >   installed, BACKUP can encrypt and decrypt its data.  The commands:  F >   BACKUP/ENCRYPT=(NAME=keyname|VALUE=keyvalue[,ALGORITHM=algorithm]) >   : >   The ENCRYPT and DECRYPT commands are also available.    : Thanks.  I didn't know about this, but I'll check into it.   -- t7 Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)    ------------------------------  # Date: Mon, 29 Sep 2003 18:18:39 GMTo# From: hoff@hp.nospam (Hoff Hoffman) ! Subject: Re: VMS Security Rundownr2 Message-ID: <3I_db.5891$PY7.2286@news.cpqcorp.net>  ] In article <bl9hrr$neq$1@reader2.panix.com>, Dale Dellutri <ddelQQQlutr@panQQQix.com> writes:oL :On 29 Sep 2003 09:13:52 GMT, RobRPM2222 <robrpm2222@aol.cominternet> wrote:P :> 4. if you were given free rein to add a security feature or cause a change inA :> the security implimentation of OpenVMS, what would you change?  : & :Integrate encryption into VMS backup.  B   Already implemented and available, with the installation of the A   "Encryption for OpenVMS" product.  With the Encryption product hD   installed, BACKUP can encrypt and decrypt its data.  The commands:  D   BACKUP/ENCRYPT=(NAME=keyname|VALUE=keyvalue[,ALGORITHM=algorithm])   8   The ENCRYPT and DECRYPT commands are also available.      N  ---------------------------- #include <rtfaq.h> -----------------------------K     For additional, please see the OpenVMS FAQ -- www.hp.com/go/openvms/faqiN  --------------------------- pure personal opinion ---------------------------E         Hoff (Stephen) Hoffman   OpenVMS Engineering   hoff[at]hp.comd   ------------------------------  % Date: Mon, 29 Sep 2003 14:13:57 -0400p* From: JF Mezei <jfmezei.spamnot@istop.com>! Subject: Re: VMS Security Rundowny) Message-ID: <3F787662.676191BC@istop.com>l   RobRPM2222 wrote:rQ > 2. How much of VMS's security is due to the fact that it's not very common, and Q > most of the admins/programmers for it are well past the age where breaking intoeP > things looks technically interesting, AND how much is due to proper design and > the wisdom of age?  M VMS was born as a multi user (and inherently multi-tasking) operating system.hI As a result, it was designed with security at its core whereas some otherkH operating systems which started off as single user machines got security features as an afterthought.  K VMS provides a security infrastructure which makes it possible for softwarecM such as a web server to operate without any special privileges. So if the webcN server goes nuts, it can only affect its own process and its own files and notG deposit magic files in some system directory that will then corrupt the J system. This is possible due to VMS using 4 memory security zones (kernel,M executive, supervisor , user), and protecting (by default) executable code ine memory from being overwritten.  N Software on VMS had been written with security in mind. Back in the 1980s whenJ ALL-IN-1 was designed, it handled tens of thousands of users so a reliableI security was required. For instance, they allowed one to send a script tofM users, but the script had to be physically located in a secured directory (so G in fact, one woudl send a pointer to the script). This way, only systemnD managers were able to approve a script and place it in the protectedI directory. Microsoft ignored these well known issues when it designed its  email software a decade later.  N VMS has had its shares of attacks. The engineers had to change MAIL (characterH cell utility) at one point to filter out control characters because someM people would include escape sequences in emails that would hang terminals (orsL have it do strange stuff). There were also some DECNET vulnerabilities earlyH on and this was handled by better installation procedures (for instance,E forcing you to choose default password for network objects instead ofr0 supplying a standard one used by all customers).  M Out of the box, there is very little that is activated by default so you mustoK activate what you need. This means that you have no "secret processes" thatsM run in the backgroup that you are unaware of. And this means that you are fartC more aware of exactly what TCPIP ports are opened (in listen mode).e  G VMS is also better equipped to diagnose problems. Its security logs are K comprehensive, and commands to find out who owns what resource etc are welltJ documented. So if you have a process you are not sure about, you can get aI fairly comprehensive idea of what files it has opened, what devices it is N talking to (modem, tcpip link, decnet links, terminal ports etc) and of course" under what username it is running.  N Also, on VMS, there isn't a tendency to have all processes run as the "system"K account (the equivalent of root on unix). So you have better means of seingt who is doing what.  K Also, because VMS systems tend to be managed by more experienced people whoaL are less swayed by trendy features, the systems tend to be managed in a moreJ secure and serious way and those managers less likely to open some serviceR just for the sake of having some trendy bell and whistle that isn't really needed.   ------------------------------    Date: 29 Sep 2003 14:26:01 -0500; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)s! Subject: Re: VMS Security Rundowna3 Message-ID: <Klevqhi4PBfN@eisner.encompasserve.org>x  V In article <3F787662.676191BC@istop.com>, JF Mezei <jfmezei.spamnot@istop.com> writes: > O > VMS was born as a multi user (and inherently multi-tasking) operating system.oK > As a result, it was designed with security at its core whereas some otherrJ > operating systems which started off as single user machines got security > features as an afterthought.  A    Not designed.  Re-designed.  Anyone who knows VMS 1.x passwordo    encryption can tell you.    ------------------------------    Date: 29 Sep 2003 15:45:00 -0500- From: Kilgallen@SpamCop.net (Larry Kilgallen)s! Subject: Re: VMS Security Rundownt3 Message-ID: <Dw$1mtAaCFY1@eisner.encompasserve.org>n  q In article <Klevqhi4PBfN@eisner.encompasserve.org>, koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes:aX > In article <3F787662.676191BC@istop.com>, JF Mezei <jfmezei.spamnot@istop.com> writes: >> sP >> VMS was born as a multi user (and inherently multi-tasking) operating system.L >> As a result, it was designed with security at its core whereas some otherK >> operating systems which started off as single user machines got security  >> features as an afterthought.  > C >    Not designed.  Re-designed.  Anyone who knows VMS 1.x password  >    encryption can tell you.   E There have been various algorithm changes over the years (and the old D algorithms continue to work if you have not changed your password inB 25 years).  But the greatest vulnerability I recall was eliminated/ when VMS V1 when from field test to production.r  D The most recent algorithm change I recall was to defend against user> subterfuge to get around minimum password length requirements.   ------------------------------  # Date: Mon, 29 Sep 2003 22:03:50 GMTe5 From: rdeininger@mindspringdot.com (Robert Deininger)t! Subject: Re: VMS Security RundownSL Message-ID: <rdeininger-2909031812580001@user-uinj4kk.dialup.mindspring.com>  C In article <pcVdb.689$Vb3.596869@news1.news.adelphia.net>, "John E.l% Malmberg" <wb8tyw@qsl.network> wrote:    >Robert Deininger wrote: >> tC >> The authoritative reference for the VMS security model is in ther. >> documentation set, available on the web at: >> o+ >> http://h71000.www7.hp.com/doc/index.htmlf >> n9 >> You'll want to look at the "Guide to System Security".w >>  F >> (For some reason, the doc page does not have any of the VMS manuals> >> available at the moment.  It appears to be an empty shell.) >-M >Look on the left side of the screen.  There is a list of documentation sets.> >l  F Well yes.  But the frame that should contain all of the manuals in the* main VMS set is ... empty.  Most annoying.   ------------------------------  % Date: Tue, 30 Sep 2003 00:25:46 +02000 From: Dirk Munk <munk@home.nl>; Subject: Re: VMS Technical Update seminar (the Netherlands)a& Message-ID: <3F78B16A.6030603@home.nl>  3 I visited this seminar too, but attended both days.x  H The first thing that struck everyone (incl. HP) was how many people had Q subscribed to the seminar. A staggering 400 VMS enthousiast were there on one or dQ both days. Compare that to 50 ~ 70 people turnout on the similar sessions in the  K UK, Germany or Austria. It was so much of a success that at the end of the nP seminar (the first one of this kind in the Netherlands) that HP announced  they 8 already had allocated a budget for a seminar next year !  L Guy Peleg clearly was 'the new kid on the block'. He is from HP Israel, and P impressed everyone with his knowledge, humour and his apparent position at such J a rather tender age within VMS engineering. He is younger than VMS as Sue O pointed out, and she added that these days there are also 'engineers with blue fF hair' to be found at VMS engineering . So there is fresh blood in VMS N engineering, and if Guy is representative for these new engineers, the future O looks bright for VMS. And let's not forget to wish him a very happy 5764 ! (It a was just new year in Israel)  P After I've met Sue now on HP world and this seminar, I came up with a very good L reason why VMS still exists. Suppose Compaq / HP wanted to dump VMS, then I I don't think that even the full board of directors would have the guts to wN confront Sue with that message. She alone has more then enough enthousiasm to 8 drive VMS forward. You might say she is the soul of VMS.  O Piet de Ruiter, the man from Intel, gave us a nice view on the Itanium. It was eI just a shame that he coould only compare the Itanium with previous Intel /Q processors, and not with the Alpha. He did get some polite but sceptical remarks 0N about the Itanium from the audiance, so obviously many VMS diehards still are 4 not convinced about the Itanium move (neither am I).  P Andy Goldstein gave us some nice presentations on several subjects. One of them J was about the switch to Itanium and the problems they had to solve in VMS  because of that.  M Brad McCusker gave us a great presentation about the Unix shell in VMS. In a sP couple of years time, VMS will have a complete Unix shell, and can then be used N as any true Unix (without the security bugs I hope). At the same time it will N remain VMS, and we will still have our trusted VMS DCL commands. (I only hope O all the ported Unix stuff we now have will also get a true VMS CLI interface). l4 This presentation was also greeted with enthousiasm.  F So all in all a great seminar, and I hope to attend next year as well.               H Vlems wrote:D > The VMS Update seminar was held on 25 and 26 September in Ede, theE > Netherlands. Presentations by HP and Intel, directed at a technicalfH > audience. It was a full program, with lots of interesting information.M > Compared to the Decus Europe symposium of last May this two day event was a7K > *lot* better. I could only attend the sessions on Thursday and it was thenG > best VMS event I visisted in the past 10 years. Presentations by AndyiL > Goldstein are of course in a class of their own (excellent) but the othersF > were also very good indeed. What struck me most was the optimism andN > enthousiasm clearly present in the audience and the staff. At the last threeK > Decus Europe symposia the Engineering Forum was a lukewarm event at best.lN > Few questions from a small audience. Here we had a lively audience with moreN > questions that the panel could handle in the half hour that was planned (butM > it took a little longer!). Guy Peleg was visibly surprised at the amount ofaL > reactions he got from the audience during his presentation on new featuresM > in DCL. He was telling about a new lex function that will compute the deltaPL > time between two VMS timestamps and was interrupted by questions like "CanM > we also add delta-times now?" and other similar things that system managers-M > really want to see in DCL. Guy was clearly somewhat taken aback by all thataN > happened but handled it very well. It does prove that VMS is still very muchL > alive, at least in this country. It also proved without a doubt that HP isN > backing VMS and that the OS does have a future. I've got to admit that sinceN > the dark days of Bob Palmer, let alone Compaq, I did not have much hope thatN > VMS would ever live to be 30 years old but this symposium absolutely removedK > that doubt. VMS engineering is improving parts of the OS that hadn't beeneM > touched in the last decade. They're working to improve the (IO) performancesM > of VMS and its ability to operate in an Internet dominated world. Security,lK > availability and performance are the most visible attributes for InternetgL > servers and it is obvious that HP wants to position VMS as a platform that > excells in those three areas.e > N > And of course I finally had the opportunity to thank Sue Skonetksi in personL > for the Itanium boot contest prize! And thank you for organizing a perfect > VMS event. >  > Hans >  > --------- Thursday ---------J > The new HP -  One year post merger                                     - > Terry Shannon     - TSKHPCM > OpenVMS Future Directions                                                 -i > Sue Skonetski      - HPfL > Intel Commitment to openVMS                                              - > Piet de Ruiter      - InteleL > OpenVMS 7.3-2 and beyond                                                 - > Andy Goldstein    - HPC > openVMS on EV7: proof of point from live customer systems - Steve 
 >        - HP$E > Porting openVMS and applications to the Itanium processor    - Andy  > Goldstein    - HPt > Itanium processor1* >           - Piet de Ruiter       - Intel > Engineering forum  > DCL in the 21st-% >         - Guy Peleg            - HPp > Workshops until 22:30x > --------- Friday ---------L > HP platforms with Itanium processor directions                       - Ric > Lewis            - HP>H > The HP OpenVMS Intanium Calling Standard                        - Andy > Goldstein    - HP L > Integrating of VMS data, apps, Webenabling, Apache&Tomcat,Netbeans - Kevin > FitzPatrick - HP > TCP/IP >        - Graham Howland - HPA > Dynamic volume expansion and host based volume shadowing - Andy  > dstein    - HPL > Unix to openVMS an attractive option                                     - > Brad McCusker   - HP >  >    ------------------------------  % Date: Tue, 30 Sep 2003 14:36:54 +1000 0 From: Tony Bolton <TBolton@REMOVEmhl.nsw.gov.au>+ Subject: WTB:  Dectape II (TU58) CartridgesiC Message-ID: <3f790865$0$95051$c30e37c6@lon-reader.news.telstra.net>e  I   Yes I really need some cartridges, those I have (hundreds) are failing nI from old age so I would like to buy up to 50 if they are likely to be in oH reasonable condition. Those stored in a temperature/humidity controlled = environment suitable for mag tape are more likely to survive.0     -- _'                                 Regards +                                 Tony Bolton 6                            TBolton 'at' mhl.nsw.gov.au7                            MANLY HYDRAULICS LABORATORY.36                           110 King ST. Manly Vale 2093+                           Sydney  AUSTRALIA@A                           Phone +61 2 99490200 FAX +61 2 99486185e3                           http://www.mhl.nsw.gov.au    ------------------------------   End of INFO-VAX 2003.541 ************************e is true for Process Software's SSH for OpenVMS)fF > that you can not run an SSH or SCP session from a command proc.  No E > combination of "Define ..." 1	$l\3J$a$fLM.6(qLXРčrp  I
m!'1tk%2rIܨ"l1f!4&qc*bSF5[=f[43%fD=H?2R̺i\,ܲ2_ 7BOVd!-1/ߨ/!UnXlݎ4N_V$t6OLȞ@-q1F-J|TXEbߤf`M0(B6eBp+Qb2/ޤRަĽza&%O_ctf
.VOYQ%NNYU7!~Rg&ASJirH΂7.qo";5ԜNv@
x{b݄&U)UֽĞfjDEӒNjVNbO(C"3JᐻD4*+Ml65h#f,jKR{Tl.itl,l+h*9r[mD)[B<!VP L_{MX	=OߋϪ@NؽsITfn2rUt7dKK;om0	 `)T| )#|aּ|GQޗ}涓mr
р2VJ*V1 ~h-Nx Uhs )pYqcp:V$R5C.;'d[e@vk"8_uz\@RբQrs~o]=M&jC~'oޝaF\EvI=va~s7⭋xdD5ГctфUVXt]LRX#?[3Ijn
)r%$ ˎ70*h - 9X'q3:V'h7sC=hPڐʀ>4(`ن<~XHq}.=K!nvmPo5ua#|0svlX(e닰P#ͅg55w҄hT