0 INFO-VAX	Mon, 02 Feb 2004	Volume 2004 : Issue 64      Contents: Re: $SETUAI() Query/Problem  Re: $SETUAI() Query/Problem  Re: $SETUAI() Query/Problem  Re: $SETUAI() Query/Problem  Re: $SETUAI() Query/Problem  AlphaServer 2100 Re: AlphaServer 2100 Re: AlphaServer 2100 Re: AlphaServer 2100 Re: AlphaServer 2100 Re: AlphaServer 21009 Re: Bush on JF:  None so blind as those who would not see  Condist around Portland, OR 3 is the current SCO denial of service attack bogus ?  Re: JF's terrorist mind  Re: JF's terrorist mind  Re: Kerberos login on VMS  Re: MyDoom = Microsoft + SCO Re: MyDoom = Microsoft + SCO Re: Rumours of (CPU) Wars - Re: Several BA and AF flights cancelled again A Re: The State of JF's Brain: The Truth about a Dishonest Canadian / Re: The VMS Path Not Taken: Now It Can be Told! 1 VMS Advertising was: Re: Renaissance of VAX-VMS ?   F ----------------------------------------------------------------------  $ Date: Sun, 1 Feb 2004 22:34:49 -00009 From: "covendotartdottalk21dotcom" <postmaster@127.0.0.1> $ Subject: Re: $SETUAI() Query/Problem3 Message-ID: <sJWdnTmEs72R4oDdRVn-hw@brightview.com>   A "Mike Rechtman" <michael.rechtman.nospam@hp.com> wrote in message   news:401D2506.75218E7C@hp.com...# > covendotartdottalk21dotcom wrote: G > Instead of trying to change passwords over the net, could you perhaps C > create some sort of usernanme/password list - protected, encoded,  > guarded by fierce H > dragons, whatever - and securely copy it over to NODEB, where it would5 > serve as input data to a password-updating program?   F Unfortunately not.  The developers of the application that runs on theG boxes won't support anything not written by them, running on the boxes.   D The boxes have O/S, firmware and third-party/layered product updatesI installed in a very carefully controlled manner, after months of testing.   G It's extremely unlikely that they would have the time or inclination to G write software for "NODEA" and "NODEB" to do this, especially since the 5 security changes requested, were not at their behest.   B It does however, sound like the most likely means of achieving theG changes, even if it would take months before resources became available 	 to do so.   6 Thanks very much for the suggestion;  I'll pass it on.     Mark   ------------------------------  $ Date: Sun, 1 Feb 2004 23:13:39 -00009 From: "covendotartdottalk21dotcom" <postmaster@127.0.0.1> $ Subject: Re: $SETUAI() Query/Problem3 Message-ID: <KZednRzI0rm6FYDdRVn-hQ@brightview.com>   : "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message- news:kzO4pYdQXv9J@eisner.encompasserve.org... 5 > In article <9JWdndpAE7B9xYHdRVn-gw@brightview.com>, ; "covendotartdottalk21dotcom" <postmaster@127.0.0.1> writes: J > > Again, you're making a presumption (in #2) that access from any DECnetG > > or IP address is permitted to these systems.  It's not.  Permitted/ + > > trusted nodes can be (and are) defined.  > J > Breakin attempts do not require a "node".  A personal computer emulating > a terminal will do just fine.   E And network traffic coming from a PC needs to be identified by?  Some G kind of addressing mechanism, relevant to the network protocol which it D is using, which either is or isn't supported by the intended target,B and can then be dealt with in an appropriate manner by the network protocol stack(s) if present.     C > And I think your network consisting entirely of secured computers A > with no connections to the outside world but yet with some risk # > of password sniffing is unlikely.   1 They don't have connections to the outside world.   C Some risk of password sniffing?  Well, anyone with a legitimate box B on the network (or physical access to disconnect a legitimate box,C and plug in their own one), and can put an adapter into promiscuous  mode can do just that.  D Having hundreds of VMS systems (on their own separate network) might? perhaps imply to some people that they are used in some way for D handling internet traffic, but (at least) in this case, they're not.      E > > Is $HASH_PASSWORD()'s functionality generic (not specifically the A > > algorithms that are used), or is (some of) the implementation  > > VMS-specific?  > ? > Anything that takes VMS descriptors as input is VMS Specific.   @ Yes, but is there anything in the actual code which could not be ported to another O/S?  C e.g. is there some element of the code which Digital/Compaq/HP have E never publicly released to the outside world, and as a result, nobody A could have implemented it for themselves on VMS (much less on any A other O/S - which is what you said would not be surprised about)?     F > I think you should revise your strategy of presuming that posters toD > comp.os.vms do not know what they are talking about.  Admittedly IF > was unclear in my first post about the need for an attacker to mount3 > a dictionary attack, but the risk really is ther.   C I don't really want to trade personal insults in a public forum;  I A know perfectly well that the vast majority of posters to, and the B silent majority/minority of readers of c.o.v do know what they areB talking about (VMS-wise);  however, being unnecessarily acerbic inA your initial responses to simple questions really does nobody any  favours.  E Yes, I'm asking people to respond in their own personal time, without E charge, and of course, people have no obligation to do so - but if my C question offends you, or doesn't stimulate your interest, then just  ignore it - manners don't cost.   E Unfortunately, some people, on seeing churlish responses from posters D here, may tar the rest of the VMS community with the same brush, andB perhaps then not consider buying VMS solutions, in the belief thatB they are likely to encounter similar hostile attitudes from system= manglers/operators or companies offering support on their VMS 	 products.   D This won't help increase wider acceptance of VMS, or indeed, prolong
 its lifespan.   D Can/will you tell me whether AUTHORIZE now uses $GETUAI()/$SETUAI(), or not?     D > > Instead of bitching about the fact that I'm trying to achieve anG > > automated way of changing passwords on thousands of accounts across J > > hundreds of systems, have you got any *useful* suggestions on how thisI > > might be achieved (in a different way to the way I have been trying)?  > C > I would suggest you start by getting a subscription to the source 	 listings.   @ But you've said that programmatically changing passwords in thisD manner isn't the way to go about it, so VMS sources (not cheap, as I recall) are unlikely to help!   F Do you have any real solutions to a very real (or at least, percieved) problem?     Mark   ------------------------------   Date: 1 Feb 2004 18:46:13 -0600 - From: Kilgallen@SpamCop.net (Larry Kilgallen) $ Subject: Re: $SETUAI() Query/Problem3 Message-ID: <+Cdy84lFaBVk@eisner.encompasserve.org>   o In article <KZednRzI0rm6FYDdRVn-hQ@brightview.com>, "covendotartdottalk21dotcom" <postmaster@127.0.0.1> writes: < > "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message/ > news:kzO4pYdQXv9J@eisner.encompasserve.org...   D >> And I think your network consisting entirely of secured computersB >> with no connections to the outside world but yet with some risk$ >> of password sniffing is unlikely. > 3 > They don't have connections to the outside world.  > E > Some risk of password sniffing?  Well, anyone with a legitimate box D > on the network (or physical access to disconnect a legitimate box,E > and plug in their own one), and can put an adapter into promiscuous  > mode can do just that.  C Then the network does not consist of secured computers if attackers  have physical access.   > And sniffing UAF updates is as dangerous as sniffing passwords presuming a competent opponent.    ------------------------------  % Date: Sun, 01 Feb 2004 19:43:14 -0500 * From: JF Mezei <jfmezei.spamnot@istop.com>$ Subject: Re: $SETUAI() Query/Problem) Message-ID: <401D9D21.B8BF8607@istop.com>   9 Have you considered a client-server type of arrangement ?   ? you have a "server" software on nodeB, nodeC, nodeD, nodeE etc. & you have a "client" software on nodeA.  O you define decnet network objects that automatically start the server software.   F So NodeA connects to the object on nodeB. Talks directly to the serverN software on NodeB. Sends it a username, hashed password and encryption method.F Node B then uses SETUAI to update NodeB's SYSUAF wherever it might be.  J This has the advantage that NodeA need not know the exact location of eachM node's SYSUAF, and because the software that actually updates a node's SYSUAF H run on the same node, you have fewer problems of incomatibilities shouldK format of SYSUAF change with some VMS versions and yoru net doesn't all run  the same version.    ------------------------------  # Date: Mon, 02 Feb 2004 04:15:43 GMT # From: Jonas Lindholm <jlhm@usa.net> $ Subject: Re: $SETUAI() Query/Problem8 Message-ID: <P9kTb.301511$0P1.290500@twister.nyc.rr.com>  I Ok, you should still answer my question if you have setup proxy on NODEB  F or if you specify username and password for NODEB in the logical name.  F I'm not asking you to reveal any username/passwords, just show us the G definition you are using. Replace any username/password with something   else such as uuuu/pppp.    I just try to help you.   H BTW. I've access to the VMS source listing so I might be able to answer G any specific question you have about AUTHORIZE and $GETUAI/$SETUAI but  " only if I know what you are doing.   /Jonas    ! covendotartdottalk21dotcom wrote:   2 > "Jonas Lindholm" <jlhm@usa.net> wrote in message6 > news:RNVSb.168539$4F2.19936568@twister.nyc.rr.com... >  >>I >>Can you give us an example how you define SYSUAF and RIGHTSLIST logical / >>names on NODEA to access the files on NODEB ?  >>H >>Remember you need proxy access on NODEB if you don't also specify your+ >>username and password in the definitions.  >> >>/Jonas >  > G > Well, the logical is created, and the code therefore works fine, so I E > don't know that there's really any need to post it here (especially A > as it would take some time to strip it down to the bare minimum G > that is normally required for such posts anyway), but it's equivalent & > to having done the following in DCL: > B > $ DEFINE /PROCESS /EXECUTIVE SYSUAF NODEB::SYS$SYSTEM:SYSUAF.DAT > 9 > where NODEB is defined in the DECnet database on NODEA, I > SYS$SYSTEM:SYSUAF.DAT is the correct location of the UAF file on NODEB, I > and the UIC under which the executable runs that defines the logical on J > NODEA, does have SYSNAM as a default and authorised privelege in NODEA's > UAF. > I > For the purposes of testing, I'm currently not using $DELLNM() prior to F > image rundown, so when returned back to DCL, if I do SHOW LOG SYSUAFI > /FULL, I can see (in the system table) the SYSUAF definition of the UAF J > on the development system, and prior to this, in the process name table,A > the SYSUAF definition (executive mode) pointing to NODEB's UAF.  > E > I think I'm just trying to achieve the impossible.  Maybe I'll just H > have to say that the VMS systems don't meet the security requirements,D > and that unless they employ someone two days a week to perform theF > laborious process of changing thousands of passwords across hundredsH > of systems*, they'll just have to get rid of the hundreds of VMS boxesD > we have, and replace them with... er... ah... oh, no other O/S canG > achieve this either, so well, ah, the company will just have to close  > down.  > E > Simple.  Everyone out of a job.  Problem no longer exists.  Problem  > solved. ** >  >  > F > *  And set aside money to cope with the litigation pertaining to the >    resulting RSI.  > B > ** For all of the po-faced protagonists amongst you, I was being >    facetious.  >  > Mark >  >    ------------------------------    Date: 01 Feb 2004 18:36:39 -0800( From: Javier Henderson <javier@KJSL.COM> Subject: AlphaServer 2100 - Message-ID: <86n082p5qg.fsf@skylane.kjsl.com>   F I once transported a VAX 4300 in my airplane, by disassembling it intoH major components. The total weight wasn't a problem, the dimensions madeB it too bulky to easily load it (I've a Cessna 182, a four seater).  C Does anyone know if an AlphaServer 2100 can be put apart like that? A The max weight, according to specs I found online, is 250 pounds, D which makes it Not A Problem. The dimensions are 47in by 40 in by 24C in, and that would make it A Problem. I need to transport one a few  hundred miles...   Thanks,    -jav   ------------------------------  # Date: Mon, 02 Feb 2004 03:02:32 GMT 4 From: brad@.gateway.2wire.net (Bradford J. Hamilton) Subject: Re: AlphaServer 2100 . Message-ID: <c5jTb.208563$na.339795@attbi_s04>  X In article <86n082p5qg.fsf@skylane.kjsl.com>, Javier Henderson <javier@KJSL.COM> writes:G !I once transported a VAX 4300 in my airplane, by disassembling it into I !major components. The total weight wasn't a problem, the dimensions made C !it too bulky to easily load it (I've a Cessna 182, a four seater).  ! D !Does anyone know if an AlphaServer 2100 can be put apart like that?B !The max weight, according to specs I found online, is 250 pounds,E !which makes it Not A Problem. The dimensions are 47in by 40 in by 24 D !in, and that would make it A Problem. I need to transport one a few !hundred miles...  !   I Do you really need to use a "plane" for such a short distance?  Renting a L pickup or a van may be more cost-effective, and means that the 2100 could be transported in one piece.    !Thanks, !  !-jav   J __________________________________________________________________________A Bradford J. Hamilton                    "All opinions are my own" K bMradAhamiPltSon-at-coMmcAast.nPeSt     "Lose the MAPS, and replace '-at-'  0                                          with @"   ------------------------------    Date: 01 Feb 2004 19:12:23 -0800( From: Javier Henderson <javier@KJSL.COM> Subject: Re: AlphaServer 2100 - Message-ID: <86k736i38o.fsf@skylane.kjsl.com>   6 brad@.gateway.2wire.net (Bradford J. Hamilton) writes:  Z > In article <86n082p5qg.fsf@skylane.kjsl.com>, Javier Henderson <javier@KJSL.COM> writes:I > !I once transported a VAX 4300 in my airplane, by disassembling it into K > !major components. The total weight wasn't a problem, the dimensions made E > !it too bulky to easily load it (I've a Cessna 182, a four seater).  > ! F > !Does anyone know if an AlphaServer 2100 can be put apart like that?D > !The max weight, according to specs I found online, is 250 pounds,G > !which makes it Not A Problem. The dimensions are 47in by 40 in by 24 F > !in, and that would make it A Problem. I need to transport one a few > !hundred miles...  > !  > K > Do you really need to use a "plane" for such a short distance?  Renting a N > pickup or a van may be more cost-effective, and means that the 2100 could be > transported in one piece.   D I own, the plane, I just need to buy the gas for this trip, it wouldC be cheaper than renting a truck for a couple of days, plus the trip + would be about two hours in each direction.   J And as someone else pointed out, any excuse is a good excuse to go flying.   -jav   ------------------------------  * Date: Mon, 2 Feb 2004 03:08:23 +0000 (UTC). From: dfevans@bcr10.uwaterloo.ca (David Evans) Subject: Re: AlphaServer 2100 / Message-ID: <bvkev7$cdc$1@rumours.uwaterloo.ca>   . In article <c5jTb.208563$na.339795@attbi_s04>,5 Bradford J. Hamilton <brad@.gateway.2wire.net> wrote:  > J >Do you really need to use a "plane" for such a short distance?  Renting aM >pickup or a van may be more cost-effective, and means that the 2100 could be  >transported in one piece. >   A   Everyone I know who has a plane looks for any excuse to use it.    --  M David Evans                                         dfevans@bbcr.uwaterloo.ca M Ph.D. Candidate, Computer/Synth Junkie     http://bbcr.uwaterloo.ca/~dfevans/ M University of Waterloo         "Default is the value selected by the composer M Ontario, Canada           overridden by your command." - Roland TR-707 Manual    ------------------------------  * Date: Mon, 2 Feb 2004 04:24:56 +0000 (UTC). From: dfevans@bcr10.uwaterloo.ca (David Evans) Subject: Re: AlphaServer 2100 / Message-ID: <bvkjeo$f7s$1@rumours.uwaterloo.ca>   ) In article <401DD182.A8B38BE8@istop.com>, , JF Mezei  <jfmezei.spamnot@istop.com> wrote: >David Evans wrote: D >>   Everyone I know who has a plane looks for any excuse to use it. > O >So ? The gentlemen asked a question about transporting it in a cessna. Whether I >it is just for a 20 minute flight, or a 3 days flight across the pacific 7 >hopping from island to island makes little difference.  >   G   Oh, agreed.  I'm all in favour of looking for excuses to use a plane. - Flying is, after all, quite a bit of fun.  :)   L >I think it would make for a very popular picture if a 2100 were attached to# >the belly of mr Henderson's plane.  >   A   For sure.  If he gets this together I for one would love to see  photos.    --  M David Evans                                         dfevans@bbcr.uwaterloo.ca M Ph.D. Candidate, Computer/Synth Junkie     http://bbcr.uwaterloo.ca/~dfevans/ M University of Waterloo         "Default is the value selected by the composer M Ontario, Canada           overridden by your command." - Roland TR-707 Manual    ------------------------------  % Date: Sun, 01 Feb 2004 23:26:59 -0500 * From: JF Mezei <jfmezei.spamnot@istop.com> Subject: Re: AlphaServer 2100 ) Message-ID: <401DD182.A8B38BE8@istop.com>    David Evans wrote:C >   Everyone I know who has a plane looks for any excuse to use it.   N So ? The gentlemen asked a question about transporting it in a cessna. WhetherH it is just for a 20 minute flight, or a 3 days flight across the pacific6 hopping from island to island makes little difference.  M Also, bear in mind that even in north america there are many city pairs where M flying is easier than driving. many city pairs in alaska are better served by C air than by road. And if you live in an area where roads are in bad > conditions, flying might offer a bettere ride to the computer.  H I once had my bike carried on the belly of a Beech 1900D. Bush pilots in5 Canada routinely carry canoes attached to the floats.   K I think it would make for a very popular picture if a 2100 were attached to " the belly of mr Henderson's plane.  J Seriously though, I think Mr Henderson might be able to reduce the 46 inchN depth. But I doubt that the height and width could be reduced. (and one should also add the wheels to this).   J I know how I can reduce the cabinet of my all mighty microvax II because IN have disassembled it (and disassembled the cabinet of a spare MVII to house my stereo equipment.   M Unless you are a certified DEC technician, you are unlikely to have thinkered L with a 2100 at the office to a point where you are intimate with he cabinet.K That leaves bobbyists who would have a 2100 and would have looked under the M cabinet's clothes to see what's under the hood and could therefore comment on  if the cab can be made smaller.   N Sorry, but I think that Mr Henderson has a valid question. He could have askedG about making the cab smaller to fit some industrial application and the " answers should have been the same.   ------------------------------   Date: 2 Feb 2004 04:21:10 -0000  From: Ha Ha <ha@ha.ha>B Subject: Re: Bush on JF:  None so blind as those who would not see7 Message-ID: <LFN7FT3B38018.9313657407@anonymous.poster>   * JF M e z e i <nobody@nobody.info> trolled:   >Jeff Jones wrote:M >> This is hilarious coming from a supporter of a president who should have a J >> placard reading "The Buck Stops Anywhere But Here" sitting on his desk. >>  F >> "It's the Cia's fault! It's the CIA's fault!  It's the CIA's fault! >> ad.naseum > O >But when you setup the whole scheme with deniability, this will all work. Bush ( >says he just reported what he was told. > J >CIA blames NSA. NSA blames the defense intelligence unit. In the end, allL >fingers will point at Rumsfeld/Wolfowitz/Cheney axis of evil who would have >manipulated Bush jr.  > I >By then, Bush Jr is re-elected and Rumsfeld/Wolfowitz will have retired. M >Cheney will have had a heart attack and been replaced. So Bush will come out M >of it squeeky clean and won't be impeached since the real culprits will have  >left the white house. > C >Remember that folks like Karl Rove had planned for this all along.   0 Really?  Mr. Rove told you what he was planning?   ------------------------------  % Date: Sun, 01 Feb 2004 13:19:32 -0800 % From: Dean Woodward <deanw@rdrop.com> $ Subject: Condist around Portland, OR$ Message-ID: <401D6D64.609@rdrop.com>  B Is there someone in the Portland, OR area who might have a recent H condist I can borrow, beg, or bribe from them for a weekend? Mostly I'm : looking for TCPIP 5.4 for my Alpha-based hobbyist cluster.   ------------------------------   Date: 1 Feb 2004 14:00:54 -0800 ' From: doug_mentohl@yahoo.co.uk (Daeron) < Subject: is the current SCO denial of service attack bogus ?= Message-ID: <da46811d.0402011400.1379f7a2@posting.google.com>   ( Innocents Caught in SCO-Linux Cross Fire Peter Galli Aug 27 2003    [..]  F "Each DDoS attack aimed at SCO over the past 4 months has crippled not only SCO, but Centershift asD well," James Hafen, Centershift's chief technical officer and senior5 vice president, told eWEEK in an e-mail on Wednesday.   C "Stepping aside from the issues of how, architecturally, this would  have? spilled over into Centershift's domain, it should be known that @ bystanders are being injured as this war rages on," Hafen added.   [..]  D Hafen responded by admitting that his company did indeed have issues= with its hosting company and was taking action on that front.   3 http://www.eweek.com/article2/0,3959,1233231,00.asp     ? 'Stepping aside .. architecturally' ???  translation: I made an F unfounded statement and cannot back it up with hard facts. I wonder is' the current DDOS attack equally bogus ?    ------------------------------  + Date: Sun,  1 Feb 2004 22:40:10 +0100 (CET) . From: starwars <nobody@tatooine.homelinux.net>  Subject: Re: JF's terrorist mindE Message-ID: <45f1c91d1b750f980409b342a0b51133@tatooine.homelinux.net>   : JF Mezei <nobody@nobody.net> displayed his terrorist mind:   >Traveler wrote:M >> I think it's because they fear Al Qaeda has infiltrated those airlines and  >> their staffs. >  > K >As long as authorities give wishy washy excuses, it can mean anything from ) >political tactics to serious threaths.    > K >If these were specific terrorist threaths that were serious, they wouldn't L >peep a word to the world media about this and let the terrorists show up at5 >the airport and strip search them and their luggage.  > G >The fact that the Bush regime makes a point of telling the media is an G >indication that this has more to do with political antics than serious N >anti-terrorist tactics. Every couple of weeks, the Bush regime will issue theH >same statement about the same flights just to keep americans in fear of6 >terrorism, which inctreases his chances for election. > = >Note: Richard Reed was travelling aboard American airlines.   >  > L >What is possible is that the terrorists are testing which buttons result inJ >the bush regime sounding the alarm. When they press certain buttons whichO >don't result in the paranoid reactions of the USA government, they may figuure / >it is a way to board those flights undetected.  > O >What terrorists should do is to book an "Ossama Bin Laden" along with George W G >Bush in a single reservation on just about every large US airline on a A >specific day. And then watch how the Bush regime reacts to that.   ; You have the mind of a terrorist.  How surprising . . . . .    ------------------------------   Date: 1 Feb 2004 22:02:08 -0000 * From: Quelle Surprise <how@surprising.not>  Subject: Re: JF's terrorist mind7 Message-ID: <50H4Q52838018.6681481482@anonymous.poster>   > JF M e z e i <nobody@nobody.net> displayed his terrorist mind:   >Traveler wrote:M >> I think it's because they fear Al Qaeda has infiltrated those airlines and  >> their staffs. >  > K >As long as authorities give wishy washy excuses, it can mean anything from ) >political tactics to serious threaths.    > K >If these were specific terrorist threaths that were serious, they wouldn't L >peep a word to the world media about this and let the terrorists show up at5 >the airport and strip search them and their luggage.  > G >The fact that the Bush regime makes a point of telling the media is an G >indication that this has more to do with political antics than serious N >anti-terrorist tactics. Every couple of weeks, the Bush regime will issue theH >same statement about the same flights just to keep americans in fear of6 >terrorism, which inctreases his chances for election. > = >Note: Richard Reed was travelling aboard American airlines.   >  > L >What is possible is that the terrorists are testing which buttons result inJ >the bush regime sounding the alarm. When they press certain buttons whichO >don't result in the paranoid reactions of the USA government, they may figuure / >it is a way to board those flights undetected.  > O >What terrorists should do is to book an "Ossama Bin Laden" along with George W G >Bush in a single reservation on just about every large US airline on a A >specific day. And then watch how the Bush regime reacts to that.   ; You have the mind of a terrorist.  How surprising . . . . .    ------------------------------  $ Date: Sun, 1 Feb 2004 22:18:51 -00005 From: "Robert A.M. van Lopik" <lopik@mail.telepac.pt> " Subject: Re: Kerberos login on VMS9 Message-ID: <bvju6a$t531h$1@ID-191217.news.uni-berlin.de>   + <david20@alpha2.mdx.ac.uk> wrote in message # news:bv5rak$rd1$1@news.mdx.ac.uk... L > In article <buursg$m4aav$1@ID-191217.news.uni-berlin.de>, "Robert A.M. van& Lopik" <lopik@mail.telepac.pt> writes: > > . > ><david20@alpha2.mdx.ac.uk> wrote in message& > >news:burmh3$feh$1@news.mdx.ac.uk...E > >> In article <H_bQb.12903$G86.3793@news.cpqcorp.net>, "Rick Barry" ! > ><richard.barry@hp.com> writes: J > >> >If you're talking about the external authentication feature provided byE > >> >PATHWORKS for logging into the system, that's still using NTLM.  > >> > > >> > >> OK. > >>I > >> So it looks like we currently have no secure single password systems  from > >HP H > >> working with VMS and other OSs. Even Microsoft advise against using NTLM	 > >unless ( > >> you are forced to by older systems. > >[ snip ]  > > K > >The fact that MS has chosen Kerberos as the preferred mechanism is based  onF > >scalability; NTLM just carries more overhead than Kerberos in large > >networks. > > I > >NTLM in itself suffers from some weak encryption. With modern switched  LANsB > >this is less of a problem, because you can't eavesdrop on them. > K > Rubbish. Switched networks haven't provided sufficient protection against E > sniffing for years. Public domain tools such as dsniff provide easy  methods for ) > sniffing traffic on a switched network.  > G You are right in sofar that dsniff (not by itself but throught the tool J arpspoof that comes with it) can redirect traffic to the attacker and readI it. But then it has to be clear text. To attack NTLM you need a tool like L l0phtcrack (nowadays from @stake) AND you need to intercept two-way traffic,B because NTLM is a challenge-response system. I am not aware of theI capabilities of dsniff to accomplish this. But surely someone will find a B way. That's why I called it LESS of a problem. And, ARPspoofing isJ intrusive, thus in principle detectable. Thanks for the correction anyway.   regards 
 rob van lopik          --- & Outgoing mail is certified Virus Free.: Checked by AVG anti-virus system (http://www.grisoft.com).@ Version: 6.0.563 / Virus Database: 355 - Release Date: 27-1-2004   ------------------------------  # Date: Mon, 02 Feb 2004 02:53:46 GMT + From: LESLIE@JRLVAX.HOUSTON.RR.COM (leslie) % Subject: Re: MyDoom = Microsoft + SCO 3 Message-ID: <_YiTb.27974$eY2.6146@fe2.texas.rr.com>   / Fabio Cardoso (fabiopenvms@yahoo.com.br) wrote: = : Today the SCO site suffered a massive attack of the MyDoom.  : . : I am just imaginig if Microsoft buys SCO... < : Imagine a Microsoft Linux :-)  or Microsoft UnixWare ! :-)3 : What kind of impact it can cause in the market ?  A : IF MS decides to merge products of Windows Server and UnixWare. 7 : May be a version of Linux called Windows UniXP  ! :-)  :  :   8 How about Microsoft, realizing that they cannot deliver:    o a secure version of Windows    o multi-site clustering:  o uptimes measured with a calendar instead of a stopwatch   buys VMS and OpenMail from HP.   --Jerry Leslie9   Note: leslie@jrlvax.houston.rr.com is invalid for email    ------------------------------  $ Date: Sun, 1 Feb 2004 22:57:04 -0600( From: Wayne Sewell <wayne@tachysoft.com>% Subject: Re: MyDoom = Microsoft + SCO / Message-ID: <00A2CC9F.2C73B064.7@tachysoft.com>   , >From: LESLIE@JRLVAX.HOUSTON.RR.COM (leslie)& >Subject: Re: MyDoom = Microsoft + SCO >X-Newsgroups: comp.os.vms
 >Lines: 21+ >X-Newsreader: TIN [VMS 1.3 950824BETA PL0] 4 >Message-ID: <_YiTb.27974$eY2.6146@fe2.texas.rr.com>$ >Date: Mon, 02 Feb 2004 02:53:46 GMT >X-Complaints-To: abuse@rr.com     > 9 >How about Microsoft, realizing that they cannot deliver:  >   > o a secure version of Windows  > o multi-site clustering ; > o uptimes measured with a calendar instead of a stopwatch  >  >buys VMS and OpenMail from HP.   N Having software that actually works would be such a mind-shattering experienceN for billy that he would go insane and would have to administer his empire from a padded cell.   Wayne O =============================================================================== N Wayne Sewell, Tachyon Software Consulting  (281)812-0738   wayne@tachysoft.com; http://www.tachysoft.com/www/tachyon.html and wayne.html    O =============================================================================== B Jed Clampett, checking into hotel: "This place got a cement pond?", 	Ellie May: "And do yuh let critters in it?"   ------------------------------  # Date: Sun, 01 Feb 2004 23:01:42 GMT # From: "John Smith" <a@nonymous.com> " Subject: Re: Rumours of (CPU) WarsI Message-ID: <qzfTb.121702$fgk.13296@news01.bloor.is.net.cable.rogers.com>    JF Mezei wrote:  > Bill Todd wrote:F >> the time to.  Perhaps it will discourage Ken Farmer from passing itG >> on:  Ken features Terry rather prominently on his sites, and some of 9 >> Terry's character thereby contaminates them (and him).  > H > While I tend to agree with regards to Shannon's objectiveness (or lackE > thereof), Shannon still plays an important role. It is important to D > see what HP allows him to write. Mr Shannon needs to pay his bills! > and we need to understand that.  > B > And if Mr Farmer manages to get permission to reprint some of Mr0 > Shannon's articles, then that is fine with me. > > > Remember that Mr Shannon is currently the only publicy heardB > mouthpiece that mentions "VMS". (Since HP refuses to mention VMSF > publicly).  Any spin that makes VMS look better than it really is is > good for VMS.  > C > Now, the fact that Mr Shannon was allowed to mention that the VMS A > customer base was "dwindling" is telling. It is no surprised to E > people here since it has been obvious for a long long time. What is 2 > important is that HP is starting to admit to it. > A > Will this drop motivate HP to relaunch VMS on IA64 with lots of G > fanfare, of will it help HP justify a more rapid phasing out of VMS ?        More of the latter I'm afraid.  I Let's see...a few high profile wins in the financial services sector over K the past year and no advertising of VMS in the WSJ, FT, Economist, Barrons, G Fortune, WS&T, American Banker, or a myriad of other publications where : crowing about this would likely lead to more VMS business.  3  HP execs are about as smart as a herd of lemmings.    ------------------------------   Date: 2 Feb 2004 04:36:16 -0000  From: Ha Ha <ha@ha.ha>6 Subject: Re: Several BA and AF flights cancelled again7 Message-ID: <QV1J45D038018.9418518519@anonymous.poster>   * JF M e z e i <nobody@nobody.info> trolled:   >Fly Guy wrote: F >> They're being cancelled because of an external threat to the plane.& >> Shoulder-launched missles or RPG's. >  > I >If the threath is ground based, then the terrorists would bring down any N >plane, not a specific flight number. If the terrorists are USA based, then itM >is the airport that should be closed since any flight in/out of that airporte >is at risk. >/K >If the threath is outside the USA, then it is up to the british and french0( >authorities to decide what can be done. > I >As long as the american public remains convinced that the Bush regime isaO >honest and telling the truth, then the Bush regime will continue to manipulateaH >the news media by releasing those stories of possible terrorist attacks >against the USA.s   What's a "threath"?o   ------------------------------   Date: 2 Feb 2004 04:36:47 -0000P From: Ha Ha <ha@ha.ha>J Subject: Re: The State of JF's Brain: The Truth about a Dishonest Canadian7 Message-ID: <6AINSY0J38018.9422106482@anonymous.poster>   * JF M e z e i <nobody@nobody.info> trolled:   >John Gaquin wrote: D >> > ....The soviets had been invited into Afghanistan by the Afghan5 >> > government to help control the warring factions,n >aL >> I spent a lot of time working in Afghanistan in 76, 77.  That's not quite >> the way it happened.s >4 >RC >All that is missing is "claimed they" between "soviets" and "had".. >>J >But weren't they actually invited ? (after the soviets installed a soviet >friendly government ?)  >tI >What I don't quite understand is that it was often said that the sovietsoN >wanted a corridor to be able to ship their oil to a port and sell it to worldN >markets. But afghanistan doesn't give them access to the ocean because of theH >strip of land that belongs to pakistan that covers the shores shouth ofN >afghanistan. Does this mean that the soviets would have eventually taken that >strip of land ?  I You tell us.  You're the one with telepathic communication with all worldp leaders.   ------------------------------  # Date: Sun, 01 Feb 2004 22:54:02 GMTs# From: "John Smith" <a@nonymous.com>t8 Subject: Re: The VMS Path Not Taken: Now It Can be Told!I Message-ID: <esfTb.121626$fgk.53625@news01.bloor.is.net.cable.rogers.com>g   JF Mezei wrote:n1 > Phillip Helbig---remove CLOTHES to reply wrote: G >> Compaq paid $9 billion for DEC.  Assuming it would make sense to buyn> >> just VMS, we're probably talking about at least $1 billion. >uF > When you consider all the assets which Compaq disposed of (or ratherF > "donated"), then almost all of that 9 billion went to the toilet. ItC > is no wonder Compaq faltered and curly had to beg Carly to rescuey > Compaq from oblivion.e >zF > Capellas was as qualified to run Compaq as those guys off the street > are toH > run a restaurant for one night in the USA TV program "The Apprentice". >JH > But the real issue is that the Compaq board agreed to let Pfeiffer buyG > Digital. The minute they agreed to it, they should have insisted that) > thecB > assets they were paying for were returning the maximum anount of > money.B > Capellas made sure to simply dispose of those assets, wishing toC > forget about that 9 billion investment and concentrate on Wintel.a >gF > Consider Digital's PC assembly facility in Kanata Ontario Canada. ItF > was more efficient than Compaq's. When you're down to seeking to cutD > half a penny from assembly costs in order to compete against Dell, > and  you pay good money toD > buy a more efficient facility, it is pretty stupid to shutdown the3 > better facility and keep your less efficient one.h > C > Had Pfeiffer not begun takeover talks with Palmer 3 years before,nB > Palmer would have been ousted and perhaps someone more competantA > would have been put at the helm with a clear mandate to rebuildeG > Digital instead of cannabalising Digital (which was Palmer's apparentt > mandate).e  J The same sort of arteriosclerosis is affecting the thinking at the currentK HP BOD as was affecting the BOD at Digital in the latter days, and a Compaq  as well.   ------------------------------  # Date: Sun, 01 Feb 2004 22:50:45 GMTl# From: "John Smith" <a@nonymous.com>n: Subject: VMS Advertising was: Re: Renaissance of VAX-VMS ?I Message-ID: <9pfTb.121581$fgk.26756@news01.bloor.is.net.cable.rogers.com>e   Barry Treahy, Jr. wrote: > Didier Morandi wrote:s >, >> Barry Treahy, Jr. wrote:t >>H >>> You're hoping for something here, which returns us full circle to myC >>> original comment being, that if you have facts and details, youhF >>> wouldn't need to hope that HP would come to concede or discuss new6 >>> revelations related to the future of VMS on VAX... >> >>E >> You did not get me. What I'm saying is that HP France today has nodE >> serious answer to the VAX/VMS obsolescence issue. The Symposium is $ >> aimed at getting answers from HP. > G > Perhaps I'm missing something, I'll give you that much, but I am veryoG > skeptical that HP France will offer a long term VAX/VMS solution that D > differs from the rest of the world - Yes, I understand that VAX isD > still prevalent in Europe, but Compaq and HP are/were PC companiesG > who I'm convinced haven't a clue about mid-range systems and the factlG > that HP is working on the second VMS port since VAX, I really believey	 > you are F > hoping and expecting too much from a platform that was signed off asF > dead in 1999;  That death notice was worldwide, not just the US with) > last ordering ending in September 2000.m >kF >> All heavy VAX/VMS users I personally met told me that HP's positionG >> is "we will help you to migrate to i64". But how??? They do not haven >> a professional behaviour. > D > I can't speak for that other than to fall back on my prior comment > thatH > HP is clueless - My attempts this past winter to repurchase new sourceH > listings for VAX/VMS, it took weeks to find someone that had a clue as# > to what I was even talking about.h >  >> >> Why?l >>F >> 1. There is nearly noone from DEC still working at HP France today,E >> but a few old timmers with whom I used to work 20 years ago in the  >> TSC.w >rG > CQ Palmer killed Digital in 1998, so unless they moved to Compaq, andlC > then HP, and could tow the Wintel line, this does not catch me by  > surprise.b >h >>= >> 2. HP Corp suggests for example to replace Allen Bradley's G >> Interchange Manufacturing Software with Basestar. Good. How will theyG >> Customer do that? Replace is PRO-DUC-TION software with another one.hB >> By magic? No answer from HP (and no answer so far from Rockwell >> either, btw). >rH > This really isn't a issue for HP but rather the CNC integrator or VAR.H > I could equally complain about how the old 1980's Calma Clam Shell CADH > stations were left stranded and now HP must migrate those but it isn'tD > their responsibility that someone might have ignored the fact thatE > other solutions came to market, or that the hardware it was running @ > on was obsolete and EOL'd  - This is up to the integrator/VAR. >nH > Again, the death of VAX is not new and yes, Charon-VAX can be a viableG > solutions in many ways, but does that require the future and on-going>E > development of VMS for Charon to be successful?  I think not.  LookyC > how many sites parked at VMS 5.5-2 and ran there for years beforeXH > decommissioning.  I suspect that VMS 7.2 or 7.3 will once again becomeF > one of those parking versions for VAX/VMS, though I have no facts orE > insider details,  but for VAX those versions are stable considering G > that VMS will not have functional parity with Alpha or IA64, nor wills > therefB > any any more future VAX hardware enhancements since they stopped% > selling it almost four years ago...  >, >>D >> 3. HP France does not communicate on VMS (on OpenVMS i64 neither,G >> actually). There is a black hole, and our intention with VAXUS is tocC >> shake the coconuts tree, Barry, not to sell FutureVAX. And if bydB >> chance the Field understands that the FutureVAX may be the goodH >> solution (I personally do not see others), that's fine to me as I'm aF >> reseller and I have probably like you a wife, children and a house. >IB > News flash, HP US does not communicate/advertise VMS ether, this> > isn't a bias against France :-) they just do not market VMS.    K In the local paper this week (still looking for url), it was mentioned thatoJ the auto industry in North America (Canada & US combined) spent an averageC of $677 in advertising costs (that's just media buys - ie. space in K newspapers, magazines, billboards, TV, and radio) per vehicle sold in 2002.pA This is in addition to to trade show and other promotional costs.o  2 HP doesn't spend $677 in total on VMS advertising.   ------------------------------   End of INFO-VAX 2004.064 ************************