0 INFO-VAX	Wed, 21 Jan 2004	Volume 2004 : Issue 41      Contents: Re: 500.000 AMD64's shipped... Re: 500.000 AMD64's shipped...A Re: bill gates introduce latest technologies at conference  [not] A Re: bill gates introduce latest technologies at conference  [not] C Event - UK - OpenVMS 8.1 being installed and configure on Itanium 2 % Re: How to do Bootable Image Backup ? % Re: How to do Bootable Image Backup ? % Re: How to do Bootable Image Backup ? % Re: How to do Bootable Image Backup ? % Re: How to do Bootable Image Backup ? % RE: How to do Bootable Image Backup ? @ How to limit access to production data from non-production code?D Re: How to limit access to production data from non-production code?D Re: How to limit access to production data from non-production code?D Re: How to limit access to production data from non-production code?B Re: Intel to chip away at Itanium prices <- or ... I want my cheap Re: Kerberos login on VMS  Re: Kerberos login on VMS  Re: Kerberos login on VMS D Re: latest Linux kernel patch of the week - VMS after 25 years stillP Re: latest Linux kernel patch of the week - VMS after 25 years still superior toP RE: latest Linux kernel patch of the week - VMS after 25 years still superior toP Re: latest Linux kernel patch of the week - VMS after 25 years still superior to( Re: Pathworks Macintosh, OS-X & Printing Plug: txt2pdf 7.1  Re: remove DECnet OSI ?  Re: remove DECnet OSI ?  Re: The ghost of VAX-C past...@ Re: The Register: OpenVMS among most-secure of operating systems@ Re: The Register: OpenVMS among most-secure of operating systems@ RE: The Register: OpenVMS among most-secure of operating systems@ Re: The Register: OpenVMS among most-secure of operating systems@ Re: The Register: OpenVMS among most-secure of operating systems6 RE: TPU code to replace a string ignoring line breaks?< Users welcome HP's commitment to long-term future of OpenVMS< Users welcome HP's commitment to long-term future of OpenVMS VAXUS: Call for Chapters Re: VAXUS: Call for Chapters( Re: VMS question regarding SMTP headers.( Re: What type of memory is used in DS10?  What's new at Motifdeveloper.com Where is XML generator for VMS?   F ----------------------------------------------------------------------  % Date: Wed, 21 Jan 2004 08:12:39 +0100 ( From: "Rudolf Wingert" <win@fom.fgan.de>' Subject: Re: 500.000 AMD64's shipped... : Message-ID: <MCELKPMOKPMNDNKJNIONGEGFCJAA.win@fom.fgan.de>   Hello,   Andrew Harrison wrotes:    >>> ' V440 with 4 CPU's 16GB of RAM = $25,995  <<<   P $25,995, is this the price for the memory, or is this computer EOL. As we boughtM that one with F&L conditions, we did pay more than 125.000,00DM, that's about ! $75.000. $25.000 was memory only.    Best regards Rudolf Wingert    ------------------------------  % Date: Wed, 21 Jan 2004 16:05:00 +0000 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> ' Subject: Re: 500.000 AMD64's shipped... 0 Message-ID: <bum80v$amn$1@new-usenet.uk.sun.com>   Rudolf Wingert wrote:  > Hello, >  > Andrew Harrison wrotes:  >  > ) > V440 with 4 CPU's 16GB of RAM = $25,995  > <<<  > R > $25,995, is this the price for the memory, or is this computer EOL. As we boughtO > that one with F&L conditions, we did pay more than 125.000,00DM, that's about # > $75.000. $25.000 was memory only.  >  > Best regards Rudolf Wingert  >    Try > http://store.sun.com/catalog/doc/BrowsePage.jhtml?catid=104994    7 You will se that the 440 with 16 GB of RAM costs $25995 7 Who knows where your figures come from but they are not  what you would pay for a V440.     Regards  Andrew Harrison    ------------------------------  % Date: Wed, 21 Jan 2004 08:36:02 +0000 * From: Nic Clews <sendspamhere@[127.0.0.1]>J Subject: Re: bill gates introduce latest technologies at conference  [not]' Message-ID: <buldlv$5q1$1@lore.csc.com>    JF Mezei wrote:  > P > BBC's "Click on Line" programme last week had a report on Comdex or some otherM > very large electronics show. Microsoft had a "house" and wanted to convince P > everyone that you'd have a PC running all the entertainment in your home, from > the TV, Radio etc. > I > Interesting how Carly has been toeing the Microsoft line recently, also L > talking about the future being in the home entertainment centre where a PC? > will handle everything from TV, movies, pictures, sounds etc.  > J > If Microsoft can convince the satellite receiver companies to open theirO > architectures and let a PC get the raw MPEG feed from the satellite so it can P > record it on its own hard drives, then perhaps that would be a good thing. ButN > that would open up a whole debate similar to MP3s stealing sales. One personL > pays the $5.00 to get the right to watch a pay per view movie, and half anO > hour after the movie, the whole movie is on a web site ready to be downloaded $ > for free by the rest of the world.  F What they forgot to mention was it would be based around the PalladiumE architecture, so while you're sitting snugly in this wonderful house, F before you know it, Micro$oft will have removed your shoes, locked allG the doors and windows (pun intended), and with the aid of retinal scans H make pretty damn sure you're watching what they want you to watch (or be otherwise entertained by).  J http://www.microsoft.com/presspass/features/2002/jul02/0724palladiumwp.asp  G (The wonderful world it's going to be, plus a name change to a sequence $ of words I've seen somewhere before)  1 http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html   H (A more realistic view of what is being 'offered'. It also has some very0 interesting views on what security actually is.)  ? So did that Comdex report mention any of that? No? Funny, that.    --  ? Regards, Nic Clews a.k.a. Mr. CP Charges, CSC Computer Sciences  nclews at csc dot com    ------------------------------  % Date: Wed, 21 Jan 2004 05:04:51 -0500 * From: JF Mezei <jfmezei.spamnot@istop.com>J Subject: Re: bill gates introduce latest technologies at conference  [not]) Message-ID: <400E4EBB.2F68E53C@istop.com>    Nic Clews wrote:L > http://www.microsoft.com/presspass/features/2002/jul02/0724palladiumwp.asp  H About as devoide of content and credibility as bliar/straw/bush/rumsfeld speaches about WMD:-)   3 > http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html   N Wow, that is more meat and potatoes. Microsoft would be absolutely crazy to go> ahead with this. This would give Linux the big boost it needs.  M Thankfully, I doubt Big Brother will send Fred Kleinsorge to install a Fritza $ chip onto my all mighty microvax II.  M Where this may fail is with laptops. If they lose functionality when they are @ nopt connected to the internet, then people won't tolerate this.   ------------------------------    Date: 21 Jan 2004 10:27:36 -08001 From: susan_skonetski@hotmail.com (Sue Skonetski) L Subject: Event - UK - OpenVMS 8.1 being installed and configure on Itanium 2; Message-ID: <857e9e41.0401211027.6cc297@posting.google.com>   F Come and see OpenVMS V8.1 being installed and configured on an Itanium 2  (RX2600) system.  F The HP User Group in the UK have a meeting at HP in Bristol on the 3rd? Feb. 2004. The hands-on seminar is being given by Colin Butcher B (XDelta Limited) and Ray Turner (HP pre-sales OpenVMS Ambassador).Q Details at http://www.hp-interex.org/site/cms/contentviewarticle.asp?article=2095   E The day will finish with Martin Riley (AlphaServer Business Manager), A a long-time OpenVMS advocate who originally started in Digital by B teaching RSX and RSTS to engineers. Martin is part of the BusinessB Critical Servers division and will be speaking about "The BCS long term strategy for the future".   ------------------------------  % Date: Wed, 21 Jan 2004 07:45:25 +0100 " From: Didier Morandi <no@spam.com>. Subject: Re: How to do Bootable Image Backup ?3 Message-ID: <400e2086$0$7157$626a54ce@news.free.fr>    William Webb wrote:   D >At the risk of being argumentative, you most certainly can boot VMS' >(VAX) from a tape.  Alpha systems, no.  > K See http://h71000.www7.hp.com/doc/73final/documentation/PDF/750_INSTALL.pdf   4.1.4 I It is the standalone backup image that you can boot from a tape, not VMS.    > F >I shall not discuss 9-tracks in this thread- some things are just too) >painful to relate once you've done them.  > A As David said, it was much faster and reliable to boot from a TU.    D.   ------------------------------  % Date: Wed, 21 Jan 2004 09:06:41 -0500 + From: "Martin O'Connor" <moconnor@dvfs.com> . Subject: Re: How to do Bootable Image Backup ?9 Message-ID: <bum11g$j3bkq$1@ID-118202.news.uni-berlin.de>   ] "Didier Morandi" <no@spam.com> wrote in message news:400e2086$0$7157$626a54ce@news.free.fr...  :  :  : William Webb wrote:  : F : >At the risk of being argumentative, you most certainly can boot VMS) : >(VAX) from a tape.  Alpha systems, no.  : > M : See http://h71000.www7.hp.com/doc/73final/documentation/PDF/750_INSTALL.pdf 	 :  4.1.4 K : It is the standalone backup image that you can boot from a tape, not VMS.  :  : > H : >I shall not discuss 9-tracks in this thread- some things are just too+ : >painful to relate once you've done them.  : > C : As David said, it was much faster and reliable to boot from a TU.  :  : D. : E The most painful had to be the boot device on teh VAX 11/750 (TU58?).   d I once booted standalone backup (3 tapes IIRC)  and was typing in the backup command which pages thec backup image off of the tape. My co-worker proceeded to pull the tape out since the standalone boot + was done. We then had to start over <sigh>.    Marty    ------------------------------    Date: 21 Jan 2004 08:10:14 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) . Subject: Re: How to do Bootable Image Backup ?3 Message-ID: <Pj34+0fHd42K@eisner.encompasserve.org>   n In article <d5ce4b06.0401201255.70dadee2@posting.google.com>, al5vf03p02@sneakemail.com (William Webb) writes: > E > At the risk of being argumentative, you most certainly can boot VMS ( > (VAX) from a tape.  Alpha systems, no. > 4 > Many VAXen required this in order to install VMS.   C    Guess again.  VAXen booted Standalone Backup from tape, not VMS.    ------------------------------    Date: 21 Jan 2004 08:11:26 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) . Subject: Re: How to do Bootable Image Backup ?3 Message-ID: <GXSUThwsziZW@eisner.encompasserve.org>   y In article <400DFC37.370AA386@NeOaSrPtAhMlNiOnWk.net>, "David J. Dachtera" <djesys.nospam@NeOaSrPtAhMlNiOnWk.net> writes:  > J > Really? In my (distant past) experience, booting SABKUP from 9-track was- > "lightning fast" as compared to TK50... ;-)   A    You should try it a few times from 8 inch floppies.  Or those 3    cartridge tapes that were built into the 11/750.       Yes, 9-track can be fast.   ------------------------------    Date: 21 Jan 2004 15:26:37 +0100C From: vaxinf@chclu.chemie.uni-konstanz.de (Eberhard Heuser-Hofmann) . Subject: Re: How to do Bootable Image Backup ?- Message-ID: <400e8c1d$1@news.uni-konstanz.de>   3 In article <GXSUThwsziZW@eisner.encompasserve.org>, = koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: K >In article <400DFC37.370AA386@NeOaSrPtAhMlNiOnWk.net>, "David J. Dachtera" / ><djesys.nospam@NeOaSrPtAhMlNiOnWk.net> writes:  >>  G >> Really? In my (distant past) experience, booting SABKUP from 9-track  >was. >> "lightning fast" as compared to TK50... ;-) > B >   You should try it a few times from 8 inch floppies.  Or those  . 8 1/2 inch floppies??? 1/2 inch enlargement...  4 >   cartridge tapes that were built into the 11/750. >  >   Yes, 9-track can be fast.  >  >    eberhard   ------------------------------  % Date: Wed, 21 Jan 2004 06:37:13 -0800 # From: "Tom Linden" <tom@kednos.com> . Subject: RE: How to do Bootable Image Backup ?9 Message-ID: <NDEMLKKEBOIFBMJLCECIIEBDCLAA.tom@kednos.com>      -----Original Message-----   From: Eberhard Heuser-Hofmann .   [mailto:vaxinf@chclu.chemie.uni-konstanz.de]+   Sent: Wednesday, January 21, 2004 6:27 AM    To: Info-VAX@Mvb.Saic.Com 0   Subject: Re: How to do Bootable Image Backup ?      5   In article <GXSUThwsziZW@eisner.encompasserve.org>, ?   koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: C   >In article <400DFC37.370AA386@NeOaSrPtAhMlNiOnWk.net>, "David J.    Dachtera" 1   ><djesys.nospam@NeOaSrPtAhMlNiOnWk.net> writes:    >>I   >> Really? In my (distant past) experience, booting SABKUP from 9-track    >was0   >> "lightning fast" as compared to TK50... ;-)   > D   >   You should try it a few times from 8 inch floppies.  Or those  0   8 1/2 inch floppies??? 1/2 inch enlargement.... Yes, you can order the pills off the internet.  6   >   cartridge tapes that were built into the 11/750.   >    >   Yes, 9-track can be fast.    >    >   
   eberhard     --- (   Incoming mail is certified Virus Free.<   Checked by AVG anti-virus system (http://www.grisoft.com).A   Version: 6.0.560 / Virus Database: 352 - Release Date: 1/8/2004    --- & Outgoing mail is certified Virus Free.: Checked by AVG anti-virus system (http://www.grisoft.com).? Version: 6.0.560 / Virus Database: 352 - Release Date: 1/8/2004    ------------------------------    Date: 21 Jan 2004 02:04:48 -0800" From: markdiaz@aol.com (Mark Diaz)I Subject: How to limit access to production data from non-production code? = Message-ID: <6f62d61c.0401210204.69d0c18b@posting.google.com>   F We have three directory trees for our application on VMS 6.2, one eachE for development, user-testing, and production. We  have  logical name ? tables and command procedures that allow changing between these 9 environments. We also have production and test databases.   F The developers are allowed to write into the user-testing directories,C and naturally, the end-users are allowed to set themselves into the & user-test environment to try new code.  F The history here is the developers would put new code in the user-test> environment and the users would test it against the productionC database. This is easy to audit for after the fact, but I'd like to  prevent it.   = The developers could put something like this in the user-test  directories C which would allow access by an end-user to the production databases $ from other than the production code:  4 $ ENVIRONMENT PROD  ! invokes DCL to set environment; $ RUN DISK3:[CODEQA]MYPROGRAM.EXE ! runs EXE from user-test   > It's like I want to install the production executables with anC identifier and use the database security (DBMS) or directory ACL to - only allow access if that identifier is held.   ' Any ideas would be greatly appreciated.    Regards,	 Mark Diaz  markdiaz@aol.com   ------------------------------  % Date: Wed, 21 Jan 2004 10:43:26 -0000 * From: "Richard Brodie" <R.Brodie@rl.ac.uk>M Subject: Re: How to limit access to production data from non-production code? + Message-ID: <bull4f$kom@newton.cc.rl.ac.uk>   / "Mark Diaz" <markdiaz@aol.com> wrote in message 7 news:6f62d61c.0401210204.69d0c18b@posting.google.com...   @ > It's like I want to install the production executables with anE > identifier and use the database security (DBMS) or directory ACL to / > only allow access if that identifier is held.   E Sounds to me like you should check the "Protected Subsystems" chapter  in the security manual.    ------------------------------  % Date: Wed, 21 Jan 2004 06:42:23 -0500 * From: JF Mezei <jfmezei.spamnot@istop.com>M Subject: Re: How to limit access to production data from non-production code? ( Message-ID: <400E6590.39078E7@istop.com>   Mark Diaz wrote:7 >> $ ENVIRONMENT PROD  ! invokes DCL to set environment = > $ RUN DISK3:[CODEQA]MYPROGRAM.EXE ! runs EXE from user-test   H You can define 3 groups of users (by using the group portion of the UIC.  K Then, you define 3 sets of logicals that belong to each of the 3 groups. So M when userX who belongs to group 2 logs in, he has his group logicals pointing  to the test environment.  I You can change the application to look for logical in the LNM$GROUP table N only, so if a user tries to override the group logicals to point to an area heK is not supposed to be in, then the application won't use those logocals and 2 continue to use the ones that belong to his group.  L You can also create 3 identifiers with authorize. One for prod, one for testL and one for development. YOu then use the GRANT command in AUTHORIZE to give@ individual users the rights to one or more of these identifiers.  L In the directories, you assign and ACL that grants access to holders of thatK rights identifier. You then make the files owned by a neutral user for each G group. This way, development people will have access to all their files L tranparently, but will not be able to touch other people's files in the test or prod environments.   M You can then grant one trusted user in the development group to have both the N dev and test identifiers which means that he will be able to copy files to and from test and dev.   ------------------------------    Date: 21 Jan 2004 09:12:54 -0600- From: Kilgallen@SpamCop.net (Larry Kilgallen) M Subject: Re: How to limit access to production data from non-production code? 3 Message-ID: <UwjHH8dPz2S4@eisner.encompasserve.org>   b In article <6f62d61c.0401210204.69d0c18b@posting.google.com>, markdiaz@aol.com (Mark Diaz) writes:H > We have three directory trees for our application on VMS 6.2, one eachG > for development, user-testing, and production. We  have  logical name A > tables and command procedures that allow changing between these ; > environments. We also have production and test databases.   D The only ways to _really_ prevent the programmers from accessing the+ production data in such an environment are:   6 	Use Mandatory Access Controls (SEVMS in the VMS case)    or 4 	Put production and development on separate clusters  @ Despite the extra hardware cost, the second approach is probably cheaper.  @ Unless you fully isolate the developers from the production data@ using one of the above techniques, there is nothing to keep them> from inserting some trojan horse code into the next version of? the application so as to gain access.  And that _might_ be done B with full (first level) management approval to "get the job done".   ------------------------------  % Date: Wed, 21 Jan 2004 16:39:37 +0000 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> K Subject: Re: Intel to chip away at Itanium prices <- or ... I want my cheap 0 Message-ID: <buma1s$bdm$1@new-usenet.uk.sun.com>   Rob Young wrote: > In article <bujq7s$ekq$1@new-usenet.uk.sun.com>, Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes: >  >>Fabio Cardoso wrote: >> >>>Click >>> < >>>http://news.com.com/2100-1006_3-5140486.html?tag=nefd_top >>> >>>Because Itanium can provide more performance than Xeon, theI >>>elimination of the current, often substantial, price discrepancy could F >>>then permit Itanium to become Intel's principal server offering. IfH >>>successful, the strategy could allow Intel to begin to phase out Xeon >>>after 2006. >>>  >>= >>Well Itanium's roadmaps may predict better performance than = >>Xeon but currently Xeon outperforms Itanium on integer apps 0 >>which is what the majority of servers require. >  >  > C > 	Depends which vendor you are looking at.  I see 1322 SpecInt2000 < > 	for an Itanium.  I don't see a Xeon as high.  I do see an> > 	Extreme Edition P4 (cut down Xeon) at 1464 base /1503 peak. >   1 Still a Xeon as you know and also an IA32 system. $ You are clutching at staws as usual.   > 8 >>It is true that Itanium does outperform Xeon on FP but7 >>this has very little impact on the market, ironically 5 >>one of the areas where FP is important outside HPC, 5 >>gaming is a no go area for Itanium for very obvious 
 >>reasons. >  >  > A > 	I think it outperforms it at integer too.  Unless there is one A > 	out there that I scrolled past.  They certainly aren't jumping E > 	right out at me higher than 1322 with Xeon as a model.  Reference?  >   7 No it doesn't you were clutching at staws remember, you 5 didn't honestly think that your redefinition of P4 EE + as a non Xeon processor would help did you.    > : >>So until Itanium does deliver better integer perfromance3 >>than Xeon the "can" should be changed to "might".  >> >  >  > 	Does, as far as I can tell. >   4 Again you assume that your first point was valid, it3 wasn't. Its suprising that bitter experience hasn't 3 taught you that building your whole case on a point 2 that falls at the first hurdle isn't a good recipe for winning an argument.  D > 	But more importantly, it outperforms Xeon at database operations.D > 	Quite substantially in many cases.  I'd argue database operations@ > 	(however you measure those) are a better metric for a server. >   / Since you only have TPC-C to base this claim on  lets examine it on that basis.  7 And what do we find,  more hyperbola. A 2 way Xeon does % 54,097 TPC TPM at a cost of $3.77/TPM   8 There arn't any 2 way Itanium results but a 4 way rx56702 does 121,065 using the same database at $4.4.9/TPM  3 Hardly a substantial per CPU advantage but then its 1 not a very good benchmark anyway so lets just say 6 that you have no worthwhile data on which to base your point so we can strike it.   Regards  Andrew Harrison    ------------------------------  % Date: Wed, 21 Jan 2004 09:30:40 +0100 % From: "Fred Zwarts" <F.Zwarts@KVI.nl> " Subject: Re: Kerberos login on VMS. Message-ID: <bulcp2$c6b$1@info.service.rug.nl>  ; "Wayne Morrison" <Wayne.Morrison@hp.com> wrote in message =   news:400DC15D.D41317FB@hp.com... > Fred Zwarts wrote: > >=20G > > We have two OpenVMS clusters, several Linux systems and a Windows =  domain, J > > each with their own password database. For the users it is difficult = toI > > remember when to use each password. Therefore, we would like to use =  one I > > kerberos server and configure all these systems as clients, so that =  at the4 > > normal login, the kerberos password can be used.J > > Can this be done with the normal terminal and DECwindows login under = OpenVMS?H > > Where should I start reading to learn how to configure our OpenVMS = clusters, > > to use kerberos for user authentication?J > > We have mixed architecture clusters with OpenVMS 7.3 (VAX) and 7.3-1 = (Alpha). > >=20 > > F.Z. >=20J > You can't quite do all of this today, but you will be able to do so in = the near< > future.  We are currently hoping to ship a Kerberos ACME = (Authentication and D > Credential Management) agent with OpenVMS V8.2.  This will allow = exactly the ' > scenario that you describe above. =20   G And if we use LDAP instead of Kerberos? Is that available already for =  VAX and Alpha?  / > On the Linux side, you'll need to use PAM.=20 H > See http://www.kernel.org/pub/linux/libs/pam/modules.html for a list = of LinuxH > PAM modules.  Any version of Windows server more recent than Windows = NT uses G > Keberos for authentication.  It's possible to make Windows Kerberos =  and MIT D > Kerberos (used by OpenVMS) interoperate, although it tends to be =
 tricky.=20E > There's a good description on how to do that on the Microsoft web =  site.    Could you provide a URL?   >=20 > Wayne Morrison  > Kerberos & CDSA Project Leader > OpenVMS Engineering    F.Z.   ------------------------------  + Date: Wed, 21 Jan 2004 12:10:27 +0000 (UTC)  From: david20@alpha2.mdx.ac.uk" Subject: Re: Kerberos login on VMS) Message-ID: <bulq7j$epb$2@news.mdx.ac.uk>   U In article <400DC15D.D41317FB@hp.com>, Wayne Morrison <Wayne.Morrison@hp.com> writes:  >Fred Zwarts wrote:  >>  L >> We have two OpenVMS clusters, several Linux systems and a Windows domain,J >> each with their own password database. For the users it is difficult toJ >> remember when to use each password. Therefore, we would like to use oneM >> kerberos server and configure all these systems as clients, so that at the 3 >> normal login, the kerberos password can be used. P >> Can this be done with the normal terminal and DECwindows login under OpenVMS?N >> Where should I start reading to learn how to configure our OpenVMS clusters+ >> to use kerberos for user authentication? P >> We have mixed architecture clusters with OpenVMS 7.3 (VAX) and 7.3-1 (Alpha). >>   >> F.Z.  > P >You can't quite do all of this today, but you will be able to do so in the nearM >future.  We are currently hoping to ship a Kerberos ACME (Authentication and M >Credential Management) agent with OpenVMS V8.2.  This will allow exactly the $ >scenario that you describe above.    M Damn. I thought this was one of the features which was included in VMS 7.3-2.   
 David Webb VMS and Unix team leader CCSS Middlesex University  , >On the Linux side, you'll need to use PAM. N >See http://www.kernel.org/pub/linux/libs/pam/modules.html for a list of LinuxM >PAM modules.  Any version of Windows server more recent than Windows NT uses L >Keberos for authentication.  It's possible to make Windows Kerberos and MITJ >Kerberos (used by OpenVMS) interoperate, although it tends to be tricky. H >There's a good description on how to do that on the Microsoft web site. >  >	Wayne Morrison  >	Kerberos & CDSA Project Leader >	OpenVMS Engineering    ------------------------------   Date: 21 Jan 2004 12:32:10 GMT< From: gartmann@non.immunbio.mpg.de.sens (Christoph Gartmann)" Subject: Re: Kerberos login on VMS0 Message-ID: <bulrga$qdf$1@n.ruf.uni-freiburg.de>  V In article <bulcp2$c6b$1@info.service.rug.nl>, "Fred Zwarts" <F.Zwarts@KVI.nl> writes:J >> > remember when to use each password. Therefore, we would like to use = >oneJ >> > kerberos server and configure all these systems as clients, so that = >at the 5 >> > normal login, the kerberos password can be used. K >> > Can this be done with the normal terminal and DECwindows login under = 	 >OpenVMS? I >> > Where should I start reading to learn how to configure our OpenVMS = 	 >clusters - >> > to use kerberos for user authentication? K >> > We have mixed architecture clusters with OpenVMS 7.3 (VAX) and 7.3-1 = 	 >(Alpha).   K Multinet contains Kerberos stuff. I never used it but a quick look into the > manual gave me the impression that it might do what you want.    Regards,    Christoph Gartmann    --  E  Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452   ImmunbiologieI  Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de   D-79011  Freiburg, Germany 9                http://www.immunbio.mpg.de/home/menue.html    ------------------------------  % Date: Wed, 21 Jan 2004 07:21:49 -0600 ( From: Wayne Sewell <wayne@tachysoft.com>M Subject: Re: latest Linux kernel patch of the week - VMS after 25 years still / Message-ID: <00A2C377.B2A977C1.1@tachysoft.com>   ) >From: David Froble <davef@tsoft-inc.com>  >X-Newsgroups: comp.os.vmsN >Subject: Re: latest Linux kernel patch of the week - VMS after 25 years still& >Date: Tue, 20 Jan 2004 23:33:41 -0500     >  >Wayne Sewell wrote: >  > Q >> There are a few zero-content vms bashers that I filter, but this is the *only* % >> poster I filter that is *pro* vms.  >  > : >You don't read the cartoons in the newspaper either?  :-) >     M Nah, but I do have some Three Stooges movies on DVD.  I can watch one of them < if I really want to see a pie fight.  The pie fights here inH comp.os.vms/info-vax go on too long, and the pies from sun have inferior meringue anyway.  :-)    Wayne O =============================================================================== N Wayne Sewell, Tachyon Software Consulting  (281)812-0738   wayne@tachysoft.com; http://www.tachysoft.com/www/tachyon.html and wayne.html    O =============================================================================== B Jed Clampett, checking into hotel: "This place got a cement pond?", 	Ellie May: "And do yuh let critters in it?"   ------------------------------  % Date: Wed, 21 Jan 2004 08:43:53 +0100 ( From: "Rudolf Wingert" <win@fom.fgan.de>Y Subject: Re: latest Linux kernel patch of the week - VMS after 25 years still superior to : Message-ID: <MCELKPMOKPMNDNKJNIONCEGGCJAA.win@fom.fgan.de>   Hello,  I the most one of LINUX and many of other OS manger do spend less money for O security. They hope, that this will never be a problem for him/her. They ignore H the cost of security break. What's happen, if a normal user will destroyG important data in case of a security whole. Who do pay for that. If any P systemmanger have to pay for destroyed data and downtime, they will look for theO most secure OS (I think this will be OpenVMS, but only without any UNIX waste).    Best regards Rudolf Wingert    ------------------------------  + Date: Wed, 21 Jan 2004 12:01:06 +0000 (UTC)  From: david20@alpha2.mdx.ac.ukY Subject: RE: latest Linux kernel patch of the week - VMS after 25 years still superior to ) Message-ID: <bulpm2$epb$1@news.mdx.ac.uk>   | In article <FD827B33AB0D9C4E92EACEEFEE2BA2FB237F76@tayexc19.americas.cpqcorp.net>, "Main, Kerry" <kerry.main@hp.com> writes: >  >  >Bill, > ; >Re: your contention that security does not sell anymore ..  > C >That might be your personal observation, but that is certainly not F >supported by others. As an example, the folowing article is from SeptF >2002, but given that more Customers are worried about security than a= >year ago, its hard to imagine these numbers dropping at all:  > 7 >http://news.com.com/2100-1001-957364.html?tag=3Dfd_top & >"Survey: Security budgets on the rise0 >Last modified: September 10, 2002, 12:57 PM PDTB >A report released Tuesday found that more than half the companiesE >surveyed had increased their information-security budget in the past C >year, in many cases at the expense of other parts of their overall  >technology budget.=20 > I >The report, conducted by market researcher Vista Research in partnership C >with survey firm Harris Interactive, also found that 12 percent of I >respondents had a significant security breach or major fraud in the past  >year. >   M Unfortunately this spend is NOT being spent on more secure operating systems. I Instead people are trying to bolt on security to their insecure operating 
 systems by  K 1) Trying to automate patching of Microsoft products using SUS , Tivoli etc M 2) Trying to automate application of Anti-virus solutions to their vulnerable     desktop and server systems.< 3) Trying to secure their network connections by installing &    Firewalls, IDS , VPNs , logging etc  D The amount being spent by organisations is truly gigantic but at theK moment there isn't a push for replacing the insecure operating systems with O more secure alternatives because the insecure operating systems are so embedded O in the businesses. Adding in Network security should theoretically increase the K security of ALL your systems whereas installing a new application on a more O secure OS only secures that one server and application and means you still have ? to spend on network security anyway to protect everything else. E (Also certain parts of that network security spend eg on Firewalls is 1 complementary to the host based security anyway).     
 David Webb VMS and Unix team leader CCSS Middlesex University   >  >Regards >  >Kerry Main  >Senior Consultant >HP Services Canada  >Voice: 613-592-4660 >Fax: 613-591-4477 >Email: kerryDOTmainAThpDOTcom/ >(remove the DOT's and AT for email address)=20    ------------------------------   Date: 21 Jan 2004 15:16:01 GMT( From: bill@cs.uofs.edu (Bill Gunshannon)Y Subject: Re: latest Linux kernel patch of the week - VMS after 25 years still superior to 9 Message-ID: <bum53h$j018a$1@ID-135708.news.uni-berlin.de>   R In article <FD827B33AB0D9C4E92EACEEFEE2BA2FB237F76@tayexc19.americas.cpqcorp.net>,* 	"Main, Kerry" <kerry.main@hp.com> writes: >  >>=20 A >> The biggest selling points people keep making about VMS are=20 > >> security and stability.  Sadly for VMS, most modern Unix=20C >> systems are just as stable and can easily stay up long enough=20 < >> for the hardware to become obsolete and need replacing=20B >> anyway.  That leaves security.  It really looks like that is=20= >> selling iceboxes to eskimos.  If the operators of Linux=20 B >> systems (and I would wager there are a few more of them than=20< >> VMS systems today) aren't willing to put in the effort=20B >> (relatively free as someone else did all the work) to secure=20> >> their systems what would make anyone think they might be=20B >> willing to actually pay premium prices for an OS that offers=20? >> the same thing (relatively speaking)?  Right or wrong, it=20 - >> seems that security doesn't sell any more.. >>=20  >  > Bill,' > < > Re: your contention that security does not sell anymore .. > D > That might be your personal observation, but that is certainly notG > supported by others. As an example, the folowing article is from SeptuG > 2002, but given that more Customers are worried about security than ae> > year ago, its hard to imagine these numbers dropping at all: > 8 > http://news.com.com/2100-1001-957364.html?tag=3Dfd_top' > "Survey: Security budgets on the rise 1 > Last modified: September 10, 2002, 12:57 PM PDT-C > A report released Tuesday found that more than half the companies-F > surveyed had increased their information-security budget in the pastD > year, in many cases at the expense of other parts of their overall > technology budget.=20  > J > The report, conducted by market researcher Vista Research in partnershipD > with survey firm Harris Interactive, also found that 12 percent ofJ > respondents had a significant security breach or major fraud in the past > year.   E Yes, but what are they investing in?  Real security or the appearancexD of security?  Are they actually securing systems or hiring "securityI experts" who pump out reports and suggestions that never get implemented.oF We have people here looking at security now.  So far most of what theyB have done has only accomplished inconveniencing those who actuallyG use our network resources and in some cases, their actions have had the A exact opposite effect from what they claim it was supposed to do.E  F And in the meantime, the VMS footprint continues to reduce as more and+ more operations are moved to Windows boxes.g  F Linux could be made more secure right out of the box by merely foldingG the NSA work into the base kernel tree.  No one in the Linux camp seemsPH to be interested.  Nad apparently, there is no clamor from the user base asking that it be done.O   Sad really.C   bill   -- sJ Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolvesD bill@cs.scranton.edu     |  and a sheep voting on what's for dinner. University of Scranton   |A Scranton, Pennsylvania   |         #include <std.disclaimer.h>   -   ------------------------------   Date: 21 Jan 2004 08:47:27 GMT< From: gartmann@non.immunbio.mpg.de.sens (Christoph Gartmann)1 Subject: Re: Pathworks Macintosh, OS-X & PrintingA0 Message-ID: <buleav$li4$4@n.ruf.uni-freiburg.de>  j In article <harris-865A1D.19115620012004@cacnews.cac.cpqcorp.net>, Bob Harris <harris@zk3.dec.com> writes:1 >In article <bujktt$4gs$1@n.ruf.uni-freiburg.de>, ? > gartmann@non.immunbio.mpg.de.sens (Christoph Gartmann) wrote:  >.	 >> Hello,0 >> mP >> Pathworks for Macintosh (MSA) under OpenVMS 7.3-1. We have some printers thatP >> are connected to our VMS-cluster. In order to make these available to the Mac3 >> users we MSA. Now the following problem occured:5< >> - we have a colour printer with a corresponding VMS queue4 >> - we have a print service in MSA for this printerK >> - Macs using OS9 or earlier select this printer in their chooser and are9 >>   able to printJ >> - Macs running OS-X may define this printer and send files but no file 
 >> arrives >>   under VMS) >> - there is no error message at the Mact! >> - at the VMS console we see a sA >>      %MSAP-E-PAPCONN, connection gone status 65446498 on ref 1p >> What we tried:tJ >> - printing from OS-X to other MSA printers, most of them show the same  >> problem,s2 >>   some don't but we don't see any logic in thisN >> - installed a packet sniffer. A successfull transfer is almost identical toN >>   an unsuccessfull one, at the end there is a minor difference that I don't >>   understandnG >> - Used different PPDs on the Mac for the same printer, no differenceg >> t >> Any other ideas?e >> - >> Regards,q >>    Christoph Gartmann >i >oD >Is Mac OS X attempting to use AppleTalk to connect to the printers?  
 Yes, it does.h  F >Does OpenVMS include an LPR server?  If so, then arrange for the LPR H >server to offer up the printers, and have the Mac OS X systems talk to  >the LPR server instead.  M This is indeed an option. The drawback is that the OS-X users cannot scan then4 network for printers as they are used to (from OS9).   Regards,    Christoph Gartmann    -- hE  Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452o  ImmunbiologieI  Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de   D-79011  Freiburg, Germany 9                http://www.immunbio.mpg.de/home/menue.htmls   ------------------------------    Date: 21 Jan 2004 07:42:50 -0800) From: info@sanface.com (SANFACE Software)s Subject: Plug: txt2pdf 7.1= Message-ID: <bc34cdbe.0401210742.4cf8d34f@posting.google.com>   / We would like to announce txt2pdf 7.1 version.  # http://www.sanface.com/txt2pdf.htmlrE txt2pdf is shareware; it is a very flexible and powerful Perl5 scriptdB that converts text files to PDF format files, so you can use it in> every operating systems supported by Perl5, including OpenVMS.# Remember to read txt2pdf on OpenVMSd# http://www.sanface.com/openvms.htmln; It's simple to design background like invoices, orders etc.r) Here nice examples made using txt2pdf PROc- http://www.sanface.com/pdf/Purchase_Order.pdfw& http://www.sanface.com/pdf/invoice.pdf$ http://www.sanface.com/pdf/hfmus.pdf) http://www.sanface.com/pdf/heraldbill.pdfc@ If you prefer we also distribute executables for Windows, Linux,@ Solaris, AIX, HP-UX, and Mac OS X. Inside the Windows version is Visual txt2pdf, a VB GUI.f   What's new in this version  D You can put the design and text part you usually use in the bgdesignC in an EPD file. The advantage is that you have a more optimize pdf.e4 You can verify every distribution with an MD5 file.    Test txt2pdf 7.1! 6 You can find it at http://www.sanface.com/txt2pdf.html   ------------------------------  # Date: Wed, 21 Jan 2004 09:51:09 GMT:A From: "Colin Butcher" <colin_DOT.butcher_AT@xdelta_DOT.co_DOT.uk>s  Subject: Re: remove DECnet OSI ?= Message-ID: <hYrPb.5547$de5.67103977@news-text.cableinet.net>f  ; There's some DECnet Phase V stuff available for download atoJ www.xdelta.co.uk/training - I wrote it a while back, but it might help you with some of the background.  2 General advice (as others have recommended) is to:3 - use LOCAL naming option (local DECdns namespace). H - use Phase IV compatible addressing (i.e.: ethernet MAC address changes fromK hardware address to AA-00-04-00-xx-yy format - which is why you must alwaysy% start DECnet before other protocols).mI - use 49:: as the 'private' OSI network address (kind of analogous to then  TCPIP 10.*.*.* Class A address).I - use NSP (the Phase IV transport layer) by only having one address tower0L registered for each remote node and making sure that entry is for NSP with aJ Phase IV compatible address (MCR DECNET_REGISTER lets you register nodes).J DO NOT fiddle with your own ("executor" in Phase IV parlance) node address# registration using DECNET_REGISTER.dG - Get your system to a supportable patch level. On V5.5-2H4 I think youaI probably had DECnet/OSI V5.6 in the first place. Try to get to DECnet/OSIi< V6.3-ECO16 if you can. There were LOTS of changes back then.  I If you're still stuck then, as Didier Morandi says - people are availablem for hire if you need help.   -- 9   Hope this helps, Colin.i) colin DOT butcher AT xdelta DOT co DOT ukeL Systems Archaeologist - Investigation & troubleshooting of older systems and	 networks.d   ------------------------------  % Date: Wed, 21 Jan 2004 13:29:51 +0100o* From: Paul Sture <nospam@sture.homeip.net>  Subject: Re: remove DECnet OSI ?0 Message-ID: <400E7ECF.1D42D938@sture.homeip.net>   Colin Butcher wrote: > = > There's some DECnet Phase V stuff available for download at L > www.xdelta.co.uk/training - I wrote it a while back, but it might help you > with some of the background. >e    Slight correction - that URL is   % http://www.xdelta.co.uk/training.htmla    e4 > General advice (as others have recommended) is to:5 > - use LOCAL naming option (local DECdns namespace).hJ > - use Phase IV compatible addressing (i.e.: ethernet MAC address changes > fromM > hardware address to AA-00-04-00-xx-yy format - which is why you must alwayse' > start DECnet before other protocols).iK > - use 49:: as the 'private' OSI network address (kind of analogous to the-" > TCPIP 10.*.*.* Class A address).K > - use NSP (the Phase IV transport layer) by only having one address tower:N > registered for each remote node and making sure that entry is for NSP with aL > Phase IV compatible address (MCR DECNET_REGISTER lets you register nodes).L > DO NOT fiddle with your own ("executor" in Phase IV parlance) node address% > registration using DECNET_REGISTER.uI > - Get your system to a supportable patch level. On V5.5-2H4 I think you K > probably had DECnet/OSI V5.6 in the first place. Try to get to DECnet/OSI.> > V6.3-ECO16 if you can. There were LOTS of changes back then. > K > If you're still stuck then, as Didier Morandi says - people are available  > for hire if you need help. >  > -- >  > Hope this helps, Colin. + > colin DOT butcher AT xdelta DOT co DOT uksN > Systems Archaeologist - Investigation & troubleshooting of older systems and > networks.e   --     -- 7
 Paul Sture   ------------------------------  % Date: Wed, 21 Jan 2004 12:08:56 -0500a& From: David M Smith <dsmit115@csc.com>' Subject: Re: The ghost of VAX-C past...d8 Message-ID: <q9ct00drqfqb0bgquvoev2i9uvpru1n4r4@4ax.com>  O On Wed, 21 Jan 2004 00:04:21 -0500, JF Mezei <jfmezei.spamnot@istop.com> wrote:   L >Is there a magic incantation that will automatically vaxc leaving only DECC- >?(command tables, help and any other stuff).  >gM >Or must I manually extract the CLD for CC on the "modern" node and use it to<0 >replace on the old node ? (same for the help ?) >vO >Apart from the DCLTABLES and the HELPIB.HLB, are there other areas that I needa >to clean up ?< >(are the include directories separate for the 2 compiler ?) > O >Also, can I remove any executable/shareable with the "vaxc" string in the filen >name ?t  P JF, I'm not aware of any procedure or documented steps to do it. One "automated"I way which might be simpler (and less error prone) than directly modifyingKJ DCLTABLES and HELPLIB might be to rerun the C installation kit after firstO "removing" whatever it is that the C kit looks for to decide whether or not VAXi= C is currently installed. In the current (CC064) kit, this isk@ SYS$SYSTEM:VAXC.EXE as I find in the KITINSTAL.COM in saveset A:   $   !U7 $   ! Determine the command line definition to be used.0 $   ! < $   VMI$FIND cc$vaxc VMI$ROOT:[SYSEXE]VAXC.EXE "" S cc$found $h $   IF (cc$found .NES. "S")  $   THEN $       TYPE SYS$INPUT:Y  F     VAX C is not installed on the system.  Should you install VAX C atK     some future time, you must reinstall Compaq C to provide a command linesE     definition for the CC command that can can invoke either product.D   $       cc$cc_default == "DECC"  $       cc$cld  == "DECC"W# $       cc$help_file == "DECC$HELP"@ $       EXIT VMI$_SUCCESS.	 $   ENDIFe  P So, you can simply RENAME SYS$SYSTEM:VAXC.EXE .OLD and then rerun the C install,N and you will end up with correct, HP C only, DCLTABLES and HELPLIB. This won'tN get rid of any old files, but the safest way to do that would be to leave themN alone -- the VAX C V3.2 kit is only a few thousand blocks, so it can't be veryO much. If you wanted to do it, I would examine the VAX C installation kit to get  file names.eI ------------------------------------------------------------------------- I David M. Smith 302.391.8533                       dsmit115 at csc dot com0I Computer Sciences Corporation     (Opinions are those of the writer only)oI -------------------------------------------------------------------------n   ------------------------------    Date: 21 Jan 2004 07:10:07 -0600; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) I Subject: Re: The Register: OpenVMS among most-secure of operating systemsc3 Message-ID: <Xe7pZHbr2gFn@eisner.encompasserve.org>a   In article <bujprv$eh8$1@new-usenet.uk.sun.com>, Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes: > 5 > 7.3.x is less secure than 5.3 even CERT, not a goode3 > source show that. Not suprising, its much bigger,s7 > chunks of it are written in languages not extensivelyo) > used in VMS 5.3 and it does a lot more.i  ?    You seem to have bought into the Microsoft explanation that y       more == less quality  /    You need more experience with good software.2   ------------------------------    Date: 21 Jan 2004 06:05:58 -0800( From: bob@instantwhip.com (Bob Ceculski)I Subject: Re: The Register: OpenVMS among most-secure of operating systemsr< Message-ID: <d7791aa1.0401210605.1241c69@posting.google.com>  ] Mark Berryman <Mark.Berryman@Mvb.Saic.Com> wrote in message news:<400d6392@cpns1.saic.com>...2* > Andrew Harrison SUNUK Consultancy wrote: > > Mark Berryman wrote: > = > Because you continue to show that you do not understand it.e >  > Mark Berrymans  8 he understands it all right ... he just can't admit that7 VMS is superior because he is stuck trying to sell that % convuluted garbage he calls an os ...H   ------------------------------  % Date: Wed, 21 Jan 2004 09:55:08 -0500D& From: "Daniel Allen" <dallen@nist.gov>I Subject: RE: The Register: OpenVMS among most-secure of operating systems2: Message-ID: <BCEGLBGJDODLELBJIADKKECMCMAA.dallen@nist.gov>   > -----Original Message-----D > From: Bob Koehler [mailto:koehler@eisner.nospam.encompasserve.org]+ > Sent: Wednesday, January 21, 2004 8:10 AM  > To: Info-VAX@Mvb.Saic.ComdC > Subject: Re: The Register: OpenVMS among most-secure of operatingu	 > systemsl >d > B > In article <bujprv$eh8$1@new-usenet.uk.sun.com>, Andrew HarrisonC > SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes:t > >i7 > > 7.3.x is less secure than 5.3 even CERT, not a goodn5 > > source show that. Not suprising, its much bigger,u9 > > chunks of it are written in languages not extensivelym+ > > used in VMS 5.3 and it does a lot more.e > @ >    You seem to have bought into the Microsoft explanation that >       more == less quality >n1 >    You need more experience with good software.e  J 	My thoughts exactly. I've been involved with VMS since the beginning (our first systemI arrived with V1.? but was installed with V2) and security and reliabilitybH have steadily improved through later (bigger and badder - "bad"'s a goodI thing ;-) versions. Major releases sometimes stumbled but VMS engineeringkH has always remedied any initial problems very quickly and they typicallyF were simple errors in execution - not the basic design flaws that haveK plagued many major and popular software systems. It helps if you start with  security as job 1.   Dane   ------------------------------  % Date: Wed, 21 Jan 2004 15:54:11 +0000sO From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com>tI Subject: Re: The Register: OpenVMS among most-secure of operating systemse0 Message-ID: <bum7cn$ad0$1@new-usenet.uk.sun.com>   jlsue wrote:G > On Fri, 16 Jan 2004 10:55:56 +0000, Andrew Harrison SUNUK Consultancyu0 > <Andrew_No.Harrison_No@nospamn.sun.com> wrote: >  >  >>jlsue wrote: >>K >>>On Thu, 15 Jan 2004 02:23:45 -0500, JF Mezei <jfmezei.spamnot@istop.com>s	 >>>wrote:u >>>: >>>H >>> K >>>>When they discovered the flaw in the POP server that would allow one to6Q >>>>overwrite any file on the system because the impage was installed with SYSPRV R >>>>and could be called interactively with a log file specification, did that make >>>>it to CERT ? >>>  >>>eM >>>Whose POP server?  Do I run that on my systems?  If not, then now could itl5 >>>affect me and why would it actually be a VMS CERT?w >>>l >>2 >>In fact its the HP POP server but that is rather
 >>irrelevant.s >  > F > But my system (hypothetically) runs Multinet.  So then what do I do? >   < Does it matter, CERT is not about people being selective and= restricting advisories to things that will hit everyone whilep> editing out advisories that will only impact a subset of their users.  > Where would that leave the users who are running the offending code ?       > 3 >>It sould be a VMS CERT because its a VMS specific , >>hole in an a service that runs on OpenVMS. >>7 >>Why not just obey the same set of rules that everyone   >>else does for CERT advisories. >  > J > Okay, so by that definition, an Oracle security vulnerability on OpenVMS* > would have to be reported as a VMS CERT? >   > No you arn't responsible for Oracle so how could you be making" statements about Oracle security ?  @ On the other hand you do provide IP stacks, bind implimentations> POP servers etc all of which you are responsible for reporting one.     >  >>N >>>>I suspect that there are many issues specific to VMS that don't make it toN >>>>CERT.  CERT is prebably much more concerned about widely used systems, not. >>>>niche systems with very vew installations. >>>  >>>cN >>>Define many.  By one defiintion of that term I could infer that you believeJ >>>there are many security-related fixes in VMS that are not reported.  Is >>>that what you're implying?o >>>a >>7 >>Well given your earlier point its obvious that you as 6 >>a HP employee see no need to report vunerabilites to7 >>CERT if they arn't part of base OpenVMS distribution.l >>7 >>Assuming that your view reflects culture and practicee8 >>in HP then the answer to your question has to be many. >  > J > It was a "yes" or "no" question.... but it appears that by your responseF > you believe that, 'yes' there are *many* security vulnerabilities in* > OpenVMS, and that most are not reported. >   1 What eveidence do you have that the many claim if  I chose to make it isn't true ?t  M > Without arguing whether 'many' means 10, 20, 50, 150, whatever; it would berB > interesting to have you provide some documented support for this
 > contention.k >    I have already.g   Regardsn Andrew Harrisont   ------------------------------  % Date: Wed, 21 Jan 2004 15:59:49 +0000 O From: Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com>-I Subject: Re: The Register: OpenVMS among most-secure of operating systemsm0 Message-ID: <bum7n9$ad0$2@new-usenet.uk.sun.com>   Bob Koehler wrote: > In article <bujprv$eh8$1@new-usenet.uk.sun.com>, Andrew Harrison SUNUK Consultancy <Andrew_No.Harrison_No@nospamn.sun.com> writes: > 5 >>7.3.x is less secure than 5.3 even CERT, not a goodk3 >>source show that. Not suprising, its much bigger,N7 >>chunks of it are written in languages not extensivelys) >>used in VMS 5.3 and it does a lot more.s >  > A >    You seem to have bought into the Microsoft explanation that p >       more == less quality > 1 >    You need more experience with good software.i >   7 No I have simpoly looked at the CERT vunerabilites thatI3 HP/Compaq/Digital have admitted to for OpenVMS 7.x.t  3 The quantity of new code in OpenVMS is one possiblen5 explanation, as is choice of language etc. Whats youra
 explanation ?r   Regardse Andrew Harrisont   ------------------------------  % Date: Wed, 21 Jan 2004 10:13:50 +0000a7 From: "POWERS, John" <John.POWERS@reading.sema.slb.com>v? Subject: RE: TPU code to replace a string ignoring line breaks?nH Message-ID: <95544AF90752D211AC0300A0C9E01D32019FFB19@reaes4.sema.co.uk>  H This could be done using bare TPU commands, but you are re-inventing theJ albatross here, as EVE has already got commands which do things like this.H Remember that as EVE is written in TPU, you can call any EVE commands inI a TPU procedure, providing you have the EVE$SECTION section file to startiG off with. You just add 'eve_' to the front of the eve command to use itn directly in TPU.  8 The EVE command you are trying to emulate is the command SET FIND WHITESPACEaI If you enter eve and type 'help set find whitespace' you will see it doese exactly what you want.  G Here is a simple 6 line procedure that will do exactly what you want. IeH doubt if you could do this in native TPU commands in less that ten times that number of lines.    eve_set_find_whitespace; loopI   exitif not eve_find ("This is a really long string that is continued ond another line");i
   eve_cut;;   copy_text ("This_is_a_shortened_version_of_that_string");e
 endloop;    J I just tested it with  edit /nodisp/command=sys$input - and it works fine.   - John     -----Original Message-----# From: karcher@kort.waisman.wisc.edu & [mailto:karcher@kort.waisman.wisc.edu] Sent: 21 January 2004 03:18m To: Info-VAX@Mvb.Saic.Come; Subject: TPU code to replace a string ignoring line breaks?s    = I've used and googled the numerous TPU procedures posted hereaI previously to globally search and replace a string in multiple files. NowhH I need to replace a string that MAY contain a line break (assume a break5 at a space character). For example how can I replace:t  $ This is a really long string that is  continued on another line  # With the following one line string:a  * This_is_a_shortened_version_of_that_string  H After staring at the TPU manuals I'm guessing I need to supply a patternB variable rather than a string to the TPU search_quiet function. MyH attempts at this have all been failures. I'm wondering if anyone has any3 TPU code or pointers as to how this is done in TPU.    Thanks.    --G -- Carl Karcher, Waisman Computing Services, Waisman Center, UW-Madisonl9 --                  karcher.nomorespxm@waisman.wisc.edu  o   ------------------------------    Date: 21 Jan 2004 02:12:02 -0800. From: fabiopenvms@yahoo.com.br (Fabio Cardoso)E Subject: Users welcome HP's commitment to long-term future of OpenVMSa= Message-ID: <f30679fb.0401210212.2272b65e@posting.google.com>u  A I fell the lack of an official document to the customers from HP.  Like a PAK or contract etc....  
 Fabio Cardosof   Click    http://www.computerweekly.com/articles/article.asp?liArticleID=127592&liArticleTypeID=1&liCategoryID=6&liChannelID=126&liFlavourID=1&sSearch=&nPage=1w  o  lF Users have welcomed the latest release of OpenVMS from Hewlett-PackardB as evidence of the company's long-term commitment to the operating system.o  @ HP has provided an evaluation release of OpenVMS on its range ofF Integrity servers, which are based on 64-bit Itanium 2 processors. The> availability of a version of the OpenVMS OS for a new hardwareA platform based on Itanium 2 gives OpenVMS users a way to continuecE running existing applications, avoiding the need to migrate to a UnixlE or NT-based system. Such a move would require OpenVMS applications to 
 be rewritten.i  D According to Colin Butcher, board member of the HP User Group, usersE are keen to ensure that HP continues to put its weight behind OpenVMSe@ following its merger with Compaq in 2002. He said support on theF Itanium 2 Integrity server was a step in the right direction. "This isF good news - it is a serious commitment to the future of OpenVMS," said Butcher. (...)    ------------------------------    Date: 21 Jan 2004 02:12:05 -0800. From: fabiopenvms@yahoo.com.br (Fabio Cardoso)E Subject: Users welcome HP's commitment to long-term future of OpenVMS?= Message-ID: <f30679fb.0401210212.21fe27b2@posting.google.com>   A I fell the lack of an official document to the customers from HP.e Like a PAK or contract etc....  
 Fabio Cardosoa   Clickh   http://www.computerweekly.com/articles/article.asp?liArticleID=127592&liArticleTypeID=1&liCategoryID=6&liChannelID=126&liFlavourID=1&sSearch=&nPage=1y  M  iF Users have welcomed the latest release of OpenVMS from Hewlett-PackardB as evidence of the company's long-term commitment to the operating system.n  @ HP has provided an evaluation release of OpenVMS on its range ofF Integrity servers, which are based on 64-bit Itanium 2 processors. The> availability of a version of the OpenVMS OS for a new hardwareA platform based on Itanium 2 gives OpenVMS users a way to continuetE running existing applications, avoiding the need to migrate to a Unix?E or NT-based system. Such a move would require OpenVMS applications to 
 be rewritten.   D According to Colin Butcher, board member of the HP User Group, usersE are keen to ensure that HP continues to put its weight behind OpenVMSY@ following its merger with Compaq in 2002. He said support on theF Itanium 2 Integrity server was a step in the right direction. "This isF good news - it is a serious commitment to the future of OpenVMS," said Butcher. (...)x   ------------------------------  % Date: Wed, 21 Jan 2004 07:54:06 +0100s" From: Didier Morandi <no@spam.com>! Subject: VAXUS: Call for ChaptersM3 Message-ID: <400e2291$0$7133$626a54ce@news.free.fr>    Good morning all,o  O We have received a few requests to open VAXUS chapters in Europe. No news from f1 other sides of the Pond (either ponds, actually).i  O To know more on VAXUS, see http://www.vaxus.org, site available in English and p French.o  3 Thanks for helping the VAX/VMS worldwide Community.V   D. Chairman -- h2 VAXUS - Your new helpful friend in the DEC Family!2 EHQ: 19 chemin de la Butte, 31400 Toulouse, France/       Phone: +336 7983 6418 Fax: +335 6154 1928e$                 http://www.vaxus.org   ------------------------------  % Date: Wed, 21 Jan 2004 10:14:40 -0700n+ From: "Barry Treahy, Jr." <Treahy@MMaz.com> % Subject: Re: VAXUS: Call for Chapterss' Message-ID: <400EB380.1050907@MMaz.com>d   Didier Morandi wrote:c   > Good morning all,l >"G > We have received a few requests to open VAXUS chapters in Europe. No s= > news from other sides of the Pond (either ponds, actually).e  I Perhaps because the LUGS that are left here in the US are either already rE doing well on their own, like Dallas/FW, or are dead or dying a slow iI death like here in Phoenix.  People are tired, Didier, they are tired of eG investing time into LUGS just to have the carpet pulled out or to have r- them turned into a Intel/Windows sales pitch.n  I In my estimation, you will see very little to no interest here in the US  I for that reason alone, but also because of the fact that for us to drive uE from state to state, you could have traveled from country to country  I there in Europe; Proximity does matter and no one wants to be the single t9 LUG member in their region, nothing is gained by that... i  F The other aspect you must answer is why people should reassemble into D another LUG just because you ask?  What value will you bring to the D table, funding, viability with HP and VMS, discounting, EOL product H re-releasd under GPL?  What value to the members?  Encompass has yet to H figure that one out and is still riding on the member benefits put into # action by prior DECUS work (IMHO). 7  E With todays electronic collaboration via the net and telephone, most wI technical issues can be discussed and worked out, the only thing missing  G is the socials after the meeting when DEC, well Compaq, Ha!  HP bought  A the beer, but what, they haven't done that in more than a decade!a   Barryt  > ps. VMSUS would probably have been more accurate than VAXUS...   --    > Barry Treahy, Jr                       E-mail: Treahy@MMaz.com> Midwest Microwave                          Phone: 480/314-1320> Vice President & CIO                         FAX: 480/661-7028                            ------------------------------  % Date: Wed, 21 Jan 2004 03:16:43 -0500e* From: JF Mezei <jfmezei.spamnot@istop.com>1 Subject: Re: VMS question regarding SMTP headers.=) Message-ID: <400E3552.56A6B2D7@istop.com>t  O > The POP server sends these message headers (the VMSmail specific ones) to thet > POP client unless all of the  > following conditions are true:D >  The TCPIP$POP_IGNORE_MAIL11_HEADERS logical name is defined (see > Section 18.3).) >  The From: address is an SMTP address.d2 >  The SMTP qualifier /OPTION=TOP_HEADERS is set.  N Of all the ironies, I start to use my POP server today (for my phone to pickup= emails) and experienced the same problem as you. defining thekK tcpup$pop_ignore_mail11_headers , shutting down and starting the pop serverG did the trick.  N Pretty amazing that the mail client on a very small phone knows about mime andH attachements, but the one on VMS doesn't even know about RFC822 headers.   ------------------------------  + Date: Wed, 21 Jan 2004 08:50:17 +0000 (UTC) * From: Osmo Kujala <kujala@tukki.cc.jyu.fi>1 Subject: Re: What type of memory is used in DS10?a, Message-ID: <buleg9$kdq$1@mordred.cc.jyu.fi>  4 Michael Unger <spam.to.unger@spamgourmet.com> wrote:  < > According to the QuickSpecs (1-Oct-2003 edition, page 12):  ? > used in pairs, industry-standard DIMM, ECC, 200 pins, 100 MHz, > (SDRAM of course)   C Yup. So it says. But that industry-standard part simply isn't true. I Only industry-standard 200-pin SDRAM is SO DIMM. I've been digging aroundDI to find SDRAM for DS10(L) from PC-market, but found none yet. :-( :-( :-(B	  Only hittG from other than DEC-models to use similar memory was some SUN computer. H I'd like to learn at least one "industry-standard" (PC,Pentium-based...)F computer which use that memory. That might be so out-dated that buying; such used system would give the memory at reasonable price.r   Osmo   ------------------------------    Date: 21 Jan 2004 09:11:08 -0800" From: nas@ist-inc.com (Neil Smyth)) Subject: What's new at Motifdeveloper.com = Message-ID: <f6a5860e.0401210911.6f68b4a4@posting.google.com>u   VMS X/Motif Developers,h  E Have you noticed that the keyboard up and down arrows do the oppositesF to what you would expect on with the XmSpinBox widget on Solaris? Want to know why and how to fix it?  : Ever wondered how to create a splash screen for your Motif
 applications?i  D Do you need to create text fields that autotab when a certain numberC of characters have been typed (whilst also handling delete, cut andI paste, text overwrite etc)?2  E Ever wanted to know everything there was to know about error handlingu with X, Xt and Motif?   E Answers to all these and more plus the latest news in the Motif worldgE are now online at Motifdeveloper.com  the #1 home for Motif and Openc* Motif developer information and resources.    
 News Items
 ----------  / -- IST Launches Motif to Java Migration Servicet  A Imperial Software Technology recently announced the launch of itssF Motif to Java Migration Service, a complete and cost effective serviceD for the rapid and automated conversion of legacy C/C++ X/Motif based" applications to the Java Platform.  E If you are planning to migrate your Motif application to Java IST caneA perform the migration for a fraction of the cost of re-writing orc manually converting the code.b  = 	Read more at: http://www.motifdeveloper.com/news/news19.htmlr      * -- Motif widgets now available for MacOS X  C Quest Software recently released their XRT/PDS Motif widget set forr MacOS X.  = 	Read more at: http://www.motifdeveloper.com/news/news21.htmle        Latest Technical Tips and Advice  --------------------------------  3 -- How can a pixmap have a transparent background? e  D I'd like to be able to display pixmaps in my application so that the> background is transparent and just the foreground of the image
 displayed.  . 	http://www.motifdeveloper.com/tips/tip27.html    D -- How do I handle errors emanating from the Motif, X Toolkit, and X
 libraries?  D Error handling in X/Motif based applications can be a tricky task inF application programming. This article tells you everything you need to know:R  . 	http://www.motifdeveloper.com/tips/tip29.html    C -- How do I create a splash screen with no window manager borders? s  C A common requirement for showing copyright information, applicationtF startup status and product logos. We show you exactly how this is done in X and Motif:>  . 	http://www.motifdeveloper.com/tips/tip30.html    @ -- Why do the Up and Down arrows work 'wrongly' with XmSpinBox?   @ A subtle bug in the Solaris release of Motif that is easy to get around when you know how:w  . 	http://www.motifdeveloper.com/tips/tip31.html    E -- How do I limit the number of characters that can be entered into ai7 text field and then autotab when that limit is reached?s  C A key requirement for data entry intensive applications. Everythings= you need to implement this functionality in your applicationse including code examples:  . 	http://www.motifdeveloper.com/tips/tip32.html     Thanks   The Motifdeveloper.com Team   ; Sponsored by X-Designer  The Advanced Motif GUI Builder  =+ Read about it at: http://www.ist-inc.com/xd B Get a FREE trial at: http://www.ist-inc.com/DOWNLOADS/xd_eval.html   ------------------------------  + Date: Wed, 21 Jan 2004 18:16:32 +0000 (UTC)n* From: bleau@umtof.umd.edu (Lawrence Bleau)( Subject: Where is XML generator for VMS?0 Message-ID: <bumfm0$eg7$1@grapevine.wam.umd.edu>  D Hello.  I'm running OpenVMS AXP V7.3-2.  We have a need to create anE XML document containing ascii scientific data for distribution to ourrE colleagues.  A description of the XML elements to be used has alreadyd) been developed, though it may be refined.s  @ What I need is a tool that can be used to generate a file in XMLC format.  I've done a search and have found plenty of parsers, but IhE need to create an XML document, not parse one.  I could write my own,mB but I don't like to reinvent the wheel if it's already been done. F Give me some pointers, please, and available tools, or on the best way to go about coding this.  B Btw, the XML doc we're making will have a fairly simple structure,A just a description of a time series of data points, with the main F content being the data themselves.  The preferred language is Fortran,B although I can handle C (the boss won't like it, but if that's all  that's available, we'll use it).   Lawrence Bleau University of Maryland" Physics Dept., Space Physics Group 301-405-6223 bleau@umtof.umd.edur   ------------------------------   End of INFO-VAX 2004.041 ************************