1 INFO-VAX	Sun, 25 Dec 2005	Volume 2005 : Issue 716       Contents:' Re: Addendum: TCPIP5.4  patch 5 problem ' Re: Addendum: TCPIP5.4  patch 5 problem  Re: DUMP/OUTPUT strangeness  Re: Honeypot stats  Re: Licenses MOD_UNITS question.) Re: Question about large numbers of Locks ) Re: Question about large numbers of Locks  Re: TCPIP5.4  patch 5 problem  Re: TCPIP5.4  patch 5 problem 3 Unable to LICENSE REGISTER new VMS license on Alpha 7 Re: Unable to LICENSE REGISTER new VMS license on Alpha 7 Re: Unable to LICENSE REGISTER new VMS license on Alpha  Re: Zip question  F ----------------------------------------------------------------------  % Date: Sat, 24 Dec 2005 16:18:06 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> 0 Subject: Re: Addendum: TCPIP5.4  patch 5 problem, Message-ID: <43ADBB0C.605D49BE@teksavvy.com>   Tom Linden wrote: $ > $       @sys$startup:tcpip$startup5 > $       INSTALL ADD SYS$SHARE:DECW$SETSHODISSHR.EXE   F I would do the install before starting tcpip and you might want to addF /SHARE to it. Just installting an image without any attributes doesn't do much.    < > $       IF F$SEARCH("SYS$STARTUP:MX_STARTUP.COM") .NES. "" > $       THEN6 > $               @SYS$STARTUP:tcpip$smtp_shutdown.com 		bunch of defines- > $               @SYS$STARTUP:MX_STARTUP.COM  > $       ENDIF   > > $       @SYS$SYSDEVICE:[VMS$COMMON.SYSMGR]TCPIP$FTP_SHUTDOWN. > $       @disk$common:[hg.COM]FTP_STARTUP.COM    F First, if it finds MX_STARTUP.COM, it shuts down the whole TCPIP StackA and doesn't restart it !!!!!!! So MX_STARTUP will have difficulty  finding a stack !!!   E Also, instead of shutting down FTP and starting MadGoat's FTP server, E you could disable the TCPIP SERVICES FTP service and then not have to + worry about it (TCPIP DISABLE SERVICE FTP).     = And starting with TCPIP Services 5.3, it becomes worthwile to F investigate just properly defining services and letting TCPIP Services start the service for you.    F For instance, instead of disabling the DEC TCPIP FTP server, you couldG simply redefine it to use @disk$common:[hg.COM]FTP_STARTUP.COM  (or the F actual procedure which runs the image since TCPIP Services will create the process for you).    ------------------------------  % Date: Sat, 24 Dec 2005 23:12:47 -0000 @ From: "Alex Daniels" <alexNOSPAMHERETHANKSdaniels@themail.co.uk>0 Subject: Re: Addendum: TCPIP5.4  patch 5 problem6 Message-ID: <43add5f1$0$29559$da0feed9@news.zen.co.uk>  ; "JF Mezei" <jfmezei.spamnot@teksavvy.com> wrote in message  & news:43ADBB0C.605D49BE@teksavvy.com... > Tom Linden wrote:  <SNIP>= >> $       IF F$SEARCH("SYS$STARTUP:MX_STARTUP.COM") .NES. ""  >> $       THEN 7 >> $               @SYS$STARTUP:tcpip$smtp_shutdown.com  > bunch of defines. >> $               @SYS$STARTUP:MX_STARTUP.COM >> $       ENDIF > H > First, if it finds MX_STARTUP.COM, it shuts down the whole TCPIP StackC > and doesn't restart it !!!!!!! So MX_STARTUP will have difficulty  > finding a stack !!!  >   I He is shutting down TCP/IP Services' SMTP service, if the start-up finds   MX_STARTUP.COM.   ( He is not shutting down the whole stack.   Alex     ------------------------------  % Date: Sat, 24 Dec 2005 16:35:35 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> $ Subject: Re: DUMP/OUTPUT strangeness, Message-ID: <43ADBF24.7891B9FA@teksavvy.com>  / Phillip Helbig---remove CLOTHES to reply wrote:  >    $ DUMP *.HTML/OUTPUT=X.X  > < > then X.X contains only the dump of the last file.  If I do  H If you do DUMP X.X , does it truly contain only the last file's result ?  H Also, add /STAT and you'll be able to see if SEARCH actually finds stuff in the other files.    ------------------------------  % Date: Sat, 24 Dec 2005 16:32:41 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com>  Subject: Re: Honeypot stats , Message-ID: <43ADBE76.D5D7D8BF@teksavvy.com>   Neil Rieck wrote: / > http://www.techweb.com/wire/security/54201306    ##H Windows XP SP1 with the for-free ZoneAlarm firewall, however, as well as
 Windows XPC SP2, fared much better. Although both configurations were probed by  attackers, neither& was compromised during the two weeks.  ##    F So while older versions of Windows were hacked within minutes of beingE plugged into the net, current versions are OK. On has to be fair. And B while Windows did heed warnings about security and issued SP2, theC question is whether this will permeate Microsoft permanently or iof H marketing will dictate more feature creep which will open up a whole new bunch of security holes.  B The article also looks at MacOS and says it is also vulnerable andH wasn't hacked simply because the hackers are equipped with windows code.C  I think that this is very misleading. Just because you have a port G listening for POP, SMTP etc doesn't mean that the server running behind & it is vulnerable to trojan horses etc.  C Obviously, if by default you have telnet enabled and you have a the F equivalent of the "SYSTEM" account with a known default password, then$ yeah, any machine would be hackable.    C The VMS architecture is perhaps better designed. Use TCPIP only for D outside services, and use DECNET and SCS for internal communications between nodes.    C Out of curiosity, if one sets Monitor to use TCPIP, how does a node A decide to accept or reject a call from another node's MONITOR ?     F For instance, in a MON CLUSTER, each node would get a call from one IPH address )the node issuing the MON CLUSTER). But how do they authenticateF this ? Does the SCS protocol now tell each node in a cluster what each nodes' IP address is ?   ------------------------------  % Date: Sat, 24 Dec 2005 17:58:51 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> ) Subject: Re: Licenses MOD_UNITS question. , Message-ID: <43ADD2A2.945C1704@teksavvy.com>   An update to the situation:     D I manually executed each command that STARTNET would execute in NCP.   SET KNOWN LINES ALL workedC SET KNOWN CIRCUITS ALL would say it enabled SVA-0 and then complain " about product requiring a license.  E Since DVNETEND allows only one circuit, I figured that the config had D more than one circuit defined, even though LIST/SHOW KNOWN CIRC only listed one.   C I zapped NETCIRC.DAT and NETLINE.DAT and issued the DEFINE LINE and K DEFINE CIRC commands which recreated the files from scratch. No difference.   G I went into NETCONFIG.COM to look at what it does and it showed that it E uses "SVA-x" for ES ethernet devices. This machine doesn't have an ES E device, it has an EZ device. I had used NETCONFIG after the move from G the MVII and it was netconfig which chose SVA-0 in the first place !!!!   G So, I zapped NETCIRC and NETLINE and recreated them with ISA-0 which is 9 what NETCONFIG.COM says to use with EZ ethernet devices.    E However, the same problem occured. SET KNOWN CIRC ALL brings up ISA-0 - and then complains about requiring a license.   B I zapped the EXEC and LOGGING definitions, used netconfig again toF recreate everything from scratch (except objects) and same problem. It/ definitely shows this to be a non routing node.     G So, I took my old DVNETRTG license which was at 230 units. It failed to C load. I mod/UNITs to 300, it failed to load, I mod/units to 400, it G failed to load. Got tired, boosted it to 600 and it loaded succesfully. F (SHOW LICENSE/CHARGE says I need 300 units for an E type license which
 DVNETRTG is).      And low and behold, it works.   ! NCP still shows only one circuit.   C I had remembered from a previous life that a cluster alias requires F DVNETRTG for decnet, but that without it, you could still have clusterG alias for incoming calls, but any outgoing mails etc would be signed by ? the actual node. Is that a correct recolection ? Perhaps during G CLUSTER_CONFIG, something was done to decnet to make it think there was D a cluster alias requiring DVNETRTG. (SHOW EXEC CHAR doesn't show anyC alias name, although it was set to accept incoming alias calls, but G disabling this didn't change. Besides, if it was a cluster alias issue, E would the license complaint have come during SET KNOWN CIRCUITS ALL ? : Wouldn't it have some when it starts the actual executor ?   ------------------------------  + Date: Sat, 24 Dec 2005 19:03:33 +0000 (UTC) 7 From: moroney@world.std.spaamtrap.com (Michael Moroney) 2 Subject: Re: Question about large numbers of Locks( Message-ID: <dok625$88m$1@pcls4.std.com>   rcbryan@hotmail.com writes:   H >I guess one question is:  Is the VMS lock mechanism is bright enough toG >where there is not fixed CPU overhead for each lock?  If they just sit F >there until there are changes than the CPU overhead would be minimal.  G Yes, the VMS lock mechanism is smart enough.  The processes holding the A locks and a blocking AST will consume no CPU related to the locks C until an incompatible lock request causes the AST to fire.  The VMS F system executive has to do checks whenever something changes regardingG the locks but the amount per lock is pretty minimal, and is quite a bit  less than spinning on a file.   I It used to be the biggest problem with lots of locks on large systems was G that S0 virtual address space was consumed by all those locks.  Not too F long ago (I forget which version) the locking code was changed to move3 everything into S2 space which resolved that issue.   > >"If it ain't broke..." I have little patience with people whoB >noodle things up for the sake of "better programming" (or vanity)G >but in this case, one of the managers asked if I can see where some of G >the CPU time is going and do something about it.  This is a case where F >a change can be made to in a small place and have a big payoff. ThereD >are a lot of other egregious abusers of CPU time but they are a lotC >harder to address.  They paid the big bucks a while ago to get the G >GS1280s and they want to keep on eye on the CPU time.  I think that if F >they eliminated all the wasted CPU time on the system, they could runB >on an ES40 but it is cheaper and less risky to just buy hardware.  C OK, sounds like it's worth it to rewrite the code using locks, esp. @ if the data you're passing around fits into the lock value block5 (the size of which has also been increased recently).    ------------------------------    Date: 24 Dec 2005 14:48:36 -0800< From: "Hein RMS van den Heuvel" <heinvandenheuvel@gmail.com>2 Subject: Re: Question about large numbers of LocksC Message-ID: <1135464516.085103.147320@g43g2000cwa.googlegroups.com>   = I hate polling solutions. They do not scale and waste cycles.   D But then again, if it works today with acceptable overhead, why muck with it?B You may be able to significantly mitigate the overhead by enablingG global buffers on the state file. Specifically, since recent (less than D 10 years :-) vms version the RMS gloabl buffers uses Concurrent ReadF locks for bucket locks vs EXclusive locks for local buffers (since VMSE 7.3 or so). And it sounds like you can avoid the record locks in this D solution completely by using the ROP NQL option (or RRL+NLK + SYSGEN PARAM)  E I like blocking ASTs but it can still be wasteful if the processes do A not actually need the data, perhpas taking multipel blocking asts @ before actually using the new info. Still, it sounds like a good* solution when dealing with hourly changes.  = It may also be reasonable to just have application convert an E application lock from NL to CR during it work, reading the Lock Value C Block to see if a new state needs to be honored. Convert down to NL % when done or back at main loop level.    fwiw,  Hein.    ------------------------------    Date: 24 Dec 2005 20:43:01 +01006 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOEGER)& Subject: Re: TCPIP5.4  patch 5 problem, Message-ID: <43adb2d5$1@news.langstoeger.at>  N In article <ops2aq3xh3zgicya@hyrrokkin>, "Tom Linden" <tom@kednos.com> writes:< >I have 5.4 running on 7.3, 7.3-1 and 7.3-2  and I installed8 >said patch to each of them, but 7.3 doesn't like it :-(  ? RUsure ? OTOH I don't know if V5.4 is supported on V7.3 at all.   E >on 7.3 I run the POP server and  MX V5.4  After installing the patch " >I can no longer connect using SSH  ) TCPIP V5.4 ECO 5 brings a new SSH config. I Extract the new SYS$SYSDEVICE:[TCPIP$SSH.SSH2]SSH*_CONFIG. files from the I SYS$LIBRARY:TCPIP$TEMPLATES.TLB library. You don't need (but may want) to  customize them.    Do a SSH localhost to verify.  --   Peter "EPLAN" LANGSTOEGER % Network and OpenVMS system specialist  E-mail  peter@langstoeger.atF A-1030 VIENNA  AUSTRIA              I'm not a pessimist, I'm a realist   ------------------------------  % Date: Sat, 24 Dec 2005 17:21:43 -0800 # From: "Tom Linden" <tom@kednos.com> & Subject: Re: TCPIP5.4  patch 5 problem( Message-ID: <ops2bfehjezgicya@hyrrokkin>  : On 24 Dec 2005 20:43:01 +0100, Peter 'EPLAN' LANGSTOEGER   <peter@langstoeger.at> wrote:   J > In article <ops2aq3xh3zgicya@hyrrokkin>, "Tom Linden" <tom@kednos.com>  	 > writes: > >> I have 5.4 running on 7.3, 7.3-1 and 7.3-2  and I installed: >> said patch to each of them, but 7.3 doesn't like it :-( > A > RUsure ? OTOH I don't know if V5.4 is supported on V7.3 at all.  > G >> on 7.3 I run the POP server and  MX V5.4  After installing the patch $ >> I can no longer connect using SSH > + > TCPIP V5.4 ECO 5 brings a new SSH config. K > Extract the new SYS$SYSDEVICE:[TCPIP$SSH.SSH2]SSH*_CONFIG. files from the K > SYS$LIBRARY:TCPIP$TEMPLATES.TLB library. You don't need (but may want) to  > customize them.  >  > Do a SSH localhost to verify. A I followed the directions in the ECO release notes which included   A 		$ LIBRARY/EXTRACT=SSH2_CONFIG SYS$LIBRARY:TCPIP$TEMPLATES.TLB - G                   _$ /OUT=TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG. 2                   $ LIBRARY/EXTRACT=SSHD2_CONFIG  ! SYS$LIBRARY:TCPIP$TEMPLATES.TLB - H                   _$ /OUT=TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG.    7                   $ @SYS$STARTUP:TCPIP$SSH_SHUTDOWN.COM >                   $ @SYS$STARTUP:TCPIP$SSH_CLIENT_SHUTDOWN.COM6                   $ @SYS$STARTUP:TCPIP$SSH_STARTUP.COM=                   $ @SYS$STARTUP:TCPIP$SSH_CLIENT_STARTUP.COM    However,   FREJA> ssh localhostC %IMGACT-F-SYMVECMIS, shareable image's symbol vector table mismatch A -IMGACT-F-FIXUPERR, error when TCPIP$SSH_SSH2 referenced DECC$SHR   9 Which certainly looks as if something didn't get updated.    ------------------------------    Date: 24 Dec 2005 12:33:47 -0800' From: "Schnootling" <chuckm@dis.wa.gov> < Subject: Unable to LICENSE REGISTER new VMS license on AlphaC Message-ID: <1135456427.401257.245040@o13g2000cwo.googlegroups.com>    Hi,   @ I've started installing OpenVMS 7.2 using a bootable cd-rom. The@ install went smoothly up to the point of registering my  OpenVMSF license. I tried, several times, using the interactive method where itD prompts you for keywords, but it didn't work (in particular it never asked for the DATE).  E After speaking with Montagar, I booted the OpenVMS 7.2 cd-rom. At the C menu, I chose option number 7 and got the DCL prompt. I entered the C LICENSE REGISTER OPENVMS-ALPHA stuff but got something close to the 
 following:E %LICENSE-F-BADLIB, error reading license database .... file not found   < Now, I can do a LICENSE LIST (or whatever) that shows I haveE DECwindows, TCPIP, and other stuff installed. I tried to do a LICENSE - CREATE, but got a "it's locked"-type message.   9 Anyone got any ideas ?  I've Google-searched this group's E correspondence and looked at the FAQ but didn't see anything helpful.    Chuck    ------------------------------  % Date: Sat, 24 Dec 2005 16:45:12 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> @ Subject: Re: Unable to LICENSE REGISTER new VMS license on Alpha, Message-ID: <43ADC164.3F19BE02@teksavvy.com>   Schnootling wrote:> > Now, I can do a LICENSE LIST (or whatever) that shows I haveG > DECwindows, TCPIP, and other stuff installed. I tried to do a LICENSE / > CREATE, but got a "it's locked"-type message.    Do:    SHOW LOG LMF$LICENSE  K It is probably pointing to a file on your CD since you booted from your CD.    You need to   G $DEFINE/SYSTEM/EXEC LMF$LICENSE disk:[VMS$COMMON.SYSEXE]LMF$LICENSE.LDB   G And then you can properly play with the license database on your target 6 system disk instead of the one on the write locked CD.   ------------------------------    Date: 24 Dec 2005 19:33:31 -0800; From: "johnhreinhardt@yahoo.com" <johnhreinhardt@yahoo.com> @ Subject: Re: Unable to LICENSE REGISTER new VMS license on AlphaB Message-ID: <1135481611.860306.88190@g49g2000cwa.googlegroups.com>   JF Mezei wrote:  > Schnootling wrote:@ > > Now, I can do a LICENSE LIST (or whatever) that shows I haveI > > DECwindows, TCPIP, and other stuff installed. I tried to do a LICENSE 1 > > CREATE, but got a "it's locked"-type message.  >  > Do:  >  > SHOW LOG LMF$LICENSE > M > It is probably pointing to a file on your CD since you booted from your CD.  > 
 > You need to  > I > $DEFINE/SYSTEM/EXEC LMF$LICENSE disk:[VMS$COMMON.SYSEXE]LMF$LICENSE.LDB  > I > And then you can properly play with the license database on your target 8 > system disk instead of the one on the write locked CD.  C JF is right. I've done that often with my systems.  When you choose G option 7 from the installation menu the LMF$LICENSE logical is pointing F to the license database from the boot media.  You need to re-direct itA to the database file on the disk which you just installed VMS on.    ------------------------------  + Date: Sat, 24 Dec 2005 20:28:47 -0600 (CST) * From: sms@antinode.org (Steven M. Schweda) Subject: Re: Zip question 2 Message-ID: <05122420284745_2027A458@antinode.org>  , From: "rcyoung" <rcyoung@aliconsultants.com>  F > I don't know the actual steps he plans to take, but if he has to FTPG > the saveset anywhere to burn it onto DVD ( or FTP it off the DVD at a F > later date from some other system such as a PC ), then he'll have toH > "zip it" or risk losing the file characteristics during the FTP phase.  G    Of course this is mere conjecture, and there are multiple procedures G available to restore the proper attributes for a BACKUP save set, so it G would not be much of a loss.  [Un]Zip would consume a lot more CPU time H compressing and expanding a 2GB file than would likely be needed to findE one (or a few) of them and simply restore the proper file attributes.   H    On the bright side, "losing" is spelled correctly here, which makes a nice change.  H ------------------------------------------------------------------------  4    Steven M. Schweda               (+1) 651-699-98183    382 South Warwick Street        sms@antinode-org     Saint Paul  MN  55105-2547    ------------------------------   End of INFO-VAX 2005.716 ************************