1 INFO-VAX	Tue, 14 Jun 2005	Volume 2005 : Issue 330       Contents:A %VMSINSTAL-E-BADIMAGE "Backward compatibility" - My left buttock!  Re: BA35x, SWXCC-22  Re: BA35x, SWXCC-22 4 Re: Determine who created a detached process (AUDIT)) Re: Hurd undoes Carly's last major change  Re: OpenVMS Boot Camp report Re: OpenVMS Boot Camp report- Re: Question about MOUNT in multiple clusters  Re: Some DCL wish items + Re: TCPIP : Let RIP set the default route ? + Re: TCPIP : Let RIP set the default route ?  Re: vms and linux ( Re: What Terminal Servers are you using?( Re: What Terminal Servers are you using?7 wrong SCSI cable for PWS600 au (msg for Paul Sture too) ; Re: wrong SCSI cable for PWS600 au (msg for Paul Sture too) ; Re: wrong SCSI cable for PWS600 au (msg for Paul Sture too) ; Re: wrong SCSI cable for PWS600 au (msg for Paul Sture too)   F ----------------------------------------------------------------------  * Date: Tue, 7 Jun 2005 09:17:50 +0000 (UTC)3 From: "Richard Maher" <maher_rj@hotspamnotmail.com> J Subject: %VMSINSTAL-E-BADIMAGE "Backward compatibility" - My left buttock!? Message-ID: <d83onu$51s$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com>    Hi,   G Ok, so putting a Shareable Image Library in a Provide_Image Callback is L pretty indefensible. But if we can leave that to one side for the moment :-)  J So now Alpha, VMSINSTAL actually checks that you're supplying reall ImagesH to Provide_Image. Well that's just peachy. But where were all you bloodyG empathisers when this change was being made? "Oh NO! You can't do that! L You'll break somebody's code." or "There are complete peanuts out there thatJ are supplying anything to Provide_Image" or "We know it's not right but itC _is_ documented and has been like that a _long_ time.". Sheesh! The 
 hypocrasy.   Regards Richard Maher   : "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message- news:CjNZWQd9aeXM@eisner.encompasserve.org... J > In article <d80scs$j65$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com>, "Richard, Maher" <maher_rj@hotspamnotmail.com> writes: > > Hi,  > > @ > > If you have SYSPRV enabled but *not* SYSNAM and you do a : - > >   > > $define/sys/exec t3$blah foo > > ; > > you get *no* warning or error message. But when you : -  > > 2 > > $ sh log t3$tip_unresolved_search_detent /fullK > >    "T3$TIP_UNRESOLVED_SEARCH_DETENT" [super] = "300" (LNM$SYSTEM_TABLE)  > > L > > you discover that is has gone onto the System Table in *supervisor* mode :-(  > > K > > I can't tell you how many times this has bitten me in the arse, and yes  I'm L > > off to change my default privs, but surely this can't be right let alone VMS > > > can it? Don't do what you ask but don't tell you about it? > = > One VMS consideration these days is backward compatibility. A > Some customer could have a command procedure that inadvertently = > depends on the current behavior (which has been there for a  > _long_ time).    ------------------------------    Date: 13 Jun 2005 23:28:41 -0700" From: "hvlems" <hvlems@freenet.de> Subject: Re: BA35x, SWXCC-22C Message-ID: <1118730521.093109.251540@g49g2000cwa.googlegroups.com>   3 Mr Webb's assumption was correct: it's an SWXSS-22. D I copied the model type on a piece of paper and couldn't read my own" handwriting half an hour later....   Hans   ------------------------------  % Date: Tue, 14 Jun 2005 09:53:20 +0300 , From: Veli Korkko <vtk-poistatama-@netti.fi> Subject: Re: BA35x, SWXCC-228 Message-ID: <bfvre.5544$Oj7.744@reader1.news.jippii.net>  / Phillip Helbig---remove CLOTHES to reply wrote: I > In article <42ad3d77$0$52457$dbd49001@news.wanadoo.nl>, Alex van Denzel " > <vandenzel@hotmail.com> writes:  >  > K >>>I'm trying to figure out if a BA35x (i.e. BA350 or BA356) is a BA350 or  J >>>a BA356, i.e. will it support wide (BA356) drives or not (BA350).  One I >>>label says BA35x and the other says SWXCC-22.  Does anyone know  what  A >>>this is?  (I don't have it yet, so I can't test out anything.)  >>J >>Check the SCSI connectors on the BA35x. If they are 50pins its a narrow > >>bus, if they are 68pins connectors, its a wide bus. I guess. >  > 6 > The connectors on my BA350 and BA356 are all narrow. >   ; So your BA356  has a narrow I/O module now, the choices are   D Module, 8 bit I/O Personality                               BA35X-MGD Module, 16 bit I/O Personality                              BA35X-MH  E The -MG has two 50HD connectors whereas -MH has two 68HD connectors.  E BA356 itself is wide bus and the I/O module just brings either all of & it out (-MH) or the lower 8 bits (-MG)   _veli    ------------------------------    Date: 13 Jun 2005 22:51:54 -0700 From: sinobato@gmail.com= Subject: Re: Determine who created a detached process (AUDIT) C Message-ID: <1118728314.845196.118310@g43g2000cwa.googlegroups.com>    Folks,  G Thanks for your replies! I'll put these recommendations into action and D hopefully, will see which one applies to what I wanted to do. Again, thanks!    JF Mezei wrote:  > Jeff Cameron wrote:  > > $ANALYZE/AUDIT/EVENT=LOGIN > > ( > > Use additional qualifiers as needed. >  >  > D > But this wouldn't give any information on who actually created the > process, wouldn't it ? > H > Isn't a detached process intrinsically untraceable to the process thatF > caused it to be created ? (from accounting/security) point of view ? >  >  > Consider the following:  >  > <under username CHOCOLATE>+ > $SUBMIT/USER=VANILLA  process_startup.com  >  >  > then process_startup.com:  > $!V > $RUN/DETACHED/USER=VANILLA/PROC=XXX/input=process_run.com/output=process_run.log/etc > $! >  > J > In such a case, use VANILLA will create the detached process, but it was< > really a back job submitted by user CHOCOLATE that did it. > J > Once you know which files are involved, you could put security alarms onD > the files, and then use audit or opperator.log to find out who hasJ > accessed the files and that would give you a good hint or who is causing > them to be created.    ------------------------------  % Date: Tue, 14 Jun 2005 09:00:02 +0200 3 From: "Dr. Dweeb" <NOSPAM_5msg0h202@sneakemail.com> 2 Subject: Re: Hurd undoes Carly's last major change= Message-ID: <42ae8075$0$67257$157c6196@dreader2.cybercity.dk>    JF Mezei wrote: G > One of Carly's last major changes before being ousted was to give the  > PCC > division to Mr Joshi who was head of imaging/printing. (combining  > both divisions). > 1 > It was announced now that Hurd will undoe this.  > H > Mr Yoshi gets back just imaging/printing, and the PC division is givenE > to an outsider, R. Todd Bradley, former chief executive of PalmOne.  >  > H > While the press seem to concentrate on whether Hurd will split off theE > PC division or not, what I see significant here is that he hired an F > outsider instead of promoting from within. This may be good omen for > VMS E > if Hurd doesn't really trust the established HP insiders with their 8 > preconceived ideas and agendas/reputations to protect.  B Well, maybe Hurd decided that Joshi was doing such a great job in G imaging/printing that he should keep him in place - I mean, he is on a  H winner there, not?  Moving people for the sake of moving them and being K "seen" to be proactively managing (lol) was a Carley thing, I suspect Hurd  5 might be somewhat less inclined to mess with success.   L As for the PC business, well, who would want that job?  Perhaps an outsider J is what is needed, though someone with a PDA background is an interesting  choice.   
 Dr. Dweeb    ------------------------------  % Date: Tue, 14 Jun 2005 09:08:39 +0200 - From: Didier Morandi <prenom.nom@freesurf.fr> % Subject: Re: OpenVMS Boot Camp report 3 Message-ID: <42ae827b$0$8884$636a15ce@news.free.fr>    JF Mezei wrote:   J > Seriously, what percentage of the contents were truly of NDA nature ? OrG > the NDA signed mostly beause a few tidbits here and there were NDA in I > nature or in case an engineer slipped and revealed that VMS had already  > booted on the 8086 ? :-)  F You got confused Jean-Francois, it is APPLE who announced at the same : time that OS X did boot on Intel chips since version 1 :-)   D.. www.didiermorandi.com for pictures and report.   ------------------------------  # Date: Tue, 14 Jun 2005 12:36:41 GMT 1 From: Keith Parris <keithparris_NOSPAM@yahoo.com> % Subject: Re: OpenVMS Boot Camp report 2 Message-ID: <tbAre.7058$lz6.2569@news.cpqcorp.net>   Didier Morandi wrote: 6 ...a very nice report on the Bootcamp. Thanks, Didier!  I I, too, found the meetings to be full of energy and enthusiasm. It was a  ) great week, with a great group of people.   F > The Longest Travel Contest (which actually did not occur) was won byJ > Jeremy Begg, a very pleasant person from the HP Sydney CSC in Australia,  G Jeremy Begg is indeed from Australia. While HP would love to claim him  E as our own (he certainly is a highly-valued partner), he has his own  H company VSM Software Services Pty Ltd. (see http://www.vsm.com.au/). He G is located in Adelaide and is very active in the Australian chapter of   Encompass (formerly DECUS).   J > The official announcement of the simultaneous availability of VMS 8.2 onI > the VAX, Alpha and Intel Itanium 2 platforms (HP Affinity Product Line)   D 8.2 is available for Alpha and Integrity. 7.3 is the latest version E available for VAX, but it will cluster with 8.2. (And I think Didier  3 meant Integrity instead of the word Affinity here.)    ------------------------------    Date: 14 Jun 2005 00:12:25 -07001 From: "Bart.Zorn@xs4all.nl" <Bart.Zorn@xs4all.nl> 6 Subject: Re: Question about MOUNT in multiple clustersB Message-ID: <1118733145.033095.69600@g44g2000cwa.googlegroups.com>  E AFAIK, you can only mount a volume /WRITE in one cluster. Other nodes 9 (whether clustered or not) can mount the volume /NOWRITE.   G You should also add /NOCACHE, because there is no way to know if a disk ; block has been updated by the system who has /WRITE access.    HTH,  	 Bart Zorn    ------------------------------  + Date: Tue, 14 Jun 2005 11:10:31 +0000 (UTC)  From: david20@alpha2.mdx.ac.uk  Subject: Re: Some DCL wish items) Message-ID: <d8mdv6$5eo$1@news.mdx.ac.uk>   Z In article <42ad719d$1@cpns1.saic.com>, Mark Berryman <mark.berryman@mvb.saic.com> writes:  >david20@alpha2.mdx.ac.uk wrote:f >> In article <stUdBN$2bIoK@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes: >>] >>>In article <42a4469d$1@cpns1.saic.com>, Mark Berryman <mark.berryman@mvb.saic.com> writes:  >>>  >>> 2 >>>>Here are some features I'd like to see in DCL. >>>  >>>>4.J >>>>Define an application ACE for DCL.  When placed on a file, such an ACEK >>>>would specify the privilege mask to use while executing that particular K >>>>command procedure.  It would remain in effect for any inner invokations L >>>>but be removed once the file was exited.  Such an ACE would have Hidden,J >>>>Protected, and NoPropagate attributes and could only be manipulated inK >>>>Kernel mode (it would be useful if a new attribute could be defined for 
 >>>>this). >>>>I >>>>In addition, if this particular ACE had a subsystem attribute then it K >>>>would contain a rights identifier, rather than privilege mask, to grant 5 >>>>to the process while the file was being executed.  >>>>I >>>>If extended to wish item #1 above, the specified privileges or rights H >>>>would be granted while executing any module from within the library. >>>  >>>>Whadda y'all think?  >>> L >>>My instinctive reaction is to say complex systems should be in a compiled >>>language rather than DCL. >>> K >>>My cautious reaction is to say that changing the VMS security model that  >>>much is a scary prospect. >>> N >>>My pragmatic reaction is that making those change would require involvementN >>>of many other developers besides Guy Peleg (because of the security angle). >> >>A >> Indeed. This sounds much too much like setuid on Unix systems. M >> It is generally recognised that you should not set the setuid bit on shell P >> scripts because of the gigantic security hole this opens and many modern Unix) >> systems will not allow you to do this.  >> >> See >>; >> http://www.samag.com/documents/s=1149/sam0106a/0106a.htm  > F >Indeed, setuid can be a massive security hole on Unix.  However, thisF >actually can be done securely on VMS (at least from my reading of the >listings).  >   M Although some of the problems with setuid on Unix wouldn't apply to VMS there # may well be others specific to VMS. / It would really need a thorough investigation.  < My gut feeling is that this would be opening a can of worms.  D >The purpose here is not to implement complex systems in a scriptingF >language.  There are many functions for which a script is appropriateE >but which require either rights or privileges one would not normally  >want to give to the user.    J Unfortunately many systems administrators and developers when given such a3 facility would use it to implement complex systems. I Also note that (as the example in the link above about unix setuid shows) O it doesn't take a complex shell script to open up a security hole it just needs 4 lack of knowledge about the possible security holes.        . >I'd like to find a supported way to implement! >these rather than using PRIVDCL.  > ' >There is even an alternative proposal:  > G >Modify the Install utility to be able to install non-executable files. H >It could create one list (of executable images) to be used by the imageF >activator and a separate list (of non-executables) to be used by DCL.F >The main reason I did not propose this direction is that this utility8 >currently can associate privileges but not identifiers. > C If it could be done securely then this is the model I would favour. J One of the problems with setuid is the fact that the privilege is directly> associated (through the protection mask) with the file itself.N This means that you have to search through your filestore for all files which M have this set. The install facility on VMS provides a centralised list of all # programs installed with privileges.     
 David Webb Security team leader CCSS Middlesex University     >Mark Berryman   ------------------------------    Date: 13 Jun 2005 23:58:35 -0700" From: "hvlems" <hvlems@freenet.de>4 Subject: Re: TCPIP : Let RIP set the default route ?B Message-ID: <1118732315.034556.60710@g14g2000cwa.googlegroups.com>  B The TCPIP configuration routine asks whether you want to provide a? default route manually or not. If you don't, you need a routing B protocol otherwise the system is locked inside its own IP network.F There are two kinds of routing protocols, interior like RIP (V1 and V2D which also supplies a mask IIRC) or OSPF and exterior protocols like EGP (now obsolete) and BGP. F For an intranet the choice is between RIP and OSPF I guess. BGP is tooD complex for a LAN. If the number of routers on your intranet is less  than 20 then RIP is your friend.   Hans   ------------------------------    Date: 14 Jun 2005 11:42:01 +01006 From: eplan@langstoeger.at (Peter 'EPLAN' LANGSTOEGER)4 Subject: Re: TCPIP : Let RIP set the default route ?, Message-ID: <42aec289$1@news.langstoeger.at>  \ In article <42AE207F.F46917AA@teksavvy.com>, JF Mezei <jfmezei.spamnot@teksavvy.com> writes:H >Would it be possible to have VMS configured without a default route andG >then listen for RIP information from routers to determine which router B >provides a route to the rest of the world ? (I believe that TCPIP6 >Services provides the GateD service which does RIP).    Yes and yes (but not only RIP).   H >With the internet backbone now all BGP, is RIP still "state of the art"@ >for intranets, or is there an equivalent of BGP for intranets ?   My first choice would be OSPF.     BUT:  B 1) Usually, the network is driven by other folks than the systems.J And they usually don't want to share responsibility. So, running a routingH protocol on a host doesn't make the network people happy (eg. they can'tH switch from RIP to OSPF on their own, the need the host people to change the hosts IP config then, too)  J 2) As a host's manager, you don't want to rely totally on dynamic routing.H The network people might change their routing (information) protocol forH which you are eventually deaf (how many years is OSPF in routers and howJ many years later GATED came to VMS?) and then you are w/o remote networks.F A catchall = default routing entry (in addition) would be a wise move.  F 3) If you define a default routing entry in the (VMS) host, then it isI important that you don't supply routing information to the other routers. < Otherwise you tell them that your VMS box _is_ the internet. So, only listen, not supply.  E 4) Routers are vulnerable to (eg. redirect) attacks if not secured by F IP address filters and maybe secure key exchange. Iff the host is ableI to share this functionality you still have the problem with the 2 groups.   D So, yes, it is possible to use/run VMS/TCPIP with/as a IP router(s).C But it would be easier, if you only run it as a host with a default A routing entry and eventually a GATED listener (configured for the 4 protocol the routers you to exchange information)...   --   Peter "EPLAN" LANGSTOEGER % Network and OpenVMS system specialist  E-mail  peter@langstoeger.atF A-1030 VIENNA  AUSTRIA              I'm not a pessimist, I'm a realist   ------------------------------    Date: 14 Jun 2005 07:21:13 -0500; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)  Subject: Re: vms and linux3 Message-ID: <5gJ0nCpohDtx@eisner.encompasserve.org>   ] In article <pan.2005.06.13.20.42.43.537791@libero.it>, Disinfo <d151nf0rm4@libero.it> writes:  > G >> If you install TCP-ip on the VAX (and put it on the same network as  9 >> your Linux box) you will be able to telnet from Linux.  > I > that would be really nice but i thin it'll take looong time to doit...    G    It takes less than an hour for a typical TCP/IP installation on VMS. D    It's real cookbook stuff.  If you have any idea how TCP/IP works,D    it should be quite easy: you need a host number, a host name, theC    gateway number, and the subnet mask.  You can get the latter two ?    directly off your Linux box.  Then you follow the IP stack's F    installation instructions, which generally means:  running a script    and answering the questions.   @    Based on what you've said I think this is your best solution.   ------------------------------    Date: 14 Jun 2005 03:50:01 -0500- From: Kilgallen@SpamCop.net (Larry Kilgallen) 1 Subject: Re: What Terminal Servers are you using? 3 Message-ID: <WH8c+RWh5sK$@eisner.encompasserve.org>   d In article <mddr7f5oiqm.fsf@panix5.panix.com>, Rich Alderson <news@alderson.users.panix.com> writes: > prep@prep.synonet.com writes:   @ >> The nicest feature of LAT nowdays is that it is `auto secure'= >> No one from the big ugly world can get in via it, unlike a ) >> zillion open and active telnet ports.   > $ > There is only one telnet port, 23.  0 ...for each machine running Telnet in the world.   ------------------------------    Date: 14 Jun 2005 05:49:14 -0700 From: bob@instantwhip.com 1 Subject: Re: What Terminal Servers are you using? C Message-ID: <1118753354.343180.189140@z14g2000cwz.googlegroups.com>   * decserver 700's are cheap and powerful ...   ------------------------------  % Date: Tue, 14 Jun 2005 12:22:39 +0200 - From: Didier Morandi <prenom.nom@freesurf.fr> @ Subject: wrong SCSI cable for PWS600 au (msg for Paul Sture too)4 Message-ID: <42aeaff0$0$25694$636a15ce@news.free.fr>   All,  H I'm in the process of building a PWS600au for VMS use. As I have an IDE F CD-ROM inside, I purchased an SCSI one (VMS FAQ 14.4.4.2 page 14-26).  : But the SCSI flat cable inside the box has a smaller plug.  I Should I change it (and in that case, how about the RX drive) or find an   adapter?  @ If I have to change it, should I change the SCSI controller too?  2 And in that case, where can I find such antiquity?   Thanks,    D.  C ps: Paul, how did you address that problem with the one I sold you?    ------------------------------    Date: 14 Jun 2005 04:31:47 -0700; From: "johnhreinhardt@yahoo.com" <johnhreinhardt@yahoo.com> D Subject: Re: wrong SCSI cable for PWS600 au (msg for Paul Sture too)C Message-ID: <1118748707.451703.300110@g44g2000cwa.googlegroups.com>    Didier Morandi wrote:  > All, > I > I'm in the process of building a PWS600au for VMS use. As I have an IDE J > CD-ROM inside, I purchased an SCSI one (VMS FAQ =A714.4.4.2 page 14-26). > < > But the SCSI flat cable inside the box has a smaller plug. > J > Should I change it (and in that case, how about the RX drive) or find an
 > adapter? > B > If I have to change it, should I change the SCSI controller too? > 4 > And in that case, where can I find such antiquity? > 	 > Thanks,  >  > D. > E > ps: Paul, how did you address that problem with the one I sold you?    Didier, F   Get the adapter.  Unless you have spare slots for an extra SCSI cardF (What VMS compatible card has a 50-pin connecter?)  The SCSI card thatC comes in the PWS is a 68-pin wide and the CD-ROM is a 50-pin narrow E SCSI. As far as I know there are no 68-pin to 50-pin cables available E (termination problems I'd think).  Look for a 50-68pin converter with D the 50-pin side female and the 68-pin side male (Most common are theE other way around it seems).  I found some on E-bay once.  It may take F some digging.  It will work. That's what I did on my PWS 500a to 500au
 converison     John H. Reinhardt    ------------------------------    Date: 14 Jun 2005 04:47:30 -0700; From: "johnhreinhardt@yahoo.com" <johnhreinhardt@yahoo.com> D Subject: Re: wrong SCSI cable for PWS600 au (msg for Paul Sture too)C Message-ID: <1118749650.309548.146580@f14g2000cwb.googlegroups.com>    johnhreinhardt@yahoo.com wrote: G > (termination problems I'd think).  Look for a 50-68pin converter with F > the 50-pin side female and the 68-pin side male (Most common are the  C Oops.  I got the part wrong.  68-pin cables have male connecters on F them so forget what I said before.  You need an 68-50pin female-femaleG adapter.  Here is a person on Ebay that ships to Europe.  The pic shows A quite clearly what you want.  You may be able to find it locally. Q http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=39973&item=5206772497&rd=1   ) Sorry about the mix-up in the first post.    John H. Reinhardt    P.S.@   Thanks for all the great Bootcamp pics.  Makes the fact that I- couldn't get there a bit easier to bear.  :-)    ------------------------------  % Date: Tue, 14 Jun 2005 13:46:30 +0200 - From: Didier Morandi <prenom.nom@freesurf.fr> D Subject: Re: wrong SCSI cable for PWS600 au (msg for Paul Sture too)4 Message-ID: <42aec397$0$23258$636a15ce@news.free.fr>   johnhreinhardt@yahoo.com wrote:   H >   Get the adapter.  Unless you have spare slots for an extra SCSI cardH > (What VMS compatible card has a 50-pin connecter?)  The SCSI card thatE > comes in the PWS is a 68-pin wide and the CD-ROM is a 50-pin narrow G > SCSI. As far as I know there are no 68-pin to 50-pin cables available G > (termination problems I'd think).  Look for a 50-68pin converter with F > the 50-pin side female and the 68-pin side male (Most common are theG > other way around it seems).  I found some on E-bay once.  It may take H > some digging.  It will work. That's what I did on my PWS 500a to 500au > converison  I I understand better. The "too small" cable was the IDE one. I see the 68  G wide one. It goes to my PKA card where the BA350 is attached. Yes I do  H have two more slots, and actually another PKA that I may want to remove H as I do not plan to build an SCSI Cluster with my AlphaStation 4/233 :-)   Many thanks, John.   D.   ------------------------------   End of INFO-VAX 2005.330 ************************