/ INFO-VAX	Wed, 04 Jan 2006	Volume 2006 : Issue 7       Contents:= "#define macro( ...)" v. HP C V7.1-015 and/or HP C++ V7.1-015  C++ V7.1 installation quirk  DAT drive compatability ) Great new antivirus software for windoze!  Re: Help with mini-copy please Re: Honeypot stats Re: Honeypot stats Re: Honeypot stats Re: Honeypot stats Re: Honeypot stats Re: Honeypot stats RE: Honeypot stats Re: Honeypot stats Re: Honeypot stats5 Re: Installing DW Motif with PCSI: ovverride checks ?  Re: IP stack for old VAX Re: IP stack for old VAX Re: IP stack for old VAX Re: IP stack for old VAX Re: IP stack for old VAX Re: IP stack for old VAX Re: IP stack for old VAX0 Re: OT: CAPS (was:Re: TLZ07/TLZ09 compatability)0 Re: OT: CAPS (was:Re: TLZ07/TLZ09 compatability) POP client prob  Re: POP client prob  Re: POP client prob & Re: Samba v3 on VMS and HP VMS Roadmap. Re: SCSNode Names in Non-clustered environment Re: SSH vs Telnet  test  F ----------------------------------------------------------------------  * Date: Tue, 3 Jan 2006 19:22:34 -0600 (CST)* From: sms@antinode.org (Steven M. Schweda)F Subject: "#define macro( ...)" v. HP C V7.1-015 and/or HP C++ V7.1-0152 Message-ID: <06010319223425_2027EC6B@antinode.org>  .    Handy feature in the C "#define" directive:   alp $ type elip.c   ) #define macro1( ...) printf( __VA_ARGS__)    #include <stdio.h>  
 int main() {      printf( " printf().\n");     macro1( " macro1().\n"); }    --------      It works, too:    alp $ cc elip.c  alp $ link elip  alp $ run elip
  printf().
  macro1().    	    Sadly:    alp $ cxx elip.c  ) #define macro1( ...) printf( __VA_ARGS__)  ...............^$ %CXX-E-EXPID, expected an identifier0 at line number 2 in file ALP$DKA0:[SMS]ELIP.C;12       macro1( " macro1().\n"); ...........^: %CXX-W-MANYMACARGS, too many arguments in macro invocation0 at line number 9 in file ALP$DKA0:[SMS]ELIP.C;12       macro1( " macro1().\n"); ...^8 %CXX-E-UNDECLARED, identifier "__VA_ARGS__" is undefined0 at line number 9 in file ALP$DKA0:[SMS]ELIP.C;12  P %CXX-I-MESSAGE, 2 errors detected in the compilation of "ALP$DKA0:[SMS]ELIP.C;12 ".     alp $ cc /version % HP C V7.1-015 on OpenVMS Alpha V7.3-2    alp $ cxx /version( HP C++ V7.1-015 for OpenVMS Alpha V7.3-2    9    It appears that more code theft would be a good thing.   H ------------------------------------------------------------------------  4    Steven M. Schweda               (+1) 651-699-98183    382 South Warwick Street        sms@antinode-org     Saint Paul  MN  55105-2547    ------------------------------  * Date: Tue, 3 Jan 2006 18:50:37 -0600 (CST)* From: sms@antinode.org (Steven M. Schweda)$ Subject: C++ V7.1 installation quirk2 Message-ID: <06010318503699_2027EC6B@antinode.org>  G    Step one was determining that "new" really means "old" when choosing ? between "cxx071-new.dcx_axpexe" and "cxx071-ssb.dcx_axpexe" (at A "ftp://ftp.compaq.com/pub/products/C-CXX/openvms/cxx/").  (A tiny A explanatory text file there might save a bunch of useless network 	 traffic.)   B    Then, I initially believed the Installation Guide when it said:  A       During installation of Version 7.n, if a Version 6.n of the @       compiler is already installed, you have the opportunity toG       preserve that compiler rather than overwrite it. If you choose to E       preserve the currently installed compiler, you are then given a C       choice to keep the currently installed compiler as the system ;       default and install the new compiler as an alternate.   6    Actually, what the installation procedure said was:  H       * Should this V6.5-042 system compiler remain the default when cxx       is typed [NO]:  G as if there had been some discussion already about previously installed H compilers, with V6.5-042 being the current default.  There was no optionE presented involving preservation or replacement of previous versions.   D    All did go well with the installation, previous compiler versions8 were preserved, and SYS$SYSTEM:CXX$SHOW_VERSIONS.COM andF SYS$SYSTEM:CXX$DELETE_VERSION.COM seemed to work as expected, so there= were no lingering bad effects, only some temporary confusion.   B    The installation example in the Guide looked better, presumablyH because the example victim had previously installed (something like) theE current compiler version, which makes the resulting query appear less 
 confusing:  H       * Should this V7.1-001 system compiler remain the default when cxx       is typed [NO]:  ( This example is, thus, a bit misleading.  H ------------------------------------------------------------------------  4    Steven M. Schweda               (+1) 651-699-98183    382 South Warwick Street        sms@antinode-org     Saint Paul  MN  55105-2547    ------------------------------   Date: 3 Jan 2006 14:49:32 -0600 ; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)   Subject: DAT drive compatability3 Message-ID: <SmsZLbnicSyT@eisner.encompasserve.org>   D    After being out of maintanence for a while, we had HP come in and;    repair some problems prior to going back on maintenance.   E    We had a DEC TLZ06 in a BA350 and I was using /media=compaction to G    store my backups.  Searching for DEC TLZ06 I find references that it *    was a 2/4GB drive accepting 120m tapes.  E    The replacement drive shows up (via show dev/full) as an "ARCHIVE  A    Python 28454-XXX", and support for compaction is not listed.   D    Searches have found references that it's a 2.5GB drive accepting 
    90m tapes.   F    Is it true that I've lost 30m and compaction?  (IIRC TLZ04 were 60m<    drives and could be damaged by using a 90m or 120m tape).  F    Will VMS quietly ignore the /media=compaction in my backup scripts,F    or must I change them?  (My tests seem to indicate no errors when IG    use /media=compaction, I've no idea what the drive is really doing).    ------------------------------   Date: 3 Jan 2006 13:18:13 -0800  From: bob@instantwhip.com 2 Subject: Great new antivirus software for windoze!C Message-ID: <1136323093.122676.178350@g49g2000cwa.googlegroups.com>   F It's called "Pull the Plug" antivirus software written by Garbagefixer Inc.  D guaranteed to work on 100% of all windoze viruses and trojans ... :)  
 located at   www.windozesecuritystinks.com    ------------------------------   Date: 3 Jan 2006 14:59:28 -0500 . From: brooks@cuebid.zko.hp.nospam (Rob Brooks)' Subject: Re: Help with mini-copy please , Message-ID: <aX9ZR098tniL@cuebid.zko.hp.com>   (Malcolm Dunnett) writes:   9 >  I wait until all the shadowsets are in a steady state.  > > >  To test failure modes I disconnected one of the raid arrays; > from the fabric. The system failed out the drives on that 2 > array as expected, after SHADOW_MBR_TMO seconds.   [...]   ; >   Why didn't the other two members come in with minicopy.  > Did I do something wrong?      > You are attempting to use a feature that does not exist (yet).  M Minicopies only work for cleanly-dismounted devices.  What is being added for O V8.3 (and will be in the field test that begins in a bit) is the ability to use ) minicopy for members that are tossed out.        --    L Rob Brooks    VMS Engineering -- I/O Exec Group     brooks!cuebid.zko.hp.com   ------------------------------  $ Date: Tue, 3 Jan 2006 14:35:22 -0500- From: William Webb <william.w.webb@gmail.com>  Subject: Re: Honeypot stats I Message-ID: <8660a3a10601031135u20305ef3ue721711d354ad0ef@mail.gmail.com>   3 On 12/29/05, Main, Kerry <Kerry.Main@hp.com> wrote:  >  > > -----Original Message-----2 > > From: Neil Rieck [mailto:n.rieck@sympatico.ca]$ > > Sent: December 28, 2005 11:50 PM > > To: Info-VAX@Mvb.Saic.Com  > > Subject: Re: Honeypot stats  > >  > > 6 > > "Main, Kerry" <Kerry.Main@hp.com> wrote in messageB > > news:FD827B33AB0D9C4E92EACEEFEE2BA2FB7738C1@tayexc19.americas. > > cpqcorp.net... > > 
 > > >Neil, > > > I > > >While I will certainly agree with the positioning of Windows lack of J > > >security, one also has to consider the fact that Red Hat has releasedJ > > >approx 285 *security* patches this year alone (not maint - security). > > >  > > >Reference: ; > > >https://www.redhat.com/archives/enterprise-watch-list/  > > (click on thread$ > > >for each month and add them up) > > > E > > >In both cases with Windows and Linux, the challenges for serious > > > >operations shops is not the time to download and roll-out > > these patches D > > >(althought it is extremely resource intensive and causes reboot? > > >scheduling head-aches), but rather the time to test and QA  > > these patches : > > >with the various applications that are in production. > > > J > > >Of course, a company could choose not to QA/test the patches and justH > > >roll them out, but then that company does not likely have a serious > > >production environment. > > > H > > >Btw, a recent security white paper can be found at: (good one which@ > > >explains the inherent architecture multiple rings benefits)= > > >http://h71028.www7.hp.com/ERC/downloads/4AA0-2896ENW.pdf  > > >  > > >Regards > > >  > > >Kerry Main  > > >Senior Consultant > > >HP Services Canada  > > B > > Kerry, thanks for the links; I'll pass them along to my peers. > > ; > > I hope you don't think I've become a big UNIX/LINUX fan  > > because I still 8 > > think OpenVMS is the best operating system currently > > available. But like VHS > > > vs. BETA (or Macintosh vs. Windows) I do not think it is a > > good idea for any = > > company to ignore LINUX and/or Open Source software. This  > > stuff will neverD > > go away because there are just too many people involved with it. > > A > > BTW, I commend the OpenVMS Engineering folks for doing things  > > like GNV; this; > > olive branch is starting to depolarize "some" of the IT  > > people I deal with; & > > these efforts are getting noticed. > >  >  > [snip...]  >  > Neil - > E > I agree that all OS's have a place. HP has a multi-platform support B > strategy because it recognizes different Cust's will always have > different requirements.  > D > My concern is that all to often, platform decisions are being madeG > without a full understanding of the real cost to the company i.e. the # > 800lb gorilla operational impact.  > E > If a company has a production environment that requires OS security J > patches be applied as soon as possible and that no patch will be appliedH > unless QA'ed and certified against their production applications, thenE > they need to understand what the QA/testing workload and associated G > costs are going to be with that new platform. If the new platform has H > monthly security patches, should not these costs (staffing, resources,5 > lab time) be part of the overall decision criteria?  > H > If the company is willing to roll-out monthly security patches withoutC > Application testing, then it becomes only the roll-out and reboot J > scheduling that has to be taken into consideration. However, these costsH > should also be part of the new platform decision process. Someone at aJ > high mgmt level also has to be willing to take on the responsibility forG > a patch causing an application failure - especially those in the Open @ > Source arena where application and base platform code is often > extensively customized.  > H > At the risk of raising the ire of some on this list, it is unfortunateI > that way to many application developers in some companies are put in IT H > decision making positions and do not concern themselves with security,C > backups, DR/BC, staff training, integration, monitoring software, E > viruses, trojans, worm type issues and hence these issues get swept G > under the carpet when new platform or application decisions are being G > made.  These developers all to often get caught up in the latest buzz G > words like SOA, J2EE, .Net, "Open" systems without fully appreciating J > what the real impact these big changes are going to be on their company. >  > I > With many Customers now being forced to reduce their IT costs *period*, I > while at the same time taking on all sorts of new services, it is going E > to be very difficult to hide these operational costs in the future.  > G > In the future, those in IT with a "solutions" focus (real costs - App G > +base +Operational +training +integration +DR/BC +security)) are imho A > going to much more valuable to their company than those with an ; > "applications veneer" focus (App +base) base costs alone.  > 	 > Regards  >  > Kerry Main > Senior Consultant  > HP Services Canada > Voice: 613-592-4660  > Fax: 613-591-4477  > kerryDOTmainAThpDOTcom > (remove the DOT's and AT)  > 6 > OpenVMS - the secure, multi-site OS that just works. >  >  >  >  >  >  >   F It seems that with the over-the-holiday WMF exploit, this once-a-month: patch release strategy is being exposed as the PR-oriented! non-solution that it actually is.   @ If GM, for example knew of critical manufacturing defects in itsE vehicles but only released service bulletins describing these defects A and the fixes for them on a monthly or quarterly basis, would you  drive their products?   2 That's an exact analogy to what's being done here.   WWWebb   --C NOTE: This email address is only used for noncommerical VMS-related  correspondence. C All unsolicited commercial email will be deemed to be a request for 8 services pursuant to the terms and conditions located at# http://bellsouthpwp.net/w/e/webbww/    ------------------------------  $ Date: Tue, 3 Jan 2006 16:10:40 -0500) From: "Neil Rieck" <n.rieck@sympatico.ca>  Subject: Re: Honeypot stats : Message-ID: <8LBuf.30254$X25.517602@news20.bellglobal.com>  ; "William Webb" <william.w.webb@gmail.com> wrote in message  C news:8660a3a10601031135u20305ef3ue721711d354ad0ef@mail.gmail.com... 3 On 12/29/05, Main, Kerry <Kerry.Main@hp.com> wrote:  >  [...snip...]  G >It seems that with the over-the-holiday WMF exploit, this once-a-month ; >patch release strategy is being exposed as the PR-oriented " >non-solution that it actually is. > A >If GM, for example knew of critical manufacturing defects in its F >vehicles but only released service bulletins describing these defectsB >and the fixes for them on a monthly or quarterly basis, would you >drive their products? > 3 >That's an exact analogy to what's being done here.  >  >WWWebb   G So just to clarify, who is getting more secure and/or stable? LINUX or  D Windows? (I know there are a lot of people in the NG that hate both L products, but I think the Honeypot idea showed so real proactive initiative)  
 Neil Rieck Kitchener/Waterloo/Cambridge,  Ontario, Canada.8 http://www3.sympatico.ca/n.rieck/links/cool_openvms.html      ------------------------------  % Date: Tue, 03 Jan 2006 16:57:26 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com>  Subject: Re: Honeypot stats , Message-ID: <43BAF332.C224B1FA@teksavvy.com>   Neil Rieck wrote: H > So just to clarify, who is getting more secure and/or stable? LINUX or > Windows?    % I do not think it is a simple answer.   F If you did a survey, you'd probably find that surgeons are better than2 lumberjacks are fixing up minor cuts and bruises.   A Would a site that choose Linux not have better qualified staff ?  H Windows has the image that anyone can manage it through the nice easy toD understand GUI. Linux is seen as a rough-on-the-edges and needs more experienced system managers.  E The minute you have more experienced system managers, despite the OS, , you end up with better, more secure systems.  G However, if you compare products out of the box with the system manager H pressing "OK" at every installation panel to accept defaults, then yeah,F Microsoft is insecure. And the problem is that so many companies hiredH incompetant system managers who do press OK without really understandingE what really goes on behind the scenes, then it is understandable that = they are hit by viri, trojan horses, meteorites and whatever.    ------------------------------  $ Date: Tue, 3 Jan 2006 17:48:29 -0500) From: "Neil Rieck" <n.rieck@sympatico.ca>  Subject: Re: Honeypot stats 9 Message-ID: <RaDuf.1598$H37.242025@news20.bellglobal.com>   : "JF Mezei" <jfmezei.spamnot@teksavvy.com> wrote in message& news:43BAF332.C224B1FA@teksavvy.com... [...snip...] > ' > I do not think it is a simple answer.  > H > If you did a survey, you'd probably find that surgeons are better than3 > lumberjacks are fixing up minor cuts and bruises.  > B > Would a site that choose Linux not have better qualified staff ?J > Windows has the image that anyone can manage it through the nice easy toF > understand GUI. Linux is seen as a rough-on-the-edges and needs more > experienced system managers. > G > The minute you have more experienced system managers, despite the OS, . > you end up with better, more secure systems. > I > However, if you compare products out of the box with the system manager J > pressing "OK" at every installation panel to accept defaults, then yeah,H > Microsoft is insecure. And the problem is that so many companies hiredJ > incompetant system managers who do press OK without really understandingG > what really goes on behind the scenes, then it is understandable that ? > they are hit by viri, trojan horses, meteorites and whatever.   H To extend William Webb's analogy, I think using a computer is a lot like using a car.  J In the early days of cars you had to be very knowledgeable in order to useF one and even had to have some physical strength to turn the crank. ButL technological progress allowed the product to evolve so that most people canI use them with very little technical knowledge (you still need to know the J difference between gasoline and diesel but even the different nozzle sizesJ can tweak the dumbest brain). What is more important nowadays is that theyJ can be operated safely without killing being a nuisance to the public. TheD latest pressures of this sort come more from the insurance industry.  L Now when my neighbor's computer gets infected with a virus or worm, and thisF contributes to clogging up the local mail server or the on-ramp to theH internet, then it affects me too and his actions are similar to those of* driving an unsafe car in my neighbor hood.  J When my employer decides to flip over to an inferior computer technology I have two worries: K 1. Is my current job safe? What will happen if everything grinds to a halt?  2. Is future my pension safe?    Just food for thought.  J p.s. to reiterate a point I made earlier today, I think the Honeypot idea J shows that the *NIX people are being proactive in getting their platforms + fixed. What M$ is doing is purely reactive.   
 Neil Rieck Kitchener/Waterloo/Cambridge,  Ontario, Canada.9 http://www3.sympatico.ca/n.rieck/links/cool_openvms.html     ------------------------------  % Date: Tue, 03 Jan 2006 19:19:25 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com>  Subject: Re: Honeypot stats , Message-ID: <43BB146F.A7C7A192@teksavvy.com>   Neil Rieck wrote: K > p.s. to reiterate a point I made earlier today, I think the Honeypot idea K > shows that the *NIX people are being proactive in getting their platforms - > fixed. What M$ is doing is purely reactive.     = I agree with you. Microsoft, being very proprietary has every H disincentive to deny problems exist and every disincentive to delay very public patches.   F Unix on the other hand is a challenge for geeks to prove their versionG of Unix is better because they have the fixes out sooner. And they will * fix the weaknesses in each other's Unixes.   ------------------------------  $ Date: Tue, 3 Jan 2006 20:01:08 -0500) From: "Neil Rieck" <n.rieck@sympatico.ca>  Subject: Re: Honeypot stats 9 Message-ID: <b7Fuf.1660$H37.249705@news20.bellglobal.com>   ; "JF Mezei" <jfmezei.spamnot@teksavvy.com> wrote in message  & news:43BB146F.A7C7A192@teksavvy.com... > Neil Rieck wrote: L >> p.s. to reiterate a point I made earlier today, I think the Honeypot ideaL >> shows that the *NIX people are being proactive in getting their platforms. >> fixed. What M$ is doing is purely reactive. >  > ? > I agree with you. Microsoft, being very proprietary has every J > disincentive to deny problems exist and every disincentive to delay very > public patches.  > H > Unix on the other hand is a challenge for geeks to prove their versionI > of Unix is better because they have the fixes out sooner. And they will , > fix the weaknesses in each other's Unixes. >   J Not to mention that certain companies, like Apple, have passed on *NIX to K their customers (and those customers don't even know they are using *NIX).  K So when Apple jumps to Intel, they'll have an OS that crashes less and has  $ more built-in security than Windows.  
 Neil Rieck Kitchener/Waterloo/Cambridge,  Ontario, Canada.! http://www3.sympatico.ca/n.rieck/    ------------------------------  $ Date: Tue, 3 Jan 2006 22:19:38 -0500' From: "Main, Kerry" <Kerry.Main@hp.com>  Subject: RE: Honeypot stats R Message-ID: <FD827B33AB0D9C4E92EACEEFEE2BA2FB77397A@tayexc19.americas.cpqcorp.net>   > -----Original Message-----3 > From: Neil Rieck [mailto:n.rieck@sympatico.ca]=20  > Sent: January 3, 2006 4:11 PM  > To: Info-VAX@Mvb.Saic.Com  > Subject: Re: Honeypot stats  >=20 >=20? > "William Webb" <william.w.webb@gmail.com> wrote in message=20 E > news:8660a3a10601031135u20305ef3ue721711d354ad0ef@mail.gmail.com... 5 > On 12/29/05, Main, Kerry <Kerry.Main@hp.com> wrote:  > >  > [...snip...] >=20? > >It seems that with the over-the-holiday WMF exploit, this=20  > once-a-month= > >patch release strategy is being exposed as the PR-oriented $ > >non-solution that it actually is. > > C > >If GM, for example knew of critical manufacturing defects in its H > >vehicles but only released service bulletins describing these defectsD > >and the fixes for them on a monthly or quarterly basis, would you > >drive their products? > > 5 > >That's an exact analogy to what's being done here.  > > 	 > >WWWebb  >=20B > So just to clarify, who is getting more secure and/or stable?=20
 > LINUX or=20 H > Windows? (I know there are a lot of people in the NG that hate both=20; > products, but I think the Honeypot idea showed so real=20  > proactive initiative)  >=20 > Neil Rieck > Kitchener/Waterloo/Cambridge,  > Ontario, Canada.: > http://www3.sympatico.ca/n.rieck/links/cool_openvms.html > =20  >=20   Something to consider:  + Overall IT solution security is the sum of:    1. Base OS platform security +& 2. Administrator security experience + 3. Application security + E 4. Company attitude and culture towards security in general (are help B desk employees aware of social engineering security challenges?) +> 5. Obscurity of the platform (more obscure means less hackers)  E Of course, there are always trade-off's as higher security might mean E flexibility, performance or ease of use may have to suffer. Each Cust F must make their own decisions as to the trade-offs they are willing to make.   B Btw, imho, the concept that open source is by its very nature more5 secure than "closed" systems is an old wives myth.=20   G Yes, some of the more popular open source programs do get reviewed by a G wide audience and security issues might get caught. However, it is also D true that many of the open source reviewers that have the skills andE background to review driver, threads and other complicated clustering H code do not get paid for this. There is literally hundreds and thousandsH of modules being updated and patched all the time and they simply do notC have the time or the desire to review code that they have no vested D interest in. After all, like everyone else, they have day jobs and a life after work as well.=20   G Key question to consider - how does one determine if code obtained from > the open source community has been reviewed by high end and/orH experienced security code reviewers? Perhaps the base code was, but what; about the various updates that come out on a regular basis?   H As an example, Red Hat released approximately 290+ *security* patches inG 2005 (not maint, but security fixes). While not all of these will apply F to all Linux platforms, I really wonder how many RH Linux admins or RHB Linux ISV's actually took the time last year to determine if these+ security patches applied to them or not?=20   H On the other hand, many bad guys do have the time and vested interest toH review detailed code that is available online and they certainly do haveG a vested interest in doing this. They also use sophisticated tools that G are typically not available to the general public to crack online code. 3 And they do not report issues to the source either.   @ I am certainly not saying Linux security is better or worse thanA Windows, but imho, both platform supporters should recognize that G monthly security patches can not continue in the future. Companies just E can not afford the QA, testing and staff resources associated with so  many security fixes.=20    Regards   
 Kerry Main Senior Consultant  HP Services Canada Voice: 613-592-4660  Fax: 613-591-4477  kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20  4 OpenVMS - the secure, multi-site OS that just works.   ------------------------------  % Date: Tue, 03 Jan 2006 21:38:38 -0600 % From: Dan Foster <usenet@evilphb.org>  Subject: Re: Honeypot stats 5 Message-ID: <slrndrmgpu.2k2.usenet@zappy.catbert.org>   y In article <FD827B33AB0D9C4E92EACEEFEE2BA2FB77397A@tayexc19.americas.cpqcorp.net>, Main, Kerry <Kerry.Main@hp.com> wrote:  >  > Something to consider:  6 I realize you've got an axe to grind against OSS, but:  - > Overall IT solution security is the sum of:  >   > 1. Base OS platform security +   Agreed.   ( > 2. Administrator security experience +   Agreed.    > 3. Application security +    Agreed.   G > 4. Company attitude and culture towards security in general (are help D > desk employees aware of social engineering security challenges?) +   Agreed.   @ > 5. Obscurity of the platform (more obscure means less hackers)  B Disagreed. There *is* some correlation, but it also means that theH damage can be even more painful for specialized niche areas should there actually be exposure.   H On a related point, security by obscurity is one of the biggest myths inG the security profession, and regularly debunked by the leading security  professionals.  F Some obfuscation is acceptable, but it had better darn well be guardedA by other means that *do* hold up, because obscure measures can be  eventually unpeeled.  G > Of course, there are always trade-off's as higher security might mean G > flexibility, performance or ease of use may have to suffer. Each Cust H > must make their own decisions as to the trade-offs they are willing to > make.    Agreed.   D > Btw, imho, the concept that open source is by its very nature more5 > secure than "closed" systems is an old wives myth.    
 Disagreed.  F Sounds like someone was trying to pull a snow job on you; just becauseE code can be reviewed *doesn't* mean it's all of a sudden more secure.  On that point, I agree.   H However, this represents a form of independent review plus an element ofH peer pressure. When it works, it works well. When it doesn't, well, then it just doesn't.  H It's not 'it always works' or 'it always doesn't work'. Real life cannotF be summarized as being binary, in either one of two possible states at any given time. :-)   I > Yes, some of the more popular open source programs do get reviewed by a I > wide audience and security issues might get caught. However, it is also    Agreed.   F > true that many of the open source reviewers that have the skills andG > background to review driver, threads and other complicated clustering J > code do not get paid for this. There is literally hundreds and thousands  F Well, depends. But on the whole, yes, I would probably agree this is a reasonable assertion.   J > of modules being updated and patched all the time and they simply do notE > have the time or the desire to review code that they have no vested F > interest in. After all, like everyone else, they have day jobs and a > life after work as well.    K That's also true of people whom works at software factories like Microsoft.   I > Key question to consider - how does one determine if code obtained from @ > the open source community has been reviewed by high end and/orJ > experienced security code reviewers? Perhaps the base code was, but what= > about the various updates that come out on a regular basis?   6 As a counterpoint, allow me to ask a similar question:  G Key question to consider - how does one determine if code obtained from @ the closed source community has been reviewed by high end and/orH experienced security code reviewers? Perhaps the base code was, but what; about the various updates that come out on a regular basis?   E Bonus points given if you can describe how a key closed source vendor L like Microsoft does it, and why it hasn't been a resounding success to date.  J > As an example, Red Hat released approximately 290+ *security* patches inI > 2005 (not maint, but security fixes). While not all of these will apply H > to all Linux platforms, I really wonder how many RH Linux admins or RHD > Linux ISV's actually took the time last year to determine if these+ > security patches applied to them or not?    D That's a function of admin competence. If you have a good admin at aH shop with both VMS and let's say, Solaris and Linux... the admin will be- just as rigorous in handling either platform.   @ Now, on the other hand, if you have a bad admin that lacks basicG concepts of discipline, planning, testing, reading prereqs, etc... then E keep them away from your computers -- regardless of platform, period.   < Mention of OSS/CSS in this particular area is a red herring.  J > On the other hand, many bad guys do have the time and vested interest toJ > review detailed code that is available online and they certainly do haveI > a vested interest in doing this. They also use sophisticated tools that I > are typically not available to the general public to crack online code. 5 > And they do not report issues to the source either.   D Well, golly, look at all the Windows exploits... do you really think< that closed source is necessarily an insurmountable barrier?  = Have you ever reverse engineered software? Using tools like a D disassembler, debugger, system call tracing... you can do a lot with$ even guarded closed source binaries.  C Look at Mark Russinovich's disassembly of the Sony BMG 'rootkit'...   B > I am certainly not saying Linux security is better or worse thanC > Windows, but imho, both platform supporters should recognize that I > monthly security patches can not continue in the future. Companies just G > can not afford the QA, testing and staff resources associated with so  > many security fixes.    E I'd probably be inclined to agree. On that point, OpenVMS is probably 4 unsurpassed or at least, right up there at the best.  
 Cordially,   -Dan   ------------------------------   Date: 3 Jan 2006 20:22:41 -0800  From: davidc@montagar.com  Subject: Re: Honeypot stats C Message-ID: <1136348561.376575.210490@g44g2000cwa.googlegroups.com>   G >Unix on the other hand is a challenge for geeks to prove their version H >of Unix is better because they have the fixes out sooner. And they will+ >fix the weaknesses in each other's Unixes.   G Most of us that run OpenVMS are very security minded, and take pride of @ the "Cool and UnHackable".   Long before Windows announced their@ security focus, OpenVMS was already doing it.  Indeed, a case ofE Windows striving to be as secure tomorrow what OpenVMS was yesterday, D the week before, last year, when I was a young'un, in hip deep snow, uphill both ways.    ------------------------------  % Date: Tue, 03 Jan 2006 16:08:18 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> > Subject: Re: Installing DW Motif with PCSI: ovverride checks ?, Message-ID: <43BAE7B0.229B66FB@teksavvy.com>   Charlie Hammond wrote:& > I don't immediately see the problem.  D The problem isn't in the PCSI$DESCRIPTION file. (*my* problem was inE there, which is why I had to copy the kit to a REFERENCE format, edit D the PCSI$DESCRIPTION to remove an unwanted and unnecessary check and proceed with installation.)   H The problem is that PRODUCT COPY forgot to create one file in the targetE directory and this is a [.$work] file called by the .PCSI$DESCRIPTION ! procedure.  (PCSI_CHKPARAM.COM).    D PRODUCT EXTRACT went from 0% to 100%, didn't say anything wrong, butG didn't extract the file. (This is also the behaviour when you specify a # /SELECT of some non-existant file).     H This file was inside the .PCSI sequential kit and was successfully found4 and used in a PRODUCT INSTALL of the sequential kit.  H Note that PRODUCT LIST doesn't seem to include the [.$work] files, so it doesn't yield any clues.    ? The .PCSI file I was using came from the VAXVMS072 Hobbyist CD.   ; $disk:[DWMOTIF_VAX125.KIT]DEC-VAXVMS-DWMOTIF-V0102-5-1.PCSI      >     $ PRODUCT SHOW UTILITY   $ product show utility: POLYCENTER Software Installation utility version: V7.2-1085     Product Configuration File (PCF) support level: 1 3     Product Description File (PDF) support level: 5 ,     Product Text File (PTF) support level: 2  E Sorry I am still at 7.2 because some functionality was removed at 7.3 D and since HP has renegged on its promise for 8.2 on VAX, there is noG point in my downgrading to 7.3 since that would no longer be a stepping 
 stone to 8.2.     H Now, the plot thickens: I moved the .PCSI file to an alpha running 8.2 (D PCF:1 PDF:9 PTF:2) and PRODUCT EXTRACT worked fine and extracted theH PCSI_CHKPARAM.COM file.  Haven't tried the PRODUCT COPY to the reference" format but I assume it would work.    C Since support for VAX VMS has pretty well ended, I don't expect any C support. But if some user ends up having problems with PCSI extract G files or COPYing to reference format, at least it should be documented.    ------------------------------  % Date: Tue, 03 Jan 2006 15:56:24 -0500 ( From: Javier Henderson <javier@kjsl.com>! Subject: Re: IP stack for old VAX . Message-ID: <dpeodo$8e1$1@stationair.kjsl.com>   Bob Koehler wrote: >    VAX/VMS 4.7, VAX 11/785 > F >    To keep this system running for at least short time, I'm probablyD >    going to have to put an IP stack on it.  It has a DMF-11 with aH >    synchronous serial connector and an AUI style ethernet (there are a? >    total of 16 asynch lines, but I don't want to use SLIP).    > I >    The ethernet had been used for DECnet in the past.  I plan to remove I >    (or at least disable) the DECnet stack since no one around here will ) >    route DECnet, and it's not required.  > G >    OS update is not an option for several months, we'll be looking to I >    move to a more recent VAX by then.  Supported configuration is not a  >    requirement.  > H >    Performance is an issue in that it must not interfere with existingH >    real-time processes (which have been getting along fine with DECnet >    running). > G >    What are my options for an IP stack on this system?  Will Multinet I >    run over this ethernet interface?  CMU-IP?  If CMU-IP, will I need a  >    C compiler? > G >    And what device name is that ethernet showing up as (it's circuit   >    DMF-0 in NCP)?   H MultiNet will run on VAX/VMS 4.7 on that 11/785, but I've never heard ofE a DMF-11 having an Ethernet interface. Just synch lines. The only two > Ethernet interfaces I know of for Unibus were DEUNA and DELNA.  C So if the DMF-11 does indeed have an Ethernet interface on it, it's H never been tested with MultiNet, as far as I know. Certainly not at TGV.   -jav   ------------------------------   Date: 3 Jan 2006 21:10:05 GMT ( From: bill@cs.uofs.edu (Bill Gunshannon)! Subject: Re: IP stack for old VAX , Message-ID: <4207hdF1gdv7rU1@individual.net>  3 In article <UMX4Q9u6riHk@eisner.encompasserve.org>, > 	koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >  >    VAX/VMS 4.7, VAX 11/785 > F >    To keep this system running for at least short time, I'm probablyD >    going to have to put an IP stack on it.  It has a DMF-11 with aH >    synchronous serial connector and an AUI style ethernet (there are a? >    total of 16 asynch lines, but I don't want to use SLIP).    > I >    The ethernet had been used for DECnet in the past.  I plan to remove I >    (or at least disable) the DECnet stack since no one around here will ) >    route DECnet, and it's not required.  > G >    OS update is not an option for several months, we'll be looking to I >    move to a more recent VAX by then.  Supported configuration is not a  >    requirement.  > H >    Performance is an issue in that it must not interfere with existingH >    real-time processes (which have been getting along fine with DECnet >    running).  3 This is probably the biggest concern you will have.    > G >    What are my options for an IP stack on this system?  Will Multinet I >    run over this ethernet interface?  CMU-IP?  If CMU-IP, will I need a  >    C compiler? > G >    And what device name is that ethernet showing up as (it's circuit   >    DMF-0 in NCP)?   A Is IP really necessary if this is a machine to be replaced in the B not to distant future?  Why risk breaking the part that works that@ you still need?  Wouldn't it be safer to set up another machine @ (something like a VS3100 or other real small box) that could run? both DECNET and TCPIP and provide a way to login and move files A (which is what I figure you need TCPIP for!)  I can't imagine the @ choices for as old an OS version as that are many and I would be> very concerned about bugginess and the strong possibility they- might adversely effect the running processes.    bill   --  J Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolvesD bill@cs.scranton.edu     |  and a sheep voting on what's for dinner. University of Scranton   |A Scranton, Pennsylvania   |         #include <std.disclaimer.h>       ------------------------------  # Date: Tue, 03 Jan 2006 22:16:07 GMT 9 From: Alan Adams <alan.adams@orchard-way.freeserve.co.uk> ! Subject: Re: IP stack for old VAX ? Message-ID: <5327a2e34d.Alan.Adams@orchard-way.freeserve.co.uk>   2 In message <pRVUMC5V+Q$j@eisner.encompasserve.org>F           koehler@eisner.nospam.encompasserve.org (Bob Koehler) wrote:   >  >    VAX/VMS 4.7, VAX 11/785 > F >    To keep this system running for at least short time, I'm probablyD >    going to have to put an IP stack on it.  It has a DMF-11 with aH >    synchronous serial connector and an AUI style ethernet (there are a? >    total of 16 asynch lines, but I don't want to use SLIP).    > I >    The ethernet had been used for DECnet in the past.  I plan to remove I >    (or at least disable) the DECnet stack since no one around here will ) >    route DECnet, and it's not required.  > G >    OS update is not an option for several months, we'll be looking to I >    move to a more recent VAX by then.  Supported configuration is not a  >    requirement.  > H >    Performance is an issue in that it must not interfere with existingH >    real-time processes (which have been getting along fine with DECnet >    running). > G >    What are my options for an IP stack on this system?  Will Multinet I >    run over this ethernet interface?  CMU-IP?  If CMU-IP, will I need a  >    C compiler?  I I don't know about third-party stacks, but the appropriate version of UCX L will run fine. I seem to recall that Multinet was around when we had VMS 3.7E and VAX so by 4.7 that should also be fine. You would need to get the J appropriate versions of course, which might be tricky. The other name from that era was Wollongong.   > G >    And what device name is that ethernet showing up as (it's circuit   >    DMF-0 in NCP)?  >    --  ! Alan Adams, from Northamptonshire & alan.adams@orchard-way.freeserve.co.uk http://www.nckc.org.uk/    ------------------------------  % Date: Tue, 03 Jan 2006 17:40:38 -0500 2 From: "Stanley F. Quayle" <squayle@insight.rr.com>! Subject: Re: IP stack for old VAX / Message-ID: <43BAB716.15012.34D0E9D7@localhost>   . On 3 Jan 2006 at 21:10, Bill Gunshannon wrote:; > Wouldn't it be safer to set up another machine (something G > like a VS3100 or other real small box) that could run both DECNET and B > TCPIP and provide a way to login and move files (which is what I > figure you need TCPIP for!)   C I usually site a Linux box with the DECnet and LAT freeware on the  C same LAN, and don't mess with the VAX.  There are some truly small  / PC's that will work great for this application.   E Cheap, doesn't require any HP or M$ licenses, and almost pain-free.   / You can even use SSH coming from the outside...   
 --Stan Quayle  Quayle Consulting Inc.  
 ----------- Stanley F. Quayle, P.E. N8SQ  +1 614-868-1363 3 8572 North Spring Ct., Pickerington, OH  43147  USA 0 stan-at-stanq-dot-com       http://www.stanq.com) "OpenVMS, when downtime is not an option"    ------------------------------   Date: 4 Jan 2006 00:19:18 GMT ( From: bill@cs.uofs.edu (Bill Gunshannon)! Subject: Re: IP stack for old VAX , Message-ID: <420ik6F1gejsnU1@individual.net>  , In article <43BB138B.ED79AE3A@teksavvy.com>,0 	JF Mezei <jfmezei.spamnot@teksavvy.com> writes:G > CMU is a lightweight stack. It might be better suited for a 780. What . > will you need it for ? Just Telnet and FTP ? > E > I think you can find a KERMIT version compiled with CMU IP as well.  > E > And if the CMU  FTP isn't good enough, there was a MADGOAT FTP also  > usable with CMU. > N > CMU is also pretty easy to configure. Basically just one configuration file.  H Just out of curiosity, where would one find the source for CMU-IP today?H I have looked at CMU but it seems none of it has survived. (Like so many# other projects from days gone by!!)    bill   --  J Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolvesD bill@cs.scranton.edu     |  and a sheep voting on what's for dinner. University of Scranton   |A Scranton, Pennsylvania   |         #include <std.disclaimer.h>       ------------------------------  % Date: Tue, 03 Jan 2006 19:15:37 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> ! Subject: Re: IP stack for old VAX , Message-ID: <43BB138B.ED79AE3A@teksavvy.com>  E CMU is a lightweight stack. It might be better suited for a 780. What , will you need it for ? Just Telnet and FTP ?  C I think you can find a KERMIT version compiled with CMU IP as well.   C And if the CMU  FTP isn't good enough, there was a MADGOAT FTP also  usable with CMU.  L CMU is also pretty easy to configure. Basically just one configuration file.   ------------------------------  % Date: Tue, 03 Jan 2006 19:49:03 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> ! Subject: Re: IP stack for old VAX , Message-ID: <43BB1B5F.782452C2@teksavvy.com>   Bill Gunshannon wrote:J > Just out of curiosity, where would one find the source for CMU-IP today?J > I have looked at CMU but it seems none of it has survived. (Like so many% > other projects from days gone by!!)   3 There are precompiled versions on the VMS freeware.   4 And the DECUS tapes probably contain source as well.   ------------------------------  % Date: Wed, 04 Jan 2006 00:29:01 +0100 & From: Paul Sture <paul.sture@decus.ch>9 Subject: Re: OT: CAPS (was:Re: TLZ07/TLZ09 compatability) , Message-ID: <420fluF1gs9dkU1@individual.net>  
 AEF wrote: > Measekit hasF > posted entirely in CAPS; I don't see anyone beating him up about it!  F Huh? He was a pure troll, and it's a shame you quote him (her?) as an  example.      G > Later today I will post, in this thread, a guide to reading UPPERCASE  > LETTERS. Stay tuned. >   2 No. Please don't take me back to mainframe days...   ------------------------------   Date: 3 Jan 2006 16:03:58 -0800 $ From: "AEF" <spamsink2001@yahoo.com>9 Subject: Re: OT: CAPS (was:Re: TLZ07/TLZ09 compatability) B Message-ID: <1136333038.239971.80470@g14g2000cwa.googlegroups.com>   Paul Sture wrote:  > AEF wrote: > > Measekit hasH > > posted entirely in CAPS; I don't see anyone beating him up about it! > G > Huh? He was a pure troll, and it's a shame you quote him (her?) as an 
 > example.    ( You're right; bad example. My apologies.    I > > Later today I will post, in this thread, a guide to reading UPPERCASE  > > LETTERS. Stay tuned. > >  > 4 > No. Please don't take me back to mainframe days...    E What is this big horror about uppercase letters? How can you tolerate ) VMS sytems "yelling" at you all day long?   D The Guide to Reading Uppercase Letters (GRUL) has nothing to do with mainframes.   ! THANK YOU FOR ALL YOUR KIND HELP.   C Is that yelling? It's certainly not scolding. Sometimes you have to E yell to be heard above the noise. Why is that so terrible? In fact, I F remember a post from the early 90's that was entirely in uppercase and it was humourous.   F Here it is (WARNING!!! If you are allergic to or cannot tolerate largeD amounts of uppercase letters, then do not read the rest of this post8 except under the advice and supervision of a physician):     http://groups.google.com/group/comp.os.vms/browse_frm/thread/426c7518db8ad494/488ce0e093b1e9d8?lnk=st&q=(pizza+OR+pizzas)+group%3Acomp.os.vms&rnum=6&hl=en#488ce0e093b1e9d8   G Path: sparky!uunet!wupost!uwm.edu!linac!att!ucbvax!ANZIO.GATECH.EDU!don  From: d...@ANZIO.GATECH.EDU  Newsgroups: comp.os.vms  Subject: USERS7 Message-ID: <9205131451.AA23979@cunixf.cc.columbia.edu>  Date: 13 May 92 14:51:28 GMT" Sender: dae...@ucbvax.BERKELEY.EDU Distribution: world  Organization: The Internet Lines: 9  B I NEED TO STOP ALL THESE USERS FROM DOING THINGS TO ME!  TEHGY ARE ALWAYSF MAKIG UP ACCOUNTS FOR THEIR FRIENDS AND ORDEREN PIZZA TO MY OFFICE AND I A CANT STOP THEM.  THIS TIME THEY HAVE GONE TO FAR!!! THEY WENT AND  STARTED B MOVING AROUND THE FILES IN MY ACCOUNT AGAIN, AND I CAN'T STAND IT. THEYC ARE ALWAYS INSTALLING SOFTWARE THAT I DONT UNDERSTAND AND CHANGEING  THINGSD SO THAT SOMETIMES I DONT EVEN KNOW WHATS GOING ON WITH MY OWN SYSTEM HOW E DO I STOP THEM FROM DOING THIS????  I TRIED TO GET SOM OF THEM KICKED  OFF  BUT JUST KEEP COMEING BACK.      Pretty good, eh?   AEF    ------------------------------  % Date: Tue, 03 Jan 2006 10:52:04 -0800 # From: "Tom Linden" <tom@kednos.com>  Subject: POP client prob( Message-ID: <ops2tf02zgzgicya@hyrrokkin>  3 I have been using Outlook as th ePop client against 4 TCPIP5.4 with MX5.4 on VMS7.3, A  I installed second: copy of MX5.4 on another node 7.3-2, B, also with TCPIP5.48 which runs out of the same root dir, so the config files3 for MX are the same for both nodes.  Now one of the  logicals in the startup is+ DEFINE/SYSTEM/EXEC MX_PROTOCOL_PREFIX SMTP%  which is also true for the A.   2 When reading the mail with Outlook two differences9 1. the mail is to SMTP%Tom@...  whereas on a it is simply      Tom@... C 2. On B the full RFC822 header is displayed as part of the message.      This was not the case on A  B How to make B behave like A?  I don't believe it can have anything? to do with MX, so it must be some TCPIP setting.  Anybody know?    ------------------------------  % Date: Tue, 03 Jan 2006 16:19:31 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com>  Subject: Re: POP client prob, Message-ID: <43BAEA51.6DEDB128@teksavvy.com>   Tom Linden wrote: < > copy of MX5.4 on another node 7.3-2, B, also with TCPIP5.4: > which runs out of the same root dir, so the config files5 > for MX are the same for both nodes.  Now one of the  > logicals in the startup is- > DEFINE/SYSTEM/EXEC MX_PROTOCOL_PREFIX SMTP%  > which is also true for the A.   H When I try to boot a node from the same root as another node, it crashesD very early in the boot.  Si it is unlikely that you are booting bothF from the same root. You probably meant from the same SYS$COMMON on the same drives.  4 > When reading the mail with Outlook two differences; > 1. the mail is to SMTP%Tom@...  whereas on a it is simply 
 >     Tom@... E > 2. On B the full RFC822 header is displayed as part of the message.   >     This was not the case on A > D > How to make B behave like A?  I don't believe it can have anythingA > to do with MX, so it must be some TCPIP setting.  Anybody know?     5 I suspect that the differences are due to some of the E logicals/procedures being executed from as node specific directory so & they don't execute on the second node.  G Additionally, you may have additional leftover procedures on the second E node's specific directories which deassign those logicals or redefine  them differently.   C DIR disk:[SYS0...]*.com/exlude=[SYS0.SYSCOMMON...] might yield some I clues on procedures which are specific but whcih should be in sys$common.   E The header issue is fairly simple. The POP server doesn't recognise a G message as an internet message and therefore synthetises an RFC header. Q So the original RFC header is simply treated as data that is part of the message.   B Are you using an MX pop server, or the TCPIP Services POP server ?  5 If you are using the TCPIP services pop server, do a    = SHOW LOG TCPIP$POP* on both nodes to compare the differences.    ------------------------------  % Date: Tue, 03 Jan 2006 18:45:57 -0800 # From: "Tom Linden" <tom@kednos.com>  Subject: Re: POP client prob( Message-ID: <ops2t1yvh3zgicya@hyrrokkin>  . On Tue, 03 Jan 2006 16:19:31 -0500, JF Mezei  % <jfmezei.spamnot@teksavvy.com> wrote:   6 > If you are using the TCPIP services pop server, do a? > SHOW LOG TCPIP$POP* on both nodes to compare the differences.   G Thanks, thid looks promising.  On the new node, no logicals are defined 
 on the old  -    "TCPIP$POP_IGNORE_MAIL11_HEADERS" = "TRUE" %    "TCPIP$POP_PERSONAL_NAME" = "TRUE" !    "TCPIP$POP_POSTMASTER" = "TOM" '    "TCPIP$POP_USE_MAIL_FOLDER" = "TRUE"    so how do I configure these?   ------------------------------  % Date: Tue, 03 Jan 2006 17:15:29 -0500 & From: Thomas Wirt <twnews@kittles.com>/ Subject: Re: Samba v3 on VMS and HP VMS Roadmap C Message-ID: <c958$43baf783$4367aba2$6738@msgid.meganewsservers.com>    Neil Rieck wrote:   : > "Cluster-Karl" <karl.rohwedder@gmx.de> wrote in message ? > news:1136194895.324622.263890@z14g2000cwz.googlegroups.com...  > C >>Are details about licensing for SAMBA/VMS available (beside being  >>included in the FOE)? H >>I am interested especially in upgrading from Advancedserver on Alphas?! >>Is a new PAK required, costs...  >> >>regards Kalle  >> > O > I'd like more information on this too. (but like their port of Apache I just  # > assumed Samba would be for free).  > 	 >  <snip>  > Neil Rieck > E HP has said that they anticipate distributing and supporting it just  B like Apache.  It will be free (as it must be) and support will be " included with Base VMS OS support.   Thomas Wirt    ------------------------------  % Date: Tue, 03 Jan 2006 15:37:53 -0500 - From: JF Mezei <jfmezei.spamnot@teksavvy.com> 7 Subject: Re: SCSNode Names in Non-clustered environment , Message-ID: <43BAE092.72AF8676@teksavvy.com>   Display Name wrote:  > N > >> Are you building the new machine from an image backup of the older node ? > ! > nosir, i did not plan to do so. < > the newer system will have VMS 7.3-2, the older one 7.2-2.K > i will eventually port the application and data from old-to-new and test; 6 > and the machines will have different I.P. addresses.L > but with several hundred remote terminals (PC's with emulation) it will beD > an important goal to retain a single resolvable Node-Name to avoid( > reconfiguring every single connection.  H Ok, if the machines will co-exist for some time while to build a new oneF from scratch,  I would then recommend you start the new machine with aF totally different identity. This will allow much easier interaction to+ transfer files between old and new machine.   E During the conversion process, all users would continue to connect to  the old machine.  H Then, when you are ready for the final switchover, you change on the newG node all the configuration settings (without needing to change the live D stuff).  So SYSGEN and MODPARAMS.DAT for SCSNODE and SCSNODEID, yourG startup procedure for the LAT service names, DECNET permanent database.   F For TCPIP, from what I have learned, it would be easier to zap the newF node's configuration files (SYS$SYSTEM:[TCPIP*.DAT) and reconfigure itF from scratch with TCPIP$CONFIG with the good IP and node name. You canG do that while the TCPIP stack is still running and as long as you don't L shut it down and start it again, the changed in systartup won't take effect.  F Then, you need to stop logins on the old machine, do a final backup ofE changed files, and reboot the new machine which will then take on its C production indetity with the right IP, nodename etc. Meanwhile, you E disconnect the old machine from the ethernet, and you can then change F its node name to "OLDVAX", change it IP address etc etc or simply keep it disconnected.  A Note that when you do the switchover, many machines will have the G ethernet address of their old machines in their ARP cache and may still D try to connect to that machine for some time. Not sure if there is aE utility on VMS to send some broadcast to force everyone to drop their F ARP entry pointing to the old machine and use the ethernet address for the new machine.   ------------------------------   Date: 3 Jan 2006 14:09:52 -0600 ; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)  Subject: Re: SSH vs Telnet3 Message-ID: <3VnJf5iHWsx6@eisner.encompasserve.org>   i In article <6.1.2.0.2.20060103090158.02803c90@raptor.psccos.com>, Dan O'Reilly <dano@process.com> writes:  > L > SSH protocol DOES exchange the terminal geometry information.  When a PTY L > is requested, part of the information passed is the terminal width/height L > in columns/lines and in pixels.  Zero geometry dimensions are allowed and $ > must be ignored (i.e., defaulted).  A    OK, another one I'm behind on.  But PuTTY may not be using it.    ------------------------------   Date: 3 Jan 2006 14:42:30 -0600 ; From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) 
 Subject: test 3 Message-ID: <6uRRjpaHXPLC@eisner.encompasserve.org>    test   ------------------------------   End of INFO-VAX 2006.007 ************************