INFO-VAX Mon, 25 Jun 2007 Volume 2007 : Issue 343 Contents: AlphaServer power use Re: AlphaServer power use Re: AlphaServer power use Re: AlphaServer power use Re: And the question was? (Re: Amazing, two new articles on Computerworld.com a Re: And the question was? (Re: Amazing, two new articles on Computerworld.com ac Re: And the question was? (Re: Amazing, two new articles on Computerworld.com ac ANN: Artistic Style support for OpenVMS now offical Free OpenVMS and VMS manuals Re: Free OpenVMS and VMS manuals Re: Mac OS Mildly good news for OMX Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option OpenVMS 7.3-1 & Python 2.5 Re: OpenVMS 7.3-1 & Python 2.5 Re: OpenVMS 7.3-1 & Python 2.5 Re: OpenVMS 7.3-1 & Python 2.5 Re: Organised letter writing to Hurd ? Re: Organised letter writing to Hurd ? Re: Question about TCPIP$ftp - copy taking a long time Re: reading news [was: dns woes (ucx5.3, vms 7.3-1)] SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: Suggestion for VMS: compression/deconpression architecture ---------------------------------------------------------------------- Date: Sun, 24 Jun 2007 13:59:01 -0700 From: rtk Subject: AlphaServer power use Message-ID: <1182718741.375428.129190@e16g2000pri.googlegroups.com> I'm wondering if anyone has an idea on how much power an AlphaServer 4/200 might typically use. It has 2 hard drives running. There is a rating of 8.5A at 120V but I'm assuming that is a maximum. What's typical? I'd expect it to be about the same as a standard PC. Ron ------------------------------ Date: Sun, 24 Jun 2007 23:07:44 +0100 From: "John Wallace" Subject: Re: AlphaServer power use Message-ID: <467eeb31$0$8717$ed2619ec@ptn-nntp-reader02.plus.net> "rtk" wrote in message news:1182718741.375428.129190@e16g2000pri.googlegroups.com... > I'm wondering if anyone has an idea on how much power an AlphaServer > 4/200 might typically use. It has 2 hard drives running. There is a > rating of 8.5A at 120V but I'm assuming that is a maximum. What's > typical? I'd expect it to be about the same as a standard PC. > > Ron > Sorry, insufficient data: a) You've not uniquely identified the box: Alphaserver xxx 4/200 could be e.g. Alphaserver 1000, 2000 or 2100, assuming the 4/200 is correct and not e.g. 4/233, which would open you up to different, possibly smaller, models which might well be "about the same as a standard PC" whereas the AlphaServer 1000 and up are more likely to be "about the same as standard servers". Bit vague, that, isn't it? b) You've not said why you want to know. E.g. the answer for air-conditioning sizing purposes isn't necessarily the same as the answer for UPS (or other mains power) sizing purposes. Once you do identify the exact model, the relevant detailed specs will hopefully be findable via the Systems and Options Catalogue (SOC) Archive which is currently at http://h18000.www1.hp.com/products/quickspecs/soc_archives/80166.html Sadly not all of the documents offer detailed info on kW (or BTU/hr) which you want for aircon and kVA which you want for power supply but where it is available it tends to be close to the end of the SOC chapter. You may also encounter some oddness on the SOC website too, so suggestions of other sources are most welcome. Hth John ------------------------------ Date: Sun, 24 Jun 2007 15:20:15 -0700 From: rtk Subject: Re: AlphaServer power use Message-ID: <1182723615.203033.253600@i13g2000prf.googlegroups.com> On Jun 24, 4:07 pm, "John Wallace" wrote: > Sorry, insufficient data: > a) You've not uniquely identified the box: Alphaserver xxx 4/200 could be My bad. It is an AlphaServer 1000 4/200. I'm just wondering how much this thing will cost me if I leave it running all the time. I'm not expecting it to be much worse than running 2-3 PCs but thought I'd ask. Thanks for the link. Nice to get the specs on this box. Ron ------------------------------ Date: Mon, 25 Jun 2007 03:09:47 +0200 From: "P. Sture" Subject: Re: AlphaServer power use Message-ID: In article <467eeb31$0$8717$ed2619ec@ptn-nntp-reader02.plus.net>, "John Wallace" wrote: > "rtk" wrote in message > news:1182718741.375428.129190@e16g2000pri.googlegroups.com... > > I'm wondering if anyone has an idea on how much power an AlphaServer > > 4/200 might typically use. It has 2 hard drives running. There is a > > rating of 8.5A at 120V but I'm assuming that is a maximum. What's > > typical? I'd expect it to be about the same as a standard PC. > > > > Ron > > > > Sorry, insufficient data: > a) You've not uniquely identified the box: Alphaserver xxx 4/200 could be > e.g. Alphaserver 1000, 2000 or 2100, assuming the 4/200 is correct and not > e.g. 4/233, which would open you up to different, possibly smaller, models > which might well be "about the same as a standard PC" whereas the > AlphaServer 1000 and up are more likely to be "about the same as standard > servers". Bit vague, that, isn't it? > b) You've not said why you want to know. E.g. the answer for > air-conditioning sizing purposes isn't necessarily the same as the answer > for UPS (or other mains power) sizing purposes. > > Once you do identify the exact model, the relevant detailed specs will > hopefully be findable via the Systems and Options Catalogue (SOC) Archive > which is currently at > http://h18000.www1.hp.com/products/quickspecs/soc_archives/80166.html > Sadly not all of the documents offer detailed info on kW (or BTU/hr) which > you want for aircon and kVA which you want for power supply but where it is > available it tends to be close to the end of the SOC chapter. > > You may also encounter some oddness on the SOC website too, so suggestions > of other sources are most welcome. > APC have a configuration tool which might be useful (requires Javascript) For example, I've just looked up a Digital Alphaserver 2100, selected a likely looking configuration, and it gave me the following: Device: Digital AlphaServer 1000 Total Power (Watts): 213 # of Power Cords: 1 Total Power (VA): 304 Quantity: 1 Total Thermal (BTU/hr): 727 Plug Type: IEC-60320-C13/C14 Operating Voltages: 230 -- Paul Sture ------------------------------ Date: Sun, 24 Jun 2007 16:54:21 -0400 From: JF Mezei Subject: Re: And the question was? (Re: Amazing, two new articles on Computerworld.com a Message-ID: <21cd1$467eda17$cef8887a$17082@TEKSAVVY.COM> AEF wrote: > While they're obviously not big on growing VMS, I don't think they're > actively trying to move customers away from it. How would you qualify the deal made with Cerner to stop developping for VMS and instead target HP-UX ? > Roadmaps are not contracts. Exactly. While it is very nice for VMS to have a roadmap, it isn't something you can bet your business on. > She said what's obvious: any company wants to keep its customers and > that means keeping them happy enough not to jump ship. No. She added the mention that if/when VMS customers want to migrate, HP wants to keep them as customers. This is like Microsoft stating publically that it wouldn't mind Windows customers migrating to MACOS if they continued to buy Office versions. She could have just said that HP wants VMS customers to be happy and remain with HP and keep it at that. She went out of her way to mention the "migrating from VMS" bit. That was uncalled for. > I don't know enough about this deal to comment. But again you appear > to be putting the worst possible spin on it. OK, I will put a good spin : HP has kept some developpers still working on VMS and VMS is still being devevopped. I wonder how soon VMS will ship with indian fonts built-in ??? :-) ------------------------------ Date: Sun, 24 Jun 2007 18:24:10 -0700 From: AEF Subject: Re: And the question was? (Re: Amazing, two new articles on Computerworld.com ac Message-ID: <1182734650.885672.6160@n60g2000hse.googlegroups.com> On Jun 24, 9:30 am, p...@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) wrote: > In article <1182689234.575093.170...@o61g2000hsh.googlegroups.com>, AEF writes: > > >She said what's obvious: any company wants to keep its customers and > >that means keeping them happy enough not to jump ship. > > I expect more actions and more positive words if HP intends to keep its > (VMS) customers (because a lot ARE still forced to jumping ship) > Sigh. History is repeating itself over and over (and yet we still hope)... Well, I'm sure hp would prefer to keep these customers. And I'm not the least bit surprised that an hp exec like Ann would say things like she said. But yes, it may be that HP either isn't willing to do more or thinks things are fine the way they are. My primary point was about what Ann Livermore SAID because that is what JF based his maximized FUD upon. And I was saying that his conclusion does not follow from her comments. It might be true for other reasons, but not because of her comments. But!: I think with the new video HP isn't going to pull the plug on VMS anytime soon. Hopefully they'll come up with more positive things about VMS as we saw in the disaster-proof video. And now many people will see VMS in a very positive light for a change. We should be happy! At least for now. We should say, "That was great! Encore! More! More!", not wallow in our sorrows. I believe that will be a lot more helpful than "Well, this was wrong and that was wrong and this wasn't enough ... " Fooey! Let's celebrate the video and encourage more such things from HP. Remember the video: OpenVMS mentioned first. OpenVMS came IN first. Hurray for OpenVMS! Thank you HP. Thank you Mr. Hurd. Re the fish: Fish recovery time: 294 seconds. Hmmmm. Instead of catapulting the fish, how about a flying data center recovery?! ... OK, that's too silly. (It's getting late!) AEF > > -- > Peter "EPLAN" LANGSTOEGER > Network and OpenVMS system specialist > E-mail p...@langstoeger.at > A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: Sun, 24 Jun 2007 21:09:19 -0700 From: "Tom Linden" Subject: Re: And the question was? (Re: Amazing, two new articles on Computerworld.com ac Message-ID: On Sun, 24 Jun 2007 13:54:21 -0700, JF Mezei wrote: > AEF wrote: >> While they're obviously not big on growing VMS, I don't think they're >> actively trying to move customers away from it. > > How would you qualify the deal made with Cerner to stop developping for > VMS and instead target HP-UX ? > >> Roadmaps are not contracts. > > Exactly. While it is very nice for VMS to have a roadmap, it isn't > something you can bet your business on. Roadmaps are trial balloons written by people trying to define rather than understand the market. It is a form of polling. > >> She said what's obvious: any company wants to keep its customers and >> that means keeping them happy enough not to jump ship. > > No. She added the mention that if/when VMS customers want to migrate, HP > wants to keep them as customers. This is like Microsoft stating > publically that it wouldn't mind Windows customers migrating to MACOS if > they continued to buy Office versions. > > She could have just said that HP wants VMS customers to be happy and > remain with HP and keep it at that. She went out of her way to mention > the "migrating from VMS" bit. That was uncalled for. > >> I don't know enough about this deal to comment. But again you appear >> to be putting the worst possible spin on it. > > OK, I will put a good spin : HP has kept some developpers still working > on VMS and VMS is still being devevopped. > > I wonder how soon VMS will ship with indian fonts built-in ??? :-) -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Mon, 25 Jun 2007 09:53:33 +1000 From: Jim Duff Subject: ANN: Artistic Style support for OpenVMS now offical Message-ID: <467F03FD.20900@127.0.0.1> Artistic Style is a source code indenter, formatter, and beautifier for the C, C++, C# and Java programming languages. As of version 1.21, OpenVMS is an officially supported operating system for this software. You can access further information and downloads here: An Alpha 8.2 executable image is contained in the zip file, in addition to objects (including the C++ repository objects) enabling you to link the image if you do not have the C++ compiler available. Questions concerning the OpenVMS port can be directed to me via the contact page on my website: Jim. -- www.eight-cubed.com ------------------------------ Date: Sun, 24 Jun 2007 15:15:33 -0700 From: rtk Subject: Free OpenVMS and VMS manuals Message-ID: <1182723333.656739.57510@m37g2000prh.googlegroups.com> I suspect no one will really want these but I figured I'd offer them before trashing them. I have about two dozen or more OpenVMS manuals that are free to whoever (whomever?) wants them and is willing to pick them up (Denver area, Broomfield to be exact). The are primarily for OpenVMS 7.1 but some are for 6.2. I also have about 20 or so VMS manuals, in gray three-ring binders, that are free as well. These cover the programming and system management series and are from 1988. If you want them, let's set something up (oneelkruns@hotmail.com, first to email) and if no one asks for them I'll trash them next Friday. Ron ------------------------------ Date: Sun, 24 Jun 2007 16:54:37 -0700 From: AEF Subject: Re: Free OpenVMS and VMS manuals Message-ID: <1182729277.245389.159580@n60g2000hse.googlegroups.com> On Jun 24, 6:15 pm, rtk wrote: > I suspect no one will really want these but I figured I'd offer them > before trashing them. I have about two dozen or more OpenVMS manuals > that are free to whoever (whomever?) wants them and is willing to pick whoever - with phrases like this it goes with the qualifying phrase "wants them". > them up (Denver area, Broomfield to be exact). The are primarily for > OpenVMS 7.1 but some are for 6.2. Which v6.2 manuals do you have and would you be willing to ship them if I pay shipping costs? (I mostly want the Volume Shadowing for V6.2.) Thanks. -- I'll decode your address (I'm on Google Groups) and email you. > > I also have about 20 or so VMS manuals, in gray three-ring binders, > that are free as well. These cover the programming and system > management series and are from 1988. > > If you want them, let's set something up (oneelkr...@hotmail.com, > first to email) and if no one asks for them I'll trash them next > Friday. > > Ron ------------------------------ Date: 24 Jun 2007 19:36:31 -0400 From: Rich Alderson Subject: Re: Mac OS Message-ID: "Craig A. Berry" writes: > In article , > Rich Alderson wrote: >> "MultiFinder" was really Apple licensing back Andy Hertzfeld's[1] Juggler, >> which was user-level code for doing the same thing. IIRC, Juggler first >> made an appearance in MacOS 4.1.[2] > When I saw Andy demonstrate it in the mid-1980s, it was called > "Switcher" not "Juggler." Proof that CRC is beginning to fail. "Switcher" it was. "Juggler" may have been the code name for an Acrobat competitor that some friends worked on, but even that was 15 years ago now. -- Rich Alderson | /"\ ASCII ribbon | news@alderson.users.panix.com | \ / campaign against | "You get what anybody gets. You get a lifetime." | x HTML mail and | --Death, of the Endless | / \ postings | ------------------------------ Date: Mon, 25 Jun 2007 00:53:50 -0400 From: JF Mezei Subject: Mildly good news for OMX Message-ID: <33944$467f4a79$cef8887a$21695@TEKSAVVY.COM> Sounds like a chess game. LSE (London Stock Exchange) wants to buy the italian bourse. (stock exchange). During its failed attempt to buy LSE, NSADAQ did acquire a 30% stake of LSE, and according to an analyst heard on BBC, it also struck a deal with LSE where NASDAQ could dictate technology used by the LSE. The analyst then pointed to NASDAQ obtaining OMX and being able to dictate the LSE use that platform. But the plot thickens. If LSE does buy the Boursa Italiana, it would dilute the NASDAQ stake in the combined bourses and thus reduce its decision power at the LSE. This is more heresay than fact, but it is a sign that NASDAQ may see the OMX platform as an asset instead of just wanting to convert OMX customers to the NASDAQ platform. Whether OMX remains on VMS or heeds HP's call to migrate away from it is a different question. ------------------------------ Date: Sun, 24 Jun 2007 21:36:22 +0200 From: "Dr. Dweeb" Subject: Re: OpenVMS - When downtime is not an option Message-ID: <467ec7b2$0$21926$157c6196@dreader1.cybercity.dk> Bob Koehler wrote: > In article , VAXman- > @SendSpamHere.ORG writes: >> >> The only PeeCee she had was an IBM Think Pad (what a piece of shite >> too) from work. Since she's been on disability for the past year, >> the laptop has been with her employer. She's very happy with that >> arrangement and she does NOT miss Weendoze! > > Sorry to hear about the disability, but the lack of Windows in the > home sounds good. Do the local building codes allow that ? :) Dweeb ------------------------------ Date: Sun, 24 Jun 2007 21:43:23 +0200 From: "Dr. Dweeb" Subject: Re: OpenVMS - When downtime is not an option Message-ID: <467ec957$0$21932$157c6196@dreader1.cybercity.dk> FredK wrote: > "Ken Robinson" wrote in message > news:7dd80f60706211144v943de2fw1866f899ccf28e59@mail.gmail.com... >> On 6/21/07, Rich Jordan wrote: >>> On Jun 21, 1:00 pm, "FredK" wrote: >>>> "Cydrome Leader" wrote in message >>>> >>>> news:f5d12c$6hv$1@reader2.panix.com... >>>> >>>>> P. Sture wrote: >>>> >>>> Oh come on you guys. For once be thrilled. HP shows off VMS. There >>>> were >>>> VMS guys there (recognize them?). OpenVMS was not only mentioned >>>> first, it >>>> was back online first, it wasn't an "Oh by the way". It wasn't a >>>> SAN failover it was a data center failover. It was cool. >>>> >>>> Sheesh. >>> >>> Damn straight. Every little bit of recognition and publicity >>> helps. >> >> Did anyone look at the contents of the "Learn More" tab? >> >> There the configuration for OpenVMS is described as: >> HP OpenVMS operating environment >> AlphaServer ES40 with OpenVMS clusters failing over to Integrity >> Superdome Now if this page can be highlighted on the HP.COM main page. >> >> Ken > > > If you are gonna blow something up, an ES40 is a lot cheaper than a > Superdome ;-) Pretty cool at every level. Mixed architectures. VMS > Clusters. Fastest failover (in fact we are looking at why we weren't > even faster in the test). I showed it the "team" and the "suits". I commented that I tought 13 sec was on the slow side :) Folks were amazed though, esp. that the others were as quick as they were. We do not have ANY HP in the shop, so if it is HP technology layered on top of M$ and/or Linux then it is a no-go for us, should it ever become a requirement. Dweeb ------------------------------ Date: Sun, 24 Jun 2007 21:45:17 +0200 From: "Dr. Dweeb" Subject: Re: OpenVMS - When downtime is not an option Message-ID: <467ec9c9$0$21933$157c6196@dreader1.cybercity.dk> Richard B. Gilbert wrote: > AEF wrote: >> On Jun 21, 6:51 pm, Anton Shterenlikht wrote: >> >>> On Thu, Jun 21, 2007 at 06:24:59PM -0400, JF Mezei wrote: >>> >>>> C.W.Holeman II wrote: >>>> >>>>> In fact VMS is even listed with the other HP OSes: >>>> >>>>> Fromhttp://www.hp.com/go/disasterproof: >>>> >>>> Such links are not very useful. Unless you know it, you won't >>>> stumble onto it. >>> >>>> Now, if HP mentions this URL in a real press release sent out the >>>> news wires, then it is OK. But otherwise, unless there is a link >>>> from the HP main pages, people won't stumble onto it. >>> >>> it is only 2 clicks from the main page: >>> hp.com => >>> (bottom left) New server, storage, software and services for the >>> enterprise => (right column, under HP StorageWorks Conference) >>> Watch the video I guess if you are interested in what HP have to offer >>> for >>> `enterprise business' you are likely to stumble onto it. >>> >>> I liked the video. My wife commented that it is a typical male >>> thing, a woman would just swith the power off. Seriously though, is >>> exploding any more damaging to availability than a power cut? >> >> >> Yes. The power will eventually come back. The blown-up data center >> won't. >> > > If you are really serious about up time, you have emergency generators > that you start when the power goes off. Your UPS sustains you for the > few minutes it takes to bring the generators on line. If you are > REALLY serious, you have redundant generators so you can shut one > down for refueling, oil change, or whatever. > > If you really need 100% uptime, you should have the budget for all > this stuff and probably more. The "more" includes N+1 redundant air > conditioners or fully redundant depending on how paranoid and how rich > you are. Yep, that is what hosting centres are for. Let them look after that infrastructure stuff. Dweeb ------------------------------ Date: Sun, 24 Jun 2007 16:12:09 -0400 From: "Richard B. Gilbert" Subject: Re: OpenVMS - When downtime is not an option Message-ID: <467ED019.1090206@comcast.net> Dr. Dweeb wrote: > Richard B. Gilbert wrote: > >>AEF wrote: >> >>>On Jun 21, 6:51 pm, Anton Shterenlikht wrote: >>> >>> >>>>On Thu, Jun 21, 2007 at 06:24:59PM -0400, JF Mezei wrote: >>>> >>>> >>>>>C.W.Holeman II wrote: >>>>> >>>>> >>>>>>In fact VMS is even listed with the other HP OSes: >>>>> >>>>>>Fromhttp://www.hp.com/go/disasterproof: >>>>> >>>>>Such links are not very useful. Unless you know it, you won't >>>>>stumble onto it. >>>> >>>>>Now, if HP mentions this URL in a real press release sent out the >>>>>news wires, then it is OK. But otherwise, unless there is a link >>>>>from the HP main pages, people won't stumble onto it. >>>> >>>>it is only 2 clicks from the main page: >>>>hp.com => >>>>(bottom left) New server, storage, software and services for the >>>>enterprise => (right column, under HP StorageWorks Conference) >>>>Watch the video I guess if you are interested in what HP have to offer >>>>for >>>>`enterprise business' you are likely to stumble onto it. >>>> >>>>I liked the video. My wife commented that it is a typical male >>>>thing, a woman would just swith the power off. Seriously though, is >>>>exploding any more damaging to availability than a power cut? >>> >>> >>>Yes. The power will eventually come back. The blown-up data center >>>won't. >>> >> >>If you are really serious about up time, you have emergency generators >>that you start when the power goes off. Your UPS sustains you for the >>few minutes it takes to bring the generators on line. If you are >>REALLY serious, you have redundant generators so you can shut one >>down for refueling, oil change, or whatever. >> >>If you really need 100% uptime, you should have the budget for all >>this stuff and probably more. The "more" includes N+1 redundant air >>conditioners or fully redundant depending on how paranoid and how rich >>you are. > > > Yep, that is what hosting centres are for. Let them look after that > infrastructure stuff. You can pay for it all at once or pay by the month. It may be more expensive to do it yourself but OTOH, it can be incredibly expensive if, when the power goes off, the generators don't work. . . . Then you discover that your hosting center is filing for protection under Chapter 11 and your pretty contract doesn't even make good toilet paper. ------------------------------ Date: Sun, 24 Jun 2007 21:39:49 GMT From: "John Wallace" Subject: Re: OpenVMS - When downtime is not an option Message-ID: "Richard B. Gilbert" wrote in message news:467ED019.1090206@comcast.net... > Dr. Dweeb wrote: > > Richard B. Gilbert wrote: > > > >>AEF wrote: > >> > >>>On Jun 21, 6:51 pm, Anton Shterenlikht wrote: > >>> > >>> > >>>>On Thu, Jun 21, 2007 at 06:24:59PM -0400, JF Mezei wrote: > >>>> > >>>> > >>>>>C.W.Holeman II wrote: > >>>>> > >>>>> > >>>>>>In fact VMS is even listed with the other HP OSes: > >>>>> > >>>>>>Fromhttp://www.hp.com/go/disasterproof: > >>>>> > >>>>>Such links are not very useful. Unless you know it, you won't > >>>>>stumble onto it. > >>>> > >>>>>Now, if HP mentions this URL in a real press release sent out the > >>>>>news wires, then it is OK. But otherwise, unless there is a link > >>>>>from the HP main pages, people won't stumble onto it. > >>>> > >>>>it is only 2 clicks from the main page: > >>>>hp.com => > >>>>(bottom left) New server, storage, software and services for the > >>>>enterprise => (right column, under HP StorageWorks Conference) > >>>>Watch the video I guess if you are interested in what HP have to offer > >>>>for > >>>>`enterprise business' you are likely to stumble onto it. > >>>> > >>>>I liked the video. My wife commented that it is a typical male > >>>>thing, a woman would just swith the power off. Seriously though, is > >>>>exploding any more damaging to availability than a power cut? > >>> > >>> > >>>Yes. The power will eventually come back. The blown-up data center > >>>won't. > >>> > >> > >>If you are really serious about up time, you have emergency generators > >>that you start when the power goes off. Your UPS sustains you for the > >>few minutes it takes to bring the generators on line. If you are > >>REALLY serious, you have redundant generators so you can shut one > >>down for refueling, oil change, or whatever. > >> > >>If you really need 100% uptime, you should have the budget for all > >>this stuff and probably more. The "more" includes N+1 redundant air > >>conditioners or fully redundant depending on how paranoid and how rich > >>you are. > > > > > > Yep, that is what hosting centres are for. Let them look after that > > infrastructure stuff. > > You can pay for it all at once or pay by the month. It may be more > expensive to do it yourself but OTOH, it can be incredibly expensive if, > when the power goes off, the generators don't work. . . . Then you > discover that your hosting center is filing for protection under Chapter > 11 and your pretty contract doesn't even make good toilet paper. > Hosting centres can have power problems even without needing the electricity supplier to have a problem. At least two London-based outfits have been in the press multiple times in recent years for that very reason (one was Redbus, I forget the other), presumably down to problems with internal power distribution systems. Handing the service over to someone else is fine, so long as everyone understands that you may not really have got rid of having to manage the risk, you still need to be able to plan for and manage the consequences of a disruption, but you definitely got rid of the money. ------------------------------ Date: Sun, 24 Jun 2007 17:41:03 -0400 From: JF Mezei Subject: Re: OpenVMS - When downtime is not an option Message-ID: <33a0f$467ee508$cef8887a$6570@TEKSAVVY.COM> Ken Robinson wrote: > There is now a white paper from Enterprise Strategy Group on the site > that describes the computing environment in more detail. It can be > found at http://h71028.www7.hp.com/ERC/downloads/4AA1-3538ENW.pdf Ahh ! Now we're talking !!!! On page 6, it shows the logical connections. The Alpha was connected only to the other side via IP (red lines) and FC (green lines) for the storage controllers. Would it be correct to state that the red lines with the HP ProCurve switches are really ethernet lines ? (aka: did SCS traffic flow through the red lines or the green lines?) Of course, in that setup, of the bomb had been placed in the backup site instead of the primary site, then the quorum servers would have been zapped and the primary site would have gone off-line ;-) On the next page is the screen shot that was quickly seen in the video, showing the single connection between the 2 sites. (this is the storage controller display I think). There is no mention of a storage quorum server. And later on, we head that in the "quorum sute (the logical 3rd site), VMS had its own quorum instance on some IA64 box. Does this mean that the storage arrays have no quorum mechanism ? (On page 7, the picture shows a layout (as quickly seen in the video) from the storage controller's point of view. It shows a single link between only 2 sites and no 3 storage controller to act as quorum. Does this mean that with a cut in the FC cable, both storage arrays would remain available/operational to the local OS instances ? For the HP-UX instance, there is mention of disk mirroring. Yet, they still need to rebuild the database from the transaction logs before backup site starts operations. Also, does "synchronously mirrored" mean that the OS instance does not/cannot wait for the write to have been confirmed on all shadow set disks before continuing ? is there a point in doing this type of mirroring if you still need to rebuild your database with transaction logs when you switch site ? Also, in the Tandem example, there is mention of special software needed to ensure that the data has been written on the remote disk before the transactions are completed/confirmed. If the Tandem OS instance sees the remote disk as a real disk separate from the local disk, wouldn't it know when the write has completed on the remote disk ? Or is this some special software to tell the disk controller to only confirm the write commen and the data has actually been written to the physical drive that the OS drive has been mapped to ? Also, if the main site sees the backup disks as its own disk, is there really the need for special software to ensure the data has actually been written to disk ? Wouldn't the OS have intimate connection to the disk to know when the data has been written ? Or does the storage controller reports "written" to the OS instance before the data has actually been written to the magnetic media on whatever physical drive that OS's disk was mapped to ? On page 13: ## HP developed and extended clustering to include HP-UX, Linux, Windows, AIX and Solaris. ## If HP can claimed their developped clustering, it means that they lay claim to the clustering developped by Digital (which it acquired through the compaq purchase). As a result, VMS should be listed in the above sentence. ------------------------------ Date: Sun, 24 Jun 2007 17:47:34 -0400 From: JF Mezei Subject: Re: OpenVMS - When downtime is not an option Message-ID: >> There is now a white paper from Enterprise Strategy Group on the site >> that describes the computing environment in more detail. It can be >> found at http://h71028.www7.hp.com/ERC/downloads/4AA1-3538ENW.pdf OK, one more question: On page 13: ## HP has now taken that concept one giant step further by creating a highly available disaster tolerant environment, consisting of two data centers ## Woudln't 2 data centres present the same quorum issues as having only 2 nodes ? AKA: one data centre needs to have more votes than the other which means that the site with the fewer votes cannot automatically failover when the site with the more votes fails. For a true disaster recovery scheme, shouldn't there be 3 data centres with the 3rd centre having ethernet link to both centres so that it can play a role in deciding which of the 2 main sites should continue to operate ? ------------------------------ Date: Sun, 24 Jun 2007 17:50:13 -0400 From: JF Mezei Subject: Re: OpenVMS - When downtime is not an option Message-ID: <6e70f$467ee72e$cef8887a$7439@TEKSAVVY.COM> Dr. Dweeb wrote: > Folks were amazed though, esp. that the others were as quick as they were. Would it be correct to state that in an architecture where the backup site must rebuild the database from transation logs, that the time to become operaional would be directly proportional to the number of transactions in those logs ? If a database rebuild is required, would it be correct to state that the speed of the CPU would also determine how quickly the site can become operational ? ------------------------------ Date: Sun, 24 Jun 2007 18:00:43 -0400 From: JF Mezei Subject: Re: OpenVMS - When downtime is not an option Message-ID: <93e40$467ee9a4$cef8887a$14900@TEKSAVVY.COM> Richard B. Gilbert wrote: > You can pay for it all at once or pay by the month. It may be more > expensive to do it yourself but OTOH, it can be incredibly expensive if, > when the power goes off, the generators don't work. . . . Then you > discover that your hosting center is filing for protection under Chapter > 11 and your pretty contract doesn't even make good toilet paper. In Toronto, there is a building at 151 Front Street, right between the main train station and the CN tower which is the big internet hub for eastern canada. It also hosts a lot of computers and obviously routers/switches. It also is the host to the Toronto Internet Exchange. Most large cities have similar buildings in their downtown core. It is the logical place to put your internet servers since they have direct access to the high speed internet backbones from different carriers. (There is also a similar building in Montreal in the former Teleglobe switch centre on Belmont street). But when a building becomes so high profile to a large city or even a nation, it also becomes an interesting target for backhoes, pranksters, and terrorists). Contrast this with bank data centres which are usually innocuous buildings without the bank logo or any indication that it hosts really important computers. Low profile. And from the outside, you can't really tell that the windows on the 2nd floor are all bullet proof. ------------------------------ Date: Mon, 25 Jun 2007 03:29:45 +0200 From: "P. Sture" Subject: Re: OpenVMS - When downtime is not an option Message-ID: In article , "John Wallace" wrote: > "Richard B. Gilbert" wrote in message > news:467ED019.1090206@comcast.net... > > > You can pay for it all at once or pay by the month. It may be more > > expensive to do it yourself but OTOH, it can be incredibly expensive if, > > when the power goes off, the generators don't work. . . . Then you > > discover that your hosting center is filing for protection under Chapter > > 11 and your pretty contract doesn't even make good toilet paper. > > > > > Hosting centres can have power problems even without needing the electricity > supplier to have a problem. At least two London-based outfits have been in > the press multiple times in recent years for that very reason (one was > Redbus, I forget the other), presumably down to problems with internal power > distribution systems. Handing the service over to someone else is fine, so > long as everyone understands that you may not really have got rid of having > to manage the risk, you still need to be able to plan for and manage the > consequences of a disruption, but you definitely got rid of the money. And then there's the semi-retired odd job guy who got laid off last year. An ex-engineer, he used to give the generators a quick run up every now and then, but nobody does that anymore. -- Paul Sture ------------------------------ Date: 24 Jun 2007 20:36:17 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: OpenVMS - When downtime is not an option Message-ID: <7s7LSlkLnQKH@eisner.encompasserve.org> In article , "P. Sture" writes: > And then there's the semi-retired odd job guy who got laid off last > year. An ex-engineer, he used to give the generators a quick run up > every now and then, but nobody does that anymore. That is trigger for me to mention the place I worked 30 years ago where they rigorously tested the emergency generator every two weeks. When the actual power outage came they discovered the generator fuel tank was empty. ------------------------------ Date: Mon, 25 Jun 2007 00:04:50 -0400 From: "Richard B. Gilbert" Subject: Re: OpenVMS - When downtime is not an option Message-ID: <467F3EE2.9030403@comcast.net> Larry Kilgallen wrote: > In article , "P. Sture" writes: > > > >>And then there's the semi-retired odd job guy who got laid off last >>year. An ex-engineer, he used to give the generators a quick run up >>every now and then, but nobody does that anymore. > > > That is trigger for me to mention the place I worked 30 years ago > where they rigorously tested the emergency generator every two weeks. > > When the actual power outage came they discovered the generator > fuel tank was empty. During the great blackout back in the '60s a New York City hospital discovered that the fuel pump for their emergency generator required 110 VAC to operate! Somebody had to chop a hole in the top of the fuel tank with a hatchet and dip out enough fuel to "prime the pump". Once they got the generator running the fuel pump worked very well! The moral of this story is that you won't know how good your disaster plan is until you have been through an actual disaster, or two, or three. ------------------------------ Date: Sun, 24 Jun 2007 13:57:16 -0700 From: rtk Subject: OpenVMS 7.3-1 & Python 2.5 Message-ID: <1182718636.576343.203360@o11g2000prd.googlegroups.com> Has anyone successfully installed Python 2.5? I've tried using the kits available here: http://vmspython.dyndns.org/anonymous/kits/axp/vms73/ to install Python on an AlphaServer 4/200 running 7.3-1. I first installed the libbz2 (v1.0-2) and zlib (v1.2-3) kits without trouble and ran the startup scripts: @sys$common:[libz]startup @sys$common:[libbz2]startup I then installed the Python 2.5 kit (v1.11-0). At the end of installation, when post-install stuff is to run, I get this message: %IMGACT-F-SYMVECMIS, shareable image's symbol vector table mismatch -IMGACT-F-FIXUPERR, error when pythonshr referenced DECC$SHR ??? So far I've managed to get FORTRAN and C installed and working but Python (the one I'll use the most) is throwing me. Any help appreciated! Ron ------------------------------ Date: Sun, 24 Jun 2007 18:59:21 -0500 From: "Craig A. Berry" Subject: Re: OpenVMS 7.3-1 & Python 2.5 Message-ID: In article <1182718636.576343.203360@o11g2000prd.googlegroups.com>, rtk wrote: > Has anyone successfully installed Python 2.5? I've tried using the > kits available here: > > http://vmspython.dyndns.org/anonymous/kits/axp/vms73/ > > to install Python on an AlphaServer 4/200 running 7.3-1. I first > installed the libbz2 (v1.0-2) and zlib (v1.2-3) kits without trouble > and ran the startup scripts: > > @sys$common:[libz]startup > @sys$common:[libbz2]startup > > I then installed the Python 2.5 kit (v1.11-0). At the end of > installation, when post-install stuff is to run, I get this message: > > %IMGACT-F-SYMVECMIS, shareable image's symbol vector table mismatch > -IMGACT-F-FIXUPERR, error when pythonshr referenced DECC$SHR > > ??? > > So far I've managed to get FORTRAN and C installed and working but > Python (the one I'll use the most) is throwing me. > > Any help appreciated! Not directly related to your problem, but if you you can beg or borrow media, try a later version of OpenVMS. I"m assuming you have 7.3-1 because that's what the hobbyist program distributes. If that kit really was linked on v7.3 as the name implies, you shouldn't be getting that error on 7.3-1. If it was linked on 7.3-2, I suppose it's possible you would get that error. You could try to build it from source, assuming source is included. Make sure you are up-to-date on ECOs, which for your system are most easily viewed here: http://ftp.support.compaq.com.au/pub/ecoinfo/ecoinfo/a731.htm The update ECO includes an updated CRTL, which is the image Python fell down on. There is a slight chance that an updated version of that image is all you need. -- Posted via a free Usenet account from http://www.teranews.com ------------------------------ Date: Sun, 24 Jun 2007 17:16:38 -0700 From: rtk Subject: Re: OpenVMS 7.3-1 & Python 2.5 Message-ID: <1182730598.255903.126610@o11g2000prd.googlegroups.com> On Jun 24, 5:59 pm, "Craig A. Berry" wrote: > Not directly related to your problem, but if you you can beg or borrow > media, try a later version of OpenVMS. I"m assuming you have 7.3-1 > because that's what the hobbyist program distributes. There is a site that has Python kits for OpenVMS 7.2. Will those work on 7.3-1? You are correct, I have the hobbyist kit CD. ------------------------------ Date: Mon, 25 Jun 2007 07:22:15 +0200 From: =?ISO-8859-1?Q?Jean-Fran=E7ois_Pi=E9ronne?= Subject: Re: OpenVMS 7.3-1 & Python 2.5 Message-ID: <467f510b$0$7286$426a34cc@news.free.fr> Ron, > Has anyone successfully installed Python 2.5? I've tried using the > kits available here: > > http://vmspython.dyndns.org/anonymous/kits/axp/vms73/ > > to install Python on an AlphaServer 4/200 running 7.3-1. I first > installed the libbz2 (v1.0-2) and zlib (v1.2-3) kits without trouble > and ran the startup scripts: > > @sys$common:[libz]startup > @sys$common:[libbz2]startup > > I then installed the Python 2.5 kit (v1.11-0). At the end of > installation, when post-install stuff is to run, I get this message: > > %IMGACT-F-SYMVECMIS, shareable image's symbol vector table mismatch > -IMGACT-F-FIXUPERR, error when pythonshr referenced DECC$SHR > > ??? > You have to install the latest ACRTL patch for 7.3-1 which is probably V0400, you can download it from ftp.itrc.hp.com Another better option, if possible, would be to upgrade to 7.3-2, then you will be able to use the two LD images provides. > So far I've managed to get FORTRAN and C installed and working but > Python (the one I'll use the most) is throwing me. > > Any help appreciated! > > Ron > JFP ------------------------------ Date: Sun, 24 Jun 2007 17:15:22 -0500 From: David J Dachtera Subject: Re: Organised letter writing to Hurd ? Message-ID: <467EECFA.9DFC4E10@spam.comcast.net> "Richard B. Gilbert" wrote: > > JF Mezei wrote: > > Just an idea here: > > > > Would there be a point in some sort of organised/coordinated letter > > writing to Hurd ? > > > > > > I don't mean a petition. > > > > I was thing more of a coordinated continuing "debate" with Hurd. > > > > Person 1 writes letter to Hurd. > > Person 1 gets response. > > Person 2 writes letter to Hurd to argue Hurd's reponse to #1 > > Person 2 gets response > > Person 3 write letter to Hurd to argue Hurd's response to #2. > > etc etc > > > What makes you think that Hurd reads his own mail? He undoubtedly has a > staff who open his mail, read it, and decide which ones he should handle > personally! Interesting point. I've had local HP-ers show up at work claiming they were there "becuase (I) wrote to Mark Hurd about (it)". -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Sun, 24 Jun 2007 23:35:45 -0400 From: "Richard B. Gilbert" Subject: Re: Organised letter writing to Hurd ? Message-ID: <467F3811.7020300@comcast.net> David J Dachtera wrote: > "Richard B. Gilbert" wrote: > >>JF Mezei wrote: >> >>>Just an idea here: >>> >>>Would there be a point in some sort of organised/coordinated letter >>>writing to Hurd ? >>> >>> >>>I don't mean a petition. >>> >>>I was thing more of a coordinated continuing "debate" with Hurd. >>> >>>Person 1 writes letter to Hurd. >>>Person 1 gets response. >>>Person 2 writes letter to Hurd to argue Hurd's reponse to #1 >>>Person 2 gets response >>>Person 3 write letter to Hurd to argue Hurd's response to #2. >>>etc etc >> >> >> >>What makes you think that Hurd reads his own mail? He undoubtedly has a >>staff who open his mail, read it, and decide which ones he should handle >>personally! > > > Interesting point. > > I've had local HP-ers show up at work claiming they were there "becuase (I) > wrote to Mark Hurd about (it)". > It's possible. It's possible that Hurd has a large staff working under a "standard operating procedure" or doctrine. IOW, they have a book that, for a few dozen or even a few hundred common complaints, tells them what to do. "If David D. writes to me, call his local field service, and . . . ." If your field service contract involves 700 systems spread over a hundred sites and costs you $750,000 per year, believe me, Field Service toes the mark! Been there, done that, miss it! ------------------------------ Date: Mon, 25 Jun 2007 02:36:46 +0200 From: "P. Sture" Subject: Re: Question about TCPIP$ftp - copy taking a long time Message-ID: In article <07062322093725_202003EE@antinode.org>, sms@antinode.org (Steven M. Schweda) wrote: > From: "P. Sture" > > > An update on this. I set EWA0_MODE to "Auto-Negotiate" on my PWS 600au, > > and it works fine. > > What could go wrong? > Short answer: Murphy. Who else? Longer answer: I've been through a fair few combinations of kit here, including some which appeared to vary with phases of the moon, whether there was an "R" in the day/month/year etc. Now I've had a fresh start, things are better. Incidentally, as part of this exercise I zapped all entries from the LANCP database to get a clean start there as well. > > PS. I have 2 NICs on this system. Can anyone suggest a practical use for > > the second one? > > Long ago, when my DSL connection was bridging instead of routing, I > had one interface dedicated to IP, to keep my cluster and DECnet traffic > off the DSL bridge. Nowadays, I have one or two EI interfaces in my > XP1000 systems, but they don't get much use. From time to time, I may > set one to some strange IP address to communicate with some new gizmo > which has a default address which is off my usual network. I know that > it's not necessary, but I always feel better playing aroung with an > interface which I'm not using for anything else. > > Of course, the last time I did this, it was to try to find an HP > JetDirect 170X print server on its default address of 192.0.0.192. Try > as I might, I couldn't talk to the thing. In desperation, I connected > it to a printer (first time I've used the parallel port on my LaserJet > 4MV), and had it print out a Configuration Page, where I learned that it > had found a DHCP server (about which I had forgotten) and it had gotten > an address on my normal network. Sigh. > > So, the short answer is, "I can't, really, At least not most of the > time." > So, a spare or as Roy suggested, something devious. -- Paul Sture ------------------------------ Date: Mon, 25 Jun 2007 02:50:28 +0200 From: "P. Sture" Subject: Re: reading news [was: dns woes (ucx5.3, vms 7.3-1)] Message-ID: In article , Chris Sharman wrote: > P. Sture wrote: > > Chris Sharman wrote: > > > >> JF Mezei wrote (lots of good stuff ...) > >> So why can't I see it in google groups? > >> Anyone recommend an easy way to read newsgroups through a picky > >> corporate firewall? > > > > Have you tried the INFO-VAX mailing list? > > I used to get my news via mail - it feels like a retrograde step to > revert to that - I quite like having it presented threaded, with the > ability to skim subjects, and check back on earlier articles. > > What I was wanting to do was to refer a colleague to the article, but it > was missing from google groups, so I couldn't - had to wait to get home, > and then forward it. > I'm afraid I went through that several years ago, when the budget for the news server at work became the subject of a game of pass the parcel. Nobody wanted it on their budget, so it eventually got switched off. I have found various places over the years which mirror comp.os.vms, although they tend to come and go. A quick search today shows this one to be promising as far as threading goes: -- Paul Sture ------------------------------ Date: Sun, 24 Jun 2007 19:47:16 -0400 From: JF Mezei Subject: SSH newbie question Message-ID: <3753d$467f029d$cef8887a$24631@TEKSAVVY.COM> TCPIP Services 5.6, Alpha 8.3 I had to enable SSH on one alpha in order to be able to "telnet" to my mac. (Macs for some reason don't enable/allow telnet connections.) Now, I didn't have to configure the mac on the VMS host and vice versa. Somehow, they exchanged keys and voila. But low and behold, I started to see ssh login attempts from the internet. OK, so I blocked port 22 on my router. However, this lead me to a big question: Why is SSH considered any more secure than Telnet if anyone/everyone can connect to the host anyways ? Or is it expected that one edits some configuration file to limit host access by IP or limit it to specifically exchanged keys ? At least intrusion detection did work for SSH intrusion attempt. (it doesn't work for many other TCPIP services). ------------------------------ Date: Mon, 25 Jun 2007 00:53:39 GMT From: Bob Harris Subject: Re: SSH newbie question Message-ID: In article <3753d$467f029d$cef8887a$24631@TEKSAVVY.COM>, JF Mezei wrote: > TCPIP Services 5.6, Alpha 8.3 > > I had to enable SSH on one alpha in order to be able to "telnet" to my > mac. (Macs for some reason don't enable/allow telnet connections.) > > Now, I didn't have to configure the mac on the VMS host and vice versa. > Somehow, they exchanged keys and voila. > > But low and behold, I started to see ssh login attempts from the > internet. OK, so I blocked port 22 on my router. > > However, this lead me to a big question: Why is SSH considered any more > secure than Telnet if anyone/everyone can connect to the host anyways ? > > Or is it expected that one edits some configuration file to limit host > access by IP or limit it to specifically exchanged keys ? > > At least intrusion detection did work for SSH intrusion attempt. (it > doesn't work for many other TCPIP services). Telnet is not secured in anyway. The passwords and all the information you type and all the data displayed is sent in clear text. Anyone capturing your data will be able to see all. ssh encrypts everything. The passwords as well as what you type and what is sent back to you. This is why telnet is disabled on a Mac (and not a gui option to enable. It is very insecure. if you really really want telnet on MacOSX, you can play Unix admin and enable it - try searching a if you want something so insecure. If you want to be even more secure, you can configure ssh to disallow password access, and only allow previously created and exchanged keys. In this mode you have a 1024 (DES) or 2048 (RSA) bit key, which is going to be a bit difficult for someone to guess. Some google searches will find lots of instructions for doing this stuff "ssh disable passwords" and "ssh no password". In addition, ssh offers other services, such as tunneling X11 sessions via -X and -Y command line options back to the originating system. Of course becasue it is ssh, the X11 sessions are encrypted over the network. I use this a lot at work from my MacOSX workstation to Linux development systems. ssh can also tunnel just about any TCP port(s) you want. I personally tunnel VNC over ssh (port 5900) between my Mom's iMac (running Vine Server; aka OSXvnc), 300 miles away, and my MacBook at home. Makes remote maintenance so much easier than getting in the car, or trying to talk your 70+ Mom through mouse clicks over the phone (been there, done that; thanks, I uses VNC any day). ssh has scp (secure copy) which I just love for moving files between systems, and very scriptable. If you must, there is also sftp for those that prefer an FTP type experience. All of which uses encrypted ssh, and all of which can use exchanged keys so that you do not need to keep entering passwords. Telnet is barely beyond punched cards and paper tape. ssh is the the swiss army knife of machine to machine command line connections. Bob Harris ------------------------------ Date: Mon, 25 Jun 2007 01:04:36 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: SSH newbie question Message-ID: In article <3753d$467f029d$cef8887a$24631@TEKSAVVY.COM>, JF Mezei writes: >TCPIP Services 5.6, Alpha 8.3 > >I had to enable SSH on one alpha in order to be able to "telnet" to my >mac. (Macs for some reason don't enable/allow telnet connections.) > >Now, I didn't have to configure the mac on the VMS host and vice versa. >Somehow, they exchanged keys and voila. > >But low and behold, I started to see ssh login attempts from the >internet. OK, so I blocked port 22 on my router. > >However, this lead me to a big question: Why is SSH considered any more >secure than Telnet if anyone/everyone can connect to the host anyways ? > Unless you take steps to block connections to it (via firewall rules, ucx set service/reject etc ) then anyone can connect to any TCPIP based service you offer. SSH is considered more secure than Telnet not because people cannot try to connect to it but because ssh encrypts the traffic whereas TELNET transmits everything including passwords in the clear !!! >Or is it expected that one edits some configuration file to limit host >access by IP or limit it to specifically exchanged keys ? > I've never tried it but it looks like the SSHD2_CONFIG. file has some options for restricting access ie " ## Host restrictions AllowHosts localhost, * ## Next one matches with, for example, taulu.foobar.com, tuoli.com, but ## not tuoli1.com. Note that you have to input string "\." when you want it ## to match only a literal dot. You also have to escape "," when you ## want to use it in the pattern, because otherwise it is considered a list ## separator. ## AllowHosts t..l.\..* ## The following matches any numerical IP-address (yes, it is cumbersome) ## AllowHosts ([[:digit:]]{1\,3}\.){3}[[:digit:]]{1\,3 } ## Same thing is achieved with using the special prefix "\i" in a ## pattern. This means that the pattern is only used to match # IP-addresses. Using the above example: # # AllowHosts \i.* # # You can probably see the difference between the two. # # Also, you can use subnet masks, by using prefix "\m" # # AllowHosts \m127.0/8 # # AllowHosts \m127.0.0.0/24 # # would match localhost ("127.0.0.1"). # # DenyHosts evil\.org, aol\.com # AllowSHosts trusted\.host\.org # DenySHosts not\.quite\.trusted\.org # IgnoreRhosts no # IgnoreRootRHosts no # # (the above, if not set, is defaulted to the value of IgnoreRHosts) " >At least intrusion detection did work for SSH intrusion attempt. (it >doesn't work for many other TCPIP services). That should be enough. David Webb Security team leader CCSS Middlesex University ------------------------------ Date: Sun, 24 Jun 2007 21:59:31 -0400 From: JF Mezei Subject: Re: SSH newbie question Message-ID: Bob Harris wrote: > Telnet is not secured in anyway. The passwords and all the > information you type and all the data displayed is sent in clear > text. Anyone capturing your data will be able to see all. But does that really prevent break-in attempts ? When I telnet into my switch, router etc, the folks on the internet do not see my data because it remains on my lan. And even if I were to use telnet to access a system on the internet, what are the odds of someone snooping my traffic ? As much as I have been outspoken about Bush being a war criminal, I don't think that even the 3 letter organisations in the USA would bother snooping on my traffic, even if I mention words such as bomb, centrifuge, power converters, U232, plutonium, anthrax, dirty underwear and enriched radiological device. Fact is that with telnet opened, I rarely get any login attempts on it. But the minute I opened SSH, I started to see intrusion attempts. So in real life, because Telnet is no longer considered an active protocol, it isn't used by hackers and is thus more secure than SHH. If SSH's only advantage is to prevent your ISP from snooping on your packets, then it still doesn't prevent intrusion attempts from the rest of the world. > MacOSX, you can play Unix admin and enable it - try searching a > if you want something so insecure. Thanks for the link. Since my mac is not directly accessible from the net having telnet enabled wouldn't be a big concern to me. BTW, is it normal when using SSH to connect to VMS, that "@SYS$MANAGER:ANNOUNCE.TXT" is displayed after the login instead of its contents ? And shouldn't it display the welcome.txt file instead of the announce just before executing your login.com ? ------------------------------ Date: Mon, 25 Jun 2007 04:00:20 +0200 From: "P. Sture" Subject: Re: SSH newbie question Message-ID: In article , Bob Harris wrote: > This is why telnet is disabled on a Mac (and not a gui option to > enable. It is very insecure. if you really really want telnet on > MacOSX, you can play Unix admin and enable it - try searching a > if you want something so insecure. This however can be a swine when you simply want to use telnet to test a service (e.g. SMTP). -- Paul Sture ------------------------------ Date: Mon, 25 Jun 2007 02:51:00 GMT From: Bob Harris Subject: Re: SSH newbie question Message-ID: In article , "P. Sture" wrote: > In article , > Bob Harris wrote: > > > > > This is why telnet is disabled on a Mac (and not a gui option to > > enable. It is very insecure. if you really really want telnet on > > MacOSX, you can play Unix admin and enable it - try searching a > > if you want something so insecure. > > This however can be a swine when you simply want to use telnet to test a > service (e.g. SMTP). The telnet command is still there, so if you wish to telnet to something specifying an alternate port, that works very well. What is disabled is the telnet server on MacOSX. Bob Harris ------------------------------ Date: Mon, 25 Jun 2007 03:16:18 GMT From: Bob Harris Subject: Re: SSH newbie question Message-ID: In article , JF Mezei wrote: > Bob Harris wrote: > > Telnet is not secured in anyway. The passwords and all the > > information you type and all the data displayed is sent in clear > > text. Anyone capturing your data will be able to see all. > > But does that really prevent break-in attempts ? When I telnet into my > switch, router etc, the folks on the internet do not see my data because > it remains on my lan. Just because I can tell my wife the password to my mutual funds at home, doesn't mean I should yell the same information across a crowded room at a party. Telnet is not secure when applied to every possible Mac sold. ssh is a better way to perform the same services when you do not know where the system is going to be deployed. And MacOSX does not enable ssh by default either. It just makes it easy for the user to enable via System Preferences -> Sharing -> Remote Login. If you really want MacOSX to offer a telnetd daemon, then start here: This may or may not be up to date, but it should be sufficient to get started. > And even if I were to use telnet to access a system on the internet, > what are the odds of someone snooping my traffic ? As much as I have > been outspoken about Bush being a war criminal, I don't think that even > the 3 letter organisations in the USA would bother snooping on my > traffic, even if I mention words such as bomb, centrifuge, power > converters, U232, plutonium, anthrax, dirty underwear and enriched > radiological device. > > Fact is that with telnet opened, I rarely get any login attempts on it. > But the minute I opened SSH, I started to see intrusion attempts. So in > real life, because Telnet is no longer considered an active protocol, it > isn't used by hackers and is thus more secure than SHH. That is called security by obscurity. And again, Apple can not depend on it, not when they are selling millions of Macs. You are welcome to depend on it or not. That is up to you. I've given you pointers to information on enabling telnetd. > If SSH's only advantage is to prevent your ISP from snooping on your > packets, then it still doesn't prevent intrusion attempts from the rest > of the world. I gave you a list of advantages that ssh has over telnet, including how to prevent intrusion success. They can attempt all they want, but if you disable direct logins, and only allow exchanged 2048 bit (or longer) keys, it is highly unlikely that anyone will succeed in getting in. And I personally Love exchanged keys. I never worry about remembering usernames and passwords on remote systems. I can script remote copies (or periodic remote backups), and not have to enter passwords, or even allow the activities to occur unattended (like in the middle of the night). Yes for this have to make sure that system doing the copying remains secure so that no one can get the keys, but if you can assume on one is going to sniff packets on your local network, I can assume no one is going to break into my system (they can sniff my network all they want, just stay out of my system itself). > > MacOSX, you can play Unix admin and enable it - try searching a > > if you want something so insecure. > > Thanks for the link. Since my mac is not directly accessible from the > net having telnet enabled wouldn't be a big concern to me. > > BTW, is it normal when using SSH to connect to VMS, that > > "@SYS$MANAGER:ANNOUNCE.TXT" is displayed after the login instead of its > contents ? > > And shouldn't it display the welcome.txt file instead of the announce > just before executing your login.com ? That I wouldn't know. When I used OpenVMS systems I was using DECnet. ssh didn't come into my life until after I moved away from working with OpenVMS and into Digital UNIX (aka Tru64 UNIX) kernel development (which alas I no longer do either :-) ). Also, I would like to point out that you can telnet from MacOSX to OpenVMS. It is that you can not easily telnet from OpenVMS to MacOSX. On my system, I have a working telnet command. What I don't have is a working telnetd daemon (which I don't miss at all). Bob Harris ------------------------------ Date: Sun, 24 Jun 2007 21:37:32 -0700 From: DeanW Subject: Re: SSH newbie question Message-ID: <3f119ada0706242137n37d7a170n14a0954d7797979f@mail.gmail.com> On 6/24/07, JF Mezei wrote: > Bob Harris wrote: > > Telnet is not secured in anyway. The passwords and all the > > information you type and all the data displayed is sent in clear > > text. Anyone capturing your data will be able to see all. > > But does that really prevent break-in attempts ? When I telnet into my > switch, router etc, the folks on the internet do not see my data because > it remains on my lan. But in the corporate world, most break-ins come from inside. > And even if I were to use telnet to access a system on the internet, > what are the odds of someone snooping my traffic ? A local ISP was cracked a few years ago when someone sniffed an admin's password from out of the wild. The admin was on a cable system, the cracker was on the same local segment. > Fact is that with telnet opened, I rarely get any login attempts on it. > But the minute I opened SSH, I started to see intrusion attempts. Yep- nobody ever tries to crack us over Telnet; SSH attempts number in the thousands. (Note that we use telnet for transport, but wrote LGI routines for handling passwords, and encrypt the traffic. That still leaves the even more remote chance that someone could successfullly take over an active session by spoofing an end user's IP address... and our newest client uses SSH by default; customers can select telnet if they wish.) > real life, because Telnet is no longer considered an active protocol, it > isn't used by hackers and is thus more secure than SHH. Security by obscurity... nice feature, but don't rely on it. ------------------------------ Date: Sun, 24 Jun 2007 12:05:41 -0700 From: Neil Rieck Subject: Re: Suggestion for VMS: compression/deconpression architecture Message-ID: <1182711941.088021.234700@u2g2000hsc.googlegroups.com> On Jun 23, 5:57 am, JF Mezei wrote: [...snip...] > > VMS has had its own LIBRARY format which can do compression and store > multiple "files". And it has had "BACKUP" to create savesets as well. > > But out in the real world, there is TAR ZIP GZ SIT UUENCODE, MIME and > some newer formats such as RAR PAR and YENC and I am sure there are > others and more to come. As well, there are the proprietary formats used > by the commercial Linux packages. > > What would be node would be a standard command interface that could > handle any of these formats by the presence of some shareable image to > handle that format (like CONVERT/DOCUMENT does). > [...snip...] Under OpenVMS-8.3, ZLIB based compression has been built into $BACKUP. Maybe this first-step will enable others to implement your idea. Neil Rieck Kitchener/Waterloo/Cambridge, Ontario, Canada. http://www3.sympatico.ca/n.rieck/ ------------------------------ End of INFO-VAX 2007.343 ************************