INFO-VAX Thu, 05 Jul 2007 Volume 2007 : Issue 364 Contents: active/active MSA1000 firmware with DS-KGPSA-DA ? Re: Another opportunity Re: Another opportunity Re: Another opportunity Re: Another opportunity Re: Another opportunity Re: Another opportunity Re: Another opportunity Re: Another opportunity Re: Anyone know why the Alpha market is so so quiet? RE: Anyone know why the Alpha market is so so quiet? Book: Inside the Machine Re: Book: Inside the Machine Re: Could Tom Perkins save VMS ? Re: Could Tom Perkins save VMS ? RE: Could Tom Perkins save VMS ? Re: Could Tom Perkins save VMS ? Re: Could Tom Perkins save VMS ? Re: Could Tom Perkins save VMS ? RE: HP "Support" for OpenVMS RE: HP "Support" for OpenVMS Re: HP "Support" for OpenVMS Re: HP "Support" for OpenVMS Re: HP "Support" for OpenVMS RE: HP "Support" for OpenVMS RE: HP "Support" for OpenVMS Re: IP Lease Re: IP Lease RE: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: July the 4th Re: July the 4th Re: July the 4th Re: July the 4th Memory problem Re: Memory problem Re: Memory problem Re: Memory problem Re: Memory problem Re: Memory problem Re: Memory problem Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: Question for the Group Re: Question on FCS vs RMS on PDP11 RSX Re: SAMBA External Field Test Announcement Re: Ten years ago... RE: Top ten dead or dying computer skills (guess what's NOT on the list!) list!) Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Re: Upgrading Firmware on Itanium FC cards. Re: Upgrading Firmware on Itanium FC cards. Re: Upgrading Firmware on Itanium FC cards. Re: Upgrading Firmware on Itanium FC cards. Re: VMS security vulnerability (POP server) Re: What happen to the Deathrow cluster Re: What happen to the Deathrow cluster Re: What happen to the Deathrow cluster Re: What happen to the Deathrow cluster Re: What happen to the Deathrow cluster Re: XML for VMS Re: XML for VMS Re: XML for VMS Re: XML for VMS Re: XML for VMS Re: XML for VMS Re: XML for VMS ---------------------------------------------------------------------- Date: Thu, 5 Jul 2007 13:02:28 +0100 From: Anton Shterenlikht Subject: active/active MSA1000 firmware with DS-KGPSA-DA ? Message-ID: <20070705120228.GA22976@mech-aslap33.men.bris.ac.uk> I've ds10l under VMS 8.3 with 2gb fc hba (DS-KGPSA-DA) that I want to connected to MSA1000 (firmware 4.32.B300). I'd like to upgrade the firmware on MSA1000. The latest firmware for MSA1000 is Version: v7.00 A/A Firmware (19 Feb 2007) Operating System(s): OpenVMS v7, OpenVMS v8.2, OpenVMS v8.2-1, OpenVMS v8.3, Tru64 UNIX 5.x However, when I look into this manual: HP StorageWorks 1500 cs Modular Smart Array Compatibility Guide for Dual Active Controllers Only, Firmware: Active/Active V7.0 or higher, MSA Support CD 7.57 or later my card is not listed, only KGPSA-SA (1gb). In addition, I only have one controller at the moment. On the other hand the previos version looks like it is not supported under VMS 8.3: Version: 4.48 Active/Passive FW (13 Nov 2005) Operating System(s): OpenVMS v7, OpenVMS v8.2, OpenVMS v8.2-1, Tru64 UNIX 4.x, Tru64 UNIX 5.x In addition, HP StorageWorks MSA1000 Active/Passive Compatibility Guide (August 2004) does not mention VMS at all. So I'm not sure if I should try to upgrade the firmware on MSA1000. Any advice? thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Thu, 05 Jul 2007 10:10:50 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: Another opportunity Message-ID: Richard B. Gilbert wrote: > DCL was not really intended as a utility programming language although > some people use it that way. I have heard a report of a DCL program > that occupies 400 pages of "greenbar" paper. Whatever it was should > probably have been written in some other language. I suspect that it's > a nightmare to maintain! > > The biggest piece of DCL that I ever wrote is about six pages and a > couple of those pages are devoted to comments. > Wasn't (isn't) VMSINSTAL.COM one of the most complex "programs" written i DCL ? And, besides, it has never failed me... :-) Jan-Erik. ------------------------------ Date: Thu, 5 Jul 2007 10:49:08 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Another opportunity Message-ID: In article <468C55C6.6080600@comcast.net>, "Richard B. Gilbert" writes: > DCL was not really intended as a utility programming language although > some people use it that way. I have heard a report of a DCL program > that occupies 400 pages of "greenbar" paper. There are MUCH larger procedures around! > Whatever it was should > probably have been written in some other language. I suspect that it's > a nightmare to maintain! It might be generated automatically (perhaps by another DCL procedure). Unless performance is really an issue---and in many cases it isn't---things like log files, F$VERIFY, SET PREFIX etc can make debugging much easier. ------------------------------ Date: 5 Jul 2007 07:16:20 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: Another opportunity Message-ID: In article , =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= writes: > Richard B. Gilbert wrote: > >> DCL was not really intended as a utility programming language although >> some people use it that way. I have heard a report of a DCL program >> that occupies 400 pages of "greenbar" paper. Whatever it was should >> probably have been written in some other language. I suspect that it's >> a nightmare to maintain! >> >> The biggest piece of DCL that I ever wrote is about six pages and a >> couple of those pages are devoted to comments. >> > > Wasn't (isn't) VMSINSTAL.COM one of the most complex "programs" > written i DCL ? > > And, besides, it has never failed me... :-) How many kits using it do you write each year ? If any of those kits have bugs, your programming environment (VMSINSTAL.COM) has failed you. ------------------------------ Date: Thu, 05 Jul 2007 09:05:43 -0400 From: "Richard B. Gilbert" Subject: Re: Another opportunity Message-ID: <468CECA7.8070906@comcast.net> Jan-Erik Söderholm wrote: > Richard B. Gilbert wrote: > >> DCL was not really intended as a utility programming language although >> some people use it that way. I have heard a report of a DCL program >> that occupies 400 pages of "greenbar" paper. Whatever it was should >> probably have been written in some other language. I suspect that >> it's a nightmare to maintain! >> >> The biggest piece of DCL that I ever wrote is about six pages and a >> couple of those pages are devoted to comments. >> > > Wasn't (isn't) VMSINSTAL.COM one of the most complex "programs" > written i DCL ? > > And, besides, it has never failed me... :-) > > Jan-Erik. Complexity and size don't have a one-to-one relationship! ------------------------------ Date: Thu, 05 Jul 2007 09:13:01 -0400 From: "Richard B. Gilbert" Subject: Re: Another opportunity Message-ID: <468CEE5D.8060801@comcast.net> Phillip Helbig---remove CLOTHES to reply wrote: > In article <468C55C6.6080600@comcast.net>, "Richard B. Gilbert" > writes: > > >>DCL was not really intended as a utility programming language although >>some people use it that way. I have heard a report of a DCL program >>that occupies 400 pages of "greenbar" paper. > > > There are MUCH larger procedures around! > > >>Whatever it was should >>probably have been written in some other language. I suspect that it's >>a nightmare to maintain! > > > It might be generated automatically (perhaps by another DCL procedure). > > Unless performance is really an issue---and in many cases it > isn't---things like log files, F$VERIFY, SET PREFIX etc can make > debugging much easier. > Ever try to find a missing "ENDIF" in 4000 lines of code? Code that someone else wrote? I tried but, AFAIK, it's still missing. This was ca. 1993 and Charlie Hammond's DCL checker was not available. ------------------------------ Date: Thu, 05 Jul 2007 11:24:20 -0400 From: JF Mezei Subject: Re: Another opportunity Message-ID: <5b9a$468d0d52$cef8887a$7950@TEKSAVVY.COM> Richard B. Gilbert wrote: > Ever try to find a missing "ENDIF" in 4000 lines of code? You can't find it if it isn't in the code :-) ------------------------------ Date: Thu, 05 Jul 2007 10:48:00 -0500 From: David J Dachtera Subject: Re: Another opportunity Message-ID: <468D12B0.39A204A5@spam.comcast.net> "Richard B. Gilbert" wrote: > > Arne Vajhøj wrote: > > Richard B. Gilbert wrote: > > > >> How would you "improve' DCL. Since they added IF/THEN/ELSE a few > >> years ago, it's been just about perfect. :-) > > > > > > If DCL was to be redone today, then it would be different. > > > > More and better control structure, more data types, extension > > mechanism (read: user defined lexicals) etc.. > > > > I don't think it will happen. > > > > A server shell language is not a sales point today. > > > > If a VMS user wants something else, then they can > > look at Perl or Python. > > > > Arne > > DCL was not really intended as a utility programming language although > some people use it that way. I have heard a report of a DCL program > that occupies 400 pages of "greenbar" paper. Whatever it was should > probably have been written in some other language. I suspect that it's > a nightmare to maintain! > > The biggest piece of DCL that I ever wrote is about six pages and a > couple of those pages are devoted to comments. I wrote some backup code for a previous site that was 44 individual proc.'s, over 4400 lines including comments (roughly 73 printed pages). I made it modular to maximize maintainability. I currently have some code (eleven DCL proc.'s, including one central utility proc. as an interface to EMC's SMYCLI ("TIMEFINDER")) that generates SLS *_SBK.COM files to provide for backups of our BCVs. The main driving configuration is the SYMAPI database - no DCL code needs to be changed when BCV group memberships change. -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 05 Jul 2007 10:48:58 -0500 From: David J Dachtera Subject: Re: Another opportunity Message-ID: <468D12EA.79ABC3AC@spam.comcast.net> Arne Vajhøj wrote: > > Richard B. Gilbert wrote: > > How would you "improve' DCL. Since they added IF/THEN/ELSE a few years > > ago, it's been just about perfect. :-) > > If DCL was to be redone today, then it would be different. > > More and better control structure, more data types, extension > mechanism (read: user defined lexicals) etc.. > > I don't think it will happen. > > A server shell language is not a sales point today. > > If a VMS user wants something else, then they can > look at Perl or Python. Which of those ships as part of the base o.s. and so is guaranteed to be found on every VMS installation, past and present? -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 5 Jul 2007 11:03:33 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: Anyone know why the Alpha market is so so quiet? Message-ID: In article <468c1ce7$0$90273$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >Main, Kerry wrote: >>> But the conclusion is that Kerry arguments against Linux does not >>> hold water. >>> >>> Because if those systems where running Linux - how many security >>> patches would have been installed on them in that period ? > >> Thank you - you just made my point. >> >> :-) > >The answer is zero. > >> With 5-20 Linux (and Windows) security patches being released each >> and every month, this company would not get approval from the >> business units to test and apply all these patches against all the >> important apps, > >Yep. > >Noone would even ask them, because noone would want to apply >all those patches. > >> so the business would have to risk not being hacked >> with all of these well documented security patches not being applied. > > >> With 50-60% of all security issues being internal related, that is a >> huge risk. > >I don't think so. > >You seem to think that all security patches apply to all systems they >do not. > >Systems that live a nice comfortable life far away from internet and >PC's do not get all those patches. > If there is a hole in a service which is accessible to users then that system needs patching - it doesn't matter whether the system is directly accessible from the internet or not. Attack from organisational insiders has long been recognised as a bigger security problem than attacks from the internet. The first priority for patching servers will probably be those which allow remote access without user interaction on the server and massively compromise the system. However less critical bugs which just allow remote access and give the attacker a connection running at low privilege or bugs which just allow local privilege escalation also need fixing since the application of groups of these bugs together can result in the same massively compromised system. Even bugs which just provide sensitive information about the system or users should be fixed since such information is often useful to the attacker. David Webb Security team leader CCSS Middlesex University >> And think about this in the financial sector with systems running >> billions (and in some OpenVMS systems, trillions) of $'s through >> their systems daily, weekly, monthly. With all of the internal people >> taking laptops, PDA's back and forth to home, on the road and work >> etc all open for Trojans, worms etc that are looking for systems with >> documented holes to exploit. >> >> It really blows me away that serious financial institutions can >> justify moving to Linux (Windows) with so many monthly security >> patches being released each and every month. >> >> I can only believe that the managers involved have no idea of the >> security issues their techies or those pushing these platforms are >> exposing the business to. > >Some may not. > >Other may actually understand the different security requirement for >different types of systems. > >Arne ------------------------------ Date: Thu, 5 Jul 2007 07:14:35 -0400 From: "Main, Kerry" Subject: RE: Anyone know why the Alpha market is so so quiet? Message-ID: > -----Original Message----- > From: Arne Vajh=F8j [mailto:arne@vajhoej.dk] > Sent: July 4, 2007 6:19 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Anyone know why the Alpha market is so so quiet? >=20 > Main, Kerry wrote: > >> But the conclusion is that Kerry arguments against Linux does not > >> hold water. > >> > >> Because if those systems where running Linux - how many security > >> patches would have been installed on them in that period ? >=20 > > Thank you - you just made my point. > > > > :-) >=20 > The answer is zero. >=20 > > With 5-20 Linux (and Windows) security patches being released each > > and every month, this company would not get approval from the > > business units to test and apply all these patches against all the > > important apps, >=20 > Yep. >=20 > Noone would even ask them, because noone would want to apply > all those patches. >=20 > > so the business would have to risk not being hacked > > with all of these well documented security patches not being > applied. > > > > With 50-60% of all security issues being internal related, that is a > > huge risk. >=20 > I don't think so. >=20 How can one not think that having important or critical systems with a = huge number of outstanding and documented security patches is not a risk = to the business? > You seem to think that all security patches apply to all systems they > do not. >=20 Arne - with all due respect, you are looking at this from an individual = Developers perspective - not from a practical Operations view i.e. = theoretically, you should be able to ... The point is that in a med to large DC, there are very few environments = whereby the OPS folks understand or even know what the Developers are = running on their systems from the point of view of what each service/app = requires. Heck, most environments do not even know what their prod = systems requires from an individual service perspective as they just = follow the installation directions they are given.=20 In addition, most shops try to maintain a std OS image as maintaining = multiple systems with multiple patch versions is almost impossible to = maintain when you have a med-large DC with hundreds of systems (and some = Cust's have thousands of Wintel systems WW). I would say a small DC is = anything less than 100 systems. =20 OPS will first introduce the security patches to Dev systems, then QA = and then production.=20 > Systems that live a nice comfortable life far away from internet and > PC's do not get all those patches. >=20 Again, remember what analysts state - 50-60% of all security issues are = internally initiated - not from the Internet. Disgruntled employees are = only one source of the problem. Today, you have almost every Sales, Marketing, Support resources person = their laptops, PDA's, memory sticks, Cell phones back and forth from = external networks (home, airports, hotels, foreign countries) to = internal networks each and every day. Each time one of those devices goes home and comes back, there is a = chance that it picked up some self propagating Trojan, worm, virus etc = that is looking for known security holes to exploit on internal servers. = How many employees can say their home, hotel or airport networks are as = secure as their work environment? SQL Slammer was a great example of this. > > And think about this in the financial sector with systems running > > billions (and in some OpenVMS systems, trillions) of $'s through > > their systems daily, weekly, monthly. With all of the internal > people > > taking laptops, PDA's back and forth to home, on the road and work > > etc all open for Trojans, worms etc that are looking for systems > with > > documented holes to exploit. > > > > It really blows me away that serious financial institutions can > > justify moving to Linux (Windows) with so many monthly security > > patches being released each and every month. > > > > I can only believe that the managers involved have no idea of the > > security issues their techies or those pushing these platforms are > > exposing the business to. >=20 > Some may not. >=20 > Other may actually understand the different security requirement for > different types of systems. >=20 > Arne You need to think about this from a practical viewpoint. Most Dev = systems use copies of production data, so even Dev systems need to have = a high level of focus from an overall security perspective.=20 Heck, even laptops of developers sometimes have copies of prod data on = them (as the highly visible stolen VA laptop highlighted). And so, I still maintain that managers really have no idea of the = security issues that they are at risk from. To most managers, security = issues are something you worry about after a breach or data integrity = issue is exposed. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Thu, 05 Jul 2007 04:35:18 -0700 From: Neil Rieck Subject: Book: Inside the Machine Message-ID: <1183635318.714696.58820@m36g2000hse.googlegroups.com> Every 5 years (or so) I buy a book in order to keep up with recent changes in popular computer technology. I just purchased "Inside the Machine: An Illustrated Introduction to Microprocessors and Computer Architecture" and am surprised by the detail provided in this 2007 book. It covers IBM's PowerPC and Intel's Pentium technology through to Core2 Duo. There is a chapter on AMD's x86-64. Itanium is only mentioned in passing. There is no mention of Alpha, PA-RISC, or SPARC. If you're interested, you can browse through 30 pages of this book for free at www.amazon.com Neil Rieck Kitchener/Waterloo/Cambridge, Ontario, Canada. http://www3.sympatico.ca/n.rieck/ ------------------------------ Date: Thu, 05 Jul 2007 13:07:45 -0400 From: Chip Coldwell Subject: Re: Book: Inside the Machine Message-ID: Neil Rieck writes: > Every 5 years (or so) I buy a book in order to keep up with recent > changes in popular computer technology. I just purchased "Inside the > Machine: An Illustrated Introduction to Microprocessors and Computer > Architecture" and am surprised by the detail provided in this 2007 > book. It covers IBM's PowerPC and Intel's Pentium technology through > to Core2 Duo. There is a chapter on AMD's x86-64. Itanium is only > mentioned in passing. There is no mention of Alpha, PA-RISC, or SPARC. The author, Jon Stokes, is "Hannibal" on Ars Technica. http://arstechnica.com/ Chip ------------------------------ Date: 5 Jul 2007 11:51:22 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Could Tom Perkins save VMS ? Message-ID: <5f449qF3b97qoU1@mid.individual.net> In article , JF Mezei writes: > http://www.wired.com/culture/design/magazine/15-07/ff_boat > > Tom Perkins (former HP board member who left during that unethical > inquiry) built himself a new small sailboat. (click on the photo at the > to for the image gallery, but that requires javascript). > > Note the last paragraph in the article where Perkins says he doesn't > want his new ship being controller by Bill gates and having to > alt-ctrl-del all the time. > > Perkins is a venture capitalist. His little new sailboat shows that he > does have some spare pocket change. > > I wonder if it might be possible to approach Perkins and suggest to him > that he buy VMS from HP and then get Bruden, Process and Hoffmanlabs to > to the system maintenance sales etc ? If he is a truly successful venture capitalist then he knows where the real money is. At this point, I doubt he would be at all interested in buying VMS. One does not make money by investing on someone's religious fanaticicsm. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 5 Jul 2007 07:26:31 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Could Tom Perkins save VMS ? Message-ID: In article <5f449qF3b97qoU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > > If he is a truly successful venture capitalist then he knows > where the real money is. At this point, I doubt he would be > at all interested in buying VMS. One does not make money by > investing on someone's religious fanaticicsm. Worked for the Bakers. ------------------------------ Date: Thu, 5 Jul 2007 08:51:41 -0500 From: "Paul Raulerson" Subject: RE: Could Tom Perkins save VMS ? Message-ID: <002101c7bf0b$9e2f8b90$da8ea2b0$@com> Are you saying the VMS is the Scientology of the IT world? I mean, that SF writer that started Scientology tolk Hienlein and Dickson and Anderson and such that the way to get rich was to start a new religion. Apparently, it works... -Paul > -----Original Message----- > From: bill@triangle.cs.uofs.edu [mailto:bill@triangle.cs.uofs.edu] On > Behalf Of Bill Gunshannon > Sent: Thursday, July 05, 2007 6:51 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Could Tom Perkins save VMS ? > > In article , > JF Mezei writes: > > http://www.wired.com/culture/design/magazine/15-07/ff_boat > > > > Tom Perkins (former HP board member who left during that unethical > > inquiry) built himself a new small sailboat. (click on the photo at > the > > to for the image gallery, but that requires javascript). > > > > Note the last paragraph in the article where Perkins says he doesn't > > want his new ship being controller by Bill gates and having to > > alt-ctrl-del all the time. > > > > Perkins is a venture capitalist. His little new sailboat shows that > he > > does have some spare pocket change. > > > > I wonder if it might be possible to approach Perkins and suggest to > him > > that he buy VMS from HP and then get Bruden, Process and Hoffmanlabs > to > > to the system maintenance sales etc ? > > If he is a truly successful venture capitalist then he knows > where the real money is. At this point, I doubt he would be > at all interested in buying VMS. One does not make money by > investing on someone's religious fanaticicsm. > > bill > > -- > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three > wolves > bill@cs.scranton.edu | and a sheep voting on what's for dinner. > University of Scranton | > Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 05 Jul 2007 11:11:52 -0500 From: David J Dachtera Subject: Re: Could Tom Perkins save VMS ? Message-ID: <468D1848.C4144004@spam.comcast.net> Bill Gunshannon wrote: > > In article , > JF Mezei writes: > > http://www.wired.com/culture/design/magazine/15-07/ff_boat > > > > Tom Perkins (former HP board member who left during that unethical > > inquiry) built himself a new small sailboat. (click on the photo at the > > to for the image gallery, but that requires javascript). > > > > Note the last paragraph in the article where Perkins says he doesn't > > want his new ship being controller by Bill gates and having to > > alt-ctrl-del all the time. > > > > Perkins is a venture capitalist. His little new sailboat shows that he > > does have some spare pocket change. > > > > I wonder if it might be possible to approach Perkins and suggest to him > > that he buy VMS from HP and then get Bruden, Process and Hoffmanlabs to > > to the system maintenance sales etc ? > > If he is a truly successful venture capitalist then he knows > where the real money is. At this point, I doubt he would be > at all interested in buying VMS. One does not make money by > investing on someone's religious fanaticicsm. I think you've confused a Canadian (understanding the profit potential of a product = business acumen) with someone from Ohio. -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: 5 Jul 2007 17:00:22 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Could Tom Perkins save VMS ? Message-ID: <5f4md5F3a7rgpU4@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <5f449qF3b97qoU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >> >> If he is a truly successful venture capitalist then he knows >> where the real money is. At this point, I doubt he would be >> at all interested in buying VMS. One does not make money by >> investing on someone's religious fanaticicsm. > > Worked for the Bakers. They did not invest a dime in someone else's religious fanaticicsm. They got the religious fanatics to flush their money down the toilet by sending it to them. You are trying to equate Tom Perkins with the fanatics rather than the Bakers. Personally, I wouldn't equate him with either. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 5 Jul 2007 17:02:07 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Could Tom Perkins save VMS ? Message-ID: <5f4mgfF3a7rgpU5@mid.individual.net> In article <002101c7bf0b$9e2f8b90$da8ea2b0$@com>, "Paul Raulerson" writes: > Are you saying the VMS is the Scientology of the IT world? I mean, > that SF writer that started Scientology tolk Hienlein and Dickson and > Anderson and such that the way to get rich was to start a new religion. > Apparently, it works... Yeah, L. Ron Hubbard is one of the richest guys in the cemetary. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 5 Jul 2007 08:09:50 -0400 From: "Main, Kerry" Subject: RE: HP "Support" for OpenVMS Message-ID: > -----Original Message----- > From: Michael Kraemer [mailto:M.Kraemer@gsi.de] > Sent: July 4, 2007 5:17 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: HP "Support" for OpenVMS >=20 > Main, Kerry schrieb: >=20 > > > > Wrong .. IBM has many internal businesses with their view of the > future > > just like HP does. Overall, however, if you were moving off AIX, > they > > would push you towards another IBM platform - likely Linux. > > > > Reference: (from 2003, but shows internal battles) > > http://news.com.com/2100-1001-982512.html?tag=3Dfd_lede2_hed > > "IBM: Linux is the 'logical successor'" > > > > "Asked whether IBM's eventual goal is to replace AIX with Linux, > Mills > > responded, "It's fairly obvious we're fine with that idea...It's the > > logical successor." > > >=20 > Oh come on, this is pretty ancient (2003) stuff, and, BTW, > he dropped those words on the occasion of a Linux convention. > What should he say there, that Linux sucks and AIX rules ? >=20 You missed my point. Do I think AIX will be dropped? Of course not. But the point of the article emphasizes the internal back and forth positioning between different groups in large companies.=20 This article might be compared to the one that JF keeps bring up many years ago about when Scott Stallard stated about OpenVMS moving eventually to HP-UX. What do you think the AIX group felt like when that AIX to Linux public statement by the VP of IBM Software was published?=20 Do not think a few internal emails and heated discussions were generated over that public statement? :-) However, if an AIX Customer is bent on moving to some other UNIX platform like Linux, you can be 100% sure that IBM will want that Cust's target system environment to be Linux on IBM servers (x86 or z/OS partions). Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: 5 Jul 2007 07:18:38 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: RE: HP "Support" for OpenVMS Message-ID: In article <000501c7be56$b05dca30$11195e90$@com>, "Paul Raulerson" writes: > > An awful lot of that capability came out of competing software business > groups, where the hardware guys said... MMMM.... and presented their > hardware as "the answer" to the software guys. Seems to have worked, and > there is little or no psychotic splits going on right now. Except for the > Rational Rose guys trying to sell the idea that Yourdon style design can > instantly rewrite (or :refactor:) 20 to 40 years of code base. It's fun to > watch one of those guys say "This software is 30 years old! We can improve > it a LOT! Where's the source code to it?" Their faces do some amazing things > when you tell 'em the source code was lost sometime in the 1980's and nobody > has gotten around to re-writing it yet. Last month I was at the Rational Users Group meeting (open to non-members) where some of the IBM guys tried to convince us that old software wears out (my words, they said somethjing like "gets ratty"). I've seen software with time related issues, but I've never seen any wear out. ------------------------------ Date: Thu, 05 Jul 2007 05:29:53 -0700 From: AEF Subject: Re: HP "Support" for OpenVMS Message-ID: <1183638593.506690.121240@r34g2000hsd.googlegroups.com> On Jul 5, 8:18 am, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article <000501c7be56$b05dca30$11195e90$@com>, "Paul Raulerson" writes: > > > An awful lot of that capability came out of competing software business > > groups, where the hardware guys said... MMMM.... and presented their > > hardware as "the answer" to the software guys. Seems to have worked, and > > there is little or no psychotic splits going on right now. Except for the > > Rational Rose guys trying to sell the idea that Yourdon style design can > > instantly rewrite (or :refactor:) 20 to 40 years of code base. It's fun to > > watch one of those guys say "This software is 30 years old! We can improve > > it a LOT! Where's the source code to it?" Their faces do some amazing things > > when you tell 'em the source code was lost sometime in the 1980's and nobody > > has gotten around to re-writing it yet. > > Last month I was at the Rational Users Group meeting (open to > non-members) where some of the IBM guys tried to convince us that old > software wears out (my words, they said somethjing like "gets > ratty"). Did they offer a mechanism for this? Has logic changed over the years? ;-) > > I've seen software with time related issues, but I've never seen any > wear out. Well, I could see that being the case with Windows software, except that I would expect it to be a case of "planned obsolescence". >----o----< Yes, I've heard people make excuses for old systems running poorly because they're "old". I guess new bugs are better than old bugs! AEF ------------------------------ Date: Thu, 05 Jul 2007 09:28:54 -0400 From: "Richard B. Gilbert" Subject: Re: HP "Support" for OpenVMS Message-ID: <468CF216.1060708@comcast.net> Bob Koehler wrote: > In article <000501c7be56$b05dca30$11195e90$@com>, "Paul Raulerson" writes: > >>An awful lot of that capability came out of competing software business >>groups, where the hardware guys said... MMMM.... and presented their >>hardware as "the answer" to the software guys. Seems to have worked, and >>there is little or no psychotic splits going on right now. Except for the >>Rational Rose guys trying to sell the idea that Yourdon style design can >>instantly rewrite (or :refactor:) 20 to 40 years of code base. It's fun to >>watch one of those guys say "This software is 30 years old! We can improve >>it a LOT! Where's the source code to it?" Their faces do some amazing things >>when you tell 'em the source code was lost sometime in the 1980's and nobody >>has gotten around to re-writing it yet. > > > Last month I was at the Rational Users Group meeting (open to > non-members) where some of the IBM guys tried to convince us that old > software wears out (my words, they said somethjing like "gets > ratty"). > > I've seen software with time related issues, but I've never seen any > wear out. > There are three kinds of maintenance: 1. Corrective (fix the bug) 2. Adaptive (The world changed, the software must now change also) 3. Perfective (make it faster, smarter. . . .) Adaptive is the killer. You run into things like the sales tax law changing; not just the rate (a two minute fix) but what the tax applies to which could mean a complete rewrite. ------------------------------ Date: Thu, 05 Jul 2007 06:30:56 -0700 From: "Tom Linden" Subject: Re: HP "Support" for OpenVMS Message-ID: On Thu, 05 Jul 2007 05:18:38 -0700, Bob Koehler wrote: > In article <000501c7be56$b05dca30$11195e90$@com>, "Paul Raulerson" > writes: >> >> An awful lot of that capability came out of competing software business >> groups, where the hardware guys said... MMMM.... and presented their >> hardware as "the answer" to the software guys. Seems to have worked, and >> there is little or no psychotic splits going on right now. Except for >> the >> Rational Rose guys trying to sell the idea that Yourdon style design >> can >> instantly rewrite (or :refactor:) 20 to 40 years of code base. It's fun >> to >> watch one of those guys say "This software is 30 years old! We can >> improve >> it a LOT! Where's the source code to it?" Their faces do some amazing >> things >> when you tell 'em the source code was lost sometime in the 1980's and >> nobody >> has gotten around to re-writing it yet. > > Last month I was at the Rational Users Group meeting (open to > non-members) where some of the IBM guys tried to convince us that old > software wears out (my words, they said somethjing like "gets > ratty"). > > I've seen software with time related issues, but I've never seen any > wear out. > There was a study which appeared in the IBM Systems Journal, IIRC, in the late 60's which studied a large number os software systems from the point of view of maintenance costs, and what they found was that it was a convex function with a minimum occurring at year 7 after deployment, then rising fairly rapidly, from which they concluded it was cheaper to replace than repair. Of course, that was then and a lot of factors were ignored, and maybe it was slanted towards selling new systems. -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 5 Jul 2007 08:56:27 -0500 From: "Paul Raulerson" Subject: RE: HP "Support" for OpenVMS Message-ID: <002201c7bf0c$488643e0$d992cba0$@com> Yep, the current silly season seems to be planned obsolesces for software. I wonder... could it be that Microsoft has bribed a few of them? What kind of laptops are they using??!!! The fact so clearly indicate that well written software - or even poorly written software - that clearly meets the need it was written for has a very long lifetime indeed. How many of us have written a quick "hack" to fix something, intending it to be just a temporary fix - and find it still running 5 years or more later? (*sigh*) I really like Ed, but sometimes his ideas are just a little too radical for my reality to encompass. ;) -Paul > -----Original Message----- > From: Bob Koehler [mailto:koehler@eisner.nospam.encompasserve.org] > Sent: Thursday, July 05, 2007 7:19 AM > To: Info-VAX@Mvb.Saic.Com > Subject: RE: HP "Support" for OpenVMS > > In article <000501c7be56$b05dca30$11195e90$@com>, "Paul Raulerson" > writes: > > > > An awful lot of that capability came out of competing software > business > > groups, where the hardware guys said... MMMM.... and presented their > > hardware as "the answer" to the software guys. Seems to have worked, > and > > there is little or no psychotic splits going on right now. Except for > the > > Rational Rose guys trying to sell the idea that Yourdon style design > can > > instantly rewrite (or :refactor:) 20 to 40 years of code base. It's > fun to > > watch one of those guys say "This software is 30 years old! We can > improve > > it a LOT! Where's the source code to it?" Their faces do some amazing > things > > when you tell 'em the source code was lost sometime in the 1980's and > nobody > > has gotten around to re-writing it yet. > > Last month I was at the Rational Users Group meeting (open to > non-members) where some of the IBM guys tried to convince us that > old > software wears out (my words, they said somethjing like "gets > ratty"). > > I've seen software with time related issues, but I've never seen any > wear out. ------------------------------ Date: Thu, 5 Jul 2007 17:07:09 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: RE: HP "Support" for OpenVMS Message-ID: In article <002201c7bf0c$488643e0$d992cba0$@com>, "Paul Raulerson" writes: >Yep, the current silly season seems to be planned obsolesces for software. I >wonder... could it be that Microsoft has bribed a few of them? What kind of >laptops are they using??!!! > >The fact so clearly indicate that well written software - or even poorly >written software - that clearly meets the need it was written for has a very >long lifetime indeed. How many of us have written a quick "hack" to fix >something, intending it to be just a temporary fix - and find it still >running 5 years or more later? (*sigh*) > >I really like Ed, but sometimes his ideas are just a little too radical for >my reality to encompass. ;) Microsoft generation. Any piece of software more than a few years old must either be falling over from unpatched bugs or security holes or has been patched so much that it has become a rat-infested maze of code :) David Webb Security team leader CCSS Middlesex University > >-Paul > >> -----Original Message----- >> From: Bob Koehler [mailto:koehler@eisner.nospam.encompasserve.org] >> Sent: Thursday, July 05, 2007 7:19 AM >> To: Info-VAX@Mvb.Saic.Com >> Subject: RE: HP "Support" for OpenVMS >> >> In article <000501c7be56$b05dca30$11195e90$@com>, "Paul Raulerson" >> writes: >> > >> > An awful lot of that capability came out of competing software >> business >> > groups, where the hardware guys said... MMMM.... and presented their >> > hardware as "the answer" to the software guys. Seems to have worked, >> and >> > there is little or no psychotic splits going on right now. Except for >> the >> > Rational Rose guys trying to sell the idea that Yourdon style design >> can >> > instantly rewrite (or :refactor:) 20 to 40 years of code base. It's >> fun to >> > watch one of those guys say "This software is 30 years old! We can >> improve >> > it a LOT! Where's the source code to it?" Their faces do some amazing >> things >> > when you tell 'em the source code was lost sometime in the 1980's and >> nobody >> > has gotten around to re-writing it yet. >> >> Last month I was at the Rational Users Group meeting (open to >> non-members) where some of the IBM guys tried to convince us that >> old >> software wears out (my words, they said somethjing like "gets >> ratty"). >> >> I've seen software with time related issues, but I've never seen any >> wear out. > > ------------------------------ Date: Wed, 4 Jul 2007 23:56:38 -0700 From: "John Gemignani, Jr." Subject: Re: IP Lease Message-ID: "Tom Linden" wrote in message news:op.tuoya1kp8vlggw@murphus.linden... > This is somewhat OT. > > From home I use PuTTY SSH on an XP laptop through a wireless router > attached to > Comcast cable to access the VMS cluster. If I go to another window for a > while > and return to the VMS session the connection gets closed, so I tried > opening > another window and ran a script which just loops endlessly > $ start: > $ sho time > $ wait 00:01 > $ goto start > > but it only keeps that window alive, so I guess that the two sessions have > different IPs. Don't suppose there is any way of doing this? > -- > PL/I for OpenVMS > www.kednos.com I bet that NAT is dropping your translation entry due to inactivity. I used the very same thing that you did ... putty from XP through a wireless router through DSL to a VMS cluster. I never had the problem on my network, though. John ------------------------------ Date: Thu, 05 Jul 2007 07:35:53 -0700 From: "Tom Linden" Subject: Re: IP Lease Message-ID: On Wed, 04 Jul 2007 23:56:38 -0700, John Gemignani, Jr. wrote: > > "Tom Linden" wrote in message > news:op.tuoya1kp8vlggw@murphus.linden... >> This is somewhat OT. >> >> From home I use PuTTY SSH on an XP laptop through a wireless router >> attached to >> Comcast cable to access the VMS cluster. If I go to another window for >> a >> while >> and return to the VMS session the connection gets closed, so I tried >> opening >> another window and ran a script which just loops endlessly >> $ start: >> $ sho time >> $ wait 00:01 >> $ goto start >> >> but it only keeps that window alive, so I guess that the two sessions >> have >> different IPs. Don't suppose there is any way of doing this? >> -- >> PL/I for OpenVMS >> www.kednos.com > > I bet that NAT is dropping your translation entry due to inactivity. I > used > the very same thing that you did ... putty from XP through a wireless > router > through DSL to a VMS cluster. I never had the problem on my network, > though. Yes, I think you are right, it doesn't happen when I am directly connected, of course, but when at home I go through the wireless router connected to Comcast cable or away wireless through Verizon, and in the latter two cases the connection gets dropped. BTW, If submit the above script as a batch job, how do I direct the ouput to window from which it was launched to see if it keeps it alive? > > John > > -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 5 Jul 2007 07:33:51 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: > -----Original Message----- > From: Arne Vajh=F8j [mailto:arne@vajhoej.dk] > Sent: July 4, 2007 6:31 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? >=20 [big snip ...] > >> Let us understand that out in the real world companies are moving > >> to Linux. > > > > Absolutely. But lets not pretend that Linux is going to take over > > the world and that serious IT shops will not soon realize the real > > costs of adopting a platform that has 5-20 security patches released > > each and every month. >=20 > Linux will not take over the world next year. >=20 > The patch problem is not really a problem. So do not expect that > to have any effect. >=20 You are looking at this from a developer who wants to believe this = perspective - not from a reality Operations view.=20 Most BU's do not care what the IT group uses as platforms, but they do = expect that there will be slim to zero security issues and for that = these BU's and senior managers have near zero tolerance. If a major breach is exposed or incident happens because IT did not = apply a known patch to a specific documented security issue, who's head = do you think will be served up on a platter?=20 The Dev group? No.=20 The Operations group - you bet. Hence, the focus on security is always = more prevalent from an Operations perspective than a developers = perspective. > > And for those that think they can hide behind a good firewall and > not > > apply all these security patches, remember that 50-60% of all > > security issues are internal related. >=20 > Yes. >=20 > And as I have already asked in another thread without getting > an answer: how many of those 50-60% uses security holes in software ? >=20 > Arne As I mentioned in another thread, disgruntled employees using known = passwords is only one small part of the problem. [Course, the password = issues are worse on platforms that have all or user type environments, = but that is another discussion.] Re: software security - Well, what do you think, trojans, worms, viruses = on all those personal devices attack with?=20 They reside on laptops, PDA's memory sticks, cell phones and what ever = other personal devices are out there. They are all looking for known WS = and server services exploits to attack. And most traverse external and = internal networks all the time which exponentially increases the chances = of picking up some nasty bug. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Thu, 5 Jul 2007 07:41:15 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: > -----Original Message----- > From: Arne Vajh=F8j [mailto:arne@vajhoej.dk] > Sent: July 4, 2007 6:34 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? >=20 > Main, Kerry wrote: > > Here is something to consider. A new trend is developing (and being > > promoted by big SW companies like SAP) is Tier consolidation whereby > OS > > instances are reduced by placing the App server(s) on the same > server as > > the DB. Since most servers are only running less than 20% in peak > time, > > this makes a lot of sense - you just need to ensure things like > workload > > mgmt are in place to ensure one process does not do something silly > and > > impact other processes. No big deal as this has been a practice on > many > > other platforms for years (including OpenVMS). > > > > You not only eliminate OS instances, but also network latency > issues, as > > well as provide a common OS environment for doing batch jobs. > > > > Now, ask your Dev team that is hot for Linux how they plan to > address > > this growing trend in the future i.e. a common platform for the App > > server, db and batch environment. > > > > Want to bet they will say they need a separate server for each > > Application and DB? >=20 > They may or they may not. >=20 > There are nothing preventing them from doing the same thing > on Linux. >=20 > Why do you think Xen was added to RHEL 5 ? >=20 > Arne Because having servers running in peak time with only 5-15% peak = utilization is not only embarrassing, but financially unjustifiable. = Same issue with Windows and why VMware is so hot these days. But like VMware, Xen only addresses HW consolidation - not OS = consolidation. Yes, it does have some benefits in terms of HW (power, = cooling, space etc) savings. However, OS maintenance (managing, = patching, licensing, upgrading) is where the big cost savings are as = this directly relates to FTE staffing counts - by far the biggest slice = of any IT budget. OS stacking with the likes of Xen, VMware are a temporary savings. Once = this wave is near completion, the next question will be - "ok, now how = do we do OS consolidation to reduce our FTE counts"? Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Thu, 5 Jul 2007 08:47:01 -0500 From: "Paul Raulerson" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: <001b01c7bf0a$f74634a0$e5d29de0$@com> Excellent point - and don't forget, our companies spend really big bucks with SOX auditing firms to come in and audit every single one of those issues. The auditors are not always well experienced in the technologies being used, but they are usually smart enough to recognize a problem = when they see it.=20 And there are serious repercussions to failing a SOX audit - up to and including being delisted from the stock exchange and/or jail time. You = bet we take things seriously when we have our OPS hats on. And, despite all = the infrastructure design in the world, we still have to apply security = patches. Given that, we do NOT apply patches randomly or without upfront testing. Production systems are just too darn *important* to mess up. But we = *do* the testing necessary and *do* apply whatever patches are necessary. = Note that Novell has sent out at least 100 patch notices in the past 60 days = for SuSE Linux.=20 We don't get nearly as many updates for other OS's - and what we do get = are often engineering changes. That is, except for Windows and the attendant Microsoft applications. Those, we get a LOT more of. "Patch Tuesday" is = NOT a happy time in my shop! -Paul > -----Original Message----- > From: Main, Kerry [mailto:Kerry.Main@hp.com] > Sent: Thursday, July 05, 2007 6:34 AM > To: Info-VAX@Mvb.Saic.Com > Subject: RE: Is VMS losing the Financial Sector, also? >=20 >=20 > > -----Original Message----- > > From: Arne Vajh=F8j [mailto:arne@vajhoej.dk] > > Sent: July 4, 2007 6:31 PM > > To: Info-VAX@Mvb.Saic.Com > > Subject: Re: Is VMS losing the Financial Sector, also? > > >=20 > [big snip ...] >=20 > > >> Let us understand that out in the real world companies are moving > > >> to Linux. > > > > > > Absolutely. But lets not pretend that Linux is going to take over > > > the world and that serious IT shops will not soon realize the real > > > costs of adopting a platform that has 5-20 security patches > released > > > each and every month. > > > > Linux will not take over the world next year. > > > > The patch problem is not really a problem. So do not expect that > > to have any effect. > > >=20 > You are looking at this from a developer who wants to believe this > perspective - not from a reality Operations view. >=20 > Most BU's do not care what the IT group uses as platforms, but they do > expect that there will be slim to zero security issues and for that > these BU's and senior managers have near zero tolerance. >=20 > If a major breach is exposed or incident happens because IT did not > apply a known patch to a specific documented security issue, who's = head > do you think will be served up on a platter? >=20 > The Dev group? No. >=20 > The Operations group - you bet. Hence, the focus on security is always > more prevalent from an Operations perspective than a developers > perspective. >=20 > > > And for those that think they can hide behind a good firewall and > > not > > > apply all these security patches, remember that 50-60% of all > > > security issues are internal related. > > > > Yes. > > > > And as I have already asked in another thread without getting > > an answer: how many of those 50-60% uses security holes in software = ? > > > > Arne >=20 > As I mentioned in another thread, disgruntled employees using known > passwords is only one small part of the problem. [Course, the password > issues are worse on platforms that have all or user type environments, > but that is another discussion.] >=20 > Re: software security - Well, what do you think, trojans, worms, > viruses on all those personal devices attack with? >=20 > They reside on laptops, PDA's memory sticks, cell phones and what ever > other personal devices are out there. They are all looking for known > WS and server services exploits to attack. And most traverse external > and internal networks all the time which exponentially increases the > chances of picking up some nasty bug. >=20 > Regards >=20 >=20 > Kerry Main > Senior Consultant > HP Services Canada > Voice: 613-592-4660 > Fax: 613-591-4477 > kerryDOTmainAThpDOTcom > (remove the DOT's and AT) >=20 > OpenVMS - the secure, multi-site OS that just works. >=20 >=20 ------------------------------ Date: Thu, 05 Jul 2007 11:09:03 -0400 From: JF Mezei Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <90d24$468d09bd$cef8887a$5386@TEKSAVVY.COM> Mr Main, with ragards to your patches issue. In the late 1990s, the weenies would convince management to deploy Windows because it was a lot cheaper, there were a lot more available staff and it had an assured future. When asked if there was a virus problem, the answer would inevitably be "we'll set it up properly and it won't affect us". By the time they got hit with I LOVE YOU or some other debilitating event, their deployment of windows was so entrenched that it was impossible to change to a real OS so thet learned to live with it and try to minimise the damage. Your story of Vista switching back to VMS because of a windows virus is very good, but unfortunatly rare. ------------------------------ Date: Thu, 05 Jul 2007 11:19:09 -0400 From: JF Mezei Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <59b24$468d0c1b$cef8887a$7950@TEKSAVVY.COM> Main, Kerry wrote: > Because having servers > running in peak time with >only 5-15% peak utilization is >not only embarrassing, but financially > unjustifiable. 1- Please fix your client so it abides by internet standard instead of Microsoft standard and breaks lines at between 72 and 78 characters per line. Having to break your lines because your use Microsoft isn't pleasant. 2- The same can be said of mainframes. Back when MVS was called MVS, I knew of a bank that had 16 instances of MVS. One of the big problem they had was that each different application was certified to run on a certain set of middleware versions. So when a new version of CICS came out to fix a problem with application X, they would only install on on the instance running application X because applications Y and Z were not yet certified to run on CICS of that version. Because this was IBM and a BANK, the bank was able to put pressure on their software suppliers to get their act together and start having faster certification on the latest and greatest IBM versions so that the bank wouldn't need to maintain so many instances of MVS. (with CICS, IMS, DB2 all mixed in there). Fast forward to today with shrink-wrapped software. Companies don't actually have a real relationship with the windows software vendor so they have no leverage to get all software vendors to structure and package their apps so that they can co-exist on the same instance of Windows. As a result, you need separate instances of windows to run the software. But because wintel gear is cheap, low cost commodity, it really isn't a problem to have those boxes. You mention it being a problem. But consider that those companies had no problem deploying those many many 1 app servers. It is only because trade rags are now pushing for virtualisation that they are seeing pressure to also jump on the bandwagon. ------------------------------ Date: Thu, 5 Jul 2007 11:23:45 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: > -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@vaxination.ca] > Sent: July 5, 2007 11:09 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? >=20 > Mr Main, with ragards to your patches issue. >=20 > In the late 1990s, the weenies would convince management to deploy > Windows because it was a lot cheaper, there were a lot more available > staff and it had an assured future. When asked if there was a virus > problem, the answer would inevitably be "we'll set it up properly and > it > won't affect us". >=20 > By the time they got hit with I LOVE YOU or some other debilitating > event, their deployment of windows was so entrenched that it was > impossible to change to a real OS so thet learned to live with it and > try to minimise the damage. >=20 > Your story of Vista switching back to VMS because of a windows virus > is > very good, but unfortunatly rare. Well, imho, platform decisions are often driven by whether the company is moving to distributed or centralized systems. The timeframes you are talking about were focussed very heavily on distributed systems. Windows servers did very well in that environment. Times change. Not over night, but they do change. With out a doubt, the industry is moving back to much more centralized computing strategies. The impact and cost of managing, licensing and upgrading so many distributed servers that are at their peak running 5-15% utilization is no longer sustainable. So, the questions now being raised are "if we move back to centralized models (with closer ties to BU's), what is the best strategy to do this? Imho, the question to be asked is "Is Windows and/or Linux the best platform with their one app, one server culture and monthly security patches the best strategy for a much more centralized computing future?" For some it may be yes. For others, like VISTA (and other Windows to OpenVMS switches I know about), the answer will be no. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Thu, 5 Jul 2007 12:34:45 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: > -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@vaxination.ca] > Sent: July 5, 2007 11:19 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? >=20 > Main, Kerry wrote: > > Because having servers > > running in peak time with > >only 5-15% peak utilization is > >not only embarrassing, but financially > > unjustifiable. >=20 >=20 >=20 >=20 > 1- Please fix your client so it abides by internet standard instead of > Microsoft standard and breaks lines at between 72 and 78 characters > per > line. Having to break your lines because your use Microsoft isn't > pleasant. >=20 I have now set my client to break at 72 characters (it was 75). Is this what you were referring to? Other than setting the line break, there are no other email options that I have. > 2- The same can be said of mainframes. Back when MVS was called MVS, I > knew of a bank that had 16 instances of MVS. One of the big problem > they > had was that each different application was certified to run on a > certain set of middleware versions. So when a new version of CICS > came > out to fix a problem with application X, they would only install on on > the instance running application X because applications Y and Z were > not > yet certified to run on CICS of that version. >=20 > Because this was IBM and a BANK, the bank was able to put pressure on > their software suppliers to get their act together and start having > faster certification on the latest and greatest IBM versions so that > the > bank wouldn't need to maintain so many instances of MVS. (with CICS, > IMS, DB2 all mixed in there). >=20 > Fast forward to today with shrink-wrapped software. Companies don't > actually have a real relationship with the windows software vendor so > they have no leverage to get all software vendors to structure and > package their apps so that they can co-exist on the same instance of > Windows. As a result, you need separate instances of windows to run > the > software. But because wintel gear is cheap, low cost commodity, it > really isn't a problem to have those boxes. >=20 > You mention it being a problem. But consider that those companies had > no > problem deploying those many many 1 app servers. >=20 These were hidden in that huge management costs were not fully understood at the time. > It is only because trade rags are now pushing for virtualisation that > they are seeing pressure to also jump on the bandwagon. >=20 No, this is not the issue. It is because IT shops are under tremendous pressure to reduce IT costs - now. And real costs - not imaginary or "soft" costs. Virtualization is simply one of a number of strategies Cust's can adopt to obtain those IT savings. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: 5 Jul 2007 16:43:05 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <5f4lcpF3a7rgpU1@mid.individual.net> In article <90d24$468d09bd$cef8887a$5386@teksavvy.com>, JF Mezei writes: > Mr Main, with ragards to your patches issue. > > In the late 1990s, the weenies would convince management to deploy > Windows because it was a lot cheaper, there were a lot more available > staff and it had an assured future. When asked if there was a virus > problem, the answer would inevitably be "we'll set it up properly and it > won't affect us". > > By the time they got hit with I LOVE YOU or some other debilitating > event, their deployment of windows was so entrenched that it was > impossible to change to a real OS so thet learned to live with it and > try to minimise the damage. > > Your story of Vista switching back to VMS because of a windows virus is > very good, but unfortunatly rare. And probably not the whole (or even the real) story as what people use Vista for can not be done on VMS. Vista is a desktop operating system, not a server operating system. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 05 Jul 2007 12:45:20 -0400 From: JF Mezei Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <7fc5b$468d204e$cef8887a$5194@TEKSAVVY.COM> Main, Kerry wrote: > Imho, the question to be asked is "Is Windows and/or Linux the best > platform with their one app, one server culture and monthly security > patches the best strategy for The owner of any competing platform would very much want to see his product in that list of options to move to. And you'll find Sun very much wantin to insert "Solaris" in those options. You will not find HP pushing VMS though. VMS should be in that list. If we are on the start of a paradigm change, then VMS has a good chance of catching the train and be in there to get sales. If you wait too long, then it will again miss the train and be left behind. ------------------------------ Date: Thu, 5 Jul 2007 13:36:18 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: > -----Original Message----- > From: bill@triangle.cs.uofs.edu [mailto:bill@triangle.cs.uofs.edu] > On Behalf Of Bill Gunshannon > Sent: July 5, 2007 12:43 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? >=20 > In article <90d24$468d09bd$cef8887a$5386@teksavvy.com>, > JF Mezei writes: > > Mr Main, with ragards to your patches issue. > > > > In the late 1990s, the weenies would convince management to > deploy > > Windows because it was a lot cheaper, there were a lot more > available > > staff and it had an assured future. When asked if there was a > virus > > problem, the answer would inevitably be "we'll set it up properly > and it > > won't affect us". > > > > By the time they got hit with I LOVE YOU or some other > debilitating > > event, their deployment of windows was so entrenched that it was > > impossible to change to a real OS so thet learned to live with it > and > > try to minimise the damage. > > > > Your story of Vista switching back to VMS because of a windows > virus is > > very good, but unfortunatly rare. >=20 > And probably not the whole (or even the real) story as what people > use > Vista for can not be done on VMS. Vista is a desktop operating > system, > not a server operating system. >=20 > bill >=20 Bill... mmm.. you missed the point. The earlier URL points to a company called VISTA that packages or uses a mission critical software package called SCADA on a number of platforms. One of their Customers was running Windows Server and was down for 2 days because of a nasty virus. Subsequently, they have since switched to OpenVMS on Integrity and by the report, the migration went very well. Absolutely zero to do with client stuff. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Thu, 05 Jul 2007 17:52:51 +0000 From: "Paul Raulerson" Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: ----=_vm_0011_W5761624243_24451_1183657971 Content-Type: multipart/alternative; boundary="--=_vm_0016_W5761624243_24451_1183657971" ----=_vm_0016_W5761624243_24451_1183657971 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I keep wondering - why in the devil do you expect HP, or any other sane c= ompany, to push a product that generates so much negative nonsense as thi= s? FIND SOME BLINKING MARKETS AND START SELLING. HP will sit up and notice that, and start backing you up. I'm about 60% c= onvinced that VMS can do everything I need it to do, and will save my cus= tomers and myself money doing it. I belive it has all the technical capab= ilities it needs to handle small and medium shops. It has the potentional= to grow to handle larger shops. HP has huge name recognition, a very good reputation, and some very good = tecnincal products. They have a good developer program that fully support= s OpenVMS, and on top of that, they have co-marketing programs and other = benefits. What they do not have is 1000 people out here finding solutions that Open= VMS can fit into and make a decent profit. That, by the way, is the other= 30% of me that wonders if this is a vain exercise. The other 10% is a wo= rry that HP won't develop the hardware needed to run VMS in a larger envi= ronment, or that VMS will not properly scale to a large transaction proce= ssing environment. Maybe it is not meant to. -Paul ----=_vm_0016_W5761624243_24451_1183657971 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

I keep wondering - why in the devil do you expect HP, or any oth= er sane company, to push a product that generates so much negative nonsen= se as this?

FIND SOME BLINKING MARKETS AND START SELLING.

HP will sit up and notice that, and start backing you up. I'm about 60= % convinced that VMS can do everything I need it to do, and will save my = customers and myself money doing it. I belive it has all the technical ca= pabilities it needs to handle small and medium shops. It has the potentio= nal to grow to handle larger shops.

HP has huge name recognition, a very good reputation, and some ve= ry good tecnincal products. They have a good developer program that fully= supports OpenVMS, and on top of that, they have co-marketing programs an= d other benefits.

What they do not have is 1000 people out here finding solutions that O= penVMS can fit into and make a decent profit. That, by the way, is the&nb= sp;other 30% of me that wonders if this is a vain exercise. The other 10%= is a worry that HP won't develop the hardware needed to run VMS in a lar= ger environment, or that VMS will not properly scale to a large transacti= on processing environment. Maybe it is not meant to.

-Paul

  

----=_vm_0016_W5761624243_24451_1183657971-- ----=_vm_0011_W5761624243_24451_1183657971 Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Content-Disposition: attachment From: "JF Mezei" To: Info-VAX@Mvb.Saic.Com Message-ID: <7fc5b$468d204e$cef8887a$5194@TEKSAVVY.COM> Date: Thu, 5 Jul 2007 16:45:00 +0000 Received: (qmail 7760 invoked by uid 78); 5 Jul 2007 16:56:13 -0000 Received: from unknown (HELO ns-mr20.netsolmail.com) (205.178.146.50) by 0 with SMTP; 5 Jul 2007 16:56:13 -0000 Received: from MVB.SAIC.COM (mvb.saic.com [198.151.12.104]) by ns-mr20.netsolmail.com (8.13.6/8.13.6) with SMTP id l65GuBbI022504 for ; Thu, 5 Jul 2007 12:56:14 -0400 Organization: Indexed User-Agent: Mozilla/5.0 (X11; U; OpenVMS AlphaServer_DS10L_466_MHz; en-US; rv:1.7.13) Gecko/20060506 X-Accept-Language: en, fr-ca X-Newsgroups: comp.os.vms In-Reply-To: X-Complaints-To: abuse@usenetserver.com Lines: 14 X-Trace: 7fc5b468d204e6b5d2ddf05194 X-Gateway-Source-Info: USENET Subject: Re: Is VMS losing the Financial Sector, also? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Main, Kerry wrote: > Imho, the question to be asked is "Is Windows and/or Linux the best > platform with their one app, one server culture and monthly security > patches the best strategy for The owner of any competing platform would very much want to see his product in that list of options to move to. And you'll find Sun very much wantin to insert "Solaris" in those options. You will not find HP pushing VMS though. VMS should be in that list. If we are on the start of a paradigm change, then VMS has a good chance of catching the train and be in there to get sales. If you wait too long, then it will again miss the train and be left behind. ----=_vm_0011_W5761624243_24451_1183657971-- ------------------------------ Date: Thu, 05 Jul 2007 10:25:39 -0500 From: David J Dachtera Subject: Re: July the 4th Message-ID: <468D0D73.3A637556@spam.comcast.net> Didier_Toulouse wrote: > > HAPPY INDEPENDENCE DAY to my US Friends ! Report from "the front"... Took heavy fire last evening. Almost constant report from exploding ordnance, pinned down by heavy barrage at times. Survived the night. No casualties. -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 05 Jul 2007 12:42:29 -0400 From: JF Mezei Subject: Re: July the 4th Message-ID: David J Dachtera wrote: > Took heavy fire last evening. Almost constant report from exploding ordnance, > pinned down by heavy barrage at times. > > Survived the night. No casualties. 1200 Iraqi civilians died last month alone. 6 Canadians died in your afghanistan yesterday. Your president's fireworks are still killing people every day. ------------------------------ Date: 5 Jul 2007 16:55:45 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: July the 4th Message-ID: <5f4m4hF3a7rgpU3@mid.individual.net> In article <468D0D73.3A637556@spam.comcast.net>, David J Dachtera writes: > Didier_Toulouse wrote: >> >> HAPPY INDEPENDENCE DAY to my US Friends ! > > Report from "the front"... > > Took heavy fire last evening. Almost constant report from exploding ordnance, > pinned down by heavy barrage at times. > > Survived the night. No casualties. I wish I had the money spent on illegal fireworks set off within a block of my house last night. I could have paid off my mortgage and probably retired. Pennsylvania should just legalize them and take the tax revenue. Considering that people aren't setting these off in secret in their basements, they sure don't seem to have an effective way to stop them. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 05 Jul 2007 12:01:07 -0500 From: David J Dachtera Subject: Re: July the 4th Message-ID: <468D23D3.9FF9914C@spam.comcast.net> JF Mezei wrote: > > David J Dachtera wrote: > > > Took heavy fire last evening. Almost constant report from exploding ordnance, > > pinned down by heavy barrage at times. > > > > Survived the night. No casualties. > > 1200 Iraqi civilians died last month alone. > 6 Canadians died in your afghanistan yesterday. Your president's > fireworks are still killing people every day. Um, JF? I understand your outrage ... my post was meant to be facetious (the majority of "fireworks" worth watching are illegal in the state where I live). -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 05 Jul 2007 05:58:15 -0700 From: robfindlay@optusnet.com.au Subject: Memory problem Message-ID: <1183640295.114913.76000@o11g2000prd.googlegroups.com> Hello, I have a problem that I would be most helpful for any help or pointers anyone can give me. I am debugging a program that processes say 2000 files in a session. Some of these files contain small amounts of data, other contain large amounts of data. The program uses calloc() and free() to manage dynamic memory. I have since replaced the calloc() and free() calls with LIB$GET_VM etc... to help with debugging. The program runs fine, processing small and large files, until say file 1500. Then there is a dynamic memory allocation failure (the LIB $GET_VM returns LIB$_INSVIRMEM) on a large file. If I put this file at the start of processing, or say file #2 or #3, the memory is allocated fine. This would obviously (?) indicate a memory leak somewhere. But I've investigated everything, and I can't find a memory leak. I even used the LIB$DELETE_VM_ZONE function after each file is processed (and re-creating before the next file) to clear the memory. I used the code at http://www.eight-cubed.com/examples/framework.php?file=lib_vm.c to help, and no errors are returned until the 1500th (for example) file when it fails due to calling LIB$FREE_VM on a NULL pointer (which is a NULL pointer because of the LIB$_INSVIRMEM mentioned above). I am certain that none of my calls to calloc() or malloc() are causing the memory leak, and I am resetting the zone anyway so shouldn't this manage any memory leaks that might occur. But given it works when it is one of the first few files, I am confused. Could one of the earlier C-library function calls be allocating and not freeing dynamic memory? ANy ideas? Thanks, Rob ------------------------------ Date: Thu, 05 Jul 2007 09:39:18 -0400 From: "Richard B. Gilbert" Subject: Re: Memory problem Message-ID: <468CF486.5000505@comcast.net> robfindlay@optusnet.com.au wrote: > Hello, > > I have a problem that I would be most helpful for any help or pointers > anyone can give me. > > I am debugging a program that processes say 2000 files in a session. > Some of these files contain small amounts of data, other contain large > amounts of data. The program uses calloc() and free() to manage > dynamic memory. > > I have since replaced the calloc() and free() calls with LIB$GET_VM > etc... to help with debugging. > > The program runs fine, processing small and large files, until say > file 1500. Then there is a dynamic memory allocation failure (the LIB > $GET_VM returns LIB$_INSVIRMEM) on a large file. If I put this file at > the start of processing, or say file #2 or #3, the memory is allocated > fine. This would obviously (?) indicate a memory leak somewhere. > > But I've investigated everything, and I can't find a memory leak. I > even used the LIB$DELETE_VM_ZONE function after each file is processed > (and re-creating before the next file) to clear the memory. I used the > code at http://www.eight-cubed.com/examples/framework.php?file=lib_vm.c > to help, and no errors are returned until the 1500th (for example) > file when it fails due to calling LIB$FREE_VM on a NULL pointer (which > is a NULL pointer because of the LIB$_INSVIRMEM mentioned above). > > I am certain that none of my calls to calloc() or malloc() are causing > the memory leak, and I am resetting the zone anyway so shouldn't this > manage any memory leaks that might occur. > > But given it works when it is one of the first few files, I am > confused. > > Could one of the earlier C-library function calls be allocating and > not freeing dynamic memory? > > ANy ideas? > > Thanks, > Rob > Why do you find it necessary to do dynamic memory allocation on a virtual memory system? There seems to be a tradition among the C/Unix folks that memory should be allocated dynamically but I've never seen the point of dynamic allocation for it's own sake. ------------------------------ Date: Thu, 05 Jul 2007 06:47:26 -0700 From: "Tom Linden" Subject: Re: Memory problem Message-ID: On Thu, 05 Jul 2007 05:58:15 -0700, wrote: > Hello, > > I have a problem that I would be most helpful for any help or pointers= > anyone can give me. > > I am debugging a program that processes say 2000 files in a session. > Some of these files contain small amounts of data, other contain large= > amounts of data. The program uses calloc() and free() to manage > dynamic memory. > > I have since replaced the calloc() and free() calls with LIB$GET_VM > etc... to help with debugging. > > The program runs fine, processing small and large files, until say > file 1500. Then there is a dynamic memory allocation failure (the LIB > $GET_VM returns LIB$_INSVIRMEM) on a large file. If I put this file at= > the start of processing, or say file #2 or #3, the memory is allocated= > fine. This would obviously (?) indicate a memory leak somewhere. > > But I've investigated everything, and I can't find a memory leak. I > even used the LIB$DELETE_VM_ZONE function after each file is processed= > (and re-creating before the next file) to clear the memory. I used the= > code at http://www.eight-cubed.com/examples/framework.php?file=3Dlib_v= m.c > to help, and no errors are returned until the 1500th (for example) > file when it fails due to calling LIB$FREE_VM on a NULL pointer (which= > is a NULL pointer because of the LIB$_INSVIRMEM mentioned above). > > I am certain that none of my calls to calloc() or malloc() are causing= > the memory leak, and I am resetting the zone anyway so shouldn't this > manage any memory leaks that might occur. > > But given it works when it is one of the first few files, I am > confused. > > Could one of the earlier C-library function calls be allocating and > not freeing dynamic memory? > > ANy ideas? Localize all memory allocation and freeing to a single procedure, write = = that procedure in PL/I using stacked, dynamically allocated memory using the CONTROLLED attribute, http://www.kednos.com/pli/docs/REFERENCE_MANUAL/6291pro_003.html#declar_= 33 monitor the memory using the ALLOCATION builtin function http://www.kednos.com/pli/docs/REFERENCE_MANUAL/6291pro_036.html#funct_1= 1 which returns how many generations you have on the stack (This is not th= e activation stack but a dynamic memory stack in the heap) When the program completes ALLOCATION should =3D 0 > Thanks, > Rob > > -- = PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 05 Jul 2007 14:09:32 -0000 From: Hein RMS van den Heuvel Subject: Re: Memory problem Message-ID: <1183644572.451695.115280@q75g2000hsh.googlegroups.com> On Jul 5, 9:39 am, "Richard B. Gilbert" wrote: > robfind...@optusnet.com.au wrote: : > > I am debugging a program that processes say 2000 files in a session. : > > The program runs fine, processing small and large files, until say > > file 1500. Then there is a dynamic memory allocation failure (the LIB > > $GET_VM returns LIB$_INSVIRMEM) on a large file. If I put this file at > > the start of processing, or say file #2 or #3, the memory is allocated > > fine. This would obviously (?) indicate a memory leak somewhere. No, it does not have to be a leak. When the LIB$GET_VM fails, have you tried calling LIB$SHOW_VM? How many bytes are still free? More than requested? It could be a 'rounding problem' or VM fragmentation problem. As you process files, is any data collected on a per file basis in dynamic memory or is it a clean: process a file and forget all about it?! Is there perhaps a 'file control block' which stays? Richard > Why do you find it necessary to do dynamic memory allocation on a Richard> virtual memory system? Right. Could a single data buffer be allocated to hold the largest file data and use it for each file? So what if it is too big for a small file? The price is already paid. Or let's say, for sake of the argument, that there is a file control block. Is there any way to find out roughly how many are coming at you? (total user count, last day order count, outside temperature, directory size, whatever!) Could the program just allocate 10,000 of those statically, or with a single malloc? No harm done if only 200 are used.... as long as not all bytes are touched as calloc would. Is VM for a 'big file' allocated in a single big chunk or grown as it comes in? (How do you know how much to allocated? When do you know it is big?) Anyway... a workaround suggestion... Normally malloc, through LIB$GETVM, nickle and dimes it ways through virtual memory 128KB (hope I have this right) at a time. So it is easy to imagine minor retained malloced pieces to fragment VM into chunks less than 128KB. So when your big file comes in and requests 2MB in a single malloc (contiguous space) that may fail When the program starts up have it allocate some more than generous amount of VM. Perhaps 100MB. Now immediatly release that back. Try again. The program could still end up fragmenting VM. In that case you may have to look are using VM ZONEs for specific, longer lasting, allocation classes. Hope this helps some, Hein van den Heuvel (at gmail dot com) HvdH Performance Consulting ------------------------------ Date: Thu, 05 Jul 2007 14:26:36 -0000 From: Hein RMS van den Heuvel Subject: Re: Memory problem Message-ID: <1183645596.979391.209930@c77g2000hse.googlegroups.com> On Jul 5, 10:09 am, Hein RMS van den Heuvel wrote: > On Jul 5, 9:39 am, "Richard B. Gilbert" > wrote: > > > robfind...@optusnet.com.au wrote: > When the program starts up have it allocate some more than generous > amount of VM. Perhaps 100MB. Now immediatly release that back. Try > again. The program could still end up fragmenting VM. In that case you > may have to look are using VM ZONEs for specific, longer lasting, > allocation classes. Ooops I made some too aggresive cust & pastes for the first reply and failed to see how you already are using ZONEd VM. On the other hand, I don't think you are using zone's the right way. But I've investigated everything, and I can't find a memory leak. I >> even used the LIB$DELETE_VM_ZONE function after each file is processed (and re-creating before the next file) to clear the memory. I used the Unless you know absolutely 100% sure you fully control all mallocs/ get_vms (no STR$ or LIB$ calls with dynamic strings ?!) then this still allows for fragmentation. Have you tried with LIB$RESET_VM_ZONE instead of DELETE? Surely RESET is much more efficient if one is goign to recreate anyway! The other advice stands... - consider pre-allocating and freeing a large zone initially - consider mutliple zones for multipel usage, notably with an eye on duration. Hope this helps some more, Hein van den Heuvel (at gmail dot com) HvdH Performance Consulting ------------------------------ Date: Thu, 05 Jul 2007 11:16:13 -0500 From: David J Dachtera Subject: Re: Memory problem Message-ID: <468D194D.2D535A50@spam.comcast.net> robfindlay@optusnet.com.au wrote: > > Hello, > > I have a problem that I would be most helpful for any help or pointers > anyone can give me. > > I am debugging a program that processes say 2000 files in a session. > Some of these files contain small amounts of data, other contain large > amounts of data. The program uses calloc() and free() to manage > dynamic memory. > > I have since replaced the calloc() and free() calls with LIB$GET_VM > etc... to help with debugging. > > The program runs fine, processing small and large files, until say > file 1500. Then there is a dynamic memory allocation failure (the LIB > $GET_VM returns LIB$_INSVIRMEM) on a large file. If I put this file at > the start of processing, or say file #2 or #3, the memory is allocated > fine. This would obviously (?) indicate a memory leak somewhere. > > But I've investigated everything, and I can't find a memory leak. I > even used the LIB$DELETE_VM_ZONE function after each file is processed > (and re-creating before the next file) to clear the memory. I used the > code at http://www.eight-cubed.com/examples/framework.php?file=lib_vm.c > to help, and no errors are returned until the 1500th (for example) > file when it fails due to calling LIB$FREE_VM on a NULL pointer (which > is a NULL pointer because of the LIB$_INSVIRMEM mentioned above). > > I am certain that none of my calls to calloc() or malloc() are causing > the memory leak, and I am resetting the zone anyway so shouldn't this > manage any memory leaks that might occur. > > But given it works when it is one of the first few files, I am > confused. > > Could one of the earlier C-library function calls be allocating and > not freeing dynamic memory? > > ANy ideas? Might one, in such instance, try increasing PGFLQUOTA first (at least double it, if possible), then see what happens? -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 05 Jul 2007 13:20:22 -0400 From: Stephen Hoffman Subject: Re: Memory problem Message-ID: robfindlay@optusnet.com.au wrote: > I have a problem that I would be most helpful for any help or pointers > anyone can give me. Take a look at what I've posted at: http://64.223.189.234/node/401 That posting will probably be tweaked a few more times, as it occurs to me I didn't show enough of the implementation details of the fencepost scheme. ... > The program runs fine, processing small and large files, until say > file 1500. Then there is a dynamic memory allocation failure (the LIB > $GET_VM returns LIB$_INSVIRMEM) on a large file. If I put this file at > the start of processing, or say file #2 or #3, the memory is allocated > fine. This would obviously (?) indicate a memory leak somewhere. > > But I've investigated everything, and I can't find a memory leak. I > even used the LIB$DELETE_VM_ZONE function after each file is processed > (and re-creating before the next file) to clear the memory. I used the > code at http://www.eight-cubed.com/examples/framework.php?file=lib_vm.c > to help, and no errors are returned until the 1500th (for example) > file when it fails due to calling LIB$FREE_VM on a NULL pointer (which > is a NULL pointer because of the LIB$_INSVIRMEM mentioned above). I'd look to recode that and to check the error handling, as an allocation error should not have gotten as far as the free. > I am certain that none of my calls to calloc() or malloc() are causing > the memory leak, and I am resetting the zone anyway so shouldn't this > manage any memory leaks that might occur. I once held that same certainty. Now I tend to assume it is my own code that harbors a bug, until and unless I can prove the bug exists elsewhere. Memory management code sees massive use within OpenVMS and layered products and application code -- it's certainly not immune to bugs, but incidents of these bugs do tend to be rare events. Given the code reached a deallocation call after a failed allocation, there's arguably at least one bug presently lurking here. > But given it works when it is one of the first few files, I am > confused. I had one coding bug that lurked within fully operational code, and code that had worked for months in production. When the bug surfaced, the code itself still worked for about six hours of very heavy use before the right confluence of data arrived, and the heap corrupter was introduced, and then the code tipped over some hours later. As it turned out, it was the arrival of a node with a nodename with (three?) characters that tripped the bug; with a node that had a specific and unusual number of characters in its name. And it wasn't an obvious failure, either. The particular nodename fit exactly into a quadword-allocation from memory management, and didn't get the trailing pad bytes. When three characters and a null were copied into the exact-fit buffer, sometimes the trailing null stomped on the linkage pointers. Sometimes not. For other-length allocations, the pad bytes swallowed the null silently, and everything worked fine. Yep, the code worked -- with a latent bug -- until somebody happened to have added a node into the network with the right number of characters in its name. There are some postings over at the old HP Ask The Wizard area, as C memory management bugs were fairly regular fodder over there. > Could one of the earlier C-library function calls be allocating and > not freeing dynamic memory? Certainly quite feasible. Leaks can lurk in many locales. Richard B. Gilbert wrote: > Why do you find it necessary to do dynamic memory allocation on a > virtual memory system? There seems to be a tradition among the > C/Unix folks that memory should be allocated dynamically but I've > never seen the point of dynamic allocation for it's own sake. Speaking as a long-time C/Unix programmer, dynamic memory allocation is one of many tools in the programming shed. It can be an effective and useful tool, and -- like most any other tool -- it can also be misused or miscoded, and it can -- like most any other tool -- lead to errors. Once in a while, I'll even get the evil "goto" statement out of the toolshed, particularly when it makes the code cleaner and easier to read and manage and support. :-) Dynamic memory management is a common coding technique in C, Bliss, Macro, Pascal and many other languages. It's also in widespread use within OpenVMS, within the executive and most (all?) of the device drivers; the paged and non-paged pool is nothing but a memory heap after all, under another name. Some languages and some environments strive to eliminate this coding technique for any of various technical and/or philosophical reason(s), and some environments reveal in the technique. Dynamic memory management allows the program to size itself to the data, and to avoid having to preemptively allocate fixed and usually large blocks of storage. If you so chose, you could certainly also use direct calls to the VM system services to add and remove virtual memory. Or you could allocate larger-than-ever-expected fixed-size buffers, and deal with issues of memory locality and address space. The heap lets you trade off differing allocations -- much like how the PGFLQUOTA is pooled -- against increased complexity or increased virtual memory usage. If I had 64-bit virtual address space everywhere and the system provided comparatively low-cost paging overhead and either lazy loads or demand-zero overhead didn't detract from performance, I might well choose to bypass the heap; to pre-size buffers. If paging isn't sufficiently speedy, you can potentially fault your application into the ground due to (a lack of) locality of reference. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: Thu, 5 Jul 2007 11:57:48 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: OpenVMS - When downtime is not an option Message-ID: In article <39qdnSc41MVyvxHbnZ2dnUVZ_ompnZ2d@metrocastcablevision.com>, Bill Todd writes: >david20@alpha2.mdx.ac.uk wrote: >> In article , Bill Todd writes: >>> Main, Kerry wrote: >>> >>> .... >>> >>>> If the design and/or architecture of the OS platform allows an >>>> application bug to provide access to protected data and/or provides >>>> elevated rights on the system, does sit matter if it is an application >>>> or kernel OS issue? >>> Clearly, that would be an OS bug (or at least a serious design flaw, if >>> indeed it were intentional rather than inadvertent) - *if* it had been >>> the case in this instance. >>> >>> It was not: the bugs *only* affected Exchange Server. If Exchange >>> Server was designed such that it had to execute in a privileged >>> environment (such that once compromised itself it could compromise other >>> parts of the system as you describe above), rather than designed >>> modularly such that at most a few critical parts of it might require >>> privilege (certainly not including the parsing functions that these bugs >>> affected) and the rest could run unprivileged, that was an *Exchange >>> Server* design flaw, not a Windows flaw. >>> >> >> What is this "IF" ? > >As I'm starting to get tired of saying, *exactly* what it seems to be. > >> >> From http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx >> >> >> "An attacker who successfully exploited this vulnerability could take >> complete control of the affected system. An attacker could then install >> programs; view, change or delete data; or create new accounts with full user >> rights" >> >> Obviously this means that the codepath executed by the bug must run at a high >> privilege level. > >Obviously you're not very familiar with Microsoft's exposure descriptions. > >Microsoft *always* uses this phrase (which if you read it more carefully >says 'could', not 'can') whenever it *may* be possible that the >execution environment is privileged, very frequently following it (as >indeed it does in this case) with the clarification that what *really* >happens is that the attacker gains the privilege of the applicable >execution environment, whatever that privilege level may be. > Please quote the section in MS07-026 which provides the above clarification for the MIME Decoding Vulnerability since I cannot see it anywhere. Microsoft often does say that the exposure only gives the privilege that the application is running under (For instance for the MS07-026 OWA Script injection vulnerability it says "or take any action that the user could take within the context of the OWA session." However the more usual formulation is as in MS07-017 for the Windows animated cursor remote execution vulnerability " an attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights " ) but I see nothing like that for the Mime decoding vulnerability. Could is used here as the past simple of CAN (since the preceding phrase "An attacker who successfully exploited this vulnerability" is assumed to have already happened by the subsequent phrase ) See http://dictionary.cambridge.org/define.asp?key=17507&dict=CALD > Whether that is because Exchange is running with higher >> privileges than it really needs because of bad design and implementation or >> whether it is doing something which requires it to have high privileges at that >> point in time is not something easily judged without access to the design >> documents and/or source of Exchange. > >Are you seriously suggesting that parsing the contents of email requires >privilege? Sheesh! > >> >> If as you seem to believe it is bad design and implementation in Exchange >> causing it to run at higher privileges than needed then it is down to those >> designing and programming Exchange at Microsoft. However Exchange is a >> Microsoft product and those same designers and programmers have probably also >> worked on the OS code during their careers and have had their code reviewed >> by the same quality control people. > >Now you're getting outright ridiculous: guilt by association, rather >than guilt by evidence. No just setting out the possibilities. > >You're usually one of the more competent contributors here - it would be >nice to see your observations return to that level. > David Webb Security team leader CCSS Middlesex University >- bill ------------------------------ Date: 5 Jul 2007 07:08:54 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: OpenVMS - When downtime is not an option Message-ID: In article <94OdnXychoolWRfbnZ2dnUVZ_gWdnZ2d@metrocastcablevision.com>, Bill Todd writes: > > I have no doubt that there is pressure to *ship with* known bugs rather > than take the time to eliminate them. I'm less convinced that they > create them deliberately in order to make the next release more > attractive - especially given the typical delay before a next release > appears (during which the currently-selling product would be *less* > attractive), and the fact that they actually attempt to fix bugs on the > fly rather than just say "Fixed in next release". The pressure to include bugs is not of the form "you must include bugs", it's the business model. Microsoft's business model assumes that the only real competition they get is from their own products. This year's sales don't depend so much on beating thier competitors as it depends on beating the product they sold last year. (Most of thier potential customers are running the last thing Microsoft shipped). This means new features and fewer bugs. While other software vendors will put guarrantees on thier features and ship bug fixes for free, Microsoft does not put guarrantees on thier products and ships limited bug fixes, but they'll sell you a new version with bug fixes next year. The pressure is due to next year's product having to have fewer bugs than this year's product. Not malicious pressure, but real. ------------------------------ Date: Thu, 05 Jul 2007 08:59:42 -0400 From: Bill Todd Subject: Re: OpenVMS - When downtime is not an option Message-ID: <6I2dnYpHVtQddhHbnZ2dnUVZ_qyjnZ2d@metrocastcablevision.com> david20@alpha2.mdx.ac.uk wrote: > In article <39qdnSc41MVyvxHbnZ2dnUVZ_ompnZ2d@metrocastcablevision.com>, Bill Todd writes: >> david20@alpha2.mdx.ac.uk wrote: >>> In article , Bill Todd writes: >>>> Main, Kerry wrote: >>>> >>>> .... >>>> >>>>> If the design and/or architecture of the OS platform allows an >>>>> application bug to provide access to protected data and/or provides >>>>> elevated rights on the system, does sit matter if it is an application >>>>> or kernel OS issue? >>>> Clearly, that would be an OS bug (or at least a serious design flaw, if >>>> indeed it were intentional rather than inadvertent) - *if* it had been >>>> the case in this instance. >>>> >>>> It was not: the bugs *only* affected Exchange Server. If Exchange >>>> Server was designed such that it had to execute in a privileged >>>> environment (such that once compromised itself it could compromise other >>>> parts of the system as you describe above), rather than designed >>>> modularly such that at most a few critical parts of it might require >>>> privilege (certainly not including the parsing functions that these bugs >>>> affected) and the rest could run unprivileged, that was an *Exchange >>>> Server* design flaw, not a Windows flaw. >>>> >>> What is this "IF" ? >> As I'm starting to get tired of saying, *exactly* what it seems to be. >> >>> From http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx >>> >>> >>> "An attacker who successfully exploited this vulnerability could take >>> complete control of the affected system. An attacker could then install >>> programs; view, change or delete data; or create new accounts with full user >>> rights" >>> >>> Obviously this means that the codepath executed by the bug must run at a high >>> privilege level. >> Obviously you're not very familiar with Microsoft's exposure descriptions. >> >> Microsoft *always* uses this phrase (which if you read it more carefully >> says 'could', not 'can') whenever it *may* be possible that the >> execution environment is privileged, very frequently following it (as >> indeed it does in this case) with the clarification that what *really* >> happens is that the attacker gains the privilege of the applicable >> execution environment, whatever that privilege level may be. >> > > Please quote the section in MS07-026 which provides the above clarification > for the MIME Decoding Vulnerability since I cannot see it anywhere. That's how I interpret its statement "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights" (i.e., I think the last four words distribute over all the elements in the preceding list - and note in any event that they talk about *user* rights rather than *administrator* rights). > > Microsoft often does say that the exposure only gives the privilege that the > application is running under > (For instance for the MS07-026 OWA Script injection vulnerability it says > > "or take any action that the user could take within the context of the OWA > session." > > > However the more usual formulation is as in MS07-017 for the Windows animated > cursor remote execution vulnerability > > " > an attacker who successfully exploited this vulnerability could gain the same > user rights as the local user. Users whose accounts are configured to have > fewer user rights on the system could be less impacted than users who operate > with administrative user rights > " > > ) > > but I see nothing like that for the Mime decoding vulnerability. See above (though the phrasing is fuzzy enough to admit to varying interpretation). What I had in mind was the more common phrasing reflected in MS07-035, where it says "An attacker who successfully exploited this vulnerability could take complete control of an affected system" but then clarifies that as follows: "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights." > > > Could is used here as the past simple of CAN (since the preceding phrase > "An attacker who successfully exploited this vulnerability" is assumed to have > already happened by the subsequent phrase ) > > See > > http://dictionary.cambridge.org/define.asp?key=17507&dict=CALD In the example I provided immediately above (which uses nearly identical phrasing) 'could' is clearly used exactly as I described it. - bill ------------------------------ Date: Thu, 05 Jul 2007 10:54:40 -0500 From: David J Dachtera Subject: Re: OpenVMS - When downtime is not an option Message-ID: <468D1440.D1FB039C@spam.comcast.net> JF Mezei wrote: > > Keith Parris wrote: > > As has been pointed out here before, HP said within days of the > > acquisition announcement that it was carrying forward Compaq's plans to > > port OpenVMS to Itanium. Unfortunately, that public statement was made > > to a group of mostly-UNIX folks and the message didn't get out well to > > the VMS base. > > That is interesting. Why didn't HP announce this to the VMS crowd ? > Also, how come we were repeatedly told by now-HP employees that > HP/Compaq were legally not allowed to discuss VMS plans in public until > the merger was completed ? Next question please... -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 5 Jul 2007 16:07:04 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: OpenVMS - When downtime is not an option Message-ID: In article <6I2dnYpHVtQddhHbnZ2dnUVZ_qyjnZ2d@metrocastcablevision.com>, Bill Todd writes: >david20@alpha2.mdx.ac.uk wrote: >> In article <39qdnSc41MVyvxHbnZ2dnUVZ_ompnZ2d@metrocastcablevision.com>, Bill Todd writes: >>> david20@alpha2.mdx.ac.uk wrote: >>>> In article , Bill Todd writes: >>>>> Main, Kerry wrote: >>>>> >>>>> .... >>>>> >>>>>> If the design and/or architecture of the OS platform allows an >>>>>> application bug to provide access to protected data and/or provides >>>>>> elevated rights on the system, does sit matter if it is an application >>>>>> or kernel OS issue? >>>>> Clearly, that would be an OS bug (or at least a serious design flaw, if >>>>> indeed it were intentional rather than inadvertent) - *if* it had been >>>>> the case in this instance. >>>>> >>>>> It was not: the bugs *only* affected Exchange Server. If Exchange >>>>> Server was designed such that it had to execute in a privileged >>>>> environment (such that once compromised itself it could compromise other >>>>> parts of the system as you describe above), rather than designed >>>>> modularly such that at most a few critical parts of it might require >>>>> privilege (certainly not including the parsing functions that these bugs >>>>> affected) and the rest could run unprivileged, that was an *Exchange >>>>> Server* design flaw, not a Windows flaw. >>>>> >>>> What is this "IF" ? >>> As I'm starting to get tired of saying, *exactly* what it seems to be. >>> >>>> From http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx >>>> >>>> >>>> "An attacker who successfully exploited this vulnerability could take >>>> complete control of the affected system. An attacker could then install >>>> programs; view, change or delete data; or create new accounts with full user >>>> rights" >>>> >>>> Obviously this means that the codepath executed by the bug must run at a high >>>> privilege level. >>> Obviously you're not very familiar with Microsoft's exposure descriptions. >>> >>> Microsoft *always* uses this phrase (which if you read it more carefully >>> says 'could', not 'can') whenever it *may* be possible that the >>> execution environment is privileged, very frequently following it (as >>> indeed it does in this case) with the clarification that what *really* >>> happens is that the attacker gains the privilege of the applicable >>> execution environment, whatever that privilege level may be. >>> >> >> Please quote the section in MS07-026 which provides the above clarification >> for the MIME Decoding Vulnerability since I cannot see it anywhere. > >That's how I interpret its statement "An attacker could then install >programs; view, change, or delete data; or create new accounts with full >user rights" (i.e., I think the last four words distribute over all the >elements in the preceding list - and note in any event that they talk >about *user* rights rather than *administrator* rights). > Sorry "; or create new accounts with full user rights" is obviously talking about an attacker being able to create fully privileged user accounts. It is just expanding on the types of activities that an attacker could carry out once they had gained complete control of the system. Since one of the list items "view, change, or delete data" is itself a list of actions which can be performed on data semi-colons are used to separate the list items. The semi-colon is a powerful punctuation mark which is either used in complicated lists such as this or to separate closely related but independent clauses. Neither of those functions would allow the phrase "with full user rights" to distribute over all the items in the list. To distribute those words over the list you would need some additional punctuation such as " An attacker could then install programs; view, change, or delete data; or create new accounts: with full user rights. " >> >> Microsoft often does say that the exposure only gives the privilege that the >> application is running under >> (For instance for the MS07-026 OWA Script injection vulnerability it says >> >> "or take any action that the user could take within the context of the OWA >> session." >> >> >> However the more usual formulation is as in MS07-017 for the Windows animated >> cursor remote execution vulnerability >> >> " >> an attacker who successfully exploited this vulnerability could gain the same >> user rights as the local user. Users whose accounts are configured to have >> fewer user rights on the system could be less impacted than users who operate >> with administrative user rights >> " >> >> ) >> >> but I see nothing like that for the Mime decoding vulnerability. > >See above (though the phrasing is fuzzy enough to admit to varying >interpretation). > You are simply misinterpreting the phrasing. >What I had in mind was the more common phrasing reflected in MS07-035, >where it says "An attacker who successfully exploited this vulnerability >could take complete control of an affected system" but then clarifies >that as follows: "An attacker who successfully exploited this >vulnerability could gain the same user rights as the local user. Users >whose accounts are configured to have fewer user rights on the system >could be less impacted than users who operate with administrative user >rights." > I agree Microsoft use this, and the similar phrasing I mentioned above, when that is indeed the case. However in this and other cases they do not use that phrasing. Instead they clarify that the user could "install programs; view, change, or delete data; or create new accounts with full user rights". David Webb Security team leader CCSS Middlesex University David Webb Security team leader CCSS Middlesex University >> >> >> Could is used here as the past simple of CAN (since the preceding phrase >> "An attacker who successfully exploited this vulnerability" is assumed to have >> already happened by the subsequent phrase ) >> >> See >> >> http://dictionary.cambridge.org/define.asp?key=17507&dict=CALD > >In the example I provided immediately above (which uses nearly identical >phrasing) 'could' is clearly used exactly as I described it. > >- bill ------------------------------ Date: Thu, 05 Jul 2007 10:53:41 -0500 From: David J Dachtera Subject: Re: Question for the Group Message-ID: <468D1405.E5BD0065@spam.comcast.net> Arne Vajhøj wrote: > > David J Dachtera wrote: > > I've been carrying on an exchange by private e-mail where it was suggested that > > the negativity expressed in this forum is greatly damaging to VMS. > > > > So, I'd like to solicit your comments on that, and also pose a question where > > you can, effectively, wish for "the world": in your opinion, what would have to > > happen to stem what is viewed as an endless stream of complaints and vitriol > > here in comp.os.vms? > > I am a bit late in this discussion ... > > I can not see the problem. > > The views expressed here are the views expressed out in the real world. > > If HP solves the problem in the real world the problem would > automatically disappear. Some of the more prominent folks among those correspondents disagree rather strongly. I, on the other hand, share your viewpoint. > But they should not expect usenet to be part of their marketing. I'm sure they don't, and I'm sure they'd rather it weren't a detracting factor. I put it to them this way: when the cause of the complaints stops the complaints will stop. Seems simple enough to me. No doubt, Galileo would have dubbed me, "Simpliccio". -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 5 Jul 2007 00:14:15 -0700 From: "John Gemignani, Jr." Subject: Re: Question on FCS vs RMS on PDP11 RSX Message-ID: "Hein RMS van den Heuvel" wrote in message news:1183089844.087763.227460@w5g2000hsg.googlegroups.com... > On Jun 28, 10:37 pm, "Lee K. Gleason" wrote: >> "Jeff Cameron" wrote in message >> >> news:C2A9A972.29221%roktsci@ca.rr.com... >>> I don't believe that the files are either in FCS format or >> > RMS format. I had always thought that FCS was a set of basic file >> > control >> > services for manipulating, reading and writing files in RSX, and NOT a >> file format. > > Right. > >> Further more, I was under the impression that RMS record >> management was layered on top of FCS. > > Wrong. RMS did it's own QIO access. > >> > >> > Jeff Cameron >> >> The format of FCS and RMS sequential files, very compatible. FCS can >> open, >> read and write an RMS sequential file just fine, and vice versa. > > That's how I remember it. FCS might not have had all stream formats > And I seem to recall fcs did have for 'segmented record' files (for > fortran) with and first, continuation, last flag construct. But I may > well have this wrong > > The SPD suggest a nice level of compatibility: > > http://ftp.digital.com/pub/Digital/info/.2/SPD/14-35-33.txt > > FCS did not do Relative nor Indexd files of course. Just sequential so > it had a small memory footprint. And in late version FCS did this cute > name.ext/lib=modulename special fiel name syntax allowing one to keep > files as modules in libraries. > >> However, I'm thinking, in regards to your question, that the Process >> Sotware stack, since it uses RMS, should be able to handle FCS created >> files >> just fine. > > Agreed. > > Cheers, > Hein. > Hein is right on here. RMS and FCS are access methods allowing one to read/write files. FCS supported sequential files (and not all types, I recall), whereas RMS supports sequential and added relative and indexed support. Both FCS and RMS use QIOs to do their work. The file attributes are recorded in the file headers, not part of the file data itself. This is also true for RMS on RSTS, where the ability to have the basic file attribute block (14 bytes, I think) was added to the file system. RMS does store internal information within the file itself ... such as key and area descriptors. This could be what your friend was thinking about -- but these are only for indexed files (I think relative files have area information, but not positive). This information is not "visible" to the user in record mode as file data (key and area information can be obtained in XABs at $OPEN time or using $DISPLAY while accessed) or the file could be opened in block mode and you can read the VBNs (which, if you don't know RMS internals, won't help you). You can copy files in block mode if you restore the attributes as well. Anyone using RMS should be able to access all file types that FCS and RMS support. John ------------------------------ Date: Thu, 5 Jul 2007 11:43:42 -0400 From: "PEN" Subject: Re: SAMBA External Field Test Announcement Message-ID: Hi All, "IanMiller" wrote in message news:1183469095.380854.199750@m36g2000hse.googlegroups.com... > http://www.openvms.org/stories.php?story=07/06/30/7754868 > Been there, got that :-) > > Note the points in the docs that it will run on V8.2 but performance > is not good due to lack of support in the CRTL on that version. > I also read a note about slow performance on OpenVMS Alpha V8.3 > > the kit includes sources and utilities to help transfer shares (not > users) from advanced server. > > So give it a go on OpenVMS V8.3 (I64 preferred) and see. > Just wanted to clarify the OpenVMS versions supported by the EFT kit. It will run on OpenVMS Alpha 8.2 and 8.3 and OpenVMS Itanium 8.2-1 and 8.3, but only after applying the lastest CRTL ECO. Initially, the required CRTL ECOs for OpenVMS Alpha 8.2 and OpenVMS Itanium 8.2-1 were not available - they are now. At the moment there seems to be a problem getting to the OpenVMS Alpha 8.2 CRTL ECO, but hopefully that will be remedied soon. Best of luck, Paul ------------------------------ Date: Thu, 05 Jul 2007 02:13:15 -0700 From: Andrew Subject: Re: Ten years ago... Message-ID: <1183626795.460215.69730@g4g2000hsf.googlegroups.com> On 3 Jul, 03:00, Neil Rieck wrote: > On Jul 2, 2:08 am, JF Mezei wrote: > > > > > > > > > BTW, BBC is reporting this in their business news as a fairly high > > importance item. They also claim it is the biggest leveraged buyout ever > > in the world. > > > They also mention that Telus might still jump in with a sweeter offer. > > > But since it is just holding companies that are buying Bell, I don't > > think you will see massive changes. For Sabia to support it, he must > > have gotten a very sweet deal and garantee to not be fired for at least > > 8-12 months. > > > These equity firms like to buy such companies because they can then use > > their cash and borrow against assets to buy more companies. But the > > pension fun would have a different mentality since they need constant > > reliable revenus to fund retirement plans. > > > Not sure if they would make radical changes to Bell. Now, if Telus had > > bought Bell, we might really benefit since Telus has the software that > > allows competitive DSL services without that atrocious hack that is > > PPPoE. By removing PPPoE from Bell'S DSL network, it would remove one > > major overhead layer that is a pain due to routing and different MTUs. > > I would have been happy being taken over by Telus. The Ontario > Teachers Pension Fund was my second choice but I was happy to see them > end up with a controlling (52%) interest. > > p.s. I just saw this piece on BBC: Virgin Cable (TV) in Britain is is > going to be taken private. > Yes Virgin Media which was NTL is being bought by a Private Equity company for 5 billion. Richard Branson apparently wants to retain his current stake in the new company. Regards Andrew > Neil Rieck > Kitchener/Waterloo/Cambridge, > Ontario, Canada.http://www3.sympatico.ca/n.rieck/ ------------------------------ Date: Thu, 5 Jul 2007 07:56:04 -0400 From: "Main, Kerry" Subject: RE: Top ten dead or dying computer skills (guess what's NOT on the list!) list!) Message-ID: > -----Original Message----- > From: Arne Vajh=F8j [mailto:arne@vajhoej.dk] > Sent: July 4, 2007 7:00 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Top ten dead or dying computer skills (guess what's NOT > on the list!) list!) list!) >=20 > Bill Gunshannon wrote: > > Thank you. I needed a good laugh and this was definitely it. Number > 1 > > was COBOL. Anyone looked at the COBOL job market lately? A lot > more > > COBOL jobs out there than VMS. Sadly, they are mostly IBM/CICS and > I > > haven't touched an IBM box in nearly 30 years. Of course, there are > > some non-IBM COBOL jobs too but they are harder to find. > > > > Actually, I just had this discussion here when the last Professor to > > use COBOL in a course was pressured into changing it to Java. I gave > > him a bunch of articles from the web citing the continued use (and > > even hinting at growth) of COBOL programs. Much of it is hidden > > between Java Web Frontends and Oracle Backends, but stuck right > there > > in the middle COBOL is still going strong. >=20 > There are a lot of COBOL code out there. But I do not think I would > consider it a smart move to be ones career on COBOL skills. >=20 > Well - depends a bit on ones age I guess. >=20 > > Number 6 was C. Yeah, with Linux and Solaris and AIX and HPUX we're > > really gonna see C go away!! >=20 > C will live for many many years to come. But a lot of all the new > stuff > are done in C++, Java, C#, Python, PHP etc.. >=20 > Arne The issue is not COBOL or Fortran Or Java specific skills. The issue is being able to web enable and/or integrate applications from = older systems to newer systems.=20 Hence, a Java or Cobol developer that has no experience in integrating = with other systems of different languages and/or platforms is not as = useful in the real world as one with Java or Cobol skills that = understands how to web enable and/or integrate their existing systems = with other environments. I still maintain that Cobol developers that understand how to web enable = and/or integrate existing systems with newer technologies are of much = higher value than some Java programmer that does not understand the = existing systems business logic or how to maximize what is already in = place. The "lets just re-write it" is more often than not just not an = answer in the real world. Article from 2003 that may be of interest: http://www.eweek.com/article2/0,1759,1237807,00.asp=20 " Is COBOL the 18-Wheeler of the Web?" If you're looking for a hot combination of highly employable skills, = consider writing code to provide Web services--in COBOL.=20 "Can a person build a 21st-century IT career on this 1960s foundation? = Well, foundations are better than shifting sands. Legacy Reserves, a = databank for over-35 IT pros, cites Gartner estimates that retirement = and death will shrink the population of working COBOL coders by 13 = percent between 2002 and 2006, even while 15 percent of all new = applications are being written in the language--and quotes the GIGA = Group as predicting that "The most highly paid programmers in the next = ten years are going to be COBOL programmers who know the Internet." Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Thu, 05 Jul 2007 02:04:49 -0700 From: Andrew Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: <1183626289.888981.263580@c77g2000hse.googlegroups.com> On 4 Jul, 23:00, ultra...@gmail.com wrote: > On Jul 4, 12:35 pm, Andrew wrote: > > > Solaris 10 is both more secure than > > Solaris 8 and more resilient/reliable > > so years after your arguments about security/reliability > between OpenVMS and slowaris, you now admit that > slowaris is/was unsecure and less reliable ... > > well Andrew old boy, you can come out with slowaris > 50 and it still not be as reliable and secure as vms ... You seem to be suffering from a compression problem. All OS's including OpenVMS can suffer downtime due to hardware failures and all OS's despite your assertions to the contrary suffer from security vulnerabilities which may require patching. Solaris 10 is simply better in both respects than Solaris 8 and incidentally Solaris 10 is better at surviving platform hardware failures than OpenVMS. Solaris 8 was about the same as OpenVMS is now. Regards Andrew Harrison ------------------------------ Date: 5 Jul 2007 07:14:20 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: In article <1183626289.888981.263580@c77g2000hse.googlegroups.com>, Andrew writes: > all > OS's despite your assertions to the contrary suffer from security > vulnerabilities which may require patching. Try as you might, you just can't force that to be true in quantity as it implies. Design and implemntation are real factors in real software and you can't change that by tracking down some of the few cases of interest to VMS. ------------------------------ Date: Thu, 05 Jul 2007 05:23:30 -0700 From: AEF Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: <1183638210.702955.114850@o61g2000hsh.googlegroups.com> On Jul 4, 12:35 pm, Andrew wrote: > On 3 Jul, 15:40, ultra...@gmail.com wrote: > [...] > Solaris 8 and more resilient/reliable for example Solaris 10 uniquely > can survive the failure of a CPU without producing an outage, OpenVMS > cannot and neither could Solaris 8. The improvements in Solaris 10 > which would be seen as a higher % of HA Solaris servers run 10 are not > factored into this "TCO analysis". Can you please elaborate on "surviving a CPU failure uniquely"? I've had an average of over 27 MicroVAX systems online for almost 7 years now and I can't recall a single CPU failure. Our Stratus can easily survive CPU failure as each CPU board is duplexed. Actually, it never got to a completely failed CPU board on the Stratus. We hot-swap them when the error rate gets uncomfortably high. Also, I can't recall ever seeing any CPU fail on any system. I've seen lots of other things fail, but not a CPU. And please stock up on puncutation characters. Thanks! [...] > > Regards > Andrew Harrison AEF ------------------------------ Date: Thu, 05 Jul 2007 09:20:48 -0700 From: Andrew Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: <1183652448.236342.302800@q69g2000hsb.googlegroups.com> On 5 Jul, 13:23, AEF wrote: > On Jul 4, 12:35 pm, Andrew wrote: > > > On 3 Jul, 15:40, ultra...@gmail.com wrote: > > [...] > > Solaris 8 and more resilient/reliable for example Solaris 10 uniquely > > can survive the failure of a CPU without producing an outage, OpenVMS > > cannot and neither could Solaris 8. The improvements in Solaris 10 > > which would be seen as a higher % of HA Solaris servers run 10 are not > > factored into this "TCO analysis". > > Can you please elaborate on "surviving a CPU failure uniquely"? I've > had an average of over 27 MicroVAX systems online for almost 7 years > now and I can't recall a single CPU failure. Our Stratus can easily > survive CPU failure as each CPU board is duplexed. Actually, it never > got to a completely failed CPU board on the Stratus. We hot-swap them > when the error rate gets uncomfortably high. > On any SMP server with the exception of course of FT platforms such as Tandem and Stratus the failure of a single CPU/bank of memory will always cause the entire system to halt and reboot. This is true for HP- UX, AIX, OpenVMS etc but not as it happens for Solaris 10. On Solaris 10 if the CPU or Memory module in question is not running a kernel thread then the OS does not restart instead the failed process that was running on the CPU and any processes dependent on that process are restarted considerably reducing downtime. On most larger Sun's CPU's/ memory etc are hot pluggable so the filed and blacklisted component can be removed and replace still without any downtime. > Also, I can't recall ever seeing any CPU fail on any system. I've seen > lots of other things fail, but not a CPU. How about memory, I/O controllers etc. Regards Andrew Harrison ------------------------------ Date: 5 Jul 2007 16:52:10 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: <5f4ltqF3a7rgpU2@mid.individual.net> In article <1183638210.702955.114850@o61g2000hsh.googlegroups.com>, AEF writes: > On Jul 4, 12:35 pm, Andrew wrote: >> On 3 Jul, 15:40, ultra...@gmail.com wrote: >> > [...] >> Solaris 8 and more resilient/reliable for example Solaris 10 uniquely >> can survive the failure of a CPU without producing an outage, OpenVMS >> cannot and neither could Solaris 8. The improvements in Solaris 10 >> which would be seen as a higher % of HA Solaris servers run 10 are not >> factored into this "TCO analysis". > > Can you please elaborate on "surviving a CPU failure uniquely"? I've > had an average of over 27 MicroVAX systems online for almost 7 years > now and I can't recall a single CPU failure. Our Stratus can easily > survive CPU failure as each CPU board is duplexed. Actually, it never > got to a completely failed CPU board on the Stratus. We hot-swap them > when the error rate gets uncomfortably high. > > Also, I can't recall ever seeing any CPU fail on any system. I've seen > lots of other things fail, but not a CPU. One of the VAX 7000 we were running here had a CPU fail. Even though there were three more to spare it brought down the system and it would not restart until the errant CPU was removed. It then happily ran (with VMS) on the remaining three. But the one bad one was a complete show- stopper. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 05 Jul 2007 11:59:30 -0500 From: David J Dachtera Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: <468D2372.2D81B9FC@spam.comcast.net> Bill Gunshannon wrote: > > In article <1183638210.702955.114850@o61g2000hsh.googlegroups.com>, > AEF writes: > > On Jul 4, 12:35 pm, Andrew wrote: > >> On 3 Jul, 15:40, ultra...@gmail.com wrote: > >> > > [...] > >> Solaris 8 and more resilient/reliable for example Solaris 10 uniquely > >> can survive the failure of a CPU without producing an outage, OpenVMS > >> cannot and neither could Solaris 8. The improvements in Solaris 10 > >> which would be seen as a higher % of HA Solaris servers run 10 are not > >> factored into this "TCO analysis". > > > > Can you please elaborate on "surviving a CPU failure uniquely"? I've > > had an average of over 27 MicroVAX systems online for almost 7 years > > now and I can't recall a single CPU failure. Our Stratus can easily > > survive CPU failure as each CPU board is duplexed. Actually, it never > > got to a completely failed CPU board on the Stratus. We hot-swap them > > when the error rate gets uncomfortably high. > > > > Also, I can't recall ever seeing any CPU fail on any system. I've seen > > lots of other things fail, but not a CPU. > > One of the VAX 7000 we were running here had a CPU fail. Even though > there were three more to spare it brought down the system and it would > not restart until the errant CPU was removed. It then happily ran (with > VMS) on the remaining three. But the one bad one was a complete show- > stopper. Was it CPU #0 that failed? -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 05 Jul 2007 10:07:05 -0700 From: Andrew Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: <1183655225.179830.79610@q69g2000hsb.googlegroups.com> On 5 Jul, 13:14, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article <1183626289.888981.263...@c77g2000hse.googlegroups.com>, Andrew writes: > > > all > > OS's despite your assertions to the contrary suffer from security > > vulnerabilities which may require patching. > > Try as you might, you just can't force that to be true in quantity > as it implies. Design and implemntation are real factors in real > software and you can't change that by tracking down some of the > few cases of interest to VMS. I am not sure why you think this point is relevant!! Bob has trotted out the TechWise report again (it seems to be an annual event). The report appears to be current but in fact is based on old survey data with re-worked current hardware/TCO numbers. There is no getting away from the fact that since the survey was done the majority of customers have moved from Solaris 8 and 9 to Solaris 10. Some things have changed dramatically in Solaris 10 which would have impacted the survey measurements for availability and security, however since the actual survey was done before most people migrated to 10 none of the improvements will show in the results. There have been no such improvements in OpenVMS the main change has been a migration to Integrity which does not appear to bring any availability or security improvements to an OpenVMS based solution. Of course the real problems with the "study" are: Interesting choices of platform for example choosing the E4900 from Sun rather than the M5000 which is $300K less. Grouping all the failures for each platform as a whole and then applying them to all the platform tiers. Total absence of data on the questions asked in the survey and who responded to the survey. ------------------------------ Date: Thu, 05 Jul 2007 17:43:48 +0000 From: "Paul Raulerson" Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris Message-ID: ----=_vm_0011_W5723410358_14073_1183657428 Content-Type: multipart/alternative; boundary="--=_vm_0016_W5723410358_14073_1183657428" ----=_vm_0016_W5723410358_14073_1183657428 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable A big Huh?! I knew that was true on PC class servers, but I thought all larger system= s were fully redundant. For example, it does not matter what I am running= on the mainframe, if a CPU fails, a spare CPU picks up and completes the= instruction within fractional hunreths of a second. In fact, you would n= ot even know it happened unless you were at the console, or the when the = SE comes in to replace the failed part. Doesn't really have anything to d= o with the OS in other words. I was pretty sure the same was true on the high end Itanium systems. Is t= his not so? -Paul ----=_vm_0016_W5723410358_14073_1183657428 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

A big Huh?!

I knew that was true on PC class servers, but I thought all larger sys= tems were fully redundant. For example, it does not matter what I am runn= ing on the mainframe, if a CPU fails, a spare CPU picks up and completes = the instruction within fractional hunreths of a second. In fact, you woul= d not even know it happened unless you were at the console, or the when t= he SE comes in to replace the failed part. Doesn't really have anything t= o do with the OS in other words.

I was pretty sure the same was true on the high end Itanium systems. I= s this not so?

-Paul

 

----=_vm_0016_W5723410358_14073_1183657428-- ----=_vm_0011_W5723410358_14073_1183657428 Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Content-Disposition: attachment From: "Andrew" To: Info-VAX@Mvb.Saic.Com Message-ID: <1183652448.236342.302800@q69g2000hsb.googlegroups.com> Date: Thu, 5 Jul 2007 16:20:00 +0000 Received: (qmail 23065 invoked by uid 78); 5 Jul 2007 16:26:07 -0000 Received: from unknown (HELO ns-mr12.netsolmail.com) (10.49.16.116) by 0 with SMTP; 5 Jul 2007 16:26:07 -0000 Received: from MVB.SAIC.COM (mvb.saic.com [198.151.12.104]) by ns-mr12.netsolmail.com (8.13.6/8.13.6) with SMTP id l65GQ4Z7029632 for ; Thu, 5 Jul 2007 12:26:07 -0400 X-Newsgroups: comp.os.vms Organization: http://groups.google.com Lines: 39 X-Trace: posting.google.com 1183652448 7135 127.0.0.1 (5 Jul 2007 16:20:48 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Thu, 5 Jul 2007 16:20:48 +0000 (UTC) In-Reply-To: <1183638210.702955.114850@o61g2000hsh.googlegroups.com> User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4,gzip(gfe),gzip(gfe) Complaints-To: groups-abuse@google.com Injection-Info: q69g2000hsb.googlegroups.com; posting-host=62.172.234.2; posting-account=_0R7qA0AAAB4bSRayMvQRs2PrI8KWdli X-Gateway-Source-Info: USENET Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 5 Jul, 13:23, AEF wrote: > On Jul 4, 12:35 pm, Andrew wrote: > > > On 3 Jul, 15:40, ultra...@gmail.com wrote: > > [...] > > Solaris 8 and more resilient/reliable for example Solaris 10 uniquely > > can survive the failure of a CPU without producing an outage, OpenVMS > > cannot and neither could Solaris 8. The improvements in Solaris 10 > > which would be seen as a higher % of HA Solaris servers run 10 are not > > factored into this "TCO analysis". > > Can you please elaborate on "surviving a CPU failure uniquely"? I've > had an average of over 27 MicroVAX systems online for almost 7 years > now and I can't recall a single CPU failure. Our Stratus can easily > survive CPU failure as each CPU board is duplexed. Actually, it never > got to a completely failed CPU board on the Stratus. We hot-swap them > when the error rate gets uncomfortably high. > On any SMP server with the exception of course of FT platforms such as Tandem and Stratus the failure of a single CPU/bank of memory will always cause the entire system to halt and reboot. This is true for HP- UX, AIX, OpenVMS etc but not as it happens for Solaris 10. On Solaris 10 if the CPU or Memory module in question is not running a kernel thread then the OS does not restart instead the failed process that was running on the CPU and any processes dependent on that process are restarted considerably reducing downtime. On most larger Sun's CPU's/ memory etc are hot pluggable so the filed and blacklisted component can be removed and replace still without any downtime. > Also, I can't recall ever seeing any CPU fail on any system. I've seen > lots of other things fail, but not a CPU. How about memory, I/O controllers etc. Regards Andrew Harrison ----=_vm_0011_W5723410358_14073_1183657428-- ------------------------------ Date: Thu, 5 Jul 2007 12:18:27 +0100 From: Anton Shterenlikht Subject: Re: Upgrading Firmware on Itanium FC cards. Message-ID: <20070705111827.GA83446@mech-aslap33.men.bris.ac.uk> On Mon, Jun 25, 2007 at 11:32:54AM -0700, BaxterD@tessco.com wrote: > Also, I was informed > about a possible way to do the HBA update using the EFI Shell on > Itanium. The details are included in the "Emulex FirmWare Update > Manual" > http://www.emulex.com/support/hardware/fwupdate.pdf this document was not very helpful. I just updated the firmware for AB378B (1 channel 4Gb fc hba). This was hard. 1. I got the firmware from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=329290&prodSeriesId=432322&prodNameId=1824064&swEnvOID=54&swLang=8&mode=2&taskId=135&swItem=ux-49434-1 (for other hbas you could try to follow links from e.g. here http://www.hp.com/products1/serverconnectivity/storagesnf2/4gbfibre/specifications/index.html) 2. Unzip the file, read ReleaseNotes.txt - this was very helpful. 3. Burn a cd with the firmware. This was the hard bit. Simply doing mkisofs and cdrecord created an iso cd that was not possible to read under EFI. We had to do something like this: create a MS-DOS partition of type FAT16 # dd if=/dev/zero of=boot/siboot.img bs=1024k count=10 # mkdosfs -F 16 boot/siboot.img # mount -t vfat -o loop boot/siboot.img /mnt1 # cp -av ./cd_files/* /mnt1 similar to these quidelines http://lists.debian.org/debian-ia64/2004/02/msg00015.html and then do mkisofs and cdrecord 4. Then put cd in, 5. maybe you need to do "map -r" from EFI shell 6. from EFI prompt do fs0: and finally do 7. fs0:\> fcd_update4 8. fs0:\> reset that worked for us anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Thu, 05 Jul 2007 06:21:05 -0700 From: "Tom Linden" Subject: Re: Upgrading Firmware on Itanium FC cards. Message-ID: On Thu, 05 Jul 2007 04:18:27 -0700, Anton Shterenlikht = wrote: > On Mon, Jun 25, 2007 at 11:32:54AM -0700, BaxterD@tessco.com wrote: >> Also, I was informed >> about a possible way to do the HBA update using the EFI Shell on >> Itanium. The details are included in the "Emulex FirmWare Update >> Manual" >> http://www.emulex.com/support/hardware/fwupdate.pdf > > this document was not very helpful. I just updated the firmware for > AB378B (1 channel 4Gb fc hba). This was hard. > > 1. I got the firmware from > http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.j= sp?lang=3Den&cc=3Dus&prodTypeId=3D329290&prodSeriesId=3D432322&prodNameI= d=3D1824064&swEnvOID=3D54&swLang=3D8&mode=3D2&taskId=3D135&swItem=3Dux-4= 9434-1 > > (for other hbas you could try to follow links from e.g. here > http://www.hp.com/products1/serverconnectivity/storagesnf2/4gbfibre/sp= ecifications/index.html) > > 2. Unzip the file, read ReleaseNotes.txt - this was very helpful. > > 3. Burn a cd with the firmware. This was the hard bit. > Simply doing mkisofs and cdrecord created an iso cd that was not > possible to read under EFI. > > We had to do something like this: > > create a MS-DOS partition of type FAT16 > # dd if=3D/dev/zero of=3Dboot/siboot.img bs=3D1024k count=3D10 > # mkdosfs -F 16 boot/siboot.img > # mount -t vfat -o loop boot/siboot.img /mnt1 > # cp -av ./cd_files/* /mnt1 > > similar to these quidelines > http://lists.debian.org/debian-ia64/2004/02/msg00015.html > > and then do mkisofs and cdrecord > > 4. Then put cd in, > 5. maybe you need to do "map -r" from EFI shell > 6. from EFI prompt do fs0: and finally do > 7. fs0:\> fcd_update4 > 8. fs0:\> reset > > that worked for us > anton > Wouldn't it have been easier to upgrade on an alpha then pop it into you= r = IA64 box? -- = PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 5 Jul 2007 14:34:48 +0100 From: Anton Shterenlikht Subject: Re: Upgrading Firmware on Itanium FC cards. Message-ID: <20070705133448.GA23487@mech-aslap33.men.bris.ac.uk> On Thu, Jul 05, 2007 at 06:21:05AM -0700, Tom Linden wrote: > On Thu, 05 Jul 2007 04:18:27 -0700, Anton Shterenlikht > > > >4. Then put cd in, > >5. maybe you need to do "map -r" from EFI shell > >6. from EFI prompt do fs0: and finally do > >7. fs0:\> fcd_update4 > >8. fs0:\> reset > > > >that worked for us > >anton > > > Wouldn't it have been easier to upgrade on an alpha then pop it into your > IA64 box? I'm not sure I understand you. How exactly would I do that? The firmware is upgrade utility on IA64 is to be run from EFI. Even if could put the upgrade files on alpha, how would I upgrade the hba on integrity? -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Thu, 05 Jul 2007 07:22:42 -0700 From: "Tom Linden" Subject: Re: Upgrading Firmware on Itanium FC cards. Message-ID: On Thu, 05 Jul 2007 06:34:48 -0700, Anton Shterenlikht wrote: > On Thu, Jul 05, 2007 at 06:21:05AM -0700, Tom Linden wrote: >> On Thu, 05 Jul 2007 04:18:27 -0700, Anton Shterenlikht >> > >> >4. Then put cd in, >> >5. maybe you need to do "map -r" from EFI shell >> >6. from EFI prompt do fs0: and finally do >> >7. fs0:\> fcd_update4 >> >8. fs0:\> reset >> > >> >that worked for us >> >anton >> > >> Wouldn't it have been easier to upgrade on an alpha then pop it into >> your >> IA64 box? > > I'm not sure I understand you. How exactly would I do that? > The firmware is upgrade utility on IA64 is to be run from EFI. Even if > could put the upgrade files on alpha, how would I upgrade the hba on > integrity? > Well, I was making the assumption that the firmware was the same and that the cards were supported on both systems. -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 05 Jul 2007 11:24:24 +0400 From: "Ruslan R. Laishev" Subject: Re: VMS security vulnerability (POP server) Message-ID: <9577ECA761293C77F6B6D9886F6B7033@NNTP.DeltaTel.RU> Hello! > 2. If necessary, tell your client that you're going to use APOP. There is a POP3 with TLS support (TLS is supported by most POP3 clients), just got it and use it, and lost an interest to the problem. -- + WBR, OpenVMS [Sys|Net] HardWorker ............. Skype: SysMan-One + Delta Telecom JSC, IMT-MC-450(CDMA2000) cellular operator Russia,191119,St.Petersburg,Transportny per. 3 Cel: +7 (812) 716-3222 +http://starlet.deltatelecom.ru ............. Frying on OpenVMS only + ------------------------------ Date: Thu, 05 Jul 2007 01:45:49 -0700 From: IanMiller Subject: Re: What happen to the Deathrow cluster Message-ID: <1183625149.748521.92790@57g2000hsv.googlegroups.com> On Jul 5, 5:11 am, "tomarsin2...@comcast.net" wrote: > I tried to connect, but I get a page not available or no route to > host? So if the Deathrow cluster is no more, that brings up a question > or two> > 1. What are the pro/cons or offering free VMS accounts? > 2. Can you mix hobby license/with "real VMS licenses" ie WPS/ > OfficeServer/and yes even PL/1 > 3. Is there even a need for free VMS accounts with so many VAX/Alpha > flooding the market (ebay, come get the Alpha/VAX or its trash etc) > tks > phil The Alphaserver DS10 GEIN has suffered another CPU fan failure. The cluster is not configured for resilience for various reasons. The admins are not located near the cluster and have full time day jobs so have yet to find the time/money to fix the problem. Offering free VMS accounts lets people try VMS without spending money and with little effort. This, I think, makes it more likely people will give VMS a try. If they like VMS and they are willing to do the necessary work then they make choose to acquire a VMS system of their own. Some people may be interested in using VMS but not interesting in running a system. I don't know about mixing licences. There is a hobbyist VMS PL/1 licence available. Places offering Free VMS Accounts: Deathrow Public OpenVMS Cluster http://deathrow.vistech.net/ Encompasserve http://www.encompasserve.org/ Polarhome http://polarhome.com/ Fafner http://fafner.dyndns.org/ ------------------------------ Date: Thu, 5 Jul 2007 10:54:14 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: What happen to the Deathrow cluster Message-ID: In article <1183608700.159244.49960@w5g2000hsg.googlegroups.com>, "tomarsin2015@comcast.net" writes: > I tried to connect, but I get a page not available or no route to > host? I've no idea why. > 1. What are the pro/cons or offering free VMS accounts? You offer something interesting, but have to put work into it. As long as one remains within the rules, it's more a personal question. > 2. Can you mix hobby license/with "real VMS licenses" ie WPS/ > OfficeServer/and yes even PL/1 Technically, yes; legally: ask those responsible. > 3. Is there even a need for free VMS accounts with so many VAX/Alpha > flooding the market (ebay, come get the Alpha/VAX or its trash etc) Anyone who wants a VMS machine at home can have one. However, for many people that is too much work, too much electricity, they don't have the room etc. There ARE end-user types who want to have an account but have neither interest nor ability with regard to system management etc. ------------------------------ Date: Thu, 5 Jul 2007 10:56:37 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: What happen to the Deathrow cluster Message-ID: In article , "Richard Maher" writes: > Last I heard it was a CPU fan, Yes, those CPU fans can be a bit demanding at times. But, hey, that's the price one has to pay for being a popular CPU! Just be glad you don't have to deal with CPU groupies! Gives the terms pipelining, out-of-order execution and, yes, even motherboard a whole new meaning! ------------------------------ Date: 5 Jul 2007 07:25:00 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: What happen to the Deathrow cluster Message-ID: <+H5KPLzC30+8@eisner.encompasserve.org> In article , "Richard Maher" writes: > Hi Phil > > Last I heard it was a CPU fan, but it does seem to be taking some time. > (Having said I personally am yet to donate money, hardware, or time to the > cause so I'm certainly not gonna start whinging just yet :-) > > Cheers Richard Maher As of today I find that gein is alive but will not let you log in yet, (sys$announce specificaly says so). Manson is still not accepting connections. I suspect that some progress is being made. ------------------------------ Date: Thu, 05 Jul 2007 11:08:17 -0500 From: David J Dachtera Subject: Re: What happen to the Deathrow cluster Message-ID: <468D1771.652DE508@spam.comcast.net> IanMiller wrote: > > On Jul 5, 5:11 am, "tomarsin2...@comcast.net" > wrote: > > I tried to connect, but I get a page not available or no route to > > host? So if the Deathrow cluster is no more, that brings up a question > > or two> > > 1. What are the pro/cons or offering free VMS accounts? > > 2. Can you mix hobby license/with "real VMS licenses" ie WPS/ > > OfficeServer/and yes even PL/1 > > 3. Is there even a need for free VMS accounts with so many VAX/Alpha > > flooding the market (ebay, come get the Alpha/VAX or its trash etc) > > tks > > phil > > The Alphaserver DS10 GEIN has suffered another CPU fan failure. The > cluster is not configured for resilience for various reasons. The > admins are not located near the cluster and have full time day jobs so > have yet to find the time/money to fix the problem. > > Offering free VMS accounts lets people try VMS without spending money > and with little effort. This, I think, makes it more likely people > will give VMS a try. > If they like VMS and they are willing to do the necessary work then > they make choose to acquire a VMS system of their own. > Some people may be interested in using VMS but not interesting in > running a system. > > I don't know about mixing licences. There is a hobbyist VMS PL/1 > licence available. > > Places offering Free VMS Accounts: > Deathrow Public OpenVMS Cluster http://deathrow.vistech.net/ > Encompasserve http://www.encompasserve.org/ > Polarhome http://polarhome.com/ > Fafner http://fafner.dyndns.org/ HP http://www.testdrive.hp.com/ -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 05 Jul 2007 11:21:55 GMT From: Chris Sharman Subject: Re: XML for VMS Message-ID: >> I've got an old application which accepts orders via tagged text input >> files. >> Something like: >> >> _order_1001 >> _product_ab10 >> _quantity_30 >> _ink_Black >> _name_Mr Jones >> etc... >> >> I've looked at updating it to handle xml a number of times, but I've >> looked at the available parsers in the past (expat etc), and got >> nowhere. As I recall, I couldn't get expat to compile - did it require gcc rather than decc? Interesting that Bob recommends the hp offering, but Hoff couldn't get it to work. Suggests that I'm not the only one struggling. There seem to be a lot of different ways to achieve the same thing with xml (xslt, sax, dom, ...) and pretty thin documentation on all of them. Sounds like my best bet might be libxslt, preprocessing the xml into my 'legacy' format, then feeding into the original program. Possibly a DTD to specify the new format to business partners. Thanks Chris ------------------------------ Date: Thu, 05 Jul 2007 13:28:57 GMT From: "John E. Malmberg" Subject: Re: XML for VMS Message-ID: Chris Sharman wrote: >>> I've got an old application which accepts orders via tagged text input >>> files. >>> Something like: >>> >>> _order_1001 >>> _product_ab10 >>> _quantity_30 >>> _ink_Black >>> _name_Mr Jones >>> etc... >>> >>> I've looked at updating it to handle xml a number of times, but I've >>> looked at the available parsers in the past (expat etc), and got >>> nowhere. > > > As I recall, I couldn't get expat to compile - did it require gcc rather > than decc? Interesting that Bob recommends the hp offering, but Hoff > couldn't get it to work. ftp://www.encompasserve.org/gnv has expat for OpenVMS Alpha 8.2 pre-compiled, and documentation inside on how to compile it. DECC should be more than adequate to build expat. The above build was using a pre-release of the current GNV, and those updated GNV images for 8.2 and later are also in that directory. I also found that the EXPAT had been previously ported to VMS. I did this port using GNV because I wanted to make sure that it was built to specific standard settings, and I wanted to build all images and run all tests that would be run on a LINUX system. Note that some programs ported from LINUX/UNIX can only deal with STREAM-LF and binary files. -John wb8tyw@qsl.network Personal Opinion Only ------------------------------ Date: Thu, 05 Jul 2007 10:30:56 -0500 From: David J Dachtera Subject: Re: XML for VMS Message-ID: <468D0EB0.F051DB30@spam.comcast.net> ChrisSharman wrote: > > I've got an old application which accepts orders via tagged text input > files. > Something like: > > _order_1001 > _product_ab10 > _quantity_30 > _ink_Black > _name_Mr Jones > etc... > > I've looked at updating it to handle xml a number of times, but I've > looked at the available parsers in the past (expat etc), and got > nowhere. > Any advice for getting started with xml on vms? > I don't want to reinvent the wheel, and I ideally don't want to impose > non-standard rules on my xml input. Nor do I want this to turn into a > big project. > The original program is written in VMS Pascal. I'm competent in C, too, > but I'd prefer to keep the majority of the Pascal code intact. > > Don't have a Java or C++ compiler. Unless I misunderstand XML (an excellent possibility), you should be able to do this in DCL: $READ_LOOP: $ READ/END= ilnm vbl $ XML_TAG = F$ELEM( 1, "_", vbl ) $ XML_VALUE = vbl - "_" - XML_TAG - "_" $ WRITE olnm F$FAO( "!AS", XML_TAG, XML_VALUE, XML_TAG ) $ GOTO READ_LOOP $eof_label: My $0.02... -- David J Dachtera dba DJE Systems http://www.djesys.com/ Unofficial OpenVMS Marketing Home Page http://www.djesys.com/vms/market/ Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/ Unofficial OpenVMS-IA32 Home Page: http://www.djesys.com/vms/ia32/ Unofficial OpenVMS Hobbyist Support Page: http://www.djesys.com/vms/support/ ------------------------------ Date: Thu, 05 Jul 2007 15:42:50 GMT From: Chris Sharman Subject: Re: XML for VMS Message-ID: <_j8ji.128981$hj5.88158@fe2.news.blueyonder.co.uk> David J Dachtera wrote: > Unless I misunderstand XML (an excellent possibility), you should be able to do > this in DCL: You and me both! > $READ_LOOP: > $ READ/END= ilnm vbl > $ XML_TAG = F$ELEM( 1, "_", vbl ) > $ XML_VALUE = vbl - "_" - XML_TAG - "_" > $ WRITE olnm F$FAO( "!AS", XML_TAG, XML_VALUE, XML_TAG ) > $ GOTO READ_LOOP > $eof_label: Indeed - but I'm wanting to read xml, not write it - writing is fairly trivial, as you observe. Thanks Chris ------------------------------ Date: Thu, 05 Jul 2007 11:28:41 -0500 From: "Craig A. Berry" Subject: Re: XML for VMS Message-ID: In article , Chris Sharman wrote: > As I recall, I couldn't get expat to compile - did it require gcc rather > than decc? No. I've compiled it many times with DEC/CPQ/HP C. Expat is ubiquitous on OpenVMS and is included with various other packages such as Mozilla. Whether any given version compiles out of the box without tweaking is an open question. But as Hoff says, libxml2 is being more actively developed. It's also a validating parser and has some nice command-line utilities as well as the libraries that support the API. > Sounds like my best bet might be libxslt, preprocessing the xml into my > 'legacy' format, then feeding into the original program. That seems the most flexible to me since you could always plug in a different transformation method without changing anything else. > Possibly a DTD to specify the new format to business partners. You'll probably want a schema rather than a DTD for data-oriented work like this. -- Posted via a free Usenet account from http://www.teranews.com ------------------------------ Date: Thu, 05 Jul 2007 12:50:09 -0400 From: JF Mezei Subject: Re: XML for VMS Message-ID: <1ad0d$468d216f$cef8887a$5194@TEKSAVVY.COM> Really basic question here: Does the amount of work to install/compile and then learn and build all the structures and routines to use those "read made" XML parsers exceed the amount of time it takes to simply write code to parse the one XML format that you have to parse and take the values directly into your application's structures ? ------------------------------ Date: Thu, 05 Jul 2007 13:45:43 -0400 From: Stephen Hoffman Subject: Re: XML for VMS Message-ID: Chris Sharman wrote: > ...I'm wanting to read xml, not write it... libxml2 (www.xmlsoft.org) is available, current, replete with documentation and source code examples, and under active development with an active mailing list. And it works. It's also integrated into a number of of operating system platforms. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ End of INFO-VAX 2007.364 ************************