INFO-VAX Tue, 10 Jul 2007 Volume 2007 : Issue 374 Contents: Re: Re: A dual processor speedup question Re: A dual processor speedup question Re: A dual processor speedup question Decnet Plus Problem Re: Decnet Plus Problem Re: Delete Key? Re: Delete Key? Re: Delete Key? Re: Delete Key? Re: Delete Key? Re: Delete Key? Re: Delete Key? RE: Delete Key? Re: Delete Key? Re: Delete Key? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? Re: Is VMS losing the Financial Sector, also? RE: Is VMS losing the Financial Sector, also? Re: Itanium serial ports Re: Itanium serial ports Re: Itanium serial ports Re: Itanium serial ports Re: Itanium serial ports Re: July the 4th Re: MX Mail relay Re: MX Mail relay Re: MX Mail relay Re: MX Mail relay Re: MX Mail relay Re: Part number for VMS 7.3-2 Re: RAID (was: Is VMS losing the Financial Sector, also?) Re: RAID (was: Is VMS losing the Financial Sector, also?) Resolved: MX Mail relay Re: Text-Based Newsreader? Re: Text-Based Newsreader? Re: Text-Based Newsreader? Re: Text-Based Newsreader? Re: Text-Based Newsreader? VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: VMS Cluster Questions Re: [OT] July the 4th Re: [OT] July the 4th Re: [OT] July the 4th Re: [OT] July the 4th Re: [OT] July the 4th Re: [OT] July the 4th Re: [OT] July the 4th Re: [OT] July the 4th Re: [OT] July the 4th ---------------------------------------------------------------------- Date: Tue, 10 Jul 2007 10:05:23 +0200 From: "Eberhard Heuser" Subject: Re: Re: A dual processor speedup question Message-ID: <00d501c7c2c9$11cfe200$05072286@vg2> "Colin Butcher" schrieb im Newsbeitrag news:wBski.20900$p8.16745@text.news.blueyonder.co.uk... > What kind of dual-processor IA64 machine do you now have access to? What > kind of machine did you move from? > > Dual-core with shared cache could potentially give you quite a big > speed-up. > A larger cache could potentially give you a big speed-up. A rx2600 1.4 GHz machine. One has two processors, the other only one. > > Maybe one CPU is doing the bulk of the interrupt processing and the other > is > doing User Mode code. There'd be a loss less context switching for your > application happening in that kind of scenario. Are I/Os multithreaded under OpenVMS 8.3? > > There are a lot of possible reasons - the new dual IA64 machine may have > more memory which is being used for caching, it may have different (and > faster IO devices), ... The memory is 2 GB in both cases. > > If you really want to explore it then getting T4 data and seeing the > different CPU modes for each of the CPUs might be instructive. T4 would > also > let you compare IO thtoughput with the previous machine. That's an idea! I will look at these number with the HP avalailability manager. > -- > Cheers, Colin. > Legacy = Stuff that works properly! > > thank you for your comments Eberhard ------------------------------ Date: 10 Jul 2007 07:51:31 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: A dual processor speedup question Message-ID: In article <001501c7c237$5f8e2750$05072286@vg2>, "Eberhard Heuser" writes: > Hi, > > After the installation of OpenVMS 8.3 on a dual I64 machine I ran some > benchmarks and got results that surpised me a bit. > > Though the code is not parallel (mixture of Fortran77 + C) I'm getting > a speedup of up to 80% in comparison to a single processor machine. > The program does alot of disk I/O and this is the main limiting factor. > > Could someone enlighten me why a dual processor system show this > behavior? If you look at the generated code you'll find that DEC heritage compilers are already doing things to take advantage of multiple threads. For Itanium Intel probably helped push that further. None of my code is parallel, either, but what DEC's Fortran and C compilers would do for the dual pipelined EV4 was already impressive back when Alpha was new. ------------------------------ Date: Tue, 10 Jul 2007 10:42:36 -0400 From: Stephen Hoffman Subject: Re: A dual processor speedup question Message-ID: Eberhard Heuser wrote: > Are I/Os multithreaded under OpenVMS 8.3? VAX/VMS V5.0 and later have allowed I/O completion to occur on a processor other than the one that started the I/O. In classic configurations, this I/O completion was the domain of the primary processor. In more recent releases, the ability to target where that I/O occurs has become available. The ability to distribute the I/O completion operations across all processors present was also implemented in V5.0 and due to its tendency to derail applications due to its completion order and speed, though this completion queue had remained latent for some eons. I haven't looked at this for a while, and it might have been pulled. For the mechanism to target I/O to a processor, see Fast Path. http://h71000.www7.hp.com/DOC/82FINAL/5841/5841pro_069.html And T4 does rather better at data collection. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: Tue, 10 Jul 2007 00:19:09 -0700 From: Hibby1 Subject: Decnet Plus Problem Message-ID: <1184051949.235003.217530@n60g2000hse.googlegroups.com> Hi, I've finally decided to come into the 21st century & started to use Decnet Plus. Vax is running OpenVms V6.2 & Decnet Plus version is Decnet/Osi V6.3 Eco17... I've installed the software on a couple of machines to test but on one of them I'm getting the following error (after about 10Hrs of uptime)... Message from user SYSTEM on MAGPIE Event: Reject Sent from: Node LOCAL:.MAGPIE NSP local NSP 49003DAA****** Remote NSAP 49003DAA******* Reason = No Resources Additional Information='48890100000100' Eventuid entituid streamuid Question is What resources is it looking for ? Nothing in autogen to suggest or Accountng... Thanx ------------------------------ Date: Tue, 10 Jul 2007 01:41:44 -0700 From: IanMiller Subject: Re: Decnet Plus Problem Message-ID: <1184056904.986313.135020@r34g2000hsd.googlegroups.com> reached max number of processes, or non-paged pool, or paged pool? ------------------------------ Date: Tue, 10 Jul 2007 08:30:39 +0200 From: "P. Sture" Subject: Re: Delete Key? Message-ID: In article <009101c7c292$a304e810$e90eb830$@com>, "Paul Raulerson" wrote: > This now begins to make sense. It is complicated a little because I normally > use a laptop pc, without a separate keypad. > > I kept trying to remap that key and it insisted on putting commas in the > text and not deleting, until I issued a "set keypad edt" command, and voila- > it started working. Sweet! > > Now for another dumb but related question; is there a "rc" like file for the > editor I can setup so that the editor will automatically issue that command > every time I start it? As an alternative to Jim's solution, you can put the following in your login.com. $ define eve$keypad edt Entered interactively, this command is particularly useful when you don't want to modify any files - for example when you are a guest on someone else's system. If you are installing a brand new system, then I would instead uncomment the corresponding line in SYSLOGICALS.COM that does this system-wide. Please _don't_ define it system-wide on a system with existing users without consulting them first. There's nothing worse than someone mucking around with your editor defaults... -- Paul Sture Sufficiently advanced incompetence is indistinguishable from malice. ------------------------------ Date: Mon, 09 Jul 2007 23:59:05 -0800 From: glen herrmannsfeldt Subject: Re: Delete Key? Message-ID: John E. Malmberg wrote: > Paul Raulerson wrote: (snip) >> But I really REALLY want the delete key to this: >> ABCDEFG >> ^-------- Cursor is here >> >> ABDEFG (snip) > The ASCII character set does not have a code to do that type of delete, > which is to delete the character under the cursor and then shift the > line to fill in. I would say that the effect of ASCII control characters on a terminal is not so well defined to allow or disallow that function. I suppose X'08', BS, is somewhat defined as the cursor moving backspace, but the function of X'7F', delete, is not so well defined. The reason for its name is that it was used to delete characters punched on paper tape by overpunching them, and the computer would ignore them on input. I don't know that even that is part of the ASCII standard, but it was well used in paper tape days. -- glen > That is because ASCII/ANSI terminals traditionally do not keep track of > the characters on the line or the screen. The action of the keys is > totally interpreted by the host. ------------------------------ Date: Tue, 10 Jul 2007 09:40:08 +0200 From: "P. Sture" Subject: Re: Delete Key? Message-ID: In article , glen herrmannsfeldt wrote: > John E. Malmberg wrote: > > Paul Raulerson wrote: > (snip) > > >> But I really REALLY want the delete key to this: > >> ABCDEFG > >> ^-------- Cursor is here > > >> > > >> ABDEFG > > (snip) > > > The ASCII character set does not have a code to do that type of delete, > > which is to delete the character under the cursor and then shift the > > line to fill in. > > I would say that the effect of ASCII control characters on a terminal > is not so well defined to allow or disallow that function. I suppose > X'08', BS, is somewhat defined as the cursor moving backspace, but the > function of X'7F', delete, is not so well defined. The reason for its > name is that it was used to delete characters punched on paper tape by > overpunching them, and the computer would ignore them on input. > I don't know that even that is part of the ASCII standard, but it > was well used in paper tape days. > FWIW, putting X'7F' and X'08' into a file shows the following in EDT: 1234567890 1234567890 123456^H7890 typing that file on a DECterm displays: 1234567890 1234567890 123467890 and IIRC when you put a VT100 into local mode, CTRL-H simply moves the cursor one to the left, except at the beginning of a line. So what the terminal driver does in response to the rubout/backspace key at the end of a field is: move the cursor left display a space move the cursor left If the cursor is positioned in the middle of a field, then on older terminals, the rest of the line is redisplayed. More modern terminals may have the intelligence to do this themselves (does VT200 insert mode do this?). -- Paul Sture ------------------------------ Date: Tue, 10 Jul 2007 09:32:17 +0100 From: "Tim Jackson" Subject: Re: Delete Key? Message-ID: <46934095_1@glkas0286.greenlnk.net> "P. Sture" wrote in message news:paul.sture.nospam-7687AF.08303910072007@mac.sture.ch... > In article <009101c7c292$a304e810$e90eb830$@com>, > "Paul Raulerson" wrote: > >> This now begins to make sense. It is complicated a little because I >> normally >> use a laptop pc, without a separate keypad. >> >> I kept trying to remap that key and it insisted on putting commas in the >> text and not deleting, until I issued a "set keypad edt" command, and >> voila- >> it started working. Sweet! >> >> Now for another dumb but related question; is there a "rc" like file for >> the >> editor I can setup so that the editor will automatically issue that >> command >> every time I start it? > > As an alternative to Jim's solution, you can put the following in your > login.com. > > $ define eve$keypad edt > > Entered interactively, this command is particularly useful when you don't > want to modify any files - for example when you are a guest on someone > else's > system. > > If you are installing a brand new system, then I would instead uncomment > the corresponding line in SYSLOGICALS.COM that does this system-wide. > > Please _don't_ define it system-wide on a system with existing users > without consulting them first. There's nothing worse than someone > mucking around with your editor defaults... > > -- > Paul Sture > > Sufficiently advanced incompetence is indistinguishable from malice. The file Paul is referring to is really called SYLOGICALS.COM and can be found in the SYS$MANAGER directory. ------------------------------ Date: Tue, 10 Jul 2007 10:56:02 +0200 From: "P. Sture" Subject: Re: Delete Key? Message-ID: In article <46934095_1@glkas0286.greenlnk.net>, "Tim Jackson" wrote: > "P. Sture" wrote in message > news:paul.sture.nospam-7687AF.08303910072007@mac.sture.ch... > > In article <009101c7c292$a304e810$e90eb830$@com>, > > "Paul Raulerson" wrote: > > > >> This now begins to make sense. It is complicated a little because I > >> normally > >> use a laptop pc, without a separate keypad. > >> > >> I kept trying to remap that key and it insisted on putting commas in the > >> text and not deleting, until I issued a "set keypad edt" command, and > >> voila- > >> it started working. Sweet! > >> > >> Now for another dumb but related question; is there a "rc" like file for > >> the > >> editor I can setup so that the editor will automatically issue that > >> command > >> every time I start it? > > > > As an alternative to Jim's solution, you can put the following in your > > login.com. > > > > $ define eve$keypad edt > > > > Entered interactively, this command is particularly useful when you don't > > want to modify any files - for example when you are a guest on someone > > else's > > system. > > > > If you are installing a brand new system, then I would instead uncomment > > the corresponding line in SYSLOGICALS.COM that does this system-wide. > > > > Please _don't_ define it system-wide on a system with existing users > > without consulting them first. There's nothing worse than someone > > mucking around with your editor defaults... > > > > -- > > Paul Sture > > > > Sufficiently advanced incompetence is indistinguishable from malice. > > The file Paul is referring to is really called SYLOGICALS.COM and can be > found in the SYS$MANAGER directory. Oops. Thanks for catching that. -- Paul Sture ------------------------------ Date: Tue, 10 Jul 2007 07:52:45 -0400 From: "FredK" Subject: Re: Delete Key? Message-ID: "glen herrmannsfeldt" wrote in message news:gOCdndNDlZHssA7bnZ2dnUVZ_oqmnZ2d@comcast.com... > John E. Malmberg wrote: >> Paul Raulerson wrote: > (snip) > >>> But I really REALLY want the delete key to this: >>> ABCDEFG >>> ^-------- Cursor is here > >>> > >>> ABDEFG > > (snip) > >> The ASCII character set does not have a code to do that type of delete, >> which is to delete the character under the cursor and then shift the line >> to fill in. > > I would say that the effect of ASCII control characters on a terminal > is not so well defined to allow or disallow that function. I suppose > X'08', BS, is somewhat defined as the cursor moving backspace, but the > function of X'7F', delete, is not so well defined. The reason for its > name is that it was used to delete characters punched on paper tape by > overpunching them, and the computer would ignore them on input. > I don't know that even that is part of the ASCII standard, but it > was well used in paper tape days. > > -- glen > > >> That is because ASCII/ANSI terminals traditionally do not keep track of >> the characters on the line or the screen. The action of the keys is >> totally interpreted by the host. > The meaning and use of various codes evolved from the ASR terminals through the early video terminals then the ANSI standardization. Early terminals had both a backspace and a rubout. The question is when video terminals became the norm - what code should be used to do what. Backspace has a specific meaning on output and DEC chose to use DEL which has no output meaning as the video RUBOUT as the default when it designed the VT200 (the VT100 had both). DEC applications embraced this default. UNIX chose to use BS instead of DEL. Applications that took input a character at a time could then know immediately that this meant to delete the previous character or if the user wanted to go back and modify something earlier in the input line. Hence the DEC terminals replaced the name of the key with a Subject: Re: Delete Key? Message-ID: <1184069654.015138.123640@q75g2000hsh.googlegroups.com> On Jul 10, 7:10 am, AEF wrote: > On Jul 9, 11:10 pm, "Paul Raulerson" wrote: > > > > > > > Thank you Jim! -Paul> -----Original Message----- > > > From: Jim Mehlhop [mailto:mehl...@mehlhop.org] > > > Sent: Monday, July 09, 2007 10:39 PM > > > To: Info-...@Mvb.Saic.Com > > > Subject: Re: Delete Key? > > > > There is an initialization file you can put the set keypad edt into > > > > SYS6$ sho log eve$init > > > %SHOW-S-NOTRAN, no translation for logical name EVE$INIT > > > SYS6$ sho def > > > DISK$USER1:[MEHLHOP] > > > SYS6$ create eve$init.eve > > > set keypad edt > > > Exit > > > SYS6$ def/job eve$init sys$login:eve$init.eve > > > > SYS6$ edit xyz.abc > > > > Buffer: XYZ.ABC | Write | Insert > > > | > > > Forward > > > > Executing commands in initialization file: > > > DISK$USER1:[MEHLHOP]EVE$INIT.EVE;1 > > You can also just DEFINE EVE$KEYPAD EDT in your LOGIN.COM. You can > also DEFINE/SYSTEM EVE$KEYPAD EDT in SYLOGIN.COM to define it system > wide, but do that ONLY if it is appropriate for your site. Oops! Make that SYLOGICALS.COM, not SYLOGIN.COM. Sorry. AEF > > [...] > > AEF- Hide quoted text - > > - Show quoted text - ------------------------------ Date: 10 Jul 2007 07:40:56 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: RE: Delete Key? Message-ID: In article <009101c7c292$a304e810$e90eb830$@com>, "Paul Raulerson" writes: > This now begins to make sense. It is complicated a little because I normally > use a laptop pc, without a separate keypad. > > I kept trying to remap that key and it insisted on putting commas in the > text and not deleting, until I issued a "set keypad edt" command, and voila- > it started working. Sweet! > > Now for another dumb but related question; is there a "rc" like file for the > editor I can setup so that the editor will automatically issue that command > every time I start it? help edit /tpu /command You probably want to define tpu$command. ------------------------------ Date: Tue, 10 Jul 2007 14:03:13 +0000 From: "Paul Raulerson" Subject: Re: Delete Key? Message-ID: ----=_vm_0011_W7595732034_9387_1184076193 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable >> Guess I am too used to UNIX, Mainframes, Windows, Macs and such. The >> BACKSPACE key works fine, but the PC/Mac DELETE key is what I was afte= r. >> Darn... Thanks for the information. It was both well written and >> informative. >> -Paul > >Heh, I figured that was your problem. > >What editor do you use? On a regular basis? vim/vi and variants, THE editor from Mark Hessling, = configued to look a lot like XEdit, real Xedit, ISPF, Wang Editor, Word, = and I'm learning EDIT nee EVE, and a little emacs thrown in for spice. I = occasionally use other editors ranging from CANDE to some truely wierd st= uff... :) -Paul ----=_vm_0011_W7595732034_9387_1184076193-- ------------------------------ Date: Tue, 10 Jul 2007 10:49:05 -0800 From: glen herrmannsfeldt Subject: Re: Delete Key? Message-ID: FredK wrote: (snip) > ESC is another of these legacy keys. It is a prefix for a sequence of > following characters - not meant to be a standalone input key in ANSI... > but too many UNIX applications used the key for specific termination or > interruption useage. So applications that parsed input data using ANSI > rules get screwed up. I would have said it was DEC that started using ESC but maybe that is because I used it on DEC systems (such as TECO escape) before unix. It does complicate the use of arrow keys in vi, which generate escape sequences starting with esc, where esc is also the get out of insert mode character. -- glen ------------------------------ Date: Tue, 10 Jul 2007 08:41:10 +0200 From: "P. Sture" Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: In article , JF Mezei wrote: > P. Sture wrote: > > Try it at the DCL prompt :-) > > > > $ exit(2928) > > > Unfortunatly, there is no mapping of the equivalent message code in > HELP/MESSAGE to get more information on this error. > > > Perhaps everyone in the VMS community should send an email to > openvmsdoc@hp.com (is that the one) mentioning the lack of an entry in > he HELP/MESSAGE database for the error code decimal 2928. It is documented towards the bottom of the following page: http://www.parsec.com/openvms/undocumented.php?page=7 Hint: Check your browser title bar while viewing that page :-) -- Paul Sture ------------------------------ Date: Tue, 10 Jul 2007 08:44:44 +0200 From: "P. Sture" Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: In article <4692A8F4.2010903@comcast.net>, "Richard B. Gilbert" wrote: > Ron Johnson wrote: > > On 07/09/07 15:44, AEF wrote: > > [snip] > > > >> > >> A Unix admin who used to work here once claimed he could break into my > >> VMS boxes. I gave him the IP address of one of my test boxes and said > >> go ahead. He never broke in and he never mentioned it again. > > > > > > If VMS were as popular in 2007 as it was in 1987 (when breaking into VMS > > systems was a favorite college pastime), he'd have had a dozen tricks up > > his sleeve. > > > > ca. 1987, a bunch of graduate students in the Aerospace and Mechanical > Sciences Department at Princeton University were reduced the the > expedient of hanging a TV camera under the eaves outside my office > window and focused on my keyboard! I happened to glance out the window > and noticed it. I called the director of the lab. He was a man who > really knew how to kick butt! :-) I never had a problem again! The ultimate password grabber... -- Paul Sture ------------------------------ Date: Tue, 10 Jul 2007 06:40:57 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: > -----Original Message----- > From: Ron Johnson [mailto:ron.l.johnson@cox.net] > Sent: July 10, 2007 1:04 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? >=20 > On 07/09/07 19:08, Main, Kerry wrote: > >> -----Original Message----- > >> From: Ron Johnson [mailto:ron.l.johnson@cox.net] > >> Sent: July 9, 2007 5:10 PM > >> To: Info-VAX@Mvb.Saic.Com > >> Subject: Re: Is VMS losing the Financial Sector, also? > >> [snip ...] > Sound security Architecture and Engineering is all well and good, > but it does no good if the sys admin doesn't make a continual > effort > to ensure that things are "up to snuff". Or is burdened by too > many > other duties. >=20 Like reviewing many security patches each and every month and trying to figure out if they are applicable to their environment and if yes, then planning how they will test and deploy these patches - in conjunction with App support and the BU's? > Often it's just easier (in *effort* and fighting with developers > and > users) to just grant extra privs. >=20 What fight?=20 End users and developers get zero priv's in production. If a developer is even on a prod system it should only be as an end user. I thought that principle was settled eons ago in most large shops. Re: security in general .. Remember that security is all about People, Process and Technology. A chain is only as strong as its weakest link. People and Processes are common to all platforms.=20 Assuming the first two are covered, "Technology" (e.g. OS platform, application decisions etc) is imho, where the biggest weak link often is in terms of security and risks to the business. Regards, Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: 10 Jul 2007 12:43:41 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <5fhd7tF39sf6nU1@mid.individual.net> In article <1184030627.421742.326360@g4g2000hsf.googlegroups.com>, AEF writes: > On Jul 9, 8:58 pm, b...@cs.uofs.edu (Bill Gunshannon) wrote: >> In article , >> Ron Johnson writes: >> >> > On 07/09/07 15:44, AEF wrote: >> > [snip] >> >> >> A Unix admin who used to work here once claimed he could break into my >> >> VMS boxes. I gave him the IP address of one of my test boxes and said >> >> go ahead. He never broke in and he never mentioned it again. >> >> > If VMS were as popular in 2007 as it was in 1987 (when breaking into >> > VMS systems was a favorite college pastime), he'd have had a dozen >> > tricks up his sleeve. >> >> Well, I have always avoided bringing this up, but I guess it is time. >> I have constantly heard the claim that there has never been a virus >> or a trojan on VMS. When I first got to the University we were still > > *I* didn't make that claim. Didn't say you had, I did say I "contantly heard" it. It has been flatly stated here as fact too many times to even count. > Fine, so VMS isn't perfect. Nothing is. So > why bother putting locks on your doors? You'll get broken into anyway, > right? Someone already broke in to such a lock, right? So why bother? > Either get the cheapest POS lock you can find or don't get a lock at > all. Not the point at all. Just pointing out that while VMS is a great OS with many useful features one really has to accept that it has had the same kinds of security problems as other OSes when it was the top dog. If it had reamained the top dog it would be the target today as well. But, it's not. > >> an almost totally VMS academic shop with terminal rooms all over the >> campus. The most common program running on any VMS terminal in any >> of those rooms was the trojan-horse password grabber. Anyone who >> logged into a terminal without first forcing a disconnect and reconnect >> from the DECServer (of course, you had to be a pretty savvy user to >> even know what that meant) was very likely giving their username and >> password to some student. It would have been much worse if it weren't >> for HITMAN which at least limited how long the trojan hung around >> waiting. Yes, that too was around the late 80's timeframe. If VMS > > This was addressed. At one lab I visited you had to press the Break > key to get a Username prompt. This ensured that you got the real VMS > login screen and not a fake one from a password-grabber program. Do > other OSes even have such a feature? (Maybe they do -- I'm just > asking.) Probably depends on the method of connecting. You could do the same thing with most IP terminal servers I worked with back int he days when terminals were still popular. > Like you said about Windows, you can lock it down! So if you > can't blame Windows for break-ins because it wasn't locked down, you > can't blame VMS either, esp. if VMS had that feature when these > password-grabber programs were causing all this trouble! I am not "blaming VMS". I am merely trying to point out that things are not and were not as some people here perceive them. VMS had it's successful attacks. But today, it is just not worth the effort trying to find holes in the OS cause there ain't enough of them around to make any use of the exploits should you discover them. > >> had not become completely irrelevant in the IT world it would now very >> likely have just as many problems as any other popular OS. > > This is just speculation. Maybe so, but just look at the evidence of your own eyes. Let's use Boob's measure. How many CERT's out there for Primos? Yes, it is still being used commerically and with the arrival of what looks like a pretty decent emulator this use may continue for quite some time. How about RSTS? RSX? Any CERT's out there for them? They are still actively being sold as current products. Does this lack of CERT's mean they are totally secure? Maybe we this is the answer. Let's just run these really old OSes cause nobody can hack them. The lack of CERT's proves it. :-) > > I suppose if VMS were as popular as Windows it would blue-screen just > as often, too, eh? Interestingly enough, while we keep hearing about VMS's guaranteed 24/7/365 operation we also frequently hsee posts here from people who have had crashes. Might not be a BSOD, but a crash is a crash. > > Yep, all OSes are created equal .... NOT! Not equal, but all OSes have their own strengths and weakneses and there is no one perfect OS. And probably never will be. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 10 Jul 2007 07:53:46 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: In article <5ff2ksF3bjg8aU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > > I rest my case regarding sys admining Windows. You have obviously not > kept up with what are considered "good practices". You don't run two > anti-virus packages ont he same machine. The recommended wasy of doing > it is to run two different packages. One ont he server and a different > one on the clients. most places settle on one package and run it on > both the servers and clients. Obviously, if the package works at all, > it will never find anything ont he clients as they will be caught on > the server. But running different packages may have the second catch > something that slips by on the server. What kind of crap is that? My clients have plenty of files that the servers have no access to. How could the servers possibly find virii in those files? ------------------------------ Date: 10 Jul 2007 07:56:38 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: In article , Ron Johnson writes: > > $ EXIT (2928) > %SYSTEM-W-FISH, my hovercraft is full of eels Ah, "make love". ------------------------------ Date: 10 Jul 2007 07:59:54 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: In article <5fg3tpF3d7h82U1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > The most common program running on any VMS terminal in any > of those rooms was the trojan-horse password grabber. Fixed in VMS 3.0. Can Windows say the same? ------------------------------ Date: Tue, 10 Jul 2007 09:17:04 -0400 From: "Richard B. Gilbert" Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <469386D0.6020503@comcast.net> Bob Koehler wrote: > In article <5fg3tpF3d7h82U1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > > >>The most common program running on any VMS terminal in any >>of those rooms was the trojan-horse password grabber. > > > Fixed in VMS 3.0. Can Windows say the same? > ISTR the "trojan horse password grabber" being a problem long after V3.0. I believe that "pressing the break key" was added at V4.something. ------------------------------ Date: Tue, 10 Jul 2007 06:39:03 -0700 From: AEF Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <1184074743.471238.147340@p39g2000hse.googlegroups.com> On Jul 10, 8:43 am, b...@cs.uofs.edu (Bill Gunshannon) wrote: > In article <1184030627.421742.326...@g4g2000hsf.googlegroups.com>, > AEF writes: > > > On Jul 9, 8:58 pm, b...@cs.uofs.edu (Bill Gunshannon) wrote: > >> In article , > >> Ron Johnson writes: > > >> > On 07/09/07 15:44, AEF wrote: > >> > [snip] > > >> >> A Unix admin who used to work here once claimed he could break into my > >> >> VMS boxes. I gave him the IP address of one of my test boxes and said > >> >> go ahead. He never broke in and he never mentioned it again. > > >> > If VMS were as popular in 2007 as it was in 1987 (when breaking into > >> > VMS systems was a favorite college pastime), he'd have had a dozen > >> > tricks up his sleeve. > > >> Well, I have always avoided bringing this up, but I guess it is time. > >> I have constantly heard the claim that there has never been a virus > >> or a trojan on VMS. When I first got to the University we were still > > > *I* didn't make that claim. > > Didn't say you had, I did say I "contantly heard" it. It has been > flatly stated here as fact too many times to even count. And if you exlcude Bob's posts does that remain true? :-) > > Fine, so VMS isn't perfect. Nothing is. So > > why bother putting locks on your doors? You'll get broken into anyway, > > right? Someone already broke in to such a lock, right? So why bother? > > Either get the cheapest POS lock you can find or don't get a lock at > > all. > > Not the point at all. Just pointing out that while VMS is a great OS > with many useful features one really has to accept that it has had the > same kinds of security problems as other OSes when it was the top dog. > If it had reamained the top dog it would be the target today as well. > But, it's not. I still think it's better than the others. > >> an almost totally VMS academic shop with terminal rooms all over the > >> campus. The most common program running on any VMS terminal in any > >> of those rooms was the trojan-horse password grabber. Anyone who > >> logged into a terminal without first forcing a disconnect and reconnect > >> from the DECServer (of course, you had to be a pretty savvy user to > >> even know what that meant) was very likely giving their username and > >> password to some student. It would have been much worse if it weren't > >> for HITMAN which at least limited how long the trojan hung around > >> waiting. Yes, that too was around the late 80's timeframe. If VMS > > > This was addressed. At one lab I visited you had to press the Break > > key to get a Username prompt. This ensured that you got the real VMS > > login screen and not a fake one from a password-grabber program. Do > > other OSes even have such a feature? (Maybe they do -- I'm just > > asking.) > > Probably depends on the method of connecting. You could do the same > thing with most IP terminal servers I worked with back int he days when > terminals were still popular. > > > Like you said about Windows, you can lock it down! So if you > > can't blame Windows for break-ins because it wasn't locked down, you > > can't blame VMS either, esp. if VMS had that feature when these > > password-grabber programs were causing all this trouble! > > I am not "blaming VMS". I am merely trying to point out that things > are not and were not as some people here perceive them. VMS had it's > successful attacks. But today, it is just not worth the effort trying > to find holes in the OS cause there ain't enough of them around to make > any use of the exploits should you discover them. OK, so you're saying that VMS has problems, too, and Windows, despite its problems, "can be locked down". Seems to me you're still better off with VMS. > >> had not become completely irrelevant in the IT world it would now very > >> likely have just as many problems as any other popular OS. > > > This is just speculation. > > Maybe so, but just look at the evidence of your own eyes. Let's > use Boob's measure. How many CERT's out there for Primos? Yes, > it is still being used commerically and with the arrival of what > looks like a pretty decent emulator this use may continue for > quite some time. How about RSTS? RSX? Any CERT's out there for > them? They are still actively being sold as current products. > Does this lack of CERT's mean they are totally secure? Maybe we > this is the answer. Let's just run these really old OSes cause > nobody can hack them. The lack of CERT's proves it. :-) I'm not familiar with these examples except that I'm now convinced the number of CERT's alone doesn't prove anything. I'm not talking about the other OSes. I'm talking about VMS. > > I suppose if VMS were as popular as Windows it would blue-screen just > > as often, too, eh? > > Interestingly enough, while we keep hearing about VMS's guaranteed > 24/7/365 operation we also frequently hsee posts here from people > who have had crashes. Might not be a BSOD, but a crash is a crash. I'd think the 24/7/365 would refer to VMSclusters, not standalone machines. I'm sure the rate of crashes per VMS box has always been much lower than the same for Windows boxes. > > Yep, all OSes are created equal .... NOT! > > Not equal, but all OSes have their own strengths and weakneses and there > is no one perfect OS. And probably never will be. > > bill > > -- > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves > b...@cs.scranton.edu | and a sheep voting on what's for dinner. > University of Scranton | > Scranton, Pennsylvania | #include AEF ------------------------------ Date: Tue, 10 Jul 2007 13:55:56 +0000 From: "Paul Raulerson" Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: ----=_vm_0011_W751554055_25209_1184075756 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable .. also, sometimes you *must* grant users extra privs. It does do anyone= any good at all to have a highly secure system that cannot be used. Eith= er for daily tasks, or to develop the applications. Handcuffing a develop= er is sometimes the same thing as deliberately failing a project. Which comes back to what Ron pointed out; you have to have a person being= vigilant and on top of all the activity on the system all the time, or e= lse even the best security *will* be circumvented by desperate users. Or it will be replaced with a less secure system that allows the users to= do their jobs. VMS appears to have a very good balance in this area; users accounts do n= ot seem to be so restricted they are unusable, and system accounts can be= well monitored. Unix is similar. The big difference is with Unix of any flavor, there are so many back-doo= rs and "extras" that you pretty well have to depend upon the security set= up to protect you. No way in the world you can keep on top of it on anyth= ing but a very tiny system, and even that is difficult. (No enforced imag= e accounting.) Example, we had a system get wiped out by an unfriendly hacker once; he o= r she gained root access, went to the root directory, did a "rm -r *", an= d then erased the .history file that might have given us a clue. When we did the restore, we found that there were several mysterious file= s around setuid to root - named "..." - very annoying. I know I had seen= them, but my mind intrepted them as "..". I did not pick up on it and ne= ither did the guy who was supposed to be the system admin until we put ou= r heads together and did a very careful exam of the restored system. Ver= y very easy to miss stuff like that. -Paul ----=_vm_0011_W751554055_25209_1184075756-- ------------------------------ Date: 10 Jul 2007 14:06:52 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <5fhi3sF3clhqmU2@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <5fg3tpF3d7h82U1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > >> The most common program running on any VMS terminal in any >> of those rooms was the trojan-horse password grabber. > > Fixed in VMS 3.0. Can Windows say the same? I'm confused. How do you "fix" someone running a program. (OK, you could "fix" them like you "fix" your dog, but I don't think that was the point.) Are you saying that VMS can now detect that a program is spoofing the login dialog and refuse to run? bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 10 Jul 2007 14:08:16 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <5fhi6gF3clhqmU3@mid.individual.net> In article <469386D0.6020503@comcast.net>, "Richard B. Gilbert" writes: > Bob Koehler wrote: >> In article <5fg3tpF3d7h82U1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >> >> >>>The most common program running on any VMS terminal in any >>>of those rooms was the trojan-horse password grabber. >> >> >> Fixed in VMS 3.0. Can Windows say the same? >> > > ISTR the "trojan horse password grabber" being a problem long after > V3.0. I believe that "pressing the break key" was added at V4.something. Yes, but it relies on the user knowing that. I doubt most would today but they certainly wouldn't have back then. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 10 Jul 2007 14:12:51 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <5fhif3F3clhqmU4@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <5fg3tpF3d7h82U1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > >> The most common program running on any VMS terminal in any >> of those rooms was the trojan-horse password grabber. > > Fixed in VMS 3.0. Can Windows say the same? Actually, I seem to remember finding a password grabber (actually, just a keystroke grabber) on a couple machines in the lab once a long time ago. Yes, it was Windows and yes it was fixed when Windows 98 went away. So, what was the timeframe from the origin of VMS to VMS 3.0? How does it compare to the timeframe from the advent of Windows until NT 3.51 showed up? Then we can see which one fixed it first. :-) Assuming you can tell me how VMS 3.0 stopped someone from running a program that spoofed the login dialog. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 10 Jul 2007 10:31:31 -0400 From: Stephen Hoffman Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: AEF wrote: > I'd think the 24/7/365 would refer to VMSclusters, not standalone > machines. In some environments, clustering is the best approach. In others, configurations of standalone hosts are configured into grids, and/or connected with NFS or other communications, and/or use front-end network processing and straight data replication. (FWIW, NFSv4.1 is preferred over earlier NFS versions due to the addition of embedded distributed locking, though that version of NFS is not available on OpenVMS as yet. NFSv4.1 is an approach toward a loosely-coupled clustering scheme. But I digress.) You don't need to have an OpenVMS Cluster to have high uptime values. Server farms and bulk transfers or distributed databases can work very nicely for certain sorts of applications requiring uptime. Whether that is a collection of OpenVMS hosts all running standalone, or some other configuration of hardware and/or software. Classic OpenVMS Clustering is most definitely useful, though there are also other approaches and other solutions that can potentially be utilized. There are high-uptime cases where clustering is the wrong solution. > I'm sure the rate of crashes per VMS box has always been much lower > than the same for Windows boxes. As for crash rates, when you manage and maintain OpenVMS, Windows, Mac OS X and Linux similarly -- configured and operational and running recent code-bases, and particularly when keep your fingers out of it -- all four typically do fairly well in the area of uptime -- Windows can and does run like a server when you use it and treat it like a server. (Where Windows classically tips over is when it is exposed to unwashed data or when the configuration is churned; the classic partitioning of data and code is quite deliberately lacking within the intended design of Windows.) Of late, Windows, Mac OS X, Linux and OpenVMS systems seemingly reboot more often because of ECOs or due to hardware-level issues than due to software crashes. And I've seen all four suffering from random crashes. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: Tue, 10 Jul 2007 10:48:19 -0400 From: Stephen Hoffman Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: Bill Gunshannon wrote: > In article , > koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >> In article <5fg3tpF3d7h82U1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >> >>> The most common program running on any VMS terminal in any >>> of those rooms was the trojan-horse password grabber. >> Fixed in VMS 3.0. Can Windows say the same? > > I'm confused. How do you "fix" someone running a program. (OK, you could > "fix" them like you "fix" your dog, but I don't think that was the point.) > > Are you saying that VMS can now detect that a program is spoofing the > login dialog and refuse to run? This appears an oblique reference to the secure login mechanism that is permitted by OpenVMS, and that can be selectively enabled. Specifically, "Secure Server". The Windows analog is the three-fingered salute, and that which is enabled by default on current Windows releases. For details on the OpenVMS Secure Server mechanism, see: http://h71000.www7.hp.com/doc/73final/6346/6346pro_017.html -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: Tue, 10 Jul 2007 11:42:18 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBQYXVsIFJhdWxlcnNvbiBbbWFp bHRvOnBhdWxAcmF1bGVyc29ucy5jb21dDQo+IFNlbnQ6IEp1bHkgMTAsIDIwMDcgOTo1NiBBTQ0K PiBUbzogSW5mby1WQVhATXZiLlNhaWMuQ29tDQo+IFN1YmplY3Q6IFJlOiBJcyBWTVMgbG9zaW5n IHRoZSBGaW5hbmNpYWwgU2VjdG9yLCBhbHNvPw0KPiANCj4gLi4gYWxzbywgc29tZXRpbWVzIHlv dSAqbXVzdCogZ3JhbnQgdXNlcnMgZXh0cmEgcHJpdnMuIEl0IGRvZXMgZG8NCj4gYW55b25lIGFu eSBnb29kIGF0IGFsbCB0byBoYXZlIGEgaGlnaGx5IHNlY3VyZSBzeXN0ZW0gdGhhdCBjYW5ub3QN Cj4gYmUgdXNlZC4gRWl0aGVyIGZvciBkYWlseSB0YXNrcywgb3IgdG8gZGV2ZWxvcCB0aGUgYXBw bGljYXRpb25zLg0KPiBIYW5kY3VmZmluZyBhIGRldmVsb3BlciBpcyBzb21ldGltZXMgdGhlIHNh bWUgdGhpbmcgYXMgZGVsaWJlcmF0ZWx5DQo+IGZhaWxpbmcgYSBwcm9qZWN0Lg0KPiANCg0KSSBk aXNhZ3JlZS4NCg0KUmVxdWlyaW5nIHRoZSBncmFudGluZyBvZiBlbGV2YXRlZCBwcml2J3MgZm9y IHVzZXJzIGFuZC9vciBkZXZlbG9wZXJzIGluIHByb2R1Y3Rpb24gaXMgYSBzaWduIG9mIGEgcG9v cmx5IGRldmVsb3BlZCBhcHBsaWNhdGlvbiBvciBwb29ybHkgbWFuYWdlZCBJVCBlbnZpcm9ubWVu dC4NCg0KRGV2ZWxvcGVycyBtaWdodCBrbm93IHRoZSBhcHBsaWNhdGlvbiwgYnV0IHRoZXkgdHlw aWNhbGx5IGhhdmUgbGl0dGxlIHVuZGVyc3RhbmRpbmcgb2YgZm9ybWFsIGNoYW5nZSBtZ210LiBN b3N0IGp1c3Qgd2FudCB0byBtYWtlIHRoZSBmaXggYW5kIGdldCBvbiB3aXRoIHdoYXRldmVyIGVs c2UgdGhleSBoYXZlIHRvIGRvLiBUaGV5IHR5cGljYWxseSBkbyBub3QgdW5kZXJzdGFuZCB0aGVy ZSBtaWdodCBiZSBtb25pdG9yaW5nIGZpbGVzIHRoYXQgbmVlZCB0byBiZSB1cGRhdGVkIGlmIGNl cnRhaW4gZmlsZXMgYXJlIHVwZGF0ZWQsIGFnZW50cyB0aGF0IG5lZWQgdG8gYmUgdHdlYWtlZCAo bGlrZSBzZWN1cml0eSBhZ2VudCB0aGF0IG1vbml0b3JzIGZpbGUgY2hhbmdlcyBldGMpLCBkb2N1 bWVudGF0aW9uIGFuZCB1cGRhdGluZyBvZiBjaGFuZ2UgdGlja2V0cyBhbmQgcGVyaGFwcyBsZXR0 aW5nIG9uIGNhbGwgc3VwcG9ydCB0eXBlcyB0aGF0IHNvbWV0aGluZyBtYXkgaGF2ZSBjaGFuZ2Vk IG9uIG9uZSBzeXN0ZW0sIGJ1dCB0aGF0IHNhbWUgZml4IGhhcyBub3QgYmVlbiBhcHBsaWVkIHRv IGFsbCBvdGhlciBzeXN0ZW1zLg0KDQpJZiBlbGV2YXRlZCByaWdodHMgYXJlIHJlcXVpcmVkLCB0 aGVuIG90aGVyIG1lYW5zIGxpa2UgaW5zdGFsbGluZyBpbWFnZXMgd2l0aCBwcml2J3MgaXMgdGhl IHdheSB0byBnby4gTm90IHN1cmUgd2hhdCB0aGUgZXF1aXZhbGVudCBpcyBvbiBVTklYIG9yIFdp bmRvd3MsIGJ1dCBJIGFtIHN1cmUgdGhleSBtdXN0IGhhdmUgYW4gZXF1aXZhbGVudCBtZWFucyB0 byBkbyB0aGlzLg0KDQoNCj4gV2hpY2ggY29tZXMgYmFjayB0byB3aGF0IFJvbiBwb2ludGVkIG91 dDsgeW91IGhhdmUgdG8gaGF2ZSBhIHBlcnNvbg0KPiBiZWluZyB2aWdpbGFudCBhbmQgb24gdG9w IG9mIGFsbCB0aGUgYWN0aXZpdHkgb24gdGhlIHN5c3RlbSBhbGwgdGhlDQo+IHRpbWUsIG9yIGVs c2UgZXZlbiB0aGUgYmVzdCBzZWN1cml0eSAqd2lsbCogYmUgY2lyY3VtdmVudGVkIGJ5DQo+IGRl c3BlcmF0ZSB1c2Vycy4NCj4gDQoNCldoaWNoIGlzIHRoZSByZXNwb25zaWJpbGl0eSBvZiBPcGVy YXRpb25zIC0gb3BlcmF0b3JzIG1vbml0b3IgbG9nIGZpbGVzIGFuZCByZXBvcnQgaXNzdWVzIHRv IFNlY3VyaXR5IGFuZC9vciBTeXNBZG1pbnMuIEluIGhpZ2hseSBzZWN1cmUgZW52aXJvbm1lbnRz IHRoZSBjaGVja2luZyBvZiBsb2cgZmlsZXMgaXMgZG9uZSBieSBleHRlcm5hbCBncm91cA0KDQo+ IE9yIGl0IHdpbGwgYmUgcmVwbGFjZWQgd2l0aCBhIGxlc3Mgc2VjdXJlIHN5c3RlbSB0aGF0IGFs bG93cyB0aGUNCj4gdXNlcnMgdG8gZG8gdGhlaXIgam9icy4NCj4gDQoNCkFnYWluLCBwcm9wZXJs eSBkZXNpZ25lZCBzb2x1dGlvbnMgZG8gbm90IHJlcXVpcmUgZWxldmF0ZWQgcHJpdidzIHRvIGJl IGRpcmVjdGx5IGdyYW50ZWQgdG8gZW5kIHVzZXJzLiANCg0KPiBWTVMgYXBwZWFycyB0byBoYXZl IGEgdmVyeSBnb29kIGJhbGFuY2UgaW4gdGhpcyBhcmVhOyB1c2Vycw0KPiBhY2NvdW50cyBkbyBu b3Qgc2VlbSB0byBiZSBzbyByZXN0cmljdGVkIHRoZXkgYXJlIHVudXNhYmxlLCBhbmQNCj4gc3lz dGVtIGFjY291bnRzIGNhbiBiZSB3ZWxsIG1vbml0b3JlZC4gVW5peCBpcyBzaW1pbGFyLg0KPiAN Cj4gVGhlIGJpZyBkaWZmZXJlbmNlIGlzIHdpdGggVW5peCBvZiBhbnkgZmxhdm9yLCB0aGVyZSBh cmUgc28gbWFueQ0KPiBiYWNrLWRvb3JzIGFuZCAiZXh0cmFzIiB0aGF0IHlvdSBwcmV0dHkgd2Vs bCBoYXZlIHRvIGRlcGVuZCB1cG9uDQo+IHRoZSBzZWN1cml0eSBzZXR1cCB0byBwcm90ZWN0IHlv dS4gTm8gd2F5IGluIHRoZSB3b3JsZCB5b3UgY2FuIGtlZXANCj4gb24gdG9wIG9mIGl0IG9uIGFu eXRoaW5nIGJ1dCBhIHZlcnkgdGlueSBzeXN0ZW0sIGFuZCBldmVuIHRoYXQgaXMNCj4gZGlmZmlj dWx0LiAoTm8gZW5mb3JjZWQgaW1hZ2UgYWNjb3VudGluZy4pDQo+IA0KPiBFeGFtcGxlLCB3ZSBo YWQgYSBzeXN0ZW0gZ2V0IHdpcGVkIG91dCBieSBhbiB1bmZyaWVuZGx5IGhhY2tlcg0KPiBvbmNl OyBoZSBvciBzaGUgZ2FpbmVkIHJvb3QgYWNjZXNzLCB3ZW50IHRvIHRoZSByb290IGRpcmVjdG9y eSwgZGlkDQo+IGEgInJtIC1yICoiLCBhbmQNCj4gdGhlbiBlcmFzZWQgdGhlIC5oaXN0b3J5IGZp bGUgdGhhdCBtaWdodCBoYXZlIGdpdmVuIHVzIGEgY2x1ZS4NCj4gDQoNCkFnYWluLCB0aGUgbW9y ZSBwZW9wbGUgd2hvIGhhdmUgZWxldmF0ZWQgcHJpdidzIG9uIHRoZSBzeXN0ZW0sIHRoZSBncmVh dGVyIHRoZSBjaGFuY2Ugc29tZXRoaW5nIGxpa2UgdGhpcyBpcyBnb2luZyB0byBoYXBwZW4uDQoN Cj4gV2hlbiB3ZSBkaWQgdGhlIHJlc3RvcmUsIHdlIGZvdW5kIHRoYXQgdGhlcmUgd2VyZSBzZXZl cmFsDQo+IG15c3RlcmlvdXMgZmlsZXMgYXJvdW5kIHNldHVpZCB0byByb290IC0gbmFtZWQgIi4u LiIgIC0gdmVyeQ0KPiBhbm5veWluZy4gSSBrbm93IEkgaGFkIHNlZW4gdGhlbSwgYnV0IG15IG1p bmQgaW50cmVwdGVkIHRoZW0gYXMNCj4gIi4uIi4gSSBkaWQgbm90IHBpY2sgdXAgb24gaXQgYW5k IG5laXRoZXIgZGlkIHRoZSBndXkgd2hvIHdhcw0KPiBzdXBwb3NlZCB0byBiZSB0aGUgc3lzdGVt IGFkbWluIHVudGlsIHdlIHB1dCBvdXIgaGVhZHMgdG9nZXRoZXIgYW5kDQo+IGRpZCBhIHZlcnkg Y2FyZWZ1bCBleGFtIG9mIHRoZSByZXN0b3JlZCBzeXN0ZW0uICBWZXJ5IHZlcnkgZWFzeSB0bw0K PiBtaXNzIHN0dWZmIGxpa2UgdGhhdC4NCj4gDQo+IC1QYXVsDQoNClJlZ2FyZHMNCg0KDQpLZXJy eSBNYWluDQpTZW5pb3IgQ29uc3VsdGFudA0KSFAgU2VydmljZXMgQ2FuYWRhDQpWb2ljZTogNjEz LTU5Mi00NjYwDQpGYXg6IDYxMy01OTEtNDQ3Nw0Ka2VycnlET1RtYWluQVRocERPVGNvbQ0KKHJl bW92ZSB0aGUgRE9UJ3MgYW5kIEFUKSANCg0KT3BlblZNUyAtIHRoZSBzZWN1cmUsIG11bHRpLXNp dGUgT1MgdGhhdCBqdXN0IHdvcmtzLg0KDQoNCg0K ------------------------------ Date: Tue, 10 Jul 2007 12:19:39 -0400 From: JF Mezei Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: <14cb0$4693b1d3$cef8887a$26133@TEKSAVVY.COM> Main, Kerry wrote: > Well, since you have to go back 20+ years to bring up a story about the > last time you heard where OpenVMS was broken into, that is a huge > compliment to OpenVMS !! When was the last time you heard a story about breaking into a OS2 system ? An AMIGA, Commodore PET, Apple II, Data General machine ? Perhaps A Univac ? Borroughs ? ------------------------------ Date: Tue, 10 Jul 2007 16:50:49 +0000 From: "Paul Raulerson" Subject: Re: Is VMS losing the Financial Sector, also? Message-ID: ----=_vm_0011_W8575531884_6023_1184086249 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I can see where your thinking makes sense if you are on a single monolith= ic system, which may be the case in the VMS world. But monolithic systems= , systems used for production and development and testing are not exactly= the norm in my world. :) We normally generate an instance for developers that allows things we do = not allow on production instances, which is where my thinking is coming f= rom. We also generate instances, sometimes "throwaway" instances, for tes= ting and QA purposes. For example, we don't allow normal users or programmmers to through progr= ams willy-nilly into DEBUG on production instances, but we certainly do a= llow programmers to do that on development instances. The point being that developers need different capabilities than users, a= nd users sometime need more permissions than they are granted. In the sec= ond case, elevated privs on a image (it would be setuid or sudo under Uni= x) are good answers. Also, it is more and more common for operator positions to be filled as c= orollary duties by the rest of the IT staff, or at the other extreme, but= secretaries. Most high end sites still have full time and fully trained = experienced operators, but many do not. Insane perhaps, but it is a trend that is happening. -Paul ----=_vm_0011_W8575531884_6023_1184086249 Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Content-Disposition: attachment From: "Main, Kerry" To: Info-VAX@Mvb.Saic.Com Message-ID: Date: Tue, 10 Jul 2007 15:42:00 +0000 Received: (qmail 11343 invoked by uid 78); 10 Jul 2007 16:26:06 -0000 Received: from unknown (HELO ns-mr22.netsolmail.com) (205.178.146.50) by 0 with SMTP; 10 Jul 2007 16:26:06 -0000 Received: from MVB.SAIC.COM (mvb.saic.com [198.151.12.104]) by ns-mr22.netsolmail.com (8.13.6/8.13.6) with SMTP id l6AGQ4Wl026182 for ; Tue, 10 Jul 2007 12:26:05 -0400 X-Newsgroups: comp.os.vms Organization: Info-VAX<==>comp.os.vms Gateway X-Gateway-Source-Info: Mailing List Lines: 65 Subject: RE: Is VMS losing the Financial Sector, also? MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Paul Raulerson [mailto:paul@raulersons.com] > Sent: July 10, 2007 9:56 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? > > .. also, sometimes you *must* grant users extra privs. It does do > anyone any good at all to have a highly secure system that cannot > be used. Either for daily tasks, or to develop the applications. > Handcuffing a developer is sometimes the same thing as deliberately > failing a project. > I disagree. Requiring the granting of elevated priv's for users and/or developers in = production is a sign of a poorly developed application or poorly managed = IT environment. Developers might know the application, but they typically have little und= erstanding of formal change mgmt. Most just want to make the fix and get = on with whatever else they have to do. They typically do not understand t= here might be monitoring files that need to be updated if certain files a= re updated, agents that need to be tweaked (like security agent that moni= tors file changes etc), documentation and updating of change tickets and = perhaps letting on call support types that something may have changed on = one system, but that same fix has not been applied to all other systems. If elevated rights are required, then other means like installing images = with priv's is the way to go. Not sure what the equivalent is on UNIX or = Windows, but I am sure they must have an equivalent means to do this. > Which comes back to what Ron pointed out; you have to have a person > being vigilant and on top of all the activity on the system all the > time, or else even the best security *will* be circumvented by > desperate users. > Which is the responsibility of Operations - operators monitor log files a= nd report issues to Security and/or SysAdmins. In highly secure environme= nts the checking of log files is done by external group > Or it will be replaced with a less secure system that allows the > users to do their jobs. > Again, properly designed solutions do not require elevated priv's to be d= irectly granted to end users. > VMS appears to have a very good balance in this area; users > accounts do not seem to be so restricted they are unusable, and > system accounts can be well monitored. Unix is similar. > > The big difference is with Unix of any flavor, there are so many > back-doors and "extras" that you pretty well have to depend upon > the security setup to protect you. No way in the world you can keep > on top of it on anything but a very tiny system, and even that is > difficult. (No enforced image accounting.) > > Example, we had a system get wiped out by an unfriendly hacker > once; he or she gained root access, went to the root directory, did > a "rm -r *", and > then erased the .history file that might have given us a clue. > Again, the more people who have elevated priv's on the system, the greate= r the chance something like this is going to happen. > When we did the restore, we found that there were several > mysterious files around setuid to root - named "..." - very > annoying. I know I had seen them, but my mind intrepted them as > "..". I did not pick up on it and neither did the guy who was > supposed to be the system admin until we put our heads together and > did a very careful exam of the restored system. Very very easy to > miss stuff like that. > > -Paul Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ----=_vm_0011_W8575531884_6023_1184086249-- ------------------------------ Date: Tue, 10 Jul 2007 12:53:04 -0400 From: "Main, Kerry" Subject: RE: Is VMS losing the Financial Sector, also? Message-ID: > -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@vaxination.ca] > Sent: July 10, 2007 12:20 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Is VMS losing the Financial Sector, also? >=20 > Main, Kerry wrote: > > Well, since you have to go back 20+ years to bring up a story > about the > > last time you heard where OpenVMS was broken into, that is a huge > > compliment to OpenVMS !! >=20 > When was the last time you heard a story about breaking into a OS2 > system ? An AMIGA, Commodore PET, Apple II, Data General machine ? > Perhaps A Univac ? Borroughs ? How many are running in equivalent high profile application environments like running Intels (and other *very* large manufacturing) chip manufacturing or running billions and/or trillions of $'s every day through their systems? Or running some of latest and greatest lottery systems, banking systems, stock exchanges etc .. Hackers and virus writers understand that even if they broke into those OS/2 systems you are talking about, there is no reward as they are not running to much important stuff. The same can not be said for OpenVMS. Simple fact is that while there are huge numbers of potentially "juicy" OpenVMS targets, they typically tend to focus on the easier legacy Windows/ Linux platform targets as cracking OpenVMS is to hard. Not impossible, but just very, very hard. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-592-4660 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT)=20 OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Tue, 10 Jul 2007 06:53:48 GMT From: John Santos Subject: Re: Itanium serial ports Message-ID: <02Gki.1754$YH3.568@trnddc08> Stephen Hoffman wrote: > Jeffrey H. Coffield wrote: > >> I am setting up an OpenVMS Itanium cluster and would like to use the >> serial port on an RX2620 (DB9) to connect to the MSA1000 serial >> console. The cable supplied (RJ45 to DB9) works on a laptop but when I >> plug it in to the Itanium and do a SET HOST/DTE TTA0:, all I get is >> the characters I type echoed back to me. I have already checked the >> baud rate, bits, parity & stop bits. >> >> Any clues? > > > A short is unlikely; this sounds like something weird with the port. > > Have you confirmed TT0: is the port you expect it to be? Have you > tried connecting into that port using a terminal and terminal emulator, > and logged in? Half the battle with serial ports on the Integrity > involved sorting out which one was the console (as it varied, based on > several factors), and which one wasn't. Once you have something > connected, you can SET HOST/DTE into the terminal or the emulator, and > you should see characters arriving in the terminal or emulator display > window. > > The Integrity serial connector I was using with the BD25 port on the > rx2600 was the H8575-E, and the pinout for most DECconnect adapters is > available at http://h71000.www7.hp.com/wizard/padapters.html > > I don't know that the pinout from the MSA1000 is posted anywhere, but > you can use a multimeter to probe the adapter wiring and figure that > out. From that and from the DECconnect stuff, you can confirm the > wiring. (An RJ45 for serial communications? Shudder. Never liked to > see that approach, no matter who used it.) The RJ45 connector is at the MSA1000 end and it isn't actually an RJ45; IIRC it has 10 pins! I plugged the one that came with my customer's MSA1000 directly into a serial port on their Alpha ES40, and it worked fine. The HP guys setting it up also used it to plug into a laptop for configuring, and I think we had it plugged into a terminal for a while. The cable wasn't really long enough, so I scooted over to the near-by Radio Shack and got the only 9-pin extension cable they had, which was only a 6 footer. It worked fine, but still wasn't long enough! We were able to duct-tape it to the floor instead of going across an aisle in mid-air though :-( (Why does Radio Shack always have something very close to what you need, but *never* exactly what you need? A 10-foot cable or longer we could have run under the floor and with plenty of slack at the back of the Alpha to pull it out on its slides easily, but they only had one 6-foot cable...) So it worked fine on an Alpha. Don't know if it will work on an rx2600, but the two serial ports on the back of my rx2620 look like normal 9-pin ports, so it *ought* to work. I did $ set term/perm tta0:/form/lowercase/nobroadcast/dma/noautobaud - /fulldup/notypeahead/line/dev=VT100/speed=19200 in sys$startup_vms.com The speed obviously has to match. Nobroadcast prevents the MSA from seeing reply/all (e.g. system shutdown messages). /Notypeahead prevents chattering, but you have to turn it off before using the port. So I $ allocate tta0: $ set term/type tta0: ! without the /perm $ set host/dte tta0: When done, I deallocate tta0: (or just log off), and it reverts to notypeahead. I don't know how important the other settings are, lost in the mists of time... -------- More info, including DB9 pinout of the MSA1000 cable: Anyway the cust. actually had 2 dual-controller MSA1000s, but the reseller only shipped one cable. Eventually they shipped the other 3, but there was only one available port on the Alpha... (The other was being used for a printer or something.) But they did have a DS90 with a bunch of spare ports (RJ45, this time, real RJ45), so I made them some adapters (RJ45 to DB9) and they hooked up all the MSA consoles using: MSA1000 DS90 After cleaning out MicroCenter's limited supply of RJ45 to DB9M adapters, and busting one of them, I got a bag of 10 of them from a local electronics store, wired them up, and shipped them off to the customer. I had to experiment a bit to discover the correct wiring pattern, and it was hard because I had to wire two of the DB9 pins together. Since I didn't have either a DS90 or an MSA1000 to test with, I had to mess around some with some stand-ins, a DS700 and a couple of modems with DB9 to DB25 adapters. First I checked that a PC with a standard 9-pin port could talk to the modems (or maybe I used a 9-pin serial port on one of my Alphas, I can't remember which) and then used a standard Cat5 patch cable to connect the DS700 to my adapter. It turned out the 2 modems demanded slightly different signals, but I was able to build an adapter that worked with both! Anyway the pinning was: RJ45 DB9 1 Rcv Gnd----+--5 Gnd 3 Tx Gnd-----| (Tie the two grounds together) 2 Rcv-----------2 Rcv 4 CTS-----------8 CTS 5 RTS-----------7 RTS 6 Tx------------3 Tx 7 DTR-----------4 DTR 8 DSR-----------6 DSR 1 DCD (No connection) 9 ??? (No connection) Except for stripping pin 3 and soldering the wire to pin 1, assembling these things was easy, just snap the pins into the appropriate holes in the DB9 shell. Curiously, the two different brands of RJ-DB adapters had the exact same color code for the 8 wires on the RJ side... I wonder if this is standardized? -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 ------------------------------ Date: Tue, 10 Jul 2007 08:00:29 -0400 From: "FredK" Subject: Re: Itanium serial ports Message-ID: "John Santos" wrote in message news:02Gki.1754$YH3.568@trnddc08... > Stephen Hoffman wrote: >> Jeffrey H. Coffield wrote: >> > > $ set term/perm tta0:/form/lowercase/nobroadcast/dma/noautobaud - > /fulldup/notypeahead/line/dev=VT100/speed=19200 > /dma is fairly meaningless since it applies to only very specific old controllers. /fulldup turns on full duplex which should already be the default. /notypeahead prevents the use of the typeahead buffer in terminal driver. /noauto turns off the logic for a unallocated terminal to detect the terminal speed (done by hitting the return key). /line turns on line editing. /lowercase prevents upcasing of input. /form has to do with the intepretation of form feed as linefeed (IIRC). ------------------------------ Date: Tue, 10 Jul 2007 08:06:19 -0400 From: "FredK" Subject: Re: Itanium serial ports Message-ID: "John Santos" wrote in message news:02Gki.1754$YH3.568@trnddc08... > Stephen Hoffman wrote: >> Jeffrey H. Coffield wrote: >> >> A short is unlikely; this sounds like something weird with the port. >> >> Have you confirmed TT0: is the port you expect it to be? Have you >> tried connecting into that port using a terminal and terminal emulator, >> and logged in? Half the battle with serial ports on the Integrity >> involved sorting out which one was the console (as it varied, based on >> several factors), and which one wasn't. Once you have something >> connected, you can SET HOST/DTE into the terminal or the emulator, and >> you should see characters arriving in the terminal or emulator display >> window. >> To me it sounds like either a bad cable or lack of or multiple null modem connections. The Integrity serial ports work as expected except for the one on the management processor (usually on a 3 wire pigtail) which is a "virtual" serial port that is marginally good enough to use as a boot console, but not suitable for use as a communication connection (which is why we try to configure it only if it is used as the boot console serial port). ------------------------------ Date: 10 Jul 2007 08:08:18 -0500 From: briggs@encompasserve.org Subject: Re: Itanium serial ports Message-ID: In article , "FredK" writes: > > "John Santos" wrote in message > news:02Gki.1754$YH3.568@trnddc08... >> Stephen Hoffman wrote: >>> Jeffrey H. Coffield wrote: >>> > >> >> $ set term/perm tta0:/form/lowercase/nobroadcast/dma/noautobaud - >> /fulldup/notypeahead/line/dev=VT100/speed=19200 >> > > /dma is fairly meaningless since it applies to only very specific old > controllers. /fulldup turns on full duplex which should already be the > default. /notypeahead prevents the use of the typeahead buffer in terminal > driver. /noauto turns off the logic for a unallocated terminal to detect > the terminal speed (done by hitting the return key). /line turns on line > editing. /lowercase prevents upcasing of input. /form has to do with the > intepretation of form feed as linefeed (IIRC). /form applies on output and indicates whether the attached device is capable of processing a form feed character properly. With /FORM in place, form feeds are written to the attached device "as is". With /NOFORM, form feeds in the output stream are replaced with an appropriate number of line feeds. The terminal driver tracks the current line number within the current page so that it can produce the right number of line feeds (based on the /PAGE setting). Some applications may use /FORM as a hint that the attached device is capable of processing form feeds. For instance, I believe that the VMS print symbiont looks at /FORM for this purpose. /nobroadcast turns off the display of messages sent to the terminal from OPCOM or with the use of the $BRKTHRU system service. This is often used for printers so that one does not see system reboot warning messages in the middle of the accounts payable report. An important use of /notypeahead is to prevent the terminal from being used to log in to the system. /notypeahead suppresses the unsolicited input AST that would otherwise cause the job controller to start login processing when a user presses a key on an unallocated terminal. As such, it is almost certainly redundant to include /noauto on a terminal that is also set to /notypeahead. If the terminal device is expected to provide input it is important that it be set to /typeahead once an application has allocated the device. If the terminal device is not expected to provide input (e.g. if it is a printer) then /notypeahead is not a problem. ------------------------------ Date: Tue, 10 Jul 2007 10:07:23 -0400 From: Stephen Hoffman Subject: Re: Itanium serial ports Message-ID: FredK wrote: > To me it sounds like either a bad cable I'd thought about that, though O.P. indicates the cable works elsewhere. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: 10 Jul 2007 12:22:33 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: July the 4th Message-ID: <5fhc09F3bf6ohU1@mid.individual.net> In article , Bill Todd writes: > Bill Gunshannon wrote: >> In article , >> Bill Todd writes: >>> Bill Gunshannon wrote: >>>> In article <468dca0b$0$25492$ba620dc5@text.nova.planet.nl>, >>>> Wilm Boerhout writes: >>>>> on 5-7-2007 20:19 Bill Gunshannon wrote... >>>>> >>>>>> Personally, I have changed my opinion. I, too, think we should bring >>>>>> all our troops home. Not just from Iraq and Afghanistan but from Korea, >>>>>> Germany, England and everywhere else outside the US. And we should place >>>>>> them along the north and south borders and keep all foreigners out of >>>>>> the country. Including all those snowbirds with the Quebec license plates >>>>>> who live down here 6 months of the year without paying a penny in taxes >>>>>> and drive on our highways totally ignoring laws like speed limits!! >>>>> Welcome to the land of the free and the home of the brave. So free and >>>>> so brave that you, Bill, like to build fence all around it. >>>> Gee, I thought the rest of the world wanted us to stay out of their >>>> affairs. And here I am suggesting just that. And keeping them out >>>> of ours. >>> There's a significant difference between being a good, non-interfering >>> neighbor and being a reclusive xenophobe, Bill. >> >> "phobe" = "fear". I don't fear foreigners. I am just beginning to >> not like them. > > I have a reasonable acquaintance with Greek roots, Bill, even though I > struggle a bit with their alphabet (since I only learned it for math and > physics). > > But, once again, the dictionary is your friend: we're talking > (American) English here, and the first dictionary I picked up defines > 'xenophobia' as 'fear *or hatred* of strangers or foreigners'. Then I guess the correct term would "freeloader-phobe". Don't know the Greek for that. They probably didn't have the concept. > >> And I certainly see no reason why we should take in >> all the worlds freeloaders. >> >>> It's one thing to "keep >>> out of each other's affairs", and quite another to fence everyone else >>> out, period. >> >> I think the US should have a couple of designated "ports of entry". >> Anyone having a legitimate reason to come here can use them. But >> having wide open borders doesn't provide any advantage to us at all. > > If you believe that there was no advantage to building America, I guess > (since relatively open borders and resulting immigration were, beyond > question, how our country was built and prospered - Yes, but the people who came then came with the idea that they would be Americans and contribute to the country. A majority of those coming today not only have no intention of working (they came because this is the land flowing with milk and honey and the streets are paved with gold!!) for the improv ement of the country. they won't even work for their own improvement. They have no desire or intention of joining the "melting pot" they intend to maintain their own national identity and force us to accept it. And many, like the Canadian snowbirds, just come here for the climate and actually hate us and treat our country with total disdain. > at least after the > earlier waves stole it from the native population). Another red herring. The "native americans" were no more native than the europeans. They just got here a little earlier. > > And current immigrants provide a great deal of what continuing dynamism > we still have, given how fat, lazy, and self-centered such a large > portion of our longer-term ethnicities have become. Hell, you work in a > college - you can see one significant aspect of it first-hand. Must not know much about college. While some students do little if anything, going to school at the college level is no picnic. I have current, first-hand experience to prove it. > > ... > >>> The disturbing part is that China already *has* so much of our money >>> (both physically, and in IOUs - and one major U.S. default on >>> international debt is all it would take to plunge the dollar into the >>> toilet for real). >> >> Or start tariffing Chinese garbage like other countries do our stuff. > > Which would primarily hurt the low-wage American consumer: is that > really the solution you think is appropriate? I guess it depends on wether your are looking at the short-term or the long-term. We alwys seem to complain (especially here) about corporate america not looking beyond the short-term, but apparently, neither does the common man. > > ... > >>> We are either >>>> imperialists or provincials. >>> No: we're both. >> >> Bill, I don't understand why you haven't moved to Canada. > > You don't understand a great deal, but that doesn't stop you from > pontificating incompetently about it. > > You have >> hated everything about this country since you were a child. > > Wrong again (but assuming that you have any idea how I felt over time is > yet another indication of your over-reaching arrogance): My arrogance!!! Hahahahahahahahahaha You have repeatedly expressed your dislike of everything this country has done and proudly stated you have been doing it since you were a a youth. One would have to have been blind and deaf to not know how you feel about it. > I grew up > loving and honoring this country for what I was taught it stood for, and > even managed to believe that Vietnam and Watergate were aberrations > (when in fact it later turned out to be the reactions to them that were > aberrations). I doubt you understand anything about VietNam beyond the movie Platoon. Watergate is another issue entirely. Engineered and caused by someone who had a history (for those who are actually willing to look at him beyond what the newpapers print) of bending and breaking the law in order to further his own position long before he set foot in the White House. The period of time involving that one person (and it predates Watergate by more than a decade) has probably contributed more to the changes, for the worse, in this country than any other event. > > I can't >> imagine why you stay. > > Because I still consider it my country and my responsibility, and I'm > damn well not going to leave it to the ministrations of the likes of you. I have fought to defend this country "from all enemies foreign and domestic" since you were a child. Don't pontificate to me. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 10 Jul 2007 07:10:31 -0000 From: kiwi-red Subject: Re: MX Mail relay Message-ID: <1184051431.906353.90910@z28g2000prd.googlegroups.com> Pretty sure that turning off relay will stop you sending SMTP kiwi On Jul 10, 11:29 am, "Tom Linden" wrote: > Have a POP3 user accesses via Comcast cable, able to receive, but can't > send mail using Outlook > > Have following > > SMTP server settings: > Allow VRFY commands: disabled > Act as SMTP relay for any host: disabled [SHOW LOCAL_DOMAINS lists hosts] > Validate sender's domain name: enabled > Allow percent-hacked addresses: disabled > CRAM-MD5 SMTP authentication: disabled > PLAIN SMTP authentication: enabled > Realtime Blackhole List check: enabled > RBL domains to check: > > The user has a VMS account and the Outlook settings are correct for both > incoming and outgoing servers, with user name and password. > > Running MX5.4 under loadbroker on 7.3-1 thru 8.3 tried turning on > debugging to see why the server was not accepting the outgoing message > > %SYSMAN-I-OUTPUT, command execution on node FREJA > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command > execution on node NORNS > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command > execution on node HAFNER > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command > execution on node ODIN > > to look at the log files after attempting to send a message, but I didn't > find any new log files. > > Any Ideas? > > I suspect the relay settings aren't right, I think it needs to be enabled > and rely on authenication. > -- > PL/I for OpenVMSwww.kednos.com ------------------------------ Date: Tue, 10 Jul 2007 10:54:32 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: MX Mail relay Message-ID: In article , "Tom Linden" writes: > > >Have a POP3 user accesses via Comcast cable, able to receive, but can’t >send mail using Outlook > >Have following > >SMTP server settings: > Allow VRFY commands: disabled > Act as SMTP relay for any host: disabled [SHOW LOCAL_DOMAINS lists hosts] > Validate sender's domain name: enabled > Allow percent-hacked addresses: disabled > CRAM-MD5 SMTP authentication: disabled > PLAIN SMTP authentication: enabled > Realtime Blackhole List check: enabled > RBL domains to check: > >The user has a VMS account and the Outlook settings are correct for both >incoming and outgoing servers, with user name and password. > >Running MX5.4 under loadbroker on 7.3-1 thru 8.3 tried turning on >debugging to see why the server was not accepting the outgoing message > >%SYSMAN-I-OUTPUT, command execution on node FREJA > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >execution on node NORNS > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >execution on node HAFNER > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >execution on node ODIN > >to look at the log files after attempting to send a message, but I didn't >find any new log files. > >Any Ideas? > >I suspect the relay settings aren't right, I think it needs to be enabled >and rely on authenication. Comcast Cable Internet??? Nearly all of the broadband providers have put blocks on port 25 to thwart SPAMmers. I'd bet that your user can connect to their provider's (Comcast's) SMTP server but I doubt they will be able to connect to yours. Have the user try to TELNET to port 25 on your machine to see if they get any response at all. I'll wager that they will not be able to because of Comcast firewalling. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" ------------------------------ Date: Tue, 10 Jul 2007 11:08:03 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: MX Mail relay Message-ID: In article <1184051431.906353.90910@z28g2000prd.googlegroups.com>, kiwi-red writes: > > >Pretty sure that turning off relay will stop >you sending SMTP > >kiwi > > > >On Jul 10, 11:29 am, "Tom Linden" wrote: >> Have a POP3 user accesses via Comcast cable, able to receive, but can't >> send mail using Outlook >> >> Have following >> >> SMTP server settings: >> Allow VRFY commands: disabled >> Act as SMTP relay for any host: disabled [SHOW LOCAL_DOMAINS lists hosts] >> Validate sender's domain name: enabled >> Allow percent-hacked addresses: disabled >> CRAM-MD5 SMTP authentication: disabled >> PLAIN SMTP authentication: enabled >> Realtime Blackhole List check: enabled >> RBL domains to check: >> >> The user has a VMS account and the Outlook settings are correct for both >> incoming and outgoing servers, with user name and password. >> >> Running MX5.4 under loadbroker on 7.3-1 thru 8.3 tried turning on >> debugging to see why the server was not accepting the outgoing message >> >> %SYSMAN-I-OUTPUT, command execution on node FREJA >> "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >> execution on node NORNS >> "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >> execution on node HAFNER >> "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >> execution on node ODIN >> >> to look at the log files after attempting to send a message, but I didn't >> find any new log files. >> >> Any Ideas? >> >> I suspect the relay settings aren't right, I think it needs to be enabled >> and rely on authenication. >> -- >> PL/I for OpenVMSwww.kednos.com I have mine pretty well locked down. From a client's machine (client has T1 service), I can telnet to port 25 of my server: $ TELNET/PORT=25 TMESIS.COM %TELNET-I-TRYING, Trying ... 64.253.47.113 %TELNET-I-SESSION, Session 01, host tmesis.com, port 25 220 A533U2-10.TMESIS.COM (MX V5.4 AnHn) ESMTP server ready at Tue, 10 Jul 2007 However, if I attempt the same using my cable modem service, I get: $ ssh VAXman@pb17 Password: wouldn'tyouliketoknow? Authentication successful. Last login: Mon Jul 9 15:20:06 2007 Welcome to Darwin! [~] % telnet tmesis.com 25 Trying 64.253.47.113... telnet: connect to address 64.253.47.113: Operation timed out telnet: Unable to connect to remote host [~] % Why? Because most of the major broadband providers have place a block on port 25 outbound. Subscribers to these services must use their provider's SMTP servers if they want email. I think Tom's best solution would be to tunnel POP and SMTP by having his remote user log in via ssh (probably puTTY as I'll bet that this user is using Weendoze). The port forwarding can be made automatic using the ssh config files; however, I don't know if that works with puTTY. It may be that the port forwarding may need to be instantiated in the puTTY connect. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" ------------------------------ Date: Tue, 10 Jul 2007 07:19:29 -0700 From: "Tom Linden" Subject: Re: MX Mail relay Message-ID: On Tue, 10 Jul 2007 03:54:32 -0700, VAXman- <@SendSpamHere.ORG> wrote: > In article , "Tom Linden" > writes: >> >> >> Have a POP3 user accesses via Comcast cable, able to receive, but >> can’t >> send mail using Outlook >> >> Have following >> >> SMTP server settings: >> Allow VRFY commands: disabled >> Act as SMTP relay for any host: disabled [SHOW LOCAL_DOMAINS lists >> hosts] >> Validate sender's domain name: enabled >> Allow percent-hacked addresses: disabled >> CRAM-MD5 SMTP authentication: disabled >> PLAIN SMTP authentication: enabled >> Realtime Blackhole List check: enabled >> RBL domains to check: >> >> The user has a VMS account and the Outlook settings are correct for both >> incoming and outgoing servers, with user name and password. >> >> Running MX5.4 under loadbroker on 7.3-1 thru 8.3 tried turning on >> debugging to see why the server was not accepting the outgoing message >> >> %SYSMAN-I-OUTPUT, command execution on node FREJA >> "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >> execution on node NORNS >> "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >> execution on node HAFNER >> "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command >> execution on node ODIN >> >> to look at the log files after attempting to send a message, but I >> didn't >> find any new log files. >> >> Any Ideas? >> >> I suspect the relay settings aren't right, I think it needs to be >> enabled >> and rely on authenication. > > Comcast Cable Internet??? Nearly all of the broadband providers have put > blocks on port 25 to thwart SPAMmers. I'd bet that your user can connect > to their provider's (Comcast's) SMTP server but I doubt they will be able > to connect to yours. > > Have the user try to TELNET to port 25 on your machine to see if they get > any response at all. I'll wager that they will not be able to because of > Comcast firewalling. > Not sure what I am seeing, TELNET to port 25 gives me a window, which echoes back my keystrokes, but that is it. SSH to port 25 gives a dead window -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Tue, 10 Jul 2007 11:05:58 -0400 From: "David Turner, Island Computers" Subject: Re: MX Mail relay Message-ID: Try using another port for SMTP The block is only on port 25 "Tom Linden" wrote in message news:op.tu76fft88vlggw@murphus.linden... > Have a POP3 user accesses via Comcast cable, able to receive, but can't > send mail using Outlook > > Have following > > SMTP server settings: > Allow VRFY commands: disabled > Act as SMTP relay for any host: disabled [SHOW LOCAL_DOMAINS lists > hosts] > Validate sender's domain name: enabled > Allow percent-hacked addresses: disabled > CRAM-MD5 SMTP authentication: disabled > PLAIN SMTP authentication: enabled > Realtime Blackhole List check: enabled > RBL domains to check: > > The user has a VMS account and the Outlook settings are correct for both > incoming and outgoing servers, with user name and password. > > Running MX5.4 under loadbroker on 7.3-1 thru 8.3 tried turning on > debugging to see why the server was not accepting the outgoing message > > %SYSMAN-I-OUTPUT, command execution on node FREJA > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command > execution on node NORNS > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command > execution on node HAFNER > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, command > execution on node ODIN > > to look at the log files after attempting to send a message, but I didn't > find any new log files. > > Any Ideas? > > I suspect the relay settings aren't right, I think it needs to be enabled > and rely on authenication. > -- > PL/I for OpenVMS > www.kednos.com ------------------------------ Date: 10 Jul 2007 07:44:42 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Part number for VMS 7.3-2 Message-ID: In article <_Yqki.23199$Fc.3426@attbi_s21>, "John E. Malmberg" writes: > > I had that happen with a Pontiac Phoenix. Apparently some of the parts > are different based on the serial number in the VIN and this was not in > the parts guide. Having the VIN for certain parts has been around for a long time. There might be no other way for your parts department to know which part you need. But you didn't need the part number to buy the whole car, did you? If the OP had a system and needed a serial number dependent part, that would be different. He's trying to buy the whole VMS. ------------------------------ Date: Tue, 10 Jul 2007 08:49:36 +0200 From: "P. Sture" Subject: Re: RAID (was: Is VMS losing the Financial Sector, also?) Message-ID: In article , Ron Johnson wrote: > On 07/09/07 14:21, Ken Fairfield wrote: > [snip] > > > > The second reason is to improve I/O throughput. We had problem > > disks (single spindles) where the I/O queue average would be > > over 3.0 (I think it was pushing 4.0 before we fixed it.). By > > putting that volume on a 3-member stripe set, the average I/O queue > > was reduced to below 1.0. (You tend to do better than the simple > > arithmetic would indicate since you avoid the really pathological > > excursions that skew the average.) > > And when one of those stripeset members turns turtle, you've lost > all your data. But we were discussing how to use striping in conjunction with shadowing. So when one of those stripeset members turns turtle, the second shadowed member underneath the stripeset is still there to support it. -- Paul Sture ------------------------------ Date: 10 Jul 2007 07:54:58 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: RAID (was: Is VMS losing the Financial Sector, also?) Message-ID: <8q2JG3j5huch@eisner.encompasserve.org> In article <46927097.40108@comcast.net>, "Richard B. Gilbert" writes: > > Oh the joys of the early video terminals. No two models, even from the > same manufacturer, used the same set of control codes. It was only > AFTER the VT100 that manufacturers began to standardize. Yep, once again DEC had it first and everybody else cloned it. ------------------------------ Date: Tue, 10 Jul 2007 08:32:04 -0700 From: "Tom Linden" Subject: Resolved: MX Mail relay Message-ID: Turns out that one or more of the RBL's I was checking was defunct and it confused MX. reducing it to RBL domains to check: BL.SPAMCOP.NET CBL.ABUSEAT.ORG cleared the problem. Tom On Mon, 09 Jul 2007 18:29:29 -0700, Tom Linden wrote: > Have a POP3 user accesses via Comcast cable, able to receive, but can’t > send mail using Outlook > > Have following > > SMTP server settings: > Allow VRFY commands: disabled > Act as SMTP relay for any host: disabled [SHOW LOCAL_DOMAINS lists > hosts] > Validate sender's domain name: enabled > Allow percent-hacked addresses: disabled > CRAM-MD5 SMTP authentication: disabled > PLAIN SMTP authentication: enabled > Realtime Blackhole List check: enabled > RBL domains to check: > > The user has a VMS account and the Outlook settings are correct for both > incoming and outgoing servers, with user name and password. > > Running MX5.4 under loadbroker on 7.3-1 thru 8.3 tried turning on > debugging to see why the server was not accepting the outgoing message > > %SYSMAN-I-OUTPUT, command execution on node FREJA > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, > command execution on node NORNS > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, > command execution on node HAFNER > "MX_SMTP_DEBUG" = "TRUE" (LNM$SYSTEM_TABLE) %SYSMAN-I-OUTPUT, > command execution on node ODIN > > to look at the log files after attempting to send a message, but I > didn't find any new log files. > > Any Ideas? > > I suspect the relay settings aren't right, I think it needs to be > enabled and rely on authenication. -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Tue, 10 Jul 2007 08:48:53 GMT From: John Santos Subject: Re: Text-Based Newsreader? Message-ID: Christoph Gartmann wrote: > In article , VAXman- @SendSpamHere.ORG writes: > >>In article , gartmann@nonsense.immunbio.mpg.de (Christoph Gartmann) writes: >> >>> >>>Hello, >>> >>>is there any newer non-graphical (command-line driven) newsreader for OpenVMS? >> >>Newsrdr > > > This is what I am currently using. But it has some bugs and dates from 1998. > > Regards, > Christoph Gartmann > VMS PINE (on the FREEWARE, somewhere, IIRC) reads news, but it doesn't support authorization, so you can't use it if your server requires a password. -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 ------------------------------ Date: Tue, 10 Jul 2007 10:46:51 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Text-Based Newsreader? Message-ID: In article , gartmann@nonsense.immunbio.mpg.de (Christoph Gartmann) writes: > > >In article , VAXman- @SendSpamHere.ORG writes: >>In article , gartmann@nonsense.immunbio.mpg.de (Christoph Gartmann) writes: >>> >>> >>>Hello, >>> >>>is there any newer non-graphical (command-line driven) newsreader for OpenVMS? >> >>Newsrdr > >This is what I am currently using. But it has some bugs and dates from 1998. Do you have the source? What bugs? I've modified Newsrdr over the years q to deal with issues with my news provider. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" ------------------------------ Date: Tue, 10 Jul 2007 11:04:36 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Text-Based Newsreader? Message-ID: In article , gartmann@nonsense.immunbio.mpg.de (Christoph Gartmann) writes: > is there any newer non-graphical (command-line driven) newsreader for OpenVMS? I have been using NEWSRDR for 15 years. It is written by Matt Madison, of MadGoat Software fame. It has an interface similar to VMS MAIL. That, coupled with the ability to define keys (also like in VMS MAIL) makes it my newsreader of choice. Normally, I use a proper keyboard and the numeric keypad has the most common commands (like in VMS MAIL, in the debugger etc) and I have defined things to make it as similar to VMS MAIL as possible. There is also a HELP file, the ability to type in commands (handy when one has to use a strange keyboard where the key definitions might not work) and even BOOKREADER documentation. There is a system-wide startup file for setting preferences, and in addition each user can set his own preferences (e.g. by defining logical names). What more could one want? It is written in C and runs on VAX and ALPHA. ------------------------------ Date: Tue, 10 Jul 2007 12:03:58 +0000 (UTC) From: gartmann@nonsense.immunbio.mpg.de (Christoph Gartmann) Subject: Re: Text-Based Newsreader? Message-ID: In article , VAXman- @SendSpamHere.ORG writes: >Do you have the source? What bugs? I do have the sources. I noticed the following bugs: - The end of a thread is ignored if the last article of the thread is the newest of the current session in the specific newsgroup. - If you reply to posts that exceed a certain depth in the thread NEWSRDR truncates the "Reference"-header. - If there is an article with an empty subject line all articles belong to this empty thread. - There are more and more Postings with quoted-printable encoded subjects. These break NEWSRDR's threading capability. Regards, Christoph Gartmann -- Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452 Immunbiologie Postfach 1169 Internet: gartmann@immunbio dot mpg dot de D-79011 Freiburg, Germany http://www.immunbio.mpg.de/home/menue.html ------------------------------ Date: 10 Jul 2007 07:47:41 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Text-Based Newsreader? Message-ID: In article , gartmann@nonsense.immunbio.mpg.de (Christoph Gartmann) writes: > Hello, > > is there any newer non-graphical (command-line driven) newsreader for OpenVMS? > > Regards, > Christoph Gartmann "newer"? I'm using ANU and it seems quite fine. I've also access to another when Deathrow is up, but I'm not sure what it's called. ------------------------------ Date: Tue, 10 Jul 2007 03:42:07 -0700 From: GenericSYS Subject: VMS Cluster Questions Message-ID: <1184064127.278542.21440@d55g2000hsg.googlegroups.com> Hi, I was hoping some kind folks could have a look at a problem/ situation for me and suggest a method to implement the requirements. I'll just add that VMS knowledge in our team and knowledge of our environment is limited. Most of this configuration was put in place by people who have left long ago, and we do struggle to fill the gaps in knowledge at times. We have a three-node cluster, two alphas running OpenVMS V6.2-1H3 and a VAX running OpenVMS V6.2. The VAX is only present to provide a quorum vote. Both alphas are connected to their own HSZ40 storage solutions (dual controller), and we also have FDDI as a cluster connection. We also have TCPware, DECnet and LAT protocols in use on our site. I have a requirement to simplify this configuration with minimal cost. The approach I was hoping to use would be remove the VAX from the cluster, bring both systems into one of our server rooms (removing the disaster tolerance but maintaining fault tolerance), utilise only one of the HSZ40's for some variety of shared storage, and most importantly removing the FDDI from the configuration, since knowledge of this component at hardware and software level is non-existent. Could anyone comment on if this is a possibility or suggest an alterative, and suggest a general method to achieve this? If any more information is required please let me know and I'll try to provide. Cheers ------------------------------ Date: Tue, 10 Jul 2007 12:28:43 +0100 From: "R.A.Omond" Subject: Re: VMS Cluster Questions Message-ID: GenericSYS wrote: > Hi, I was hoping some kind folks could have a look at a problem/ > situation for me and suggest a method to implement the requirements. > I'll just add that VMS knowledge in our team and knowledge of our > environment is limited. Most of this configuration was put in place > by people who have left long ago, and we do struggle to fill the gaps > in knowledge at times. > > We have a three-node cluster, two alphas running OpenVMS V6.2-1H3 and > a VAX running OpenVMS V6.2. The VAX is only present to provide a > quorum vote. Both alphas are connected to their own HSZ40 storage > solutions (dual controller), and we also have FDDI as a cluster > connection. We also have TCPware, DECnet and LAT protocols in use on > our site. > > I have a requirement to simplify this configuration with minimal > cost. The approach I was hoping to use would be remove the VAX from > the cluster, bring both systems into one of our server rooms (removing > the disaster tolerance but maintaining fault tolerance), utilise only > one of the HSZ40's for some variety of shared storage, and most > importantly removing the FDDI from the configuration, since knowledge > of this component at hardware and software level is non-existent. > > Could anyone comment on if this is a possibility or suggest an > alterative, and suggest a general method to achieve this? If any more > information is required please let me know and I'll try to provide. Oh dear, oh dear ... before I (or any other volunteer) get "into" this, your existing setup sounds pretty simple already. Can you perhaps expand a bit on what this "requirement to simplify" is, and pertinently where the "requirement" is coming from ? What are you really hoping to achieve ? A reduction in power costs ? The suggestion to remove FDDI from the configuration is based on ignorance; there's no need whatsoever to eliminate it. And the notion of utilising only one of the HSZ40s is bringing in an unnecessary single-point-of-failure which, you can bet your bottom Euro, is going to bite you sooner rather than later, and for what ? I get the impression from your name that you're probably based somewhere in Europe; the company I work for (UK-based) would be perfectly happy to provide you with assistance, as, I'm sure, many others would be. Of course for a "small" remuneration ;-) ------------------------------ Date: Tue, 10 Jul 2007 05:05:37 -0700 From: GenericSYS Subject: Re: VMS Cluster Questions Message-ID: <1184069137.442187.129540@n2g2000hse.googlegroups.com> On Jul 10, 12:28 pm, "R.A.Omond" wrote: > Oh dear, oh dear ... before I (or any other volunteer) get "into" > this, your existing setup sounds pretty simple already. > > Can you perhaps expand a bit on what this "requirement to simplify" > is, and pertinently where the "requirement" is coming from ? > > What are you really hoping to achieve ? A reduction in power costs ? > > The suggestion to remove FDDI from the configuration is based on > ignorance; there's no need whatsoever to eliminate it. And the > notion of utilising only one of the HSZ40s is bringing in an > unnecessary single-point-of-failure which, you can bet your > bottom Euro, is going to bite you sooner rather than later, > and for what ? > > I get the impression from your name that you're probably based > somewhere in Europe; the company I work for (UK-based) would > be perfectly happy to provide you with assistance, as, I'm sure, > many others would be. Of course for a "small" remuneration ;-) Hi Roy, Thanks for the reply. At the moment the requirment is coming from my boss, and the simplification is intended to reduce both the hardware requirements of this cluster and reduce the risk from running technologies which we have less than suitable knowledge in. An absolute must in this requirement I have been given is to remove the FDDI, since the hardware is old, out of support and no one in- house has knowledge of anymore. The reason to remove FDDI is not ignorance but cautious planning, we no longer wish to maintain a cross site configuration and cannot risk running with something no one understands. The HSZ40 is not a single point of failure in my understanding, since every component has redundancy? We are a UK based company, as you guessed. ------------------------------ Date: Tue, 10 Jul 2007 13:55:08 +0100 From: "R.A.Omond" Subject: Re: VMS Cluster Questions Message-ID: GenericSYS wrote: > Thanks for the reply. At the moment the requirment is coming from my > boss, and the simplification is intended to reduce both the hardware > requirements of this cluster and reduce the risk from running > technologies which we have less than suitable knowledge in. > > An absolute must in this requirement I have been given is to remove > the FDDI, since the hardware is old, out of support and no one in- > house has knowledge of anymore. The reason to remove FDDI is not > ignorance but cautious planning, we no longer wish to maintain a cross > site configuration and cannot risk running with something no one > understands. From your original post, you intend to house both of the Alpha nodes in the same machine room. Please do NOT remove FDDI; you gain precisely nothing from this, and you gain an extra path for cluster traffic. I suspect you're not understanding what I'm getting at - you *can* eliminate your cross-site FDDI ring. What you'd do is then plug in the FDDI cables back-to-back in the two Alpha nodes. There's no penalty for this at all (well, I suppose a few milliWatts of power). You don't need to change anything in the existing configuration. Leave it in place for VMS cluster traffic to take advantage of. You don't need any FDDI-specific "understanding" - just view it as another possible path for cluster traffic. > The HSZ40 is not a single point of failure in my > understanding, since every component has redundancy? We are a UK > based company, as you guessed. Again, you don't really gain anything from killing one of the HSZ40 pairs. It really depends on how your disk storage is setup (perhaps you'd like to explain whether, for example, you've got host-based volume shadowing in place across the two existing sites). Keeping both pairs of controllers in the equation gains you a potential improvement in I/O performance (but this really depends, so you'll need to describe your current setup before one can say definitively). Since you're based in the UK, may I ask if you know me from the past? My name is clear from the posting ;-) I don't seem to recall your name (Genericsys) from my contacts ! And just to repeat once more: your current setup is very simple. ------------------------------ Date: 10 Jul 2007 08:08:07 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: VMS Cluster Questions Message-ID: <+jTYrK5GDZX3@eisner.encompasserve.org> In article <1184064127.278542.21440@d55g2000hsg.googlegroups.com>, GenericSYS writes: > > We have a three-node cluster, two alphas running OpenVMS V6.2-1H3 and > a VAX running OpenVMS V6.2. The VAX is only present to provide a > quorum vote. Both alphas are connected to their own HSZ40 storage > solutions (dual controller), and we also have FDDI as a cluster > connection. We also have TCPware, DECnet and LAT protocols in use on > our site. > > I have a requirement to simplify this configuration with minimal > cost. The approach I was hoping to use would be remove the VAX from > the cluster, bring both systems into one of our server rooms (removing > the disaster tolerance but maintaining fault tolerance), utilise only > one of the HSZ40's for some variety of shared storage, and most > importantly removing the FDDI from the configuration, since knowledge > of this component at hardware and software level is non-existent. I would not remove the VAX unless you can install some kind of dual-ported disk as a quorum disk. You will greatly increase your downtime. If the VAX hardware is to expensive to maintain, try switching to Charon-VAX or SIMH. The FDDI can be removed in favor of ethernet if you can deal with the slower speed (I'm assuming the Alphas are to old to support 100BT). You can reduce the protocols to TCP/IP (TCPware) and SCS (VMScluster) if you don't have specific requirements for DECnet and/or LAT. Generally people don't get a lot out of "simplifying" such configurations, espcially if they don't have a lot of knowledge about them. If you leave them alone they just keep running. If you mess with them you start breaking things you didn't know you needed. You can probably take on a VMS-savvy consultant for low cost to provide what little baby-sitting these systems will need. Unlike other OS, these will not need constant attention. ------------------------------ Date: 10 Jul 2007 08:11:45 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: VMS Cluster Questions Message-ID: In article <1184069137.442187.129540@n2g2000hse.googlegroups.com>, GenericSYS writes: > > Thanks for the reply. At the moment the requirment is coming from my > boss, and the simplification is intended to reduce both the hardware > requirements of this cluster and reduce the risk from running > technologies which we have less than suitable knowledge in. Your boss is probably thinking all computers are similar. Get a consultant in to enlighten him. Like I said earlier, these systems do not need lots of attention. > An absolute must in this requirement I have been given is to remove > the FDDI, since the hardware is old, out of support and no one in- > house has knowledge of anymore. The reason to remove FDDI is not > ignorance but cautious planning, we no longer wish to maintain a cross > site configuration and cannot risk running with something no one > understands. The HSZ40 is not a single point of failure in my > understanding, since every component has redundancy? We are a UK > based company, as you guessed. If you don't need FDDI speed, then get a VMS savvy consultant in to replace it with ethernet. I've never heard of HSZ40 being internally redundant, but I'm not so familiar with that product line. Most likely VMS is providing redundancy by shadowing across the two HSZ40 you have. ------------------------------ Date: Tue, 10 Jul 2007 06:26:24 -0700 From: AEF Subject: Re: VMS Cluster Questions Message-ID: <1184073984.413874.315910@w3g2000hsg.googlegroups.com> On Jul 10, 8:05 am, GenericSYS wrote: > On Jul 10, 12:28 pm, "R.A.Omond" wrote: > > > Oh dear, oh dear ... before I (or any other volunteer) get "into" > > this, your existing setup sounds pretty simple already. > > > Can you perhaps expand a bit on what this "requirement to simplify" > > is, and pertinently where the "requirement" is coming from ? > > > What are you really hoping to achieve ? A reduction in power costs ? > > > The suggestion to remove FDDI from the configuration is based on > > ignorance; there's no need whatsoever to eliminate it. And the > > notion of utilising only one of the HSZ40s is bringing in an > > unnecessary single-point-of-failure which, you can bet your > > bottom Euro, is going to bite you sooner rather than later, > > and for what ? > > > I get the impression from your name that you're probably based > > somewhere in Europe; the company I work for (UK-based) would > > be perfectly happy to provide you with assistance, as, I'm sure, > > many others would be. Of course for a "small" remuneration ;-) > > Hi Roy, > > Thanks for the reply. At the moment the requirment is coming from my > boss, and the simplification is intended to reduce both the hardware > requirements of this cluster and reduce the risk from running > technologies which we have less than suitable knowledge in. > > An absolute must in this requirement I have been given is to remove > the FDDI, since the hardware is old, out of support and no one in- > house has knowledge of anymore. The reason to remove FDDI is not > ignorance but cautious planning, we no longer wish to maintain a cross > site configuration and cannot risk running with something no one > understands. Hmmmm. But it's okay to "simplify" something you don't understand? Isn't that even worse? > The HSZ40 is not a single point of failure in my > understanding, since every component has redundancy? We are a UK > based company, as you guessed. Then why do you have two of them? AEF ------------------------------ Date: Tue, 10 Jul 2007 14:39:09 +0100 From: "R.A.Omond" Subject: Re: VMS Cluster Questions Message-ID: GenericSYS wrote: > [...snip...] > We are a UK based company, as you guessed. Ah, so I see! Are you in Sawston ? That's 3 miles north of where I live. Would you like me to pay you a brief visit ? ;-) ------------------------------ Date: Tue, 10 Jul 2007 06:48:02 -0700 From: GenericSYS Subject: Re: VMS Cluster Questions Message-ID: <1184075282.870503.318870@g4g2000hsf.googlegroups.com> Thanks for all the replies chaps, I'll try to answer everything in order. On Jul 10, 1:55 pm, "R.A.Omond" wrote: > > From your original post, you intend to house both of the Alpha > nodes in the same machine room. Please do NOT remove FDDI; you > gain precisely nothing from this, and you gain an extra path for > cluster traffic. I suspect you're not understanding what I'm > getting at - you *can* eliminate your cross-site FDDI ring. > What you'd do is then plug in the FDDI cables back-to-back in > the two Alpha nodes. There's no penalty for this at all (well, > I suppose a few milliWatts of power). You don't need to change > anything in the existing configuration. Leave it in place for > VMS cluster traffic to take advantage of. You don't need any > FDDI-specific "understanding" - just view it as another possible > path for cluster traffic. > > > Again, you don't really gain anything from killing one of the > HSZ40 pairs. It really depends on how your disk storage is setup > (perhaps you'd like to explain whether, for example, you've got > host-based volume shadowing in place across the two existing sites). > Keeping both pairs of controllers in the equation gains you a > potential improvement in I/O performance (but this really depends, > so you'll need to describe your current setup before one can say > definitively). > > Since you're based in the UK, may I ask if you know me from the past? > My name is clear from the posting ;-) I don't seem to recall your > name (Genericsys) from my contacts ! > > And just to repeat once more: your current setup is very simple. Roy, that is good news re the FDDI link, it ticks all the boxes I have been given. We do use host based volume shadowing (as far as my understanding goes anyway) across the cluster. All three nodes have seperate system disks, internal drives are used for these. I don't recognise your name, but then we have historically used in- house expertise for VMS work, which has significantly dwindled in the last few years. On Jul 10, 2:08 pm, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article <1184064127.278542.21...@d55g2000hsg.googlegroups.com>, GenericSYS writes: > > > I would not remove the VAX unless you can install some kind of > dual-ported disk as a quorum disk. You will greatly increase your > downtime. If the VAX hardware is to expensive to maintain, try > switching to Charon-VAX or SIMH. > > The FDDI can be removed in favor of ethernet if you can deal with > the slower speed (I'm assuming the Alphas are to old to support > 100BT). > > You can reduce the protocols to TCP/IP (TCPware) and SCS (VMScluster) > if you don't have specific requirements for DECnet and/or LAT. > > Generally people don't get a lot out of "simplifying" such > configurations, espcially if they don't have a lot of knowledge about > them. If you leave them alone they just keep running. If you mess > with them you start breaking things you didn't know you needed. > > You can probably take on a VMS-savvy consultant for low cost to > provide what little baby-sitting these systems will need. Unlike > other OS, these will not need constant attention. Bob, Thanks for the input, we are looking to remove our VAX node and replace with a quorum disk (I understand this to be achivable anyway), hence wanting to share the single HSZ40 storage system so it is available to both nodes locally. With the information provided by Roy I will most likely argue for keeping the FDDI and just doing it back to back, rather than via the current FDDI infrastructure we have in place. Unfortunatly we do need all of the current protocols we have running on these systems. On Jul 10, 2:11 pm, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article <1184069137.442187.129...@n2g2000hse.googlegroups.com>, GenericSYS writes: > > Your boss is probably thinking all computers are similar. Get > a consultant in to enlighten him. Like I said earlier, these > systems do not need lots of attention. > > If you don't need FDDI speed, then get a VMS savvy consultant in to > replace it with ethernet. > > I've never heard of HSZ40 being internally redundant, but I'm not > so familiar with that product line. Most likely VMS is providing > redundancy by shadowing across the two HSZ40 you have. My boss has his roots in VMS operations, but mostly focused on networking. Our system has not needed alot of attention, which we are very thankful for at the moment, but we have been given the requirement to ensure its operation for another two years at least - in a more managable form. Regarding the HSZ40, there is fault tolerance redundancy at every level, from raid groups upto the controllers themselves. On Jul 10, 2:26 pm, AEF wrote: > On Jul 10, 8:05 am, GenericSYS wrote: > > Hmmmm. But it's okay to "simplify" something you don't understand? > Isn't that even worse? > > > Then why do you have two of them? > Hi AEF, We need to simplify to ensure we have some measure of control and understanding, as it has been explained to me, and we have two HSZ40's for cross site redundancy, which is no longer a requirement. ------------------------------ Date: Tue, 10 Jul 2007 07:01:51 -0700 From: GenericSYS Subject: Re: VMS Cluster Questions Message-ID: <1184076111.163344.31890@q75g2000hsh.googlegroups.com> On Jul 10, 2:39 pm, "R.A.Omond" wrote: > GenericSYS wrote: > > [...snip...] > > > We are a UK based company, as you guessed. > > Ah, so I see! Are you in Sawston ? That's 3 miles > north of where I live. Would you like me to pay you > a brief visit ? ;-) Ah, I'm going to take a wild swing here and say you know one of the Dev chaps who works here, since your spot on with your guess! ------------------------------ Date: Tue, 10 Jul 2007 10:02:38 -0400 From: Stephen Hoffman Subject: Re: VMS Cluster Questions Message-ID: GenericSYS wrote: > Hi, I was hoping some kind folks could have a look at a problem/ > situation for me and suggest a method to implement the requirements. > I'll just add that VMS knowledge in our team and knowledge of our > environment is limited. Most of this configuration was put in place > by people who have left long ago, and we do struggle to fill the gaps > in knowledge at times. Get some training, then. HoffmanLabs and other various entities offer customized training, and documentation for OpenVMS is readily available. > We have a three-node cluster, two alphas running OpenVMS V6.2-1H3 and > a VAX running OpenVMS V6.2. The VAX is only present to provide a > quorum vote. Both alphas are connected to their own HSZ40 storage > solutions (dual controller), and we also have FDDI as a cluster > connection. We also have TCPware, DECnet and LAT protocols in use on > our site. That's a standard low-end cluster configuration, set up for up-time. Probably the most immediate question would be the hardware involved. It's probably older given that OpenVMS Alpha release, there may be ways to scale into newer hardware at relatively low costs. This hardware upgrade can potentially produce savings from the move to newer Alpha gear -- sales of new Alpha ended earlier this year, so you're moving to New Old Stock or to Used Gear, or to the Integrity platform and to OpenVMS I64 -- by reducing the support contract costs. > I have a requirement to simplify this configuration with minimal > cost. The approach I was hoping to use would be remove the VAX from > the cluster, bring both systems into one of our server rooms (removing > the disaster tolerance but maintaining fault tolerance), utilise only > one of the HSZ40's for some variety of shared storage, and most > importantly removing the FDDI from the configuration, since knowledge > of this component at hardware and software level is non-existent. As others have mentioned, that VAX is here for a reason. You can get rid of it and move to a quorum disk, but that slows the cluster transitions, and you have to run the quorum disk either as an isolated disk, or with controller-based RAID. http://64.223.189.234/node/153 and http://64.223.189.234/node/105 have details on quorum and the quorum disk, and on basic cluster communcations. Again, you were left with a pretty good configuration. And one set to maintain uptime -- the "quorum VAX" makes for a faster transition, as it's an active participant. The quorum disk can serve the same purpose, but the hosts must poll it -- which makes for slower transitions. > Could anyone comment on if this is a possibility or suggest an > alterative, and suggest a general method to achieve this? If any more > information is required please let me know and I'll try to provide. Get some training or read some of the available material, as this will help you make informed choices, and provide your boss with a better answer. This looks to be a pretty solid configuration, and presents a minimal configuration for high uptime. This configuration can be reduced, but you will loose redundancy. Here are some related discussions around migration: http://64.223.189.234/node/62 : what a boss thinks about http://64.223.189.234/node/98 : stay with OpenVMS, or port? http://64.223.189.234/node/225 : migration off of OpenVMS http://64.223.189.234/node/226 : migration over to OpenVMS I64 Depending on what you want to optimize and how much you want to spend to get to that end-state -- and make no mistake, saving some money can and will cost some money. Options here include leaving it all alone -- far and away the cheapest -- to minimal changes to reduce the footprint or to up-rate the storage or to move to a quorum disk -- to migrating interconnections or such -- and here's where we start to get more expensive -- to migrating over to OpenVMS I64 -- to the really expensive solution of migrating off of OpenVMS. This in rough order of increasing costs. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: Tue, 10 Jul 2007 07:09:50 -0700 From: GenericSYS Subject: Re: VMS Cluster Questions Message-ID: <1184076590.348405.227470@p39g2000hse.googlegroups.com> On Jul 10, 3:02 pm, Stephen Hoffman wrote: > GenericSYS wrote: > > Hi, I was hoping some kind folks could have a look at a problem/ > > situation for me and suggest a method to implement the requirements. > > I'll just add that VMS knowledge in our team and knowledge of our > > environment is limited. Most of this configuration was put in place > > by people who have left long ago, and we do struggle to fill the gaps > > in knowledge at times. > > Get some training, then. HoffmanLabs and other various entities offer > customized training, and documentation for OpenVMS is readily available. > > > We have a three-node cluster, two alphas running OpenVMS V6.2-1H3 and > > a VAX running OpenVMS V6.2. The VAX is only present to provide a > > quorum vote. Both alphas are connected to their own HSZ40 storage > > solutions (dual controller), and we also have FDDI as a cluster > > connection. We also have TCPware, DECnet and LAT protocols in use on > > our site. > > That's a standard low-end cluster configuration, set up for up-time. > Probably the most immediate question would be the hardware involved. > It's probably older given that OpenVMS Alpha release, there may be ways > to scale into newer hardware at relatively low costs. This hardware > upgrade can potentially produce savings from the move to newer Alpha > gear -- sales of new Alpha ended earlier this year, so you're moving to > New Old Stock or to Used Gear, or to the Integrity platform and to > OpenVMS I64 -- by reducing the support contract costs. > > > I have a requirement to simplify this configuration with minimal > > cost. The approach I was hoping to use would be remove the VAX from > > the cluster, bring both systems into one of our server rooms (removing > > the disaster tolerance but maintaining fault tolerance), utilise only > > one of the HSZ40's for some variety of shared storage, and most > > importantly removing the FDDI from the configuration, since knowledge > > of this component at hardware and software level is non-existent. > > As others have mentioned, that VAX is here for a reason. You can get > rid of it and move to a quorum disk, but that slows the cluster > transitions, and you have to run the quorum disk either as an isolated > disk, or with controller-based RAID. http://64.223.189.234/node/153andhttp://64.223.189.234/node/105have details on quorum and the quorum > disk, and on basic cluster communcations. > > Again, you were left with a pretty good configuration. And one set to > maintain uptime -- the "quorum VAX" makes for a faster transition, as > it's an active participant. The quorum disk can serve the same purpose, > but the hosts must poll it -- which makes for slower transitions. > > > Could anyone comment on if this is a possibility or suggest an > > alterative, and suggest a general method to achieve this? If any more > > information is required please let me know and I'll try to provide. > > Get some training or read some of the available material, as this will > help you make informed choices, and provide your boss with a better answer. > > This looks to be a pretty solid configuration, and presents a minimal > configuration for high uptime. This configuration can be reduced, but > you will loose redundancy. > > Here are some related discussions around migration: > > http://64.223.189.234/node/62 : what a boss thinks abouthttp://64.223.189.234/node/98 : stay with OpenVMS, or port?http://64.223.189.234/node/225: migration off of OpenVMShttp://64.223.189.234/node/226: migration over to OpenVMS I64 > > Depending on what you want to optimize and how much you want to spend to > get to that end-state -- and make no mistake, saving some money can and > will cost some money. Options here include leaving it all alone -- far > and away the cheapest -- to minimal changes to reduce the footprint or > to up-rate the storage or to move to a quorum disk -- to migrating > interconnections or such -- and here's where we start to get more > expensive -- to migrating over to OpenVMS I64 -- to the really expensive > solution of migrating off of OpenVMS. This in rough order of increasing > costs. > > --www.HoffmanLabs.com > Services for OpenVMS Thanks for the information Stephen, I shall have a look through everything you have linked. The replacement of the hardware is another path we are considering, to the extent we have already aquired a loan machine (Integrity running OpenVMS IA64 8.3) and ported most of our applications to it, but we will need to present a number of options for consideration. Training and/or consultants are being considered for the appriopriate options, but before we even begin to look at costs and availability we need to get an idea of whats feasible and whats fantasy. ------------------------------ Date: 10 Jul 2007 14:16:43 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: VMS Cluster Questions Message-ID: <5fhimaF3clhqmU5@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <1184069137.442187.129540@n2g2000hse.googlegroups.com>, GenericSYS writes: >> >> Thanks for the reply. At the moment the requirment is coming from my >> boss, and the simplification is intended to reduce both the hardware >> requirements of this cluster and reduce the risk from running >> technologies which we have less than suitable knowledge in. > > Your boss is probably thinking all computers are similar. Get > a consultant in to enlighten him. That has got to be the quickest way I know to become a Windows shop!!! :-) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 10 Jul 2007 15:19:28 +0100 From: "R.A.Omond" Subject: Re: VMS Cluster Questions Message-ID: GenericSYS wrote: > >> > We are a UK based company, as you guessed. >> >>Ah, so I see! Are you in Sawston ? That's 3 miles >>north of where I live. Would you like me to pay you >>a brief visit ? ;-) > > Ah, I'm going to take a wild swing here and say you know one of the > Dev chaps who works here, since your spot on with your guess! I know Chris T. (if that's who you mean) - is he still there ? As it happens, I also know some of your "shop-floor" non-IT people from my footballing days :-) If I may be so bold to ask, rather than attempting to acquire the knowledge via the arduous route that is Usenet, would you be interested in a half-day consultancy (no, it's not that expensive) ? ------------------------------ Date: Tue, 10 Jul 2007 07:33:43 -0700 From: GenericSYS Subject: Re: VMS Cluster Questions Message-ID: <1184078023.335699.104860@q75g2000hsh.googlegroups.com> On Jul 10, 3:19 pm, "R.A.Omond" wrote: > GenericSYS wrote: > > >> > We are a UK based company, as you guessed. > > >>Ah, so I see! Are you in Sawston ? That's 3 miles > >>north of where I live. Would you like me to pay you > >>a brief visit ? ;-) > > > Ah, I'm going to take a wild swing here and say you know one of the > > Dev chaps who works here, since your spot on with your guess! > > I know Chris T. (if that's who you mean) - is he still there ? > > As it happens, I also know some of your "shop-floor" non-IT > people from my footballing days :-) > > If I may be so bold to ask, rather than attempting to acquire > the knowledge via the arduous route that is Usenet, would you > be interested in a half-day consultancy (no, it's not that > expensive) ? Yes, Chris was the person I had in mind. As to the consultancy option, it is a posibility at some point. Would it be best to contact you off your posting email address for some further information re costs etc.? ------------------------------ Date: Tue, 10 Jul 2007 13:46:05 -0400 From: JF Mezei Subject: Re: VMS Cluster Questions Message-ID: GenericSYS wrote: > one of the HSZ40's for some variety of shared storage, and most > importantly removing the FDDI from the configuration, since knowledge > of this component at hardware and software level is non-existent. If this is a production system, then you will have to learn about FDDI and the rest in order to *safely* change that cluster's configuration without too much disruption in service. If you can afford to brin them down often to test/play with it, then it is another story, but you will still end up learning it. ------------------------------ Date: Tue, 10 Jul 2007 01:59:02 -0400 From: Bill Todd Subject: Re: [OT] July the 4th Message-ID: Malcolm Dunnett wrote: > Bill Todd wrote: > >> Of course, our unnecessary, unwarranted, and out-right illegal >> invasion/occupation of Iraq and consequent responsibility for >> something now approaching one million Iraqi deaths wasn't even that >> indirect - and in fact that's my primary reason for my present belief >> that *any and every* action taken in an attempt to discourage our >> excesses can be justified. >> > > By that argument one could say that Dubya is simply taking "any and > every action possible" to discourage Al-Quaeda's excesses such as 9/11. Not if one were competent: there's not only a radical difference between the many and varied options open to the strong vs. the very limited options open to the weak, there's also a rather major onus on legitimate authorities to exercise that authority *responsibly* rather than willy-nilly (*regardless* of the behavior of their opponents: that's the entire reasoning behind the explicit legal curbs placed on the varied instruments of such authority: otherwise, those instruments rapidly start becoming indistinguishable from those miscreants whom they are charged with policing). > > I don't accept your "might makes wrong" argument. Perhaps because you understand it as poorly as you understand the definition of the word 'coward': I certainly made no suggestion that 'might makes wrong' - my thesis is that with increased power comes increased responsibility for making appropriate choices in the use of that power (whereas when you have almost no power and almost no choices you just have to make do, and there are often *no* good choices, only necessary ones). If a tactic is > immoral for the strong it's also immoral for the weak. See above: you're simply wrong about that (attractive and self-serving as such a simplistic position may be to the 'haves' of the world). The understanding that circumstances alter cases is not only extremely common-sense in nature but is well established in major religions and even in law. Why would > you believe that a group that came to power using terrorist tactics > wouldn't happily continue to use them once they became powerful. Why would *you* believe that I believed anything like that? Terrorism frequently has little to do with 'coming to power', it's more often about changing the behavior of the target by what are often the only means available. Of course, when terrorism succeeds in its goals some of its practitioners may come to power due to the gratitude of those whom they have helped free from oppression. But that gratitude tends to be fairly short-lived if the former terrorists don't then settle down to the business of legitimate government (unless they can create the illusion of continuing external threat - sort of like Dubya did). > I suppose one could argue the US is a perfect example of that - it > came into being using terrorist tactics against the British and > has been using bully tactics to get its way ever since ;-) You appear a bit confused about the difference between terrorism and revolution: some of the symptoms (e.g., ad hoc attacks with at least initially little in the way of an organized military) may be similar, but the origins (resisting external incursions vs. dissatisfaction with the *existing* establishment) and goals (causing the external interference to cease vs. throwing out the existing establishment) are not. But indeed my somewhat limited knowledge of U.S. history suggests that we've been bullies at least off and on since that time - first to the native population, and then increasingly (though thankfully still only sporadically, starting a bit before 1900) to other parts of the world. I had rather hoped that we had matured a bit more by now than we seem to have (thus suffering the eternal curse of the optimist). > Hopefully you haven't missed the irony that it was 9/11 that > gave Dubya the excuse he needed to invade Afghanistan and then > Iraq. When a nation is willing to accept such blatantly inadequate excuses, just about anything will do. It has been well established that Dubya was hell-bent on invading Iraq from the get-go (some of his closest advisors had been working on the idea since the early '90s), and there's little reason to believe (given our nation's manifest incompetence in responding appropriately to that inconceivably lame excuse) that he wouldn't have managed in some other way had 9/11 not occurred. > > This leads to a couple of possible conclusions: > > 1.) The terrorists are stupid because their act has increased the > level of western meddling in the middle east. Actually, I think you would have had some difficulty finding all that many people prior to 9/11 who would have predicted just how insanely we would react to it - so calling the terrorists 'stupid' for failing to anticipate this may be as ridiculous as trying to characterize them as 'cowards'. But then again I may be giving our pre-9/11 reputation in the world at large too much credit: perhaps many knew us better than we knew ourselves. > > OR > > 2.) The terrorists are very clever because their real objective was > to prompt the US to invade Iraq, thus eliminating Saddam's regime and > giving the terrorists the opportunity to bring in an Islamic theocracy > to fill in the vacuum that is sure to exist when the US finally decides > to pull out. > > If (1) is true then their actions were a counterproductive > destruction of human life which actually moved them further from > their goals, and so should not be applauded. > > If (2) is true then Al-Quaeda has to accept a large portion of > the blame for the death and destruction in Iraq because they took > their actions knowing what the reaction would be. Ah - in both cases the "He *made* me do it!" defense: brings back such vivid memories of childhood. Either Al Qaeda is to blame for what *we* did because they were *not* able to predict it, or they're to blame for what *we* did because they *were* able to predict it - how convenient. > If you disagree with both my hypotheses perhaps you could let > us know what you think 9/11 accomplished. Well, if you subscribe (as you apparently do) to the thesis that everything was pre-ordained from that, it certainly exposed us for what we are to the eyes of the world - that in itself must be counted a major (if also a very sad) accomplishment. But I don't agree that the perpetrators of 9/11 were responsible for everything that followed: they were only responsible for what *they* did, and *that* is what their motivations should be measured against. What they accomplished was to highlight the fact that even as powerful and arrogant country as ours is not immune to the consequences of its actions (unfortunately that message has been diluted by the fact that so far we seem to have escaped most of the appropriate consequences for our illegal and immoral actions *since* 9/11, but that's hardly the fault of the 9/11 perpetrators). They certainly opened the eyes of many who had previously been blissfully (or perhaps just lazily) ignorant of the existence of their very real grievances, and in that garnered support that they would not otherwise have had (I suppose you could also observe that they garnered additional opposition as well, but I'm not sure that mattered as much to them). But most of all they gained major credibility as a force to be reckoned with, thus attracting *active* adherents who otherwise would either have gravitated elsewhere or just fumed in isolation. And Iraq has provided the perfect focus for gathering them together (as happened earlier during the Soviet occupation of Afghanistan, where Osama cut his teeth in preparation for greater things). All in all, a very successful endeavor from their viewpoint, and made even more so by the deep and extensive antipathy toward the U.S. that our own excessive responses have generated (in large part *new* antipathy, not just deeper antipathy in those who *already* disliked us). - bill ------------------------------ Date: Tue, 10 Jul 2007 02:16:27 -0400 From: Bill Todd Subject: Re: [OT] July the 4th Message-ID: Ron Johnson wrote: > On 07/09/07 19:05, Bill Todd wrote: >> Malcolm Dunnett wrote: > [snip] >>> >>> Pretending to be someone's friend and then stabbing them in the >>> back is cowardly in my books. >> >> Once again, you would benefit from closer acquaintance with a good >> dictionary, but since you don't appear able (or inclined) to access >> one I'll help you out: >> >> In the first that comes to hand, 'coward' is defined as >> >> a person who lacks courage, esp. one who is shamefully unable to >> control fear and so shrinks from danger or trouble >> >> In case your problem is reading comprehension, I'll point out that a >> coward is someone who does *not* act when perhaps he *should*, rather >> than someone who *does* act, and act definitively (though in a manner >> of which some might disapprove). > > Dastard and poltroon would be better words, even though they are > synonyms of "coward". Ah - another confused non-linguist heard from. You really can't have it both ways, you know: either they are *exact* synonyms, in which case they can be neither 'better' nor 'worse' in this respect, or they mean something somewhat different, in which case attempting to use *their* definitions to support the use of 'coward' is rather incompetent. > > dastard > adj 1: despicably cowardly; "the unprovoked and dastardly attack > by Japan on...December 7th"- F.D. Roosevelt [syn: > {dastard(a)}, {dastardly}] > n 1: a despicable coward Yup - in inexact synonym indeed. Just checked Webster on line and their definition of 'coward' is pretty much the one I previously quoted from elsewhere: "one who shows disgraceful fear or timidity". Now, choosing to start a war with a country many times one's size may be a lot of things, but the list really doesn't include 'fearful' or 'timid'. Of course, the first casualty of conflict is objectivity, so Roosevelt's choice of words should be considered more as propaganda than as strictly proper usage. Webster (just to pick a source that all here can access) offers *two* definitions of 'dastard': the first is 'coward' and the second is 'a person who acts treacherously or underhandedly'. You do understand that this indicates that the word has two somewhat *different* meanings, don't you? So please don't try to use its use in the *second* sense to extend the definition of a synonym it would have if used in the *first* sense. > > > Poltroon \Pol*troon"\, a. > Base; vile; contemptible; cowardly. > [1913 Webster] Again, a word with several somewhat different meanings, all but one somewhat unlike 'coward'. Same problem. ... > It disturbs me *deeply* that this has to be explained to an educated adult. Me too, but *someone* should set you guys straight, and since I'm involved already... However, that's enough for me in this specific vein: continue to babble on incompetently if you like. - bill ------------------------------ Date: Tue, 10 Jul 2007 02:28:22 -0400 From: Bill Todd Subject: Re: [OT] July the 4th Message-ID: <-KydnSuqQPjWug7bnZ2dnUVZ_tmknZ2d@metrocastcablevision.com> Ron Johnson wrote: > On 07/09/07 19:16, Bill Todd wrote: >> Paul Raulerson wrote: >>> What brand of KoolAid are you drinking? Or are you buying the lies in >>> the propaganda the real bad guys are putting out? >> >> Your mis-reading of Malcolm's post further betrays your own bias, Paul. >> >>> >>> Let me be very clear: No branch of the U.S. Military engages in >>> "indiscriminately killing civilians." >>> If you think otherwise, then you are quite simply wrong. >> >> Ah, Vietnam - how quickly some forget. > > "Engages" (current tense) != "engaged" (past tense). My comment which immediately followed made my meaning clear: given that such behavior was very well documented not all that long ago, it's more than reasonable ask for real evidence that some sufficiently drastic change has occurred that would make it unthinkable now. > >> Or perhaps you think that such behavior was eliminated more recently >> by a wave of some magic wand? >> >> Think Abu Ghraib. Think 'rendition'. Think Fallujah. > > Maybe I don't know what *indiscriminate* means, but all those examples > seem pretty discriminate to me. The failure was in not properly discriminating between civilians and active combatants. The fact that *sometimes* this may be difficult does not change the fact that it *often* occurred. > > Now, what the British night bombings of Germany and the US bombings of > Japan, *that* was indiscriminately killing civilians. > >> Now, had you stated that no branch of the U.S. military *publicly >> espouses* (even to its own troops) the indiscriminate killing of >> civilians (as distinguished from regrettable 'collateral damage' that >> often should just be accepted rather than letting it get in the way of >> 'the job'), that would have been more credible. > > I disagree. No *branch* engages in the indiscriminate killing of > civilians. Otherwise, most Iraqi cities would be charred bits of glass > and there would be *lots* of video of soldiers lining up civilians and > mowing them down. You seem confused between such behavior as one's *main* policy (which would result in the situation you describe above) and its use as just one ('collateral', if you will) aspect of policy (which resulted in the atrocities that have been more than adequately documented). But then you seem confused about a lot of things. - bill ------------------------------ Date: 10 Jul 2007 07:29:16 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: [OT] July the 4th Message-ID: In article , Bill Todd writes: > > Of course, our unnecessary, unwarranted, and out-right illegal > invasion/occupation of Iraq and consequent responsibility for something > now approaching one million Iraqi deaths wasn't even that indirect - and > in fact that's my primary reason for my present belief that *any and > every* action taken in an attempt to discourage our excesses can be > justified. On what basis do you claim "illegal"? In the US there is no higher law than the Constitution and it as well as applicable federal laws were obeyed when the Congress gave authorization to the President. We were all mislead by the administration and most now seem to agree it never should have been done, but that doesn't make the action illegal. International "law" has no legal authority in most countries. Treaties to international agreements ratified by the Senate have the authority of law (by Constitutional provision), but can be overcome by federal law. The approval of the invasion by the Congress has the authority of federal law. Later laws overcome earlier laws. So any treaty by which the US should not have invaded Iraq has no legal standing in the face of Congress' action. ------------------------------ Date: 10 Jul 2007 07:31:45 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: [OT] July the 4th Message-ID: In article , Bill Todd writes: > > As for 'the innocent', no member of a democracy that indulges in such > actions can be considered wholly innocent unless they have devoted every > fibre of their being to trying to stop them. What, I'm supposed to go down town and take pot shots at the White House to prevent the invasion? I voted against King George and his cronies at every turn. I will not take responsibillity for their incompetence or the results of thier incompetence and you can't change that. ------------------------------ Date: 10 Jul 2007 07:37:30 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: [OT] July the 4th Message-ID: In article <9L6dnfhB_82sTQ_bnZ2dnUVZ_oupnZ2d@metrocastcablevision.com>, Bill Todd writes: > Paul Raulerson wrote: >> What brand of KoolAid are you drinking? Or are you buying the lies in >> the propaganda the real bad guys are putting out? > > Your mis-reading of Malcolm's post further betrays your own bias, Paul. > >> >> Let me be very clear: No branch of the U.S. Military engages in >> "indiscriminately killing civilians." >> If you think otherwise, then you are quite simply wrong. > > Ah, Vietnam - how quickly some forget. Not only is there historical evidence, but the US Military is a large organisation and the idea that no one in it is capable of misbehaviour is absurd. Like done for Vietnam the military has had to lower its standards in order to persue recruitment goals. Amoungst other changes convicted felons can now enlist (after they get out of jail). So take a fellow who can't behave, give him a gun, and put him in a dangerous place, what kind of behaviour do you expect of him? ------------------------------ Date: Tue, 10 Jul 2007 07:52:45 -0700 From: Malcolm Dunnett Subject: Re: [OT] July the 4th Message-ID: <46939d3d$1@flight> Bill Todd wrote: > > Actually, I think you would have had some difficulty finding all that > many people prior to 9/11 who would have predicted just how insanely we > would react to it - so calling the terrorists 'stupid' for failing to > anticipate this may be as ridiculous as trying to characterize them as > 'cowards'. > Do the words "Pearl Harbor" mean anything to you? Obviously we travel in different circles - I don't recall anyone being very surprised that 9/11 triggered an invasion of Afghanistan - in fact most people I know would have been surprised if it hadn't. I am disappointed the US bought into the "we must invade Iraq" (where - in contrast to Afghanistan - most of the westernworld didn't ), but as you say Dubya had that on his personal agenda for some time (had to finish what daddy started?) - however even there I doubt he would have been able to pull it off if not for the pretense of "continuing to rout the perpetrators of 9/11". ------------------------------ Date: Tue, 10 Jul 2007 16:01:13 +0000 From: "Paul Raulerson" Subject: Re: [OT] July the 4th Message-ID: ----=_vm_0011_W8312417266_23727_1184083273 Content-Type: multipart/alternative; boundary="--=_vm_0016_W8312417266_23727_1184083273" ----=_vm_0016_W8312417266_23727_1184083273 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit > CLC 12(10,R5),SPACES YES, IS SECOND FIELD BLANKS? Hey Terry, that should be 13(10,R5), and it is the third field now. The record format changed when Mark had to add a new field for client class. -Paul ----=_vm_0016_W8312417266_23727_1184083273 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

>        CLC   1= 2(10,R5),SPACES         YES, IS S= ECOND FIELD BLANKS?

Hey Terry, that should be 13(10,R5), and it is= the third field now. The record format changed when Mark had to add= a new field for client class. -Paul

----=_vm_0016_W8312417266_23727_1184083273-- ----=_vm_0011_W8312417266_23727_1184083273 Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Content-Disposition: attachment From: "Malcolm Dunnett" To: Info-VAX@Mvb.Saic.Com Message-ID: <46939d3d$1@flight> Date: Tue, 10 Jul 2007 14:52:00 +0000 Received: (qmail 22327 invoked by uid 78); 10 Jul 2007 15:11:05 -0000 Received: from unknown (HELO ns-mr22.netsolmail.com) (205.178.146.50) by 0 with SMTP; 10 Jul 2007 15:11:05 -0000 Received: from MVB.SAIC.COM (mvb.saic.com [198.151.12.104]) by ns-mr22.netsolmail.com (8.13.6/8.13.6) with SMTP id l6AFB4Gm018632 for ; Tue, 10 Jul 2007 11:11:05 -0400 User-Agent: Thunderbird 2.0.0.4 (Windows/20070604) X-Newsgroups: comp.os.vms In-Reply-To: X-Trace: BCGOV 1184079165 142.25.103.66 (10 Jul 2007 07:52:45 -0700) Lines: 22 X-Gateway-Source-Info: USENET Subject: Re: [OT] July the 4th MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Bill Todd wrote: > > Actually, I think you would have had some difficulty finding all that > many people prior to 9/11 who would have predicted just how insanely we > would react to it - so calling the terrorists 'stupid' for failing to > anticipate this may be as ridiculous as trying to characterize them as > 'cowards'. > Do the words "Pearl Harbor" mean anything to you? Obviously we travel in different circles - I don't recall anyone being very surprised that 9/11 triggered an invasion of Afghanistan - in fact most people I know would have been surprised if it hadn't. I am disappointed the US bought into the "we must invade Iraq" (where - in contrast to Afghanistan - most of the westernworld didn't ), but as you say Dubya had that on his personal agenda for some time (had to finish what daddy started?) - however even there I doubt he would have been able to pull it off if not for the pretense of "continuing to rout the perpetrators of 9/11". ----=_vm_0011_W8312417266_23727_1184083273-- ------------------------------ Date: Tue, 10 Jul 2007 12:26:40 -0400 From: JF Mezei Subject: Re: [OT] July the 4th Message-ID: Ron Johnson wrote: > When Al Qaeda bombs a marketplace in Iraq, how is that "just" > resistance by another name? Do you have any proof that it is Al Qaeda doing those deeds ? Or just beleieving the US military propaganda ? Have you seen any evidence that any bombs actually come from the Iranian govermment ? Or just beleive that propaganda from the US military showing some picture of *any* bomb and claiming it is evidence it comes from Iran without any such markings visible and defiitely no proof that it would have come from the Iranian government ? I am very disapointed that americans, who should, by now, realised they really got suckered by the lying criminals at the white house into an illegal war, continue to beleive the current allegations that are not supported by any credible evidence. Fact: Iraq is a country currently occupied and governed by the americans who installed a puppet government. It is perfectly natural for the locals to wish to destabilise the situation because they will do everything to not only kick the americans out, but also force them out with their tail between their legs. There can be no "victory" by the americans, and the quicker they admit defeat, mistake and mea-culpas, the quicker the resistance in Iraq will allow the americans to retreat in an orderly fashion. (aka: gradual widthdrwawal, not the "all or nothing" debates in the USA). ------------------------------ End of INFO-VAX 2007.374 ************************