INFO-VAX Fri, 04 Jul 2008 Volume 2008 : Issue 371 Contents: Happy Independence Day Re: Happy Independence Day Re: Happy Independence Day Re: Happy Independence Day Re: Happy Independence Day Re: LMF and abandonned products NTP on OpenVMS using TCPIP services Re: NTP on OpenVMS using TCPIP services Re: NTP on OpenVMS using TCPIP services Re: OT: ATM PIN code theft Re: OT: ATM PIN code theft Re: Symbol Substitution Mystery Re: Tru64 file system source code now open source VMS SAN Primer Re: VMS SAN Primer Re: VMS SAN Primer Re: VMS SAN Primer Re: VMS SAN Primer ---------------------------------------------------------------------- Date: 04 Jul 2008 11:19:37 GMT From: VAXman- @SendSpamHere.ORG Subject: Happy Independence Day Message-ID: <486e0749$0$11608$607ed4bc@cv.net> This week has seen several personal independence days for me -- the 1st of July and the 3rd of July. Today, it's Independence Day for all Americans. I hope you'll be celebrating Independence Day today with the same vigor as I. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Fri, 4 Jul 2008 13:18:09 +0100 From: "pos" Subject: Re: Happy Independence Day Message-ID: <486e14fc_4@mk-nntp-2.news.uk.tiscali.com> >>Today, it's Independence Day for all Americans. Speaking as a Brit, you all got out when the going was good! ------------------------------ Date: Fri, 4 Jul 2008 10:36:45 -0400 From: "John Smith" Subject: Re: Happy Independence Day Message-ID: "pos" wrote in message news:486e14fc_4@mk-nntp-2.news.uk.tiscali.com... >>>Today, it's Independence Day for all Americans. > > Speaking as a Brit, you all got out when the going was good! You seem to forget that the US now is run by George the Pretender. ------------------------------ Date: Fri, 04 Jul 2008 10:23:58 -0500 From: David J Dachtera Subject: Re: Happy Independence Day Message-ID: <486E408E.19F764A@spam.comcast.net> VAXman-, @SendSpamHere.ORG wrote: > > This week has seen several personal independence days for me -- the 1st of > July and the 3rd of July. Today, it's Independence Day for all Americans. > I hope you'll be celebrating Independence Day today with the same vigor as > I. To quote Kelsey Grammer isa Capt. Tom Dodge in "Down Periscope": "Let's go blow something up!" Happy Birthday, U.S.A.! God bless America ... and deliver us from Dubya! D.J.D. ------------------------------ Date: Fri, 04 Jul 2008 13:40:03 -0400 From: "Richard B. Gilbert" Subject: Re: Happy Independence Day Message-ID: David J Dachtera wrote: > VAXman-, @SendSpamHere.ORG wrote: >> This week has seen several personal independence days for me -- the 1st of >> July and the 3rd of July. Today, it's Independence Day for all Americans. >> I hope you'll be celebrating Independence Day today with the same vigor as >> I. > > To quote Kelsey Grammer isa Capt. Tom Dodge in "Down Periscope": "Let's > go blow something up!" > If the noise last night was any guide, my neighbors have done just that! ------------------------------ Date: Fri, 4 Jul 2008 10:20:02 -0400 From: "John Smith" Subject: Re: LMF and abandonned products Message-ID: <86683$486e2de7$4c0aab67$20226@TEKSAVVY.COM> "Richard Brodie" wrote in message news:g4dbpd$lpr$1@south.jnrs.ja.net... > > Article One, Section 8 where it enumerates the powers of Congress: > > 'To promote the Progress of Science and useful Arts, by securing for > limited > Times to Authors and Inventors the exclusive Right to their respective > Writings > and Discoveries' In the late 1700's when the marketing 'sphere' of an invention or literary work was often geographically limited due to travel constraints (no roads, 30-60 days to cross the Atlantic), smaller population, and also at a time when money was really worth something - the duration of copyrights and patents were much more limited - offering the holder much less time to benefit than today. I guess the same strict Constitutionalists - the 'originalists' - who today seem to inhabit the US Congress and the US Supreme Court - are really just money-grubbing "I'll scratch your back if you line my pocket" Republican blowhards. While the US is now independent and free of Great Britain, it still isn't free of tyranny. Happy 4th. ------------------------------ Date: Fri, 04 Jul 2008 13:22:55 +0100 From: baldrick Subject: NTP on OpenVMS using TCPIP services Message-ID: Spooky! As AEF's query comes in, I seek clarification on what I'm seeing... Versions FWIW VMS 7.3-1, TCPIP 5.3 eco 2, also OpenVMS 8.3 (Alpha) and TCPIP 5.6, time server Windows Server 2003, and Windows XP professional. NTP version on VMS is 4.1 NTP on this Alpha was working quite well with a UNIX NTP server, until it was retired. Scenario is, using the documentation for HP's TCPIP services I set up NTP naming two Windows servers as "peers". Debugging this using TCPIP$NTPQ shows a REJECT status in the "associations" display. Increasing the log level using the logical TCPIP$NTP_LOG_LEVEL (to 3) just seemed to indicate nothing was happening to correct the time. So I replicated the scenario at home, and used my XP Pro system as a server, and set up the same way got exactly the same symptoms. I enabled detailed logging on the Windows side (microsoft technet articles) and saw the requests coming in, and even the correct value / difference in time was reported and the stratum was 0. What I had proved was that it wasn't a firewall or authentication issue. I was now in a position to start looking at the NTP CONF file. When i changed the peer to server and the IP address, all of a sudden NPTQ started looking different and the RUN logs again had more detail about offsets. The line in the TCPIP$NTP.CONF file was: peer 192.168.0.150 changed to server 192.168.0.150 where that address is the IP of the time server of course. It took a while but eventually the Windows time service log showed a stratum of 3 (then later 5) and within 2 hours the time was synchronized. Then I did the same on the systems that I was seeing the original behaviour, and low, behold, its working now. SO the question is, is this an error in the documentation (or not very clear) or something introduced by using Windows that "peer" worked for the UNIX NTP server, but Windows (the replacement NTP server) requires "server" instead? What is the authentication about? I see the program to create the keys but in what circumstances is it used? This was one thought why I was seeing the REJECT message in the debugging. Anything else relevant here? I'll also accept that I may have not fully understood the documentation, or even the NTP process. (Also documented so googlers may seek details) -- nclews at csc dot com aka Mr. CP Charges ------------------------------ Date: Fri, 04 Jul 2008 07:14:23 -0700 From: "Jeffrey H. Coffield" Subject: Re: NTP on OpenVMS using TCPIP services Message-ID: <4fqbk.21282$co7.13009@nlpi066.nbdc.sbc.com> baldrick wrote: > > SO the question is, is this an error in the documentation (or not very > clear) or something introduced by using Windows that "peer" worked for > the UNIX NTP server, but Windows (the replacement NTP server) requires > "server" instead? > In the TCPIP$NTP.CONF file is says using "peer" is Client/Server mode where "the local host wants to obtain time from the remote server and is willing to supply time to the remote server." Using "server" is Client mode is says "the local host wants to obtain time from the remote server but it is not willing to provide time to the remote server." I have always used server as I don't see how my systems could supply a more accurate time to some other server than the time read. I would suspect that using "peer" would require more authentication than "server" to prevent a system trying to bias the time on someone else's server. Jeff Coffield www.digitalsynergyinc.com ------------------------------ Date: Fri, 04 Jul 2008 13:35:13 -0400 From: "Richard B. Gilbert" Subject: Re: NTP on OpenVMS using TCPIP services Message-ID: baldrick wrote: > Spooky! As AEF's query comes in, I seek clarification on what I'm seeing... > > Versions FWIW VMS 7.3-1, TCPIP 5.3 eco 2, also OpenVMS 8.3 (Alpha) and > TCPIP 5.6, time server Windows Server 2003, and Windows XP professional. > NTP version on VMS is 4.1 > > NTP on this Alpha was working quite well with a UNIX NTP server, until > it was retired. > > Scenario is, using the documentation for HP's TCPIP services I set up > NTP naming two Windows servers as "peers". Debugging this using > TCPIP$NTPQ shows a REJECT status in the "associations" display. > Increasing the log level using the logical TCPIP$NTP_LOG_LEVEL (to 3) > just seemed to indicate nothing was happening to correct the time. > > So I replicated the scenario at home, and used my XP Pro system as a > server, and set up the same way got exactly the same symptoms. I enabled > detailed logging on the Windows side (microsoft technet articles) and > saw the requests coming in, and even the correct value / difference in > time was reported and the stratum was 0. What I had proved was that it > wasn't a firewall or authentication issue. I was now in a position to > start looking at the NTP CONF file. > > When i changed the peer to server and the IP address, all of a sudden > NPTQ started looking different and the RUN logs again had more detail > about offsets. > > The line in the TCPIP$NTP.CONF file was: > > peer 192.168.0.150 > > changed to > > server 192.168.0.150 > > where that address is the IP of the time server of course. > > It took a while but eventually the Windows time service log showed a > stratum of 3 (then later 5) and within 2 hours the time was synchronized. > > Then I did the same on the systems that I was seeing the original > behaviour, and low, behold, its working now. > > SO the question is, is this an error in the documentation (or not very > clear) or something introduced by using Windows that "peer" worked for > the UNIX NTP server, but Windows (the replacement NTP server) requires > "server" instead? > > What is the authentication about? I see the program to create the keys > but in what circumstances is it used? This was one thought why I was > seeing the REJECT message in the debugging. > > Anything else relevant here? I'll also accept that I may have not fully > understood the documentation, or even the NTP process. > > (Also documented so googlers may seek details) "peer" in NTP speak refers to systems at the same NTP stratum that can serve time to each other. Ideally the peered systems would each use at least one unique time source. Windows does not offer NTP. It has an SNTP client and should be used only as a leaf node. It WILL serve time and, if you allow it to do so, you deserve whatever happens!! There IS an NTP implementation for Windows. If you need it, go to http://www.ntp.org/ and explore a little. The NTP implementation can be used to serve time if you need to, although I would use Windows as an NTP server only as a last resort. NTP authentication is used to verify the identity of the servers you are getting time from. Authenticated packets are cryptographically signed by the server. If you need to be able to prove that your time is traceable to some particular server, you would use authentication to do so. ------------------------------ Date: Fri, 4 Jul 2008 10:34:04 -0400 From: "John Smith" Subject: Re: OT: ATM PIN code theft Message-ID: "JF Mezei" wrote in message news:486c0669$0$30379$c3e8da3@news.astraweb.com... > Tom Linden wrote: >> http://www.cbsnews.com/stories/2008/07/01/national/main4226061.shtml > > 1- I doubt very much that ATMs use the public Internet. They may use a > private IP based network. > > 2- First generation machines (the IBM ones with the 1 or 3 line LED > display) was SNA only. Subsequent generations supported X.25 as well. > OS2 was the OS of choice for ATMs during the early to mid 1990s. Once > IBM gave up on OS2, ATMs moved to Windows, and like Microsoft, banks > started to add fluff to the ATMs by adding animated images etc etc. > > 2- It is correct to state that not all ATMs encrypt traffic or just the > PINs. Normally, ATMs in secured locations (for instance, inside a > branch) require less care because the links to the data centre are on a > private network. > > However, this article speaks of ATMs operated by 3rd parties, so all > bets are off. However Citibank would have set standards for any ATM > bearing its name/logo. If the 3rd party operator did not abide by > Citibank standards, it is up to citibank to ensure it did. > > Atalla was the encryption service/boxes of choice back in the 1990s. > They were bought by Tandem since they integrated well with the Tandem > software to support ATMs. Guess where http://www.atalla.com ends up now? > > > The article makes a lot of speculation. What has not been revealed is > whether the thieves forged ATM cards and used the stolen PINs at any > regular ATM, or if they forged transction which caused an ATM to spit > out money. (or perhaps just put the ATM in test mode). > > Certain bank employees have special ATM cards that activate ATM > management software. Once inside, you can activate any/all software > functions. Perhaps they captured those cards. > > There is too litle actual information in that article to know anything > real about this theft. One thing that I've noticed with the new generation of ATM's is that they are providing a noticeably slower user response. I can't imagine that with generally faster network links, faster CPU's in the ATM's, and despite a possible switch to AES, and perhaps more processing at the backend, that the slowness is due to anything other than Windows itself running in the ATM. ------------------------------ Date: Fri, 04 Jul 2008 10:18:17 -0500 From: David J Dachtera Subject: Re: OT: ATM PIN code theft Message-ID: <486E3F39.8A214A92@spam.comcast.net> John Smith wrote: > [snip] > > One thing that I've noticed with the new generation of ATM's is that they > are providing a noticeably slower user response. I can't imagine that with > generally faster network links, faster CPU's in the ATM's, and despite a > possible switch to AES, and perhaps more processing at the backend, that the > slowness is due to anything other than Windows itself running in the ATM. ...or possibly the anti-virus scanner which examines every byte of input/output.... D.J.D. ------------------------------ Date: Fri, 04 Jul 2008 10:15:28 -0500 From: David J Dachtera Subject: Re: Symbol Substitution Mystery Message-ID: <486E3E90.7CD0E88C@spam.comcast.net> AEF wrote: > [snip] > > > > $ WSO F$STRING('ZERO') > > I meant the expression F$STRING('ZERO') > > > is still illegal per se. How so? I intentionally use that technique, though more typically with F$TYPE(), for example: where I need two iterations of substitution to occur to see if a pseudo-array element exists: $ SYMB := PNTR_'CNTR' ! If CNTR = 12, then SYMB = "PNTR_12" $ IF F$TYPE( 'SYMB' ) .NES. "" THEN - $ mumble... > The only reason it works in this case is that > > apostrophe substitution ignores F$xxx ...as it should... > as you say and therefore this > > expression becomes > > > > $ WSO F$STRING(ONE) > > > > during phase 1 of DCL command parsing and lexical evaluation occurs > > later during phase 3. ...which, again, is a behavior that I not only expect, but also exploit. The one that REALLY knocked me off-center was this one: ($ SAY := WRITE SYS$OUTPUT) DJAS02::DDACHTERA$ zero := one DJAS02::DDACHTERA$ say F$STRING("''ZERO'") ONE DJAS02::DDACHTERA$ say 'F$STRING("''ZERO'")' ONE DJAS02::DDACHTERA$ a :='F$STRING("''ZERO'")' DJAS02::DDACHTERA$ sh sym a A = "ZERO" DJAS02::DDACHTERA$ say "''ZERO'" ONE DJAS02::DDACHTERA$ Not what I expected, and - apparently - not what you expected, either in your code. D.J.D. P.S.: Just for fun... $ STRING = "Unauthorized Access Only - Prosecutors will be violated" $ DEFINE/SYSTEM/EXEC SYS$ANNOUNCE &STRING ------------------------------ Date: Fri, 04 Jul 2008 11:17:58 +0000 From: ChrisQ Subject: Re: Tru64 file system source code now open source Message-ID: Michael Kraemer wrote: > > DEC Unices still coming with a C (but not C++) compiler is indeed a > singularity in Unix-Land and of course welcome. But with modern > Unices there's no necessity to recompile the kernel, so the > C-compiler disappeared and has to be ordered as a separate product. > Only HP-UX has a crippled (== useless) cc left to "build the kernel". > > > > > > > > > A quality ansi standard C compiler is very usefull, especially if you need to (for example) build all the gnu tools. Though binaries might have been available, I always find it good practice to build everything from scratch, to find your way around the system and to impose youir own structure on it all. I do mainly embedded work here and Tru64 and Alpha was never a supported platfrom by the gnu tools in a cross environment, so you had to roll your own. Trying to do that with the usually broken cc that comes with many unices was a nonstarter. You might ask, why do embedded development on Alpha ?, but the sheer interactive speed and compile performance of alpha was just so seductive compared to Pc's and Sparc offerings at the time, just didn't want to use anything else. That + a long history working with dec kit etc. You can't expect the suits to understand all that, but if technical excellence, design flair and sound engineering doesn't drive progress, what does ?. >> Tru64 was written from the start to be a modern, secure, 3nd >> generation unix, > > > But it came way too late, just as Alpha. Here we must disagree - Alpha wasn't too late in the early to mid nineties. It was doing very well thanks and world class, but I musn't get started on that thread again :-). What's dead is dead and the world moves on... Regards, Chris ------------------------------ Date: Fri, 4 Jul 2008 02:08:48 -0500 From: "Paul Lentz" Subject: VMS SAN Primer Message-ID: I'm looking at trying to get a System Admin Job. I've worked with VAXen for about 13 years with some of that as a Admin in a static but scaling-down shop. I also worked with Alphas. I keep having to hem and hah when it comes to questions about SAN, and I guess it's config :-). I had to do (re)configuration on Storage Works boxes and HS series controllers. But never got to touch anything officially labeled SAN. I've done a few quick searches to try and find a primer on what is usally excellent VMS documentation available on the web, but haven't really found anything definitative. Can anybody point me in the direction to get started to become a VMS Alpha SAN know-it-all??? Thanks! *Paul* ------------------------------ Date: Fri, 4 Jul 2008 09:54:36 +0100 From: "Richard Brodie" Subject: Re: VMS SAN Primer Message-ID: "Paul Lentz" wrote in message news:I0kbk.12044$jI5.6357@flpi148.ffdc.sbc.com... > Can anybody point me in the direction to get started to become a VMS Alpha SAN > know-it-all??? I think I would start with "Guidelines for OpenVMS Cluster Configurations, Chapter 7" http://www.openvms.compaq.com/doc/82FINAL/6318/6318pro_009.html#fc_sup_ovms_ch ------------------------------ Date: Fri, 4 Jul 2008 05:24:10 -0700 (PDT) From: Ed Wilts Subject: Re: VMS SAN Primer Message-ID: <954ba91a-4d5d-4a5e-961e-79689a2f132e@w8g2000prd.googlegroups.com> On Jul 4, 2:08=A0am, "Paul Lentz" wrote: > I'm looking at trying to get a System Admin Job. I've worked with VAXen f= or about 13 years with some of that as a Admin in a static > but scaling-down shop. I also worked with Alphas. > > I keep having to hem and hah when it comes to questions about SAN, and I = guess it's config :-). I had to do (re)configuration on > Storage Works boxes and HS series controllers. But never got to touch any= thing officially labeled SAN. =A0I've done a few quick > searches to try and find a primer on what is usally excellent VMS documen= tation available on the web, but haven't really found > anything definitative. > > Can anybody point me in the direction to get started to become a VMS Alph= a SAN know-it-all??? If you've every done any work with a CI-based cluster, you have SAN experience. An HSJ-based storage system just shows you again that Digital was ahead of the other players. Your "HBA" is the CIPCA. Your SAN controller is the HSJ. You boot from SAN (HSJ) and each host shares the same volumes just like they do in today's SANs. The only major difference between a CI-based SAN and today's SANs is that all nodes on your CI must be part of the same cluster - there isn't really a "zoning" concept. I managed a CI-based cluster for a bunch of years and the migration to a modern SAN was painless. If you have the concepts down, the rest is just syntax and experience. My VMS hosts still lead the pack with boot-from-SAN. Other than our VMware blades, the other platform admins have not yet switched to a boot-from-SAN approach. For VMS systems booting from the SAN, wwidmgr is the tool you have to know - there's a dedicated manual for it. There is a lot of good introductory vendor-neutral SAN training on http://www.snia.org - the Storage Networking Industry Assocation's web site. SNIA also offers certifications and if you do some job posting searches on places like LinkedIn, you'll see that those certifications are recognized and are sometimes a requirement for landing a SAN admin job. Some vendors (e.g. Hitachi) are starting to defer their introductory training to SNIA - you take the SNIA training first and then you take the Hitachi-specific training. For VMS systems participating in a SAN, you'll typically find HP EVA or MSA storage so if you're looking to focus on a single storage system, EVA would be a good place to start. They're really easy to configure. There's a bunch of EVA material on HP's web site. Today, VMS systems connecting to SANs will use fibre channel. I believe that in 8.3, iSCSI is now an option. Good luck, .../Ed -- Ed Wilts, Mounds View, MN, USA RHCE, BCFP, BCSD, SCSP, SCSE mailto:ewilts@ewilts.org ------------------------------ Date: Fri, 04 Jul 2008 14:45:21 GMT From: Martyn Subject: Re: VMS SAN Primer Message-ID: <5Iqbk.2888$7v1.882@newsfe30.ams2> On Fri, 04 Jul 2008 02:08:48 -0500, Paul Lentz wrote: > I'm looking at trying to get a System Admin Job. I've worked with VAXen > for about 13 years with some of that as a Admin in a static but > scaling-down shop. I also worked with Alphas. > > I keep having to hem and hah when it comes to questions about SAN, and I > guess it's config :-). I had to do (re)configuration on Storage Works > boxes and HS series controllers. But never got to touch anything > officially labeled SAN. I've done a few quick searches to try and find > a primer on what is usally excellent VMS documentation available on the > web, but haven't really found anything definitative. > > Can anybody point me in the direction to get started to become a VMS > Alpha SAN know-it-all??? > > Thanks! > *Paul* There's an HP EVA Command View simulator available, which would give you practice in setting up and maintaining an EVA8000 configuration without needing any hardware. I can't say how good it is or whether you have to pay for it but have a look here: http://h18014.www1.hp.com/training/25728.html ------------------------------ Date: Fri, 4 Jul 2008 10:39:21 -0500 From: "Paul Lentz" Subject: Re: VMS SAN Primer Message-ID: "Ed Wilts" wrote in message news:954ba91a-4d5d-4a5e-961e-79689a2f132e@w8g2000prd.googlegroups.com... On Jul 4, 2:08 am, "Paul Lentz" wrote: >> Storage Works boxes and HS series controllers. But never got to touch anything officially labeled SAN. >> Can anybody point me in the direction to get started to become a VMS Alpha SAN know-it-all??? >I managed a CI-based cluster for a bunch of years and the migration to >a modern SAN was painless. If you have the concepts down, the rest is >just syntax and experience. My VMS hosts still lead the pack with >boot-from-SAN. Other than our VMware blades, the other platform >admins have not yet switched to a boot-from-SAN approach. >For VMS systems booting from the SAN, wwidmgr is the tool you have to >know - there's a dedicated manual for it. I sorta knew there couldn't be much difference... It was the part where I needed to know what tools are used and all you guys helped me with that. Thanks Y'all! *Paul* ------------------------------ End of INFO-VAX 2008.371 ************************