INFO-VAX Thu, 17 Jul 2008 Volume 2008 : Issue 397 Contents: "Network tape drive" for VMS Re: "Network tape drive" for VMS Re: "Network tape drive" for VMS Re: "Network tape drive" for VMS Re: "Network tape drive" for VMS Re: Another BIND vulnerability (cache poisoning) Re: c. 2008 Brian Schenkenberger. Re: changed behavior of SUBMIT/USER Re: changed behavior of SUBMIT/USER Imagemagick 6.30 and text drawing ? Re: Imagemagick 6.30 and text drawing ? Re: LTO3 drives on Alpha VMS TCPIP$TELNETSYM_* logical names Re: TCPIP$TELNETSYM_* logical names Re: TCPIP$TELNETSYM_* logical names ---------------------------------------------------------------------- Date: Thu, 17 Jul 2008 15:11:14 +0200 From: Albrecht Schlosser Subject: "Network tape drive" for VMS Message-ID: Is there anything available that could be called a "network tape drive" that is supported with (a) OpenVMS / Alpha 7.3-2 (b) OpenVMS / I64, 8.2 or 8.3 ff. ? The reason is to have the backup tape drive separated from the server for easier access to change the backup tapes. Please don't ask, why would you want to do that. It's simply because of a user's request. And this should *not* be another VMS server (cluster node) with a tape drive ;-) Albrecht ------------------------------ Date: Thu, 17 Jul 2008 14:54:45 +0100 From: "R.A.Omond" Subject: Re: "Network tape drive" for VMS Message-ID: <487f4f26$0$90273$14726298@news.sunsite.dk> Albrecht Schlosser wrote: > Is there anything available that could be called a > "network tape drive" that is supported with > > (a) OpenVMS / Alpha 7.3-2 > (b) OpenVMS / I64, 8.2 or 8.3 ff. ? > > The reason is to have the backup tape drive separated from the > server for easier access to change the backup tapes. > > Please don't ask, why would you want to do that. It's simply > because of a user's request. And this should *not* be another > VMS server (cluster node) with a tape drive ;-) I always have real difficulty trying to comprehend such requests. What's the limit on xxx-SCSI cable length ? 25 metres ? Why can't you simply place the tape drive in e.g. a separate room. And why can't it be another VMS server/cluster-node with a tape drive ? What's wrong with that idea ? ------------------------------ Date: Thu, 17 Jul 2008 07:01:15 -0700 From: "Tom Linden" Subject: Re: "Network tape drive" for VMS Message-ID: On Thu, 17 Jul 2008 06:11:14 -0700, Albrecht Schlosser wrote: > Is there anything available that could be called a > "network tape drive" that is supported with > > (a) OpenVMS / Alpha 7.3-2 > (b) OpenVMS / I64, 8.2 or 8.3 ff. ? > > The reason is to have the backup tape drive separated from the > server for easier access to change the backup tapes. > > Please don't ask, why would you want to do that. It's simply > because of a user's request. And this should *not* be another > VMS server (cluster node) with a tape drive ;-) > > Albrecht If you have fibre, put it on a Modular Data Router -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 17 Jul 2008 16:34:59 +0200 From: Albrecht Schlosser Subject: Re: "Network tape drive" for VMS Message-ID: R.A.Omond wrote: > Albrecht Schlosser wrote: >> Is there anything available that could be called a >> "network tape drive" that is supported with >> >> (a) OpenVMS / Alpha 7.3-2 >> (b) OpenVMS / I64, 8.2 or 8.3 ff. ? >> >> The reason is to have the backup tape drive separated from the >> server for easier access to change the backup tapes. >> >> Please don't ask, why would you want to do that. It's simply >> because of a user's request. And this should *not* be another >> VMS server (cluster node) with a tape drive ;-) > > I always have real difficulty trying to comprehend such > requests. To help you to understand, why I asked this question: a customer's (Alpha) server should be moved to the data center, but the users (and not the IT personnel) would have to change the backup tapes. The users don't have access to the data center. > What's the limit on xxx-SCSI cable length ? 25 metres ? > Why can't you simply place the tape drive in e.g. a separate > room. Because the distance would probably be more than SCSI could handle. > And why can't it be another VMS server/cluster-node with > a tape drive ? What's wrong with that idea ? Because the intention is to move the server into the data center. And because of cost, management needs, and maybe more. Albrecht ------------------------------ Date: Thu, 17 Jul 2008 19:09:18 +0200 From: Marc Van Dyck Subject: Re: "Network tape drive" for VMS Message-ID: Albrecht Schlosser wrote : > Is there anything available that could be called a > "network tape drive" that is supported with > > (a) OpenVMS / Alpha 7.3-2 > (b) OpenVMS / I64, 8.2 or 8.3 ff. ? > > The reason is to have the backup tape drive separated from the > server for easier access to change the backup tapes. > > Please don't ask, why would you want to do that. It's simply > because of a user's request. And this should *not* be another > VMS server (cluster node) with a tape drive ;-) > > Albrecht Tape drives with a fiber channel interface can be connected to the host via a FC switch, thus enabling multiple hosts to access the device. Be sure not to access the drive from two systems simultaneously, though... -- Marc Van Dyck ------------------------------ Date: 17 Jul 2008 10:53:09 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Another BIND vulnerability (cache poisoning) Message-ID: <487f2495$0$20903$607ed4bc@cv.net> In article , "Tom Linden" writes: >On Wed, 16 Jul 2008 10:55:43 -0700, VAXman- <@SendSpamHere.ORG> wrote: > >> Tom, look back through this thread. Somebody posted the URL to a site >> that purports to test for the cache poisoning vulnerability. > >Thanks, I looked at that, www.doxpara.com but it doesn't give you the >ability to enter an IP. I see now. Seems it check the DNS of the web request. I'll take a look at the underlying code later. Maybe there's a way to exploit it to look at other IP/DNS. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: 17 Jul 2008 10:55:11 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: c. 2008 Brian Schenkenberger. Message-ID: <487f250f$0$20903$607ed4bc@cv.net> In article , Rich Jordan writes: >On Jul 16, 2:16=A0pm, "Richard B. Gilbert" >wrote: >> norm.raph...@metso.com wrote: >> >> > "Richard B. Gilbert" wrote on 07/16/2008 >> > 02:48:43 PM: >> >> > =A0> Steven M. Schweda wrote: >> > =A0> > From: =A0 VAXman- =A0@SendSpamHere.ORG >> >> > =A0> >> c. 2008 Brian Schenkenberger. [...] >> >> > =A0> > =A0 =A0Around here, "c." is read as "circa". =A0Perhaps things d= >iffer where >> > =A0> > you are, or perhaps you mean "around 2008", but it all seems to = >make >> > =A0> > even less sense this way. =A0(Perhaps you should find more produ= >ctive >> > ways >> > =A0> > to occupy data storage space around the world. =A0Just a thought= >..) >> >> > =A0> Either the word "Copyright" or the Circled C symbol together with = >the >> > =A0> year is sufficient to claim copyright. =A0A simple lowercase "c" i= >s not >> > =A0> legally sufficient. >> >> > I have seen (c) where the symbol was not appropriate. =A0 >> >> > [I could put it here, but the message would then become MIME instead of >> > text.] >> >> >> If the message were MIME encoded, might we hope for a slightly larger >> type face? =A0:-) >> >> AFAIK, (C) is NOT legally sufficient to claim copyright. =A0Only the >> symbol or the word spelled out in full protect your rights under >> copyright law. > >So assuming a document with the circle-C character but not a spelled >out COPYRIGHT or COPR... If I switch my browser to use a font/symbol >set that doesn't display the circled-C for whatever ascii/high-bit-set/ >unicode character was chosen to display it, does that mean the copy >I'm looking at is no longer copyrighted? Does the law or standard >actually specify a particular character code, or simply require the >'display' of the symbol as in a hardcopy? The brief Brian pointed to >doesn't seem to cover that. > >If my printer doesn't have the circle-C character (or again it is >using a symbol set or font that does not) and I print it, is that copy >no longer copyrighted? > >Seems like for electronic storage and display use you need to use the >spelled out word, and to be safe also specify a well known symbol set/ >typeface/etc. ASCII 7 bit and the word or abbreviation. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Thu, 17 Jul 2008 08:44:33 +0100 From: "R.A.Omond" Subject: Re: changed behavior of SUBMIT/USER Message-ID: <487ef862$0$90263$14726298@news.sunsite.dk> Carl Friedberg wrote: > (posted on DECUS as well) > > I have a client who recently applied a years worth of > patches to a VMS 8.3 Alpha system. > > After applying all current patches (starting with > VMS83A_UPDATE), they noticed the following change in > behavior: > > SUBMIT /USER > > now requires both CMKRNL and SYSPRV (VMS help explains > Read and Write access to SYSUAF is required). > > Has anyone else noticed this? Any idea which patch > made this change? Just curious; I'll also post on > Comp.OS.VMS Carl, Requiring SYSPRV is intended to workaround this bug which we reported in May 2007 (so it's our fault ;-) ) When using the submit/user command via an account which only has CMKNRL priv and read/write access to UAF the following OPCOM appears: %%%%%%%%%%% OPCOM 25-MAY-2007 12:19:50.35 %%%%%%%%%%% Message from user AUDIT$SERVER on XXXX Security alarm (SECURITY) and security audit (SECURITY) on XXXX, system id: 1040 Auditable event: Privilege failure Event information: SETPRV not used to enable temporary privilege not authorized to process (SET PROCESS/PRIVILEGE, $SETPRV) Event time: 25-MAY-2007 12:19:50.35 PID: 000046E7 Process name: XXXX Username: XXXX Process owner: [DEV,XXXX] Terminal name: VTA814: Image name: $3$DKF502:[SYS0.SYSCOMMON.][SYSEXE]SUBMIT.EXE New privileges: SYSPRV Old privileges: CMKRNL,TMPMBX,NETMBX Privileges missing: SETPRV Posix UID: -2 Posix GID: -2 (%XFFFFFFFE) ------------------------------ Date: Thu, 17 Jul 2008 04:11:55 -0700 (PDT) From: Jose Baars Subject: Re: changed behavior of SUBMIT/USER Message-ID: <45d64318-c698-407d-88eb-0f5b246f0c5a@e39g2000hsf.googlegroups.com> Hi, I logged a query 3 days ago, the change was in CLIUTL V1. The change is really a bugfix, and confirmed as such by HP, as up until now submit/user did not behave according to documentation, read what you see at help submit/user So now, you actualy need R/W access to SYSUAF. jose ------------------------------ Date: Thu, 17 Jul 2008 06:19:11 -0400 From: JF Mezei Subject: Imagemagick 6.30 and text drawing ? Message-ID: <487f1cca$0$1812$c3e8da3@news.astraweb.com> I installed the alpha "pre-built" version of Imagemagick 6.3.0-3 from: http://nchrem.tnw.tudelft.nl/openvms/software2.html (I fine site BTW). ## Zip-up of my directory containing everything (source,objects,libraries,executables) for version 6.3.0-3 click here get it ## So I didn't download the other stuff like freetype linrary etc. I already have Ghostscript. I can do basic stuff like convert a .png to a .jpg and crop that image. But whenever I try to use the draw or annontate command to write text over an image, the convert app crashes. (last file access with a SET WATCH was "type.xml". I have the MAGICK$ROOT and MAGICK logicals defined. Has anyone gotten text drawing to work on VMS for imagemagick ? Any examples ? when the doc says something like: convert logo.jpg -font Arial -pointsize 20 \ -draw "gravity south \ fill black text 0,12 'Copyright' \ fill white text 1,11 'Copyright' " \ wmark_text_drawn.jpg How would one code the quotes in a VMS environment where convert is defined as a foreign command ? ------------------------------ Date: Thu, 17 Jul 2008 06:33:09 -0400 From: JF Mezei Subject: Re: Imagemagick 6.30 and text drawing ? Message-ID: <6d780$487f1f5a$cef8887a$29490@TEKSAVVY.COM> Addendum: I got the following to not crash: $ im_convert temp.png -font Arial -pointsize 20 - -draw "gravity south fill red text 1,11 'Hello' " temp.jpg convert.exe;1: UnableToOpenConfigureFile `colors.xml'. convert.exe;1: UnableToOpenConfigureFile `type.xml'. convert.exe;1: UnableToReadFont `arial'. convert.exe;1: UnableToReadFont `arial'. convert.exe;1: UnableToReadFont `arial'. convert.exe;1: UnableToReadFont `arial'. convert.exe;1: UnableToOpenConfigureFile `delegates.xml'. Looking at the source, those filenames are given just as such. doing a search of all files in the directory tree (includes sources) yields no instance of magick$root. Does anyone know how this application defines some sort of search path to file those .XML files ? ------------------------------ Date: Thu, 17 Jul 2008 00:08:31 -0700 (PDT) From: Volker Halle Subject: Re: LTO3 drives on Alpha VMS Message-ID: <3af68382-ba4c-419e-be1d-3c2a125d85bb@k30g2000hse.googlegroups.com> Mike, Magtape $2$MGA0: (EZK20), device type HP Ultrium 3-SCSI, is online, allocated, ... OpenVMS Alpha V7.3-2 Volker. ------------------------------ Date: Thu, 17 Jul 2008 16:03:16 +0200 From: Albrecht Schlosser Subject: TCPIP$TELNETSYM_* logical names Message-ID: <4204l5-jjo.ln1@news.hus-software.de> I'm looking for a solution that seems to need the logical names TCPIP$TELNETSYM_SUPPRESS_FORMFEEDS and TCPIP$TELNETSYM_RAW_TCP preferably in combination with autostart print queues. I know that I can use a different logical name for a particular queue, because the logical names are read only at the time the queue is started. But, what would I do if all the queues should be started with $ enable autostart/queues when the system is booted ? So far, we didn't use TCPIP$TELNETSYM_RAW_TCP, but there is a new requirement to print real TAB characters on some TCPIP$TELNETSYM print queues. The only way I know to do that is to print with /passall, because there is no device that could be set to allow TABs with SET TERMINAL/TAB. And with /passall set, we do also need TCPIP$TELNETSYM_RAW_TCP, because at least one printer would otherwise print the telnet handshake characters (hex. FF FD 00 FF FB 00) that are documented in the TCPIP manuals . Example print queue: $ sho que xy/full Printer queue XY, idle, on NODE::"xy:9100", mounted form DEFAULT [...] /PROCESSOR=TCPIP$TELNETSYM [...] where "xy" is a host name. Thus, if I need TCPIP$TELNETSYM_RAW_TCP and want to use autostart, then I would have to set TCPIP$TELNETSYM_RAW_TCP system wide before autostart, and then it would apply to all TELNETSYM queues. Does anybody here have experience with setting TCPIP$TELNETSYM_RAW_TCP for different printers (we use HP, KYOCERA, and maybe others with PCL emulation that our customers provide). Are there problems to be expected, or do most or all printers use a raw socket anyway ? Any comments and experiences are really appreciated. Albrecht ------------------------------ Date: Thu, 17 Jul 2008 12:09:48 -0400 From: "Jeff Goodwin" Subject: Re: TCPIP$TELNETSYM_* logical names Message-ID: <487f6ecf$0$5162$9a6e19ea@unlimited.newshosting.com> "Albrecht Schlosser" wrote in message news:4204l5-jjo.ln1@news.hus-software.de... > I'm looking for a solution that seems to need the logical names > > TCPIP$TELNETSYM_SUPPRESS_FORMFEEDS and > TCPIP$TELNETSYM_RAW_TCP > > preferably in combination with autostart print queues. I know that > I can use a different logical name for a particular queue, because > the logical names are read only at the time the queue is started. > > But, what would I do if all the queues should be started with > $ enable autostart/queues > when the system is booted ? > .snip. > > Any comments and experiences are really appreciated. > > Albrecht We have this same issue at our sites with these two logical names and I do not have an answer for you. I have requested the 'queue specific logicals' feature for many years via many mechanisms. Just this year I've heard it is being considered for a future release of TCPIP. It's about the most simple thing that can be programmed. Check for the queue specific logical name like TCPIP$TELNETSYM_RAW_TCP_queue. If it exists, use it. If it doesn't exist, check for the generic logical name. DCPS seems to handle queue specific logical names quite nicely. It's really an obvious problem with a simple solution that can be added to the code. It is just pathetic it is taking so long. -Jeff ------------------------------ Date: Thu, 17 Jul 2008 10:32:18 -0700 (PDT) From: "Bart.Zorn@gmail.com" Subject: Re: TCPIP$TELNETSYM_* logical names Message-ID: On Jul 17, 4:03=A0pm, Albrecht Schlosser wrote: > I'm looking for a solution that seems to need the logical names > > TCPIP$TELNETSYM_SUPPRESS_FORMFEEDS and > TCPIP$TELNETSYM_RAW_TCP > > preferably in combination with autostart print queues. I know that > I can use a different logical name for a particular queue, because > the logical names are read only at the time the queue is started. > > But, what would I do if all the queues should be started with > =A0 =A0$ enable autostart/queues > when the system is booted ? > > So far, we didn't use TCPIP$TELNETSYM_RAW_TCP, but there is a new > requirement to print real TAB characters on some TCPIP$TELNETSYM > print queues. The only way I know to do that is to print with > /passall, because there is no device that could be set to allow > TABs with SET TERMINAL/TAB. And with /passall set, we do also > need TCPIP$TELNETSYM_RAW_TCP, because at least one printer would > otherwise print the telnet handshake characters (hex. FF FD 00 > FF FB 00) that are documented in the TCPIP manuals . > > Example print queue: > > $ sho que xy/full > Printer queue XY, idle, on NODE::"xy:9100", mounted form DEFAULT > =A0 =A0[...] /PROCESSOR=3DTCPIP$TELNETSYM [...] > > where "xy" is a host name. > > Thus, if I need TCPIP$TELNETSYM_RAW_TCP and want to use autostart, > then I would have to set TCPIP$TELNETSYM_RAW_TCP system wide before > autostart, and then it would apply to all TELNETSYM queues. > > Does anybody here have experience with setting TCPIP$TELNETSYM_RAW_TCP > for different printers (we use HP, KYOCERA, and maybe others with > PCL emulation that our customers provide). Are there problems to be > expected, or do most or all printers use a raw socket anyway ? > > Any comments and experiences are really appreciated. > > Albrecht Are you running a cluster? If so, you could consider running each (class of) queue(s) on a different node, each with the corresponding system logical names. HTH. Bart Zorn ------------------------------ End of INFO-VAX 2008.397 ************************