INFO-VAX Sat, 23 Aug 2008 Volume 2008 : Issue 461 Contents: ALL GONE: Storage Shelves for FREE Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: SMGRTL patch available on ITRC ftp site Re: strange tcpip issue Re: strange tcpip issue ---------------------------------------------------------------------- Date: Sat, 23 Aug 2008 10:57:44 -0700 From: "Tom Linden" Subject: ALL GONE: Storage Shelves for FREE Message-ID: On Mon, 18 Aug 2008 13:17:45 -0700, Tom Linden wrote: > Have 4 Blue BA356 each with one Power Suply, one personality module and 7 > drives. (RZ1DD) > > 3 grey BA350 No personality modules in these with RZ28 drives > > 1. 3 Power supplie 3 drives > 2. 3 Power Supplies 5 drives > 3. 2 Power Supplies 5 drives > > You pay for shipping, from 93953 > -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Sat, 23 Aug 2008 07:13:20 -0700 (PDT) From: jferraro Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: On Aug 22, 2:50 pm, JF Mezei wrote: > VAXman- @SendSpamHere.ORG wrote: > > Such a thing could be implemented using a method described in one of > > the prior posts in this thread that I epressed concern about to weap- > > onize this. I should hope that nobody does that! > > Actually, being a good devil's advocate, perhaps a large scale very > public attack on VMS would be beneficial. There would be a lot of > publicity about VMS, and the media might mention that while VMS isn't > widely widespread, it is used in very serious applications where quality > and stability are extremely important. > > In other words, hackers could give VMS the publicity HP refuses to give > its own unwanted bastard child that is the result of an unwanted marriage. Regarding VMS publicity, I think it is interesting that in the "blow up the datacenter" video published by HP, VMS was shown to dominate even their [arguably] flagship HP-UX/Serviceguard. Although HP-UX is my primary responsibility, I've asked my reps for their take on HP's VMS future (we still have a few VAX/7000s in production). Thus far, they've all taken a positive stance and I've put more and more pressure on my rep to deliver information about patches, strategies, etc... I've been attempting to start a few rogue projects to investigate Oracle (among other things) on VMS... its funny that as I mention it to most people, the response is similar to: "I hate VMS"; however, when probed about the comments most people seem to be unable to defend the statement and end up interested in the "rogue" testing before the conversation is over. Its my hope that VMS still has a productive future... and I agree with you... events like these with the DEFCON crew, may be the fuel it needs... joe -=-=-=-=-=-= not cool enough for a tagline -=-=-=-=-=-= ------------------------------ Date: Sat, 23 Aug 2008 07:52:17 -0700 (PDT) From: johnwallace4@yahoo.co.uk Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: On Aug 23, 3:13 pm, jferraro wrote: > On Aug 22, 2:50 pm, JF Mezei wrote: > > > VAXman- @SendSpamHere.ORG wrote: > > > Such a thing could be implemented using a method described in one of > > > the prior posts in this thread that I epressed concern about to weap- > > > onize this. I should hope that nobody does that! > > > Actually, being a good devil's advocate, perhaps a large scale very > > public attack on VMS would be beneficial. There would be a lot of > > publicity about VMS, and the media might mention that while VMS isn't > > widely widespread, it is used in very serious applications where quality > > and stability are extremely important. > > > In other words, hackers could give VMS the publicity HP refuses to give > > its own unwanted bastard child that is the result of an unwanted marriage. > > Regarding VMS publicity, I think it is interesting that in the "blow > up the datacenter" > video published by HP, VMS was shown to dominate even their [arguably] > flagship > HP-UX/Serviceguard. Although HP-UX is my primary responsibility, I've > asked my > reps for their take on HP's VMS future (we still have a few VAX/7000s > in production). > Thus far, they've all taken a positive stance and I've put more and > more pressure on > my rep to deliver information about patches, strategies, etc... > > I've been attempting to start a few rogue projects to investigate > Oracle (among other > things) on VMS... its funny that as I mention it to most people, the > response is similar > to: "I hate VMS"; however, when probed about the comments most people > seem to be > unable to defend the statement and end up interested in the "rogue" > testing before the > conversation is over. > > Its my hope that VMS still has a productive future... and I agree with > you... events like > these with the DEFCON crew, may be the fuel it needs... > > joe > > -=-=-=-=-=-= > not cool enough for a tagline > -=-=-=-=-=-= Positive words about VMS from HP? Where in the world are you? Keep it secret otherwise HP management will ensure your local reps are re- aligned with corporate policy... More seriously though: VAX 7000s in production? Has anyone looked at how much they're costing vs more recent kit? Maintenance, power, cooling and square-footage (?) on kit (including storage?) from that era won't be cheap; when I last looked, in most environments, moving to something current whilst staying with VMS (and therefore introducing relatively little risk) would typically have a very short payback time, maybe a year or two? How often can you get a payback time of that length? It can get more interesting if the business is organised in a way where revenue spend and capital spend come under separate stovepipes, but even that shouldn't be insurmountable. Any competent HP (or reseller) rep should be able to help you put a nice business case together, then all you need is a technically satisfactory plan for the migration and a bit of time (again, depending on location and needs, HP, reseller, or independent consultant). Note that because this is VMS, given proper planning you may well not need end user downtime to make this happen - depends to an extent on the application environment. Try doing that with mass- market "cheap" OSes. ------------------------------ Date: Sat, 23 Aug 2008 11:13:25 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: <00A7E878.32A0BB61@SendSpamHere.ORG> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >In article <00A7E75B.E1A3D903@SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes: >> FWIW, reading the patch description text (Yes, with my specs on), there >> is nothing to indicate the severity of or need for applying this patch! >> I'd wager that there are sites that will NEVER install this patch unless >> they see some buffer overflow in SMG. Unless this patch is listed as a >> SECURITY patch, people not following what has been going on here for the >> better part of a week will not install it. > > Yes. the rating is INSTAL_1, but it should be a MUP! I've been on-the-road for the past day travelling to Pittsburgh and only now able to clarify my comment. I know it's listed INSTAL_1. That still doesn't speak to it being a security issue. The description, IMHO, does not describe the seriousness of this issue. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Sat, 23 Aug 2008 11:15:15 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: <00A7E878.73FD4197@SendSpamHere.ORG> In article , FrankS writes: >On Aug 22, 5:00=A0am, "P. Sture" wrote: >> I'd definitely recommend getting a spare pair, not only as a counter for >> forgetfulness, but in case of a system failure (in my case the >> unexpected chewing of my first pair by a puppy!). > >WalMart, K-Mart, and their ilk are your friend in this particular >case. I've got 6 pairs of very cheap ($6 - $12) reading glasses >scattered around the house and car. I even have one pair expressly to >be left in the briefcase to avoid travelling mishaps. :-) My Rx was a little more than cheap reading glasses... not at $400! >Ah, the joys of advancing age. :) -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Sat, 23 Aug 2008 08:57:43 -0700 (PDT) From: FrankS Subject: Re: SMGRTL patch available on ITRC ftp site Message-ID: <6945ab23-d8b3-439c-9a3b-e12465bb9821@k7g2000hsd.googlegroups.com> On Aug 23, 7:15=A0am, VAXman- @SendSpamHere.ORG wrote: > My Rx was a little more than cheap reading glasses... not at $400! Yeah, the prescription glasses cost me $600, and I never use them. They had a "progressive" lens and my eyes just never got used to them. The cheapo reading glasses do a great job. I'm going to try traditional bifocals for driving and flying because the gps and instruments are starting to enter the fuzzy viewing range. ------------------------------ Date: Sat, 23 Aug 2008 15:47:16 GMT From: "Tim Wilkinson" Subject: Re: strange tcpip issue Message-ID: <8iWrk.47097$E41.38763@text.news.virginmedia.com> "David J Dachtera" wrote in message news:48AF6B1A.2E6F4CEA@spam.comcast.net... > VMS machines typically do not get DHCP served, they typically have > static addresses assigned to them and configured on them. > > That said, as others have pointed out, UCX took the usual few tries to > get it "right". CIDR is a fairly new innovation from the viewpoint of > VMS IP stacks. Even PSC didn't come out with that until fairly recently, > relatively speaking. > > D.J.D. True, normally I would have assigned a static address to devices I class as "Servers", but as my "VAX" is a simh on my laptop which moves round with me, it was convienient to use DHCP. I have not tried it, but would guess even static assigned would not cope with the subnet mask my network people have supplied for my home network. I find it surprising that DEC never "Got it" as they were at the forefront of embracing networking. But for some reason seemed very reluctant to pick up on TCP/IP. I remember running Wollongong to allow terminal server attached users to connect to some of my microvaxes in the 80/90s. Other kit had unibus hardware boards from Bridge (Later part of 3com) to allow TCP/IP connected terminal servers to communicate. Even in that era, we were using VLSM to allocate our allocated "Class B" network across the UK sites. ------------------------------ Date: Sat, 23 Aug 2008 15:57:09 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: strange tcpip issue Message-ID: Tim Wilkinson wrote: > "David J Dachtera" wrote in message > news:48AF6B1A.2E6F4CEA@spam.comcast.net... > >> VMS machines typically do not get DHCP served, they typically have >> static addresses assigned to them and configured on them. >> >> That said, as others have pointed out, UCX took the usual few tries to >> get it "right". CIDR is a fairly new innovation from the viewpoint of >> VMS IP stacks. Even PSC didn't come out with that until fairly recently, >> relatively speaking. >> >> D.J.D. > > True, normally I would have assigned a static address to devices I class as > "Servers", but as my "VAX" is a simh on my laptop which moves round with me, > it was convienient to use DHCP. I have not tried it, but would guess even > static assigned would not cope with the subnet mask my network people have > supplied for my home network. > > I find it surprising that DEC never "Got it" as they were at the forefront > of embracing networking. But for some reason seemed very reluctant to pick > up on TCP/IP. I remember running Wollongong to allow terminal server > attached users to connect to some of my microvaxes in the 80/90s. Other kit > had unibus hardware boards from Bridge (Later part of 3com) to allow TCP/IP > connected terminal servers to communicate. Even in that era, we were using > VLSM to allocate our allocated "Class B" network across the UK sites. > > Why not just run a TCPIP Services version that works ? ------------------------------ End of INFO-VAX 2008.461 ************************