INFO-VAX Tue, 02 Sep 2008 Volume 2008 : Issue 481 Contents: Re: Advanced Server 7.3B & VISTA Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: Loose Cannon-dian Re: Loose Cannon-dian Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Note to Island Computers customers Re: Note to Island Computers customers Re: Note to Island Computers customers Re: Note to Island Computers customers Re: OT: SYSMAN Equiv. on AIX? problems with WBEM and ACU-XE Re: [VMS V7/8] How to avoid filling sec audit with entries of BACKUP user? ---------------------------------------------------------------------- Date: Tue, 2 Sep 2008 05:59:10 -0700 (PDT) From: Bobby Subject: Re: Advanced Server 7.3B & VISTA Message-ID: On Aug 31, 10:46=A0pm, David J Dachtera wrote: > Bobby wrote: > > > Well, I finally made progress, just in time to forget about it over > > the upcoming holiday weekend. =A0It turns out that if the password is > > typed on the Vista side in "all caps", then connection to > > AdvancedServer is successful. =A0Entering the password in "small caps" > > fails with a "logon_not_valid" SMB message. > > What are "small caps"? > > D.J.D. Sorry... "all caps" and "small caps" should have been "upper case" and "lower case (or mixed case)", respectively. ------------------------------ Date: Tue, 2 Sep 2008 07:46:17 -0700 (PDT) From: tadamsmar Subject: Re: Can you record DVDs on 7.2.1? Message-ID: On Aug 28, 3:00=A0pm, s...@antinode.info (Steven M. Schweda) wrote: > From:tadamsmar > > > Can you record DVDs or CDs using 7.2.1? > > =A0 =A0Perhaps, but that may depend on what "7.2.1" is, and/or what it ru= ns > on, and/or what's connected to it how. > > =A0 =A0Perhaps you could ask again, and include enough information for a > non-psychic to provide a useful and reliable answer. Digital Equipment Corporation's Open Virtual Memory System Version 7.2.1, which is now owned by Compaq. Sorry, I am sure using that "7.2.1" shorthand could mean a dozen different things when posted in the context of a newgroup named: comp.os.vms. ------------------------------ Date: Tue, 2 Sep 2008 07:55:08 -0700 (PDT) From: tadamsmar Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <1bd0a6d6-874b-4d59-bfce-83ec78f8c214@a70g2000hsh.googlegroups.com> On Sep 2, 10:46=A0am, tadamsmar wrote: > On Aug 28, 3:00=A0pm, s...@antinode.info (Steven M. Schweda) wrote: > > > From:tadamsmar > > > > Can you record DVDs or CDs using 7.2.1? > > > =A0 =A0Perhaps, but that may depend on what "7.2.1" is, and/or what it = runs > > on, and/or what's connected to it how. > > > =A0 =A0Perhaps you could ask again, and include enough information for = a > > non-psychic to provide a useful and reliable answer. > > Digital Equipment Corporation's Open Virtual Memory System Version > 7.2.1, which is now owned by Compaq. > > Sorry, I am sure using that "7.2.1" shorthand could mean a dozen > different things when posted in the context of a newgroup named: > comp.os.vms. I should have said 7.2-1, I know that "." must have rendered my post completely undecipherable to you. ------------------------------ Date: Tue, 2 Sep 2008 08:18:49 -0700 (PDT) From: tadamsmar Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <3fbf449f-81eb-4c1d-a25e-1b520fdcb91c@p25g2000hsf.googlegroups.com> On Aug 29, 10:30=A0am, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article <5bd7d4a4-6846-4b35-9765-8948b9db7...@25g2000prz.googlegroups.= com>,tadamsmar writes: > > > Can you record DVDs or CDs using 7.2.1? > > =A0 =A0If you have and use the correct software and hardware tools, I'm > =A0 =A0fairly sure you can do it. > > =A0 =A0Did you want to record data CDs or music? > > =A0 =A0Of course, by "7.2.1" in c.o.v I'm assuming you mean VMS 7.2-1 . Yes. VMS 7.2-1. Just want to do data backups on DVD preferably., Does anyone know a specific hardware and software solution for an AlphaServer DS10? I suppose I can just stumble though it as try stuff. I posted on this earlier and got some leads, but I was not really confident that it can be done on 7.2-1. 7.2.-1 does not have CDRECORD in SYS$MANAGER, but it is there on our 7.3-2 systems. ------------------------------ Date: Tue, 2 Sep 2008 10:00:32 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <08090210003204_202004E5@antinode.info> From: tadamsmar > > > > Can you record DVDs or CDs using 7.2.1? > > > > > =A0 =A0Perhaps, but that may depend on what "7.2.1" is, and/or what it = > runs > > > on, and/or what's connected to it how. > > > > > =A0 =A0Perhaps you could ask again, and include enough information for = > a > > > non-psychic to provide a useful and reliable answer. > > > > Digital Equipment Corporation's Open Virtual Memory System Version > > 7.2.1, which is now owned by Compaq. > > > > Sorry, I am sure using that "7.2.1" shorthand could mean a dozen > > different things when posted in the context of a newgroup named: > > comp.os.vms. > > I should have said 7.2-1, I know that "." must have rendered my post > completely undecipherable to you. I could _guess_ what you meant. Why should I need to? I could also deduce that you were running on an Alpha, not a VAX (if you got the VMS version right, if that's what it was), buy why should I need to? If I were looking for free help, I'd try to make it easy to provide it, not hard. The answer to your question might also depend on what sort of DVD/CD recording you intend to do. ODS2, ODS5, ISO 9660, ...? Copying an existing disc? Many things may be possible. I normally use cdrtools, but I haven't tried it lately on anything so old as VMS V7.2-1. You're welcome to look around at: http://antinode.info/ftp/cdrtools and see if you can find anything useful. (The latest one is probably the best.) Feel free to complain if you have problems, but any bug reports as lame as the original question in this forum may be handled appropriately (that is, discarded). ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Tue, 02 Sep 2008 12:07:13 -0400 From: "Richard B. Gilbert" Subject: Re: Can you record DVDs on 7.2.1? Message-ID: tadamsmar wrote: > On Aug 28, 3:00 pm, s...@antinode.info (Steven M. Schweda) wrote: >> From:tadamsmar >> >>> Can you record DVDs or CDs using 7.2.1? >> Perhaps, but that may depend on what "7.2.1" is, and/or what it runs >> on, and/or what's connected to it how. >> >> Perhaps you could ask again, and include enough information for a >> non-psychic to provide a useful and reliable answer. > > Digital Equipment Corporation's Open Virtual Memory System Version > 7.2.1, which is now owned by Compaq. > > Sorry, I am sure using that "7.2.1" shorthand could mean a dozen > different things when posted in the context of a newgroup named: > comp.os.vms. Well *I* assumed that "7.2.1" referred to a release of VMS but perhaps others have an imagination more vivid than mine! ------------------------------ Date: Tue, 02 Sep 2008 09:17:04 -0700 From: Malcolm Dunnett Subject: Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Message-ID: <48bd6701$1@flight> Neil Rieck wrote: > > So consider events last week: > The afore mentioned group of financially educated middle managers has > already purchased and shipped a pair of HP DL380s (quad-core Xeon) and > a single MSA storage array to each of the four VAX locations. Even > though we've got the source code to go to Alpha or Itanium, we've been > told that someone made a good business case to save money by using PCs > with VAX-Charon. The leaked reasons involved the added cost of doing > the VMS releated software licence upgrades on top of the hardware > upgrades. I'm confused - does using Charon-VAX eliminate the need to purchase/upgrade a VMS license? You're still running the apps under VMS, right - just using Charon to emulate the underlying hardware? Since OS licenses are not transferable it doesn't seem you can legally move your VMS licenses from the "real" VAXen to the Charon boxes, can you? Are the HP salesfolks perhaps encouraging you to violate HP license agreements? > p.s. If I knew this was going to happen, then I would have added some > baffle-gab to the mix by indicating that if an Intel-based system is > what you wanted, then you should buy Itanium. I wonder if the HP > salesfolk considered this approach? Most likely not - in my experience the PC sales types don't appear to know that Itanium exists. ------------------------------ Date: Tue, 2 Sep 2008 12:50:57 -0400 From: norm.raphael@metso.com Subject: Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Message-ID: This is a multipart message in MIME format. --=_alternative 005C8D70852574B8_= Content-Type: text/plain; charset="US-ASCII" Malcolm Dunnett wrote on 09/02/2008 12:17:04 PM: > Neil Rieck wrote: > > > > So consider events last week: > > The afore mentioned group of financially educated middle managers has > > already purchased and shipped a pair of HP DL380s (quad-core Xeon) and > > a single MSA storage array to each of the four VAX locations. Even > > though we've got the source code to go to Alpha or Itanium, we've been > > told that someone made a good business case to save money by using PCs > > with VAX-Charon. The leaked reasons involved the added cost of doing > > the VMS releated software licence upgrades on top of the hardware > > upgrades. > > I'm confused - does using Charon-VAX eliminate the need to > purchase/upgrade a VMS license? You're still running the apps under VMS, > right - just using Charon to emulate the underlying hardware? Even I know that VAX to Alpha or VAX to Itanium would cost more than VAX to VAX, and it you have the same or fewer points from the existing VAX to the emulation VAX, IIRC there would be no charge to move the license. > > Since OS licenses are not transferable it doesn't seem you can > legally move your VMS licenses from the "real" VAXen to the Charon > boxes, can you? Are the HP salesfolks perhaps encouraging you to violate > HP license agreements? > > > p.s. If I knew this was going to happen, then I would have added some > > baffle-gab to the mix by indicating that if an Intel-based system is > > what you wanted, then you should buy Itanium. I wonder if the HP > > salesfolk considered this approach? > > Most likely not - in my experience the PC sales types don't appear to > know that Itanium exists. --=_alternative 005C8D70852574B8_= Content-Type: text/html; charset="US-ASCII"
Malcolm Dunnett <nothome@spammers.are.scum> wrote on 09/02/2008 12:17:04 PM:

> Neil Rieck wrote:
> >
> > So consider events last week:
> > The afore mentioned group of financially educated middle managers has
> > already purchased and shipped a pair of HP DL380s (quad-core Xeon) and
> > a single MSA storage array to each of the four VAX locations. Even
> > though we've got the source code to go to Alpha or Itanium, we've been
> > told that someone made a good business case to save money by using PCs
> > with VAX-Charon. The leaked reasons involved the added cost of doing
> > the VMS releated software licence upgrades on top of the hardware
> > upgrades.
>
>    I'm confused - does using Charon-VAX eliminate the need to
> purchase/upgrade a VMS license? You're still running the apps under VMS,
> right - just using Charon to emulate the underlying hardware?

Even I know that VAX to Alpha or VAX to Itanium would cost more than
VAX to VAX, and it you have the same or fewer points from the existing
VAX to the emulation VAX, IIRC there would be no charge to move the license.

>
>    Since OS licenses are not transferable it doesn't seem you can
> legally move your VMS licenses from the "real" VAXen to the Charon
> boxes, can you? Are the HP salesfolks perhaps encouraging you to violate
> HP license agreements?
>
> > p.s. If I knew this was going to happen, then I would have added some
> > baffle-gab to the mix by indicating that if an Intel-based system is
> > what you wanted, then you should buy Itanium. I wonder if the HP
> > salesfolk considered this approach?
>
>   Most likely not - in my experience the PC sales types don't appear to
> know that Itanium exists.
 --=_alternative 005C8D70852574B8_=-- ------------------------------ Date: Tue, 2 Sep 2008 04:56:13 -0700 (PDT) From: Neil Rieck Subject: DEFCON 16 and Hacking OpenVMS Message-ID: On Aug 31, 3:01=A0pm, JF Mezei wrote: [...snip...] > > Oh come on now. This is like supermarkets. Supermarkets don't carry what > customers say they want. They carry what manufacturers tell them to > carry (and pay them to carry). > > HP doesn't respond to customers, they identify potential additional > profit sources and then make pretty speeches and powerpoints to try to > set new trends that will get the clueless CIOs to say "we need to do > that too". Adding to your point, a new group of financially educated middle managers at my employer's company were/are persuaded to purchase dubious solutions from fast talking salesmen without first talking to resident technical resources. Overview: We've got a large distributed OpenVMS solution running on VAX-8550 clusters in two locations and uVAX-4300 clusters in two other locations. Back in 1999, our skunk-works group moved the source code to an Alpha then modified a small amount of the code (<5%) to get it to work properly on the new platform (this modified code went back into the source code repository). At that time we couldn't convince anyone to pay for new Alphas so built a case to do the project with used Alphas. At least Compaq would get some revenue with the upgraded licenses. Since then, we have never been able to get anyone to pay for anything. So consider events last week: The afore mentioned group of financially educated middle managers has already purchased and shipped a pair of HP DL380s (quad-core Xeon) and a single MSA storage array to each of the four VAX locations. Even though we've got the source code to go to Alpha or Itanium, we've been told that someone made a good business case to save money by using PCs with VAX-Charon. The leaked reasons involved the added cost of doing the VMS releated software licence upgrades on top of the hardware upgrades. But some of us are wondering if HP sales folk will make more money in the future by refereshing the HP hardware every 4-5 years. After all, like many VAXs, these Alpha (and probably Itanium) boxes just last too damn long in the field. p.s. If I knew this was going to happen, then I would have added some baffle-gab to the mix by indicating that if an Intel-based system is what you wanted, then you should buy Itanium. I wonder if the HP salesfolk considered this approach? Neil Rieck Kitchener/Waterloo/Cambridge, Ontario, Canada. http://www3.sympatico.ca/n.rieck/ ------------------------------ Date: 2 Sep 2008 07:29:25 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <48b85f07$0$9629$c3e8da3@news.astraweb.com>, JF Mezei writes: > re: memory protection. > > Can anyone explain to me why I was under the impression that under VMS, > you could not branch to data because data blocks were marked no-execute > (or whatever) ? Yes, data has long been marked no-execute. But that was a linker optimization only on VAX and Alpha. > Was this ever the case ? > > This argument had been brought up, (perhaps in my dreams) to show how > VMS was far mroe immune to buffer overflows than other operating > systems. (with the corrolary that you could not write to execute > sections and overwrite code). The reason VMS itself is more immune stems more from using langauges where creating such a situation is not trivial instead of langauges where it's the default, and overall quality in design and implementation. > Recent discussions seem to have completely shattered these > misconceptions I had, but i am really puzzled as to why I would have had > them to begin with. Because you worked in Macro, or PSECT controls via linker options and saw the NOEXE flag without understanding what that meant. ------------------------------ Date: 2 Sep 2008 07:31:45 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <3cde3b31-285e-4be0-98e1-287219571280@l42g2000hsc.googlegroups.com>, johnwallace4@yahoo.co.uk writes: > > I'd be interested in that too. For now, I'm thinking that I've assumed > that since the capability existed on PDPs (in hardware and in > compilers and in linker and OS), and that the same capability existed > in "bigger, better" VMS (at least in VMS compilers and linker (?)), > there's been an assumption on my part that the hardware and OS did the > sensible thing. As I mentioned earlier in a post which refers to the I > +DS manual, the PTE on VMS does seem to have a "fault on execute" bit, > which also supports my (apparently incorrect) assumption that data > sections are capable of being non-executable. If you used compatability mode on the VAX-11 series, or the emulator built into later versions of the RSX AME, you probably could take advantage of those PDP-11 features. But even on PDP-11 only the systems with mor ethan 64KB RAM installed actually could do anthing for you with those features. ------------------------------ Date: 2 Sep 2008 07:35:51 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article , Johnny Billquist writes: > > That would be equally true if the physical address space was only 16 bits as well. > The point is that your virtual addresses always goes through an address > translation, which both tells where the virtual address maps to in the physical > address space, and can also declare that some addresses aren't even valid. > No. The PDP-11 did not do virtual address translation on a page by page basis. It just took the virtual address and added the base physical address in the corresponding APR. If you had 64K or less RAM all physical addresses were within reach no matter what was in the APR. The mapping for I and D space might be different, but it was a calculable fixed offset for the duration of a task. And if you had less than 64KB RAM, no APR might be used. Lots of PDP-11 didn't even have APR. ------------------------------ Date: 2 Sep 2008 07:39:22 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article , Johnny Billquist writes: > > Well, that is assuming the OS don't allow the program to do that. > Since the page tables lives in I/O space, it requires that the user program have > access to the I/O page in order to manipulate this by itself. > Normal, timesharing OSes don't allow user programs to have access to the I/O > page, so correct, no program have the ability to change it's mapping like that. The memory space protection on the page table may be similar to the memory space protection on I/O space, but it is not necessarily in I/O space. In fact on VMS the page table is in P1 or P2 space and I/O space is in S0, S1, or S2. >> Can I assume things like the VAX and Alpha are strictly flat address space >> with all memory visible? > > Well, not really, no. The use of address tables does not change the fact that the architecture presents a flat address space. ------------------------------ Date: Tue, 02 Sep 2008 12:53:17 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <00A7F061.CE520258@SendSpamHere.ORG> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: {...snip...} > > Because you worked in Macro, or PSECT controls via linker options and > saw the NOEXE flag without understanding what that meant. ;) -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Tue, 02 Sep 2008 15:56:27 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: >> Well, that is assuming the OS don't allow the program to do that. >> Since the page tables lives in I/O space, it requires that the user program have >> access to the I/O page in order to manipulate this by itself. >> Normal, timesharing OSes don't allow user programs to have access to the I/O >> page, so correct, no program have the ability to change it's mapping like that. > > The memory space protection on the page table may be similar to the > memory space protection on I/O space, but it is not necessarily in I/O > space. In fact on VMS the page table is in P1 or P2 space and I/O > space is in S0, S1, or S2. Now, I'm definitely not entirely up to speed on the Alpha, but for the VAX, it's P0 and P1 space, and S0 space, while S1 was reserved. I don't even think there is a way to setup any map for S1 space. S2 must definitely be some Alpha extension, right? However, the VAX also is very different from the PDP-11 in this aspect. In the PDP-11, the page table is at a fixed address in I/O space, while on the VAX, the page tables are pointed at by some special registers in the CPU. So, on the VAX, you need to be able to write to those registers, or else have the (normal) memory where the page table is located accessible, in order to modify the page table. On the PDP-11, all you need is access to the I/O page. The page table on the PDP-11 isn't in normal memory, but it's actually an area of RAM inside the MMU, which is mapped into I/O space. If the MMU isn't enabled, you can even use the page table as a small scratch area of really fast memory, or even write small diagnostic programs that execute from there, without you needing to even have any working normal memory on a PDP-11 (sometimes *very* useful when you try to diagnose a sick machine). >>> Can I assume things like the VAX and Alpha are strictly flat address space >>> with all memory visible? >> Well, not really, no. > > The use of address tables does not change the fact that the > architecture presents a flat address space. At a hardware level? Sure. The same does a PDP-11. The fact that you can't from a normal program get access to the full 4 megs of memory don't change that. :-) The CPU and MMU forms a 22-bit address for every memory access on a (large) PDP-11. And from the front panel all of that memory is acessible, using 22-bit addresses, the whole time. But as for virtual addresses, no, all memory is not always visible, nor is it addressed in a linear fashion, when looking at what each virtual address boils down to. But the same is true for the PDP-11. There isn't really that much difference between a PDP-11 and VAX. The fact that the physical address space is larger than the virtual on a PDP-11 doens't really change anything. Anyone who thinks it does needs to go back and study things a little more. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Tue, 02 Sep 2008 16:04:05 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: >> That would be equally true if the physical address space was only 16 bits as well. >> The point is that your virtual addresses always goes through an address >> translation, which both tells where the virtual address maps to in the physical >> address space, and can also declare that some addresses aren't even valid. >> > > No. The PDP-11 did not do virtual address translation on a page by > page basis. Yes it did. You are totally confusing the PDP-11 with some Intel designs. > It just took the virtual address and added the base > physical address in the corresponding APR. If you had 64K or less > RAM all physical addresses were within reach no matter what was in > the APR. The mapping for I and D space might be different, but it > was a calculable fixed offset for the duration of a task. Sorry, but no. You are totally wrong. Now, if you insist, I'll be happy to teach you how the PDP-11 works in all the gory details, down to individual signals, if you want to. But maybe this would be regarded as slightly off-topc for comp.os.vms, so we should perhaps take in in another forum, such as alt.sys.pdp11, or vmsnet.pdp-11, or mail or something? Your idea, however, on how a PDP-11 works would make a lot of things an OS like RSX do impossible. You couldn't even have shared libraries if your view were correct, since that is pieces of memory that several processes have mapped into their address space, even at different virtual addresses (if it's position independent), and the rest of the address space is still their own, or used for even more shared libraries. > And if you had less than 64KB RAM, no APR might be used. Lots of > PDP-11 didn't even have APR. Yes, there were PDP-11s that didn't have an MMU. The same is true of any PDP-11 that have an MMU, when the MMU isn't enabled. And that's the way things are at boot time for all of them. But once you enable the MMU, you play around with the address translations, and you'll have 8 pages, even if your machine only have 8K of physical memory. And all of those pages can be fooled around with, making it look like you have lots more of memory than you actually have. Virtual memory, it's called. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Tue, 02 Sep 2008 16:12:24 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article <3cde3b31-285e-4be0-98e1-287219571280@l42g2000hsc.googlegroups.com>, johnwallace4@yahoo.co.uk writes: >> I'd be interested in that too. For now, I'm thinking that I've assumed >> that since the capability existed on PDPs (in hardware and in >> compilers and in linker and OS), and that the same capability existed >> in "bigger, better" VMS (at least in VMS compilers and linker (?)), >> there's been an assumption on my part that the hardware and OS did the >> sensible thing. As I mentioned earlier in a post which refers to the I >> +DS manual, the PTE on VMS does seem to have a "fault on execute" bit, >> which also supports my (apparently incorrect) assumption that data >> sections are capable of being non-executable. > > If you used compatability mode on the VAX-11 series, or the emulator > built into later versions of the RSX AME, you probably could take > advantage of those PDP-11 features. But even on PDP-11 only the > systems with mor ethan 64KB RAM installed actually could do anthing > for you with those features. No, you make assumptions that just aren't correct. First of all, the VAX-11 PDP-11 emulation only extended to user mode, so the MMU stuff of a PDP-11 was never emulated by a VAX. So nothing of this can be adopted from knowing how the VAX-11 worked. Second, you are still confusing the existance, and capabilities of an MMU, with physical memory. The MMU is used to play with virtual memory, more or less making physical memory an irrelevant parameter. All more memory will do is make it possible to get things done faster. Admittedly there are limits on how little memory you can have and still make something meaningful possible. For the PDP-11, I'd say the low limit of physical memory is probably four pages. You need atleast one page for the minimal kernel to exist and do something. And then one instruction can mean references to three pages, and since instructions can't be trapped without needing to restart, all three memory references must be able to complete without a fault for the instruction to be executed. (The three memory references are the instruction fetch itself, the source argument and the destination argument.) As long as you have that much, you can fool the user program that it actually have 64K of D-space and 64K of I-space. That's what virtual memory is all about. If the code reference a memory location that isn't currently valid, your "OS" will trap, where it can check the reason, the memory referenced, page it in, update the page table, and restart the instruction. Yes, all that is perfectly doable on a PDP-11. Just because no OS (that I know of) implemented demand paging don't mean the hardware can't do it. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Tue, 02 Sep 2008 16:49:41 GMT From: Roger Ivie Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: On 2008-09-02, Johnny Billquist wrote: > Bob Koehler skrev: >> The memory space protection on the page table may be similar to the >> memory space protection on I/O space, but it is not necessarily in I/O >> space. In fact on VMS the page table is in P1 or P2 space and I/O >> space is in S0, S1, or S2. I/O can be placed in P0 or P1 space by $CRMPSC. I/O is just memory, as long as you're careful about what addressing modes you use (I once used an interruptible instruction to access a non-existent UNIBUS location on a VAX-11/780. Bad idea; the adapter reports NXM via an interrupt, which restarts the instruction). > Now, I'm definitely not entirely up to speed on the Alpha, but for the VAX, > it's P0 and P1 space, and S0 space, while S1 was reserved. I don't even > think there is a way to setup any map for S1 space. S2 must definitely be > some Alpha extension, right? S2 is one of the new 64-bit spaces. In that case, $CRMPSC_PFN_64 is your friend. Come to think of it, I haven't tried putting I/O in P2 space; can't imagine why it wouldn't work... -- roger ivie rivie@ridgenet.net ------------------------------ Date: Tue, 02 Sep 2008 06:01:39 GMT From: John Santos Subject: Re: Loose Cannon-dian Message-ID: <7F4vk.215$Af3.5@trnddc06> Hein RMS van den Heuvel wrote: > On Sep 1, 9:50 pm, B...@rabbit.turquoisewitch.com (Brad Hamilton) > wrote: > >>In article <98806cee-a3cd-4fd4-8a3c-74e312e3d...@z72g2000hsb.googlegroups.com>, b...@signedness.org wrote: > > : > >>>stumbled upon what I think are two new security bugs in VMS ( It is > > : > >>>I was hoping someone could tell us if there is a better place to >>>report them at HP than the security-alert email address since they > > >>Although I'm not privy to your interactions with HP, I still think that it was >>the interaction here that quickly got HP's (VMS Engineering) attention last time. > > > Right. Please at least give them the benefit of the doubt. > From my modest interactions with them, I got the distinct impression > that a patch was triggered thanks to your report. and a basic patch > kit was available well before the C.O.V. reporting. If you were not > properly thanked for that, then I am a little dissapointed, but do not > knwo the full context. > > >>If I were you, I would still report through "normal" channels, and then return >>"here" to find a way to communicate "off-line" with folks here who may have >>the ability to raise the visibility of your findings with the "proper" VMS >>Engineering folks. > > > Right. For example, send me (I'm not HP) or Kerry Main or John Reagan > an Email and one of us can poke folks, > or try to connect you more directly if deemed appropriate/useful. No > need to send details, unless you want a quick sanity check. Other > readers/replies know names to contact as well. > > fwiw, > Hein. > > >>All that being said, please realize that a resolution may not happen quickly - >>I believe that regression testing and other vetting must take place before an >>ECO or MUP is released to customers. > > > Right. Allthough not much of an excuse, this SMG report happened just > while office and systems where being move. That did not help. > > Cheers, > Hein. There's a family story/legend, probably garbled that one of my aunts was vacationing or visiting somewhere on the coast of Maine during World War II, and spotted what she thought was a submarine. She reported it and later there was some kind of activity (Navy or Coast Guard ships sailing around where she saw it), but nothing was reported in the newspapers, and she heard nothing more about it until about 6 months later she got a cryptic letter from the Coast Guard thanking her for her diligence. Whether there really was a submarine out there, no one knows... (It wasn't an unlikely place to see one; she may have been visiting my Dad who worked one or two summers during high school at the Bath Iron Works, which was a major naval shipyard at the time. It's also fairly close to Portsmouth NH which was an American sub base.) So HP may have appreciated and may have acted on your information without acknowledging it, though some kind of "thank you" would certainly encourge others to come forward. I've seen somewhere that anyone can file a bug report (security-related or not) and they'll take it seriously, but they won't necessarily respond unless they need more information or if you have a support contract. It looks just like a black hole even if it isn't. -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 ------------------------------ Date: Tue, 2 Sep 2008 11:03:07 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: Loose Cannon-dian Message-ID: In article <7F4vk.215$Af3.5@trnddc06>, John Santos writes: >Hein RMS van den Heuvel wrote: >> On Sep 1, 9:50 pm, B...@rabbit.turquoisewitch.com (Brad Hamilton) >> wrote: >> >>>In article <98806cee-a3cd-4fd4-8a3c-74e312e3d...@z72g2000hsb.googlegroups.com>, b...@signedness.org wrote: >> >> : >> >So HP may have appreciated and may have acted on your information without >acknowledging it, though some kind of "thank you" would certainly encourge >others to come forward. > >I've seen somewhere that anyone can file a bug report (security-related or >not) and they'll take it seriously, but they won't necessarily respond unless >they need more information or if you have a support contract. It looks >just like a black hole even if it isn't. > Feedback to those who report bugs is only polite. However with security bugs it is an essential part of the process since there is a long history of those discovering such bugs and not being kept informed by the vendor resorting to publication of the details or even demo exploits in order to pressure the vendor into providing a fix. David Webb Security team leader CCSS Middlesex University >-- >John Santos >Evans Griffiths & Hart, Inc. >781-861-0670 ext 539 ------------------------------ Date: Tue, 02 Sep 2008 11:31:04 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <00A7F056.52545B80@SendSpamHere.ORG> In article <98806cee-a3cd-4fd4-8a3c-74e312e3ddda@z72g2000hsb.googlegroups.com>, bugs@signedness.org writes: >{...snip..} > >I'm sorry to break up this discussion (however I fail to see how it is >related to anything in the original thread)... Anyway I was preparing >updated slides for a presentation we are doing in Stockholm, when I >stumbled upon what I think are two new security bugs in VMS ( It is >hard to tell because as someone pointed out earlier ""bugs" wouldn't >recognize a VMS security flaw if it danced naked on his head and sang >=93Happy Days Are Here Again" ).... FTR, 'twasn't me. >I was hoping someone could tell us if there is a better place to >report them at HP than the security-alert email address since they >just stopped replying and ended all communications with us last time >we reported something there.. I'd be more than happy to look into whatever you have found. Once those of us here worked past the language barrier, we were able to quickly un- derstand the vulnerabilities you presented. I worked up a very nice and tight bit of code to demo/proof-of-concept the exploit. BTW, does this latest affect VAX? Alpha? Or both? -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Tue, 02 Sep 2008 11:35:07 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: > bugs@signedness.org writes: >> >> ... Anyway I was preparing >> updated slides for a presentation we are doing in Stockholm, When and where ? On the "VMS Techical Update" Jan-Erik. ------------------------------ Date: 2 Sep 2008 11:46:27 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <6i4ncjFoggeiU1@mid.individual.net> In article , BRAD@rabbit.turquoisewitch.com (Brad Hamilton) writes: > In article <98806cee-a3cd-4fd4-8a3c-74e312e3ddda@z72g2000hsb.googlegroups.com>, > bugs@signedness.org wrote: > [...] >>I'm sorry to break up this discussion (however I fail to see how it is >>related to anything in the original thread)... Anyway I was preparing >>updated slides for a presentation we are doing in Stockholm, when I >>stumbled upon what I think are two new security bugs in VMS ( It is >>hard to tell because as someone pointed out earlier ""bugs" wouldn't >>recognize a VMS security flaw if it danced naked on his head and sang >>=93Happy Days Are Here Again" ).... >> >>I was hoping someone could tell us if there is a better place to >>report them at HP than the security-alert email address since they >>just stopped replying and ended all communications with us last time >>we reported something there.. > > Although I'm not privy to your interactions with HP, I still think that it was > the interaction here that quickly got HP's (VMS Engineering) attention last > time. > > If I were you, I would still report through "normal" channels, and then return > "here" to find a way to communicate "off-line" with folks here who may have > the ability to raise the visibility of your findings with the "proper" VMS > Engineering folks. > > All that being said, please realize that a resolution may not happen quickly - > I believe that regression testing and other vetting must take place before an > ECO or MUP is released to customers. How about reporting all of these discoveries to CERT? I'll bet there are a lot more of the remaining VMS shops watching there than here!! bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 2 Sep 2008 07:11:49 -0700 (PDT) From: bugs@signedness.org Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <64f54c97-3f32-44f9-89ac-35d326e4734b@y38g2000hsy.googlegroups.com> I still haven't figured out how to quote multiple posts in this google user interface but I'll try to answer several people here. Why not CERT? It seems they changed their disclosure policy to a more open one, but I think they pretty much played out their role and I think the policy change shows that. The 45 day before "going full disclosure" is something we can enfore ourselves without a middle-man and let HP get the vuln info straight from the horse's mouth :) It seems my sarcastic use of the "not being able to find bugs" quote caused some confusion. Sorry about that, the bugs are real. One of the bugs I have confirmed on both Alpha and VAX, the other one I have only confirmed on VAX (but I'm resonably certain it exists on other platforms too) Brad, I think it is safe to say that the patch has nothing to do with comp.os.vms. I believe some people noted that the patches were created a month before we did the talk. Maybe the defcon talk and the discussion here lead to HP releasing the fixes but it didn't prompt HP to create the patches (Yes I really am cynical enough to believe that it is not impossible that a company will sit silently on security patches as long as the vulnerability isn't "public"). Hein, I'm willing to give them the benefit of doubt. Maybe they will act different this time and reply to emails. Jan-Erik, Not "VMS technical update". We are not VMS people, and I don't think HP invites people to talk about vulnerabilities in their products. That being said if they want us to have a serious go at VMS and keep looking at security stuff, then of course we would be interested in talking to them. The conference we are attending/ speaking at is www.sec-t.se 11-12th sept. Two of us are based in London so we could possibly be talked into doing an updated talk at a local defcon meeting (www.dc4420.org) if anyone in the London area is interested. On Sep 2, 12:46=A0pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: > In article , > =A0 =A0 =A0 =A0 B...@rabbit.turquoisewitch.com (Brad Hamilton) writes: > > > > > > > In article <98806cee-a3cd-4fd4-8a3c-74e312e3d...@z72g2000hsb.googlegrou= ps.com>, > > =A0b...@signedness.org wrote: > > [...] > >>I'm sorry to break up this discussion (however I fail to see how it is > >>related to anything in the original thread)... Anyway I was preparing > >>updated slides for a presentation we are doing in Stockholm, when I > >>stumbled upon what I think are two new security bugs in VMS ( It is > >>hard to tell because as someone pointed out earlier ""bugs" wouldn't > >>recognize a VMS security flaw if it danced naked on his head and sang > >>=3D93Happy Days Are Here Again" ).... > > >>I was hoping someone could tell us if there is a better place to > >>report them at HP than the security-alert email address since they > >>just stopped replying and ended all communications with us last time > >>we reported something there.. > > > Although I'm not privy to your interactions with HP, I still think that= it was > > the interaction here that quickly got HP's (VMS Engineering) attention = last > > time. > > > If I were you, I would still report through "normal" channels, and then= return > > "here" to find a way to communicate "off-line" with folks here who may = have > > the ability to raise the visibility of your findings with the "proper" = VMS > > Engineering folks. > > > All that being said, please realize that a resolution may not happen qu= ickly - > > I believe that regression testing and other vetting must take place bef= ore an > > ECO or MUP is released to customers. > > How about reporting all of these discoveries to CERT? =A0I'll bet there a= re > a lot more of the remaining VMS shops watching there than here!! > > bill > > -- > Bill Gunshannon =A0 =A0 =A0 =A0 =A0| =A0de-moc-ra-cy (di mok' ra see) n. = =A0Three wolves > billg...@cs.scranton.edu | =A0and a sheep voting on what's for dinner. > University of Scranton =A0 | > Scranton, Pennsylvania =A0 | =A0 =A0 =A0 =A0 #include = =A0- Hide quoted text - > > - Show quoted text - ------------------------------ Date: Tue, 02 Sep 2008 14:39:15 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <00A7F070.9BBFB4FD@SendSpamHere.ORG> In article <64f54c97-3f32-44f9-89ac-35d326e4734b@y38g2000hsy.googlegroups.com>, bugs@signedness.org writes: >I still haven't figured out how to quote multiple posts in this google >user interface but I'll try to answer several people here. Bugs, Google groups suck. Get a real newsreader and a news feed. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Tue, 02 Sep 2008 07:43:58 -0700 From: "Tom Linden" Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: On Tue, 02 Sep 2008 07:39:15 -0700, VAXman- <@SendSpamHere.ORG> wrote: > In article > <64f54c97-3f32-44f9-89ac-35d326e4734b@y38g2000hsy.googlegroups.com>, > bugs@signedness.org writes: >> I still haven't figured out how to quote multiple posts in this google >> user interface but I'll try to answer several people here. > > Bugs, Google groups suck. Get a real newsreader and a news feed. > Opera is pretty good as a newsreader. -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: 2 Sep 2008 15:10:29 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <6i53b5Fp0kq6U1@mid.individual.net> In article <64f54c97-3f32-44f9-89ac-35d326e4734b@y38g2000hsy.googlegroups.com>, bugs@signedness.org writes: > I still haven't figured out how to quote multiple posts in this google > user interface but I'll try to answer several people here. > Why not CERT? It seems they changed their disclosure policy to a more > open one, but I think they pretty much played out their role and I > think the policy change shows that. The 45 day before "going full > disclosure" is something we can enfore ourselves without a middle-man > and let HP get the vuln info straight from the horse's mouth :) And there you have it. People seem to have this aversion to reporting VMS bugs to CERT while the VMS faithful continue to point to the lack of VMS Vulnerabilities listed on CERT as proof of it's strength. And still, they will wonder why those claims are taken less and less seriously. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Tue, 2 Sep 2008 10:15:13 -0400 From: "David" Subject: Note to Island Computers customers Message-ID: <8Qbvk.18822$bx1.17025@bignews1.bellsouth.net> We may not be available for ANY contact during the end of this week due to Hurricane Hanna We do host our own mail and webservers on site and ATT in this area is notorious for failing when we have even an Thunderstorm, so a Hurricane may be beyond help. Hopefully the Savannah bite will be in our favour. (Savannah bite is the coastal indentation - kinda like the middle of a huge bay between NC and FL) I may try to set up a webcam from our office windows to monitor what is going on. Could be better than weather.com ! I'll post the IP address once it is set up Regards to all. -- David B Turner ============================================= Island Computers US Corp PO Box 86 Tybee GA 31328 Toll Free: 1-877 636 4332 x201, Mobile x251 Email: dturner@islandco.com International & Local: (001)- 404-806-7749 Fax: 912 786 8505 Web: www.islandco.com ============================================= ------------------------------ Date: Tue, 2 Sep 2008 08:41:30 -0700 (PDT) From: bob.birch@gmail.com Subject: Re: Note to Island Computers customers Message-ID: <70ee370b-c3a0-44f0-b74a-66f4bc372f60@2g2000hsn.googlegroups.com> On Sep 2, 10:15 am, "David" wrote: > We may not be available for ANY contact during the end of this week due to > Hurricane Hanna > We do host our own mail and webservers on site and ATT in this area is > notorious for failing when we have even an Thunderstorm, so a Hurricane may > be beyond help. > > Hopefully the Savannah bite will be in our favour. > (Savannah bite is the coastal indentation - kinda like the middle of a huge > bay between NC and FL) Bight per Dictionary of Nautical Terms: A recess in a coastline or river. Thought you'll use Byte ;-) My guess a cat 1 or 2 you'll be ok, Cat 3 iffy, Cat 4 or 5 your toast. Been thru 12 of em' > > I may try to set up a webcam from our office windows to monitor what is > going on. > Could be better than weather.com ! > I'll post the IP address once it is set up > > Regards to all. > > -- > David B Turner > > ============================================= > > Island Computers US Corp > PO Box 86 > Tybee GA 31328 > > Toll Free: 1-877 636 4332 x201, Mobile x251 > Email: dtur...@islandco.com > International & Local: (001)- 404-806-7749 > Fax: 912 786 8505 > Web:www.islandco.com > > ============================================= ------------------------------ Date: Tue, 2 Sep 2008 09:11:35 -0700 (PDT) From: DaveG Subject: Re: Note to Island Computers customers Message-ID: On Sep 2, 9:15=A0am, "David" wrote: > We may not be available for ANY contact during the end of this week due t= o > Hurricane Hanna > We do host our own mail and webservers on site and ATT in this area is > notorious for failing when we have even an Thunderstorm, so a Hurricane m= ay > be beyond help. > > Hopefully the Savannah bite will be in our favour. > (Savannah bite is the coastal indentation - kinda like the middle of =A0a= huge > bay between NC and FL) > > I may try to set up a webcam from our office windows to monitor what is > going on. > Could be better than weather.com ! > I'll post the IP address once it is set up > > Regards to all. > > -- > David B Turner > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > Island Computers US Corp > PO Box 86 > Tybee GA 31328 > > Toll Free: 1-877 636 4332 x201, Mobile x251 > Email: dtur...@islandco.com > International & Local: (001)- 404-806-7749 > Fax: 912 786 8505 > Web:www.islandco.com > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Fare thee well the storm. ------------------------------ Date: Tue, 2 Sep 2008 13:11:27 -0400 From: "David" Subject: Re: Note to Island Computers customers Message-ID: THANKS FOR THE CORRECTION I had to look that up afterwards -- David B Turner ============================================= Island Computers US Corp PO Box 86 Tybee GA 31328 Toll Free: 1-877 636 4332 x201, Mobile x251 Email: dturner@islandco.com International & Local: (001)- 404-806-7749 Fax: 912 786 8505 Web: www.islandco.com ============================================= "David" wrote in message news:8Qbvk.18822$bx1.17025@bignews1.bellsouth.net... > We may not be available for ANY contact during the end of this week due to > Hurricane Hanna > We do host our own mail and webservers on site and ATT in this area is > notorious for failing when we have even an Thunderstorm, so a Hurricane > may be beyond help. > > Hopefully the Savannah bite will be in our favour. > (Savannah bite is the coastal indentation - kinda like the middle of a > huge bay between NC and FL) > > I may try to set up a webcam from our office windows to monitor what is > going on. > Could be better than weather.com ! > I'll post the IP address once it is set up > > Regards to all. > > > > -- > David B Turner > > ============================================= > > Island Computers US Corp > PO Box 86 > Tybee GA 31328 > > Toll Free: 1-877 636 4332 x201, Mobile x251 > Email: dturner@islandco.com > International & Local: (001)- 404-806-7749 > Fax: 912 786 8505 > Web: www.islandco.com > > ============================================= > ------------------------------ Date: Tue, 02 Sep 2008 09:04:04 -0400 From: sol gongola Subject: Re: OT: SYSMAN Equiv. on AIX? Message-ID: <48bd39f2$0$29525$607ed4bc@cv.net> David J Dachtera wrote: > "Steven M. Schweda" wrote: >> From: David J Dachtera >> >>> Is anyone aware of a SYSMAN-like utility for AIX? I need to be able to >>> execute the same command on multiple LPARs, HACMP not withstanding. >> Don't know aboit the multiple hosts part, but SMIT was the handy tool >> for system management when I was young. (Sure miss the SMIT dude >> falling on his face when a command failed.) > > Well, SMIT(TY) is whole different critter from SYSMAN. SMIT(TY) is a > screen-oriented interface to various system management task, but AFAIK > does not provide for operations within a group of nodes or a cluster. > SMITTY is the character-cell version. SMIT is the X version, but > defaults to SMITTY if X is not setup in the process environment or > otherwise not available. AIX has a slew of commands to performs the system functions that are performed by sysman. If you know the commands man files are there for you but difficult for the uninitiated. SMIT makes it easier. AIX System Management Interface Tool (SMIT) lets you build an activity through its menu interface. Before issuing the execute you can use F6 to view the command to be executed, save it and use it elsewhere. You can also look in the /smit.script file for a list of previously executed commands to copy and use elsewhere. ------------------------------ Date: Tue, 02 Sep 2008 10:26:32 -0700 From: Malcolm Dunnett Subject: problems with WBEM and ACU-XE Message-ID: <48bd774a$1@flight> I have an rx2600 running VMS 8.3. It has a SmartArray 5300 controller in it. I have installed WEBES V5.0 and ACUXE V6.40-11P09. Right after the initial install everything was working as expected, I got an Icon on the device home page of WEBES that linked me to the ACU-XE page and I could view/manage the SmartArray Controller. Now I am no longer seeing the icon for ACU-XE (I still get a box in the icon position with the text "Array Configuration Utility XE" and the little red X (missing image) symbol. If the ACU-XE agent is running and I click on this box I get "Internet Explorer cannot display the webpage" (the url is https://myhost.my.domain:2381/ACU-XE/ACU-XE.htm). If the agent is not running I get a proper webpage telling me the agent is not currently enabled. It would seem some ACUXE files have gone missing, or I'm missing a logical pointing to where they should be. Anyone else seen this, any ideas where I should look would be appreciated. Thanks in advance. ------------------------------ Date: 2 Sep 2008 15:37:45 +0200 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: Re: [VMS V7/8] How to avoid filling sec audit with entries of BACKUP user? Message-ID: <48bd5dc9@news.langstoeger.at> In article <48BB56F4.881E4A23@spam.comcast.net>, David J Dachtera writes: >Peter 'EPLAN' LANGSTOeGER wrote: >> >> In article <48B7617D.CFDC1D33@spam.comcast.net>, David J Dachtera writes: >> >Also, have you tried filtering ANAL/AUDIT using /IGNORE=USERNAME=BACKUP? >> >> Out of scope as well (as written) > >Can you explain? Not really. These are not my rules. It has to do with 'unmanipulated' security audit files and disk space usage and probably with some more which I don't know... >So, I'm stymied at this point. It almost sounds like you're looking for >a re-write of the AUDIT facility to allow users to side-step security >selectively (*BIG* security hole!), beyond BYPASS privilege. Huh? With BYPASS you side-step security? You remember this FILE access: Failure: read,write,execute,delete,control SYSPRV: read,write,execute,delete,control BYPASS: read,write,execute,delete,control <==== READALL: read,write,execute,delete,control And, yes, a SYSUAF flag DontAudit or so would have been nice ;-) But I didn't explicitely request this! I only asked for what I overlooked... In my old company this all was solved by not using BYPASS or READALL (only access was via the SYSTEM protection field) for BACKUP account - which was also there for the recommended/optimized PQL values - and the users had been informed that only files open for SYSTEM Read are backuped (BACKUP UIC was below MAXSYSGROUP and so no SYSPRV access was there). And the casual disk movements had been done with a fully privileged BACKUP tool (usually by the SYSTEM or my own account) and the security alarms didn't matter at this times. But here, we seem to need some other ideas... Nevertheless, thanks for responding -- Peter "EPLAN" LANGSTÖGER Network and OpenVMS system specialist E-mail Peter@LANGSTOeGER.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ End of INFO-VAX 2008.481 ************************