INFO-VAX Fri, 05 Sep 2008 Volume 2008 : Issue 486 Contents: Re: Archive strategy Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: Current status? Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: HP TestDrive systems to be shutdown Re: HP TestDrive systems to be shutdown Re: Loose Cannon-dian Re: Loose Cannon-dian Re: Loose Cannon-dian Re: Loose Cannon-dian Re: Note to Island Computers customers Re: OpenVMS upgrade checklists Re: OpenVMS upgrade checklists Re: OT: Carly speeks at convetion Re: OT: Carly speeks at convetion Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) f Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) f Phase 2 and delayed ampersand substitution with the ON command Re: [RBL] Current status? ---------------------------------------------------------------------- Date: Thu, 04 Sep 2008 18:11:16 -0500 From: BRAD@rabbit.turquoisewitch.com (Brad Hamilton) Subject: Re: Archive strategy Message-ID: In article <729c5ebc-a6ae-4de6-9aae-a4bd707763e5@p10g2000prf.googlegroups.com>, tadamsmar wrote: [...] >Well, I proposed to my management that we simply institute a periodic >(monthly) tape backup of the archive. Turns out the archive was >always on hard disk as well as on the defunct optical media. > >They accepted that idea. No need for a DVD or removable disk. > >The assumption is that the act of backing up the disk confirms that >the disk is good. > >Any comments to improve this plan? An obvious improvement (but one that may be hard to implement) is a regular *restore* of the information from tape; the idea is to "prove" that you could successfully recover the data "at a moment's notice". Of course, you would need to have a "spare" system to demonstrate the effectiveness of the "recovery". I used to work at a company where we had replicated systems (not "active/active") where we would periodically "swing" the user base after a restore. The users didn't know (and could have cared less) which site they were using. Management, internal, and external auditors were satisfied with this system. >We only have a dozen gigs or so to worry about. Should be a piece of cake. :-) ------------------------------ Date: Thu, 4 Sep 2008 11:28:04 -0700 (PDT) From: johnwallace4@yahoo.co.uk Subject: Re: Current status? Message-ID: <8c328cb8-33b0-42e2-b590-5aab5a7b2670@w1g2000prk.googlegroups.com> On Sep 4, 6:37 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: > In article , > koeh...@eisner.nospam.encompasserve.org (Bob Koehler) writes: > > > In article , "John E. Malmberg" writes: > > >> If it is not supposed to send e-mail, and it attempts to, don't you > >> think someone should find out why? > > > We've had a lot of problems deploying COTS products that send > > out notifications via email, from systems that the security folks > > think shouldn't be "mail servers". > > > So "supposed to" is in the eye of the beholder. > > Not really. Those particular devices should be sending their email to > the real mailserver which should be the only one communicating with mail > servers in the the outside world. If network/system managers, in particular > ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order. > > bill > > -- > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves > billg...@cs.scranton.edu | and a sheep voting on what's for dinner. > University of Scranton | > Scranton, Pennsylvania | #include Enforcing "email from recognised SMTP servers only" would indeed get rid of much spam instantly, and is a tactic already used by some folks to reject *incoming* mail, but it would also break hundreds of little convenience Windows apps that have their own mailsenders built in, and inconvenience millions of their users. Log watchers, webcam watchers, etc, anything which sends notification by email when something "interesting" happens, using its own built-in mail server; they would all need their user/installer to actually know their ISP's SMTP server address so they could do the setup properly. How many PC users actually know or care much about that kind of thing? ------------------------------ Date: 4 Sep 2008 19:01:27 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Current status? Message-ID: <6iapk6Fphr6oU3@mid.individual.net> In article <8c328cb8-33b0-42e2-b590-5aab5a7b2670@w1g2000prk.googlegroups.com>, johnwallace4@yahoo.co.uk writes: > On Sep 4, 6:37 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: >> In article , >> koeh...@eisner.nospam.encompasserve.org (Bob Koehler) writes: >> >> > In article , "John E. Malmberg" writes: >> >> >> If it is not supposed to send e-mail, and it attempts to, don't you >> >> think someone should find out why? >> >> > We've had a lot of problems deploying COTS products that send >> > out notifications via email, from systems that the security folks >> > think shouldn't be "mail servers". >> >> > So "supposed to" is in the eye of the beholder. >> >> Not really. Those particular devices should be sending their email to >> the real mailserver which should be the only one communicating with mail >> servers in the the outside world. If network/system managers, in particular >> ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order. >> > > Enforcing "email from recognised SMTP servers only" would indeed get > rid of much spam instantly, and is a tactic already used by some folks > to reject *incoming* mail, but it would also break hundreds of little > convenience Windows apps that have their own mailsenders built in, and > inconvenience millions of their users. So, because windows did something wrong we shold allow Email to further degenerate? I think not. :-) > Log watchers, webcam watchers, > etc, anything which sends notification by email when something > "interesting" happens, using its own built-in mail server; ...... should be sending their emails to a legitimate email server which could then deliver it to the recipient. As it's supposed to be!!! > they would > all need their user/installer to actually know their ISP's SMTP server > address so they could do the setup properly. How many PC users > actually know or care much about that kind of thing? Who cares. It's not the users setting things up wrong that is causing the problem, it is the ISP's and even some corporate systems managers who don't know what they are doing. If the ISP sets their firewall up to block non-MTA machines from connecting to port 25, the problem goes away. If the user really wants to use advanced features of these toys, they need to learn how to do it right. Period, end of story. We have rules for just about evrything we do in life today, from driving to keeping a pet and everything in between. A lot of these rules are very inconvenient (like picking up after your dog or driving the right way on a one way street). But you still have to do them. Networking shouldn't be any different. And it doesn't even take new laws to make it happen. It just takes competence. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 04 Sep 2008 19:50:49 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: Current status? Message-ID: >> Log watchers, webcam watchers, >> etc, anything which sends notification by email when something >> "interesting" happens, using its own built-in mail server; *Server* ?? I set up my cheap Zyxel DSL modem/router to send notifications to me, but it not a *server*. It uses whatever mail server it get's after doing a DSN-MX lookup on the receiver address, and that should be the official SMTP server of my ISP, as far as I understand. Why whould anything just needing to *send* a mail have a smtp *server* implementation ? Jan-Erik. ------------------------------ Date: Thu, 4 Sep 2008 21:46:59 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Current status? Message-ID: In article <8c328cb8-33b0-42e2-b590-5aab5a7b2670@w1g2000prk.googlegroups.com>, johnwallace4@yahoo.co.uk writes: > Enforcing "email from recognised SMTP servers only" would indeed get > rid of much spam instantly, and is a tactic already used by some folks > to reject *incoming* mail, but it would also break hundreds of little > convenience Windows apps that have their own mailsenders built in, and > inconvenience millions of their users. Log watchers, webcam watchers, > etc, anything which sends notification by email when something > "interesting" happens, using its own built-in mail server; they would > all need their user/installer to actually know their ISP's SMTP server > address so they could do the setup properly. How many PC users > actually know or care much about that kind of thing? Perhaps true. On the other hand, such machines are the source of most SPAM today, taken over by viruses etc sending spam without the owner knowing, and without sending too many from one machine within a given time (a characteristic some folks used to use to identify possible sources of spam). I think it would be a good idea that if such little convenience apps were to be used, the user would have to enter the name of a mailserver. ------------------------------ Date: Thu, 4 Sep 2008 21:48:16 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Current status? Message-ID: In article <6iapk6Fphr6oU3@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > > Enforcing "email from recognised SMTP servers only" would indeed get > > rid of much spam instantly, and is a tactic already used by some folks > > to reject *incoming* mail, but it would also break hundreds of little > > convenience Windows apps that have their own mailsenders built in, and > > inconvenience millions of their users. > > So, because windows did something wrong we shold allow Email to further > degenerate? I think not. :-) > > > Log watchers, webcam watchers, > > etc, anything which sends notification by email when something > > "interesting" happens, using its own built-in mail server; > > ....... should be sending their emails to a legitimate email server which > could then deliver it to the recipient. As it's supposed to be!!! > > > they would > > all need their user/installer to actually know their ISP's SMTP server > > address so they could do the setup properly. How many PC users > > actually know or care much about that kind of thing? > > Who cares. It's not the users setting things up wrong that is causing > the problem, it is the ISP's and even some corporate systems managers > who don't know what they are doing. If the ISP sets their firewall up > to block non-MTA machines from connecting to port 25, the problem goes > away. If the user really wants to use advanced features of these toys, > they need to learn how to do it right. Period, end of story. We have > rules for just about evrything we do in life today, from driving to > keeping a pet and everything in between. A lot of these rules are > very inconvenient (like picking up after your dog or driving the right > way on a one way street). But you still have to do them. Networking > shouldn't be any different. And it doesn't even take new laws to make > it happen. It just takes competence. Amen, brother! ------------------------------ Date: Thu, 4 Sep 2008 21:50:58 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Current status? Message-ID: In article , =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= writes: > >> Log watchers, webcam watchers, > >> etc, anything which sends notification by email when something > >> "interesting" happens, using its own built-in mail server; > > *Server* ?? I set up my cheap Zyxel DSL modem/router to send > notifications to me, but it not a *server*. It uses whatever mail > server it get's after doing a DSN-MX lookup on the receiver > address, and that should be the official SMTP server of my > ISP, as far as I understand. > > Why whould anything just needing to *send* a mail have a > smtp *server* implementation ? You use "server" to mean "receiving end". A more general use, intended here, is "handles traffic". Thus, incoming server and outgoing server. You are sending your email TO the proper receiving server (via MX), but it is still coming from your machine, not an "official email server". Technically, there is no problem with your scheme, but in practice, such machines on dial-up, volatile IP addresses are the main source of spam, and are thus blocked by more and more people. Many STMP servers are neither senders nor receivers, but relays. ------------------------------ Date: Thu, 04 Sep 2008 22:30:56 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: Current status? Message-ID: Phillip Helbig---remove CLOTHES to reply wrote: > such > machines on dial-up, volatile IP addresses are the main source of spam, I do have a hard time thinking that *dial up* has that much to do with modern spam, has it ? Jan-Erik. ------------------------------ Date: 4 Sep 2008 23:39:24 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Current status? Message-ID: <6ib9tbFpklicU1@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article , > =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= > writes: > >> >> Log watchers, webcam watchers, >> >> etc, anything which sends notification by email when something >> >> "interesting" happens, using its own built-in mail server; >> >> *Server* ?? I set up my cheap Zyxel DSL modem/router to send >> notifications to me, but it not a *server*. It uses whatever mail >> server it get's after doing a DSN-MX lookup on the receiver >> address, and that should be the official SMTP server of my >> ISP, as far as I understand. >> >> Why whould anything just needing to *send* a mail have a >> smtp *server* implementation ? > > You use "server" to mean "receiving end". A more general use, intended > here, is "handles traffic". Thus, incoming server and outgoing server. > You are sending your email TO the proper receiving server (via MX), but > it is still coming from your machine, not an "official email server". > Technically, there is no problem with your scheme, but in practice, such > machines on dial-up, volatile IP addresses are the main source of spam, > and are thus blocked by more and more people. > > Many STMP servers are neither senders nor receivers, but relays. Actually, the correct terminology is MUA and MTA. MUA = Mail User Agent. MUA's originate and terminate email. MTA = Mail Transport Agent MTA'a exchange email across the INTERNET. Nothing but MTA's should talk between email domains. No MUA shoud be allowed to acess anything but the local MTA. Thus the reason for blocking port 25 at your firewall for all internal hosts other than your designated MTA(s). User machines should never be considered MTA's. MTA's are the machines with the MX record in tghe DNS system. Violating this simple network engineering principle is why we have the SPAM probledm that we have. As for relaying, some MTA's relay. One should be very careful about who one relays for. You shold relay for your internal machines (all the MUA's) as that is the purpose of an MTA. You should not relay for external machines and if you do, that is a real quick way to find yourself on a blacklist. Email is really not that hard to manage. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 4 Sep 2008 23:42:51 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Current status? Message-ID: <6iba3rFpklicU2@mid.individual.net> In article , Jan-Erik Söderholm writes: > Phillip Helbig---remove CLOTHES to reply wrote: > >> such >> machines on dial-up, volatile IP addresses are the main source of spam, > > I do have a hard time thinking that *dial up* has > that much to do with modern spam, has it ? The term "dial-up" today pretty much refers to any host that get's its address dynamically. No machine that gets it's address dynamically should be trying to send email to anyone other than its own internal MTA. Most legitimate email MTA's will refuse a connection from a machine from outside their domain that can be determined to be using a dynamically assigned ip address. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 4 Sep 2008 23:45:24 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Current status? Message-ID: <6iba8kFpklicU3@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article > <8c328cb8-33b0-42e2-b590-5aab5a7b2670@w1g2000prk.googlegroups.com>, > johnwallace4@yahoo.co.uk writes: > >> Enforcing "email from recognised SMTP servers only" would indeed get >> rid of much spam instantly, and is a tactic already used by some folks >> to reject *incoming* mail, but it would also break hundreds of little >> convenience Windows apps that have their own mailsenders built in, and >> inconvenience millions of their users. Log watchers, webcam watchers, >> etc, anything which sends notification by email when something >> "interesting" happens, using its own built-in mail server; they would >> all need their user/installer to actually know their ISP's SMTP server >> address so they could do the setup properly. How many PC users >> actually know or care much about that kind of thing? > > Perhaps true. On the other hand, such machines are the source of most > SPAM today, taken over by viruses etc sending spam without the owner > knowing, and without sending too many from one machine within a given > time (a characteristic some folks used to use to identify possible > sources of spam). I Which is why something as simple as the ISP blocking outgoing traffic to any addrfess wirth port 25 for all internal machines other than thier MTA is a good idea and would eliminate the largest source of SPAM. > think it would be a good idea that if such little > convenience apps were to be used, the user would have to enter the name > of a mailserver. It should not even be thier choice. Either send tot he local MTA or have the connection blocked. It's really that simple!! bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 04 Sep 2008 23:51:28 GMT From: John Santos Subject: Re: Current status? Message-ID: <4w_vk.522$1a2.373@trnddc04> Jan-Erik Söderholm wrote: >>> Log watchers, webcam watchers, >>> etc, anything which sends notification by email when something >>> "interesting" happens, using its own built-in mail server; > > > *Server* ?? I set up my cheap Zyxel DSL modem/router to send > notifications to me, but it not a *server*. It uses whatever mail > server it get's after doing a DSN-MX lookup on the receiver > address, and that should be the official SMTP server of my > ISP, as far as I understand. The DNS lookup will tell it the SMTP server of the *destination* ISP, not the originating ISP. It needs to do the MX lookup on the sender address, but even that is often not correct, since many ISPs and other businesses use a different server for outbound mail than for inbound mail. MX records exist so that external mail servers can find the domain's inbound servers, not so that internal mail clients can find the domain's outbound servers. AKAIK, there is no standard, reliable way for a client to identify its own SMTP server for sending messages. The person setting up the client generally needs to be *told* this by the networking powers that be, and then set up the client appropriately. I think some random windows programs peek into the Outlook configuration to try to determine the SMTP server, but if you are using some other mail client on the PC, that probably won't work or may provide a bogus or obsolete answer. The SMTP server should be happy to relay mail on behave of any client within the originating domain, but many have additional sanity checks to try to limit SPAM, such as making sure the various "sender" names are valid etc. Right now, I'm fighting with configuring a system at a customer site that wants to send problem notification emails to various people at the customer, and also to our support department and (possibly) to our support department's home email addresses and to our pager service. (We want to get notified even if our mail server is down.) The customer's outbound SMTP server will relay mail from "username@host.domain.com", but not from "username@domain.com" unless "username" is a valid mail recipient at domain.com. However, many external SMTP servers won't take mail from "@host.domain.com" since the customer's internal DNS isn't visible to the outside world. (The address and ptr records for the SMTP servers are externally visible, but thousands of internal servers, workstations, PCs, routers, etc. are not.) So the bottom line is I can send mail from "username@host.domain.com" to one support person's home email which is @gmail.com, but not to my home email which is @verizon.net. (I've white-listed "*.domain.com" on our external email service, so the client system can send to "username@egh.com") On the other hand, I can send mail from "known.user@domain.com" to anyone in the world (that I've tried so far), but "known.user" has to be a known email user at domain.com, or the customer's SMTP server won't forward it. (I can't send directly to the destination SMTP server because the customer's firewall blocks outbound SMTP except from their outbound servers.) This leads to 2 problems. 1) I've figured out how to coerce UCX (really HP TCP/IP Services for OpenVMS, but that is too damn long to type) into using "domain.com" instead of "host.domain.com", but I haven't figured out how to make it send from "known.user" instead of "username". 2) I don't want to use an existing customer employee's email username (such as the sytem administrator's username) because I don't want them getting annoyed with bounces, etc., especially while testing it. Also, if the employee gets reassigned, the mail would no longer be relevent to them, and if they leave the company, the email address will most likely no longer be valid. (It's pretty much a turnkey system, which means the customer handles day-to-day operations, but we deal with anything exceptional, such as crashes and hardware or software failures.) So I need to get the customer's network/mail people to supply us with a fake email address and to forward bounces, undeliverable mail, etc. somewhere useful (like back to us) so we know when somethings gone wrong. Actually, 3 problems, since right now no one can respond to mail from "user@host.domain.com" (though I think we can jam a "reply-to:" header into the mail to fix this.) Actually 4 problems, since the VMS V8.3 version of MIME seems to be broken; one of the things we want to automail is reports in the form of comma-separated lists that can be imported into a spread-sheet by the recipient, but MIME is messing them up somehow. (The MIME V1.8 in Alpha V7.3-2 seems to work okay, both with UCX and TCPware, but I think the current MIME V1.93 on both Itanium and Alpha is sticking a blank line in the headers somewhere...) > > Why whould anything just needing to *send* a mail have a > smtp *server* implementation ? Because relaying mail is the principle function of an SMTP server? > > Jan-Erik. -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 ------------------------------ Date: Fri, 05 Sep 2008 00:43:47 GMT From: John Santos Subject: Re: Current status? Message-ID: <7h%vk.609$393.335@trnddc05> Bill Gunshannon wrote: > In article , > helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > >>In article , >>=?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= >>writes: >> >> >>>>>Log watchers, webcam watchers, >>>>>etc, anything which sends notification by email when something >>>>>"interesting" happens, using its own built-in mail server; >>> >>>*Server* ?? I set up my cheap Zyxel DSL modem/router to send >>>notifications to me, but it not a *server*. It uses whatever mail >>>server it get's after doing a DSN-MX lookup on the receiver >>>address, and that should be the official SMTP server of my >>>ISP, as far as I understand. >>> >>>Why whould anything just needing to *send* a mail have a >>>smtp *server* implementation ? >> >>You use "server" to mean "receiving end". A more general use, intended >>here, is "handles traffic". Thus, incoming server and outgoing server. >>You are sending your email TO the proper receiving server (via MX), but >>it is still coming from your machine, not an "official email server". >>Technically, there is no problem with your scheme, but in practice, such >>machines on dial-up, volatile IP addresses are the main source of spam, >>and are thus blocked by more and more people. >> >>Many STMP servers are neither senders nor receivers, but relays. > > > Actually, the correct terminology is MUA and MTA. > MUA = Mail User Agent. > MUA's originate and terminate email. > > MTA = Mail Transport Agent > MTA'a exchange email across the INTERNET. > > Nothing but MTA's should talk between email domains. No MUA shoud be > allowed to acess anything but the local MTA. Thus the reason for blocking > port 25 at your firewall for all internal hosts other than your designated > MTA(s). User machines should never be considered MTA's. MTA's are the > machines with the MX record in tghe DNS system. Violating this simple > network engineering principle is why we have the SPAM probledm that we have. > As for relaying, some MTA's relay. One should be very careful about who > one relays for. You shold relay for your internal machines (all the MUA's) > as that is the purpose of an MTA. You should not relay for external > machines and if you do, that is a real quick way to find yourself on > a blacklist. > > Email is really not that hard to manage. > > bill > Yup. I think that many of the problems arise because MUAs use the same protocol (SMTP) and port (25) to send mail to MTAs as MTAs use to relay mail to each other. On the other hand MTAs talk to MUAs (when delivering mail) using either of 2 different protocols (that I know of), POP3 on port 110 and IMAP on port 143. (I don't think anything does POP2 on port 109 any more.) I think if the mail origination and mail relay functions and protocols had been kept distinct from the start, everything would be much cleaner and under better control. For example, the way you want to authenticate a mail originator is very different from the way you want to authenticate a mail transport agent. In their defense, SMTP is a "push" protocol (both for originating and relaying mail), but POP3 and IMAP are "pull" protocols, so there's a lot more commonality between an MUA sending to an MTA, and an MTA forwarding mail to another MTA, than between them and mail delivery. Also, these protocols originated before SPAM was an issue. -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 ------------------------------ Date: Thu, 4 Sep 2008 21:20:09 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: Current status? Message-ID: <08090421200956_20201252@antinode.info> From: billg999@cs.uofs.edu (Bill Gunshannon) It's sad to see yet another victim of the dread Wandering Superfluous Apostrophe Syndrome: > [...] refers to any host that get's > its address dynamically. No machine that gets it's address [...] I hope you get better soon. (If no improvement is forthcoming, ask Google about "eats shoots and leaves".) ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Thu, 04 Sep 2008 20:39:49 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: >> On the NVAX+, there is no S0 and S1 space. There is only system space, which is >> laid out by SBR and SLR. And so, that table can grow to twice the size of old... >> Presto, 2 Gig of system space, for a total of 4 Gig of addressable space. Except >> for the very last page... Sorry about that. :-( > > I know it's been more than 24 hours since I read the manuals, but I > think the I/O space after S0 space is 512MB, not a page. (Why it's > half a GB I don't know, other than it probably makes aranging the > base addresses of lots of I/O bus adapaters easier.) No. Thy physical address space reserves 512MB for I/O space. But if we talk S0, then we're talking virtual address space. That's a different ballgame. > So you get 4GB of addressable space, 3 1/2 of which can map to RAM, > and 4GB of RAM. And my first 11/780 only had 1MB (that was the > minumum for VMS 1.5 or 1.6 or whatever we had). There aren't any requirements like that. You can map the full 4 Gig (minus one page) to ram. Obviously, not all of that can be mapped in at the same time, since you only can have 3.5 Gig of physical ram. But system space can cover the whole 2 gig on the VAXen with extended addressing (minus that one page). Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Thu, 04 Sep 2008 20:40:45 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: >> Is there no one else but me who actually reads the manuals? Are all people here >> just sitting around and guessing??? > > I just read the manual. Great. Now, start making a difference between physical address space and virtual, and we should be home in a second. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Thu, 04 Sep 2008 20:43:14 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , John Santos writes: >> Anyway, the bottom line is (with a reasonable operating system >> that didn't do pathological things to the APRs) PDP-11's had >> true, if tiny and coarsely-segmented, virtual memory. > > OK, I'll buy that you've seen something on an -11 that I haven't. > But with the APRs being privileged registers I assume that the > overlay supervisor had to be supported by kernel mode services. > And I always wondered if that was attack-able. I can't really speak for RSTS/E, but for RSX, this is done by the normal MAP$ system call, so it's no more exploitable than the system call itself. And while true in practice, technically the APRs aren't privileged registers. They are just memory located in the I/O space. However, unprivileged programs normally don't have access to I/O space. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Thu, 04 Sep 2008 20:44:08 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: > >> Where would you have installed that??? There is no slots in the CPU box for >> anything else/more. All you have is the Unibus. >> The RH70 controllers have dedicated slots, and there is four of those. I could >> imagine that you might be able to graft something into one of those slots, but >> they'd have to behave like a RH70 in that case (from the electrical point of view). > > You could expand the SBI and CPU cabinet. We had 11/780 with DR780, > three UNIBUSes, and three or four MASSBUSes. But then we had other > 11/780 with two or more UNIBUSes and eight MASSBUSes, which wasn't > supported but did work. Yes. But a PDP-11/70 still don't have an SBI. :-) Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Thu, 04 Sep 2008 20:45:19 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bill Gunshannon skrev: > In article , > koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >> In article , Roger Ivie writes: >>> DR780, indeed. Fun device. It looked things up in the page tables, so >>> you could give it user-space addresses. I thought there were manuals >>> over at bitsavers, but I'm sure not finding them. There was also a VAXBI >>> equivalent called the DRB32, but I never dealt with that one. >> We had array processors from APS hung off of DR780. > > I watched one of those, brand new, still fastened to the pallet, get thrown > in a dumpster. Sure wish I could have got my hands on it. I'm sure I could > have found a way to hook it up to one of my PDP-11's or even a VAX. :-) You would never have been able to hook it up to a PDP-11. A VAX-11/78x, or a VAX-86x0 would have been your only options. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: 4 Sep 2008 18:46:29 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <6iaoo5Fphr6oU1@mid.individual.net> In article , Johnny Billquist writes: > Bill Gunshannon skrev: >> In article , >> koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >>> In article , Roger Ivie writes: >>>> DR780, indeed. Fun device. It looked things up in the page tables, so >>>> you could give it user-space addresses. I thought there were manuals >>>> over at bitsavers, but I'm sure not finding them. There was also a VAXBI >>>> equivalent called the DRB32, but I never dealt with that one. >>> We had array processors from APS hung off of DR780. >> >> I watched one of those, brand new, still fastened to the pallet, get thrown >> in a dumpster. Sure wish I could have got my hands on it. I'm sure I could >> have found a way to hook it up to one of my PDP-11's or even a VAX. :-) > > You would never have been able to hook it up to a PDP-11. A VAX-11/78x, or a > VAX-86x0 would have been your only options. Or a Prime 850 like it was originally destined for. :-) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 04 Sep 2008 22:01:41 GMT From: Antonio Carlini Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Roger Ivie wrote in news:slrngbuhb1.nl6.rivie@stench.no.domain: > In my case, we had some custom hardware run by a PDP-11/23 hanging off > the end of a DR-780. I did some user-level programming of the DR-780 > for diagnostic purposes and the embedded code on the 11/23; the final > customer did the operational software for the DR-780. I liked the > interface so much that I patterned a later VAXBI device after it; in > that case, it was a Z-80 looking things up in the VAX page table. Inquiring minds would like to know: which device was it? I know that the DMB32 had carnal knowledge of VAX page table formats (I kept its driver going for a while). But the DMB32 was 68K based. The DSB32 was another device whose hand I held for a good while, but that was (IIRC) based on a 78032 (UVAX II) chip (and didn't know about VAX page tables, again iirc). Antonio arcarlini@iee.org ------------------------------ Date: Fri, 05 Sep 2008 02:38:18 GMT From: Roger Ivie Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: On 2008-09-04, Antonio Carlini wrote: > Roger Ivie wrote in > news:slrngbuhb1.nl6.rivie@stench.no.domain: > >> I liked the >> interface so much that I patterned a later VAXBI device after it; in >> that case, it was a Z-80 looking things up in the VAX page table. > > Inquiring minds would like to know: which device was it? The ICA, a 3rd-party quad IEEE-488 device. -- roger ivie rivie@ridgenet.net ------------------------------ Date: Thu, 04 Sep 2008 14:59:57 -0500 From: "Craig A. Berry" Subject: Re: HP TestDrive systems to be shutdown Message-ID: Marty Kuhrt wrote: > So do you think this means that there will be an HP blessed VM (or PVP > in their parlance)? Yes, of course: http://h71028.www7.hp.com/ERC/downloads/4AA0-5801ENW.pdf and see Hoff's blog entry: http://64.223.189.234/node/640 > Could I run OpenVMS in a VM on my dual quad core > Xeon Mac? That would be neat. It all pretty clearly states HP Integrity VM so what you're asking seems quite unlikely. It's probably more of a VMWare- or Parallels Desktop-like model rather than an emulator, so running on a foreign processor isn't part of the picture. Or were you assuming OpenVMS will be ported to Xeon? ;-) Like a lot of what HP does, shutting down the testdrive systems and replacing them with something individuals can't get to doesn't make a lot of sense. Hopefully whoever had this brilliant idea doesn't know about the hobbyist program. ------------------------------ Date: Thu, 4 Sep 2008 17:16:39 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: HP TestDrive systems to be shutdown Message-ID: <08090417163950_20201252@antinode.info> From: Marty Kuhrt > When logging into the TestDrive cluster the other day to do the IA64 > portion of cURL, I ran across the following message. Since the exact > same message is on a publically available HP page, > http://www.testdrive.hp.com/ , [...] I ran into this a few weeks ago, when I was looking for a (now disappeared) older PA-RISC HP-UX system. The highlight was For more information on how to join HP's DSPP program [...] [...] we expect that you will be pleased [...] Right. I sent a complaint to testdrive@hp.com, noting that as a non-commercial peon, I don't qualify for the DSPP. I got a reply claiming that there is some effort underway to persuade the DSPP folks to do something to widen the entrance a little. It's possible that more expressions of interest would advance the cause. No bets, but it should be easy enough to try. Personally, I found the instant access to a wider variety of function-limited systems to be more useful than I expect to find the new scheme's more cumbersome access to fewer (but more flexible) system types. ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Thu, 4 Sep 2008 11:41:17 -0700 (PDT) From: DaveG Subject: Re: Loose Cannon-dian Message-ID: On Sep 4, 12:55=A0pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: > In article <3fb2f945-2d70-48d5-b527-aff6497d9...@a3g2000prm.googlegroups.= com>, > =A0 =A0 =A0 =A0 DaveG writes: > > > > > We (or at least I) would be interested to know what you learn from > > your VMS System Manager. =A0And if most would see a >600 note thread, > > complete with the usual detours, they would IMO most likely move on to > > smaller and better things. > > OK, here goes. =A0And, we had a chance to talk for a while so I got a lot > more skinny than just on the recent patches. > > First, he was totally unaware of either the vulnerabilities or any recent > patches. =A0And, yes, we are still under full support. =A0So, I wonder ho= w many > more sites are sitting out there vulnerable since the whole thing is > searchable on Google? =A0More important, I guess, would be knowing what > percentage of systems are still vulnerable. =A0But that would require kno= wing > not only the number of vulnerable machines but also the true value of the > VMS Constant. =A0A totally unknown quantity. > > As some here may (or may not) remember, we are a VMS/Oracle/Banner site. > I mentioned once before that I had heard from Banner that they were in > the process of moving to Windows. =A0The good news is that plan is pretty > much dead. =A0However, they are moving to Linux. =A0My contact mentioned > just recently coming back from a Banner conference where they wer all > told that Banner was migrating away from VMS. =A0Numbers given were that > a couple of years ago Banner was nearly 90% VMS. =A0Now is about 20-30%. > And expects in the next coupld of years that will drop to about 2%. > > Our pepole here, who have looked at Itanium and VMS running on it have > already made the decision that VMS goes with the last Alpha and that > goes when HP support stops. =A0He said something about 2011 but maybe > people here know more about when HP's drop-dead dagte for Alpha Systems > is. > > So, it looks like VMS has lost not only the Academic world but also > the administrative side of the academic world. =A0Somneone mentioned > the loss of Cerner meaning a likely loss of the medical world. =A0I > have already mentioned that, based on the comments from DISA, there > are not likely to be any new VMS IS's in government. > > Feel free to tell me how all of this is somehow unimportant or totally > irelevant. =A0I wonder what the chances are that I can lay my hands on > some of the Alphas when this place moves to Linux (Yes, that was the > direction he said they were going. =A0And for those who think that killin= g > VMS was going to make previous VMS users refuse to deal with HP in the > future, they are specifically going with HP because HP has excellent > Linux support. =A0"Much better than RedHat". =A0His words, not mine. > > bill > > -- > Bill Gunshannon =A0 =A0 =A0 =A0 =A0| =A0de-moc-ra-cy (di mok' ra see) n. = =A0Three wolves > billg...@cs.scranton.edu | =A0and a sheep voting on what's for dinner. > University of Scranton =A0 | > Scranton, Pennsylvania =A0 | =A0 =A0 =A0 =A0 #include = =A0 Thanks for the summary Bill and I'm not surprised he didn't know. If you're not reading stuff here or in a few other places, how could one know? HP did issue patches, but they, as discussed previously, wound up on the last page of the ITRC patch lists due to the software not knowing where to place a MUP. This is being fixed, but not yet. HP has been silent otherwise. Paying support customers have not received word, written/email/whatever, from HP on this matter. I learned yesterday that the OpenVMS Ambassadors are not in the loop. IMO simply posting a patch is not enough communication considering the circumstances. And I do know of Banner and Cerner sites that regret the move from VMS, but it seems no one is lifting a finger to stop it from happening. ------------------------------ Date: 4 Sep 2008 18:53:19 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Loose Cannon-dian Message-ID: <6iap4uFphr6oU2@mid.individual.net> In article , DaveG writes: > On Sep 4, 12:55 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: >> In article <3fb2f945-2d70-48d5-b527-aff6497d9...@a3g2000prm.googlegroups.com>, >>         DaveG writes: >> >> >> >> > We (or at least I) would be interested to know what you learn from >> > your VMS System Manager.  And if most would see a >600 note thread, >> > complete with the usual detours, they would IMO most likely move on to >> > smaller and better things. >> >> OK, here goes.  And, we had a chance to talk for a while so I got a lot >> more skinny than just on the recent patches. >> >> First, he was totally unaware of either the vulnerabilities or any recent >> patches.  And, yes, we are still under full support.  So, I wonder how many >> more sites are sitting out there vulnerable since the whole thing is >> searchable on Google?  More important, I guess, would be knowing what >> percentage of systems are still vulnerable.  But that would require knowing >> not only the number of vulnerable machines but also the true value of the >> VMS Constant.  A totally unknown quantity. >> >> As some here may (or may not) remember, we are a VMS/Oracle/Banner site. >> I mentioned once before that I had heard from Banner that they were in >> the process of moving to Windows.  The good news is that plan is pretty >> much dead.  However, they are moving to Linux.  My contact mentioned >> just recently coming back from a Banner conference where they wer all >> told that Banner was migrating away from VMS.  Numbers given were that >> a couple of years ago Banner was nearly 90% VMS.  Now is about 20-30%. >> And expects in the next coupld of years that will drop to about 2%. >> >> Our pepole here, who have looked at Itanium and VMS running on it have >> already made the decision that VMS goes with the last Alpha and that >> goes when HP support stops.  He said something about 2011 but maybe >> people here know more about when HP's drop-dead dagte for Alpha Systems >> is. >> >> So, it looks like VMS has lost not only the Academic world but also >> the administrative side of the academic world.  Somneone mentioned >> the loss of Cerner meaning a likely loss of the medical world.  I >> have already mentioned that, based on the comments from DISA, there >> are not likely to be any new VMS IS's in government. >> >> Feel free to tell me how all of this is somehow unimportant or totally >> irelevant.  I wonder what the chances are that I can lay my hands on >> some of the Alphas when this place moves to Linux (Yes, that was the >> direction he said they were going.  And for those who think that killing >> VMS was going to make previous VMS users refuse to deal with HP in the >> future, they are specifically going with HP because HP has excellent >> Linux support.  "Much better than RedHat".  His words, not mine. >> >> bill >> >> -- >> Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves >> billg...@cs.scranton.edu |  and a sheep voting on what's for dinner. >> University of Scranton   | >> Scranton, Pennsylvania   |         #include   > Thanks for the summary Bill and I'm not surprised he didn't know. If > you're not reading stuff here or in a few other places, how could one > know? Which is what I have said all along. I am fairly certain if there had been a CERT Advisory he wold have either seen it himself or been informed by our security people. > HP did issue patches, but they, as discussed previously, wound > up on the last page of the ITRC patch lists due to the software not > knowing where to place a MUP. This is being fixed, but not yet. HP > has been silent otherwise. Paying support customers have not received > word, written/email/whatever, from HP on this matter. I learned > yesterday that the OpenVMS Ambassadors are not in the loop. IMO > simply posting a patch is not enough communication considering the > circumstances. Which, again, is why I said the actual number of vulnerabilities over the lifetime of VMS is totally unknown. No one (at least no one who can be trusted) has tracked or reported on them. And HP, like it's predecesors, does everything in its power to keep them a secret. > And I do know of Banner and Cerner sites that regret the move from > VMS, but it seems no one is lifting a finger to stop it from > happening. Well, at lest in the case of Banner, it is long past the point of that. According to our Systems Manager Banner made it clear that this is a done deal. And as for Oracle, while they re-itereated the company line of continued support for Oracle on VMS (at least the server) they also made it clear that Linux was their direction for the future. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 4 Sep 08 15:36:41 EDT From: cook@wvnvms.wvnet.edu (George Cook) Subject: Re: Loose Cannon-dian Message-ID: <3G+9PgqW+1Cn@wvnvms> In article <6ialo4Fpnrc8U1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > As some here may (or may not) remember, we are a VMS/Oracle/Banner site. > I mentioned once before that I had heard from Banner that they were in > the process of moving to Windows. The good news is that plan is pretty > much dead. However, they are moving to Linux. My contact mentioned > just recently coming back from a Banner conference where they wer all > told that Banner was migrating away from VMS. Numbers given were that > a couple of years ago Banner was nearly 90% VMS. Now is about 20-30%. > And expects in the next coupld of years that will drop to about 2%. > > Our pepole here, who have looked at Itanium and VMS running on it have > already made the decision that VMS goes with the last Alpha and that > goes when HP support stops. He said something about 2011 but maybe > people here know more about when HP's drop-dead dagte for Alpha Systems > is. > > So, it looks like VMS has lost not only the Academic world but also > the administrative side of the academic world. Somneone mentioned > the loss of Cerner meaning a likely loss of the medical world. I > have already mentioned that, based on the comments from DISA, there > are not likely to be any new VMS IS's in government. > > Feel free to tell me how all of this is somehow unimportant or totally > irelevant. I wonder what the chances are that I can lay my hands on > some of the Alphas when this place moves to Linux (Yes, that was the > direction he said they were going. And for those who think that killing > VMS was going to make previous VMS users refuse to deal with HP in the > future, they are specifically going with HP because HP has excellent > Linux support. "Much better than RedHat". His words, not mine. WVNET was where BANNER was first sold by SCT. We had fourteen academic institutions using DEC hardware with most of them running BANNER on it. Within a year or so the migration at these institutions off VMS will be finished. We had one institution which until very recently was prepared to buy an Itanium to run VMS/BANNER, but SCT was finally able to convince them it would be a bad move. The institution instead bought a Dell system. Not a single one of the fourteen institutions purchased anything other than printers from HP when they moved off VMS. IBM and Dell got all the business and will do so for the forseeable future. The statewide hardware and software DEC/Compaq/HP maintenance contract was at one point around $250,000/year, but now it is very rapidly nearing zero. George Cook WVNET ------------------------------ Date: Thu, 4 Sep 2008 16:02:23 -0700 (PDT) From: bugs@signedness.org Subject: Re: Loose Cannon-dian Message-ID: <1e94be8c-1ddd-4f7a-b757-1a6cf21d0281@m3g2000hsc.googlegroups.com> On Sep 4, 3:37=A0pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: > In article , > =A0 =A0 =A0 =A0 John Santos writes: > > > > > > > Bill Gunshannon wrote: > >> In article <48be1d20$0$9641$c3e8...@news.astraweb.com>, > >> =A0 =A0 =A0 =A0JF Mezei writes: > > >>>b...@signedness.org wrote: > > >>>>trouble of finding all the relevant dates, I estimate that HP had a > >>>>patch linked around 6 weeks before it was even clear to the majority > >>>>of comp.os.vms that it was a real issue and exploitable. > > >>>You need to wonder why HP would have sat on that patch so long without > >>>telling you the problem was fixed and without releasing the patch. Is = it > >>>really a coincidence that it was released very shortly after people on > >>>C.O.V. were given proper details to understand *and reproduce* this > >>>serious vulnerability ? > > >>>I'd be willing to bet there was nobody from the VMS group at the DEFCO= N > >>>conference. So the fact that you published a vulnerability there would > >>>not have made a difference. > > >>>The VMS community knows very well that the "newer" software like the > >>>TCPIP stack or anything ported from Unix is riddled with bugs and buff= er > >>>overflow risks because it is not really "native" VMS software. The > >>>POP/IMAP and XDM servers do not honour VMS intrusion detection for > >>>instance. That is a serious security weakness since it allows > >>>brute-force attacks that do not generate alarms. Anbd this has been > >>>present for years. > > >> Oh, cut the crap. =A0It isn't Unix's fault that there are bugs in VMS. > >> One of the reported exploits is in SMG which is pure VMS. =A0Not only > >> that, it was written in Bliss, not C. =A0No language or OS is immune > >> to bad programming. > > > Since this was exactly the point JF made in the next paragraph, in what > > way was it crap? =A0Did you respond without reading the entire post? = =A0Or > > do you just like crowing about it? > > I wasn't responding to the next paragraph but to the comment above that. > like is done here frequently, he once again refered to "anything ported > from Unix" and described it as "riddled with bugs and buffer overflow > risks because it is not really 'native' VMS software". =A0I was merely > pointing out that SMG , while not "ported from Unix" and "really 'native' > VMS software" was found to have "bugs and buffer overflow risks". > > > > > > > > >>>Your vulnerability surprised many because it affected software that > >>>dates back to the glory days of VMS when software quality and security > >>>was job #1 at Digital and Digital really prided itself on having > >>>experienced coders that wouldn't make such mistakes (especially since > >>>most system services provide buffer limits to prevent buffer overflows= ). > > >> Or maybe it just destroyed that myth, too. =A0Programmers are programm= ers. > >> Some are good and some are bad and any idea that DEC never hired a bad > >> programmer is just plain ludicrous. =A0The fact that these bugs remnai= ned > >> (apparently) undetected just further proves how long ago VMS became > >> insignificant in the IT world and thus never saw the scrutiny other > >> systems saw. > > > It's not a myth. =A0It's checks and balances. =A0DEC never just trusted= that > > they would hire good programmers and then everything would work. =A0The= re > > were code reviews, walk-throughs, programming standards (including > > relatively safe languages and safe programming techniques such as strin= g > > descriptors as opposed to null-terminated strings), regression testing, > > field testing, and many eyes. =A0The system isn't (or wasn't) perfect; = this > > is proof. =A0But it's still dozens or hundreds of times better than the > > typical Unix method, and thousands of times better than M$. > > That remains to be seen. =A0Because they have never been reported or trac= ked > by any outside source (look at the reluctance to trport any of these rece= nt > discoveries to CERT) there really is no way of knowing how many problems > of the same type as found in Unix have been quietly fixed and rolled into > the next upgrade rather than making them public and sending out very visi= ble > patches. =A0The apparent age of some of these recent vulnerabilities beli= es > the idea that DEC's "checks and balances" and "code reviews, walk-through= s, > programming standards" were any better than anyone elses. =A0VMS just has= a > much lower visibility profile. =A0And, as for "safe languages", someone > has already stated that the offending SMG code is Bliss. =A0Or was that a > mistake? =A0Surely it wasn't C all those years ago on the VAX? > > There are good reason for people to be reluctant to report to CERT. CERT is no longer a good source for vulnerability information. I'm pretty sure HP will publish their own advisory about this eventually and when they do maybe CERT will reword and publish their own version. I don't believe people are more reluctant to report vulnerabilities in VMS than anything else. I think the simple reason you don't see more VMS vulnerabilities reported is that few people looking for bugs knows VMS (ourselves included) and other targets for bug hunting are more attractive since they don't require learning a new OS. BTW other sources do track VMS vulnerabilities. A good starting point is http://secunia.com/search/?search=3Dopenvms > > > If you really think there are just as many undiscovered exploits in VMS > > as there are in Unix, then you must think there is no value at all to > > any of these things. =A0Sheesh! > > I think no one outside of DEC/Compaq/HP has any idea how many exploits > equivalent to those found in Unix have or still exist in VMS. =A0It's a > matter of visibility and not code quality. =A0Every little bug in Unix > (most of which are in external programs rather then Unix itself) gets > reported publicly and usually loudly. =A0Even these recent ones have seen > no mention outside of a very small group of VMS users. =A0I am going to > give our VMS System Manager a call in just a couple of minutes. =A0What d= o > you think the odds are that he is aware of any of these? =A0Or the existe= nce > of a MUP to fix them? =A0I know he doesn't read c.o.v!! =A0I'll let you k= now. > > > > >>>And since the "legacy" portions of VMS such as SMG haven't been active= ly > >>>developped/improved in over a decade, so we would have still expected > >>>this software to date back to the days of the high quality standards. > > >> And yet, there they are. =A0Bugs, just like in everything else. =A0Go = figure! > > > Innumeracy. > > bill > > -- > Bill Gunshannon =A0 =A0 =A0 =A0 =A0| =A0de-moc-ra-cy (di mok' ra see) n. = =A0Three wolves > billg...@cs.scranton.edu | =A0and a sheep voting on what's for dinner. > University of Scranton =A0 | > Scranton, Pennsylvania =A0 | =A0 =A0 =A0 =A0 #include = =A0- Hide quoted text - > > - Show quoted text -- Hide quoted text - > > - Show quoted text - ------------------------------ Date: Thu, 4 Sep 2008 12:26:27 -0700 (PDT) From: bob.birch@gmail.com Subject: Re: Note to Island Computers customers Message-ID: <7b9653c7-4889-435b-85f6-b7edce5aa32f@b38g2000prf.googlegroups.com> On Sep 4, 10:11=A0am, DaveG wrote: > On Sep 3, 8:32=A0pm, David J Dachtera > wrote: > > > David wrote: > > > > THANKS FOR THE CORRECTION > > > I had to look that up afterwards > > > How solid is the cell phone service? > > > D.J.D. > > From what I've read, and not from personal experience, cell service is > one of the first casualities during a big storm. =A0Amateur radio groups > help out as best they can. =A0Often better than other agencies. =A0ARES > (amatur radio emergency services) is one and RACES (radio amateur > civil emergency service) is another. Some newer cities, have all utillity services underground, nothing topside and continue to operate up to a Cat 4 or till water levels reach Xsformers. Ditto the comment on ARES or amateur radio they usually stay up, most of them and help the FD and Police, etc. Cell service is one of the first to go. Least thats my experience. If you lose electric and happen to be on the same local grid as the local hospital, police, you will come back on first. experience ------------------------------ Date: Thu, 4 Sep 2008 14:21:07 -0700 (PDT) From: Rich Jordan Subject: Re: OpenVMS upgrade checklists Message-ID: On Sep 3, 7:12=A0pm, B...@rabbit.turquoisewitch.com (Brad Hamilton) wrote: > In article , > > =A0Rich Jordan wrote: > >DEC (and OpenVMS Engineering since then) has provided OpenVMS Upgrade > >Checklists for versions of VMS up to (apparently) V8.2; at least that > >is the last one I can find via the search assistant. > > >These checklists are more complete than the centrally located 'mini' > >one included in the install/upgrade guide; they consist of numerous > >information points gathered together from the install/upgrade manual > >and the release notes. > > I've been using the 'mini' checklist for years, and was not aware of a mo= re > comprehensive checklist. =A0Could you provide an online pointer to such a > creature (or at least the name of the manual)? =A0Or a pointer to the "se= arch > assistant"? > > If it is part of the doc set, I would be willing to guess that since ther= e were > not a whole lot of changes between V8.2 and V8.3, that there was no need = to > provide an "upgraded" manual (I know that examples of this "paradigm" exi= st for > other manuals, but I can't recall any specifics). =A0The intent would be = for one > to use the 8.2 manual in the 8.3 "environment". > [...] This isn't really a formal document though. In the past it was something which (I assume) VMS engineering put together as an aid to installer/upgraders. I'm familiar with the staged doc updates (as needed). I don't think thats the case here though. More like it just didn't get done; perhaps its been dropped. Rich ------------------------------ Date: Thu, 04 Sep 2008 18:33:57 -0500 From: BRAD@rabbit.turquoisewitch.com (Brad Hamilton) Subject: Re: OpenVMS upgrade checklists Message-ID: In article , Rich Jordan wrote: [...] >This isn't really a formal document though. In the past it was >something which (I assume) VMS engineering put together as an aid to >installer/upgraders. I'm familiar with the staged doc updates (as >needed). I don't think thats the case here though. More like it just >didn't get done; perhaps its been dropped. Just for completeness' sake - I found the doc using the HP search tool on the VMS website. I avoided this search tool for years after my initial uses of it were unsuccessful. It looks as though the tool has improved considerably over the years. I found and looked at the document quickly - it looks as though it's generic enough to use for V8.3, perhaps in conjunction with the "new features and release notes" for V8.3. I can understand wanting to have a separate document for V8.3, though. Perhaps I'll try using it when I upgrade my hobbyist system from V8.3 to V8.4-mumble. Thanks for the information. Every little bit helps. ------------------------------ Date: Thu, 4 Sep 2008 11:15:29 -0700 (PDT) From: Rich Jordan Subject: Re: OT: Carly speeks at convetion Message-ID: On Sep 4, 3:38=A0am, JF Mezei wrote: > La Carly may have lost the VP job to a younger female, but she still got > to speak at the religious extremist convention. > > Her speech is at: > > http://portal.gopconvention2008.com/speech/details.aspx?id=3D47 > > Perhaps she'll get the job of Post-Mistress to the General ? > > I wonder if she may get back at her former employer by getting the > government to stop buying from HP. > > BTW, I wonder if Carly's not so great reputation in computer > newsgroups/forums would have impacted her non-selection as VP. Might I beg the indulgence of the OP and additional posters to note that there are hundreds, if not thousands, or perhaps even tens of thousands of blogs, boards, RTCs, conferences, whiteboards, chalkboards, and soapboxes all around this great nation (and even some others!) where the broadcast of political opinions and all other variations of political verbal diarrhea are on topic, or at least less off topic than here. While Ms. Fiorina's former connection to HP might make mention of her current activities of passing interest, embedding that info into a trolling polemic was certainly not necessary or useful to this particular newsgroup. How about we don't pollute our nice VMS group with yet another pointless, long winded crapfest? Take it somewhere else, maybe? Just putting "OT:" in front of it doesn't make it useful to C.O.V. And its darn nice when the number of on-topic posts outnumber the dross, even if they do get prickly like the DEFcon thread. ------------------------------ Date: 4 Sep 2008 18:36:47 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: OT: Carly speeks at convetion Message-ID: <6iao5vFpmkt4U1@mid.individual.net> In article , Rich Jordan writes: > On Sep 4, 3:38 am, JF Mezei wrote: >> La Carly may have lost the VP job to a younger female, but she still got >> to speak at the religious extremist convention. >> >> Her speech is at: >> >> http://portal.gopconvention2008.com/speech/details.aspx?id=47 >> >> Perhaps she'll get the job of Post-Mistress to the General ? >> >> I wonder if she may get back at her former employer by getting the >> government to stop buying from HP. >> >> BTW, I wonder if Carly's not so great reputation in computer >> newsgroups/forums would have impacted her non-selection as VP. > Might I beg the indulgence of the OP and additional posters to note > that there are hundreds, if not thousands, or perhaps even tens of > thousands of blogs, boards, RTCs, conferences, whiteboards, > chalkboards, and soapboxes all around this great nation (and even some > others!) where the broadcast of political opinions and all other > variations of political verbal diarrhea are on topic, or at least less > off topic than here. > While Ms. Fiorina's former connection to HP might make mention of her > current activities of passing interest, embedding that info into a > trolling polemic was certainly not necessary or useful to this > particular newsgroup. > How about we don't pollute our nice VMS group with yet another > pointless, long winded crapfest? Take it somewhere else, maybe? Yeah, let's stick to flying with diabetes. > Just putting "OT:" in front of it doesn't make it useful to C.O.V. > And its darn nice when the number of on-topic posts outnumber the > dross, even if they do get prickly like the DEFcon thread. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 04 Sep 2008 18:15:32 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) Message-ID: <00A7F221.27A92EE7@SendSpamHere.ORG> In article <2Jydndxz-Ij6QSLVnZ2dnUVZ_sWdnZ2d@comcast.com>, "Richard B. Gilbert" writes: >Peter Weaver wrote: >>>> Lucky you. You can fly even though you can't see. After spending what >>>> seemed like a small fortune, I was told that I would never be allowed to >>>> fly on my own, let alone possess a pilot's license because of diabetes. >>>> It was fun while it lasted. >>> Not necessarily the case. I know two pilots with diabetes that >>> actively fly (certified, not experimental or LSA). There's more >>> paperwork involved, but it can be done. You need to find the right >>> AME that has been through it already. AOPA is a great resource for >>> getting that stuff figured out as well. >> >> Way off-topic but... >> >> I'm in Canada so none of this applies to people outside Canada but... >> >> Two weeks ago I went for my aviation medical. I could still read the >> smallest print in the book and the eye chart test gave me 20/15-2 so things >> were looking good. But then the doctor said "What treatment are you on for >> your diabetes?" After he saw the look on my face he said "Oh, by the way, >> you have diabetes." >> >> He said that since diabetic people could pass out while flying and since >> Transport Canada does not like that happening he was going to hold my >> medical until I had more detailed blood work done. He also added that if I >> had a commercial license then it would be gone even without the detailed >> blood work but as a private pilot I may get to keep my license "After much >> letter writing." >> >> Luckily the detailed blood work came back with the number just on the >> borderline. The doctor said that there was no risk of me passing out and >> gave me back the medical with the warning that there may still be questions >> from Transport Canada. The family doctor says that if I drop 10 kg then I >> should be fine. >> >> I am very happy that I got to fly yesterday but one little test cost me my >> license for a week and could have taken it away completely. >> > >This sounds like "Type 2" diabetes for which you can take medication >other than insulin. The available medications fall into two classes. >The first stimulates insulin production. This can give you hypoglycemia >with a vengeance! The second type increases your sensitivity to what >insulin you can produce; hypoglycemia is still possible but the risk is >MUCH lower. > >When your blood glucose drops below sixty you are in trouble; the lower >your sugar goes below that, the deeper in trouble you are. It's called >hypoglycemic shock. It can cause you to lose consciousness or even die. >Even if you don't lose consciousness, you aren't functioning very well, >physically or mentally. I've been as low as 30 and didn't know it. After years of hypoglycemic episodes, it becomes more and more difficult to know one has low blood sugar. >I've been there ONCE, three or four days after I was diagnosed. I had >been given a prescription for oral medication, took the stuff as >directed and found myself feeling shocky. I treated myself to a tall >glass of real (not diet) Coca-Cola and called my doctor. When I told >the receptionist why I was calling she got the doctor on line in about >thirty seconds. The doctor said "Don't take any more of that stuff!" He >asked for the phone number of my pharmacy and phoned in a new prescription. Ginger ale is better. Coke's caffeine isn't a great idea. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Thu, 04 Sep 2008 17:10:50 -0400 From: "Richard B. Gilbert" Subject: Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) f Message-ID: VAXman- @SendSpamHere.ORG wrote: > In article <2Jydndxz-Ij6QSLVnZ2dnUVZ_sWdnZ2d@comcast.com>, "Richard B. Gilbert" writes: >> Peter Weaver wrote: >>>>> Lucky you. You can fly even though you can't see. After spending what >>>>> seemed like a small fortune, I was told that I would never be allowed to >>>>> fly on my own, let alone possess a pilot's license because of diabetes. >>>>> It was fun while it lasted. >>>> Not necessarily the case. I know two pilots with diabetes that >>>> actively fly (certified, not experimental or LSA). There's more >>>> paperwork involved, but it can be done. You need to find the right >>>> AME that has been through it already. AOPA is a great resource for >>>> getting that stuff figured out as well. >>> Way off-topic but... >>> >>> I'm in Canada so none of this applies to people outside Canada but... >>> >>> Two weeks ago I went for my aviation medical. I could still read the >>> smallest print in the book and the eye chart test gave me 20/15-2 so things >>> were looking good. But then the doctor said "What treatment are you on for >>> your diabetes?" After he saw the look on my face he said "Oh, by the way, >>> you have diabetes." >>> >>> He said that since diabetic people could pass out while flying and since >>> Transport Canada does not like that happening he was going to hold my >>> medical until I had more detailed blood work done. He also added that if I >>> had a commercial license then it would be gone even without the detailed >>> blood work but as a private pilot I may get to keep my license "After much >>> letter writing." >>> >>> Luckily the detailed blood work came back with the number just on the >>> borderline. The doctor said that there was no risk of me passing out and >>> gave me back the medical with the warning that there may still be questions >>> from Transport Canada. The family doctor says that if I drop 10 kg then I >>> should be fine. >>> >>> I am very happy that I got to fly yesterday but one little test cost me my >>> license for a week and could have taken it away completely. >>> >> This sounds like "Type 2" diabetes for which you can take medication >> other than insulin. The available medications fall into two classes. >> The first stimulates insulin production. This can give you hypoglycemia >> with a vengeance! The second type increases your sensitivity to what >> insulin you can produce; hypoglycemia is still possible but the risk is >> MUCH lower. >> >> When your blood glucose drops below sixty you are in trouble; the lower >> your sugar goes below that, the deeper in trouble you are. It's called >> hypoglycemic shock. It can cause you to lose consciousness or even die. >> Even if you don't lose consciousness, you aren't functioning very well, >> physically or mentally. > > I've been as low as 30 and didn't know it. After years of hypoglycemic > episodes, it becomes more and more difficult to know one has low blood > sugar. > > >> I've been there ONCE, three or four days after I was diagnosed. I had >> been given a prescription for oral medication, took the stuff as >> directed and found myself feeling shocky. I treated myself to a tall >> glass of real (not diet) Coca-Cola and called my doctor. When I told >> the receptionist why I was calling she got the doctor on line in about >> thirty seconds. The doctor said "Don't take any more of that stuff!" He >> asked for the phone number of my pharmacy and phoned in a new prescription. > > Ginger ale is better. Coke's caffeine isn't a great idea. Coca-Cola was what I had on hand! It was not exactly the moment to go shopping! ------------------------------ Date: Thu, 04 Sep 2008 22:10:45 -0400 From: JF Mezei Subject: Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) f Message-ID: <48c0955d$0$9672$c3e8da3@news.astraweb.com> Richard B. Gilbert wrote: > When your blood glucose drops below sixty you are in trouble; Just for the record, outside of the USA, the normal blood sugar is around 4. Above 7, sugar levels are too high. Below 3, you get weak. Above 13, you gosub (eventually just a goto) hospital ASAP. Note that high blood sugar also influences the brain. Those with alzheimer's will see very obvious degraded brain performance when blood sugar rises. (and diabetes is often a trigger of alzheimer's (or makes it appear faster that it would have otherwise appeared). And degraded performance is not as obvious as passing out but can be dangerous too when making serious work. Brain runs on sugar (glycogen) alone. Heart runs on sugar or fructose. (fructose is special since it goes from stomach into blood stream and not controlled by insulin). Muscles run on sugar in blood, glycogen stored in muscles (carbo loading), or fat in blood. The liver can convert sugar into fat, it can convert some fructose into glucose and can store glucose as glycogen for release when needed. When doing exercise, the brain can trigger enzymes/hormones (namely epinephrine) which will tell skin cells to release fat molecules into the blood stream and favour muscles' use of fat over sugar in the blood. This, to preserve the availability of sugar in blood for the brain. (burning fat requires twice as much O2, so this is a limiting factor since O2 supply from the blood is limited). But when idle, if sugar levels rise too much, then the only defense is release of insulin to convert sugar into fat which ends up being captured by skin cells and taken out of the blood stream. Endurance athletes develop large glycogen storage in their muscles. This can take a lot of the sugar out of the blood before insulin is needed. (aka: carbo loading). But muscles absorb sugar slowly, this is why pasta (complex carbs) are recommended since they are released more slowly into the blood at a rate the muscles can absorb and without triggering insulin production. > glass of real (not diet) Coca-Cola and called my doctor. Milk is the recommended drink when blood sugar is low. Quick but limited release of sugar, followed by slower release of sugar. Easier to control sugar levels. With Coke, you get a huge uncontrolled rush of sugar into the blood, and this is not recommended if you have sugar control problems. ------------------------------ Date: Thu, 4 Sep 2008 19:35:22 -0700 (PDT) From: AEF Subject: Phase 2 and delayed ampersand substitution with the ON command Message-ID: <7db9fc6f-289a-4216-9c39-f2432643a22b@d45g2000hsc.googlegroups.com> Through obsessive curiosity I think I've nailed how Phase 1 of command processing works, but I'm still puzzled about Phase 2. Check it out. In the following DCL command procedure, I initialize 5 items, use them with ampersands to construct and run an ON command, and then assign the five items new values. Example 1 DCL> TYPE AFTER_ON.COM $ I1 = "ON" ! Set items $ I2 = "WARNING" $ I3 = "THEN" $ I4 = "DIRECTORY" $ I5 = "AFTER_ON.COM" $ &I1 &I2 &I3 &I4 &I5 ! Build and run ON command $ I1 = "DIFFERENCES" ! Change items $ I2 = "NEW_FILE" $ I3 = "OLD_FILE" $ I4 = "SHOW" $ I5 = "TIME" $ RETURN 2 ! Create an error $ EXIT DCL> @ AFTER_ON.COM %NONAME-E-NOMSG, Message number 00000002 21-AUG-2008 02:59:22 DCL> The ampersands don't operate on I4 and I5 until the ON condition occurs. You would think that changing the items after the command should have no effect, right? Well, _I_ did before I somehow stumbled upon this some years ago. (This also works with the ON CONTROL_Y variation.) AFAIK, this only happens with the ON command. I can't think of any other command in which something like this could happen. (I'm excluding the case in which you have something like A = "&B". What happens there works as documented: ampersand substitution does not occur inside quotation marks; it is not a mystery.) Is this delayed-substitution effect somehow part of the ON command, or is this just an unintentional, though slightly useful, consequence of more general command processing? (See ON_SEVERITY.COM below for something useful.) Now the User's Manual says 12.13.2 Phase 2: Command Parsing In the command parsing phase: * The command interpreter analyzes the command line. It checks the first item on the line to see if it is a symbol. If it is, it is evaluated. * The command interpreter evaluates symbols preceded by ampersands from left to right. Symbol substitution during this phase is not iterative. But here we see that ampersand substitution for &I1 thru &I3 occurs before command execution, while for &I4 and &I5 it occurs only later when there is an error condition (or a control/y interrupt)! The chief use I can see for this is to set up a severity-level- dependent error handler. Example 2 DCL> TYPE ON_SEVERITY.COM $ ON WARNING THEN $ GOTO &$SEVERITY $ RETURN 'P1' $ EXIT $0: $ IF (.NOT.F$VERIFY()) THEN $ WRITE SYS$OUTPUT "WARNING" $ EXIT 0 $2: $ IF (.NOT.F$VERIFY()) THEN $ WRITE SYS$OUTPUT "ERROR" $ EXIT 2 $4: $ IF (.NOT.F$VERIFY()) THEN $ WRITE SYS$OUTPUT "SEVERE_ERROR" $ EXIT 4 DCL> DCL> @ ON_SEVERITY.COM 4 %NONAME-F-NOMSG, Message number 00000004 SEVERE_ERROR %NONAME-F-NOMSG, Message number 00000004 DCL> [You could also set this up so that the THEN command is a function of the value of some variable (symbol) in the procedure, but I haven't yet come up with an example that isn't blatantly contrived.] Example 3 DCL> @ SYM_ON.COM $! $ SYM_ON = "ON" $ SYM_SYM_ON = "SYM_ON" $! $ ON WARNING THEN SHOW ERROR ! (1) $ RETURN 0 %NONAME-W-NOMSG, Message number 00000000 %SHOW-S-NOERRORS, no device errors found $! $ SYM_ON WARNING THEN SHOW ERROR ! (2) $ RETURN 0 %NONAME-W-NOMSG, Message number 00000000 %SHOW-S-NOERRORS, no device errors found $! $ SYM_SYM_ON WARNING THEN SHOW ERROR ! (3) %DCL-W-IVVERB, unrecognized command verb - check validity and spelling \SYM_ON\ $ RETURN 0 %NONAME-W-NOMSG, Message number 00000000 $! $ &SYM_ON WARNING THEN SHOW ERROR ! (4) $ RETURN 0 %NONAME-W-NOMSG, Message number 00000000 %SHOW-S-NOERRORS, no device errors found $! $ &SYM_SYM_ON WARNING THEN SHOW ERROR! (5) $ RETURN 0 %NONAME-W-NOMSG, Message number 00000000 %SHOW-S-NOERRORS, no device errors found $! $ SET NOVERIFY DCL> Case 1: Normal ON command. Case 2: Using a symbol for ON. Works as expected: the first item on the line is evaluated as documented. Case 3: Two levels of symbol nesting. As expected, this doesn't work. Case 4: The ampersand changes the first item to ON and it works. I'm not sure if this contradicts the manual. Case 5: The ampersand changes the first item to SYM_ON, and _then_ DCL evaluates the symbol SYM_ON as ON. But isn't first-item symbol evaluation supposed to happen first, before ampersand substitution? So this shows (in cases 4 and 5) ampersand substitution occurring _before_ DCL checks to see if the first item is a symbol. Well, maybe it checks and sees the leading ampersand and executes that first while it's looking for an actual symbol? But doesn't that also contradict the manual? And if not, would that be considered "forced" ampersand evaluation? And what about my first example? My current theory is that the command interpreter evaluates the items from left to right and performs ampersand substitution in a single pass only when "it really has to", even if that's before what the manual says the first step. IOW, each item is fully evaluated before moving on to the next one, and somewhere during all this the command line is parsed; i.e., broken up into command verb, params, qualifiers and keywords, etc. This way, when the command interpreter processes an ON command, it knows it's an ON command before processing anything past the first item, and can therefore know delay ampersand substitution in the command part after THEN. The only thing about Phase 2 that I can tell for sure is that the manual is somewhat vague and certainly incomplete about what the command interpreter does at this level of detail. Can anyone explain what's going on here? (Yeah, this is not a real biggie; I'm just curious.) AEF ------------------------------ Date: Thu, 4 Sep 2008 21:43:21 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: [RBL] Current status? Message-ID: In article <6iakmbFpl207U2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > Not really. Those particular devices should be sending their email to > the real mailserver which should be the only one communicating with mail > servers in the the outside world. If network/system managers, in particular > ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order. Indeed. And, conversely, blocking email from machines which are not mail servers will get rid of 99% of SPAM. Many people do this, so even if someone is sending non-SPAM from such a machine, I think it is better to reject the connection AND TELL HIM ABOUT IT than to accept it. ------------------------------ End of INFO-VAX 2008.486 ************************