INFO-VAX Fri, 11 Jan 2008 Volume 2008 : Issue 21 Contents: Re: "USE" statement in Fortran A brief history of NTP time Re: Anyone interested in building a vms-like OS? Re: Anyone interested in building a vms-like OS? Re: Anyone interested in building a vms-like OS? Re: Anyone interested in building a vms-like OS? Re: Anyone interested in building a vms-like OS? Re: Anyone interested in building a vms-like OS? Re: Anyone interested in building a vms-like OS? Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick Re: Carl J. Lydick DCPS for OS-X/Unix ? Re: DCPS for OS-X/Unix ? Re: DCPS for OS-X/Unix ? Re: DCPS for OS-X/Unix ? Re: DoD use of VMS (was: Anyone interested in building a vms-like OS?) Re: How to set "From:" address in VMS MAIL Re: How to set "From:" address in VMS MAIL Re: Island Computers is moving Re: Island Computers is moving Re: Island Computers is moving Re: MAC and Current address Re: OT: Data security now an issue for aircraft Re: OT: Data security now an issue for aircraft Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Tivoli Storage Manager (TSM) on OVMS VAX-Related, Semi-OT ---------------------------------------------------------------------- Date: Thu, 10 Jan 2008 23:17:21 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: "USE" statement in Fortran Message-ID: In article , RLFitch writes: > If I try to compile some code that has a 'USE' statment the module > file must be in the same directory as the program code. Is it > possible to direct the 'USE' statment to use a file in some other > directory? > PROGRAM T > USE MOD1 I have a symbol about 200 characters long for my standard compile command. It has /INCLUDE=(A,B,C) where A, B and C are directories. So, I can automatically look for stuff in several directories (on several disks). ------------------------------ Date: Thu, 10 Jan 2008 22:08:08 +0100 From: Marc Van Dyck Subject: A brief history of NTP time Message-ID: For those interested by time management (NTP, et al), I suggest reading the paper "A brief history of NTP time" at http://www.cis.udel.edu/~mills/database/papers/history.pdf . It has nice references to Alpha systems being used systematically as time keepers because of the stability of their internal clock. I wonder which OS they are running and how they will be replaced once Alpha gets de-supported... -- Marc Van Dyck ------------------------------ Date: Thu, 10 Jan 2008 11:20:00 -0800 (PST) From: yyyc186 Subject: Re: Anyone interested in building a vms-like OS? Message-ID: <933974b0-aad0-46b3-b65d-85875a4db969@e10g2000prf.googlegroups.com> On Jan 10, 9:53 am, billg...@cs.uofs.edu (Bill Gunshannon) wrote: > > Say what?? I used Unix in DOD long before I saw my first DOD VMS machine. > And I never encountered a Eunich machine back when I did clearance work. > > So what does a "massively large company" getting "rid of OpenVMS" > have to do with wether or not DOD is still a bigt user? All it means is that one very large company which has publicly said they got rid of VMS is still using it for both their military and pilot project work. > > > > > Believe it or not, while my VMS experience is somewhat limited I > probably know more about the above than you do. I worked my first > DOD AIS in 1971. I didn't do clearance work until the 80's but have been out for quite a while. I do know there is a very large black ops project which started with OpenVMS about two years ago. Shiny new installation training shiny new people having a shiny new purpose. > > > > > >> They aren't interested. If they were, HP would be doing to get all > >> that money. Or, a major contractor, like LMCO, would be doing it with > >> HP's blessing. > > There is a significant difference between what the military is > > "interested" in and what it can get funding for through congress. In > > case you haven't watched any election campaign ads or debates, there > > is a trillion dollar war going on where thin-skinned Humvees get blown > > up like skeet. Politics and public opinion is currently redirecting > > every nickel it can to the purchase of body better armor and MRAP. > > Which has exactly what do with wether DOD buys VMS or Linux? The response was why the DOD hasn't paid HP to do this already. The DOD buys very little for itself. It forces its suppliers and contractors to use/provide items which meet their standards. ------------------------------ Date: 10 Jan 2008 19:50:03 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Anyone interested in building a vms-like OS? Message-ID: <5unb7bF1j15o2U1@mid.individual.net> In article <933974b0-aad0-46b3-b65d-85875a4db969@e10g2000prf.googlegroups.com>, yyyc186 writes: > On Jan 10, 9:53 am, billg...@cs.uofs.edu (Bill Gunshannon) wrote: >> >> Say what?? I used Unix in DOD long before I saw my first DOD VMS machine. >> > And I never encountered a Eunich machine back when I did clearance > work. Maybe, but my experience with DOD AIS goes back to 1971. (Which is before they called it AIS. :-) Considering the history of DARPA and what was available oevr that period it is a pretty safe bet that Unix go there a bit before VMS madxe its debut. :-) > >> >> So what does a "massively large company" getting "rid of OpenVMS" >> have to do with wether or not DOD is still a bigt user? > > All it means is that one very large company which has publicly said > they got rid of VMS is still using it for both their military and > pilot project work. I have never seen DOD publicly announce they were abandoning VMS. I have seen all the tools needed to get a VMS system certified and accredited pretty much disappear. If you can't get it accredited, you can't use it in DOD. I am sure there are still a few systems "grandfathered" into the system, but it does not appear that DISA is interested in accrediting VMS systems today. > >> >> >> >> >> Believe it or not, while my VMS experience is somewhat limited I >> probably know more about the above than you do. I worked my first >> DOD AIS in 1971. > > I didn't do clearance work until the 80's but have been out for quite > a while. I do know there is a very large black ops project which > started with OpenVMS about two years ago. Shiny new installation > training shiny new people having a shiny new purpose. A yes, another one of those mythical "I would tell you about it but then I would have to kill you" VMS sites. > >> >> >> >> >> >> They aren't interested. If they were, HP would be doing to get all >> >> that money. Or, a major contractor, like LMCO, would be doing it with >> >> HP's blessing. > > >> > There is a significant difference between what the military is >> > "interested" in and what it can get funding for through congress. In >> > case you haven't watched any election campaign ads or debates, there >> > is a trillion dollar war going on where thin-skinned Humvees get blown >> > up like skeet. Politics and public opinion is currently redirecting >> > every nickel it can to the purchase of body better armor and MRAP. >> >> Which has exactly what do with wether DOD buys VMS or Linux? > > The response was why the DOD hasn't paid HP to do this already. The > DOD buys very little for itself. It forces its suppliers and > contractors to use/provide items which meet their standards. Sigh, the DOD buys lots for itself. I am currently working on my needed certifications to go out and verify that these proposed installations actually meet DOD guidlines. There are currently no DOD guidelines for VMS systems. That doesn't mean there are and can be none, it does, however, mean that they are infrequent enough to be handled as exceptions rather than having pre-defined procedures. And considering the dwindling pool of VMS expertise before too long DOD will probably end out taking the easy route and merely turning down requests for VMS systems. DOD AIS is one place where the adage "Easier to ask forgiveness than permission" does not apply. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 10 Jan 2008 16:45:15 -0500 From: JF Mezei Subject: Re: Anyone interested in building a vms-like OS? Message-ID: <47869257$0$15736$c3e8da3@news.astraweb.com> Bob Koehler wrote: > VMS is alive and well in DoD. Just like everywhere else, its > presence is much smaller than it was in the 80's, but it's > still there. If VMS is not growing in DoD, you may still be able to claim "alive", but one could debate the "well". A corporation may *still* have a lot of VMS machines, but if the corportate strategy is to build any new apps on a different OS and eventually shrink the VMS ones to extinction, then while the numbers might still show a healthy VMS population at that company, it wouldn't be fair to call "well". It is a bit like having ots of healthy men on death row in a USA/Iranian/Chinese prison. Still alive but days are numbered. ------------------------------ Date: Thu, 10 Jan 2008 22:27:19 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Anyone interested in building a vms-like OS? Message-ID: In article <4781869B.FA5DD8F1@spam.comcast.net>, David J Dachtera writes: > There is a Free VMS project around. Haven't heard much about it lately, > though. Google this group for the Free VMS project. It's been around for years and what they have is very rudimentary. ------------------------------ Date: Thu, 10 Jan 2008 20:34:52 -0600 From: David J Dachtera Subject: Re: Anyone interested in building a vms-like OS? Message-ID: <4786D5CC.94F055F1@spam.comcast.net> Phillip Helbig---remove CLOTHES to reply wrote: > > In article <4781869B.FA5DD8F1@spam.comcast.net>, David J Dachtera > writes: > > > There is a Free VMS project around. Haven't heard much about it lately, > > though. Google this group for the Free VMS project. > > It's been around for years and what they have is very rudimentary. Remember the early days of Linux? David J Dachtera DJE Systems ------------------------------ Date: Thu, 10 Jan 2008 20:38:19 -0600 From: David J Dachtera Subject: Re: Anyone interested in building a vms-like OS? Message-ID: <4786D69B.1E454F62@spam.comcast.net> Bill Gunshannon wrote: > > In article , > koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > > In article <4783B4F2.3070807@comcast.net>, "Richard B. Gilbert" writes: > >> > >> It's been done already. It was called PCVMS. It gave you a DCL shell > >> and, IIRC, some VMS-like APIs. A toy, really. This was twelve or > >> fifteen years ago. . . . > > > > PCVMS is not an OS. It's a DCL shell and some toys that run on > > Windows. > > > > FreeVMS is an OS that runs on x86. And it's nowhere near done. > > Actually, FreeVMS is a DCL shell and some toys that run on a patched > Linux kernel. The OS is still Linux. Considering what people here > seem to think of Linux I can't believe that anybody here would take > this seriously. Be careful to distinguish between Linux, the kernel (vmlinuz) and "Linux", the UN*X-like operating environment (the GNU programs). Linus's kernel is a fair piece of work. No VMS, certainly, but it least provides a foundation on which to build. David J Dachtera DJE Systems ------------------------------ Date: Thu, 10 Jan 2008 19:35:13 -0800 (PST) From: yyyc186 Subject: Re: Anyone interested in building a vms-like OS? Message-ID: <5aa1c27f-5ba5-4391-8b6e-ee6be7a5417f@k39g2000hsf.googlegroups.com> On Jan 10, 1:50 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote: > A yes, another one of those mythical "I would tell you about it but then > I would have to kill you" VMS sites. > No, the person I know of is an actual HP employee. But it is neither here nor there. You are free to believe what you will. ------------------------------ Date: Thu, 10 Jan 2008 14:11:10 -0500 From: "Richard B. Gilbert" Subject: Re: Carl J. Lydick Message-ID: <47866DCE.8030502@comcast.net> Andreas W. Wylach wrote: > On 10 Jan., 19:39, "Richard B. Gilbert" > wrote: > >>Bob Koehler wrote: >> >>>In article <4a71ab9d-d89d-4a80-94c6-d1e3bf926...@e23g2000prf.googlegroups.com>, yyyc186 writes: >> >>>>Hello, >>> >>>>Does anyone here have a method of getting in touch with Carl J. >>>>Lydick? Quite some time ago he posted GENTMPFILENAME.COM, and I would >>>>like to talk with him about it. The email address associated with the >>>>post is no longer valid. >>> >>> You'ld have to go to hell. Unless he got really lucky. >> >>Now, now. . . . >> >>Having no patience with idiots is not that great a sin. >> >>"Mit der dumheit kämpfen die götter selbst vergeben!" > > > Das ist doch eine Google Uebersetzung, oder? ..?? > No, it's a quote! Fifty years ago, I could have told you the source. ------------------------------ Date: Fri, 11 Jan 2008 08:42:02 +1100 From: Phaeton Subject: Re: Carl J. Lydick Message-ID: <4786912a$1_3@news.chariot.net.au> Richard B. Gilbert wrote: > Andreas W. Wylach wrote: >> On 10 Jan., 19:39, "Richard B. Gilbert" >> wrote: >> >>> Bob Koehler wrote: >>> >>>> In article >>>> <4a71ab9d-d89d-4a80-94c6-d1e3bf926...@e23g2000prf.googlegroups.com>, >>>> yyyc186 writes: >>> >>>>> Hello, >>>> >>>>> Does anyone here have a method of getting in touch with Carl J. >>>>> Lydick? Quite some time ago he posted GENTMPFILENAME.COM, and I would >>>>> like to talk with him about it. The email address associated with the >>>>> post is no longer valid. >>>> >>>> You'ld have to go to hell. Unless he got really lucky. >>> >>> Now, now. . . . >>> >>> Having no patience with idiots is not that great a sin. >>> >>> "Mit der dumheit kämpfen die götter selbst vergeben!" >> >> >> Das ist doch eine Google Uebersetzung, oder? ..?? >> > No, it's a quote! Fifty years ago, I could have told you the source. > There are a few hits on Google in this format : "Gegen Dummheit kämpfen Götter selbst vergeben!" The above might be a paraphrase of Nietzsche's(?) saying : "Gegen die Langeweile kämpfen Götter selbst vergeben." I might be wrong, as I don't speak German :-) Cheers, Csaba ---------------------------------------------------------------------------------- |d|i|g|i|t|a|l| http://csabaharangozo.blogspot.com ---------------------------------------------------------------------------------- EARTH::AUSTRALIA:[SYDNEY]HARANGOZO.CSABA;1, delete? [N]: All things being equal, fat people use more soap. ------------------------------ Date: Thu, 10 Jan 2008 22:40:02 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Carl J. Lydick Message-ID: In article <4a71ab9d-d89d-4a80-94c6-d1e3bf92633d@e23g2000prf.googlegroups.com>, yyyc186 writes: > Does anyone here have a method of getting in touch with Carl J. > Lydick? Quite some time ago he posted GENTMPFILENAME.COM, and I would > like to talk with him about it. The email address associated with the > post is no longer valid. He died several years ago. http://alumnus.caltech.edu/~vance/carl_lydick.html I don't think it exists anymore, but there used to be an "internet memorial" to Carl, titled, appropriately, The Eternal Flame. ------------------------------ Date: Thu, 10 Jan 2008 22:50:32 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Carl J. Lydick Message-ID: In article , "Andreas W. Wylach" writes: > > "Mit der dumheit kämpfen die götter selbst vergeben!" > > Das ist doch eine Google Uebersetzung, oder? ..?? Wenn, dann eine Rückübersetzung. Continuing in English for the majority of our readers: If it is a Google (or other) translation, then actually a back-translation, since I think the original quote is in German, by Friedrich Schiller. OK, I'm running CSWB on a DEC 3000/600 (slow but it works) displaying on a VAXstation 4000/90A with a huge DEC monitor. Google says: "Mit der Dummheit kämpfen Götter selbst vergebens." Friedrich Schiller, Die Jungfrau von Orléans. The usual English translation is: "Against stupidity, the gods themselves contend in vain." By the way, this is the source for the title of Isaac Asimov's (whom I mentioned in another thread today) novel The Gods Themselves. Usual translations: Einstein's famous "Raffiniert ist der Herrgott, aber boshaft ist er nicht" is usual translated as "The Lord is subtle, but not malicious". In his book Subtle is the Lord... (an excellent scientific biography of Einstein), Abraham Pais notes that Einstein's own translation was "God may be slick, but he ain't mean". ------------------------------ Date: Thu, 10 Jan 2008 18:05:17 -0500 From: "Richard B. Gilbert" Subject: Re: Carl J. Lydick Message-ID: <4786A4AD.4020403@comcast.net> Phillip Helbig---remove CLOTHES to reply wrote: > In article > , > "Andreas W. Wylach" writes: > > >>>"Mit der dumheit kämpfen die götter selbst vergeben!" >> >>Das ist doch eine Google Uebersetzung, oder? ..?? > > > Wenn, dann eine Rückübersetzung. Continuing in English for the majority > of our readers: If it is a Google (or other) translation, then actually > a back-translation, since I think the original quote is in German, by > Friedrich Schiller. > It's not a Google, or any other, translation. I encountered the quote somewhere, in the original German, and memorized it. No, I did not read "Die Jungrau von Orleans" from which it came originally. ------------------------------ Date: Thu, 10 Jan 2008 23:35:17 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Carl J. Lydick Message-ID: In article <4786A4AD.4020403@comcast.net>, "Richard B. Gilbert" writes: > Phillip Helbig---remove CLOTHES to reply wrote: > > In article > > , > > "Andreas W. Wylach" writes: > > > > > >>>"Mit der dumheit kämpfen die götter selbst vergeben!" > >> > >>Das ist doch eine Google Uebersetzung, oder? ..?? > > > > > > Wenn, dann eine Rückübersetzung. Continuing in English for the majority > > of our readers: If it is a Google (or other) translation, then actually > > a back-translation, since I think the original quote is in German, by > > Friedrich Schiller. > > > It's not a Google, or any other, translation. I encountered the quote > somewhere, in the original German, and memorized it. No, I did not read > "Die Jungrau von Orleans" from which it came originally. There should be an "s" at the end of "vergeben" and götter should be capitalised. This is probably why some suspected an automatic translation, since it had some errors. ------------------------------ Date: Thu, 10 Jan 2008 16:48:09 -0800 (PST) From: AEF Subject: Re: Carl J. Lydick Message-ID: <256ae498-b563-4eb9-a368-03e7aa15c3e2@q77g2000hsh.googlegroups.com> On Jan 10, 1:39 pm, "Richard B. Gilbert" wrote: > Bob Koehler wrote: > > In article <4a71ab9d-d89d-4a80-94c6-d1e3bf926...@e23g2000prf.googlegroups.com>, yyyc186 writes: > > >>Hello, > > >>Does anyone here have a method of getting in touch with Carl J. > >>Lydick? Quite some time ago he posted GENTMPFILENAME.COM, and I would > >>like to talk with him about it. The email address associated with the > >>post is no longer valid. > > > You'ld have to go to hell. Unless he got really lucky. > > Now, now. . . . > > Having no patience with idiots is not that great a sin. Calling people SFB's is a little beyond not having patience. Still yet again an understatement about Carl's behavior. [...] But you forget how hypocritical he was. He posted stuff he didn't check (like his very incorrect explanation of how BACKUP/FAST works) and he told one poster who asked how you could stop dead in a nested DCL command procedure that it couldn't be done, at least not easily. People responded with HELP STOP! The great CJL didn't know about STOP! (I can't find the STOP bit with Google -- but I may still have it in my old personal cov archives!) I can't believe all the praise this guy is getting. Maybe I should try severely flaming people and being hypocritical about it! OK, yes, he often came up with useful stuff, but that doesn't excuse his dark side. AEF ------------------------------ Date: Thu, 10 Jan 2008 20:28:36 -0500 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: Carl J. Lydick Message-ID: <4786c644$0$90274$14726298@news.sunsite.dk> Bob Koehler wrote: > In article <4a71ab9d-d89d-4a80-94c6-d1e3bf92633d@e23g2000prf.googlegroups.com>, yyyc186 writes: >> Does anyone here have a method of getting in touch with Carl J. >> Lydick? Quite some time ago he posted GENTMPFILENAME.COM, and I would >> like to talk with him about it. The email address associated with the >> post is no longer valid. > > You'ld have to go to hell. Unless he got really lucky. Do not speak evil oft the dead. Arne ------------------------------ Date: Thu, 10 Jan 2008 20:54:38 -0500 From: "Richard B. Gilbert" Subject: Re: Carl J. Lydick Message-ID: <4786CC5E.5050407@comcast.net> Phillip Helbig---remove CLOTHES to reply wrote: > In article <4786A4AD.4020403@comcast.net>, "Richard B. Gilbert" > writes: > > >>Phillip Helbig---remove CLOTHES to reply wrote: >> >>>In article >>>, >>>"Andreas W. Wylach" writes: >>> >>> >>> >>>>>"Mit der Dumheit kämpfen die götter selbst vergebens!" >>>> >>>>Das ist doch eine Google Uebersetzung, oder? ..?? >>> >>> >>> Das ist doch eine Google Uebersetzung, oder?. Continuing in English for the majority >>>of our readers: If it is a Google (or other) translation, then actually >>>a back-translation, since I think the original quote is in German, by >>>Friedrich Schiller. >>> >> >>It's not a Google, or any other, translation. I encountered the quote >>somewhere, in the original German, and memorized it. No, I did not read >>"Die Jungrau von Orleans" from which it came originally. > > > There should be an "s" at the end of "vergeben" and götter should be > capitalised. This is probably why some suspected an automatic > translation, since it had some errors. > The errors are due entirely to my failing memory. ------------------------------ Date: Fri, 11 Jan 2008 03:03:23 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Carl J. Lydick Message-ID: <%%Ahj.4$h04.1@newsfe09.lga> In article <256ae498-b563-4eb9-a368-03e7aa15c3e2@q77g2000hsh.googlegroups.com>, AEF writes: > > >On Jan 10, 1:39 pm, "Richard B. Gilbert" >wrote: >> Bob Koehler wrote: >> > In article <4a71ab9d-d89d-4a80-94c6-d1e3bf926...@e23g2000prf.googlegroups.com>, yyyc186 writes: >> >> >>Hello, >> >> >>Does anyone here have a method of getting in touch with Carl J. >> >>Lydick? Quite some time ago he posted GENTMPFILENAME.COM, and I would >> >>like to talk with him about it. The email address associated with the >> >>post is no longer valid. >> >> > You'ld have to go to hell. Unless he got really lucky. >> >> Now, now. . . . >> >> Having no patience with idiots is not that great a sin. > >Calling people SFB's is a little beyond not having patience. Still yet >again an understatement about Carl's behavior. He was, I believe, not in the least an ill-natured man: very much the opposite, I should say; but he would not suffer fools gladly. -- George Bernard Shaw, Pygmalion >But you forget how hypocritical he was. He posted stuff he didn't >check (like his very incorrect explanation of how BACKUP/FAST works) >and he told one poster who asked how you could stop dead in a nested >DCL command procedure that it couldn't be done, at least not easily. >People responded with HELP STOP! The great CJL didn't know about STOP! >(I can't find the STOP bit with Google -- but I may still have it in >my old personal cov archives!) > >I can't believe all the praise this guy is getting. Maybe I should try >severely flaming people and being hypocritical about it! OK, yes, he >often came up with useful stuff, but that doesn't excuse his dark >side. C'est la vie. Carl was, whether you like it or not, part of the history of this and several other VMS focused newsgroups. Comp.os.vms isn't any church social, nor is it a bar room brawl. However, c.o.v. has, in its history, been at both of these boundary extremes. I enjoy a good, well deserved flame; I also enjoy a good technical discussion. Comp.os.vms, as well as the late Carl, provided both. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Thu, 10 Jan 2008 17:38:37 -0500 From: JF Mezei Subject: DCPS for OS-X/Unix ? Message-ID: <47869f4e$0$16152$c3e8da3@news.astraweb.com> On unix, at the shell prompt, what is the expected practice to print a text file to a postscript printer ? On VMS, we have DCPS which will automatically translate a text file (in fact, it will know how to handle LN03/ANSI print sequences as well) and spews it out to the printer. Is there some equivalent built-into most Unixes ? Or would the easiest way be to just write a postscript prologue which will then print the text data that follows ? (and you print both together). ------------------------------ Date: Fri, 11 Jan 2008 00:53:50 +0200 From: =?ISO-8859-1?Q?Uusim=E4ki?= Subject: Re: DCPS for OS-X/Unix ? Message-ID: <4786a121$0$14988$9b536df3@news.fv.fi> JF Mezei wrote: > On unix, at the shell prompt, what is the expected practice to print a > text file to a postscript printer ? > > On VMS, we have DCPS which will automatically translate a text file (in > fact, it will know how to handle LN03/ANSI print sequences as well) and > spews it out to the printer. > > Is there some equivalent built-into most Unixes ? > > Or would the easiest way be to just write a postscript prologue which > will then print the text data that follows ? (and you print both together). On Tru64 there is a similar application: Advanced Printing (APX) http://h30097.www3.hp.com/printing/apx.html It works much like DCPS (you make queues with different features etc) and even the flag page is almost an exact copy of DCPS's flag page. I haven't investigated it closer, but could be that it is a unix port of DCPS. A generic way to print PS documents directly from the command line in most unices is to use a output filter on the queue (of in /etc/printcap). There are ready-made PS filters for that. Kari ------------------------------ Date: Fri, 11 Jan 2008 01:27:22 +0000 (UTC) From: Dale Dellutri Subject: Re: DCPS for OS-X/Unix ? Message-ID: On Thu, 10 Jan 2008 17:38:37 -0500, JF Mezei wrote: > On unix, at the shell prompt, what is the expected practice to print a > text file to a postscript printer ? > On VMS, we have DCPS which will automatically translate a text file (in > fact, it will know how to handle LN03/ANSI print sequences as well) and > spews it out to the printer. > Is there some equivalent built-into most Unixes ? > Or would the easiest way be to just write a postscript prologue which > will then print the text data that follows ? (and you print both together). Depending on the print server (CUPS, for eaxmple), it could be as simple as: $ lpr or other programs can format the text file first, for example: $ fold -s | pr -F -l66 -h"" | lpr which folds the text lines at word breaks so each line is less than 80 characters, then pr puts on headers, then lpr prints it. Or if you want to simply create a Postscript file from a text file, you could use a2ps or enscript or other programs. If you're printing an already created Postscript file, use $ lpr -l The "-l" says send it raw; i.e., don't convert it to Postscript first. And other possibilities. -- Dale Dellutri (lose the Q's) ------------------------------ Date: Fri, 11 Jan 2008 02:50:33 GMT From: Bob Harris Subject: Re: DCPS for OS-X/Unix ? Message-ID: In article <47869f4e$0$16152$c3e8da3@news.astraweb.com>, JF Mezei wrote: > On unix, at the shell prompt, what is the expected practice to print a > text file to a postscript printer ? > > On VMS, we have DCPS which will automatically translate a text file (in > fact, it will know how to handle LN03/ANSI print sequences as well) and > spews it out to the printer. > > Is there some equivalent built-into most Unixes ? > > Or would the easiest way be to just write a postscript prologue which > will then print the text data that follows ? (and you print both together). On Mac OS X, open the Postscript file with Applications -> Preview and print from there. That works very well. Generic *nix, you can use Ghostscript to print Postscript documents. If your generic *nix does not already have Ghostscript, it can generally be compiled for a given distribution of *nix. Bob Harris ------------------------------ Date: 10 Jan 2008 13:39:18 -0600 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: DoD use of VMS (was: Anyone interested in building a vms-like OS?) Message-ID: In article <5un7oiF1ib37qU2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > In article , > koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >> In article <5uhp5nF1i07l1U1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: >>> >>> You guys need to give this one a rest. It isn't true and there is >>> much more evidence to supoport the lack of VMS in DOD then there is >>> to try and support its presence. >> >> VMS is alive and well in DoD. Just like everywhere else, its >> presence is much smaller than it was in the 80's, but it's >> still there. > > Yeah, it's so prevalent that the approving authority for AIS in DOD > hasn't seen fit to upgrade their Security Readiness Review Evaluation > Scripts since 2005. What has changed in VMS security since 2005 ? For that matter, what has changed in DoD security requirements since DoD Instruction 8500.2 was released on February 6, 2003 ? I do believe that DoD's "VMS-OpenVMS SRRChklst V2R2-3.html" OpenVMS Security Checklist dated April 17, 2006 by OMEGAMON is pretty poor, but it is about the same as the previous two versions. I don't think their updating process works when applied, but of course I have a vested interest. ------------------------------ Date: Thu, 10 Jan 2008 22:15:56 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: How to set "From:" address in VMS MAIL Message-ID: In article <5138d915-cc4b-4f19-b10d-d016355c0eeb@e6g2000prf.googlegroups.com>, Ken.Fairfield@gmail.com writes: > So I'm looking for a no-cost work-around. The logical name TCPIP$SMTP_FROM. ------------------------------ Date: Thu, 10 Jan 2008 22:19:02 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: How to set "From:" address in VMS MAIL Message-ID: In article <5uf4oqF1geadbU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > If there is any way for the user to change the From: header of an > outgoing Email that would be a major security flaw in VMS. Unless > you don't see forging email as a security problem! Talking VMS MAIL and HP TCPIP here. Yes, the user can set it via a logical. However, the system manager can prevent this, and also the real address is included in an extra header. There are MANY reasons to legitimately change the default From: header. ------------------------------ Date: 10 Jan 2008 19:02:56 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Island Computers is moving Message-ID: <5un8f0F1ib37qU4@mid.individual.net> In article , "Tom Linden" writes: > On Wed, 09 Jan 2008 16:36:17 -0800, Richard B. Gilbert > wrote: > >> Michael Kraemer wrote: >>> Richard B. Gilbert schrieb: >>> >>>> The last I heard, the licenses, with "units" for a workstation were >>>> about $1500 each. VMS Base, VMS User, DECWindows, UCX, . . . . >>>> >>>> It adds up quickly! >>> Well, how many such boxes does one need for a decent service ? >>> I find it hard to imagine that the associated licenses would >>> exceed a low five digit figure. >> >> My data on pricing is several years old! Has anybody bought license >> recently? >> >>> (and, BTW, it is beyond my comprehension that commodity >>> stuff like DECwindows and a TCP/IP stack which have seen >>> little development for ages still are charged extra) >>> >> >> This IS H-P we're dealing with! Do you really expect to pay anything >> less than top dollar? They don't need you for anything; selling ink >> keeps them fat and happy. >> > > I would guess that Island is a DSPP and so there licenses are free Can DSPP members use those licenses for the day-to-day administrative operation of their business? I was under the impression those licenses were for development only and not for running your business. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 10 Jan 2008 13:43:04 -0600 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: Island Computers is moving Message-ID: In article <5un8f0F1ib37qU4@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > In article , > "Tom Linden" writes: >> I would guess that Island is a DSPP and so there licenses are free > > Can DSPP members use those licenses for the day-to-day administrative > operation of their business? I was under the impression those licenses > were for development only and not for running your business. That is correct. The approved purposes are development and demonstration. ------------------------------ Date: Thu, 10 Jan 2008 15:18:32 -0800 From: "Tom Linden" Subject: Re: Island Computers is moving Message-ID: On Thu, 10 Jan 2008 11:43:04 -0800, Larry Kilgallen wrote: > In article <5un8f0F1ib37qU4@mid.individual.net>, billg999@cs.uofs.edu > (Bill Gunshannon) writes: >> In article , >> "Tom Linden" writes: > >>> I would guess that Island is a DSPP and so there licenses are free >> >> Can DSPP members use those licenses for the day-to-day administrative >> operation of their business? I was under the impression those licenses >> were for development only and not for running your business. > > That is correct. The approved purposes are development and > demonstration. But they could be demonstrating, first hand, WASD/OpenVMS on HP hardware. -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: 10 Jan 2008 14:33:25 -0500 From: brooks@cuebid.zko.hp.nospam (Rob Brooks) Subject: Re: MAC and Current address Message-ID: "Tom Linden" writes: > I note that since 7.3-2 that > mc lancp show config > prints both MAC and Current address and that for DE500 > they are the same but for DE600 they are different. Note that $ SHOW DEVICE /FULL [lan device] will display MAC addresses for V8.3 and beyond. -- Rob Brooks MSL -- Nashua brooks!cuebid.zko.hp.com ------------------------------ Date: Thu, 10 Jan 2008 16:41:29 -0500 From: JF Mezei Subject: Re: OT: Data security now an issue for aircraft Message-ID: <47869175$0$15736$c3e8da3@news.astraweb.com> IanMiller wrote: > See Bruce Schnier's blog for some sensible comment on this > http://www.schneier.com/blog/archives/2008/01/hacking_the_boe.html > This guy didn't read it right. There is no accusation of securit problems. The FAA just needs to make sure there arte no security problems. And it isn't a question of passengers taking control of the aircraft from their laptops while playing MS Flight Simulator. The issue here is that the 787's information systems will be able to connect to an airline network while at airport. This allows them to download all sorts of information to the aircraft (weather reports etc), access the aircraft's data recorder to spot any maintenance issues that occured in the last flight, and possibly update any airport data (for instance, runway XX closed at airport YY). There is probably more which can be done in maintenance mode. Whether airlines use the same infrastructure to transmit new movies to the passenger entertainment system is not known. But it is likely that any credit card transactiosn made during the flight (duty free stuff etc) would then be submitted via wireless to the airline's airport network for processing. (unless those would be done via staellite during flight) It is normal that the FAA be weary and require proper analysis. When the Airbus A320 was introduced, the FAA was shown to be incompetant since they had not thought about testing software quality assurance. (this was a totally new concept for passenger aircraft). As a result, there were a lot of bugs in the A320 that were only detected well after the A320 was put into production with paying passengers. (for instance, changing cabin temperature during certain phase of flight would also affect the engine thrust levels). the FAA learned its lesson from this and now requires far greater testing of aircraft when Boeing/Airbus introduce new gizmos. ------------------------------ Date: Thu, 10 Jan 2008 21:09:15 -0600 From: David J Dachtera Subject: Re: OT: Data security now an issue for aircraft Message-ID: <4786DDDB.58473619@spam.comcast.net> "P. Sture" wrote: > > In article > <4bf71cba-8f70-4926-9391-326f7dc384e6@d21g2000prf.googlegroups.com>, > IanMiller wrote: > > > See Bruce Schnier's blog for some sensible comment on this > > http://www.schneier.com/blog/archives/2008/01/hacking_the_boe.html > > Gotta love this reader's comment: > > 5 years ago (issue 2003/1), this was a cartoon in the german it-paper > c't: > > http://www.heise.de/ct/schlagseite/03/01/gross.jpg > > Translation: > > New device found > Device: Airbus A310 > > Start auto configuration? > > [OK] [cancel] I was thinking along the lines of: +--------------------------------------+ | The Flight Controls have been moved. | | | | Windows must be restarted | | for the change to take effect. | | | | [Restart Now] [Cancel] | +--------------------------------------+ David J Dachtera DJE Systems ------------------------------ Date: Thu, 10 Jan 2008 13:58:13 -0500 From: "Richard B. Gilbert" Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <47866AC5.8010806@comcast.net> Bob Koehler wrote: > In article <478384E6.90203@comcast.net>, "Richard B. Gilbert" writes: > >>I'd advise a 90 day lifetime and eight character minimum. Train the >>users! They should not use theirs pet's name, husband's name, name of >>the street they live on, etc! Suggest that they invent a new word or >>miss spell a word creatively. Strings like "knobnoxious" or "snickels" >>are quite secure and quite memorable if the user invents his/her own. > > > Common intentional misspellings, like Mi$$p311ing$, can used to > meet all the "strong" password criteria, but are well known by > the cracker programs. > You get three guesses before you're locked out! Subsequent attempts merely increase the amount of time during which even the correct password will fail. Under these circumstances, "cracker programs" have a tough job! The attempts and subsequent failures will be noticed by a system manager who is paying attention. It's not easy to break into a VMS system unless you have access to the system console! At my last job I had about 300 users and I saw a LOT of forgotten passwords and unsuccessful attempts to break in! The most common case was when someone was required to change her password and promptly forgot the new one! And there was the guy in finance who had to log in once each quarter to get some number out of the database. . . . ------------------------------ Date: 10 Jan 2008 18:58:59 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <5un87jF1ib37qU3@mid.individual.net> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article , "P. Sture" writes: >> >> "At 31 characters long, my password is all but unhackable." One of my >> first Linux installations silently dropped characters at the end of >> passwords and only used the first 6 characters. OK that was back in >> 2000, but think about it... >> > > When I installed 0.99, passwd and login could handle long passwords, > but the FTP server couldn't. So I downloaded the ftp server code and > just tuncated the input at 8 characters. > > Yep, worked fine. I even tried some different 9th characters. Truncated the input where? If passwd created encrypted strings for passwords longer than 8 characters there is no way that the ftpd could take 8 characters encrypt them and have it match what was in the password file. Now, if you mean you truncated all passwords to 8 characters that is something totally different. But I have to admit to being baffled how ftpd could be using different password code than passwd or login. Unless you were running static binaries built on incompatable systems. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 10 Jan 2008 14:00:38 -0500 From: "Richard B. Gilbert" Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <47866B56.90304@comcast.net> Bob Koehler wrote: > In article <4783f26b$0$15789$c3e8da3@news.astraweb.com>, JF Mezei writes: > >>The syetem gererated passwords require the user write them down on a >>post-it note that is permanently attached to their monitor. > > > Not in our facilities. You WILL memorise that generated password. > And if you believe that, I can offer you a great deal on a well known New York City bridge! ------------------------------ Date: Thu, 10 Jan 2008 22:57:54 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article <7e686001-d849-4c98-a94f-36bcaf04ccc0@41g2000hsy.googlegroups.com>, AEF writes: > Longer is stronger. Contrary to CW, forcing users to use complex > passwords is more pain than gain. You gain A LOT MORE SECURITY by > making passwords longer vs. making them complex. Yes. For the same reason, long usernames get less spam. > Exactly. This is yet another reason why increasing length is much > better than increasing "complexity". The only complexity checks should > be for stupid passwords like AAAAAAAAA or 12345678 and the like. > Things like using O's for zeros are not going to help much at all and > just make the system admin's job harder than it has to be. Indeed. I have seen some expensive systems approved by expensive security consultants which have all sorts of checks, require mixed case, numbers, non-alphanumeric characters, letters etc. However, choosing a number in the password and increasing it by 1 when the password needed to be changed passed all the tests. I don't really see the point of a relatively long lifetime. Either a day or so, if it is for a test account or something, or infinite (which gives the user a chance to think of a good, long password---ONCE). In what situation will a lifetime of, say, a month help me? ------------------------------ Date: Thu, 10 Jan 2008 23:07:56 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article , VAXman- @SendSpamHere.ORG writes: > The humor of the VMS team never ceases to amuse. My hovercraft is full of eels! ------------------------------ Date: Thu, 10 Jan 2008 15:18:29 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: On Jan 10, 1:58 pm, "Richard B. Gilbert" wrote: > Bob Koehler wrote: > > In article <478384E6.90...@comcast.net>, "Richard B. Gilbert" writes: > > >>I'd advise a 90 day lifetime and eight character minimum. Train the > >>users! They should not use theirs pet's name, husband's name, name of > >>the street they live on, etc! Suggest that they invent a new word or > >>miss spell a word creatively. Strings like "knobnoxious" or "snickels" > >>are quite secure and quite memorable if the user invents his/her own. > > > Common intentional misspellings, like Mi$$p311ing$, can used to > > meet all the "strong" password criteria, but are well known by > > the cracker programs. > > You get three guesses before you're locked out! Subsequent attempts > merely increase the amount of time during which even the correct > password will fail. Under these circumstances, "cracker programs" have > a tough job! > > The attempts and subsequent failures will be noticed by a system manager > who is paying attention. It's not easy to break into a VMS system > unless you have access to the system console! At my last job I had > about 300 users and I saw a LOT of forgotten passwords and unsuccessful > attempts to break in! The most common case was when someone was > required to change her password and promptly forgot the new one! And > there was the guy in finance who had to log in once each quarter to get > some number out of the database. . . . Consider the case where a backup tape gets lost or stolen. One could then copy the relevant files to one's own system and crack away. There are occasional stories in the news about backup tapes disappearing (well, at least once, I'm pretty sure), so it is not out of the question. And this is a good reason to change passwords periodically. AEF AEF ------------------------------ Date: Thu, 10 Jan 2008 15:28:48 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <4b1b7de3-a54d-44f4-903b-13c6a5b11139@d4g2000prg.googlegroups.com> On Jan 8, 8:49 am, Jan-Erik S=F6derholm wrote: > Larry Kilgallen wrote: > > In article , =3D?ISO-8859-1?Q?Jan-E= rik_S=3DF6derholm?=3D writes: > > >> In many places in the VMS docs one is recomended > >> to use the /GENERATE option of SET PASS (or the > >> correspending flag in SYSUAF). What is the current > >> view of these generated passwords ? How safe are they > >> against hacking/probing/directory-attacs ? > > > Certainly generated passwords are better than human-chosen passwords. > > Yes, that's what I was thinking about. I showed some of the > generated passwords (with /gen=3D10) and they said they didn't > looked "safe" at all... :-) > > Some wanted mixed-case to have "safe" passwords... Tell them to do the math and read the InfoWorld articles I posted elsewhere in this thread. Show them some optical illusions. Ask them which seems bigger: 9**99 or 99*9? And then show them. I don't know what they'd guess, but you need to demonstrate that you can't go by gut feeling to get the right answer to such things. There may be some better demonstrations. Or you can show them the calculations that shows that adding one or two characters to the length gives more possibilities to check than going to mixed case. > > And yes, I know about the anti-breakin tools. But I was > mainly interested inte level of security in the generated > passwords as such. One thing one asks is how many of them > are there ? That is, if one know how the "generation" is > done, what is the chance/risk to be able to generate a > matching password ? > > Jan-Erik. I think you need to be more specific with this question. AEF ------------------------------ Date: Thu, 10 Jan 2008 16:36:09 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <9e570cc6-899d-4f7b-b5d1-4f650bf9a382@k39g2000hsf.googlegroups.com> On Jan 8, 9:24 am, Jan-Erik S=F6derholm wrote: > Richard B. Gilbert wrote: > > Jan-Erik S=F6derholm wrote: > >> In many places in the VMS docs one is recomended > >> to use the /GENERATE option of SET PASS (or the > >> correspending flag in SYSUAF). What is the current > >> view of these generated passwords ? How safe are they > >> against hacking/probing/directory-attacs ? > > >> Jan-Erik. > > > The generated passwords are as safe and secure as any other passwords. > > > Passwords are not the problem! Users are the problem!! > > Hold it ! > I know everything about all that. I was *specificaly* asking > about the builtin security of the *generated* passwords. > Nothing else... :-) In some ways they're much safer as it avoids the problem of hackers guessing English words. That's the motivation. But it also increases the odds that users will write down the passwords. Then the danger with that depends on how dangerous the people who walk by are! Cracking programs, I assume, start with easy things like patterns of letters and numbers and various combinations of English words. Generated passwords will take longer to crack with such programs. But to be able to even use such a program you either need a copy of the authorization file on your own VMS system or access to a very poorly set up VMS system. So, it depends on all these things and others I can't think of offhand. Certainly, increasing the length of the password is much better than making it complex. Most "complex passwords" won't really be all that complex at all: They'll have only one punctuation character and one number and one different case letter, which means you get little benefit from it, and increased likelihood that users will write down such passwords. Tell "them", whoever they are: LONGER IS STRONGER. PERIOD. COMPLEX IS MORE PAIN THAN GAIN. [...] AEF ------------------------------ Date: Thu, 10 Jan 2008 16:36:50 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <6efd2e81-ec41-414a-a7fc-0a38f07b2989@k39g2000hsf.googlegroups.com> On Jan 8, 8:49 am, Jan-Erik S=F6derholm wrote: > Larry Kilgallen wrote: > > In article , =3D?ISO-8859-1?Q?Jan-E= rik_S=3DF6derholm?=3D writes: > > >> In many places in the VMS docs one is recomended > >> to use the /GENERATE option of SET PASS (or the > >> correspending flag in SYSUAF). What is the current > >> view of these generated passwords ? How safe are they > >> against hacking/probing/directory-attacs ? > > > Certainly generated passwords are better than human-chosen passwords. > > Yes, that's what I was thinking about. I showed some of the > generated passwords (with /gen=3D10) and they said they didn't > looked "safe" at all... :-) Who are "they"? > Some wanted mixed-case to have "safe" passwords... Explain to them how the increase in safety is not worth the trouble. > > And yes, I know about the anti-breakin tools. But I was > mainly interested inte level of security in the generated > passwords as such. One thing one asks is how many of them > are there ? That is, if one know how the "generation" is > done, what is the chance/risk to be able to generate a > matching password ? > > Jan-Erik. ------------------------------ Date: Fri, 11 Jan 2008 02:47:15 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > > >In article , VAXman- @SendSpamHere.ORG >writes: > >> The humor of the VMS team never ceases to amuse. > >My hovercraft is full of eels! One of my faves was: What city, plez? -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Fri, 11 Jan 2008 03:28:47 +0000 (UTC) From: moroney@world.std.spaamtrap.com (Michael Moroney) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >In article , VAXman- @SendSpamHere.ORG >writes: > >> The humor of the VMS team never ceases to amuse. > >My hovercraft is full of eels! $ exit %x34b4 ------------------------------ Date: 10 Jan 2008 21:56:05 -0600 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > I don't really see the point of a relatively long lifetime. Either a > day or so, if it is for a test account or something, or infinite (which > gives the user a chance to think of a good, long password---ONCE). In > what situation will a lifetime of, say, a month help me? Password lifetimes limit the exposure to password sniffing. ------------------------------ Date: 10 Jan 2008 22:00:21 -0600 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article <9e570cc6-899d-4f7b-b5d1-4f650bf9a382@k39g2000hsf.googlegroups.com>, AEF writes: > On Jan 8, 9:24 am, Jan-Erik S=F6derholm > wrote: >> Hold it ! >> I know everything about all that. I was *specificaly* asking >> about the builtin security of the *generated* passwords. >> Nothing else... :-) > > In some ways they're much safer as it avoids the problem of hackers > guessing English words. That's the motivation. The motivation is also to keep users from using the same password on multiple systems. > Tell "them", whoever they are: LONGER IS STRONGER. PERIOD. COMPLEX IS > MORE PAIN THAN GAIN. But for reasonable values on VMS, that doesn't matter. Breakin evasion will protect you, except in the case of backup tape theft, where nothing will protect you. ------------------------------ Date: Thu, 10 Jan 2008 23:17:02 -0500 From: JF Mezei Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <4786ee9e$0$16170$c3e8da3@news.astraweb.com> AEF wrote: > Tell "them", whoever they are: LONGER IS STRONGER. PERIOD. COMPLEX IS > MORE PAIN THAN GAIN. Having a mandated password length is however a weakness since anyone with some insider knowledge will know how to configure his password guessing program to only try passwords of the mandated length. Having variable password lengths means that the hackers don't know how long a password will be and thus greatly increases the number of attempts they must make before they get to the password. ------------------------------ Date: Fri, 11 Jan 2008 04:58:35 GMT From: Malcolm Dunnett Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <%HChj.26823$fj2.19868@edtnps82> Larry Kilgallen wrote: > But for reasonable values on VMS, that doesn't matter. Breakin evasion > will protect you, except in the case of backup tape theft, where nothing > will protect you. Well, encrypting your backups would at least slow the thief down. ------------------------------ Date: Thu, 10 Jan 2008 22:18:31 +0100 From: Marc Van Dyck Subject: Re: Tivoli Storage Manager (TSM) on OVMS Message-ID: etmsreec@yahoo.co.uk has brought this to us : > On 7 Jan, 21:41, "flaming...@hotmail.com" > wrote: >> hi folks. >> >> We're looking at using Tivoli TSM on out ALPHA ES-45 boxes. >> Is anyone using it currently? If so, how do you like it ? Any got'chas >> to be aware of? >> >> currently, we're doing a weekly VMS backup to create the savesets, >> then FTP'g to our corporate TSM host for eventual off-site storage. >> >> We want to use the TSM on VMS to sent the savesets off-site from the >> ALPHA and to elimiate the FTP process.  The FTP process currently take >> an additional 5-6 hours beyond the creating the saveset.  Yes, these >> savesets are quite large. >> >> Thanks !  Ann > > One of our clients in my day-to-day work uses TSM for everything and > they're happy with it. At the moment, everything else that we're > interested in on our client's behalf emails out its log files but the > VMS system backup doesn't which doesn't fill me with confidence. > > As ever with a situation like this, you need to be sure that you can > get the system back and that may mean from raw iron - no O/S, no > catalogue of what you've backed up or when. VMS Backup is safe > because you can restore it from a booted VMS CD/DVD. Nothing else > gives you that flexibility, whether it be disk to disk or disk to > tape. > > Let the buyer beware. Isolated systems might indeed be a problem in that case, but if you happen to have more than one system and/or a SAN, then it is easy to have a spare system disk with the ABS client already installed, and boot that one in case your main system disk has been zapped; or just reconnect your system disk LUN to another machine and do the restore from there. Until now, we have stuck to the SLS/DCSC/ACSLS/Powderhorn combination to do or backups, because of this advantage of using the native VMS backup format. But this was an old habit, the flexibility offered by SANs makes that requirement obsolete now. So, with SLS not getting ported to IA64, I think our best bet will be to use the Symantec Netbackup client and send the backups to the Unix media servers... -- Marc Van Dyck ------------------------------ Date: Thu, 10 Jan 2008 21:12:12 -0600 From: David J Dachtera Subject: VAX-Related, Semi-OT Message-ID: <4786DE8C.951A6EED@spam.comcast.net> My colleagues and I are in AIX class this week. In one of the units, the graphic representing the computer itself is an old Visio image of a VAX-6xx0. T'was good for a laugh... David J Dachtera DJE Systems ------------------------------ End of INFO-VAX 2008.021 ************************