INFO-VAX Wed, 03 Sep 2008 Volume 2008 : Issue 482 Contents: Re: Advanced Server 7.3B & VISTA Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on 7.2.1? Re: Can you record DVDs on OpenVMS 7.2-1? Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) RE: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS RE: DEFCON 16 and Hacking OpenVMS RE: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: Note to Island Computers customers Re: OT: SYSMAN Equiv. on AIX? Re: OT: SYSMAN Equiv. on AIX? Re: problems with WBEM and ACU-XE Re: problems with WBEM and ACU-XE Re: switch vs. hub for hobbyist cluster Re: switch vs. hub for hobbyist cluster Re: switch vs. hub for hobbyist cluster Re: switch vs. hub for hobbyist cluster Re: switch vs. hub for hobbyist cluster Re: [RBL] Current status? Re: [RBL] Current status? Re: [VMS V7/8] How to avoid filling sec audit with entries of BACKUP user? user? ---------------------------------------------------------------------- Date: Tue, 02 Sep 2008 21:37:28 -0500 From: David J Dachtera Subject: Re: Advanced Server 7.3B & VISTA Message-ID: <48BDF868.37E35ACD@spam.comcast.net> Bobby wrote: > > On Aug 31, 10:46 pm, David J Dachtera > wrote: > > Bobby wrote: > > > > > Well, I finally made progress, just in time to forget about it over > > > the upcoming holiday weekend. It turns out that if the password is > > > typed on the Vista side in "all caps", then connection to > > > AdvancedServer is successful. Entering the password in "small caps" > > > fails with a "logon_not_valid" SMB message. > > > > What are "small caps"? > > > > D.J.D. > > Sorry... "all caps" and "small caps" should have been "upper case" and > "lower case (or mixed case)", respectively. Ah. O.k. Sorry - I'm easily confustulated these days... D.J.D. ------------------------------ Date: Tue, 2 Sep 2008 11:41:16 -0700 (PDT) From: johnwallace4@yahoo.co.uk Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <07026738-bd46-40c3-9ee5-53201543a309@l42g2000hsc.googlegroups.com> On Sep 2, 4:18 pm, tadamsmar wrote: > On Aug 29, 10:30 am, koeh...@eisner.nospam.encompasserve.org (Bob > > Koehler) wrote: > > In article <5bd7d4a4-6846-4b35-9765-8948b9db7...@25g2000prz.googlegroups.com>,tadamsmar writes: > > > > Can you record DVDs or CDs using 7.2.1? > > > If you have and use the correct software and hardware tools, I'm > > fairly sure you can do it. > > > Did you want to record data CDs or music? > > > Of course, by "7.2.1" in c.o.v I'm assuming you mean VMS 7.2-1 . > > Yes. VMS 7.2-1. > > Just want to do data backups on DVD preferably., > > Does anyone know a specific hardware and software solution for an > AlphaServer DS10? > > I suppose I can just stumble though it as try stuff. I posted on > this earlier and got some leads, but I was not really confident > that it can be done on 7.2-1. > > 7.2.-1 does not have CDRECORD in SYS$MANAGER, but it is there > on our 7.3-2 systems. "just want to do backups on DVD" When I did backups in years gone by it was to media that I could be confident I'd be able to restore from, if the data was important enough to matter. Has recordable DVD media (and drive compatibility) reached that level of confidence? Certainly I wouldn't even consider rewritable media (based on PC experience), and I'm not 100% sure I'd trust write-once media either (some of my home-written Linux CDs and DVDs seem to have issues with being read after a while, same goes for some of the Ghost images I've used for backups). Just my 2p (which is a lot less than the price of a DLT tape, but not a huge amount less than a writable DVD). ------------------------------ Date: Tue, 2 Sep 2008 11:49:36 -0700 (PDT) From: tadamsmar Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <1f49de10-496d-485f-8f64-12e7162b9486@y21g2000hsf.googlegroups.com> On Sep 2, 11:00=A0am, s...@antinode.info (Steven M. Schweda) wrote: > From: tadamsmar > > > > > > > > > > Can you record DVDs or CDs using 7.2.1? > > > > > =3DA0 =3DA0Perhaps, but that may depend on what "7.2.1" is, and/or = what it =3D > > runs > > > > on, and/or what's connected to it how. > > > > > =3DA0 =3DA0Perhaps you could ask again, and include enough informat= ion for =3D > > a > > > > non-psychic to provide a useful and reliable answer. > > > > Digital Equipment Corporation's Open Virtual Memory System Version > > > 7.2.1, which is now owned by Compaq. > > > > Sorry, I am sure using that "7.2.1" shorthand could mean a dozen > > > different things when posted in the context of a newgroup named: > > > comp.os.vms. > > > I should have said 7.2-1, I know that "." must have rendered my post > > completely undecipherable to you. > > =A0 =A0I could _guess_ what you meant. =A0Why should I need to? =A0I coul= d also > deduce that you were running on an Alpha, not a VAX (if you got the VMS > version right, if that's what it was), buy why should I need to? =A0If I > were looking for free help, I'd try to make it easy to provide it, not > hard. =A0The answer to your question might also depend on what sort of > DVD/CD recording you intend to do. =A0ODS2, ODS5, ISO 9660, ...? =A0Copyi= ng > an existing disc? =A0Many things may be possible. > > =A0 =A0I normally use cdrtools, but I haven't tried it lately on anything= so > old as VMS V7.2-1. =A0You're welcome to look around at: > > =A0 =A0 =A0http://antinode.info/ftp/cdrtools > > and see if you can find anything useful. =A0(The latest one is probably > the best.) > > =A0 =A0Feel free to complain if you have problems, but any bug reports as > lame as the original question in this forum may be handled > appropriately (that is, discarded). > > ------------------------------------------------------------------------ > > =A0 =A0Steven M. Schweda =A0 =A0 =A0 =A0 =A0 =A0 =A0 sms@antinode-info > =A0 =A0382 South Warwick Street =A0 =A0 =A0 =A0(+1) 651-699-9818 > =A0 =A0Saint Paul =A0MN =A055105-2547- Hide quoted text - > > - Show quoted text - Thanks for the info. It is stupid of me to mock the people who I am asking to help me! The question of how well CDRECORD will work on VMS 7.2-1 seems a bit murky to me. But I am going to have to launch into an attempt to buy the software and hardware to do it. I had posted earlier on this topic and the info I got form that left me concerned with that 7.2-1 has some sort of unspecified limited support for CDRECORD. I will probably buy a DVR writer and some sort of SCSI converter to connect via the SCSI port. Some earlier info seems to imply that the USB port on the DS10 Alphaserver would be slow if it works at all for this purpose. Then I guess I might have to locate a driver for this converter set up. And I will install a version of CDRECORD. And then wade through all this an try to make it work. ------------------------------ Date: 2 Sep 2008 14:02:49 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Can you record DVDs on 7.2.1? Message-ID: In article , tadamsmar writes: > > Digital Equipment Corporation's Open Virtual Memory System Version > 7.2.1, which is now owned by Compaq. Nope. There's no 7.2.1. And VMS is owned by HP. I still think you mean 7.2-1. ------------------------------ Date: Tue, 2 Sep 2008 11:16:26 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <08090211162597_202004E5@antinode.info> From: tadamsmar > Just want to do data backups on DVD preferably., The secret is out (at last). Well, BACKUP alone can't do it, and if you'd like to preserve the RMS file attributes, you may wish to start by finding a suitable LDDRIVER to make your disc images. Depending on how much work you'd like to do, and how many data you'd like to archive, it may be useful to slip Zip compression into the flow, too. > Does anyone know a specific hardware and software solution for an > AlphaServer DS10? Not I. I gather that the DS10 has IDE, so an easier-to-find (and cheaper) IDE DVD writer should be possible. I had trouble with a Toshiba-Samsung drive, but managed to write a DVD using a drive which calls itself a "SONY DVD RW AW-Q170A 1.73", although that was on an XP1000 (with its very slow, CPU-consuming IDE interface) and on VMS V8.3. (Is the IDE interface in a DS10 as bad as the one in the XP1000?) > I suppose I can just stumble though it as try stuff. I posted on > this earlier and got some leads, but I was not really confident > that it can be done on 7.2-1. I'd guess that you'll need to do some of that stumbling, as V7.2-1 is too old for most folks to care much about testing on it. (I don't have it on any of my systems, for example.) > 7.2.-1 does not have CDRECORD in SYS$MANAGER, but it is there > on our 7.3-2 systems. I wouldn't expect that cdrecord to know what a DVD is. Around here: ALP $ write sys$output f$getsyi( "version") V7.3-2 (Copy+paste solves the confusing punctuation problem, you'll note.) ALP $ mcr cdrecord -version Cdrecord 1.10 (Alpha/VAX-CPQ-VMS/OpenVMS) Copyright (C) 1995-2001 Jvrg Schilling (Of course, copy+paste on this Mac xterm seems to lose umlauts. Everything's complicated.) I seem to have one of these installed now: ALP $ cdrecord -version Cdrecord-ProDVD-ProBD-Clone 2.01.01a42 (Alpha-HP-VMS/OpenVMS) Copyright (C) 1995 -2008 Jvrg Schilling I'd give mine a better chance of chance of handling a DVD than I would version 1.10. (I don't know if I've written a DVD with it since about "a38", but the changes since then are probably relatively minor. What could go wrong?) Let me know if you can't get it built on your antique VMS version. ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Tue, 2 Sep 2008 14:09:52 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <08090214095204_202004E5@antinode.info> From: tadamsmar > It is stupid of me to mock the people who I am asking to help me! Or do a better job of it. > The question of how well CDRECORD will work on VMS 7.2-1 seems a bit > murky to me. But I am going to have to launch into an attempt to buy > the software and hardware to do it. Ifr you can get it built, I'd expect it to work. > I had posted earlier on this topic and the info I got form that left > me concerned with that 7.2-1 has some sort of unspecified limited > support for CDRECORD. Are you looking for _support_ or for a solution which works? > I will probably buy a DVR writer and some sort of SCSI converter to > connect via the SCSI port. Some earlier info seems to imply that the > USB port on the DS10 Alphaserver would be slow if it works at all for > this purpose. The IDE interface might be slow. Getting any USB stuff to work at VMS V7.2-1 might be worse than slow. At V8.3, the USB stuff seems to work well enough for my purposes, but I haven't tried a USB DVD writer. > Then I guess I might have to locate a driver for this converter set > up. You expect to find a VMS driver for anything not supplied by HP? Good luck. If the adapter works without additional software, then you might have a chance. > And I will install a version of CDRECORD. I'd start there. > And then wade through all this an try to make it work. Be careful. I hear that it's possible to drown in a pool only a few centimeters deep. ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Tue, 2 Sep 2008 12:53:58 -0700 (PDT) From: tadamsmar Subject: Re: Can you record DVDs on 7.2.1? Message-ID: On Sep 2, 3:09=A0pm, s...@antinode.info (Steven M. Schweda) wrote: > From: tadamsmar > > > It is stupid of me to mock the people who I am asking to help me! > > =A0 =A0Or do a better job of it. > > > The question of how well CDRECORD will work on VMS 7.2-1 seems a bit > > murky to me. =A0But I am going to have to launch into an attempt to buy > > the software and hardware to do it. > > =A0 =A0Ifr you can get it built, I'd expect it to work. > > > I had posted earlier on this topic and the info I got form that left > > me concerned with that 7.2-1 has some sort of unspecified limited > > support for CDRECORD. > > =A0 =A0Are you looking for _support_ or for a solution which works? > > > I will probably buy a DVR writer and some sort of SCSI converter to > > connect via the SCSI port. =A0Some earlier info seems to imply that the > > USB port on the DS10 Alphaserver would be slow if it works at all for > > this purpose. > > =A0 =A0The IDE interface might be slow. =A0Getting any USB stuff to work = at > VMS V7.2-1 might be worse than slow. =A0At V8.3, the USB stuff seems to > work well enough for my purposes, but I haven't tried a USB DVD writer. > > > Then I guess I might have to locate a driver for this converter set > > up. > > =A0 =A0You expect to find a VMS driver for anything not supplied by HP? > Good luck. =A0If the adapter works without additional software, then you > might have a chance. > > > And I will install a version of CDRECORD. > > =A0 =A0I'd start there. > > > And then wade through all this an try to make it work. > > =A0 =A0Be careful. =A0I hear that it's possible to drown in a pool only a= few > centimeters deep. > > ------------------------------------------------------------------------ > > =A0 =A0Steven M. Schweda =A0 =A0 =A0 =A0 =A0 =A0 =A0 sms@antinode-info > =A0 =A0382 South Warwick Street =A0 =A0 =A0 =A0(+1) 651-699-9818 > =A0 =A0Saint Paul =A0MN =A055105-2547 OK, now that I am on the waterboard and beginning to feel simulated drowning, I will tell you what I really want to do. We had an old 1300T optical disk drive we were using for backups. It went belly up and this DVD proposal came up. The idea of buying a refurb 1300T did not fly. This is for long-term archives where (the assumption is) DDS-3 tapes would not last long enough, or be more subject to erasure. So, what is a good option for such storage other than a 1300T? I might be able to get the DVD decision undone if there was an easier or better option. ------------------------------ Date: Tue, 2 Sep 2008 13:18:48 -0700 (PDT) From: johnwallace4@yahoo.co.uk Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <9eb7ef69-4037-4a7e-93a0-7f574ff5bf68@j22g2000hsf.googlegroups.com> On Sep 2, 8:53 pm, tadamsmar wrote: > On Sep 2, 3:09 pm, s...@antinode.info (Steven M. Schweda) wrote: > > > > > From: tadamsmar > > > > It is stupid of me to mock the people who I am asking to help me! > > > Or do a better job of it. > > > > The question of how well CDRECORD will work on VMS 7.2-1 seems a bit > > > murky to me. But I am going to have to launch into an attempt to buy > > > the software and hardware to do it. > > > Ifr you can get it built, I'd expect it to work. > > > > I had posted earlier on this topic and the info I got form that left > > > me concerned with that 7.2-1 has some sort of unspecified limited > > > support for CDRECORD. > > > Are you looking for _support_ or for a solution which works? > > > > I will probably buy a DVR writer and some sort of SCSI converter to > > > connect via the SCSI port. Some earlier info seems to imply that the > > > USB port on the DS10 Alphaserver would be slow if it works at all for > > > this purpose. > > > The IDE interface might be slow. Getting any USB stuff to work at > > VMS V7.2-1 might be worse than slow. At V8.3, the USB stuff seems to > > work well enough for my purposes, but I haven't tried a USB DVD writer. > > > > Then I guess I might have to locate a driver for this converter set > > > up. > > > You expect to find a VMS driver for anything not supplied by HP? > > Good luck. If the adapter works without additional software, then you > > might have a chance. > > > > And I will install a version of CDRECORD. > > > I'd start there. > > > > And then wade through all this an try to make it work. > > > Be careful. I hear that it's possible to drown in a pool only a few > > centimeters deep. > > > ------------------------------------------------------------------------ > > > Steven M. Schweda sms@antinode-info > > 382 South Warwick Street (+1) 651-699-9818 > > Saint Paul MN 55105-2547 > > OK, now that I am on the waterboard and beginning to feel simulated > drowning, I will tell you what I really want to do. > > We had an old 1300T optical disk drive we were using for backups. It > went belly up and this DVD proposal came up. > > The idea of buying a refurb 1300T did not fly. > > This is for long-term archives where (the assumption is) DDS-3 tapes > would not last long enough, or be more subject to erasure. > > So, what is a good option for such storage other than a 1300T? I > might be able to get the DVD decision undone if there was an easier or > better option. Routine backup/restore is not necessarily the same as long-term archiving with occasional retrieval. For example, for archiving, you may well wish to think about handing your data over to a professional archive contractor on some mutually convenient interchange format and require *them* to worry about long term storage and retrieval. That surely wouldn't appeal, or make sense, for the routine daily/weekly/ monthly backups. Subcontracting out the long term storage+retrieval may become particularly appealing if there are any legal requirements for "records retention" in the picture; if you sub it out, to an extent the long term readability issues become "someone else's problem" (at least as far as management are concerned). Mind you, when your archival contractor decides that their long term storage format for CD/DVD "ISO" images is a hard drive on a server, and then the server is sold with an intact unerased hard drive on eBay... best say no more, lawyers may be reading: http://www.theregister.co.uk/2008/08/26/more_details_lost/ ------------------------------ Date: 2 Sep 2008 16:22:54 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <9gz0wDujzNpP@eisner.encompasserve.org> In article <08090211162597_202004E5@antinode.info>, sms@antinode.info (Steven M. Schweda) writes: > From: tadamsmar > >> Just want to do data backups on DVD preferably., > > The secret is out (at last). Well, BACKUP alone can't do it, and if > you'd like to preserve the RMS file attributes, you may wish to start by > finding a suitable LDDRIVER to make your disc images. You should be able to BACKUP to a saveset on the LD where both the saveset's and its internal file's RMS attributes are saved just fine. ------------------------------ Date: Tue, 2 Sep 2008 15:13:18 -0700 (PDT) From: tadamsmar Subject: Re: Can you record DVDs on 7.2.1? Message-ID: On Sep 2, 4:18=A0pm, johnwalla...@yahoo.co.uk wrote: > On Sep 2, 8:53 pm,tadamsmar wrote: > > > > > > > On Sep 2, 3:09 pm, s...@antinode.info (Steven M. Schweda) wrote: > > > > From:tadamsmar > > > > > It is stupid of me to mock the people who I am asking to help me! > > > > =A0 =A0Or do a better job of it. > > > > > The question of how well CDRECORD will work on VMS 7.2-1 seems a bi= t > > > > murky to me. =A0But I am going to have to launch into an attempt to= buy > > > > the software and hardware to do it. > > > > =A0 =A0Ifr you can get it built, I'd expect it to work. > > > > > I had posted earlier on this topic and the info I got form that lef= t > > > > me concerned with that 7.2-1 has some sort of unspecified limited > > > > support for CDRECORD. > > > > =A0 =A0Are you looking for _support_ or for a solution which works? > > > > > I will probably buy a DVR writer and some sort of SCSI converter to > > > > connect via the SCSI port. =A0Some earlier info seems to imply that= the > > > > USB port on the DS10 Alphaserver would be slow if it works at all f= or > > > > this purpose. > > > > =A0 =A0The IDE interface might be slow. =A0Getting any USB stuff to w= ork at > > > VMS V7.2-1 might be worse than slow. =A0At V8.3, the USB stuff seems = to > > > work well enough for my purposes, but I haven't tried a USB DVD write= r. > > > > > Then I guess I might have to locate a driver for this converter set > > > > up. > > > > =A0 =A0You expect to find a VMS driver for anything not supplied by H= P? > > > Good luck. =A0If the adapter works without additional software, then = you > > > might have a chance. > > > > > And I will install a version of CDRECORD. > > > > =A0 =A0I'd start there. > > > > > And then wade through all this an try to make it work. > > > > =A0 =A0Be careful. =A0I hear that it's possible to drown in a pool on= ly a few > > > centimeters deep. > > > > ---------------------------------------------------------------------= --- > > > > =A0 =A0Steven M. Schweda =A0 =A0 =A0 =A0 =A0 =A0 =A0 sms@antinode-inf= o > > > =A0 =A0382 South Warwick Street =A0 =A0 =A0 =A0(+1) 651-699-9818 > > > =A0 =A0Saint Paul =A0MN =A055105-2547 > > > OK, now that I am on the waterboard and beginning to feel simulated > > drowning, I will tell you what I really want to do. > > > We had an old 1300T optical disk drive we were using for backups. =A0It > > went belly up and this DVD proposal came up. > > > The idea of buying a refurb 1300T did not fly. > > > This is for long-term archives where (the assumption is) DDS-3 tapes > > would not last long enough, or be more subject to erasure. > > > So, what is a good option for such storage other than a 1300T? =A0I > > might be able to get the DVD decision undone if there was an easier or > > better option. > > Routine backup/restore is not necessarily the same as long-term > archiving with occasional retrieval. For example, for archiving, you > may well wish to think about handing your data over to a professional > archive contractor on some mutually convenient interchange format and > require *them* to worry about long term storage and retrieval. That > surely wouldn't appeal, or make sense, for the routine daily/weekly/ > monthly backups. > > Subcontracting out the long term storage+retrieval may become > particularly appealing if there are any legal requirements for > "records retention" in the picture; if you sub it out, to an extent > the long term readability issues become "someone else's problem" (at > least as far as management are concerned). > > Mind you, when your archival contractor decides that their long term > storage format for CD/DVD "ISO" images is a hard drive on a server, > and then the server is sold with an intact unerased hard drive on > eBay... best say no more, lawyers may be reading:http://www.theregister.c= o.uk/2008/08/26/more_details_lost/- Hide quoted text - > > - Show quoted text - Good idea, but I am sure my management will not go for an outside contractor. ------------------------------ Date: Tue, 02 Sep 2008 21:39:09 -0500 From: David J Dachtera Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <48BDF8CD.F6C50F15@spam.comcast.net> tadamsmar wrote: > > On Sep 2, 10:46 am, tadamsmar wrote: > > On Aug 28, 3:00 pm, s...@antinode.info (Steven M. Schweda) wrote: > > > > > From:tadamsmar > > > > > > Can you record DVDs or CDs using 7.2.1? > > > > > Perhaps, but that may depend on what "7.2.1" is, and/or what it runs > > > on, and/or what's connected to it how. > > > > > Perhaps you could ask again, and include enough information for a > > > non-psychic to provide a useful and reliable answer. > > > > Digital Equipment Corporation's Open Virtual Memory System Version > > 7.2.1, which is now owned by Compaq. > > > > Sorry, I am sure using that "7.2.1" shorthand could mean a dozen > > different things when posted in the context of a newgroup named: > > comp.os.vms. > > I should have said 7.2-1, I know that "." must have rendered my post > completely undecipherable to you. Indeed. "7.2-1" is - more or less - "VMS-speak", while 7.2.1 could pertain to just about anything else VMS-related (cdwrite, dvdwrite, Apache, Perl, PGP, etc. ...). D.J.D. ------------------------------ Date: Tue, 02 Sep 2008 21:42:38 -0500 From: David J Dachtera Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <48BDF99E.F767C38E@spam.comcast.net> tadamsmar wrote: > > On Aug 29, 10:30 am, koeh...@eisner.nospam.encompasserve.org (Bob > Koehler) wrote: > > In article <5bd7d4a4-6846-4b35-9765-8948b9db7...@25g2000prz.googlegroups.com>,tadamsmar writes: > > > > > Can you record DVDs or CDs using 7.2.1? > > > > If you have and use the correct software and hardware tools, I'm > > fairly sure you can do it. > > > > Did you want to record data CDs or music? > > > > Of course, by "7.2.1" in c.o.v I'm assuming you mean VMS 7.2-1 . > > Yes. VMS 7.2-1. > > Just want to do data backups on DVD preferably., > > Does anyone know a specific hardware and software solution for an > AlphaServer DS10? > > I suppose I can just stumble though it as try stuff. I posted on > this earlier and got some leads, but I was not really confident > that it can be done on 7.2-1. > > 7.2.-1 does not have CDRECORD in SYS$MANAGER, but it is there > on our 7.3-2 systems. CDRECORD is freeware. Build it from source on the target system, if needed. Remember that CDWRITE, CDRECORD, DVDWRITE and others require that the data be staged to a disk image file; then, the image file is burned to the target media. I'm likely wrong, but I've not (yet) heard of DVD/RW software support for VMS as yet, only DVD-R and DVD+R. D.J.D. ------------------------------ Date: Tue, 2 Sep 2008 22:12:01 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: Can you record DVDs on 7.2.1? Message-ID: <08090222120121_202004E5@antinode.info> From: David J Dachtera > I'm likely wrong, but I've not (yet) heard of DVD/RW software support > for VMS as yet, only DVD-R and DVD+R. Likely, I'd guess. Cdrecord 2.01.01a42 (at least) says things which suggest that it's possible: ALP $ cdrecord --help [...] -format format a CD-RW/DVD-RW/DVD+RW disc [...] Actual documentation may say more. (But who reads _that_?) I can't remember if I ever tried an RW. I may have been so happy at finally finding a DVD-writing drive which worked well enough to let me copy a Mac OS X DVD that I stopped testing before I had tried all the disc types. (And my old-junk Macs might not be able to read one even if I could write one, which suspicion might have stopped me from trying, too.) ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: Tue, 02 Sep 2008 22:32:43 -0400 From: John Sauter Subject: Re: Can you record DVDs on OpenVMS 7.2-1? Message-ID: tadamsmar wrote: > > OK, now that I am on the waterboard and beginning to feel simulated > drowning, I will tell you what I really want to do. > > We had an old 1300T optical disk drive we were using for backups. It > went belly up and this DVD proposal came up. > > The idea of buying a refurb 1300T did not fly. > > This is for long-term archives where (the assumption is) DDS-3 tapes > would not last long enough, or be more subject to erasure. > > So, what is a good option for such storage other than a 1300T? I > might be able to get the DVD decision undone if there was an easier or > better option. I am not familiar with the 1300T optical disk drive, but you have said enough that I think I understand what is happening. The 1300T broke, and management doesn't want to replace it, but instead use something less expensive. The less expensive alternative needs to be better than DDS-3 tapes. You are exploring using writable DVDs as that alternative. I went down this same path on my PC, looking for an inexpensive way to back up my photography collection. I discovered that writable DVDs are very unreliable. Here is the backup procedure I created to compensate for that unreliability: 1. Create a backup save set (compressed tar file), and compute its SHA-512 checksum. 2. Divide the backup save set into 2 GiB chunks, and compute the SHA-512 checksum for each. All the checksums go into a small file. 3. Create a directory for each chunk, containing the chunk file and a copy of the small checksum file. 4. Create an ISO 9660 file from each directory. 5. Using dvdisaster, add redundancy information to each ISO 9660 file, expanding it from just over 2 GiB to the size of a DVD, about 4.7 GB. 6. Write each DVD from its ISO 9660 file, then mount it and verify that the chunk's SHA-512 checksum matches the value computed in step 2. If it doesn't, or if there are any errors trying to read the disk, discard the DVD and write the ISO 9660 file to another. This is copy A of the data. 7. Write all the ISO 9660 files to DVD again, checking each one the same way as in step 6. This is copy B of the data. Here is the restore procedure: 1. Read each chunk from the A DVD. If the read fails, use dvdisaster to apply the redundancy codes to attempt to recover the data. If that fails, let dvdisaster fill in the unreadable sectors from the B DVD. 2. Verify that the SHA-512 checksums of the chunks match the value recorded in the checksum file. For those that don't, repeat step 1 but start with the B DVD. 3. Concatenate the chunks together into the backup save set, and verify its SHA-512 checksum. I found when backing up that around one out of every 5 or 10 DVDs would be discarded. I didn't have any troubles when reading, but I didn't do a long-term test. Before depending on this (or any) archive procedure, you should test it to be sure the data can in fact be retrieved from media that has been stored for as long as you wish the data to be held. The problem with my DVD backup procedure is that you get effectively 1 GiB per DVD. That requires a lot of disk changing, which gets old very quickly. I was unable to find an affordable DVD changer for which the manufacturer would reveal the programming interface, so I gave up this approach. John Sauter (John_Sauter@systemeyescomputerstore.com) ------------------------------ Date: 2 Sep 2008 14:06:10 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Message-ID: <$vGAmND$3+Ec@eisner.encompasserve.org> In article <48bd6701$1@flight>, Malcolm Dunnett writes: > > I'm confused - does using Charon-VAX eliminate the need to > purchase/upgrade a VMS license? You're still running the apps under VMS, > right - just using Charon to emulate the underlying hardware? Your VMS license is specific to a particular CPU. Moving it to Charon means you deal with HP's licensing policy for doing so, just as it would if you had moved it from a VAX 3100 to a VAX 9000. Generally in going from VAX to VAX DEC, Compaq, and HP have deals where you pay less than an outright original VAX purchase. VAX to Alpha and Alpha to I64 too, so I suspect you could get a break in going from VAX to I64. ------------------------------ Date: Tue, 2 Sep 2008 19:37:46 +0000 From: "Main, Kerry" Subject: RE: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Message-ID: <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5EBDF8B@GVW1158EXB.americas.hpqcorp.net> > -----Original Message----- > From: Bob Koehler [mailto:koehler@eisner.nospam.encompasserve.org] > Sent: September 2, 2008 3:06 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) > > In article <48bd6701$1@flight>, Malcolm Dunnett > writes: > > > > I'm confused - does using Charon-VAX eliminate the need to > > purchase/upgrade a VMS license? You're still running the apps under > VMS, > > right - just using Charon to emulate the underlying hardware? > > Your VMS license is specific to a particular CPU. Moving it to > Charon means you deal with HP's licensing policy for doing so, > just as it would if you had moved it from a VAX 3100 to a VAX 9000. > > Generally in going from VAX to VAX DEC, Compaq, and HP have deals > where you pay less than an outright original VAX purchase. > > VAX to Alpha and Alpha to I64 too, so I suspect you could get a > break in going from VAX to I64. Keep in mind that while Charon-VAX certainly has a place, licenses are not cheap and the business case should include actual quotes from a Charon partner. Also, here is a link of interest: http://h71000.www7.hp.com/openvms/sri-charon-vax-emulator.html Also, the business case should also include any OpenVMS license discounting that would normally apply to any large enterprise Customer (like the one I know Neil works for). In addition, the savings in 3-4 year maint and DC costs associated with a few smaller Itanium servers should also be factored in. (and these are big savings) Keep in mind that any current Itanium server would typically be at least several orders of magnitude faster than any VAXes in place today. [Would be interesting to see if OpenVMS list pricing was used in the "business case" and how much effort was estimated to be required to simply convert to Itanium - especially if you have the source code] Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-254-8911 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Tue, 02 Sep 2008 15:43:45 -0700 From: Malcolm Dunnett Subject: Re: Charon-VAX "upgrade" (was DEFCON 16 and Hacking OpenVMS) Message-ID: <48bdc1a2$1@flight> norm.raphael@metso.com wrote: > > Even I know that VAX to Alpha or VAX to Itanium would cost more than > VAX to VAX, I'm not so sure that is true. Licenses on Itanium seem considerably cheaper than I recall paying for comparable VAX licenses. I guess it would depend on what system features and layered products the application required. >and it you have the same or fewer points from the existing > VAX to the emulation VAX, IIRC there would be no charge to move the > license. > That would presumably be true for layered products, but unless HP has changed their tune or makes some exception for Charon you would need to purchase new operating system BASE and SMP licenses for the emulator boxes. And of course you're going to be stuck on an older VMS version if you go with VAX emulation (may not be significant in this case if this is an "it ain't broke don't fix it" application). Then again, has a patch been released for VAX yet that addresses the SMG security bug? ------------------------------ Date: 2 Sep 2008 13:19:03 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article , Johnny Billquist writes: > > No. The page tables are in the I/O page. All that is required is that the I/O > page is mapped in somewhere in your virtual address space. You must be thinking of some other architecture. The page tables are in ordinary RAM, mapped by higher level page tables. Process page tables in VMS are, and have always been, in the process header, which is in P1 space on VAXen, started in P1 space on Alpha, and now in P2 space on Alpha and I64. > Not really true. The page table sits in between and do address translations. > Your flat, linear, virtual address space can be scattered all over the physical > address space, and parts of your virtual address space might not exist at all in > the physical address space, causing a page fault if you try to access it. The RAM address space looks flat to the hardware unless there is a bad page. Each I/O adapter has it's own flat subset of physical address space, but there are holes between I/O adapters. Virtual address space is flat. The mapping of flat virtual address space to scattered RAM, I/O, or backing store space doesn't change the flat aspect of either address space. > Speaking of which, the VAX actually can have more physical memory than virtual, > just like a PDP-11, I just remembered. In the VAX, the two high bits of a > virtual address tells which space it goes to. P0, P1, S0 and S1. Of these, S1 is > reserved, and has always been. So, basically, you can't have more than 3 gig of > virtual address space. The last few VAXen however, extended the physical address > space to the full 32 bits if I remember correctly (minus some smaller space for > special stuff like buses and other fun things). The VAX virtual address space is 4GB. It's divided into S0, S1, P0, and P1 on VAXen by VMS. Alpha and I64 add S2 and P2. The hardware does not know this, or care. Alpha virtual address space is 16Penta-B (whatever acronym they're going to come out with). IIRC, Alpha tend to have 48 bit physical addresses, so about 64TB. ------------------------------ Date: 2 Sep 2008 13:20:18 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article , Johnny Billquist writes: > > And that is what the PDP-11 do. > You better go back and study your PDP-11 again. ------------------------------ Date: 2 Sep 2008 13:21:07 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article , Johnny Billquist writes: > > Argh! Forced by VAX, I meant. :-) > No, you were right the first time. The hardware doesn't care. ------------------------------ Date: 2 Sep 2008 13:24:05 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article <6ht7b2Fnfs86U2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > > Well, that's part of the reason I brought this up. Itg seemed to me that > older processors offered better protection from this kind of behavior than > newer processors. Almost like someone devised the protection and then the > industry said, "Nice, but we will never need that." And then, like so much > of our research, it just went away only to be needed two decades later. Its interesting to watch things like page protection start to show up in pure real-time OS like VxWorks, a couple of decades after we did real-time on VMS with them. The real-time OS are getting more complex and repeating some of the OS growth we saw from the PDP-1 to VMS. ------------------------------ Date: 2 Sep 2008 14:01:08 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: In article , Johnny Billquist writes: > > No, you make assumptions that just aren't correct. > First of all, the VAX-11 PDP-11 emulation only extended to user mode, so the MMU > stuff of a PDP-11 was never emulated by a VAX. So nothing of this can be adopted > from knowing how the VAX-11 worked. The ability to map two entire 16 bit address spaces into a larger address space such that I and D space never overlap prevents user mode code from doing I space access using D space instructions. Implementation, or lack of, internal modes are not relavent when you're trying to figure out what user mode code can do. And as far as knowing how PDP-11 or VAXen work, you're just lost and alone. ------------------------------ Date: Tue, 2 Sep 2008 15:17:27 -0400 From: "Dan Allen" Subject: RE: DEFCON 16 and Hacking OpenVMS Message-ID: <000001c90d30$89e57f40$1f3a0681@sdct.nist.gov> > -----Original Message----- > From: Bob Koehler [mailto:koehler@eisner.nospam.encompasserve.org] > Sent: Tuesday, September 02, 2008 3:01 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: DEFCON 16 and Hacking OpenVMS > > In article , Johnny > Billquist writes: > > > > No, you make assumptions that just aren't correct. > > First of all, the VAX-11 PDP-11 emulation only extended to > user mode, > > so the MMU stuff of a PDP-11 was never emulated by a VAX. > So nothing > > of this can be adopted from knowing how the VAX-11 worked. > > The ability to map two entire 16 bit address spaces into a larger > address space such that I and D space never overlap prevents user > mode code from doing I space access using D space instructions. > Implementation, or lack of, internal modes are not relavent when > you're trying to figure out what user mode code can do. > > And as far as knowing how PDP-11 or VAXen work, you're > just lost and > alone. > > Some interesting reading: http://research.microsoft.com/~gbell/Digital/PDP11_Arch_Enhance_Strategy_75.pdf ------------------------------ Date: 2 Sep 2008 16:17:22 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: RE: DEFCON 16 and Hacking OpenVMS Message-ID: <3AEgavagRFPR@eisner.encompasserve.org> In article <000001c90d30$89e57f40$1f3a0681@sdct.nist.gov>, "Dan Allen" writes: > > Some interesting reading: > > http://research.microsoft.com/~gbell/Digital/PDP11_Arch_Enhance_Strategy_75.pdf I'm glad they decided to build the VAX "instead", but I do see discussions that no doubt lead to the SBI used on both the 11/70 and the 11/780. Also interesting to note that they were more interested in Multics than UNIX. ------------------------------ Date: Wed, 03 Sep 2008 00:00:56 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: >> Argh! Forced by VAX, I meant. :-) >> > > No, you were right the first time. The hardware doesn't care. Well, it is a hardware design thing, you know... The P0 and P1 related registers are a part of the context of the process, and are also given as virtual addresses within S0 space, while S0 space itself is pointed to by a table at physical address. People somewhere else talked about execute protection in VMS, and psect attributes reflecting this. I'd just like to note that the VAX hardware don't support any form of execute/noexecute protection in hardware. There are only read, read/write or no access as possible page protection values. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Wed, 03 Sep 2008 00:05:34 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: >> No. The page tables are in the I/O page. All that is required is that the I/O >> page is mapped in somewhere in your virtual address space. > > You must be thinking of some other architecture. My comment was on the PDP-11, not the VAX. > The page tables are > in ordinary RAM, mapped by higher level page tables. Process page > tables in VMS are, and have always been, in the process header, which > is in P1 space on VAXen, started in P1 space on Alpha, and now in P2 > space on Alpha and I64. Yes, on VAXen (and followers) that's true. :-) >> Not really true. The page table sits in between and do address translations. >> Your flat, linear, virtual address space can be scattered all over the physical >> address space, and parts of your virtual address space might not exist at all in >> the physical address space, causing a page fault if you try to access it. > > The RAM address space looks flat to the hardware unless there is a > bad page. Each I/O adapter has it's own flat subset of physical > address space, but there are holes between I/O adapters. Virtual > address space is flat. These comments are fun, but not that much point in making more comments on, since this now is a misunderstanding, since I was talking about the PDP-11, while you're not. >> Speaking of which, the VAX actually can have more physical memory than virtual, >> just like a PDP-11, I just remembered. In the VAX, the two high bits of a >> virtual address tells which space it goes to. P0, P1, S0 and S1. Of these, S1 is >> reserved, and has always been. So, basically, you can't have more than 3 gig of >> virtual address space. The last few VAXen however, extended the physical address >> space to the full 32 bits if I remember correctly (minus some smaller space for >> special stuff like buses and other fun things). > > The VAX virtual address space is 4GB. It's divided into S0, S1, P0, and > P1 on VAXen by VMS. Alpha and I64 add S2 and P2. The hardware does not > know this, or care. Not true. On the VAX, S1 space is reserved, and you can never write any code that access it. it will always give you a fatal trap. The hardware do know this, and cares very much. There is in fact no way to create a page table for S1 space. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Wed, 03 Sep 2008 00:08:56 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article <6ht7b2Fnfs86U2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: >> Well, that's part of the reason I brought this up. Itg seemed to me that >> older processors offered better protection from this kind of behavior than >> newer processors. Almost like someone devised the protection and then the >> industry said, "Nice, but we will never need that." And then, like so much >> of our research, it just went away only to be needed two decades later. > > Its interesting to watch things like page protection start to show > up in pure real-time OS like VxWorks, a couple of decades after we > did real-time on VMS with them. The real-time OS are getting more > complex and repeating some of the OS growth we saw from the PDP-1 to > VMS. To quote the RSX source [11,10]TDSCH.MAC: ;+ ; If we cannot process a clock interrupt within 10 seconds, we are ; no longer processing in real time, and we may as well become ; a VAX ... Call an end to this ... NOW! ;- BGCK$A BF.SAN,BE.IDC, ;;; System massively confused Sorry, I just couldn't resist. :-) Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Wed, 03 Sep 2008 00:12:19 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article , Johnny Billquist writes: >> No, you make assumptions that just aren't correct. >> First of all, the VAX-11 PDP-11 emulation only extended to user mode, so the MMU >> stuff of a PDP-11 was never emulated by a VAX. So nothing of this can be adopted >> from knowing how the VAX-11 worked. > > The ability to map two entire 16 bit address spaces into a larger > address space such that I and D space never overlap prevents user > mode code from doing I space access using D space instructions. > Implementation, or lack of, internal modes are not relavent when > you're trying to figure out what user mode code can do. ??? First of all, the VAX PDP-11 emulation don't support split I- and D-space, so that's one aspect the VAX-11 can't emulate. Second, what you can do in user mode is definitely limited by what aspects of the emulated CPU you actually implement. > And as far as knowing how PDP-11 or VAXen work, you're just lost and > alone. Give me a break. I'm trying to be nice and friendly, and in a cheerful way correct you when you are wrong. Don't be an ass about it. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Wed, 03 Sep 2008 00:24:12 +0200 From: Johnny Billquist Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: Bob Koehler skrev: > In article <000001c90d30$89e57f40$1f3a0681@sdct.nist.gov>, "Dan Allen" writes: >> Some interesting reading: >> >> http://research.microsoft.com/~gbell/Digital/PDP11_Arch_Enhance_Strategy_75.pdf > > I'm glad they decided to build the VAX "instead", but I do see > discussions that no doubt lead to the SBI used on both the 11/70 and > the 11/780. The 11/70 don't have SBI, or anything close to it. Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Tue, 2 Sep 2008 17:18:36 -0700 (PDT) From: FrankS Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: On Sep 2, 7:56=A0am, Neil Rieck wrote: > Even > though we've got the source code to go to Alpha or Itanium, we've been > told that someone made a good business case to save money by using PCs > with VAX-Charon. The leaked reasons involved the added cost of doing > the VMS releated software licence upgrades on top of the hardware > upgrades. But some of us are wondering if HP sales folk will make more > money in the future by refereshing the HP hardware every 4-5 years. > After all, like many VAXs, these Alpha (and probably Itanium) boxes > just last too damn long in the field. Neil, It would be shameful if an HP sales person drove this decision. One of my large clients was practically being begged by HP to move their VAX/Alpha systems (four big-iron VAXes and two big-iron GS-class Alphas) to Itanium. There were tons of incentives, including free license upgrades as well as dramatic discounts on the equipment. The perception was that HP is looking everywhere for large enterprises that are migrating OpenVMS to Itanium instead of jumping to Windows or Unix (particularly on something other than HP hardware), Somebody did not do their homework. Given that the source code is available and a migration to Alpha was already tested it's insane to go with Charon. Even used Alphas was a better solution, and HP still offers discounts on VAX->Alpha upgrade licenses. ------------------------------ Date: 2 Sep 2008 13:50:12 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: In article <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5EBD946@GVW1158EXB.americas.hpqcorp.net>, "Main, Kerry" writes: > > Geeeez, you seem to have a very low opinion of Cust IT capabilities. > > Cust: I want a blue car. > Vendor: All we sell are red trucks. > Cust: Ok. I'll take a red truck. > > Not my idea of today's typical Sales discussion. I have a somewhat higher > view of Cust IT depts. skills than you do. > Nope. It goes like this: Cust: I need a new vehicle, what should I be buying? Gartner: Red trucks. Cust: I want a red truck. Vendor: OK, here's your red truck. ------------------------------ Date: Tue, 02 Sep 2008 15:37:27 -0400 From: JF Mezei Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <48bd9623$0$9673$c3e8da3@news.astraweb.com> bugs@signedness.org wrote: > Brad, I think it is safe to say that the patch has nothing to do with > comp.os.vms. I believe some people noted that the patches were created > a month before we did the talk. I think this is speculation. Once we got over the language barrier on c.o.v., you'll notice that it was only then that SMG was declared guilty, and someone from HP posted some PATCH code to patch the SMGSHR image and not long after an official patch came out, and not long later, it was elevated to MUP. Had there not been a public discussion on c.o.v. that fully described how to trigger this vulnerability, I think HP would have waited a lot longer to release the patch, and may not have elevated it to MUP status. Had HP keep in contact with you, you may not have come here and the outcome may have been different. But you say that HP stopped replying to you and that *may* mean that this was not given the priority it deserved. By going public, it elevated the priority of the issue. (In case you are not aware, VMS is the black sheep of HP family, and HP is not really interested in VMS. It has suffered greater number of layoffs than other products at HP hand they shoved the remaining VMS staff into smaller premieses in a diffferent city. (this move happened during this @bug@ event) ------------------------------ Date: Tue, 2 Sep 2008 13:01:14 -0700 (PDT) From: DaveG Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: On Sep 2, 2:37=A0pm, JF Mezei wrote: > b...@signedness.org wrote: > > Brad, I think it is safe to say that the patch has nothing to do with > > comp.os.vms. I believe some people noted that the patches were created > > a month before we did the talk. > > I think this is speculation. > > Once we got over the language barrier on c.o.v., you'll notice that it > was only then that SMG was declared guilty, and someone from HP posted > some PATCH code to patch the SMGSHR image and not long after an official > patch came out, and not long later, it was elevated to MUP. > > Had there not been a public discussion on c.o.v. that fully described > how to trigger this vulnerability, I think HP would have waited a lot > longer to release the patch, and may not have elevated it to MUP status. > > Had HP keep in contact with you, you may not have come here and the > outcome may have been different. But you say that HP stopped replying to > you and that *may* mean that this was not given the priority it deserved. > > By going public, it elevated the priority of the issue. > > (In case you are not aware, VMS is the black sheep of HP family, and HP > is not really interested in VMS. It has suffered greater number of > layoffs than other products at HP hand they shoved the remaining VMS > staff into smaller premieses in a diffferent city. (this move happened > during this @bug@ event) Before you get too score a back from all the self inflicted pats its getting..... There were some concerned paying customers that had a dialogue with the OpenVMS powers that be about the Install 1 Vs MUP SMG thingie, after which it was decided that it would indeed become a MUP. It was then buried on the last page (#5) of the 732 list and I assume other versions as well, on the ITRC patch list because the software didn't know where to put a MUP. When this was discovered, again a dialogue between paying customers and HP, led to a promised fix to the ITRC to place MUPs in a higher position ( page 1). As others have mentioned, there are probably few from OpenVMS land that bother to read this newsgroup anymore, so to think that this place drives decisions in Marlboro is ludicrous. ------------------------------ Date: Tue, 2 Sep 2008 20:11:08 +0000 From: "Main, Kerry" Subject: RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5EBE010@GVW1158EXB.americas.hpqcorp.net> > -----Original Message----- > From: Bob Koehler [mailto:koehler@eisner.nospam.encompasserve.org] > Sent: September 2, 2008 2:50 PM > To: Info-VAX@Mvb.Saic.Com > Subject: RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) > > In article > <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5EBD946@GVW1158EXB.americas.hpqcorp > .net>, "Main, Kerry" writes: > > > > Geeeez, you seem to have a very low opinion of Cust IT capabilities. > > > > Cust: I want a blue car. > > Vendor: All we sell are red trucks. > > Cust: Ok. I'll take a red truck. > > > > Not my idea of today's typical Sales discussion. I have a somewhat > higher > > view of Cust IT depts. skills than you do. > > > > Nope. It goes like this: > > Cust: I need a new vehicle, what should I be buying? > Gartner: Red trucks. > > Cust: I want a red truck. > Vendor: OK, here's your red truck. And the way it should be, but does not happen enough as the backbone is not what it used to be: Cust: I need a red truck. Media Analyst and rock stars in IT: You really want a blue truck. Cust: Screw off - I need a red truck. Vendor: Here is your red truck. :-) Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-254-8911 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Tue, 2 Sep 2008 13:17:50 -0700 (PDT) From: DaveG Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <820aed36-6038-4ab2-b31c-4fcd5293373e@c65g2000hsa.googlegroups.com> On Sep 2, 2:37=A0pm, JF Mezei wrote: > b...@signedness.org wrote: > > Brad, I think it is safe to say that the patch has nothing to do with > > comp.os.vms. I believe some people noted that the patches were created > > a month before we did the talk. > > I think this is speculation. > > Once we got over the language barrier on c.o.v., you'll notice that it > was only then that SMG was declared guilty, and someone from HP posted > some PATCH code to patch the SMGSHR image and not long after an official > patch came out, and not long later, it was elevated to MUP. > > Had there not been a public discussion on c.o.v. that fully described > how to trigger this vulnerability, I think HP would have waited a lot > longer to release the patch, and may not have elevated it to MUP status. > > Had HP keep in contact with you, you may not have come here and the > outcome may have been different. But you say that HP stopped replying to > you and that *may* mean that this was not given the priority it deserved. > > By going public, it elevated the priority of the issue. > > (In case you are not aware, VMS is the black sheep of HP family, and HP > is not really interested in VMS. It has suffered greater number of > layoffs than other products at HP hand they shoved the remaining VMS > staff into smaller premieses in a diffferent city. (this move happened > during this @bug@ event) Before you get too sore a back from all the self inflicted pats its getting..... There were some concerned paying customers that had a dialogue with the OpenVMS powers that be about the Install 1 Vs MUP SMG rating, after which it was decided that it would indeed become a MUP. It was then buried on the last ITRC page (#5) of the 732 list and I assume other versions as well, because the software didn't know where to put a MUP. When this was discovered, again a dialogue between paying customers and HP led to a promised fix to the ITRC to place MUPs in a higher position ( page 1). As others have mentioned, there are probably few from OpenVMS land that bother to read this newsgroup anymore, so to think that this place drives decisions in Marlboro is ludicrous. ------------------------------ Date: Tue, 2 Sep 2008 14:44:22 -0700 (PDT) From: bugs@signedness.org Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <5419cbb0-8494-4f1e-a28e-180c7b7ff072@m36g2000hse.googlegroups.com> On Sep 2, 8:37=A0pm, JF Mezei wrote: > b...@signedness.org wrote: > > Brad, I think it is safe to say that the patch has nothing to do with > > comp.os.vms. I believe some people noted that the patches were created > > a month before we did the talk. > > I think this is speculation. > > Once we got over the language barrier on c.o.v., you'll notice that it > was only then that SMG was declared guilty, and someone from HP posted > some PATCH code to patch the SMGSHR image and not long after an official > patch came out, and not long later, it was elevated to MUP. > Well maybe if you had read my entire post you wouldn't say that. Someone wrote somewhere that link date on the patch pre-dates our talk by over a month. The "real" discussion started here probably a week after our talk, and then it took several days before it was "independently reproduced". So without actually going through all the trouble of finding all the relevant dates, I estimate that HP had a patch linked around 6 weeks before it was even clear to the majority of comp.os.vms that it was a real issue and exploitable. > Had there not been a public discussion on c.o.v. that fully described > how to trigger this vulnerability, I think HP would have waited a lot > longer to release the patch, and may not have elevated it to MUP status. > I would have thought the material being presented at the largest security conference in the world would have been enough incentive to release a patch. Or at least answer our emails and ask for more time before going public with our rather limited disclosure (given the timeline we could have just as well released an working exploit at the talk and still complied to most accepted disclosure policies!).. And don't forget HP did have a complete description how to trigger the vulnerability. > Had HP keep in contact with you, you may not have come here and the > outcome may have been different. But you say that HP stopped replying to > you and that *may* mean that this was not given the priority it deserved. > Again patch dates seems to tell a different story. We provided them with details how to reproduce the issue and explained the vulnerabilities had be sucessfully exploited. It seems they took it serious enough to produce patches but not serious enough to answer our emails.. People here have pointed out they were moving offices etc and I realise mistakes happens etc.. So we'll give them the benefit of doubt and report the other issues to them too. I don't want to make it sound like I have a massive problem with SSRT because I don't. It may very well be that our emails got lost in the move or something else happned to them, but if they just couldn't be bothered replying then I think that is pretty disrespectful and arrogant considering the circumstances. > By going public, it elevated the priority of the issue. > Most likely but it wasn't made public here, it was made public at defcon.. I think any argument that comp.os.vms speeded up the development of a patch falls pretty flat. But we did pick up some vms terminology here that provided us with useful information when we googled it.. And on that note I again want to encourage the VMS experts here to be a bit more sceptical when they read documentation. Several times reading up on things in order to write the proof of concept exploits we found ourselves saying "that can not possibly be right (from a security perspective)".. I'm pretty sure if the vms experts look at things with sceptical eyes a lot more bugs (and not just memory corruption bugs) will be uncovered. Hopefully the bugs and the discussion here created some awareness to make that happen. > (In case you are not aware, VMS is the black sheep of HP family, and HP > is not really interested in VMS. It has suffered greater number of > layoffs than other products at HP hand they shoved the remaining VMS > staff into smaller premieses in a diffferent city. (this move happened > during this @bug@ event) ------------------------------ Date: Tue, 02 Sep 2008 22:06:38 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <00A7F0AF.1BB9D4C5@SendSpamHere.ORG> In article <5419cbb0-8494-4f1e-a28e-180c7b7ff072@m36g2000hse.googlegroups.com>, bugs@signedness.org writes: >On Sep 2, 8:37=A0pm, JF Mezei wrote: >> b...@signedness.org wrote: >> > Brad, I think it is safe to say that the patch has nothing to do with >> > comp.os.vms. I believe some people noted that the patches were created >> > a month before we did the talk. >> >> I think this is speculation. >> >> Once we got over the language barrier on c.o.v., you'll notice that it >> was only then that SMG was declared guilty, and someone from HP posted >> some PATCH code to patch the SMGSHR image and not long after an official >> patch came out, and not long later, it was elevated to MUP. >> > >Well maybe if you had read my entire post you wouldn't say that. >Someone wrote somewhere that link date on the patch pre-dates our talk >by over a month. The "real" discussion started here probably a week >after our talk, and then it took several days before it was >"independently reproduced". So without actually going through all the >trouble of finding all the relevant dates, I estimate that HP had a >patch linked around 6 weeks before it was even clear to the majority >of comp.os.vms that it was a real issue and exploitable. > >> Had there not been a public discussion on c.o.v. that fully described >> how to trigger this vulnerability, I think HP would have waited a lot >> longer to release the patch, and may not have elevated it to MUP status. >> > >I would have thought the material being presented at the largest >security conference in the world would have been enough incentive to >release a patch. Or at least answer our emails and ask for more time >before going public with our rather limited disclosure (given the >timeline we could have just as well released an working exploit at the >talk and still complied to most accepted disclosure policies!).. And >don't forget HP did have a complete description how to trigger the >vulnerability. > >> Had HP keep in contact with you, you may not have come here and the >> outcome may have been different. But you say that HP stopped replying to >> you and that *may* mean that this was not given the priority it deserved. >> > >Again patch dates seems to tell a different story. We provided them >with details how to reproduce the issue and explained the >vulnerabilities had be sucessfully exploited. It seems they took it >serious enough to produce patches but not serious enough to answer our >emails.. People here have pointed out they were moving offices etc and >I realise mistakes happens etc.. So we'll give them the benefit of >doubt and report the other issues to them too. > >I don't want to make it sound like I have a massive problem with SSRT >because I don't. It may very well be that our emails got lost in the >move or something else happned to them, but if they just couldn't be >bothered replying then I think that is pretty disrespectful and >arrogant considering the circumstances. > >> By going public, it elevated the priority of the issue. >> > >Most likely but it wasn't made public here, it was made public at >defcon.. I think any argument that comp.os.vms speeded up the >development of a patch falls pretty flat. But we did pick up some vms >terminology here that provided us with useful information when we >googled it.. And on that note I again want to encourage the VMS >experts here to be a bit more sceptical when they read documentation. >Several times reading up on things in order to write the proof of >concept exploits we found ourselves saying "that can not possibly be >right (from a security perspective)".. I'm pretty sure if the vms >experts look at things with sceptical eyes a lot more bugs (and not >just memory corruption bugs) will be uncovered. > >Hopefully the bugs and the discussion here created some awareness to >make that happen. > > >> (In case you are not aware, VMS is the black sheep of HP family, and HP >> is not really interested in VMS. It has suffered greater number of >> layoffs than other products at HP hand they shoved the remaining VMS >> staff into smaller premieses in a diffferent city. (this move happened >> during this @bug@ event) Wow! If you approached HP with the same sort of arrogance you've just demonstrated in this posting, it is no wonder they might have ignored you? -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Tue, 2 Sep 2008 15:20:36 -0700 (PDT) From: Rich Jordan Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: On Sep 2, 3:11=A0pm, "Main, Kerry" wrote: > > -----Original Message----- > > From: Bob Koehler [mailto:koeh...@eisner.nospam.encompasserve.org] > > Sent: September 2, 2008 2:50 PM > > To: Info-...@Mvb.Saic.Com > > Subject: RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) > > > In article > > <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5EBD...@GVW1158EXB.americas.hpqcorp > > .net>, "Main, Kerry" writes: > > > > Geeeez, you seem to have a very low opinion of Cust IT capabilities. > > > > Cust: I want a blue car. > > > Vendor: All we sell are red trucks. > > > Cust: Ok. I'll take a red truck. > > > > Not my idea of today's typical Sales discussion. I have a somewhat > > higher > > > view of Cust IT depts. skills than you do. > > > =A0 =A0Nope. =A0It goes like this: > > > Cust: =A0I need a new vehicle, what should I be buying? > > Gartner: =A0Red trucks. > > > Cust: =A0I want a red truck. > > Vendor: =A0OK, here's your red truck. > > And the way it should be, but does not happen enough as the backbone > is not what it used to be: > > Cust: I need a red truck. > Media Analyst and rock stars in IT: You really want a blue truck. > Cust: Screw off - I need a red truck. > Vendor: Here is your red truck. > > :-) > > Regards > > Kerry Main > Senior Consultant > HP Services Canada > Voice: 613-254-8911 > Fax: 613-591-4477 > kerryDOTmainAThpDOTcom > (remove the DOT's and AT) > > OpenVMS - the secure, multi-site OS that just works. And the way its been reported to happen sometimes. Customer: Hello, HP! I want to buy a VMS system HP: VMS Windows? Customer: No, VMS. Ok, OpenVMS. HP: What version of windows is that? Customer: Its no any version of windows. Its OpenVMS HP: Hmm, Well does it run on a proliant? We sell those. Customer: No, it runs on Alphaservers, and on the new Itanium systems. HP: Itanium. Oh, I know. Hey, we sell those with windows too! Customer.... *click* Hello, IBM? and Vendor: Hello, HP! We have sold VMS since 1977 and want to continue. Vendor: We have dozens of customers, many small, but growing and want to keep them in the fold. HP: Will you sell at least a million dollars of hardware every year? Vendor: well, no, but we do sell a modest number of systems and upgrades every year, and we keep our customers happy, and wanting to remain on VMS! And that keeps their service dollars coming in to HP! HP: Go away, lowpockets. *click* ------------------------------ Date: Wed, 03 Sep 2008 01:08:18 +0200 From: Michael Kraemer Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: Rich Jordan schrieb: > > And the way its been reported to happen sometimes. > > Customer: Hello, HP! I want to buy a VMS system > HP: VMS Windows? > Customer: No, VMS. Ok, OpenVMS. > HP: What version of windows is that? > Customer: Its no any version of windows. Its OpenVMS > HP: Hmm, Well does it run on a proliant? We sell those. > Customer: No, it runs on Alphaservers, and on the new Itanium > systems. > HP: Itanium. Oh, I know. Hey, we sell those with windows too! > Customer.... *click* Hello, IBM? IBM as second source for VMS ? ------------------------------ Date: Tue, 2 Sep 2008 16:53:31 -0700 (PDT) From: FrankS Subject: Re: Note to Island Computers customers Message-ID: On Sep 2, 11:41=A0am, bob.bi...@gmail.com wrote: > Bight per Dictionary of Nautical Terms: > A recess in a coastline or river. > Thought you'll use Byte ;-) > My guess a cat 1 or 2 you'll be ok, Cat 3 iffy, > Cat 4 or 5 your toast. > Been thru 12 of em' If we're correcting: Paraphrased from dictionary.com (and any English language reference): YOUR: 1) A form of the possessive case of you used as an attributive adjective. "Your jacket is in that closet." 2) Used to indicate that one belonging to oneself or any other person, "The library is on your left." 3) Used informally to indicate all members of a group, or things of a particular type. "Take your factory worker, for instance." YOU'RE: 1) Contraction of you are. "You're toast." 'EM: 1) Contraction of them. "Been thru 12 of 'em." ------------------------------ Date: Tue, 02 Sep 2008 21:27:12 -0500 From: David J Dachtera Subject: Re: OT: SYSMAN Equiv. on AIX? Message-ID: <48BDF600.2667B161@spam.comcast.net> blowhard27 wrote: > > On Sep 1, 3:32 am, David J Dachtera > wrote: > > Bob Koehler wrote: > > > > > From: David J Dachtera > > > > > > Is anyone aware of a SYSMAN-like utility for AIX? I need to be able to > > > > execute the same command on multiple LPARs, HACMP not withstanding. > > > > > Someone with a similar problem on HP-UX used rsync. I think they > > > had cron jobs to look for scripts. > > > > Rsync was suggested as an approach to the "central repository" question. > > Has its issues, but also has considerable merit from what I've ssen so > > far. > > > > Not sure how Rsync would help execute the same command on every LPAR in > > a group. > > > > D.J.D. > > Not sure what an LPAR group is Any collection of LPARs without regard to HACMP: LPARS within a cluster, LPARs in multiple clusters, LPARs with/without clustering, ... > but I've used the C3 tools to manage > multiple nodes in an NIS domain. > Uses ssh or rsh so needs proper remote access setup. Like hosts.equiv > or .rhosts or netgroups. Have a > look at: http://www.csm.ornl.gov/torc/C3/C3documentation.shtml O.k. I'll have a look at that... D.J.D. ------------------------------ Date: Tue, 02 Sep 2008 21:30:44 -0500 From: David J Dachtera Subject: Re: OT: SYSMAN Equiv. on AIX? Message-ID: <48BDF6D4.42504333@spam.comcast.net> sol gongola wrote: > > David J Dachtera wrote: > > "Steven M. Schweda" wrote: > >> From: David J Dachtera > >> > >>> Is anyone aware of a SYSMAN-like utility for AIX? I need to be able to > >>> execute the same command on multiple LPARs, HACMP not withstanding. > >> Don't know aboit the multiple hosts part, but SMIT was the handy tool > >> for system management when I was young. (Sure miss the SMIT dude > >> falling on his face when a command failed.) > > > > Well, SMIT(TY) is whole different critter from SYSMAN. SMIT(TY) is a > > screen-oriented interface to various system management task, but AFAIK > > does not provide for operations within a group of nodes or a cluster. > > SMITTY is the character-cell version. SMIT is the X version, but > > defaults to SMITTY if X is not setup in the process environment or > > otherwise not available. > > AIX has a slew of commands to performs the system functions that are > performed by sysman. If you know the commands man files are there > for you but difficult for the uninitiated. SMIT makes it easier. > > AIX System Management Interface Tool (SMIT) lets you build an activity > through its menu interface. Before issuing the execute you can use F6 > to view the command to be executed, save it and use it elsewhere. You > can also look in the /smit.script file for a list of previously executed > commands to copy and use elsewhere. Acknowledged (again). The hard part - and the reason for the initial post - is to execute those commands on multiple LPARs so you only have one management point instead of 10, 100, 1000, .... D.J.D. ------------------------------ Date: Tue, 2 Sep 2008 12:58:07 -0700 (PDT) From: Rich Jordan Subject: Re: problems with WBEM and ACU-XE Message-ID: <81d66fc0-66ee-4848-b88b-b3e15351e1eb@y38g2000hsy.googlegroups.com> On Sep 2, 12:26=A0pm, Malcolm Dunnett wrote: > I have an rx2600 running VMS 8.3. It has a SmartArray 5300 controller in = it. > > I have installed WEBES V5.0 and ACUXE V6.40-11P09. > > Right after the initial install everything was working as expected, I > got an Icon on the device home page of WEBES that linked me to the > ACU-XE page and I could view/manage the SmartArray Controller. > > Now I am no longer seeing the icon for ACU-XE (I still get a box in the > icon position with the text "Array Configuration Utility XE" and the > little red X (missing image) symbol. If the ACU-XE agent is running and > I click on this box I get "Internet Explorer cannot display the webpage" > (the url ishttps://myhost.my.domain:2381/ACU-XE/ACU-XE.htm). If the > agent is not running I get a proper webpage telling me the agent is not > currently enabled. > > It would seem some ACUXE files have gone missing, or I'm missing a > logical pointing to where they should be. > > Anyone else seen this, any ideas where I should look would be appreciated= . > > Thanks in advance. Malcolm did you make any changes to the system disk? Change device name, allocation class, device naming, or do anything to the SSL or SNMP configuration? We had a similar issue in '06 with SA5300s in DS10s. The braindead ROM configurator was unable to make a smaller partition on a mirror set, so we built VMS on a full size mirror, loaded ACU-XE and requirements, used that to recarve the other drives, then backed up to a standalone drive so we could use ACU-XE to partition the system disk mirror (ACU-XE will not perform operations on the VMS boot device even if its a drive provided by the array controller). After that nothing worked. There are apparently hard coded references somewhere in the kit. We removed WBEM, management agents, TCPIP, ACU-XE and reinstalled and reconfigured all of them, but kept getting either no ACU-XE icon or else it would crash when we tried to run it. In the end we reinstalled VMS from scratch on the partition, and coincidentally upgraded to the newer management agents and ACU-XE that had just become available, and it worked again. I believe those are the versions you have running. We were never able to determine what caused the failures, only that changing the system disk name/alloclass caused an unrecoverable situation for ACU-XE, and Smartarray controllers are crap (albeit fast crap) compared to the HS series. ------------------------------ Date: Tue, 02 Sep 2008 16:09:41 -0700 From: Malcolm Dunnett Subject: Re: problems with WBEM and ACU-XE Message-ID: <48bdc7b6$1@flight> Rich Jordan wrote: > did you make any changes to the system disk? Change device name, > allocation class, device naming, or do anything to the SSL or SNMP > configuration? > I don't think so, but it broke before I went on vacation and I'm now looking at again, so my memory is a bit hazy. > > In the end we reinstalled VMS from scratch on the partition, and > coincidentally upgraded to the newer management agents and ACU-XE that > had just become available, and it worked again. I believe those are > the versions you have running. I couldn't get it working even after deleting and re-installing ACU-XE and the WEBES kits. I finally tossed out WEBES and installed the new System Management Homepage stuff, then reinstalled ACU-XE. That made it work again (although it seems to take about five minutes between the time I start the applications and the time that ACU appears on the SMH menu) Now if only it would support MSA1000/1500s :-( ------------------------------ Date: Tue, 2 Sep 2008 19:28:16 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: switch vs. hub for hobbyist cluster Message-ID: In article <7a547be2-8437-42ba-955e-9377f0e224d4@k30g2000hse.googlegroups.com>, "Bart.Zorn@gmail.com" writes: > Is it worthwhile to keep the 3000/600 when you have a 1200? I can > imagine that it consumes more power than the 1200, but I am not sure. Substantially more; that's the reason it is configured as a satellite. > I do not think that the 3000/600 does 100 Mb/s, so the speed of the > 1200 does not really matter. Suppose the 1200 is accessing some web page through the DSL router. I was hoping it could get more bandwidth through a switch. (Of course, this would be an advantage only if the content weren't buffered to the user disk, since this is a shadow set with a member on each of the VAXes.) > That said, you may still gain something from a switch over the hub, > especially when you are doing shadow copy/merge actions. Does anyone have a quantitative estimate? > Also note that the 1200 is the only one that could potentially use the > full speed of your DSL connection, but only if you have a switch. Right; see above. Though with a switch, several machines at the same time could use more of the DSL bandwidth (one doing email, one an FTP transfer, one browsing the web etc). ------------------------------ Date: Tue, 2 Sep 2008 19:31:01 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: switch vs. hub for hobbyist cluster Message-ID: In article <48b860d5$0$4543$c3e8da3@news.astraweb.com>, JF Mezei writes: > On the other hand, a switch is a "store and forward" device which > introduces some latency, especially at 10mbps. (swicth receives packet > fully, then moves it to each of the designated destination port queues > where the packets are sent out. So to send 1500 bytes, it will take > twice the transmission time (time for switch to receive packet, and time > to send it). It's probably at the per-cent or per-mil level, but perhaps it would be best to put the VAXes on a hub and connect that hub to a switch containing the rest of the connections. ------------------------------ Date: Tue, 2 Sep 2008 19:43:50 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: switch vs. hub for hobbyist cluster Message-ID: In article <57afea74-34da-4671-aa7b-b5db8e35ee6c@56g2000hsm.googlegroups.com>, johnwallace4@yahoo.co.uk writes: > I don't remember any mention of cables in Philip's post. Current > switches are likely to be twisted pair, so if the existing kit doesn't > have them, converters will be required and may not be cheap. All of my cable is category-5 twisted pair. I spent a lot of money on converters several years ago. I still have a lot of thinwire coax and even thickwire hardare, but not in use. :-) > If no > adapters are required, or they already exist, then for the cost of a > current equivalent of something like an FS508, it might be worth just > buying one and trying it. If nothing else it could be used as a spare > for the hub (unless one already exists). I already have some spares. Another aspect, which I didn't mention, is that within the next couple of years I might gradually replace the ALPHAs with VAXes, now that I have some more smaller ALPHAs. (I like to have complete replacement machines, thus more than I actually have in use, so that if one dies I can just drop in another one with minimal down time and then find the problem with the bad machine later, replacing the bad part if necessary and thus converting it into a new spare. This is also why I prefer external disks. By the way, one of the few bits of hardware I am still looking for are BA353 boxes (the pizza-box style expansion with room for 3 SBBs side-to-side; if anyone in Europe has some which are no longer needed, let me know, and I'll come by and pick them up sometime).) Newer ALPHAs can do 100, so I should notice more of an improvement then. Sadly, the reason for the replacement would be software, not hardware. I have VAX hardware which has been in continuous operation for 20 years. The newer stuff isn't that reliable. The VAXstation 4000 is reasonably fast (for a VAX---and even absolutely, more than enough to handle hobbyist email and other TCPIP traffic, run a graphical monitor with a few DECterms and at the same time have a couple of low-priority batch jobs running), small, quiet, doesn't use much power, and very easy to service. It seems that VAX TCPIP is stuck at 5.3 (correct me if I am wrong) and on the ALPHA I make use of the anti-spam features of 5.4, and of course there is a newer version of that. This is why I jump through some hoops to make sure the cluster alias (I forward almost all incoming connections to the cluster alias) remains on the ALPHA, which on the one hand kind of defeats the purpose of the cluster alias, but keeps the spam down (as long as the ALPHA is running, which is usally the case). ------------------------------ Date: Tue, 02 Sep 2008 15:58:14 -0400 From: JF Mezei Subject: Re: switch vs. hub for hobbyist cluster Message-ID: <48bd9b02$0$9653$c3e8da3@news.astraweb.com> Phillip Helbig---remove CLOTHES to reply wrote: > It's probably at the per-cent or per-mil level, but perhaps it would be > best to put the VAXes on a hub and connect that hub to a switch > containing the rest of the connections. Nop. Because of the half duplex nature, you are better off with everything on a switch. This allows the 2 vaxes to talk at the same time to some 3rd party or even to themselves. Also, remember that the switch will not bother VAX2 with packets destined to VAX1, so VAX2 has far fewer collisions that delay packets. ------------------------------ Date: Tue, 2 Sep 2008 14:32:21 -0700 (PDT) From: johnwallace4@yahoo.co.uk Subject: Re: switch vs. hub for hobbyist cluster Message-ID: <375f0513-2df0-43c3-a1c1-dab8e76a27e3@y38g2000hsy.googlegroups.com> On Sep 2, 8:28 pm, hel...@astro.multiCLOTHESvax.de (Phillip Helbig--- remove CLOTHES to reply) wrote: > In article > <7a547be2-8437-42ba-955e-9377f0e22...@k30g2000hse.googlegroups.com>, > > "Bart.Z...@gmail.com" writes: > > Is it worthwhile to keep the 3000/600 when you have a 1200? I can > > imagine that it consumes more power than the 1200, but I am not sure. > > Substantially more; that's the reason it is configured as a satellite. > > > I do not think that the 3000/600 does 100 Mb/s, so the speed of the > > 1200 does not really matter. > > Suppose the 1200 is accessing some web page through the DSL router. I > was hoping it could get more bandwidth through a switch. (Of course, > this would be an advantage only if the content weren't buffered to the > user disk, since this is a shadow set with a member on each of the > VAXes.) > > > That said, you may still gain something from a switch over the hub, > > especially when you are doing shadow copy/merge actions. > > Does anyone have a quantitative estimate? > > > Also note that the 1200 is the only one that could potentially use the > > full speed of your DSL connection, but only if you have a switch. > > Right; see above. Though with a switch, several machines at the same > time could use more of the DSL bandwidth (one doing email, one an FTP > transfer, one browsing the web etc). Probably too many variables in your picture (unknowns as far as readers are concerned) to give any worthwhile quantitative guesstimates or even a SWAG, hence the suggestion of buying a cheap switch and just trying it. Sounds like you have all the pre-requisites (correct cabling etc) so if you can get a switch on sale or return, and when you plug it in you see a worthwhile improvement, you keep it, else... (in the UK it's apparently called "doing an Argos", but Argos- like places may not have the kind of thing you need). Incidentally, my earlier mention of Netgear switches managed to confuse the Netgear FS508 8port switch (expensive, managed, not one I own) with the FS108 (cheaper, unmanaged, I own one). I have also had an FS105 too but outgrew it. The FS105 is only 5port, but with the possible benefit in your circumstances, and mine at the time, of "collision" LEDs per port (not present on the FS108), which can be helpful when trying to mix speeds and duplexness (duplicity?). Currently they're each around GBP25 at Amazon.co.uk; ymmv. I got confused, sorry for any confusion I may have spread (though the basic cut-through vs store+forward discussion still applies). ------------------------------ Date: Tue, 2 Sep 2008 19:50:56 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: [RBL] Current status? Message-ID: In article <48BB5589.405762E9@spam.comcast.net>, David J Dachtera writes: > Phillip Helbig---remove CLOTHES to reply wrote: > > > > In article <48b43770@news.langstoeger.at>, peter@langstoeger.at (Peter > > 'EPLAN' LANGSTOeGER) writes: > > > > > What is the current status of RBLs? > > > Which one do you use? > > > > I've been using Spamhaus as my only RBL for a while now. Seems to work > > fine. I get a few thousand SMTP connection attempts per day. Perhaps 5 > > spam emails per day get through. Although something like this is > > difficult to detect, I don't think false positives are a problem. > > Actually, false positives are a *BIG* problem! Fortunately, on the VMS > systems we just de-implemented, all of the important pages were sent by > HTTP using WGET (Thanx, SMS, for a very useful solution!) In my case, after setting up the Spamhaus RBL, I didn't miss any expected emails, from which I concluded that (in my case) false positives (meaning non-spam which is handled as spam) weren't a problem. ------------------------------ Date: Tue, 02 Sep 2008 21:33:51 -0500 From: David J Dachtera Subject: Re: [RBL] Current status? Message-ID: <48BDF78F.95C4AC3C@spam.comcast.net> "John E. Malmberg" wrote: > > David J Dachtera wrote: > > Phillip Helbig---remove CLOTHES to reply wrote: > >> In article <48b43770@news.langstoeger.at>, peter@langstoeger.at (Peter > >> 'EPLAN' LANGSTOeGER) writes: > >> > >>> What is the current status of RBLs? > >>> Which one do you use? > >> I've been using Spamhaus as my only RBL for a while now. Seems to work > >> fine. I get a few thousand SMTP connection attempts per day. Perhaps 5 > >> spam emails per day get through. Although something like this is > >> difficult to detect, I don't think false positives are a problem. > > > > Actually, false positives are a *BIG* problem! Fortunately, on the VMS > > systems we just de-implemented, all of the important pages were sent by > > HTTP using WGET (Thanx, SMS, for a very useful solution!) > > > > *ALL* of the AIX pages are sent via SMTP, and our paging provider uses > > spamhaus, also. SO, when we get a lone PC inside the firewall that gets > > infected due to unsafe surfing and starts blasting spam all over he > > known universe, our physician and other caregivers as well as our > > technical people stop getting important message by pager. > > > > So yes, false positives are all too common and immediately become a > > *HUGE* problem! > > I posted at least a year ago that some of the dsbl.org testers had > discovered a virus - spambot infection that was not detectable by the > commercial virus scanners at the time. > > The only way to detect this infection is to monitor attempts to send > e-mail directly through a firewall instead of through the designated > SMTP gateway. > > Of course in some areas of this country, having a system infected with a > virus where an unknown bot-master was on in control, anyone who's > personal data could have been accessed needs to be notified. > > And these days, it must be assumed that if a PC was infected with a > virus, the purpose was to inject a remote control program for various > criminal activities. > > http://www.spamhaus.org/news.lasso?article=636 > > A corporate firewall should be detecting and setting off security alarms > when a non-mail server attempts to make a direct SMTP connection through it. ...and there in lies the rub: too many vendor-managed proprietary (non-Windows) systems where the vendor is unwilling to "play by the house rules". > Another techique to use is a Samba Server configured to look like a > vulnerable PC to see what systems attempt to infect it. > > And Corporate/Educational network owners should consider being > suspicious of any outgoing e-mail with reply-to addresses for any of the > free/demo e-mailers: > > hotmail.com, live.com, live.ca, live.co.uk, live.* > > aol.com, games.com, aim.com, aol.* > > voila.fr, myway.com, gazeta.pl > > yahoo.com, rocketmail.com, ymail.com, yahoo.* > > gmail.com, googlemail.com Note: "should consider being suspicious of", but should not block arbitrarily. D.J.D. ------------------------------ Date: Tue, 02 Sep 2008 21:36:39 -0500 From: David J Dachtera Subject: Re: [VMS V7/8] How to avoid filling sec audit with entries of BACKUP user? user? Message-ID: <48BDF837.6ADE7DE9@spam.comcast.net> Peter 'EPLAN' LANGSTOeGER wrote: > > In article <48BB56F4.881E4A23@spam.comcast.net>, David J Dachtera writes: > >Peter 'EPLAN' LANGSTOeGER wrote: > >> > >> In article <48B7617D.CFDC1D33@spam.comcast.net>, David J Dachtera writes: > >> >Also, have you tried filtering ANAL/AUDIT using /IGNORE=USERNAME=BACKUP? > >> > >> Out of scope as well (as written) > > > >Can you explain? > > Not really. These are not my rules. It has to do with 'unmanipulated' > security audit files and disk space usage and probably with some more > which I don't know... ANAL/AUDIT/IGNORE doesn't "manipulate" the data, only filters it for purposes of the report. > >So, I'm stymied at this point. It almost sounds like you're looking for > >a re-write of the AUDIT facility to allow users to side-step security > >selectively (*BIG* security hole!), beyond BYPASS privilege. > > Huh? With BYPASS you side-step security? You remember this > > FILE access: > Failure: read,write,execute,delete,control > SYSPRV: read,write,execute,delete,control > BYPASS: read,write,execute,delete,control <==== > READALL: read,write,execute,delete,control Exactly. The user can BYPASS security, but still gets AUDITed/tracked. D.J.D. ------------------------------ End of INFO-VAX 2008.482 ************************