INFO-VAX Tue, 30 Sep 2008 Volume 2008 : Issue 527 Contents: Re: Enhancing DCL, was: Re: How do I add 2 letters to a long Re: Enhancing DCL, was: Re: How do I add 2 letters to a long mounting USB Sandisk New browser for OpenVMS in field test, Itanium only so far Re: New browser for OpenVMS in field test, Itanium only so far Re: New browser for OpenVMS in field test, Itanium only so far Re: New browser for OpenVMS in field test, Itanium only so far Re: OT: USA the fleecing of USA banks by Wall Street ---------------------------------------------------------------------- Date: Mon, 29 Sep 2008 12:39:56 -0700 (PDT) From: Hein RMS van den Heuvel Subject: Re: Enhancing DCL, was: Re: How do I add 2 letters to a long Message-ID: <6466a002-3257-48d0-991a-ab66685181e3@k37g2000hsf.googlegroups.com> On Sep 28, 2:28=A0pm, clubley@remove_me.eisner.decus.org-Earth.UFP (Simon Clubley) wrote: > In article <192218fb-968d-4eaf-870a-b25981e7d...@f36g2000hsa.googlegroups= .com>, AEF writes: > > > On Sep 28, 11:56 am, clubley@remove_me.eisner.decus.org-Earth.UFP > > (Simon Clubley) wrote: > > I misunderstood what your FILTER routine was doing. btw.... on systems with PERL available (not too many 6.2 systems have perl) I would use a perl 'command line' or script to extend a filter to regular expressions. For example: $ perl -e "$re =3D shift; $cmd=3Djoin q( ),@ARGV; for (qx($cmd)){print if / $re/i}" HE show users HEIN 2 1 HENKLE 2 1 SCHENKENBERG 1 $ perl -e "$re =3D shift; $cmd=3Djoin q( ),@ARGV; for (qx($cmd)){print if / $re/i}" "^ HE" show users HEIN 2 1 HENKLE 2 1 or as script ------------------------------ filter.pl --------------------- $re =3D shift and $cmd=3Djoin q( ),@ARGV or die "Usage: Perl $0 [...]"; for (qx($cmd)) { print if /$re/i } ----------------------------------------------------------------- $perl filter.pl \s[HK] show users ! Look for users name starting with H or K ... HEIN 2 1 HENKLE 2 1 KILGALLEN 1 > You on the other hand were discussing security in the context of having b= een > told that recall/out can't be implemented within a command procedure > because it's a security problem. That's an interesting comment and it wou= ld > be interesting to know from VMS Engineering why they consider it a securi= ty > issue. Over the decades I have been present at many an lunchtime table discussion with OpenVMS Engineering discussing this. The last serious attempt to resurrect this was by Guy Peleg back in 2002. If I recall (sic) correctly, it was in an HP-internal OpenVMS notes discussion where Fred K was the loudest nay sayer at the time. The feeble security argument against this typically was that a malicious command file/program could silently grab command and scrape those for useful passwords and such. However... 1) does that not imply a tolerance for malicious scripts gettign onto the box?! How is that acceptable? Not allowing programmed recall is like close the bar door after the horse has escaped! 2) The command recall text is stored in user-mode readable DCL memory. Procedures and programs exist vor verious (older) OpenVMS versions to get at the recall buffers. Not having access to recall from a script is therefor an attempt at secutiry through obscurity. That is NOT the OpenVMS way of doing things! My comment from a much similar discussion within Digital (conpaq?) years ago... =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Note 4925.5 RECALL/OUT=3Dxxx from command procedure 5 of 6 MIASYS::HEIN "Hein RMS van den Heuvel" 19 lines 19- JAN-2001 09:24 ---------------------------------------------------------------------------= ----- > UNIX of course has this feature and it screws up royally if you have > more than one concurrent session. OK, a little strong but it can get Actually, IMHO Unix does *remarkably* well with concurrent sessions. I happen to do projects with a person on the other side of the Atlantic and we communicate through the command line history at times :-) Yes I've seen and participated in the old security discussion on RECALL/OUT and still feel it should be there and should have been there. It is just security by obfusication (sp?) which we know is not security. RECALL/OUT would just make it easier to hide a password scraper. Furthermore, there are plenty of customers which will never ever put a password on a comand line (many probably do not even know how to) and those are being hurt without recourse. Maybe a sysgen switch/variable is needed: ALLOW_INSECURE_DCL_RECALL_SAVE fwiw, Hein. ----------------------------------- > I can only think that they are concerned that a user could be tricked int= o > running a command procedure that could capture their commands and mail th= em > somewhere without the user knowing. However, I can think of far more > dangerous things that such a command procedure could do. Exactly. Cheers, Hein. ------------------------------ Date: Mon, 29 Sep 2008 21:03:14 -0700 (PDT) From: AEF Subject: Re: Enhancing DCL, was: Re: How do I add 2 letters to a long Message-ID: <31684607-f769-4224-8c81-74cf93afaaeb@k30g2000hse.googlegroups.com> On Sep 29, 8:36=A0am, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article , AEF writes: > > > > > Yes, I know that. But what's the difference between saving sensitive > > information when running the RECALL command at a DCL prompt compared > > to running it from within a command procedure? In both cases, the > > secret information is written to disk. So why is the former okay but > > not the latter? > > =A0 =A0It makes it impossible to automate a potential security mistake. There is a trade-off between functionality and risk, and in my situation, the functionality of being able to run RECALL in a command procedure would greatly, even fantastically exceed any risk. I can guarantee you that on my systems it would not be a problem. There are other things you could disable for the same reason, like DECnet for example. What do you mean by "automate"? I can see hiding it in a Trojan Horse, but automate? AEF ------------------------------ Date: Mon, 29 Sep 2008 16:43:53 -0700 From: "Tom Linden" Subject: mounting USB Sandisk Message-ID: I initialized /gpt on a RX2620 runing 1H1 and mounted it with /cluster, but it only gets mounted on that box. Why? I see on ebay 16GB devices going for about $30. How reliable as storage can it be, alpha particles aside? -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Mon, 29 Sep 2008 14:17:46 -0700 (PDT) From: Rich Jordan Subject: New browser for OpenVMS in field test, Itanium only so far Message-ID: Ian posted this on openvms.org http://www.openvms.org/stories.php?story=08/09/29/1132349 "field test version of HP Secure Web Browser for OpenVMS (based on SeaMonkey V1.1-10)" ========== The story doesn't mention platforms but the HP page only has info on an Itanium version. Seamonkey is the integrated application successor to Mozilla, not the VMS Firefox port that was mentioned quite a while ago. I did not see any mention of the product being available for Alpha platforms, but I haven't read through all the docs yet. There does seem to be a defined 'break' between "Mozilla for Alpha" being unsupported and "Secure Web Browser" for Itanium being supported. No mention in that one doc about "Secure Web Browser for Alpha" that I'm currently running. Have they renamed it back to Mozilla? From the document Q&A: Q: What are the differences between the Secure Web Browser and Mozilla for OpenVMS? A: The Secure Web Browser is supported by HP, but Mozilla for OpenVMS Alpha is not supported. The Secure Web Browser T1.1-10 is based on SeaMonkey V1.1.10. You can download Mozilla for OpenVMS Alpha from the OpenVMS web site at http://h71000.www7.hp.com/openvms/products/ips/register_mozilla.html. I hope an Alpha version is coming soon. However the way this is worded has me thinking they don't plan on it. ------------------------------ Date: Mon, 29 Sep 2008 21:31:28 -0400 From: JF Mezei Subject: Re: New browser for OpenVMS in field test, Itanium only so far Message-ID: <48e18257$0$12417$c3e8da3@news.astraweb.com> Rich Jordan wrote: > seem to be a defined 'break' between "Mozilla for Alpha" being > unsupported and "Secure Web Browser" for Itanium being supported. I think that a timeline may explain: The Compaq Secure Web Browser was the proprietary implementation of Mozilla that was compiled/packaged for VMS. I don't think that VMS existed on those IA64 things yet. Since then, the Mozilla group abandonned the Mozilla product and forked it into Firefox and Thunderbird. But a group of devoted folks decided to resurrect the Mozilla (aka: Netscape) source and started the Seamonkey project which is ongoing. So today, since "Mozilla" is no longer developped, it is normal that HP might not wish to call the CSWB product "supported". As to whether new development of Seamonkey on VMS might come to Alpha, this is an interesting question. If this is still beta, I could understand that it would be on a single platform, and once beta is done, they may cross compile the whole kit and kaboodle onto Alpha. (building the beast is very involved and requires a whole lot of middleware not only for the code, but also to modify/generate code for that platform. ------------------------------ Date: Mon, 29 Sep 2008 18:51:55 -0700 From: "Tom Linden" Subject: Re: New browser for OpenVMS in field test, Itanium only so far Message-ID: On Mon, 29 Sep 2008 18:31:28 -0700, JF Mezei wrote: > Rich Jordan wrote: > >> seem to be a defined 'break' between "Mozilla for Alpha" being >> unsupported and "Secure Web Browser" for Itanium being supported. > > > I think that a timeline may explain: > > The Compaq Secure Web Browser was the proprietary implementation of > Mozilla that was compiled/packaged for VMS. I don't think that VMS > existed on those IA64 things yet. > > Since then, the Mozilla group abandonned the Mozilla product and forked > it into Firefox and Thunderbird. But a group of devoted folks decided to > resurrect the Mozilla (aka: Netscape) source and started the Seamonkey > project which is ongoing. > > So today, since "Mozilla" is no longer developped, it is normal that HP > might not wish to call the CSWB product "supported". > > > As to whether new development of Seamonkey on VMS might come to Alpha, > this is an interesting question. If this is still beta, I could > understand that it would be on a single platform, and once beta is done, > they may cross compile the whole kit and kaboodle onto Alpha. (building > the beast is very involved and requires a whole lot of middleware not > only for the code, but also to modify/generate code for that platform. Why on earth would VMS engr spend the resources to do this, I mean who really gives a tinkers damn? And while we're at it, drop CSWB, we have WASD, which is far better supported. Seamonkey, BTW, was a scam marketing scheme to sell exoctic ceatures to young kids (my daugher had me get her some) they are krill. (I think) -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Tue, 30 Sep 2008 03:04:42 +0000 (UTC) From: moroney@world.std.spaamtrap.com (Michael Moroney) Subject: Re: New browser for OpenVMS in field test, Itanium only so far Message-ID: "Tom Linden" writes: >Seamonkey, BTW, was a scam marketing scheme to >sell >exoctic ceatures to young kids (my daugher had me get her some) they are >krill. >(I think) Brine shrimp. ------------------------------ Date: Mon, 29 Sep 2008 22:07:33 +0100 From: Mark McIntyre Subject: Re: OT: USA the fleecing of USA banks by Wall Street Message-ID: JF Mezei wrote: > I can't seem to find it now, but yesterday, there were documents on the > FDIC web site that clearly and unequivocably stated that the FDIC had > SEIZED the assets of Wamu Perhaps they were removed because they're inaccurate? > And sold them to Chase. (ok, JPMorganChase to > make you happy, but it is really Chase) No, its really JPMorgan. Next you'll be telling me that HBOS is really Williams & Glyns. >>> and immediatly gave them to Chase Manhattan >> No it didn't. > > Well, the transaction was pretty quick since the seizure of assets and > announcement of their sale to Chase was done on the same day. Firesales tend to be like that. > Just because some bank mergers had strong enough egos to result in the > two names surviving doesn't mean that functionally, both banks remain > intact within the new structure. And you have vast experience of bank mergers do you? Declaration of interest: I'm on my 3rd. >> Thats untrue. The shareholders are left with worthless stock because the >> company stock was worthless at the time of the sale. I'm not sure you >> understand the difference between having no money and having no assets. > > Rumours of WaMu not doing well started a week or two ago. So does that make it untrue that they were in financial trouble? >> For the record, JPMorgan Chase bought WaMu holding company in an auction >> organised by the FDIC, following the failure of the previous attempt by >> GS to find buyers. > > How come none of the documents on FDIC or WaMu web sites speak of a > auction ? When was such an auction held ? How come WaMu shareholders > have no seay Because Wamu was a bank holding company and controlled depositors assets which legally had to be protected. > in the matter whereas shsraeholder of Bear Strearns get to > approve the deal Because bear stearns was an investment bank which controlled only investors money and the Govt doesn't have to care about that. > And had the FDIC waited an extra weekend before acting, WaMu would have > been able to draw on some of the 700 billion gift to banks and its stock > would have gone way back up. Would it? And if it hadn't, and it had gone bust unable to repay the 1000s of americans back their life savings? Do you actively /want/ a return to the 30s? Further dicsussion to be carried on in a more appropriate place. ------------------------------ End of INFO-VAX 2008.527 ************************