PAGESWAPPER The VAX Security Working Group C. Douglas Brown, Chairman The VAX Security Working Group was formed to provide a unified voice to DEC through which to present our concerns and requirements in the area of security and to provide us with a forum to share our knowledge regarding VMS security. During the past two years we have prepared a white paper outlining security requirements for VMS, taken a ballot regarding the desirability of the various proposed security features, and sponsored several sessions at the DECUS symposia. We have been gratified to see the growing interest shown by the DECUS members and by DEC itself during that time. We are especially pleased to hear that DEC is working on a number of major security enhancements to VMS. Because of the current level of interest in security, the working group has grown to the point that it is very difficult to make frequent mailings to the members, so I plan to do most of our communication through the Pageswapper. If your main interest in the working group is in gathering information about VMS security, you should be able to get that through the Pageswapper. On the other hand, if you wish to take an active part in the working group, e.g., planning sessions or commenting on papers that will be submitted to DEC, you are encouraged to write me and get your name on the membership list. About half of the working group membership is currently from commercial and educational sites, with the other half being government sites or contractors for the government (mostly engaged in military-related activities). Even though there are some differences in the security requirements for such varying applications, there are also many areas of overlap, and I would like to encourage DECUS members from all types of sites to participate in the working group. In fact, the working group is 1 a sponsoring a session to be presented by DEC at the Spring '83 DECUS Symposium entitled "VAX Security in a Commercial Environment." It will deal with the uses of non-discretionary access controls (which have been used in government-related security for some time) and audit trails in a commercial environment. The other session that we will sponsor at St Louis is a VAX Security Panel, with members from DEC and several user sites. I was going to request a VMS security tutorial session, since several users at Anaheim requested one, but the paperwork I submitted got lost en route to the scheduling session. However, I am hoping we can cover a number of techniques for enhancing the security of a VMS system in the Security Panel. It appears to me that the most productive thing the working group can do in the near future (in addition to sponsoring sessions for the symposia) is to put together some comments on DEC's current plans for implementing more security features in a future release of VMS. For example, there were a number of comments in Anaheim about DEC's plans to implement Access Control Lists. Some of the user suggestions seemed to have considerable merit. It would be useful to have some written discussion of the issues, e.g., whether the proposed Identifier Names should be global or qualified in some hierarchical structure, or whether Identifiers should be passed between DECnet nodes and used for access control. Hopefully we can reach some concensus and influence DEC before their implementation is frozen. If you are interested in taking part in such a dialogue, please read the report on the security activities that I have submitted for this issue of the Pageswapper and the report the Almon Sorrell submitted in a previous issue and then provide your written input as soon as possible. My address and phone number are C. Douglas Brown Sandia National Laboratories Organization 2644 P.O. Box 5800 Albuquerque, NM 87185 (505) 844-7993 2 PAGESWAPPER - April 1983 - Volume 4 Number 6 In this issue... In this issue... The VAX Security Working Group . . . . . . . . . . . 1 In this issue... . . . . . . . . . . . . . . . . . . 3 VAX Systems SIG Memorabilia . . . . . . . . . . . . 3 Audio Taping at the Spring 1983 Symposium . . . . . 4 Editor's Workfile . . . . . . . . . . . . . . . . . 4 Corrections to SIG Tape Files BIGFILES and FID2FSPEC 5 VAX Sessions at the Spring 1983 DECUS Symposium . . 6 Report from Europe . . . . . . . . . . . . . . . . 14 Using RSX-11M BRU under VAX/VMS . . . . . . . . . 15 System Management Working Group Change of Address 17 Erasing Files on Delete . . . . . . . . . . . . . 18 Limited Privileges for Programs . . . . . . . . . 20 VMS Login Security . . . . . . . . . . . . . . . . 22 Privileged Operations from Captive Accounts . . . 24 Report on Security Sessions at the Fall '82 DECUS Symposium . . . . . . . . . . . . . . . . . . . . 27 INPUT/OUTPUT . . . . . . . . . . . . . . . . . . . 34 Spring '82 DECUS VAX SIG Advanced Q & A session . 38 INPUT/OUTPUT Submission Form . . . . . . . . . . . 61 System Improvement Request Submission Form . . . . 63 Material for publication in the Pageswapper should be sent to: Larry Kilgallen Box 81, MIT Station Cambridge, MA 02139-0901 Preference is given to material submitted as machine-readable Runoff source. Mailing list requests are NOT handled at the above address; they should be sent to the DECUS office. VAX Systems SIG Memorabilia For those attending the Spring 1983 DECUS Symposium in St Louis, the VAX Systems SIG will be selling not only T-shirts, but also neckties and baseball caps featuring our Cheshire cat mascot. 3 PAGESWAPPER - April 1983 - Volume 4 Number 6 Audio Taping at the Spring 1983 Symposium Audio Taping at the Spring 1983 Symposium The VAXSIG has been authorized by the DECUS Board to conduct an experiment at the 1983 Spring DECUS U. S. Symposium. This symposium will be held May 23-27, 1983 in the Cervantes Convention Center in St. Louis, Missouri. The special experiment will be that of taping all of the VAXSIG sessions. We must have the speakers approval before the session will be taped. These tapes will be available for sale at the convention as well as after the convention. The plans are to get as many of the sessions under this taping policy as is possible. We are urging all speakers to sign the release. My personal opinion is that the talks are in the public domain and we allow individuals to bring in their personal tape recorders so DECUS should have the complete right to tape and sell the sessions. The cost for the tapes and the method of post convention sales has not been determined at the time of the writing of this article (late March). We are planning to sell at cost of taping and copying. The cost should be approximately $5.00 per tape. The tapes will be made by taping into the central PA system which will result in high quality tapes. I suggest that if you normally tape sessions that you may actually want to purchase tapes as they will be of higher quality than that you can get. The information concerning the after convention sales will come in future (June) issues of the PAGESWAPPER and the DECUSCOPE. Art McClinton MITRE Corporation VAXSIG Audio Taping Coordinator Editor's Workfile As you may have noticed, our featured Pageswapper topic this month is Security. Future topics include: May - Performance June - LUGs, how they work or might July - Review of Spring Symposium August - ??? 4 PAGESWAPPER - April 1983 - Volume 4 Number 6 Editor's Workfile September - ??? Remember to send in your subscription fee if you want to continue receiving the Pageswapper. If you did not receive the form to sign up for subscriptions, write to the DECUS office in Marlborough, Massachusetts. Larry Kilgallen Corrections to SIG Tape Files BIGFILES and FID2FSPEC Tom Chewning Naval Research Laboratory, Washington, DC The program [VAX82B.NRLSSD]BIGFILES.MAR, which lists the 50 largest files on a disk, should be corrected as follows: Line no Is Should Be ---- ------------------------ ------------------------------ 392 READR: READR: 393 ADDW3 #28,R4,IREC ADDW3 OFFSET,R4,IREC The subroutine [VAX82B.NRLSSD]FID2FSPEC.MAR, which is used by FID2FSPEC.COM to convert file ID to file specification, should be corrected as follows: Line no Is Should Be ---- ------------------------ ------------------------------ 32.1 OFFSET: .LONG 0 35 FSPEC_ARG: .LONG 5 FSPEC_ARG: .LONG 6 40.1 .ADDRESS OFFSET 71 BLBC R0,ERROR2 BLBS R0,P15 71.1 BRW ERROR2 71.2 P15: 82 SUBW3 HEADER+F.FID,#100,R0 SUBW3 HEADER+F.FID,#100,OFFSET 83 MOVAL @FID(AP),R2 no change 84 ADDW3 R0,(R2),IREC ADDW3 OFFSET,(R2),IREC 5 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium VAX Sessions at the Spring 1983 DECUS Symposium Jeff Jalbert VAX Systems SIG Symposia Coordinator This is a ROADMAP to the Spring 1983 DECUS Symposium for those interested in VAX topics. It outlines all sessions sponsored by the VAX Systems SIG and includes some sessions sponsored by other SIGs as well. Sessions are grouped into several differing categories. These categories are: MANAGEMENT TECHNICAL NOVICE HARDWARE REAL-TIME This document is intended to be your starting guideline to the symposium. It is not exhaustive, and certainly does not reflect the sessions developed at Saint Louis such as BOFs. The Sessions at a Glance boards outline the entire symposium and you should be using them as well. DECUS works because you participate and contribute to our common activities. In order to enhance that participation we have made a special effort to schedule all WORKING GROUP sessions on Monday afternoon, just before dinner. Join with these working groups and then go to dinner! That is the first way to become more active! We need your insights, and HELP, so come and buttonhole us. The SIG leadership will be at these working group sessions. Please let me know if this roadmap is useful to you. What can be done to improve it? What should we (the VAX Systems SIG) do to continue to develop these kinds of materials? What do you want for a SIG guide? A symposium guide? The quality of sessions is of extreme importance to our symposium process. We have attached a set of evaluation questionaires to the copy of this roadmap you will get in Saint Louis. PLEASE! fill them out and deposit them in the boxes at the rear of the session rooms or in the VAX SIG campground. We listen! 6 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium MANAGEMENT This stream includes sessions that may be of interest to those who are responsible for managing VAX installations. This area covers both system mamagement and computer center management. MONDAY VAX Systems SIG Roadmap VAX System Update VAX/VMS Update VAX Languages and Tools Overview Knowledge Engineering at DEC - XSEL VAX Family Performance VAX Information Architecture Overview What is Datatrieve Software Product Services for New Users Storage Systems: Current Products and Future Needs New DEC Storage Architecture VAX CI Software Systems VAX Hardware Panel Overview of VAX Languages Environment VAX/VMS System Management Working Group VAX-11 TDMS Overview VAX-11 FMS V2 Overview Integrated VAX Information Architecture VAX Systems SIG Commercial Working Group Digital Office Architecture New Disk Technology and Architecture VAX Systems SIG LUG Representatives Meeting TUESDAY VAX Security Panel Disk System Performance in VAX/VMS Information Resource Management Chalenge Using Broadband with DEC Networking Care and Feeding of DEC Computers User Data Archiving Management Techniques LN01 Page Printers DECs New Tape Processing VAX Software Development Tools, Panel AI and LISP Programming on DEC Computers VMS Performance Management Applications Development using VAX Information Architecture Managing Software Development CAS In the University and Industry 7 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium WEDNESDAY DEC/MMS: A Tutorial New Tape Technology VAX/VMS Documentation Common LISP for DEC Systems A Manager's View of Office Automation Use oF VIDEOTEX and TELETEX on VAX/VMS VAXStation Software Implementation VAXStation Graphics Architecture VAX-11 DBMS Futures THURSDAY Capacity Planning Study on the VAX-11/780 VAX Systems SIG System Improvement Request VAX Tuning Panel DEC/CMS: A Tutorial To DB Or Not To DB Lets Talk About Training Programs VAX-11 TDMS Technical review Interlisp for the VAX OA Security Panel Productivity and OA New Site Preparation and Environment Workshop Future of Data Dictionaries VAX-11 TDMS Performance Review FRIDAY VAX/VMS System Management Planning Operations in a Mixed DEC Systems Environment VAX Systems Sig Symposia tape User Forum VAX Systems SIG Business Meeting VAX Security in a Commercial Environment 8 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium TECHNICAL These sessions all relate to more technical VAX issues. There will be various levels of technical expertise expected of the audiences. You are advised to read the abstracts before making your final decisions. MONDAY VAX Systems SIG Roadmap VAX System Update VAX/VMS Update VAX Languages and Tools Overview VAX Family Performance Storage Systems: Future Products and Current Needs VAX CI Systems Software VAX Hardware Panel Overview of VAX Languages Environment VMS Internals Working Group Meeting VAX Foreign Devices Working Group Meeting VAX MAGIC TUESDAY Security Mechanisms for VAX/VMS VAX/VMS Organization VAX Security Panel New Mass Storage Architecture on VAX/VMS VAX CI Systems Hardware Disk Systems Performance on VAX/VMS VMS Real-Time Responsiveness VAX/VMS Real-Time working Group Meeting VAX Software Development Tools: Panel VMS Performance Management WEDNESDAY Shareable Images on VMS Shareable Images on VMS for Large Libraries VAX/VMS Utilities Closet VAX-11 DEBUG Futures VAXStaton Software: Implementation VAXStation Graphics Architecture VAX-11 RMS Intermediate tutorial VAX/VMS Shared Images and VAX-11 BASIC VAX/VMS Lock Manager Implementing a DBMS using the 9 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium Lock Manager THURSDAY Capacity Planning Study on VAX-11/780 VAX Systems SIG System Improvement request VAX Tuning Panel Files-11 on VAX/VMS VMS Backup Analyzing Disk Management on VAX/VMS VMS Librarian Advanced Techniques Using DEC/CMS on VAX Advanced Software Clinic VAX Systems SIG Advanced Q & A FRIDAY Introduction to VMS AST and Timer Services Designing and Implenting VAX/VMS Applications for Performance Improving Performance of Applications Packages on VMS: Panel Advanced Techniques Using DEC/MMS VAX Systems SIG Symposia Tape User's Forum VAX System SIG Business Meeting MDL Structure Definition Translator KMCs on VAX Cooperating Processes Using VAX/VMS System Services Alternatives to Mailboxes on VAX/VMS Information Structures Within Mapped Sections on VAX/VMS How to Crash VMS Using CSR and Vector Addresses Tools for Writing VAX/VMS Device Drivers VAX UNIBUSse (Hardware Timing) VAX Security in a Commercial Environment SOFTQUOTA, a Disk Space Management Tool for VAX/VMS 10 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium NOVICE The sessions mentioned here are specifically aimed at the new VAX user the new VAX manager, or those just interested in knowing more about VAX systems. Certainly, you would want to supplement these offerings with more technical presentations, and perhaps with sessions sponsored by other SIGs. MONDAY VAX Systems SIG Roadmap VAX System Update VAX/VMS Update VAX Languages and Tools OVerview VAX Family Performance Software Product Services for New Users VAX/VMS Novice Q & A TUESDAY Introduction to VAX Real-Time Processing VAX Novice Software Clinic WEDNESDAY VAX/VMS Lock Manager VAX/VMS DCL For the New user Customizing the VAX/VMS Environment VAX-11 DEBUG Tutorial Introduction to VMS Command Procedures VAX/VMS Novice RMS and Disk Tuning Novice VAX Configurations Introduction to VAX/VMS System Management: A Tutorial THURSDAY VAX-11 RMS and the Languages VMS BACKUP VMS Librarian Introduction to the VAX/VMS RTL New VAX Commercial User's Panel Advanced Software Clinic VAX Systems SIG Advanced Q & A FRIDAY Introduction to VMS AST and Timer Services VAX Systems SIG Business Meeting SOFTQUOTA, A Disk Space Management Tool for VAX/VMS 11 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium HARDWARE These sessions are oriented toward those who have specific interest in sessions with technical depth on VAX hardware. MONDAY VAX Systems SIG Introduction and Roadmap Storage Systems: Current Products and Future Needs NEW DEC Storace Architecture VAX Family Performance VAX Hardware Panel New Disk technology and Architecture VAX Foreign Devices Working Group TUESDAY Hardware Basics, Disk Devices DECs New Tape Processing Tape Product Announcements New Mass Storage Architecture on VAX/VMS VAX CI Systems hardware WEDNESDAY PDP-11 Front-Ending for VAX and 10/20 THURSDAY Capacity Planning Study on VAX 11/780 Advanced Software Clinic FRIDAY KMCs on VAXes How to Crash VMS with CSR and VECTOR addresses Tools for Witing VAX/VMS Device Drivers VAX Systems SIG Business Meeting VAX UNIBUSes (Hardware Timing) 12 PAGESWAPPER - April 1983 - Volume 4 Number 6 VAX Sessions at the Spring 1983 DECUS Symposium REAL-TIME This includes sessions that are of particular interest to those using, designing and maintaining real-time applications on their VAX. Such users are likely to be interested in sessions sponsored by other SIGs, such as the Hardware/Labs SIG and should therefore consult the Roadmaps of these other SIGs for further sessions. TUESDAY Introduction to VAX Real-Time Processing VMS Real-Time Responsiveness VAX Real-Time Working Group THURSDAY Advanced Software Clinic FRIDAY KMCs on VAX How to Crash VMS With CSR and Vector Addresses Tools for Writing VMS Device Drivers VAX UNIBUSes (Hardware Timing) VAX Systems SIG Business Meeting 13 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report from Europe Report from Europe Software Results Corporation 2887 Silver Drive Columbus, Ohio 43211-1081 March 1, 1983 Dear Larry, Hope you are having fun as editor. I missed your first issue. It was lost in the mails (..or at least that is the usual explanation). The non-receipt of issues appears to be a common problem. This is not the first time "the mails" have eaten my PAGESWAPPER. I stopped in on the UK VAX SIG's meeting in London in February. About 60 people attended a half day meeting centered on DEC Office Automation and DEC cCommunications presentations from DIGITAL employees. All of the slides showed examples using only US cities, a common problem of American companies marketing in foreign markets. The sessions were well appreciated and the speaker for the communications presentation was quite knowledgable. I distributed Cheshire Cat buttons to the group as a gift from the US Chapter. Admission was charged to the meeting (about $8) as a way of deferring costs and no one seemed to mind. the informal discussion was, as usual, the most enlightening. A number of "undocumented features", some of which would seem to be quite useful, were discussed. There are now about 1500 VAXes in the UK and the VAX SIG seems to be generating some real energy. They have decided to go to several meetings a year lasting a full day and located in London. (The Greater London area accounts for the vast bulk of the VAX business.) The next European Symposia will be in Zurich, August 3 through September 2. Call the European DECUS office in Geneva Switzerland for registration information: 011-41-21-93-33-11 (there is a six hour time difference from EST). Alol papers are given in English and the Symposia are small enough to actually be enjoyable. If anyone has a chance of getting to Zurich this summer for the meeting, I urge them to try to attend. The Europeans would love to see more active cooperation with the US Chapter. Sincerely, Jim Ebright VAX SIG Member 14 PAGESWAPPER - April 1983 - Volume 4 Number 6 Using RSX-11M BRU under VAX/VMS Using RSX-11M BRU under VAX/VMS Frank J. Nagy Fermi National Accelerator Laboratory P. O. Box 500 Mail Stop 306 Batavia, IL 60510 1.0 Introduction This article is a description of how one may make use of the RSX-11M Backup and Restore Utility (BRU) under VAX/VMS. It is the result of a bit of experimentation with using BRU and no effort into investigating the internals of BRU. The executable images of BRU are built using the BRU object library and build files from an RSX-11M distribution kit. These files may be found on volume RLUTIL in an RL01/RL02 distribution kit. The task builder command file (BRUBLD.CMD) and the overlay description file (BRUBLD.ODL) were edited to remove the references to the logical devices and explicit UFD usage. For RSX-11M V4.0, these files had to be created by executing the BRUBLD.BLD from a specially created outer command file (to make appropriate definitions for the symbols used in BRUBLD.BLD). For the purposes of experimentation, two bersions of BRU were built and stored as executable images (.EXE files) in SYS$SYSTEM:. These were BRU3 from the RSX-11M V3.2 distribuiton and BRU4 from the RSX-11M V4.0 distribution. The BRU images could be invoked from DCL using the MCR command or by using RUN. Most of the efforts to date have centered arount the V4.0 BRU. 2.0 Reading BRU Tapes The primary objective was to be able to ready BRU tapes on the VAX (such tapes having been written by RSX systems). The goal is to be able to read the RSX SIG tapes on the VAX as all the software development work for our control system RSX-11M systems is done on VAX's. It was found to be possible to read a V4.0 BRU tape on the VAX providing the following restrictions were followed: 1. The input tape must be mounted as a foreign volume (/FOREIGN). 2. The output disk must also be mounted as a foreign volume (/FOREIGN). In this case the logical I/O (LOGIO) privilege appears to be unnecessary. 3. BRU must be told to initialize the output disk volume itself (possibly with a /INITIALIZE in the BRU command line). This must be done even if reading a single UFD 15 PAGESWAPPER - April 1983 - Volume 4 Number 6 Using RSX-11M BRU under VAX/VMS from the tape. In reading from a BRU tape to disk one is restricted to writing to a scratch disk as any other information on the disk is wiped when BRU initializes the volume. BRU will quite happily restore the entire tape or just a single UFD to this scratch disk. Just for clarity, here is what one cannot do with BRU on the VAX. For the most part trying to do one of these in reading a BRU tape will result in a "No privilege" error message from BRU: 1. BRU cannot output to any ODS-2 disk. This includes not being able to output to your current directory using device SY:. 2. BRU will also not allow one to write on an ODS-1 disk that is already initialized (that is you use the /NOINITIALIZE qualifier on the BRU command). This does not work whether the output disk volume is mounted as a Files-11 volume or as a fireign volume (/FOREIGN) and irrespective of the LOGIO privilege. V3.2 BRU The above statements apply to RSX-11M V4.0 BRU only. We have not yet succeeded in using V3.2 BRU to read (a V3.2 BRU) tape to disk as of this time. 3.0 Writing BRU Tapes Although the objective was to be able to ready BRU tapes on the VAX (since our PDP-11's have no tape drives), it was decided to try writing a tape with BRU just for grins. This worked quite well, but once again it is subject to some restrictions: 1. The output tape must be mounted as a foreign volume (/FOREIGN). 2. The input disk can be mounted as foreign in which case the LOGIO privilege was unnecessary. 3. The input disk can also be mounted as a Files-11 volume. In this case the LOGIO privilege is required and the BRU command line must include a /MOUNTED qualifier. 16 PAGESWAPPER - April 1983 - Volume 4 Number 6 Using RSX-11M BRU under VAX/VMS 4. The input disk must be an ODS-1 volume. BRU seems to work equally well whether the entire disk is written to tape or just a single UFD is written. However, BRU is again unable to handle even the current directory of an ODS-2 disk. When V3.2 BRU was used to write a tape, a surprise resulted as writing with V3.2 BRU seems to work just as well as it does for V4.0 BRU. However, the resulting tape was unable to be read back onto a disk so one cannot really be sure about V3.2 BRU. Note that using BRU to list the contents of the tape (with /DIRECTORY) seems to work on the VAX with either the V3.2 or V4.0 BRU. This article has been submitted to the RSX SIG's Multitasker and the VAX System SIG's Pageswapper in an effort to reach both communities of users. System Management Working Group Change of Address I'd appreciate if you would print my change of address in the PAGESWAPPER as head of the System Management Working Group. The new address and phone is: Rodman C. Burr Fidelity Group 82 Devonshire St. PMA Boston, MA 02109 (617) 726-9073 I'm sending a change of address letter to DECUS which will hopefully take care of stuff mailed to me. Thanks. Rod 17 PAGESWAPPER - April 1983 - Volume 4 Number 6 Erasing Files on Delete Erasing Files on Delete C. Douglas Brown Sandia National Laboratories Albuquerque, New Mexico I have heard of several methods for erasing the contents of a file before deleting it, so that its contents will not be available to a clever user that might somehow manage to allocate that disk space and read it. The methods I've heard about that have been implemented to date are as follows: 1. There is an undocumented, unsupported /ERASE qualifier on the DELETE command in standard VMS. It appears to work for a single file but is reported to give funny error message when you attempt wild-carding. Perhaps it wasn't documented because it wasn't quite ready for public comsumption. If you choose to use this feature, please don't complain to DEC if you have problems, as it IS unsupported. 2. Richard Garland mentioned to me at DECUS that he has a program that erases a file before deleting it by mapping the file into a section of virtual memory and over-writing it with zeroes. This technique is elegant and quite efficient but runs into problems for very large files that overflow the user's address space. 3. John Ferguson of E.G.&G. at Los Alamos has a program that erases a file by (1) using the $PARSE service to get the File ID (FID) and Device ID (DID), (2) storing the FID and DID into a File Information Block (FIB), and (3) using QIOs to write blocks of zeroes over the file. The file is then deleted. This technique is also quite efficient and works for arbitrarily large files. The symbol DEL*ETE can be defined to call a command file that runs this image. 4. Dave Jaffee, a DEC software specialist, developed a zero-on-delete capability under contract to Sandia Livermore that we have adapted for use in Albuquerque as well. It consists of a patch to the Files-11 ACP that sends a message to a special detached process ZERONDEAL when a file having certain characteristics (e.g., sensitive) is deleted. This process, which is modeled after the bad block scanner in VMS, uses QIOs to overwrite the file with zeroes. When the file is erased, the process sets a flag and calls the ACP to perform the actual deletion of the file. The advantage of this approach to erasing files is that it does not 18 PAGESWAPPER - April 1983 - Volume 4 Number 6 Erasing Files on Delete depend upon the user and cannot be circumvented. The disadvantage is that it requires patching the operating system. 19 PAGESWAPPER - April 1983 - Volume 4 Number 6 Limited Privileges for Programs Limited Privileges for Programs Morris B. Pearl United Telecom Computer Group, Philadelphia, Pennsylvania The SEED product is a database management system, which includes a large set of user callable procedures. We have traditionally distributed it as a standard object module library (from which a shareable image is made). Recently it became necessary for one of these procedures to create a detached process. This would normally require either that the users all have DETACH privilege, or that their programs be installed with that privilege after being linked. We considered another option which involved creating a subprocess to run a special image which was installed with the DETACH privilege, but all of these options are inconvenient for the end users. The solution of choice is a protected shareable image. That allows any routine in our library to issue a CHange Mode Kernel instruction which will transfer control to one of our routines IN KERNEL MODE. In order to maintain security, VMS requires any shareable image which does this to be installed with the /PROTECT switch. The mechanics are fairly simple. The image must include a psect containing eight long words, as follows: .PSECT DB_USER_SERVICES,PAGE,VEC,PIC,NOWRT,EXE .LONG PLV$C_TYP_CMOD ; Set type of vector to change mode dispatcher .LONG SYS$K_VERSION ; Identify system version .LONG KERNEL_DISPATCH-. ; Offset to kernel mode dispatcher .LONG 0 ; Offset to executive mode dispatcher .LONG USER_RUNDOWN-. ; Offset to user rundown service .LONG 0 ; Reserved. .LONG 0 ; No RMS dispatcher .LONG 0 ; Address check - PIC image Kernel_dispatch is the name of the routine to which control is actually passed in kernel mode, user_rundown is the name of a routine which is called when the image is finally run down. Each is called with a JSB instruction. The dispatch routine should return with a RSB instruction if VMS should look for another handler, and a RET instruction if it handles the call. When the dispatcher is called, register 0 will have the value of the argument to the CHMK instruction, and register 4 will have the address of the PCB. The routine which runs in kernel mode should carefully check all of the arguments (making liberal use of the PROBE instructions) to prevent accidently attempting to access an inappropriate 20 PAGESWAPPER - April 1983 - Volume 4 Number 6 Limited Privileges for Programs address. Any exception in kernel mode will generally cause VMS to crash with a fatal bugcheck. If it is desired to use any system services which usually require privileges, the appropriate privileges must be enabled, and then disabled before returning to user mode code. From kernel mode, the $SETPRV service may be called to set any privilege. I have some macro's to set privileges, and then unset only those which were not already set: ; ; privbegin macro used to set privs, and leave in r11 pointer ; to quadword of priv bits which need to be disabled ; before returning ; .macro privbegin loprivs,hiprivs=#0 pushl hiprivs pushl loprivs movl sp,r11 ; privs to be added clrq -(sp) movl sp,r1 ; old priv mask $setprv_s enbflg=#1,prvadr=(r11),prvprv=(r1) bicl (sp)+,(r11) ; clear any bits that were already set bicl (sp)+,4(r11) .endm ; ; privend clears priv bits using quadword mask pointer left ; in r11 by privbegin macro ; .macro privend $setprv_s prvadr=(r11) ; disable the privs that were ; not on when we started .endm Typical calls are: privbegin #<1@prv$v_world> ; set world privilege : ; do things requiring : ; world privilege : privend ; restore privileges Debugging a protected shareable image cannot be done with the normal debugger, because the code is protected from user or supervisory mode access. You must either code very carefully, or use the DELTA debugger (which is described in the guide to writing device drivers). To access the DELTA debugger, assign the logical name lib$debug to sys$library:delta.exe To get started, examine the location 7ffeff18 (the value of the symbol ctl$gl_usrchmk) and you should see the JSB instruction which calls your code (from which you can figure out where your code has been loaded). 21 PAGESWAPPER - April 1983 - Volume 4 Number 6 Limited Privileges for Programs There is an example program in sys$examples:ussdisp.mar, including more documentation, and explanation. This is also explained in the VAX/VMS Internals and Data Structures manual (aa-k785a-te). VMS Login Security C. Douglas Brown Sandia National Laboratories Albuquerque, New Mexico In this section I will discuss a collection of techniques that are being used both here and elsewhere during the VMS login procedure to enhance VMS security. These techniques generally operate with one of three different objectives: (1) adding additional conditions for a successful login, (2) detecting repeated unsuccessful attempts to login, and (3) providing an audit trail to the user and/or system manager of successful logins. Some of the techniques that I have heard of are as follows: 1. A preprocessor can be added to the VMS login procedure. This may be implemented as a privileged detached process that allocates all terminals and hangs a read on them to detect when someone is trying to login. It may then prompt the user for his name and password, check them for validity, make an entry in a log file, perhaps even verify that the terminal from which the login is originating, and then activate LOGINOUT.EXE to enter the system login procedure. Such a process has the opportunity to keep a count of unsuccessful logins for each user and/or terminal and to disable accounts or terminals when a threshhold is exceeded. One problem with such an approach is that the capability for autobaud must be built into the login preprocessor, or else the autobaud capability must be dispensed with. Cal Page described a login pre-processor in his session at DECUS. 2. A post-processor may be added to the system-wide LOGIN.COM file by simply running a privileged image in the user's context after he is logged in. Such a program could do a second password validation and/or check to see that the terminal from which the user is logging in is appropriate. At Sandia we have such a post-processor that validates the user's classification level against his terminal. It also keeps track of the time and date of the last successful login for each 22 PAGESWAPPER - April 1983 - Volume 4 Number 6 VMS Login Security user and informs the user of that time/date at the subsequent login. Steve Tihor of NYU has a post-processor that is described elsewhere in this Pageswapper issue. 3. The LOGINOUT.EXE image may be patched to do some extra checking. At Sandia we have a patch that counts the number of unsuccessful logins and disables the account if the count exceeds a threshhold. The post-processor image mentioned above informs the user, during a successful login, of the number of unsuccessful login attempts since his last successful login. In the event that an account becomes disabled, a special image is provided for the system manager to use to clear the counter and reenable the account. Another variation on this theme was implemented against VMS 2 by Clayton Benignus with MATSCO/GE at the Johnson Spacecraft Center in Houston. His patch to LOGINOUT sent a message to a detached process that kept a counter for each account. This process would then send a message to the operator if the number of unsuccessful logins exceeded a given threshhold per unit time. 23 PAGESWAPPER - April 1983 - Volume 4 Number 6 Privileged Operations from Captive Accounts Privileged Operations from Captive Accounts Bill Doctor Strategic Information, Burlington, Massachusetts The VAX supplies a very nice facility by which a system manager can create privileged user accounts that can perform specified tasks but yet never allow the user to reach the DCL "$" prompt. Thus, the system manager can insure tight security with these "captive" accounts while allowing users to do privileged functions that do not always need system manager expertise. Such a secure environment for a user account can be achieved by: 1) setting the captive flag in the UAF for the account, 2) writing a special login.com procedure to perform the specified task (needs to be made idiot- proof), and 3) using the LGICMD qualifier in the UAF record to execute the special login command procedure immediately at login. What follows is an example of a captive account with ALLSPOOL, LOGIO, WORLD, and OPER privileges called PRINTERD5. Its sole purpose is to allow a user at a remote site to spool and unspool an LA120 that is used as a printer and a terminal. The UAF entry for this account is: Username: PRINTERD5 Owner: TTD5 OWNER Account: 1605.001 UIC: [103,001] CLI: DCL LGICMD: MIS:[PRINTERD5]LOGIN Default Device: MIS: Default Directory: [PRINTERD5] Login Flags: CAPTIVE Primary days: Mon Tue Wed Thu Fri Sat Sun Secondary days: No hourly restrictions PRIO: 4 BYTLM: 6144 BIOLM: 6 PRCLM: 4 PBYTLM: 0 DIOLM: 6 ASTLM: 10 WSDEFAULT: 512 FILLM: 20 ENQLM: 50 WSQUOTA: 1024 SHRFILLM: 20 TQELM: 10 WSEXTENT: 2048 CPU: no limit MAXJOBS: 0 MAXACCTJOBS: 0 PGFLQUOTA: 10240 Privileges: ALLSPOOL LOG_IO TMPMBX WORLD OPER NETMBX When the user logs in to PRINTERD5, he is immediately locked into a specially written login command procedure since the LGICMD qualifier in the UAF is set to MIS:[PRINTERD5]LOGIN. The captive flag in the UAF record is set to disable the following: 1) Y interrupts, 2) the use of SET PASSWORD command (which is not applicable in this example since the user never reaches DCL), and 3) the specification of a default DISK, CLI, and COMMAND at the username prompt. The custom-made login command 24 PAGESWAPPER - April 1983 - Volume 4 Number 6 Privileged Operations from Captive Accounts procedure for this account is included at the end of this article. The user is presented with a menu of functions that controls his printer/terminal in a bullet-proof yet friendly environment. The only way to exit the menu is by selecting the exit function which in turn executes the DCL logout command. Thus, the user is never allowed to reach DCL with the privileges associated with the account. From login to logout his actions are completely controlled by this captive account. Captive accounts have also been used to allow operators to submit and restart system backups, perform file restores from backup tapes, and start and restart privileged system processes. Many other tasks lend themselves to the use of captive accounts. The custom-made command procedure: $ set nocontrol_y $start: $ type sys$input Functions: 1 -- Set TTD5 up as terminal 2 -- Set TTD5 as spooled printer (Forms_Type = 0 and starts queue) 3 -- Set TTD5 queue with Forms_Type = 1 (and starts queue) 4 -- ReSet TTD5 queue with Forms_Type = 0 (and starts queue) 5 -- Stop queue TTD5 (stop/que/next) 6 -- Pause queue TTD5 (stop/que) 7 -- Start queue TTD5 8 -- Delete job from TTD5 print queue 9 -- Requeue currently printing job from TTD5 print queue 10 -- Show queue TTD5 11 -- Show term TTD5 12 -- Exit $ eod $ inquire function "What function?" $ if function .eq. 1 then goto setterm $ if function .eq. 2 then goto setprint $ if function .eq. 3 then goto f1 $ if function .eq. 4 then goto f0 $ if function .eq. 5 then goto stopq $ if function .eq. 6 then goto pauseq $ if function .eq. 7 then goto startq $ if function .eq. 8 then goto del $ if function .eq. 9 then goto reque $ if function .eq. 10 then goto shoque $ if function .eq. 11 then goto shoterm $ if function .eq. 12 then goto out $ write sys$output "Invalid choice, try again!" $ goto start $setterm: 25 PAGESWAPPER - April 1983 - Volume 4 Number 6 Privileged Operations from Captive Accounts $ On error then continue $ Stop/queue/next TTD5 $ Set device/nospool TTD5 $ Set term TTD5:/perm/vt100/speed=4800/pag=24/wid=80/- broadcast/echo/hostsync/tab $ goto start $setprint: $ On error then continue $ Set term TTD5:/perm/unknown/speed=4800/pag=66/wid=132/nobroad/form/- nohostsync/noautobaud/nohangup/notab $ Set device/spooled=TTD5 TTD5 $ On error then continue $ Start/que/burst TTD5: $ If $status then goto start $ On error then continue $ Init/que/flag/burst/noenable_generic/terminal TTD5: $ On error then continue $ Start/que/burst TTD5: $ goto start $f1: $ On error then continue $ Stop/que/next TTD5: $ Start/que/burst/forms=1 TTD5: $ goto start $f0: $ On error then continue $ Stop/que/next TTD5: $ Start/que/burst/forms=0 TTD5: $ goto start $stopq: $ On error then continue $ Stop/que/next TTD5: $ goto start $pauseq: $ On error then continue $ stop/queue TTD5: $ goto start $startq: $ On error then continue $ Start/que TTD5: $ goto start $del: $ On error then continue $ Inquire ent "What is the job number?" $ Delete/entry='ent' TTD5: $ goto start $reque: $ On error then continue $ Stop/queue/requeue TTD5: $ goto start $shoque: $ On error then continue $ Show/que/f/a TTD5: $ goto start 26 PAGESWAPPER - April 1983 - Volume 4 Number 6 Privileged Operations from Captive Accounts $shoterm: $ On error then continue $ Show term TTD5: $ goto start $out: $ logout Report on Security Sessions at the Fall '82 DECUS Symposium C. Douglas Brown, Chairman VAX Security Working Group The Fall '82 DECUS Symposium was the best ever, as far as security sessions were concerned. The only security session that didn't overflow the room was the one given by DEC on future VMS security features, and it was in the BIG room at 5:30 p.m. Not only were the users interested in security, but DEC showed a greater interest in security than ever before. It appears that we can expect major security features in VMS 4.0 (although DEC just said they would be in a subsequent major release). Now for a breakdown on the sessions. The VAX Security Working Group Meeting ___ ___ ________ _______ _____ _______ The working group meeting was so well attended that we had to find a larger room to hold the crowd. Several interesting bits of information came up at the meeting that I would like to pass on. 1. Images that are installed with privileges should be linked with the /NOTRACE qualifier to prevent running them with the debugger. (Also, Andy Goldstein recommended in an earlier DECUS linking images this way to enforce the execute-only protection.) 2. Larry Kilgallen has a patch to SET PASSWORD to restrict the minimum password length, which is zero on the standard VMS system. 3. Steve Tihor tries to keep his users honest on their passwords by running a program periodically that attempts to guess passwords, under the assumption that if the password can be guessed, it's not good enough. 27 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report on Security Sessions at the Fall '82 DECUS Symposium 4. We have completed a set of security patches and utilites at Sandia National Labs that we hope will allow us to operate VMS in a multi- level secure environment. Several features may be of use to non- government installations, such as blacklisting user accounts after N consecutive logins and notifying each user of the time/date of his last login. One of the really hot items discussed in the meeting was the new DECnet proxy login facility that is present and unsupported in VMS 3.0. This feature allows a system manager to enter proxy accounts into a NETUAF.DAT file with commands of the form ADD/PROXY rmtnode::rmtusername localusername Then when the user who is logged into node "rmtnode" under the account "rmtusername" attempts a DECnet access to the local node, he will be mapped into the account "localusername" on the local node. This feature allows a user to access files on other nodes without having to (1) specify an access control string (including a password) or (2) make the files world readable for access via the network non-privileged account. Proxys can be used to eliminate the need for the NETNONPRIV accounts entirely. Both Larry Kilgallen and I had figured out how to turn on and use proxy logins, but we didn't want to encourage use of them by publishing a "how to" document, because proxys are currently unsupported by DEC. It would be counter-productive to have lots of users trying proxy logins and complaining to DEC. (They might not tell us about such features again.) Larry has developed a patch that allows wild-carded usernames to be specified when adding proxys. At Sandia we have developed a patch that forces proxys to be used by disallowing access control strings. Presently, proxy logins appear to be working well, and I am looking forward to the day when DEC documents and supports them. Maintaining VAX/VMS Security ___________ _______ ________ Cal Page, a consultant who specializes in DEC software in general and VMS security in particular, gave a very interesting and informative talk on VMS security. He suggested that there are three steps in the penetration of a system: (1) probing, in which the penetrator is trying to find a weak spot in the system, (2) the primary attack, in which the penetrator finds a hole in the system and installs a back door or two, and (3) the secondary attach, in which data is stolen, modified, or destroyed. Obviously, then, it is desirable to detect the penetrator in the probing phase, assuming you have taken all the reasonable steps possible to close any holes. Cal then listed several things that could be done to protect the system. 28 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report on Security Sessions at the Fall '82 DECUS Symposium 1. Give only TMPMBX privilege to normal users. 2. Run a scanner program in the background that periodically wakes up and checks to see whether certain user processes have privileges that they should not have. Such processes could be STOPed, or a message could just be logged on the operator's console. 3. Run a detached process that allocates all unused terminals and does an initial user validation before turning the process over to LOGINOUT for the actual login. This adds another level of security to the login. It does create problems with AUTOBAUD, however. (Ed. Note: there are many other variations on this theme, including checks that are done in the system-wide LOGIN.COM file. -CDB) 4. Perform a checksum of all important system files, save the checksums in off-line storage, and perform similar checksums at later dates to see whether anyone has surreptitiously modified the system. 5. Disable the FIELD service account when it is not in use, and disable user accounts at night and on weekends whenever practical. 6. Encrypt sensitive files. 7. Keep at least two backup sets. Cal called this a father/grandfather backup. (This is just a common sense procedure, but some people don't do it.) On the same note, never align all your tape and/or disk drives at one time. 8. If your VMS system gets penetrated, the only safe approach to resecuring your system is to rebuild it from the VMS installation and update kits. 9. Maintain tight control over access to hardware, including CPU, system console, and terminal interfaces. 10. Set TTYPROT and TTYOWNER to keep users from allocating terminals and simulating the login process. 11. Audit system logical names and protection codes on sensitive system files to make sure they are set properly. 12. Read Chapter 3 of the System Management and Operations Guide entitled "UIC-BASED PROTECTION" for helpful guidelines from DEC on increasing the security of your system. 29 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report on Security Sessions at the Fall '82 DECUS Symposium Cal Page has developed a set of security packages for VMS and a security newsletter that are available commercially. If you are interested, you may contact Cal at Page Computer, Inc., Mass. Ave., Harvard MA 01451, or phone (617) 456-8689. A Virtual Encryption Disk Driver _ _______ __________ ____ ______ Larry Robertson of Bear Computer Systems talked about a virtual encryption disk driver that has been developed for the VAX/VMS system. A virtual device driver is a driver for a pseudo-device that accepts user QIO requests, processes them in some manner, and then calls another device driver. The processing performed by a virtual device driver may be encryption, data compression, nothing, etc., and is transparent to the user program. In his talk, Larry was discussing a virtual disk driver that would perform one of several types of encryption (including hooks for a user-supplied algorithm) on the data before writing it to the physical disk. For the sake of system performance, the encryption is performed at program level (by an ACP, I think) and paging I/O is used to access the physical disk. The virtual disk may be contained in a single file on the physical disk. Some advantages of Larry's virtual encryption disk are as follows: 1. It provides some measure of protection against privileged users. 2. Data is protected even when on a backup tape. 3. Access control lists are available on the virtual disk. 4. A special secure handshake is used for specifying the encryption key. 5. Multiple virtual disks with different degrees of protection (e.g. secret and confidential) may coexist on one physical disk. If you have further questions about this product, you may write Midcom Corporation, 1940 N. Tustin, Suite 117, Orange, CA 92665, or phone (714) 998-6070. Security Issues in VMS Access Control ________ ______ __ ___ ______ _______ This session, which might have been more appropriately titled "VMS Security Futures", was presented by Gerry Smith of VMS Development. She discussed DECs ideas for implementing Access Control Lists (ACLs) and non-discretionary access controls in a future release of VMS. One of the purposes for the session was 30 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report on Security Sessions at the Fall '82 DECUS Symposium to give the users a chance to give some feedback to DEC on their design, and the session was certainly successful from that standpoint! Better than half of the hour was taken up with comments and questions from the floor. Access Control Lists will be based up the concept of an Identifier, which is roughly speaking a generalization of the UIC. Identifiers are 32-bit numbers that are associated one-to-one with alphanumeric names. These names are global across the system, and there will be a system service to allocate an Identifier and associate it with a user-specified name. There were numerous objections raised from the floor over the fact that Identifiers, unlike logical names, will not be organized in some hierarchical structure. If one user associates a particular name with an Identifier, then no other user can define an Identifier with that same name. An Access Rights List is to be associated with each agent (e.g., process) in the system and consists of a list of Identifiers that the agent possesses. This may be viewed as an extension of the "group" concept, since the same Identifier may be possessed by a group of people (or just a single individual). In fact, a user may possess several Identifiers, which might have the effect of placing him in several overlapping groups. The null Access Rights List degenerates to the current VMS protection scheme, in which a user's only Identifier is the UIC. An Access Control List may be associated with each object in the system (e.g., a file) and consists of a list of Identifiers that may access the object, along with the access rights of each Identifier to the object (e.g., RWED or Owner). Note that the "Owner" is a new attribute and gives users possessing that Identifier the right to change the Access Control List. A null ACL is equivalent to the current VMS protection scheme in which only the protection codes are used to determine access to a file. In fact, the ACL is checked only if the protection code check fails, and the ACL entries may only specified accesses that will be PERMITTED. Several persons commented at the session that they would like to be able to specify Identifiers that should be DENIED access, but Gerry indicated that it would not be possible to do that under the current design. (Ed. note: I can certainly understand why one would want to ignore the ACL if the protection codes allow access, because that is much more efficient, but I am not totally clear on the reason why ACLs of the form "A and not B" will not be permitted. However, I'm sure the design choice was not made capriciously.) In order to support non-discretionary access controls, DEC is planning to include fields in a number of system data structures (e.g., the PCB, UCB, File Header) to define a security level and integrity level for each object (file) and agent (process) in the system. Security levels are intended to control the DISCLOSURE of information, whereas integrity levels are intended to control the MODIFICATION of data. Thus a process must be at 31 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report on Security Sessions at the Fall '82 DECUS Symposium a security level greater than or equal to the security level of a file in order to read it and must be at a security level less than or equal to the security level of a file in order to write it. Conversely, a process must be at an integrity level greater than or equal to the integrity level of a file in order to write it and must be at an integrity level less than or equal to the integrity level of a file in order to read it. Of course, a system manager may choose to have only one security and integrity level in his VMS system and everything will appear to operate just as it does today. The protection check routine that enforces security and integrity levels will be implemented as a system service, with internal entry points for use by the VMS executive. This routine will be loadable by the system manager, so that a site may choose a different security/integrity policy than the default. (Ed. Note: Such non-discretionary access controls are already familiar to many of us in the government community, but they can also have useful applications in the commercial environment. For example, one may define certain corporate data bases to be at a high security and integrity level so that they can be neither read nor modified by users at a lower level, even if the Access Control List is accidentally or intentionally modified.) Some of the Questions and Answers at the end of Gerry's session were as follows: 1. Q: Will users be able to use the above access control mechanisms for their own objects? A: Yes. 2. Q: Will these access controls be applied to volumes? A: Yes. 3. Q: Will the extended UIC (14-bit group number and 16-bit member number) work with RSX compatibility mode programs. A: No, we had to sacrifice some compatibility for the enhanced capability. 4. Q: Will I be able log file accesses? A: There might be an ACL entry to turn on logging for a file. 5. Q: How much residual information is left in memory when it is allocated by a user. A: Physical pages are zeroed before you get them. Pool probably is, but stack space is not zeroed. 6. Q: Will there be more privilege bits associated with security in the future VMS? A: Yes, there will be privileges that allow a user to create Identifiers using the new system service. 32 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report on Security Sessions at the Fall '82 DECUS Symposium 7. Q: Will Identifier names be qualified by process or group? A: No. 8. Q: Will I be able to specify combinations of Identifiers in the ACLs? A: Yes, you will be able to AND and OR Identifiers, but negation (denial of access) will not be allowed. 9. Q: Will I be able to install an image at a given security and integrity level? A: Noted. 10. Q: Won't UICs greater than 12 bits cause problem with ANSI tapes? A: Noted. 11. Q: Will Identifiers be recognized across DECnet nodes? I would like a way to coordinate them across my network. A: There will be guidelines for setting up cooperating nodes, which will be especially important for clustered machines sharing file. IDs will not be unique across DECnet nodes in the general case. One must ship the entire Access Rights Block across DECnet to do security properly, and we might do that some day. (Ed. Note: DECnet Proxys allow the receiving node of a DECnet request to map a remote username into a username on the local node. This proxy account on the local node could be given the Identifiers necessary to access the desired files on the local node. It's hard for me to see how Identifiers could be coordinated across DECnet, when machines are often hooked up after both machines have been running independently for some time, with no prior attempt to coordinate anything! -CDB) 12. Q: Will there be a way to put out special headers on printer listings, perhaps using the security and integrity level to determine the text of the header? A: The print symbiont is currently being rewritten. Users will find much more flexibility in tailoring the symbiont to their environment. It will be much easier to get special listing headers than it is now. General Comments _______ ________ The following bits of information were picked up in the SIR session and various other places: 33 PAGESWAPPER - April 1983 - Volume 4 Number 6 Report on Security Sessions at the Fall '82 DECUS Symposium 1. The SIR which was ranked No. 3 in the balloting was a request to have the protection codes for the new version of a file defaulted to the protection codes of the previous version (if any). DEC responded that this feature would be forthcoming in a future major release (4.0?) and that it would encompass all of the protection attributes of a file (undoubtedly an allusion to the Access Control Lists). 2. The No. 6 ranked SIR was a request for an Access Control List mechanism. DEC responded that it would be forthcoming in a future major release of VMS (presumably 4.0). 3. There will be a special security manual for VMS at release 4.0. 4. There will be a capability to log file accesses in varying degrees under control of the system manager. (Ed. Note: I am not sure whether this is just a generalization of the logging that will be available with ACLs or whether it will be a different feature. -CDB) 5. Image mode accounting can be used to generate a rather extensive log of user activity (if you have the disk space for it). It is enabled with the SET ACCOUNTING/ENABLE=IMAGE command. 6. The DECnet log files (e.g., FAL.LOG) can be examined to see what kinds of things are being down by your users over DECnet. 7. DEC has been working with DOD on the requirements for a secure system, so it should be reasonable to expect DOD to approve VMS for operation in a secure environment when the above enhancements are released by DEC. INPUT/OUTPUT A SIG Information Interchange A form for INPUT/OUTPUT submissions is available at the back of the issue. 34 PAGESWAPPER - April 1983 - Volume 4 Number 6 INPUT/OUTPUT INPUT/OUTPUT 118 Caption: Xerox 9700 to VAX Message: I have heard that there is a VAX installation somewhere on the West coast that has put a XEROX 9700 on line to their installation. Xerox is reluctant to identify the account as they support only an IBM interface. We have a similar requirement and would like to be put in touch with anyone that knows of, or is working on, an on-line interface to either an XEROX 9700 or 8700. Contact: J. Bradley Flippin Raytheon Service Company 2341 Jefferson Davis Highway ( 1200) Arlington, Virginia 22202 (703) 685-2200 Date: February 25, 1983 INPUT/OUTPUT 119 Caption: PCDRIVER for V3 wanted Message:We are using the PCDRIVER for V1.6 distributed through DECUS. No problem to modify the driver for V2, we just followed the instructions from the release notes. According to the V3 release notes, no further modifications should be required, just a rebuild. However, the driver occasionally crashes the system. Can anybody help us with a PCDRIVER modified for V3? Contact: Svein Viken A/S GEOTEAM P.O. Box 102 N-1321 Stabekk, Norway Telephone: 47 2 12 37 90 Date: March 7, 1983 INPUT/OUTPUT 120 Caption: VAX COBOL Program Generator for Sale Message: End user wishes to sell his license to VAX COBOL code generator. Will develop screens, reports, sorts, graphs and menus from a common dictionary. Full vendor support with license transfer including 800 number for technical help. Price negotiable. 35 PAGESWAPPER - April 1983 - Volume 4 Number 6 INPUT/OUTPUT Contact: Ron Tenny George W. Tenny Company, Incorporated 3721 Scottsville Road, Box A Scottsville, NY 14546 800-462-1722 (in New York) 800-828-6531 (outside New York) Date: March 16, 1983 INPUT/OUTPUT 121 Caption: Tape archive system for VMS - RESPONSE TO I/O 99 Message: SI-ARCHIVE is an archive and retrieval package (available for VAX/VMS systems, 3.0 or higher) for storing seldom accessed files on magnetic tape. The system maintains an on-line directory of files archived for each user and provides capabilities for retrieving and/or deleting files from archive storage. SI-ARCHIVE includes an automatic archive option to allow system managers to move disk files onto tape. The system manager can choose the algorithm for migrating files. Contact: William J. Nally Strategic Information 80 Blanchard Street Burlington, MA 01803 617-273-5500 Date: March 23, 1983 INPUT/OUTPUT 122 Caption: Disk Accounting - RESPONSE TO I/O 112 Message: If disk quotas are implemented, it is a simple program (less than 30 lines of FORTRAN) to read the quota file ([000000]QUOTA.SYS), then using information from this file, the UIC in particular, you can read SYS$SYSTEM:SYSUAF.DAT to get any other information you might need. The quota file is an unformatted file with each record containing the following information: a four byte flag, a four byte UIC and a four byte usage count. If the flag is equal to one the record is an active record, if it is equal to zero, it should be ignored. A note of warning, both QUOTA.SYS and SYSUAF.DAT MUST be opened Read-only and shared or serious problems are likely. 36 PAGESWAPPER - April 1983 - Volume 4 Number 6 INPUT/OUTPUT Editor's Note The full record format is shown in Figure 2-9 (page 2-33) of the VAX/VMS I/O User's Guide Volume 1 (AA-M540A-TE). Reading the records from the file is only guaranteed to produce proper results, however, in the case of a disk which has been (properly) dismounted. For mounted disks, the file system can have more recent quota information cached in memory. A more reliable method of gathering disk quota information is to use the examine quota QIO function outlined in section 2.6.7.4 of that manual. It also has considerably lower chance of breaking when DEC introduces successive VMS versions n.0, n1.0, etc. -LJK Contact: Bruce Bowler General Electric 1 River Road B2-613 Schenectady, NY 12345 518-385-0928 Date: March 16, 1983 INPUT/OUTPUT 123 Caption: XPL Compiler Message: I am looking for an XPL compiler hosted on a VAX-11/780 or any other DEC machine. Free or for fee, any information would be of great help. Contact: Louis J. Romero Singer-Kearfott MS 12B38 Wayne, NJ 07470 (201) 785-6329 Date: March 22, 1983 37 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session Spring '82 DECUS VAX SIG Advanced Q & A session Spring 1982 DECUS Symposium, Atlanta Georgia Spring 1982 DECUS Symposium, Atlanta Georgia Advanced Q & A session Advanced Q & A session Compiled by Richard Garland, Columbia University Chemistry Dept. member of the VAX SIG VMS internals working group. (note: I have tried to capture the spirit of the meeting as well as the content of each question. - RG) The panel consisted of various DEC developers and a few hardware people from DEC. The session went from about 8:00 PM till about 11:30 PM, Thursday night. Chairman was Doug Wilson, from MIT JCF. An announcement was made that 11/780 systems with TM03 tape formatters (used by TE16, TE45, and TE77 tape drives) will require ECO # M8909YA-R-0006 for proper operation of VMS V3.0 software. Check with your local field service representative. The session started with a humorous story on the confusion of a new system manager read by Ben Schreiber and Larry Kenah of DEC and Doug Wilson of MIT JCF. The cofusion arose from the fact that one must INSTALL a system using VMSUPDATE and UPDATE a system using VMSINSTALL. Also one uses SYSGEN after the system is already GENERATEd and CONFIGUREs a system before AUTOCONFIGURE is done. After this the serious stuff began (sic). _____ Q: Did you solve the restart problem? (power-fail restart on __ the 11/780) A: Yes. If you don't have an RP07 or RM05 the problems are __ fixed by CONSOL.SYS version 7.0 and WCS 123 (on floppy) - get it from local field service. If you do have an RP07 or RM05 the problem was in the DRDRIVER (part of VMS system) which was fixed in V2.5 maintenance update to VMS. WCS 123 is 11/780 hardware rev 6. _____ Q: You cannot get RDC support with 11/780 hardware rev 7. __ A: I said hardware rev 6 not 7, CONSOL.SYS ver 7.0. __ _____ 38 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session Q: We have 2 VAX's, 1 running UNIX the other VMS. (laughter) __ We have dual ported disk drives connected to both systems. (more laughter) We have FILEX type utilities for each system to read the other's file system. The problem is to keep VMS from writing on the UNIX disk, i.e. we want VMS to see the UNIX disk as READ- ONLY for everyone. What MOUNT command do we put in SYSTARTUP.COM? MOUNT/FOREIGN/SYSTEM does not seem to work. A: Use MOUNT/FOREIGN/SYSTEM/PROTECTION=(S:RWLP) just as you __ would if you mount the CONSOLE disk. Can also MOUNT/FOREIGN/NOWRITE. If it's mounted /SYSTEM, an unprivileged user will not be able to DISMOUNT it. (comment from chair: "fixed in a future major release of UNIX") (laughter) _____ Q: For reading the other way, i.e. UNIX reading the VMS disk, __ we are worried we might be screwed by buffer caching: is it true that caching applies only to files that are currently open? A: Yes. If you have full disk caching in affect, the only __ thing that will be inconsistant when viewed from the othe side will be the storage bitmap and the index bitmap which presumably you are not interested in: the file header is forced out when the file is closed and the directories are always updated immediately. _____ Q: I missed the session on the AME and I was wondering how can __ I run VMS as a task under RSX? (laughter) (comment from chair: we already had the magic session.) The real question is what is the status of the AME under VMS V3.0? Is it V4.0 of RSX? A: The VMS V3.0 AME is equivalent to RSX V3.2. (Comment from __ floor: "The RSX developers said VMS V3.0 AME supported RSX V4.0 task builder and the associated SYSLIB"). Yes, the RSX utilities shipped with VMS V3.0 are the same as those on RSX V4.0, but the AME which has the RSX directive emulation is at the RSX V3.2 level, as is the MCR interpreter. _____ Q: I have a DMR11, 2 DUP11's, 10 DZ11's and an LP interface all __ on one UNIBUS. (laughter, amazement) Occasionally a user will say "my terminal is dead" (more laughter) and I find one of the DZ's has dissapeared and the only way to find it is to reboot. A: You have more than 18 UNIBUS loads which is the maximum __ supported on a UNIBUS. I once tried it with 22 and it didn't make it very well. Buy another UNIBUS. You could also just power OFF/ON the UNIBUS box (BA11K) instead of rebooting. (user: "If I do that the system crashes.") You may have the wrong UNIBUS terminator - the system shouldn't crash, if it does 39 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session you should complain to field service. _____ Q: TSC referred me to DECUS and said the panel could solve this __ problem. (laughter) Our batch jobs run at priority 3. If several users submit batch jobs at the same time, the batch jobs lock up with UIC [10,40]. Everything after that will also lock up until the machine become idle. A: The SYSUAF file is an ISAM file; when you open it at LOGIN __ time the whole file is locked until a finer lock can be gotten. You have a classic resource problem where a low priority job is blocking a resource which it can't release since it in turn is blocked by a higher priority job. In version 3.0 we have something which every-so-often gives low priority jobs a priority boost to get stuck jobs going. This will then free up the system. They get boosted to the CUR job's priority, so they will then execute immediately. You can also boost them by hand (SET PROCESS/ID=nnn/PRIO=p) if you see what is happening. _____ Q: We want to lower priority and then raise it back to the base __ login priority without privilege. A: Implemented in V3.0. __ _____ Q: Using VT100 in 132 column mode, DIRECTORY prints only 4 __ columns whereas it could print 6. A: DIRECTORY does not check the width of the terminal screen. __ We'll try to fix it in a future release. You could also use a command procedure which both SET TERM/WID=132 and defined DIR:== DIRECTORY/COL=6 and then another one to set it back. _____ Q: In the device driver manual it says do not use system __ service calls in drivers. There are times when they would be handy to use. What is the rational for this restriction and will it ever be lifted? Particularly in the FDT routines. A: Absolutely not and never. A driver is executing as a fork __ process and system services assume process context. There is just no way this could work. (user: "the reason I asked is that we have been doing it for about a year and a half: (laughter) when we call the FDT routine, we lower the IPL to 0 and execute the system service without trouble, can we continue this practice?" (more laughter)) Did you say in your FDT routine you lowered IPL from 2 to 0 ? (incredulously) (user: "yes") You have been extremely lucky because you have broken 40 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session synchronization. You could be deleted in the middle of the FDT routine. Even though technically the FDT routine is in process context, the IPL=2 normally prevents AST delivery among other things. Also any POOL you have would be lost if you were deleted. _____ Q: We have GANDALF port selectors. If the UNIBUS gets a power __ glitch it does an INIT and when things come back you may be connected to another process. A: The problem is not in the GANDALF but in the driver __ power-fail logic. It is fixed in V3.0. _____ Q: We wrote our own terminal driver built on system routines __ used by the VMS driver such as TTYSUB. Will it still work? Can I incorporate the new driver class/device structure? A: I can't respond exactly, but if you could figure out how to __ interract with the version 2 terminal driver, you should find things considerably easier to interract with the version 3 driver. _____ Q: In version 2 when you INSTALL an image, file protection for __ that image goes away. If a .EXE file with no world access is INSTALLED anyone can now run that image. A: Nothing in this area is changed in V3.0. Many users __ consider this a feature not a bug. We will consider making INSTALL more flexible in the future. (user: "I'm dealing with sensitive data") Don't install it then. Use a user written system service to do the privileged things. The problem is only if the image is INSTALLED /OPEN. You can install it with privilege but not /OPEN. This is true only on the system disk. On other disks everything is considered /OPEN. Move your image to the system disk. _____ Q: I also crashed the system by turning the UNIBUS box OFF/ON, __ although not usually. The question is: a number of our users run large jobs: from 4 - 24 CPU hours, they would like to look at the batch log during the execution of the jobs to see how things are going. There seems no way to look at these files. A: Use PDP 11-TECO or SOS. These compatibility mode programs __ don't go through RMS and are set up to read past the EOF. Native mode programs can't do it. Also, the job could write messages to a mailbox. Other random compatibility mode programs 41 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session (other than PDP 11-TECO and SOS) will not work, only PDP 11-TECO and SOS which have kludges in their file handling logic to bypass a 0 EOF. Use EDIT/SOS/READ filename. _____ Q: Why do many VMS utilities use a default file specifcation of __ ".xxx" i.e. no filename, with some extension. e.g if you specify a directory only in response to AUTHORIZE prompt for an authorization file (like SYS$LIBRARY) you end up with SYS$LIBRARY:.DAT. Why not assume a default filename so you would get SYS$LIBRARY:SYSUAF.DAT instead? A: If you put a default filename in the FAB you couldn't point __ it to a mail box. _____ Q: If the system console is used as a printer, and then you __ despool it, stop the queues, etc. we can't get the console back as an interactive terminal. A: Must delete all logicals associated with the queue. __ Probably Job control still owns it. Do SHOW DEV/FULL and look at owner. Probably didn't stop queue correctly. _____ (comment from chair: "We have a full complement of hardware people available for questions.") (hordes of users move to the question line) (laughter) _____ Q: I have a couple of VAX's and only 3 tape drives, my users __ fight over them. Are there any provisions in V3.0 to allow the system manager to control allocation of the tape drives? A: Use lock manager in some control process. __ _____ Q: (southern accent) I run these 2 VAX's and I have these users __ who do word processing on them. They like 'em and all, you know, but what they say is they feel kinda constrained by several things on machines that don't work the way the want 'em to. They say the have to use these funny little file names for everything with 9 characters and take all the vowels out and they can't spell the words out they want to use, and there's lots of them. Once I showed 'em - we'll go on - once I showed 'em this little button next to the shift key that that would let 'em use these lower case characters that we bought all these 42 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session nice VT100 terminals for. Well they have all these nice programs and these tools, you see, for finding text patterns, and some of 'em, in their documents, they actually use these lower case characters you've heard about, I guess. (laughter) But I tell you what, from the command line when you type these things in, you're lookin' for these nice text patterns, these lower case characters in there, they come back and they say "I tried this an' I've tried this an' it don't work. It wont find 'em." And I tell them, well what they've done to you is the've converted that command line to upper case. An' they say "why?" (laughter) (applause) "Why would they want to do such a thing?" And the things they call you . . . (laughter) They say "Well they can go to that there DECUS an' you tell them damn yankee keypunchers . . (laughter) . . (applause) . . (unintellegible) . . A: (speechless) __ _____ Q: I have a command procedure writer who has command procedures __ galore. Why no debuging aids for command procedures? Like break points and single stepping. A: Write a command procedure to debug command procedures. __ (laughter). (shout: "use unix") _____ Q: What happened to ver 6 of CONSOL.SYS? How do I get updates __ to CONSOL.SYS. I got VMS V2.5 with no new floppy. When version 3.0 will I get a new floppy? (from chair to product management: "Who is responsible for the console floppy?") A: There was no version 6 of CONSOL.SYS. They skipped from 5 __ to 7. You should have CONSOL.SYS version 7. The floppy is not distributed to people who get updates, only new customers get them. It is considered sort of part of the hardware and goes with them but it's stuck in our software box when you get a brand new VMS kit. You will have to get updates from the hardware people. _____ Q: Also on RESTAR.CMD on the floppy, they use a TR=3 which is __ the UNIBUS adapter rather than TR=8 for the MASSBUS which is where the system disk is. A: You will have to change the TR for your location. (note: __ It was pointed out later that the TR=3 is correct, the UBA is actually used for scratch registers by using the mapping registers and this has nothing to do with where the system disk is. On the other hand it will also work with TR=8: then the MASSBUS mapping registers are used for scratch registers. - RG) 43 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session _____ Q: I have a program that generates a subprocess somewhat like __ the new SPAWN command. It runs LOGINOUT with a command procedure as input. It seems to think it's a batch job in that it produces 132 col. output rather that 80 on things like the HELP command. A: Use the new SPAWN command. How was SYS$INPUT for the __ subprocess defined? (user: "I did a translation on SYS$COMMAND") That would be a process-permanent file. ("I took off the ESC and other stuff") A similar thing seemed to work OK for me. _____ Q: What about reading in lower case from DCL __ A: There is a new command READ WITH PROMPT in V3.0 that allows __ any input string, and I'm not 100% sure but I think LIB$GET_COMMAND also will not do automatic upcasing. _____ Q: On the 11/780 the translation buffer is 128. I believe it __ was increased on the 11/750 to 512, which puts the 780's on the small side. Now I hear on the 11/730 it is 64. What's going on with these changes? A: On the 730 the translation buffer is 128, not 64. (user: __ "what is the rationale for the changes?") One of the things to take into account is the time it takes to change process context on the various machines: this influenced our choice of the translation buffer size on the 730. _____ Q: The MONITOR command in V3.0 exits on ^C. Can you make it go __ back and ask for another class like the current display command does? A: (noted) __ _____ Q: We have an RM03 system disk. RM03's have what is know as a __ hysteresis brake which slows the spindle down when you open the unit up. Our brake decided to turn itself on and stay on. I have heard this is a problem with other sites as well. What happens is when the break gets warm, the system disk goes away. Why do RM03's do this, and why can't VMS recover better from seek errors? 44 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session (comment from floor: "use an electric drill") (laughter) A: I can't speak for the hardware but as far as VMS is __ concerned it doesn't special case errors on the system disk. "Normal" errors are typically reported back to the user program and other errors, such as an inswap error, are considered fatal. It's a matter of who's I/O you get an error on. (user: "it shouldn't just go away") Probably it tried to do a BUGCHECK and couldn't page the code in so it appeared to hang. ("keep it resident") The resident EXEC would get too big if we kept everything like this resident. _____ Q: We found a case where an RM03 would hang the system so the __ VAX wouldn't execute another instruction. Couldn't do @CRASH from console. A: Same business with not getting the BUGCKECK code in off the __ disk. @CRASH intentionally causes a BUGCHECK, so you're stuck. _____ Q: Under V2.x if you print from an editor (SOS L command or EDT __ P command) the person needs a quota on the system disk or you get a quota exceeded error. A: Disk quota's are meant to be strict and airtight. Therefore __ you must have a quota to write on any disk. _____ Q: I have an 11/780 DECnetted to an RT system that goes up and __ down many times per day. I get the usual DECnet messages when this happens. How can I turn off these messages from the system console without logging onto the console and doing a REPLY/DISABLE ? You can't do this in the SYSTARTUP.COM file. A: You can disable that event logging with NCP. But it then __ will not log in the OPERATOR.LOG file either. (comment: "you can leave NCP alone and do it in the SYSTARTUP.COM file with the commands: $ ASSIGN/USER OPA0: SYS$COMMAND $ REPLY/DISABLE or similarly with other REPLY commands") _____ Q: The old standalone DSC got the device database from SYSGEN __ at boot. Will standalone BACKUP work the same. A: Yes. __ _____ 45 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session Q: Will the 11/780 FPA ever support G and H floating __ instructions? A: G and H are supported as an option in microcode on the 780 __ but not in the FPA. There are no plans for it. _____ Q: We have DMC's on the system. Field service thinks that if __ the diagnostics can get the DMC to loop back end to end, that it must be good. When we have a network problem and we convince them to swap out the DMC (usually in pairs) things then get better. But they don't want to admit that it's bad if the diagnostics work. They will not connect at 1 Mbaud local full-duplex. A: I don't know about the diagnostics but I will bring the __ problem back to DEC. _____ Q: In reference to a previous question, why do the editors __ build a print file on the system disk rather than the disk the user is on? A: All spooling is done off the system disk. DIR/PRINT works __ the same. _____ Q: Is anyone ever going to do anything about how the UNIBUS box __ (BA11) power switch is right under a bunch of cables and can easily get bumped off? (much applause) A: (comment from floor: "We got a couple of U shaped things __ from a hardware store and screwed them on the back to protect the switch. Cost about $.98") (comment: "It will void the warantee") (laughter) _____ Q: We have a pair of local DMR's talking to a RSTS system at 56 __ kbaud. In V2.3, DMR is supported by UETP with instructions on how to do it. It doesn't work. A: (comment: "It works in full-duplex, not half.") (noted) __ _____ Q: Are there 2 sets of microprocessors in the DMC's? Some of __ ours run much slower than others. And they're less reliable - will not work on half-duplex cross country links. A: There are 2 controllers, 1 for local, 1 for remote - maybe __ 46 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session they are getting mixed up. I don't know - I will check with diagnostic engineering. _____ Q: I was told be a field service rep that the machines will not __ shut down until the temperature is about 125 degrees. (laughter) A: Thermal protection is designed around the power supplies __ which can get very hot. (user: "we got a thermostat to turn the machines off at 80) The only protection of the CPU boards is air flow sensors, not temperature. _____ Q: The microfiche doesn't seem to agree with what's in the __ running system after updates. A: Modules which are replaced get updated fiche, but patches do __ not. Check the patch journal files to get this information. _____ Q: How long will battery backup support 4-8 Mbytes. __ A: 10 min. 4 Mbyte per battery. __ _____ Q: I understand there is a militarized or ruggedized 750. __ A: Yes. Made by Norden Co. See them for details. It is rack __ mountable but not ruggedized. They are also working on a militarized 780. (comment: "final holocaust set off by a BUGCHECK") (laughter) The rack mountable 750 is available to volume customers only, and is not ruggedized to MIL specs but many have found it is usable in many rugged situations with a modest amount of changes. _____ Q: I have tried to change queue parameters for SYS$BATCH. I __ stopped the queue, deleted it, corrected the SYSTARTUP.COM parameters, but upon reboot found that the old parameters were still active. A: What may be happening is that you try to start the queue in __ SYSTARTUP.COM and then check the status. It should fail, then do an INIT with the new parameters. However SYS$BATCH is present by default so the start won't fail and you never do the INIT. Should explicitely do an INIT without a status check. Actually all that you need to do is STOP/QUEUE, followed by START/QUEUE with the new parameters and they will get changed. 47 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session You can do this with jobs running. Also can INIT with jobs running and the characteristics will get changed. _____ Q: Why does BACKUP take /REWIND and /OWNER=DEFAULT as defaults? __ /OWNER=ORIGINAL would seem to make more sense. Can these be changed. A: You can change them locally. /REWIND is default since we __ believed that most of the time you would make large save sets which would fill a whole tape - also if the tape is not a BACKUP tape or is blank and you do /NOREWIND you get unpredictable results. /OWNER=DEFAULT requires the least privilege. All other /OWNER modes require privilege. _____ Q: We have a number of VAX's, 1 of which is running UNIX. Some __ VMS users would like the ability to reinvoke the previous command and reexecute it like UNIX does. A: It would be easy to pretty hard. Logging DCL input would be __ easy but intercepting input to programs would be tougher. It is an SIR. (comment: "there is a similar capability supported by a SIG tape submission (LBLTOOLS on Fall '81) - it runs as a separate process rather than a CLI") _____ Q: We have a lot of trouble with the BA11K UNIBUS box on the __ 11/ 780. It is flimsy, underpowered, and the cable dress is miserable. The PDP11 24 is much nicer. Any plans for improvement? (applause) A: Yes. (applause) ("How much?") "How much are you willing to __ pay?" (laughter) _____ Q: I have an 11/750 next to a PDP 11 with RL02's. I have a __ UNIBUS controller card in the VAX for the RL02's so I can switch them. Do I need to power down the 750 to plug the cable in? A: Yes, must power down the system. On 750 turning off UNIBUS __ will cause 750 to shut down. Get a UNIBUS switch. Will likely get a fault and crash if you don't power down. _____ Q: With the new AUTOBAUD feature, we are worried that switching __ transients caused by front end terminal switch will trigger it. It will then go through a time-out sequence. Suggest looking for another as confirmation after setting speed. 48 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session A: It is quite robust with several timers. Try it first and __ then let us know. _____ Q: We have a new 11/780 with RP07's. We had considerable __ problems with field service to get interleaved memory to operate. Where is this documented? What do we have to do to the floppy to insure that it is set to interleave? A: Prototype boot files for interleaved memory are on console __ floppies. Use these and set the right one as DEFBOO.CMD, also on RESTAR.CMD (user: "It took about 9 1/2 weeks to get it running - the field service people should know how to do it better") (noted) _____ Q: We have a process that runs for a while and than gets a __ quota exceeded error. We figured out it was the AST quota. We increased the AST quota and it runs longer but eventually still runs out. It seems to use all it can get. What is it doing with all the AST's? How can we find what the AST's are for on-line. It's doing asynchronous I/O on terminals. A: Use SDA online. Type "*" to prompt for name of dump file. __ need CMKRNL. Be careful, do not look at I/O pages or may crash the system. Cannot copy the "dump" file in this case but can output the SDA formatted output. _____ Q: We want to share an RK07 with an RSX system with VMS __ read-only and the RSX side read-write. Is there anything tricky? A: Dual porting is not supported for UNIBUS devices. It may __ work. You must sieze and release the port for dual porting to work. In V3.0 we have added that capability for MASSBUS disks only. There is a SET DEVICE command to tell the system whether to allow this on a particular disk. _____ Q: This is my first DECUS and I'm really impressed. (applause) __ I'm a disk driver writer. I noticed in version 2 there were hooks for a 7xx, and lo along came the 730. In V3.0 are there any hooks for the new CI which was talked about. Is the protocol for this published? A: Read the fiche. There is some support for CI in version __ 3.0. The protocal is described in a document that is referred to on the front cover of the UDA/RA80. (note: The CI stands for "cluster interface" and was described in a technical paper 49 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session given by DEC at DECUS. It is not an announced product. - RG) _____ Q: There is a device designed for PDP 11 which works the same __ on the VAX. It's a relay activated by a thermostat - a very simple device - it does a contact closure. You can plug it in to a mate -n-lock conector at the bottom of the cabinet. This will power down the system in an orderly fashion. A: Yes there is such a connector. Field service should be able __ to tell you how to wire it up. The schematic is in the power supply prints. _____ Q: I got the last DECUS symposium tape which was created from a __ disk with a cluster factor of 3 by BACKUP. I restored it to my disk which has a cluster factor of 11. The files created seem to have a cluster factor of 22. Can you explain? A: BACKUP attempts to allocate files based on their previous __ allocation. As a result the file size will be rounded up first by the original cluster factor and then by the cluster factor of your disk. As you transfer files from disk to disk to disk with non proportional cluster factors the file allocation will grow larger and larger. The solution is to do a pass over the files and truncate them all. V3.0 BACKUP has a truncate switch. In V2.5 you can use PIP ( MCR PIP/TR *.*;* ). _____ Q: There is an end-to-end diagnostic to test DMR's or DMC's __ which loops back from the software at each end. Field service should be prodded to use it. (from floor: "It's EVDMC") The question is will the Internals and Data Structures Manual be updated for V3.0 (aka IDSM) A: Yes we are currently planning to do it. (applause) (user: __ "What time frame?") As soon as we can. _____ Q: I received part of my 11/780 in Nov. with 2 RP07's. __ However the second memory controller wasn't installed till about a month ago. Field service claimed when they installed the second controller that the high speed option for the RP07 did not work and did not know when it would. I hear people saying that it works. A: You need an RP07D kit. (user: "I ordered it with the __ option. Field service said they couldn't energize the option because it doesn't work") They are mistaken. What is your CPU rev? (user: "The latest. Machine was just installed in Nov. 50 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session I think rev 7 or 6") It should work after rev 6. Talk to Field Service. _____ Q: What release of VMS will support the RA80/UDA-50? __ A: It is currently supported on the 750. V3.0. __ _____ Q: I have a 750 with a TS11 tape drive. When you do a BACKUP __ /VERIFY it rewinds the tape very slowly. Why doesn't it do a high speed rewind? A: What probably happens is that when BACKUP reaches the end of __ tape, it writes the trailer label set (TM, trailer labels, 2 TM's) It then Backspaces over the previous 3 TM's so as to leave the tape properly positioned should you want to do an append operation. It then decides it needs to do a rewind for the verify pass. The backspacing may miss a TM if the tape is slow coming up to speed. In this case it backspaces all the way back to the beginning of the save set, and then does a rewind. Get Field service to check this. The TS11 self confidence test should pick it up. _____ Q: BACKUP is the only reliable utility which diagnoses errors __ on TS11's. (laughter,applause). We had 4 major hardware problems with our tape and each time it was BACKUP that found them. The BACKUP tapes were still recoverable. A: Thank you. __ _____ Q: Someone said the other night they had an FPA problem such __ that it would pass the diagnostics but give wrong answers. This makes me very nervous. You might consider a diagnostic excerciser for the FPA. The question is on AST handling and I noticed with the new SPAWN command a message to the affect that all AST's would be passed to the parent process. Is there a mechanism for catching them in the subprocess? A: As with ATTACH and DETACH, we are studying this problem. __ There is only 1 UCB for the terminal and thus only 1 place to store the information about the AST's. We expect to correct this situation in a future release. _____ Q: We have a 900 LPM DEC printer on our VAX. When the paper __ gets jammed we would like to back up a number of pages. It 51 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session seems we can only back up 1 page, or the whole job. A: That whole area is a top priority item for the commercial __ working group and we a looking at it very seriously. We are currently doing a complete rewrite of the queue manager and batch facility. (user: "While you're at it, let the print symbiont handle several printers. We have 15 symbiont processes running.") At least for now install the symbiont /SHARED. _____ Q: Most all of our work is done in batch queues. We have __ procedures which put task builds or C compiles into batch jobs. It is currently difficult to tell what a job is by looking at the batch queue. We would like to see the parameters used when submitting the job. A: (noted) __ _____ Q: I'm happy with the terminal driver enhancements. The __ question is about the hangup situation. What happens if /HANGUP is turned on. Is it immediate? I would like a timeout - say 30 sec - during which time you could log back in. A: The hangup is immediate. There is also a logout parameter __ /[NO]HANGUP which will temporarily overide the /HANGUP setting on the line. This allows you control at least on voluntary logouts. We know some people would like a delay and we will consider it. You can also disallow the use of LOGOUT/NOHANGUP as a system manager should you so choose. _____ Q: I noticed that the restriction of 8 Mbyte of memory mapped __ by VMB was removed and that it can now map the full 30 bit physical address space. I know no one would tell me about unannounced hardware but can I ask, has any thought been given to increasing the number of MBA's to more than 4? A: No plans to increase this beyond 4. (user: "I have seen a __ system with 6 MBA's.") To rephrase: we don't plan to support more than 4. (Note: at a later session a user asked: "On what system did you test the change to VMB to support 30 bit physical adress space?" Answer: "To be honest, we never tested it." (laughter) - RG) _____ Q: It was previously stated that with a dual ported drive, a __ closed file should be readable by the other system. This has 52 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session not been my experience. If I create a 1 line file with EDT, then exit, then do a DIR from the other system, it wont see it. A: The problem is getting the files into the other machine's __ memory, not writing it to the disk. In V3.0 we have a /NOCACHE option on the MOUNT command. If you do this from the read-only side it should be OK. _____ Q: We have several 780's with different microcode levels. The __ operators get the floppies mixed up. How is the 780 changed or updated, and how does it know its level? A: The FPLA resides in the consoles memory space. The console __ reads WCS off the floppy to reload the WCS. The console checks for mismatch between the FPLA and the PCS, and VMS checks for the secondary version of WCS. Field service should be able to do this which involves changing a few chips, but often there are ECO's that go with the changes that take longer to change. _____ Q: What does the error log mean when it says "dead track" on __ tape errors? We seem to get these on tape errors. Field service thinks this means bad media. A: The dead track appears when there is a parity error and __ shows the particular track that appears bad according to the mag tape hardware. BACKUP seems to catch more tape errors than other utilities or diagnostics due to the use of a larger block size. Also BACKUP writes tape with the normal recovery procedure of the driver turned off. For a write error it just keeps retyring in the forward direction, since backspacing over a bad block is risky due to the possibility of mispositioning the tape. If some dirt gets on the head it can be pulled along and never get knocked off. The normal backspace/retry has a better chance to dislodge such dirt. This situation is improved in V3.0 BACKUP. (comment from floor: "Field service kept telling me I had faulty media until eventually the head was replaced and things got fine.") _____ Q: If a delay on the /HANGUP attribute on dial in lines were __ not optional, it would create a problem for sites with port selectors. A: (noted) __ _____ Q: We have a DECnet problem where we can't reset the NCP error __ counts. 53 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session A: (DECnet person not present) (comment: "Check release notes __ for a known bug of this type.") (note: the May Dispatch, p. 63 discribes a related but different problem. This is the only published info I could find. - RG) _____ Q: User submits job with /AFTER=... and then leaves. We then __ do a BACKUP before his job starts and save the original disk, mounting the new copy. Job control can't find the job. A: BACKUP does not preserve file-id's. Job control uses these. __ V3.0 BACKUP image-mode will preserve file-id's. _____ Q: We have DMC-11's on PDP-11's. We wrote test programs with __ variable byte size. We now have them on the VAX. It fails when it gets to about 160 bytes at 1 Mbaud with a loop back connector. We are trying to get DEC sales to replace these with DMR's. Will the DMR's be any better? A: We have found the same problem. It has to do with the silo __ filling up faster than it could empty. We found the probability of this happening in a real life situation was low. DECnet will set the packet size to the lesser of the 2 systems' buffer size. This may be a problem for 1 Mbaud full-duplex situations. _____ Q: I have inquired as to the availability of tools for __ supporting user writtem microcode on the 780 and have thus far found none. Will there ever be any support in this area? A: (chair: I have heard of a number of people who have used __ it.) (comment: "you can't use the FPA") There is a DEC product of microcode developement tools for the 780. VMS is not involved in this. (comment: "there was a paper at last DECUS by a user who wrote a fortran compiler for microcode.") (Note: This paper appears on p. 765 of the Fall '81 DECUS Symposium proceedings. - RG) _____ Q: What TM03 ECO's are required. __ A: The one referred to (ECO # M8909YA-R-0006) was to correct __ the problem when someone hitting the device off-line would hang the system. The other ECO is for a TU78 so it will do odd-byte transfers. (only relavent for foreign tapes) _____ Q: In V2 I understand a low priority compute bound job will __ 54 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session take up memory while higher priority interactive jobs will swap in and out. A: No changes in this area. You can manually cause them to __ swap by suspending them. We will work on this. _____ Q: We have a VAX that just sits in a corner and works without __ trouble. The problem is that every 4 months or so it crashes. (expressions of mock sympathy) It's very dificult to debug a problem that occurs every 4 months. Anyway, it turns out he has a process running in the background that page faults an awful lot and when the page fault count gets up to 4 billion the system crashes. (great deal of laughter) A: (noted) __ _____ Q: Can you have more than 31 queues? __ A: It has gone to 64 in V3.0. (user: "Still not enough.") __ _____ Q: I noticed the new qualifier on the SET DEVICE command, __ "/AVAILABLE". Does this apply to any device or just disks, and how is it implemented. A: It was put there for the case of dual ported disks so that __ if you run 2 systems, 1 a standbye for the other, you leave the port selector in the middle (neutral) position, with the first CPU using the disk. The other system has the /NOAVAILABLE switch set which effectivly sets the device off line so it wont get written to. I believe it's only supported for disks in V3.0. We are investigating extending it to other devices. (user: "It would be nice to do it for dual ported TU78's") That may indeed work but we have done no testing thus far. _____ Q: There is a LED on board 23 of our 11/780 which is called the __ "stall" light. When the CPU is waiting for the SBI, the LED lights. I've been watching it under different running conditions and it seems this light is the only indication of time lost to the CPU due to SBI contention. The question is: is my inperpretation of the LED's significance correct, and has any one bothered to put a device in there to monitor the LED and measure the hit rate of the CPU on the SBI, say with and without interleaved memory. A: The meaning of the LED is correct. No one has timed it as __ far as we know. 55 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session _____ Q: Thanks to whoever fixed the debugger so you no longer have __ to set the scope twice when you examine variables in a subroutine. (note: this problem and the rationale is outlined in the MAY Dispatch, p. 17. - RG) The question is when you set break 2 ways putting a switch in a different place it works 1 way but not the other: DBG> SET BREAK/AFTER=n %line ! works but DBG> SET BREAK %line/AFTER=n ! doesn't work. The parser should be a little more intellegent A: It's not the parser. The second form is illegal because the __ "/" in that context is considered the devide operator. _____ Q: About the VT100 in 132 column mode: if you're using EDT or __ some applications programs, when you switch to 132 col mode the screen sometimes suddenly goes to "heiroglyphics" mode. (laughter) You then have to do a reset and you lose the settings for the keypad, scrolling region etc. We've seen this on perhaps 50 terminals on a dozen systems. What can be done about this? A: (noted) __ _____ Q: There is a rumor that V3.0 has fixed the problem in V2 where __ a terminal continues to receive operator messages once enabled, unless specifically disabled, even after the operator logs off and a non privileged user logs on. A: The terminal is now disabled when an operator logs out. I'm __ not sure if there is an ENABLE/PERMANENT switch for those cases where you want it such as a tape console near the tape drives. (conferencing) I'm told that it does work. You can permanently enable an operator terminal if you so choose. _____ Q: We have a building full of engineers and we try not to train __ them more than we have to. (laughter) However, one of our users has discovered that he can submit thousands of batch jobs from command procedures. We found that if a single user submits more than 255 jobs into a queue, all the queues zero. A: Perhaps a queue quota would be a good idea. For now the __ best I can say is that we tried to fix a lot of Job controller and queue management bugs. I'm not sure that one was fixed but it is noted. 56 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session _____ Q: I have a problem with the batch queue INIT procedure. I __ have a user who uses the /AFTER switch and the /PARAM switch. If the system goes down before the jobs are started, they get lost. A: There were a number of such bugs which have been fixed in __ V3.0. _____ Q: Soon after our 750 was installed (which went very well) we __ had problems with the system automatically rebooting. When we looked at the error log we found a translation buffer parity error. Sometimes the system didn't reboot and you just got the console prompt. Field service changed a board and the problem seems to have gone away. Is anyone else familiar with these symptoms? A: You seem to have had parts of two problems: There is a __ known 750 translation buffer problem due to a batch of bad chips. Swapping the #3 board fixes that which seems what happened to you. Also at times AC or DC low signal will spuriously pulse, it will look like a power fail and you wil get "%%" as you mentioned. We have not as yet tracked down the cause of this. (user: "the two problems appeared together, and went away together.") If VMS gets a certain number of translation buffer parity errors in a certain time interval, VMS will bugcheck. Isolated ones will not bugcheck. _____ Q: I'm not sure this is a hardware bug or a software feature. __ The 780 has an AUTORESTART switch which we set OFF. The system will nevertheless restart by itself upon getting a bugcheck. A: After a bugcheck, rebooting is not controlled by the switch __ but by the BUGREBOOT SYSGEN parameter. The switch controls what happens after a power fail. (user: "It would be nice if that were better documented or made to be consistant.") (noted) _____ Q: My VAX doesn't go down very often anymore (applause, __ laughter). Now that I run a month or more before a crash, if someone goes into MWAIT I wish there were a way to see what's happening. That part of the header is not visible to SDA. A: That is a known bug in SDA. It will be fixed. (comment: __ "You can look at it by examining memory rather than looking at the header explicitely") _____ 57 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session Q: I have a TU77 hardware question. There is an inconsistancy __ with the TE16 which comes on line when you load it, the TU77 doesn't. We have heard other users say the TU77 can be "rejumpered" so it will come on line when you load. Under duress our field service did the same to ours with no apparent ill affects. Any comments. A: (no tape hardware people present) (comment: "I tried for 8 __ months to get it done. At DECUS I found out how it was done and told field service. Very simple - cut the W4 jumper - but now I have a TM03 hangup. Don't have it "rejumpered" until you get the TM03 ECO.") _____ Q: FORTRAN/LIST. We would like fuller maps. And length on __ CHAR. A: FOTRAN V30. - you get a cross reference. Noted on CHAR __ length. _____ Q: On G and H microcode on the 11/780. What is the __ prerequisite? A: First you must have CPU rev 7 (the "twinkle" ECO). And then __ you must order the KU780 (2K WCS) as a prereq. to the KE780 (the G and H option). WCS 124 goes with CPU Rev 7. _____ Q: Is there an ECO required for VMS V3.0 for the TU78? __ A: No. The TU78 ECO is the odd byte transfer problem. This is __ REV 6 of the CPU. It has nothing to do with VMS. VMS needs the TM03 ECO (on TE16, TE45 and TU77). Also there is rev 7 of the CPU described above - also not required by VMS V3.0. VMS labelled tapes use even byte counts anyway. (user: "I have a tape which reads on a TU77 but not on a TU78") Probably a squewing problem - not a byte count problem. _____ Q: The 750 rack mountable version would be very attractive as __ an upgrade to PDP 11 users if it were available in small quantities. A: There is a recently anounced PDP 11/70 - VAX 11/750 upgrade __ package. Your local sales people can give details. _____ Q: Field service says you can't put an expander box on a __ 58 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session 750/TS11 system. A: (noted) __ _____ Q: I bought V1.0 sources which went out of date. I then bought __ V2.0 sources and was told I would get updates or at least fiche. Now they are out of date. The last update was missing FILEX. Will I ever be able to stay up to date? A: On maintenance updates, you can get it with each update or __ once a year to minimize tape updating. We apologize for missing the source for FILEX. It was evidently an oversite. _____ Q: Problem of UBA. There seems to be a chance of corrupting __ data in the UBA. There are checks in memory and in the devices for bad data but the UBA seems to lack error checking. Diagnostics could not find an error which we could spot. They seem to think the board is good even after we showed them by swapping boards. Maybe they sent that board to another site. (comment: "drop the board over your knee") (laughter) A: There were some bad chips picked up by certain types of data __ transfers but not others. We will remind field service again of this possibility. (comment: "It's amazing that you have such a complex operating system out in the market with so few bugs") (applause) _____ Q: When the line printer goes off line we get perhaps 50 pages __ of messages on the console. (applause) A: We have changed it so the messages become less and less __ frequent as time goes on. (applause) _____ Q: On the 750 you can't use @CRASH. There is a long list of __ things to type in. We couldn't find this in the documentation. A: (noted) __ _____ Q: Minor annoyance. The combination of defaults don't always __ make sense. e.g. /MAP/CROSS should give a listing, but doesn't. A: Noted. But some people may actually want a map but no list. __ _____ 59 PAGESWAPPER - April 1983 - Volume 4 Number 6 Spring '82 DECUS VAX SIG Advanced Q & A session Q: With TE16 and TU78's on the same MASSBUS they exhibit __ strange characteristics with foreign tapes. There were no problems until we got the TU78. If we take it off, the TE16 works again. It gets the density wrong. A: Make sure when you look at the density, there is actually a __ tape on, otherwise the density is indeterminate. We will let the tape hardware people know. _____ Q: We have heard about hangup on logoff but what about the __ opposite - if the line hangs up while someone is logged on, I would like to see the process detached so the user can reattach when the line comes up. A: Covered in the SIR session. A number of such features are __ being worked on. The process should be deleted under the present version. _____ Q: I'm glad to see the hardware people here, it's a tremendous __ addition to the Q & A session. (applause) What does Rev 7 do beside support the new microcode? A: There are two different Rev 7's. There is version 7 of __ CONSOL.SYS which fixed the power-fail restart problem and has been out for some time. Then there is CPU rev 7 which is the "twinkle" ECO and is the prerequisite to the G and H microcode and is relatively recent. This also fixes all know instruction bugs. (user: "Twinkle?") "Twinkle" was a secret name for the ECO and it stuck. It is in line with the astronomical names used for the VAX's. It is appropriate since it is a small change to "STAR" which was the 11/780 code name. You recall "Twinkle, twinkle little star. . ." (laughter) It also changes floating traps to faults so it's compatible with the 750. (user: "RDC says they can't support it, they said we have to go back to level 6") There is no technical reason for this. Perhaps you have the wrong remote floppy - get field service to give you a new one. _____ Q: Another department in my university bought a new 11/780 and __ wanted to put TU78's on the same MBA as a TU77 but DEC would not sell it. They had to buy a second MBA for the TU78's. Is this really necessary? A: Should be OK to add TU78 to existing massbus. Maybe you __ could buy it as an add-on but not as a packaged system. (user: "does anyone have systems with TU77's mixed with TU78's?" (several positive responses)) _____ 60 PAGESWAPPER - April 1983 - Volume 4 Number 6 INPUT/OUTPUT Submission Form INPUT/OUTPUT Submission Form A SIG Information Interchange Please reprint in the next issue of the Pageswapper Caption: ______________________________________________________ Message: ______________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ Contact: Name _______________________________________________________ Address ____________________________________________________ ____________________________________________________________ Telephone ____________________________ If this is a reply to a previous I/O, which number? ________ Signature _____________________________ Date ________________ Mail this form to: PAGESWAPPER Editor, DECUS, MRO2-1/C11, One Iron Way, Marlborough, MA 01752, USA 61 PAGESWAPPER - April 1983 - Volume 4 Number 6 INPUT/OUTPUT Submission Form Tear out to submit an I/O item PAGESWAPPER Editor DECUS, MRO2-1/C11 One Iron Way Marlborough, MA 01752 USA 62 PAGESWAPPER - April 1983 - Volume 4 Number 6 System Improvement Request Submission Form System Improvement Request Submission Form SIG ref no. _________ Page 1 of _____ ________________________________________________________________ Submittor: Firm: Address: Phone: ________________________________________________________________ Circle application area(s) most closely related to yours (OEMs circle end use): Transaction Processing Business EDP (accounting) Program Development Systems Development General Timesharing Student Timesharing Shared Small Applications Shared Large Applications Process Control Word Processing Large Simulation ________________________________________________________________ System Configuration: CPU Model: System Disk: Memory Size: Average User Load: Operating System: Version: ________________________________________________________________ Abstract (Please limit to four lines): ________________________________________________________________ Description (include justification and expected usefulness): Use additional pages if required Completed SIR should be returned to: Gary L. Grebus, Battelle Columbus Laboratories, 505 King Avenue, Columbus, Ohio 43201, USA 63 PAGESWAPPER - April 1983 - Volume 4 Number 6 System Improvement Request Submission Form Tear out to submit an SIR Gary L. Grebus Battelle Columbus Laboratories 505 King Avenue Columbus, Ohio 43201 USA 64