INFO-VAX Tue, 10 Jun 2008 Volume 2008 : Issue 323 Contents: Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha Re: How secur is delete/erase ? Re: How secur is delete/erase ? Re: How secure is delete/erase ? Re: It's that time again - Free XP1000 Giveaway Re: Need an external CD/DVD writer for DS10. Re: Need an external CD/DVD writer for DS10. Re: Need an external CD/DVD writer for DS10. newsreader client for VMS Re: newsreader client for VMS Re: newsreader client for VMS Re: newsreader client for VMS Re: newsreader client for VMS Re: Remembering APL-11 (WAS: Re: Any one out there have VAX APL Manuals) Manuals Re: TCPIP sequence number question Re: TCPIP sequence number question Re: TCPIP sequence number question VAX/DEC Document Re: VAX/DEC Document RE: What filtering does Hotmail use? where to buy these 2 vms books? Re: where to buy these 2 vms books? ---------------------------------------------------------------------- Date: Tue, 10 Jun 2008 04:06:47 -0700 (PDT) From: Keith Cayemberg Subject: Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha Message-ID: <6cca3fbb-4d0d-4768-bcdf-ad7437e23a88@m36g2000hse.googlegroups.com> On Jun 9, 10:52 pm, "Robert Jarratt" wrote: > wrote in message > > news:90d9d32c-ee99-435b-84d9-c46d9701268f@e39g2000hsf.googlegroups.com... > > > how many other OS's can claim that? > > > well we can can on OpenVMS 7.1 > > > and we have another 4 years planned on it ... > > I suspect this might cause some debate, but frankly I don't think this > proves anything other than that malware authors do not see VMS as a > worthwhile target, because they would profit very little from attacking it. > Don't get me wrong, though, I love VMS. > > Regards > > Rob Why does nobody here appear to know that the OS architecture of OpenVMS provides an inherent security advantage over all the other OS's mentioned here? Yes, a perfect security coupled with a practical, usable OS is probably an unreachable goal. But the integrated architectural advantage of OpenVMS brings it much closer to such a goal than any OS which just layers security features on top of it's architecture. While it is possible to write a virus for OpenVMS, and maybe even infect a user-mode process, perhaps through a buffer-overflow in a poorly programmed third-party application also running in user-mode. It is very much more more difficult on OpenVMS to actually to use a buffer overflow or other exploit to gain any higher mode privilege to actually control or degrade the security or stability of an OpenVMS system which has been properly configured. The basic principles have been mentioned by myself and others in this forum years ago. In fact they were mostly well developed in the MULTICS OS in the 1960's, and promptly ignored by the Unix fathers who had other goals than a secure OS in mind. OpenVMS developed these principles a little further while maintaining a practical and manageable balance of features. - First, a secure OS architecture must have at a minimum 3 security rings or modes. This is simple common sense, since it is necessary to protect the kernel from the third-party apps and the third party apps from the user. All Unix, Linux and Windows derivatives have only 2 security rings/modes. OpenVMS has 4 rings. The extra ring is used to protect the (eventually changeable) CLI from the user, and the other higher modes from the CLI. - Second, all services and privileges which can be requested from a higher mode must be performed through a standardized calling standard that only permits calls where the parameters are "called by descriptor". This virtually eliminates buffer overflows as a source of attaining higher mode privileges or services for which a process was not explicitly entitled. Buffer overflows are the source of the vast majority of the security vulnerabilities announced for all the other OS's the past 30 years. Building such protection into you OS provides a significant advantage that is much less dependent on the honesty or skill of third-party developers, and does not not depend on needing to acquire, read, understand and debug their source code (which may or may not be what your executable was really built from). Unfortunately, you will generally not find the above principals in the currently used University-level texts on OS Design. And, the professors appear to be ignorant of, or be uninterested in these principals, which disprove Microsoft's recurring mantra that all OS's are relatively equally insecure. In the many OS design books I have reviewed, I have never seen a mention of a descriptor-based calling standard coupled with a minimum 3 protection mode design. These principals however become apparent when understanding Ruth Goldenberg's IDSM books and various MULTICS security articles. Here I would like to mention, an accidental bug can potentially be more clever at degrading security than the best hacker/cracker. Consequently, good security design is actually synonymous to good reliability design of a system. Both reliability and security are compound LCD qualities, meaning it is only as strong as it's weakest link, and due to it's complexity, and the difficulty to balance usability and security, the OS is traditionally one of the most neglected links of the IT security quality chain. Consequently, security features are often only layered add-ons in most OS's allowing widespread configurations which default to not having these add-on security features. This leads to the large "ecosystem" of easily exploitable OS instances which hackers are taking advantage of. To say OpenVMS is secure "only because it is not as popular" as other OS's is a patently and provably wrong statement. It is wrong when you consider OpenVMS's security architecture compared to other OS's, and it's wrong since OpenVMS has had it's "trial-by-fire". OpenVMS was actually a primary target of professional hackers in the mid 1980's to early 1990's. This has been documented in various books and articles. This was due to the large body of corporate and institutional secrets which were to be found on OpenVMS systems. For instance, NASA's SPAN network was DECnet based and a repeated target of Russian espionage such as witnessed in reports on "Hanover Hackers/Crackers", the loginout code exploit of Kevin Mitnick or the spread of the "Wank Worm". In all these cases it was necessary to have the password of a username with higher mode privileges to enable the compromise of a system. OpenVMS had it's "trial-by-fire" with regards to security long ago. And in those cases, it was "people" who proved to be the weakest link, not the OS. The same definitely can not be said of the competition in the enterprise OS market. The realization that the OS is the regulating central architecture to providing for enabling a secure system and reliable is diametrically opposed to today's mantra that the application alone should/is important to the customer, and the OS should be irrelevant. There are many other security principles which are realized in the design and practices surrounding the OpenVMS, but to a much lesser degree, if at all, in other Enterprise OS's. - no application can be more capable or secure than it's OS design permits. This is a result of the LCD compound quality of security mentioned above. Security is a chain of links, each of which must be strong on it's own. In the IT world, links of a chain are analogous to the layers of technology implemented starting from the user, network OSI layers, application layers down to the kernel, hardware and physical location of the system. For example, if an application layer is encrypting it messages to the equivalent application running in another city. That application is still not more secure that the OS underneath it, which when compromised, allows the viewing of the plain text when the user is reading it himself. - dependence on the review of Open-Source in terms of reaching a secure OS is a red-herring. Especially since OS and application code fluctuation and complexity virtually guarantees the perpetual existence of security impacting SW bugs. The OS design must provide mechanisms to explicitly avoid classes of exploits and coding bugs through the design of it's OS architecture. The corollary to this is that it is pure hubris to think anyone is so expert about the quality of all third-party applications they are using that they can maintain "a secure system" only because the purported source code is "open" and available for public review. - the segregation of all security/stability affecting activities into multiple clearly defined privileges, which limits exposure of higher modes to applications and users temporarily requiring a specific privilege. - protection of all individual OS structures, services, and objects (processes, threads, monitors, etc.) with "individual security profiles" which can be finely tuned to allow/refuse access to any other individual or class of OS structure, service or object. - the default installation of privileges and protections should start with a new user always having minimal but usable access to OS privileges and services. - user access to higher privileges should only be through known and validated applications installed with the needed privileges and coded to carefully to only allow intended actions. - A known/unknown bug in any privileged application that allows one to break out to a command line should still never allow the user to maintain an application-level privilege in that interactive mode. The capability to recognize this should be an inherent capability of the OS architectural design. OpenVMS does this, and on OpenVMS a system administrator can even refuse any or all users the privilege to have a command line. This totally eliminates a class of exploit. If you pull all the information together you can find on these concepts, and forget any bias you may have had indoctrinated in you about what an OS kernel is and must provide as a service. Then you should come to the inescapable conclusion that all Unix, Linux and Windows variants (please see the "Shatter Exploit" for an example of a failed OS API) are inherently non-secure by design, and to change that would require breaking completely with upward compatibility and leaving their valuable application ecosystem behind. Microsoft has already struggled with the upward compatibility and acceptance of it's VISTA OS while trying to implement only a very limited improvement of a coordinated restriction software installation and user privileges with it's UAC feature. Although perhaps a step in the right direction in terms of security, the feature is almost universally disliked by Windows user's and is often immediately turned off. Please see user comments here... Cheers! Keith Cayemberg ------------------------------ Date: Tue, 10 Jun 2008 05:21:45 -0700 (PDT) From: Keith Cayemberg Subject: Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha Message-ID: <6784871f-e093-4dec-8b44-c26ae93f8193@25g2000hsx.googlegroups.com> On Jun 10, 1:50 pm, bradhamilton wrote: > Keith Cayemberg wrote: > > [snip of a good analysis of VMS's security by design philosophy] > > Thanks Keith - too bad it takes someone from IBM to tout the virtues of > HP's most secure OS. I suppose there's still no chance of a rescue by > IBM, eh? :-) > > All that's needed now are applications... :-( > > > > > Keith Cayemberg Yes, I was quite successful as a Senior Consultant specialized on the OpenVMS Market for IBM Global Services in Europe. But, I moved on to a major player in India's IT Services landscape almost 3 years ago. I'm still quite successful as an OpenVMS Consultant and also serving one of the same major OpenVMS customers in Europe as before. The customer wanted to retain the services and knowledge I could provide their VMS- based CIM landscape. :-) Cheers! Keith Cayemberg ------------------------------ Date: Tue, 10 Jun 2008 07:50:34 -0400 From: bradhamilton Subject: Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1 alpha Message-ID: <484E6A8A.1000202@comcast.net> Keith Cayemberg wrote: [snip of a good analysis of VMS's security by design philosophy] Thanks Keith - too bad it takes someone from IBM to tout the virtues of HP's most secure OS. I suppose there's still no chance of a rescue by IBM, eh? :-) All that's needed now are applications... :-( > > Keith Cayemberg > > ------------------------------ Date: Tue, 10 Jun 2008 05:27:47 -0700 (PDT) From: Rod Subject: Re: How secur is delete/erase ? Message-ID: One technique I've been unofficially told is used by the Canadian Armed Forces to ensure permanent erasure of scrapped hard drives: - Remove platters from drives - Belt sander applied to recording surfaces I would supplementally suggest using a dust mask and eye protection. ------------------------------ Date: Tue, 10 Jun 2008 13:51:45 +0100 From: Anton Shterenlikht Subject: Re: How secur is delete/erase ? Message-ID: <20080610125145.GA77272@mech-aslap33.men.bris.ac.uk> On Tue, Jun 10, 2008 at 05:27:47AM -0700, Rod wrote: > One technique I've been unofficially told is used by the Canadian > Armed Forces to ensure permanent erasure of scrapped hard drives: > > - Remove platters from drives > - Belt sander applied to recording surfaces > > I would supplementally suggest using a dust mask and eye protection. that's a bit extreme.. why not just cook the platters. Probably heating the drives to 400oC or so would do the job. Very cheap and very little manual labour. -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Tue, 10 Jun 2008 13:54:35 +0100 From: "pos" Subject: Re: How secure is delete/erase ? Message-ID: <484e7987$1_3@mk-nntp-2.news.uk.tiscali.com> That's nothing, the US Military had a manual written on how to blow up a Leica M4 should you crash in foriegn soil. And I am sure the VAX in the F15 aircraft were positioned in a way that if the pilot ejected, they would be destroyed. "Rod" wrote in message news:c7de465b-fab2-41b3-8ae2-2489f4f50a12@79g2000hsk.googlegroups.com... > One technique I've been unofficially told is used by the Canadian > Armed Forces to ensure permanent erasure of scrapped hard drives: > > - Remove platters from drives > - Belt sander applied to recording surfaces > > I would supplementally suggest using a dust mask and eye protection. ------------------------------ Date: Tue, 10 Jun 2008 08:49:46 +0200 From: JOUKJ Subject: Re: It's that time again - Free XP1000 Giveaway Message-ID: <4d83e$484e240a$82a13c9d$4900@news2.tudelft.nl> David Turner, Island Computers wrote: > We're giving away an Alphastation XP1000 configured as follows: > > > Alphastation XP1000 667Mhx EV67 with 4MB Cache > 1GB Memory (4 x 256MB) > 36GB 10KRPM SCSI Hard Disk > U160 Dual Port SCSI + On Board UW SCSI > Permedia 2 8MB Graphics Card > On Board 10/100 Ethernet Adapter > CDROM and Floppy > 5 PCI Slots ( two ae used by SCSI and Graphics) > > International voltages variable from 100~250V 50/60hz (works everywhere!) > > > > > Include "FREE XP1000 Giveaway" in the subject line or just hit reply (valid > emial address required) > > > We will also need your name, and daytime contact number in case you win. > You don't have to provide it, but the email will be deleted if not included. > > Please include me in the lottery Jouk Jansen Lorentzweg 1 2618 CJ Delft Nederland 31-15-2782272 / 31-40-2356356 j.jansen@tudelft.nl ------------------------------ Date: Tue, 10 Jun 2008 05:06:53 -0700 (PDT) From: Rod Subject: Re: Need an external CD/DVD writer for DS10. Message-ID: On Jun 3, 4:35=A0pm, s...@antinode.info (Steven M. Schweda) wrote: > =A0 =A0Is anyone using a USB-connected DVD drive on VMS (Alpha)? Neat trick since USB support is disabled by the firmware on at least some of the Alpha models. ------------------------------ Date: Tue, 10 Jun 2008 07:21:41 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: Need an external CD/DVD writer for DS10. Message-ID: <08061007214171_20200492@antinode.info> From: Rod > On Jun 3, 4:35=A0pm, s...@antinode.info (Steven M. Schweda) wrote: > > =A0 =A0Is anyone using a USB-connected DVD drive on VMS (Alpha)? > > Neat trick since USB support is disabled by the firmware on at least > some of the Alpha models. It's not much of a trick, but it is pretty simple and painless, so it might count as "neat". Buy a cheap Chinese USB (PCI) card (for about $10) which uses what seems to be the most popular chip (NEC µPD720100 "http://www.necel.com/usb/en/"), and install it. On the XP1000, only the built-in USB is disabled, and there's a console variable which controls it (set usb_enable off|on), I gather. I seem to recall that someone, sometime, actually added support (or at least function) for the built-in USB in the XP1000, but I already had the add-in solution working in mine, so I haven't tried enabling the built-in interface. (A Google search suggests that it's in VMS V8.3, but my main system is still at V7.3-2.) I assume that the add-in PCI card will work in practically any Alpha with a good open PCI slot, irregardful of the state of the built-in USB hardware (if any). ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: 10 Jun 2008 17:03:54 +0200 From: vaxinf@chemie.uni-konstanz.de Subject: Re: Need an external CD/DVD writer for DS10. Message-ID: <484e97da$1@merkur.rz.uni-konstanz.de> In article <08061007214171_20200492@antinode.info>, sms@antinode.info (Steven M. Schweda) writes: |>From: Rod |> |>> On Jun 3, 4:35=A0pm, s...@antinode.info (Steven M. Schweda) wrote: |>> > =A0 =A0Is anyone using a USB-connected DVD drive on VMS (Alpha)? |>> |>> Neat trick since USB support is disabled by the firmware on at |>least |>> some of the Alpha models. |> |> It's not much of a trick, but it is pretty simple and painless, so |>it |>might count as "neat". Buy a cheap Chinese USB (PCI) card (for about |>$10) which uses what seems to be the most popular chip (NEC µPD720100 |>"http://www.necel.com/usb/en/"), and install it. On the XP1000, only |>the built-in USB is disabled, and there's a console variable which |>controls it (set usb_enable off|on), I gather. |> |> I seem to recall that someone, sometime, actually added support |>(or |>at least function) for the built-in USB in the XP1000, but I already |>had |>the add-in solution working in mine, so I haven't tried enabling the |>built-in interface. (A Google search suggests that it's in VMS V8.3, |>but my main system is still at V7.3-2.) |> |> I assume that the add-in PCI card will work in practically any |>Alpha |>with a good open PCI slot, irregardful of the state of the built-in |>USB |>hardware (if any). |> As long as there is only the slow I/O speed on alpha it's not meaningful to use USB for DVD (or Blu-Ray) recording. I will add the code to cdrecord in order to support USB as soon as USB is as fast as on Itanium. regards Eberhard ------------------------------ Date: Tue, 10 Jun 2008 12:38:58 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: newsreader client for VMS Message-ID: For about 15 years I have been using NEWSRDR and am very happy with it. A weakness of NEWSRDR is the lack of ability to post an article, including headers, "as is". I need to do this for a newsgroup I moderate. Several years ago, the author of NEWSRDR was kind enough to provide me with a standalone program to do just that. This works fine when posting to an NNTP server I have normal access to. Unfortunately, the various servers I have been using are becoming unreliable. (Most servers I have access to won't allow the posting of moderated articles.) As a result, I have obtained a password-protected account on a new server. However, my standalone program won't work in this case. Can anyone recommend a newsreader client for VMS which a) allows password-based authentication and b) will allow me to post an article "as is" including all headers? (Automatically added additional headers are not a problem as long as there is no conflict with any which are already present.) Ideally, this should be terminal-based. Alternatively, who knows enough to write some code to do the above, i.e. connect to a server with password-based authentication and post an article, including headers, as is? (I could then continue to use NEWSRDR for everything except posting moderated articles.) ------------------------------ Date: 10 Jun 2008 15:35:04 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: newsreader client for VMS Message-ID: <484e9f28$0$11601$607ed4bc@cv.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >For about 15 years I have been using NEWSRDR and am very happy with it. > >A weakness of NEWSRDR is the lack of ability to post an article, >including headers, "as is". I need to do this for a newsgroup I >moderate. Several years ago, the author of NEWSRDR was kind enough to >provide me with a standalone program to do just that. This works fine >when posting to an NNTP server I have normal access to. > >Unfortunately, the various servers I have been using are becoming >unreliable. (Most servers I have access to won't allow the posting of >moderated articles.) As a result, I have obtained a password-protected >account on a new server. However, my standalone program won't work in >this case. > >Can anyone recommend a newsreader client for VMS which a) allows >password-based authentication and b) will allow me to post an article >"as is" including all headers? (Automatically added additional headers >are not a problem as long as there is no conflict with any which are >already present.) Ideally, this should be terminal-based. > >Alternatively, who knows enough to write some code to do the above, i.e. >connect to a server with password-based authentication and post an >article, including headers, as is? (I could then continue to use >NEWSRDR for everything except posting moderated articles.) I've done just that for NEWSRDR itself. In addition, there is a timeout disconnect to many news servers. I've modified NEWSRDR to also send out a null every 10 secs via a timer AST. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: 10 Jun 2008 11:09:24 -0500 From: burley+news@encompasserve.org (Graham Burley) Subject: Re: newsreader client for VMS Message-ID: In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > Can anyone recommend a newsreader client for VMS which a) allows > password-based authentication and b) will allow me to post an article > "as is" including all headers? On DECUServe we've modified the ANU News client to handle basic authentication, there's also a build/port of SLRN. I don't know if either will let you provide your own headers, I suspect not. > Alternatively, who knows enough to write some code to do the above Python has an nntplib module which might help, or you could use a telnet script (Kermit?), the only tricky bit would be dot-stuffing. ------------------------------ Date: Tue, 10 Jun 2008 16:50:32 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: newsreader client for VMS Message-ID: In article <484e9f28$0$11601$607ed4bc@cv.net>, VAXman- @SendSpamHere.ORG writes: > >Alternatively, who knows enough to write some code to do the above, i.e. > >connect to a server with password-based authentication and post an > >article, including headers, as is? (I could then continue to use > >NEWSRDR for everything except posting moderated articles.) > > I've done just that for NEWSRDR itself. So, password-authentication and post an article as-is? > In addition, there is a timeout > disconnect to many news servers. I've modified NEWSRDR to also send out > a null every 10 secs via a timer AST. Yes, that has bugged me as well from time to time. Can you email me the code and instructions on how to build it? (I don't think I've built NEWSRDR since the initial build 15 years ago.) ------------------------------ Date: 10 Jun 2008 17:32:25 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: newsreader client for VMS Message-ID: <484ebaa9$0$7357$607ed4bc@cv.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >In article <484e9f28$0$11601$607ed4bc@cv.net>, VAXman- >@SendSpamHere.ORG writes: > >> >Alternatively, who knows enough to write some code to do the above, i.e. >> >connect to a server with password-based authentication and post an >> >article, including headers, as is? (I could then continue to use >> >NEWSRDR for everything except posting moderated articles.) >> >> I've done just that for NEWSRDR itself. > >So, password-authentication and post an article as-is? USER and PASS added but I haven't addressed AS-IS. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Tue, 10 Jun 2008 04:45:20 -0700 (PDT) From: bclaremont Subject: Re: Remembering APL-11 (WAS: Re: Any one out there have VAX APL Manuals) Manuals Message-ID: <5cfdc691-86e1-4ece-8490-87d3330e26ef@34g2000hsh.googlegroups.com> I have a set of RX02's hooked up to a MicroVAX II that still work. I'll be happy to try reading the RX01's if you want to send them along. Bruce C. John Reagan wrote: > Simon Clubley wrote: > > > Have you considered contacting the people at bitsavers to see if they > > are interested in including it among their archive ? > > > > Link: > > > > http://bitsavers.org/ > > > > Simon. > > > > I've been in contact with Bitsavers folks in the past for older > documentation but not for this. > > For bits, looking at http://www.bitsavers.org/bits/DEC/pdp11 they seem > to have dectape/rl01/rk05/various magtape/and some paper tape. I don't > see any RX01 archives (not to say they wouldn't take it). > > I've looked over at trailing-edge as well and didn't see an obvious home. > > > -- > John Reagan > OpenVMS Pascal/Macro-32 Project Leader > Hewlett-Packard Company ------------------------------ Date: Tue, 10 Jun 2008 08:18:26 +0200 From: Johnny Billquist Subject: Re: TCPIP sequence number question Message-ID: JF Mezei skrev: > Johnny Billquist wrote: >> That depends. TCP/IP implementations can do this differently, but it is >> recommended that the average round trip time is measured, and that timeouts are >> set to about 2*rtt. >> >> But this is all done by the sender. There is no NAK capability in TCP/IP. > > I've since used wireshark to trace packets. Found that at least OSX' > stack, when it seens a missing packet in a sequence, immediatly start to > ACK the previous packet again, until the missing packet is resent. (aka: > multiple ACKs for the packet before the missing one). Well, the receiver is just trying it's best to get the attention of the transmitter, using whatever means are available. > For the data I have seen, this happens well before the window fills up. > > I ended up reading and understanding 791 and 793 quite a bit. (but > haven't seen the sliding window adjustements suggested by the RFcs in my > traces). Good that you started digging through the RFCs. :-) However, note that there have been additional details added at later dates, which you should probably also read. >> There is no NAK packet. > > Based on what I have read/seen, sending multiple ACKs for packet #1 is > tantamount to a NAK of packet 2. Not exactly. But it's the best you can do in TCP. The sender can very well wait for a full timeout of #2 before resending it, when you send an ACK for #1. If you had a positive NAK, the sender should probably do a resend immediately. This is something you can't do with TCP. But you seem to be rolling here, so I think you'll be able to figure out the rest as well. :-) Johnny -- Johnny Billquist || "I'm on a bus || on a psychedelic trip email: bqt@softjar.se || Reading murder books pdp is alive! || tryin' to stay hip" - B. Idol ------------------------------ Date: Tue, 10 Jun 2008 05:21:22 -0400 From: JF Mezei Subject: Re: TCPIP sequence number question Message-ID: <484e4953$0$20535$c3e8da3@news.astraweb.com> Johnny Billquist wrote: > Not exactly. But it's the best you can do in TCP. The sender can very well wait > for a full timeout of #2 before resending it, when you send an ACK for #1. If > you had a positive NAK, the sender should probably do a resend immediately. This > is something you can't do with TCP. There are some "fast Retransmission" events in the wireshark logs for some types of lost packets. Damm it, I just found some "reset" packets. There is no way for me to know if they were forged by Bell Canada (like Comcast) or if they were forged by the remote ISPs. > No. Time Source Destination Protocol Info > 3037 46.025138 98.215.114.81 10.0.0.20 TCP 63018 > 6810 [SYN] Seq=0 Len=0 MSS=1452 TSV=20871097 TSER=0 WS=5 > 3038 46.025310 10.0.0.20 98.215.114.81 TCP 6810 > 63018 [SYN, ACK] Seq=0 Ack=1 Win=131070 Len=0 MSS=1460 WS=1 TSV=1807270126 TSER=20871097 > 3043 46.146150 98.215.114.81 10.0.0.20 TCP 63018 > 6810 [ACK] Seq=1 Ack=1 Win=5856 Len=0 TSV=20871127 TSER=1807270126 > 3044 46.146264 10.0.0.20 98.215.114.81 TCP [TCP Window Update] 6810 > 63018 [ACK] Seq=1 Ack=1 Win=131040 Len=0 TSV=1807270127 TSER=20871127 > 3056 46.274495 98.215.114.81 10.0.0.20 BitTorrent Handshake > 3057 46.274572 10.0.0.20 98.215.114.81 TCP 6810 > 63018 [ACK] Seq=0 Ack=0 Win=65486 Len=0 TSV=1807270127 TSER=20871159 > 3077 46.524564 10.0.0.20 98.215.114.81 BitTorrent Handshake Continuation data > 3088 46.641754 98.215.114.81 10.0.0.20 TCP 63018 > 6810 [ACK] Seq=0 Ack=130 Win=216 Len=0 TSV=20871252 TSER=1807270127 > 3089 46.641940 10.0.0.20 98.215.114.81 BitTorrent Bitfield, Len:0x1a6 > 3240 49.141050 10.0.0.20 98.215.114.81 BitTorrent [TCP Retransmission] Bitfield, Len:0x1a6 > 3252 49.254053 98.215.114.81 10.0.0.20 TCP 63018 > 6810 [RST] Seq=0 Len=0 TSV=20872284 TSER=0 > 3253 49.254901 98.215.114.81 10.0.0.20 TCP 63018 > 6810 [RST] Seq=12503 Len=0 TSV=20872284 TSER=0 > 3255 49.277092 98.215.114.81 10.0.0.20 TCP 63018 > 6810 [RST] Seq=0 Len=0 Wireshark is pretty amazing. (in the above, sequence numbers are relative to negotiations during call setup). Now, I have found 1 stream that didn't have a reset in it. So I guess Bell might not be the one introducing RESETS here and there to kill off connections and slow throughput. ------------------------------ Date: 10 Jun 2008 06:13:38 -0500 From: clubley@remove_me.eisner.decus.org-Earth.UFP (Simon Clubley) Subject: Re: TCPIP sequence number question Message-ID: In article , Johnny Billquist writes: > JF Mezei skrev: > >> For the data I have seen, this happens well before the window fills up. >> >> I ended up reading and understanding 791 and 793 quite a bit. (but >> haven't seen the sliding window adjustements suggested by the RFcs in my >> traces). > > Good that you started digging through the RFCs. :-) > However, note that there have been additional details added at later dates, > which you should probably also read. > In particular JF, you need to read the Host Requirements RFCs (RFC1122 and RFC1123). You may also find RFC1127 of interest. Simon. -- Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP Microsoft: Bringing you 1980's technology to a 21st century world ------------------------------ Date: Tue, 10 Jun 2008 13:27:37 +0100 From: "pos" Subject: VAX/DEC Document Message-ID: <484e7331$1_4@mk-nntp-2.news.uk.tiscali.com> Does anyone please have any media for this? I know the license is not on the hobbyist collection, and TTI appears to be a ghost town when I phone (no reply to emails, phone calls). I really do not want to use DECwrite for this job! ....or DSR. ------------------------------ Date: Tue, 10 Jun 2008 09:28:21 -0400 From: JF Mezei Subject: Re: VAX/DEC Document Message-ID: <484e82ca$0$7256$c3e8da3@news.astraweb.com> pos wrote: > Does anyone please have any media for this? I know the license is not on the > hobbyist collection, and TTI appears to be a ghost town when I phone (no > reply to emails, phone calls). I have media. I have expired licence. If you have no offers by the end of the week, send me an email (am rather busy fighting Niel Rieck's employer right now). Gee, those energy drinks aren't cheap. Americans complain about gas at $4 per US gallon. This is $5.00 for 710ml, or ~$28 per USA gallon. And teh stuff only gets me from my desk to my desk, so a whopping 0 miles to the gallon :-) ------------------------------ Date: Tue, 10 Jun 2008 12:23:52 -0400 From: "Peter Weaver" Subject: RE: What filtering does Hotmail use? Message-ID: <04f601c8cb16$5f6d0b40$2802a8c0@CHARONLAP> Thanks everyone. Just to summarize; - I do have a Sympatico (Bell Canada) High Speed Business account with a fixed IP. - JF is right that Sympatico will not define a RDNS for users with a = High Speed Business account, I went through this a few months ago when I had = a customer bounce an email. When I setup the Sympatico account years ago I = was told that I would have complete control over the DNS and what = services/ports I could use. A few months ago a support person told me that I could not update the PTR record for my address on my account unless I upgrade to = an ISDN account. I reviewed the service offerings for both types of = accounts and neither mentioned RDNS or PTR records. Teksavy.com is looking very = good right now. - I was able to setup SPF records for my most of my domain names, except = for the weaverconsulting.ca domain since it uses a different DNS provider. = My SMTP uses weaverconsulting.ca in its hello message so the SPF records on = the other domains are useless. - After a lot of testing I find that if I create a brand new message it makes it through to the hotmail.com account about 50% of the time, a = reply makes it through 100% of the time. The interesting part is that if I = send an email to a hotmail.com account then do a reply/all or forward to the = same hotmail account the first message usually does not make it through, the second one always gets delivered. Conclusion; hotmail.com should be avoided whenever possible. Peter Weaver www.weaverconsulting.ca=A0=A0 =A0 www.openvmsvirtualization.com www.vaxvirtualization.com=A0 www.alphavirtualization.com Winner of the 2007 OpenVMS.org Readers' Choice Award for System Management/Performance ------------------------------ Date: Tue, 10 Jun 2008 16:37:16 +0100 From: Anton Shterenlikht Subject: where to buy these 2 vms books? Message-ID: <20080610153716.GA74915@mech-aslap33.men.bris.ac.uk> I'm interested in these 2 books, both 2nd edition, but cannot find any bookseller that have either. The books appear on various bookseller sites, but all "unavailable". Moreover, the details, e.g. publication year, differ slightly from one site to another, but ISBNs seem to be correct. Could anybody recommend a bookseller that might have either books in stock please. many thanks anton OpenVMS Performance Management von Hein VanKoelen (Autor), Joginder Sethi (Autor), Hein van Koelen (Autor) * Verlag: Digital Press; Auflage: 2nd Ed (30. April 2003) * ISBN-10: 1555582753 * ISBN-13: 978-1555582753 Writing Open VMS Alpha Device Drivers in C: Developer's Guide and Reference Manual (Paperback) by Margie Sherlock (Author), Leonard Szubowicz (Author) * Paperback: 896 pages * Publisher: Digital Press; 2nd Ed edition (31 Jul 1999) or 2003 ? * Language English * ISBN-10: 1555582095 * ISBN-13: 978-1555582098 -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Tue, 10 Jun 2008 10:41:04 -0700 (PDT) From: "johnhreinhardt@yahoo.com" Subject: Re: where to buy these 2 vms books? Message-ID: <02d1c911-043a-4cc1-8b66-5aee83180306@e39g2000hsf.googlegroups.com> On Jun 10, 11:37 am, Anton Shterenlikht wrote: > I'm interested in these 2 books, both 2nd edition, but cannot > find any bookseller that have either. The books appear on various > bookseller sites, but all "unavailable". Moreover, the details, > e.g. publication year, differ slightly from one site to another, > but ISBNs seem to be correct. > > Could anybody recommend a bookseller > that might have either books in stock please. > > many thanks > anton > > OpenVMS Performance Management > von Hein VanKoelen (Autor), Joginder Sethi (Autor), Hein van Koelen (Autor) > * Verlag: Digital Press; Auflage: 2nd Ed (30. April 2003) > * ISBN-10: 1555582753 > * ISBN-13: 978-1555582753 Available at Amazon (US) http://www.amazon.com/OpenVMS-Performance-Management-HP-Technologies/dp/1555581269 Amazon IK http://www.amazon.co.uk/OpenVMS-Performance-Management-HP-Technologies/dp/1555581269/ref=sr_1_1?ie=UTF8&s=books&qid=1213119058&sr=8-1 Or from the publisher Elsevier (Formerly Digital Press) http://www.elsevier.com/wps/find/bookdescription.cws_home/677438/description#description > > Writing Open VMS Alpha Device Drivers in C: > Developer's Guide and Reference Manual (Paperback) > by Margie Sherlock (Author), Leonard Szubowicz (Author) > > * Paperback: 896 pages > * Publisher: Digital Press; 2nd Ed edition (31 Jul 1999) or 2003 ? > * Language English > * ISBN-10: 1555582095 > * ISBN-13: 978-1555582098 > Long out of print. You have to search far and wide to find the 2nd edition. I got a copy of the 1st edition on Ebay, but Amazon has some through it's associate sellers. > -- > Anton Shterenlikht > Room 2.6, Queen's Building > Mech Eng Dept > Bristol University > University Walk, Bristol BS8 1TR, UK > Tel: +44 (0)117 928 8233 > Fax: +44 (0)117 929 4423 ------------------------------ End of INFO-VAX 2008.323 ************************