INFO-VAX Wed, 09 Jul 2008 Volume 2008 : Issue 381 Contents: Re: 226 Transfer complete question Re: Another BIND vulnerability (cache poisoning) Re: Another BIND vulnerability (cache poisoning) Re: FTP client: stripping version numbers and forcing lowercase on MPUT MPUTMPUT Re: inserting row to RDB with key returned Re: NTP on OpenVMS using TCPIP services Re: NTP on OpenVMS using TCPIP services Re: NTP on OpenVMS using TCPIP services Re: OT: Carly as VP? Quasi-push technologies (was: Re: Another new VMS system.) Re: RDB insert with returned key Re: RDB insert with returned key Re: Show of support for Distributed NetBeans Re: Why did process quota go down? Re: Why did process quota go down? ---------------------------------------------------------------------- Date: Wed, 9 Jul 2008 02:06:20 -0700 (PDT) From: Bob Gezelter Subject: Re: 226 Transfer complete question Message-ID: <76d03464-5275-41db-b258-c425d6beeec1@x35g2000hsb.googlegroups.com> On Jul 7, 11:42 pm, kiwi-red wrote: > Hi > > I have some code to modify that looks for the return status > after doing an FTP. It looks for 226 Transfer Complete. > The code will fail if it returns 226 Transfer OK > which I assume is coming from a different flavour on > the other end. > > Is it safe to assume that if I just search for 226 Transfer > then I will only get successful transfers? > > It might be possible to change the code to look for either, > but it is fairly long winded and complex. > > Is the above likely to be a safe assumption? > > kiwi kiwi, I would add that the code should be commented to refer to the applicable current RFC for ftp, which is available from http://www.ietf.org. My recollection is that the text part of the message is for humans, the numeric part is deliberately intended for use with programs. I do not have the time to get the citation, but I do recall the comment along the lines of what Steve is citing (although, I generally use the plain text original copies of the RFCs for citations). - Bob Gezelter, http://www.rlgsc.com ------------------------------ Date: Wed, 09 Jul 2008 04:35:38 -0400 From: JF Mezei Subject: Re: Another BIND vulnerability (cache poisoning) Message-ID: <48747863$0$14235$c3e8da3@news.astraweb.com> JF Mezei wrote: > Slashdot article: > http://it.slashdot.org/article.pl?sid=08/07/08/195225 > > Offfical CERT article: > http://www.kb.cert.org/vuls/id/800113 Test can be made at www.doxpara.com Essentially, what it does is cause a number of separate DNS requests to be made to their own DNS server and they check if each DNS request was made FROM a different port or not. If they all come from the same port, it deems the DNS server to be vulnerable. I used wireshark to trace the VMS TCPIP Services 5.6 (Bind 9) server while running this test and the 5 requests all came from the same port. My ISP has already patched their Linux servers. Anyone know if a patch is/will be available for TCPIP Services 5.6 ? Or is this something that the remaining VMS installed based doesn't care much about because they are enterprise systems not connected to the internet ? ------------------------------ Date: Wed, 9 Jul 2008 09:54:36 -0700 (PDT) From: johnwallace4@yahoo.co.uk Subject: Re: Another BIND vulnerability (cache poisoning) Message-ID: On Jul 9, 9:35 am, JF Mezei wrote: > JF Mezei wrote: > > Slashdot article: > >http://it.slashdot.org/article.pl?sid=08/07/08/195225 > > > Offfical CERT article: > >http://www.kb.cert.org/vuls/id/800113 > > Test can be made atwww.doxpara.com > > Essentially, what it does is cause a number of separate DNS requests to > be made to their own DNS server and they check if each DNS request was > made FROM a different port or not. If they all come from the same port, > it deems the DNS server to be vulnerable. > > I used wireshark to trace the VMS TCPIP Services 5.6 (Bind 9) server > while running this test and the 5 requests all came from the same port. > > My ISP has already patched their Linux servers. > > Anyone know if a patch is/will be available for TCPIP Services 5.6 ? > > Or is this something that the remaining VMS installed based doesn't care > much about because they are enterprise systems not connected to the > internet ? I'm not sure why being "not connected to the internet" helps in this case (or in many other cases) as there too many uncontrolled leakage paths to the Internerd in many corporates these days anyway (and there often were even before the days of 3G phones and widespread laptops). Anyway, if I've understood right, this is an instance of "defective by design" in BIND. an error in BIND which djb (of djbdns and qmail fame) first talked about with CERT back in 2002, and first discussed in public by djb himself in 2001: http://cr.yp.to/djbdns/forgery.html As of December 2007 djbdns is in the public domain, so managers of commodity OSes on commodity hardware may well have an easy BIND- independent fix. No idea whether a VMS version is available. ------------------------------ Date: Wed, 9 Jul 2008 10:40:49 -0700 (PDT) From: rdpiccard@gmail.com Subject: Re: FTP client: stripping version numbers and forcing lowercase on MPUT MPUTMPUT Message-ID: My thanks for all your constructive suggestions. Another solution has also surfaced: use Fetch V5 (I know it works with V5.3, I am not sure how far back in V5) on Macintosh, *after* first bringing up Terminal and issuing the following two commands: defaults write com.fetchsoftworks.Fetch LowerCaseVMSNames -bool true defaults write com.fetchsoftworks.Fetch ShowVMSVersionNumbers -bool false I mention these particularly because earlier threads here indicate that some comp.os.vms participants were not aware of the opposite setting for the second one. Then you can drag a folder from the Fetch window logged into the VMS server to your hard disk or desktop and it will strip version numbers and force all letters in files and folder names to lowercase. (I have not done the experiment with a folder containing multiple versions of the same file, but I have done it with a multi-folder directory tree.) Then you drag that folder from your hard disk or desktop to the Fetch window logged into the case-sensitive server, and you are done. At this time, Fetch will *not* correctly adjust the syntax for folder names if you drag directly from the VMS server's window to the other server's window -- you have to manually remove the "[." prefix and the "]" postfix from each folder's name -- but it does transfer the files and the folders are folders. Fetchworks tech support is aware of that as an enhancement suggestion. ------------------------------ Date: Wed, 09 Jul 2008 08:28:15 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: inserting row to RDB with key returned Message-ID: Alan Winston - SSRL Central Computing wrote: > In article <152e0736-aece-4917-b293-4ab87b6ac254@m73g2000hsh.googlegroups.com>, CodeAmazon writes: > >> I'd like to insert a new record into a table in my database and get >> back the automatically generated key to use in an insertion in another >> table subsequently. >> >> My first thought would be to use java.sql.Statement's >> execute(stmt,Statement.RETURN_GENERATED_KEYS) method, and then >> retrieve the value. I've tried that and several other variants, with >> "unsupported feature" errors as the result. >> >> What is the best way to insert a row and grab the automatically >> generated key value from within a Java program. We're running Oracle >> Rdb V7.2-120, and Java 1.5.0 > > > I couldn't make this work with Ibatis under Java on Java 1.5.0 and Rdb 7.2; > couldn't make the "returning dbkey" accept a result value, and I've currently > got a bad workaround in place (write it out with a known unique value and then > do a separate select to recover the dbkey). > > If you get a good answer to this, please post it here. > > You might also want to try on the oraclerdb mailing list a jcc.com > > -- Alan As far as I understand it's that the Rdb Dynamic SQL interface doesn't support the RETURNING clause of the INSERT statement. Jan-Erik. ------------------------------ Date: Wed, 09 Jul 2008 12:55:05 +0100 From: baldrick Subject: Re: NTP on OpenVMS using TCPIP services Message-ID: <1vGdnZEnntqHOunVnZ2dnUVZ8tSdnZ2d@posted.plusnet> Rich Jordan wrote: ... > We had to install the windows pseudo-ntp service to support some voip > phone software that only ran under windows. All the client peecees > had to use the windows time service also to avoid other complications > (ms is really good at the camels nose in the tent thing). > > Our VMS systems are so far all set up using external NTP servers as > SERVER and setting each-other as 'PEER' entries in the config files. > I can see them nattering at eachother about time a few times a day; > mainly I think because the VAX is running TCPware while the Alphas and > the itanic are running TCPIP services. No issues; the VMS systems > ignore the windows network and vice versa. I think that is what I was seeing with the Alpha's ignoring the Windows servers. In your case you have others, for me I have no choice. The original server I used to use was an externally synced unix system, and that worked with no changes on the VMS side. What is the issue with the windows time service, is it so bad and unreliable? something intrinsic in the way the 'operating system' can give it a problem ? -- nclews at csc dot com aka Mr. CP Charges ------------------------------ Date: Wed, 09 Jul 2008 09:03:10 -0400 From: "Richard B. Gilbert" Subject: Re: NTP on OpenVMS using TCPIP services Message-ID: baldrick wrote: > Rich Jordan wrote: > ... > >> We had to install the windows pseudo-ntp service to support some voip >> phone software that only ran under windows. All the client peecees >> had to use the windows time service also to avoid other complications >> (ms is really good at the camels nose in the tent thing). >> >> Our VMS systems are so far all set up using external NTP servers as >> SERVER and setting each-other as 'PEER' entries in the config files. >> I can see them nattering at eachother about time a few times a day; >> mainly I think because the VAX is running TCPware while the Alphas and >> the itanic are running TCPIP services. No issues; the VMS systems >> ignore the windows network and vice versa. > > I think that is what I was seeing with the Alpha's ignoring the Windows > servers. In your case you have others, for me I have no choice. The > original server I used to use was an externally synced unix system, and > that worked with no changes on the VMS side. > > What is the issue with the windows time service, is it so bad and > unreliable? something intrinsic in the way the 'operating system' can > give it a problem ? > I sense a small misunderstanding here! An NTP client uses a server, not because it's there, but because it has been configured, in ntp.conf, to use that server. There are exceptions, broadcast and multicast, but even then, the client must be configured to listen to broadcast or multicast. The last I heard, Microsoft had not implemented NTP; they implemented SNTP and followed the RFC only as far as it suited them!! Microsoft SNTP will serve time to clients even though this violates the spirit and maybe even the letter of the relevant RFC(s??). I believe that RFC-1305 is relevant and probably a couple of others that I'm too lazy to search for. ------------------------------ Date: Wed, 09 Jul 2008 16:47:27 +0100 From: baldrick Subject: Re: NTP on OpenVMS using TCPIP services Message-ID: Richard B. Gilbert wrote: > baldrick wrote: >> Rich Jordan wrote: >> ... >> >>> We had to install the windows pseudo-ntp service to support some voip >>> phone software that only ran under windows. All the client peecees >>> had to use the windows time service also to avoid other complications >>> (ms is really good at the camels nose in the tent thing). >>> >>> Our VMS systems are so far all set up using external NTP servers as >>> SERVER and setting each-other as 'PEER' entries in the config files. >>> I can see them nattering at eachother about time a few times a day; >>> mainly I think because the VAX is running TCPware while the Alphas and >>> the itanic are running TCPIP services. No issues; the VMS systems >>> ignore the windows network and vice versa. >> >> I think that is what I was seeing with the Alpha's ignoring the >> Windows servers. In your case you have others, for me I have no >> choice. The original server I used to use was an externally synced >> unix system, and that worked with no changes on the VMS side. >> >> What is the issue with the windows time service, is it so bad and >> unreliable? something intrinsic in the way the 'operating system' can >> give it a problem ? >> > > I sense a small misunderstanding here! An NTP client uses a server, not > because it's there, but because it has been configured, in ntp.conf, to > use that server. There are exceptions, broadcast and multicast, but > even then, the client must be configured to listen to broadcast or > multicast. Yes I see that now! I thought you'd also got them configured in the NTP conf file too, when I read it I had visions that the NTPQ display had "reject" against the Windows boxes and a normal status against the others. > > The last I heard, Microsoft had not implemented NTP; they implemented > SNTP and followed the RFC only as far as it suited them!! Microsoft > SNTP will serve time to clients even though this violates the spirit and > maybe even the letter of the relevant RFC(s??). I believe that > RFC-1305 is relevant and probably a couple of others that I'm too lazy > to search for. I got the details for setting up NTP from the following articles regarding w32time. http://support.microsoft.com/kb/314054/ and for debugging http://support.microsoft.com/kb/816043/ Basically you synchronize every 900 seconds with a source and offer your time as correct. What isn't clear or I have not spotted is if your Windows box stops synchronizing and drifts, you now end up with the other clients also drifting, and how to stop the Windows saying "I am reliable", but on the other hand just having the same time, regardless if it is the real time, may be more important than having a set of servers with different times. (I guess this is the scenario you're referring to). nic -- nclews at csc dot com aka Mr. CP Charges ------------------------------ Date: Wed, 9 Jul 2008 07:09:41 -0400 From: "John Smith" Subject: Re: OT: Carly as VP? Message-ID: http://thinkprogress.org/wonkroom/2008/06/20/fiorina-history/ "JF Mezei" wrote in message news:485ef521$0$12292$c3e8da3@news.astraweb.com... > John Smith wrote: >> http://www.politico.com/news/stories/0608/11258.html > > She's been mentioned a few times, especially after McCain admitted he > wasn't a hot shot when it comes to economic issues. Having her behind > his back would help him with the economic side. (or so they say). > > Carly, despite being a blonde bimbo, can speak and say nothing using > this week,s buzzwords without saying anything or without understanding > any of it. Sounds like the perfect definition of a politician. > > I think it will come down to whether McCain feels he needs a token > female as VP to counter the possibility of Hillary as VP. > > Hopefully the VP debate will be held in a giant vat of jello which would > make for a most excellent cat fight between Hillary and Carly. "My > hairdresser is better than yours", "my business jet is bigger than > yours", "yeah, but mine is faster than yours". > > One thing is for sure, Carly understand and supports the patriot act > very well. She likes the ability to listen in on phone conversations, > plant emails to fetter out certain people etc etc. ------------------------------ Date: Wed, 9 Jul 2008 17:39:58 +0800 From: "Richard Maher" Subject: Quasi-push technologies (was: Re: Another new VMS system.) Message-ID: Hi Jeffrey, Thanks for the reply. > I can't easily tell if this is the same concept, but look at > www.monex.com. That ticker simply reads a file every few minutes that is > updated by the trading system which is an OpenVMS cluster. Interesting; you wouldn't happen to know if it's a periodic refresh, or Ajax or a hidden iFrame would you? (Or something else?) It's just that I have the Java console turned on for Applets and it popped up on that page, and I couldn't see an obvious Applet Object def (that wasn't buried in son included .JS file) and was just curious as to which bit the Java was controlling. Cheers Richard Maher PS. I'm currently very interested in various "push" technologies. (Used mainly in conjunction with Tier3 client/server request/response mechanisms) "Jeffrey H. Coffield" wrote in message news:nJXck.13044$jI5.11126@flpi148.ffdc.sbc.com... > > > Richard Maher wrote: > > Hi, > > > > "Jan-Erik Söderholm" wrote in message > > news:5CHck.777$U5.393@newsb.telia.net... > >> See http://www.sgx.com/ > >> Click "SGX moves to new securities trading engine". > >> > >> Or see : http://tinyurl.com/5zpm8k for a > >> less-capable-browser-version... > > > > Great news! Especially as this is after the Nasdaq OMX acquisition. > > > > Cheers Richard Maher > > > > PS. If anyone knows (or bothers to work out) what the Java Applet is for on > > that page then please let me know. (Live ticker "push" technology?) > > > > > I can't easily tell if this is the same concept, but look at > www.monex.com. That ticker simply reads a file every few minutes that is > updated by the trading system which is an OpenVMS cluster. > > Jeff Coffield > www.digitalsynergyinc.com ------------------------------ Date: Wed, 09 Jul 2008 08:33:47 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: RDB insert with returned key Message-ID: CodeAmazon wrote: > I'm trying to insert a row in an Oracle Rdb V7.2-120 database, using > Java 1.5. I need to capture the automatically generated key for use > in the next step of my program. > > My default assumption would be to use java.sql.Statement's > execute(stmt, Statement.RETURN_GENERATED_KEYS) and then check the > results. Unfortunately that (and all similar execute options I've > tried) return an unsupported feature error. > > Can someone point me to a solution for getting back the key value, or > to the API for supported features in the native driver? > > - Shasta Are you using RETURNING in your INSERT statement ? Rdb Dynamic SQL doesn not support that. So any interaface built on the Dynamic interface (all as far as I know that aren't compiled) do not support this. Jan-Erik. ------------------------------ Date: Wed, 09 Jul 2008 12:08:58 +0200 From: =?ISO-8859-1?Q?Jean-Fran=E7ois_Pi=E9ronne?= Subject: Re: RDB insert with returned key Message-ID: <48748e3a$0$14965$426a34cc@news.free.fr> Jan-Erik Söderholm wrote: > CodeAmazon wrote: >> I'm trying to insert a row in an Oracle Rdb V7.2-120 database, using >> Java 1.5. I need to capture the automatically generated key for use >> in the next step of my program. >> >> My default assumption would be to use java.sql.Statement's >> execute(stmt, Statement.RETURN_GENERATED_KEYS) and then check the >> results. Unfortunately that (and all similar execute options I've >> tried) return an unsupported feature error. >> >> Can someone point me to a solution for getting back the key value, or >> to the API for supported features in the native driver? >> >> - Shasta > > Are you using RETURNING in your INSERT statement ? > Rdb Dynamic SQL doesn not support that. So any > interaface built on the Dynamic interface (all as far > as I know that aren't compiled) do not support this. > > Jan-Erik. 2 years ago I have post a note about this in the jcc rdb mailing list go to http://www.jcc.com/searchengine/default.asp in subject enter "insert ... returning dbkey using SQL dynamic" You will find the thread, look at the replies from Ian Smith (Rdb engineering) JFP ------------------------------ Date: Wed, 09 Jul 2008 08:31:49 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: Show of support for Distributed NetBeans Message-ID: Craig A. Berry wrote: > Jan-Erik Söderholm wrote: > >> >> When I tested Dist NB last fall, a major showstopper was that >> it was impossible to get it running remotely over a pair >> of DSL modems/routers with my Windows laptop on a NAT'ed >> home network ("kitchen table") and the Alpha behind another >> NAT router in my office down-town. The way RMI (the remote >> Java call) works, it gets uppset by the NAT'ed >> networks. I do not know of any current workaround for that. > > There is a workaround for a NAT-related problem described in the Known > Problems and Restrictions section of the installation guide at: > > > > > I'm not 100% sure that's exactly your problem, but it might be worth a > look. Well, of course I've tried all *documented* work arounds... :-) Even Meg Watson was remotely running my laptop (at home) and VMS server (at my office) to try to get it running... Jan-Erik. ------------------------------ Date: Wed, 09 Jul 2008 09:30:24 +0200 From: Jur van der Burg <"lddriver at digiater dot nl"> Subject: Re: Why did process quota go down? Message-ID: <48746910$0$14342$e4fe514c@news.xs4all.nl> That can be caused by a number of things. For example, creating a mailbox will eat quota for the life of its existance. Creating devices like LD devices will eat quota. And there are many more examples. Jur. tadamsmar wrote: > I had a detached process that exceeded a quota: > > "-SYSTEM-F-EXBYTLM, exceeded byte count" quota > > and started to not work right. > > show proc/quota showed that it's Buffered I/O byte count quota had > gone from ~98000 to ~980. Why would that happen? Any way to prevent > that? ------------------------------ Date: 09 Jul 2008 11:08:34 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Why did process quota go down? Message-ID: <48749c32$0$11621$607ed4bc@cv.net> In article , tadamsmar writes: >I had a detached process that exceeded a quota: > >"-SYSTEM-F-EXBYTLM, exceeded byte count" quota > >and started to not work right. > >show proc/quota showed that it's Buffered I/O byte count quota had >gone from ~98000 to ~980. Why would that happen? Any way to prevent >that? Stop running the detached process? :) As others have pointed out, it would help to have some version info. Also, a brief explanation of what is being done by your detached pro- cess would help. $ HELP/MESSAGE EXBYTLM says: Explanation: The requested operation failed because the byte count quota of the process is not large enough. This can occur if excessive concurrent buffered I/O is outstanding, if a large number of mailboxes is created, or if a large number of windows needs to be created to completely map a file. Failure on window creation can occur on a $CRMPSC, $CREATE_ GFILE, $CRMPSC_FILE_64, or $CRMPSC_GFILE_64 system service call, the DCL command RUN, or an Access or Create of a file. In this case, this message indicates that the specified file is very fragmented or the byte limit quota of the process should be increased. Failure can also occur on a disk read or write operation indicating that a prior extend operation on the file has caused it to become very fragmented. User Action: Compress the file by copying the volume with BACKUP, or ask the system manager to increase the BYTLM quota. Does your detached process access any file(s)? You might want to check these files for severe fragmentation. If your detached process creates mailboxes, check to see if it is creating an inordinate number of them. It could be a program error perhaps causing a loop in mailbox creation code causing unnecessary mailboxes to be created consuming the BYTLM. Is the buffer quota size of any mailbox created appropriate? Has the DEFMBXBUFQUO parameter been changed? Mailboxes created with BUFQUO=0 get DEFMBXBUFQUO. If this value has changed recently and your program creates a mailbox without specifying BUFQUO, this could account for the consumption of your BYTLM. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" Copyright 2008 Brian Schenkenberger. Any publication of _this_ usenet article outside of usenet _must_ include its contents _in_its_entirety_ including this copyright notice, disclaimer and quotations. The citizens of our state must be free, within reason, to speak out on matters of public concern. So long as they state the facts implicated fairly and express their opinions, even in the most colorful and hyperbolic terms, their speech should be protected by us. -- NJ Superior Court Appellate Div. (NJSC) ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) "Coding is _not_ a crime!" Support the EFF: http://www.eff.org ------------------------------ End of INFO-VAX 2008.381 ************************