INFO-VAX Tue, 19 Aug 2008 Volume 2008 : Issue 452 Contents: Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS RE: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Storage Shelves for FREE Re: What to do now with a DEC Server 3000? ---------------------------------------------------------------------- Date: 18 Aug 2008 17:59:03 GMT From: billg999@cs.uofs.edu (Bill Gunshannon) Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <6gtrj7Fhl95lU2@mid.individual.net> In article , "Main, Kerry" writes: > > I am not trying to pass judgement one way or another. And most in this > newsgroup would never state that OpenVMS is technically unhackable > and/or not susceptible to security issues. > Damn Kerry, they have been saying it as long as I have been here!!! bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves billg999@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Aug 2008 16:15:30 -0400 From: "William Webb" Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <8660a3a10808181315y2cfd98ebx3187c8d6a5688f24@mail.gmail.com> On Mon, Aug 18, 2008 at 1:59 PM, Bill Gunshannon wrote: > > In article , > "Main, Kerry" writes: > > > > I am not trying to pass judgement one way or another. And most in this > > newsgroup would never state that OpenVMS is technically unhackable > > and/or not susceptible to security issues. > > > > Damn Kerry, they have been saying it as long as I have been here!!! > > bill > > -- > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves > billg999@cs.scranton.edu | and a sheep voting on what's for dinner. > University of Scranton | > Scranton, Pennsylvania | #include One of my favorite IT Security quotes: "Anybody who says his system is bulletproof is either a liar or stupid." Winn Schwartau WWWebb ------------------------------ Date: Mon, 18 Aug 2008 22:50:04 +0000 From: "Main, Kerry" Subject: RE: DEFCON 16 and Hacking OpenVMS Message-ID: <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5D1F6D4@GVW1158EXB.americas.hpqcorp.net> > -----Original Message----- > From: William Webb [mailto:william.w.webb@gmail.com] > Sent: August 18, 2008 4:16 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: DEFCON 16 and Hacking OpenVMS > > On Mon, Aug 18, 2008 at 1:59 PM, Bill Gunshannon > wrote: > > > > In article > t>, > > "Main, Kerry" writes: > > > > > > I am not trying to pass judgement one way or another. And most in > this > > > newsgroup would never state that OpenVMS is technically unhackable > > > and/or not susceptible to security issues. > > > > > > > Damn Kerry, they have been saying it as long as I have been here!!! > > > > bill > > > > -- > > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three > wolves > > billg999@cs.scranton.edu | and a sheep voting on what's for dinner. > > University of Scranton | > > Scranton, Pennsylvania | #include > > > One of my favorite IT Security quotes: > > "Anybody who says his system is bulletproof is either a liar or > stupid." > > Winn Schwartau > > WWWebb Hey, reminds me of Mission Impossible movie .. remember Tom Cruise in a horizontal position being lowered from ceiling to logon to system that had no connections outside of room? [ok, ok, it was a movie, but one gets the point] Fwiw, there no such thing as unhackable when one understands that overall security is a function of people, process *and* technology (PPT). Course, the better the technology, the better the overall solution. :-) Regards ------------------------------ Date: Mon, 18 Aug 2008 21:45:38 -0400 From: "William Webb" Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <8660a3a10808181845o49a2e89excfb682c91e80154a@mail.gmail.com> On Sun, Aug 17, 2008 at 8:17 PM, patrick jankowiak wrote: > %%%%%%%%%%%%%Message from Opcom > > It makes no sense to be pissin' off the hackers over credentials, > terminology, and the vernacular. If something has been found that needs > attention, and they're decent enough to try to get HP to fix it and in the > same sentence don't want to reveal the naughty details publicly until a > patch has been released, then what's the beef with them? One does not have > to be a car mechanic to put a skunk in the trunk, nor a plumber to hide an > opossum in the potty. One just has to figure out a way to do it and then > stand back and watch the youtube moment. Ok bad analogies. > > This whole discussion is extremely interesting and the contributors are too > diverse to waste storage and bandwidth making negative comments over the > many specific credentials, words, and grammar. > I concur with Pat. Interesting little discoveries indeed, guys. Certainly worthy of spirited conversation. And if some in comp.os.vms have ticked you off, you haven't seen anything. Google one "Carl J. Lydick" for someone who could really flame "back in the day." And as I said I would do, I've spoken with "people" but haven't gotten a response back to date. (And even if I had, I certainly wouldn't talk about it in public fora without specific permission to do so; this is usually de rigeur for security issues.) WWWebb ------------------------------ Date: Tue, 19 Aug 2008 00:13:05 -0400 From: JF Mezei Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <48aa4963$0$5443$c3e8da3@news.astraweb.com> William Webb wrote: > And as I said I would do, I've spoken with "people" but haven't gotten > a response back to date. Has the VMS group been virtualised to a point where you need to use quotes around people to denote the fact ther they aren't real anymore ? ------------------------------ Date: Mon, 18 Aug 2008 13:17:45 -0700 From: "Tom Linden" Subject: Storage Shelves for FREE Message-ID: Have 4 Blue BA356 each with one Power Suply, one personality module and 7 drives. (RZ1DD) 3 grey BA350 No personality modules in these with RZ28 drives 1. 3 Power supplie 3 drives 2. 3 Power Supplies 5 drives 3. 2 Power Supplies 5 drives You pay for shipping, from 93953 -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Mon, 18 Aug 2008 20:20:47 +0200 From: "H Vlems" Subject: Re: What to do now with a DEC Server 3000? Message-ID: <48a9bd7d$0$27029$bf4948fe@news.tele2.nl> "Jeff Campbell" schreef in bericht news:1218665663_733@isp.n... > ***** charles wrote: >> Hi, this seems to be the right group. I came across a DEC Server 3000 >> FR-K7F4W-AB with a 500MHz alpha chip and one stick of 128M of ram and I >> don't know how big the hard drive is yet. I have fired it up, white >> letters on a blue background and the final prompt is >>>. I know a bit >> about a lot of architectures but this is my first alpha so I am stumped. >> The guy that I got it from said it would run VMS but I don't know how to >> get it that far if that is true. Any other ideas? I understand that >> this machine will go to 1G of ram (2 sitcks of 512M each). Anyone know >> where I could get some of this cheap? >> >> thanks, >> charles..... >> >> > Some "white box" Alphas are capable of running OpenVMS. The machines > were marketed to the Windows NT crowd. Since these machines were > competing with PC NT boxes, they had to be priced below what the > equivalent Alphas marketed into the OpenVMS and Tru64 UNIX markets were > priced at. To protect the higher margin products the WB Alphas were > sold unable to run the "native" 8-) OSes. > > There are 3 Digital Server variants of AlphaServers: > > AS 800 - DS 330x > AS 1200 - DS 530x > AS 4100 - DS 730x > IMO the term "white box alpha's" refers to these models, and these only. There are certainly other Alpha based systems that are challenged to run VMS or Tru64, e.g. the Multia. However, each Digital Server in this list was derived from the corresponding Alpha Server. They all share the same problems as a VMS platform: 1) the console interface is set to ARC, not SRM 2) two SRM console variables have no proper preset values by default 3) certain peripherals are not supported by VMS; e.g. the 5305 comes with a SCSI controller that is not recognized by VMS. 4) the manufacturer only supports and services Digital Server models when they run Windows NT These problems are all fairly easily to solve. Changing the console interface as well as a fix for the srm parameters are well documented and these solutions are quickly found on the internet. The fix works on the 3300 and 5305 (personel experiance) while a German hobbyist tried the same procedure on a 7305 with good results. (I tried to get a 7305 but failed. There was no system near enough unfortunately. OTOH the power bill would be a challemge too :) A supported video adapter is not essential because the serial interface connects well to a pc and the graphics user interface of VMS or Tru64 may be used by installing unix services for Windows, a free download available from Microsoft. The SCSI adapter is a bit more difficult on the 5305 and 7305 because they (rather often) have a split BA cabinet built in so one needs a dual channel adapter or two boards. The KZPCM is ideal but until recently rather expensive. The 3300 has onboard SCSI with support for both SCA and SCSI-2 disks, no problem there though the disktrays that are particular for the 3000 are getting rare, even on eBay. Why bother with these systems? Well, the 5305 fitted with two 5/533 cpu's is still an impressive system for a hobbyist with interest in VMS (or one of the linux or *bsd derivatives). The 5305 is a *lot* chepaer than an AS1200 because NT4 is not exactly modern anymore so commercial use for the white box alpha's is nill. Thus, easy to come by for a hobbyist who wants to run VMS or Tru64 on something faster than a Multia :-) Hans ------------------------------ End of INFO-VAX 2008.452 ************************