INFO-VAX Sat, 06 Sep 2008 Volume 2008 : Issue 489 Contents: Re: Archive strategy Re: Archive strategy bug in TCPIP Re: bug in TCPIP Re: CIFS PDBEDIT -A gives a "Username not found!" error Re: Current status? Re: Looking for a new home 2x MicroVAX 3100/10 RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Re: open TCPIP ports Re: OT: Carly speeks at convetion Re: OT: Carly speeks at convetion Re: OT: Carly speeks at convetion Security alarm msg WGET Yes, WASD works with CrossDomain.xml (was: Google Chrome, VMS, and Tier3) ---------------------------------------------------------------------- Date: Sat, 6 Sep 2008 03:36:35 -0700 (PDT) From: tadamsmar Subject: Re: Archive strategy Message-ID: <1063d3e0-06f9-472f-b635-0e804db402fd@25g2000hsx.googlegroups.com> On Sep 5, 1:41=A0pm, "Richard B. Gilbert" wrote: > tadamsmar wrote: > > On Sep 4, 7:11 pm, B...@rabbit.turquoisewitch.com (Brad Hamilton) > > wrote: > >> In article <729c5ebc-a6ae-4de6-9aae-a4bd70776...@p10g2000prf.googlegro= ups.com>, tadamsmar wrote: > > >> [...] > > >>> Well, I proposed to my management that we simply institute a periodic > >>> (monthly) tape backup of the archive. =A0Turns out the archive was > >>> always on hard disk as well as on the defunct optical media. > >>> They accepted that idea. =A0No need for a DVD or removable disk. > >>> The assumption is that the act of backing up the disk confirms that > >>> the disk is good. > >>> Any comments to improve this plan? > >> An obvious improvement (but one that may be hard to implement) is a re= gular > >> *restore* of the information from tape; the idea is to "prove" that yo= u could > >> successfully recover the data "at a moment's notice". > > >> Of course, you would need to have a "spare" system to demonstrate the > >> effectiveness of the "recovery". =A0I used to work at a company where = we had > >> replicated systems (not "active/active") where we would periodically "= swing" > >> the user base after a restore. =A0The users didn't know (and could hav= e cared > >> less) which site they were using. =A0Management, internal, and externa= l auditors > >> were satisfied with this system. > > > Could be recoved onto a spare disk, or even a spare 12 gigs if it was > > not an image. =A0 This is a archive of data, not a system disk. > > > But if /verify is used, it seems secure to me without a recovery > > demonstration. =A0Not sure what the extra assurance gains. > > The recovery demonstration proves that: > a. =A0You made a readable backup, > b. =A0You were able to restore it, and > c. =A0That you backed up the right things. > > Some really terrible day, you may have to actually do this for real! > It's good to reassure yourself, and any others concerned, that you CAN > do it. > > If you can't do it, NOW is a really good time to find the problems and > fix them.- Hide quoted text - > > - Show quoted text - Another step for reliability is an audit or review by another person. To make sure the right stuff is on the archive disk and that the commands (particularly in the case of a non-image) really get it all to tape. ------------------------------ Date: Sat, 06 Sep 2008 07:41:53 -0400 From: "Richard B. Gilbert" Subject: Re: Archive strategy Message-ID: tadamsmar wrote: > On Sep 5, 1:41 pm, "Richard B. Gilbert" > wrote: >> tadamsmar wrote: >>> On Sep 4, 7:11 pm, B...@rabbit.turquoisewitch.com (Brad Hamilton) >>> wrote: >>>> In article <729c5ebc-a6ae-4de6-9aae-a4bd70776...@p10g2000prf.googlegroups.com>, tadamsmar wrote: >>>> [...] >>>>> Well, I proposed to my management that we simply institute a periodic >>>>> (monthly) tape backup of the archive. Turns out the archive was >>>>> always on hard disk as well as on the defunct optical media. >>>>> They accepted that idea. No need for a DVD or removable disk. >>>>> The assumption is that the act of backing up the disk confirms that >>>>> the disk is good. >>>>> Any comments to improve this plan? >>>> An obvious improvement (but one that may be hard to implement) is a regular >>>> *restore* of the information from tape; the idea is to "prove" that you could >>>> successfully recover the data "at a moment's notice". >>>> Of course, you would need to have a "spare" system to demonstrate the >>>> effectiveness of the "recovery". I used to work at a company where we had >>>> replicated systems (not "active/active") where we would periodically "swing" >>>> the user base after a restore. The users didn't know (and could have cared >>>> less) which site they were using. Management, internal, and external auditors >>>> were satisfied with this system. >>> Could be recoved onto a spare disk, or even a spare 12 gigs if it was >>> not an image. This is a archive of data, not a system disk. >>> But if /verify is used, it seems secure to me without a recovery >>> demonstration. Not sure what the extra assurance gains. >> The recovery demonstration proves that: >> a. You made a readable backup, >> b. You were able to restore it, and >> c. That you backed up the right things. >> >> Some really terrible day, you may have to actually do this for real! >> It's good to reassure yourself, and any others concerned, that you CAN >> do it. >> >> If you can't do it, NOW is a really good time to find the problems and >> fix them.- Hide quoted text - >> >> - Show quoted text - > > Another step for reliability is an audit or review by another > person. To make sure the right stuff is on the archive disk and that > the commands (particularly in the case of a non-image) really get it > all to tape. I made very few "non-image" backups. I got burned early in my career when I needed to restore a backup that should have been made as an image backup but was not. I was able to recover with considerable help from tech support but from then on, /IMAGE was practically automatic. ------------------------------ Date: Sat, 6 Sep 2008 16:00:04 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: bug in TCPIP Message-ID: HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 6 on a DEC 3000 - M600 running OpenVMS V7.3-2 I have my SMTP configured to drop connections trying to send email to non-existent usernames. As is well known, they are only dropped if the non-existent usernames are syntactically correct VMS usernames; in particular, anything longer than 12 characters is not dropped (which usually results in a bounce---which is bad, because this creates backscatter spam). (By the way, is this fixed in a newer version of TCPIP?) I just discovered the following: send email to USERfldlfkdndueldlf where USER is a valid username and the rest of the letters makes the bogus username longer than 12 characters---it gets delivered to USER. ------------------------------ Date: Sat, 06 Sep 2008 09:21:34 -0700 From: "Tom Linden" Subject: Re: bug in TCPIP Message-ID: On Sat, 06 Sep 2008 09:00:04 -0700, Phillip Helbig---remove CLOTHES to reply wrote: > HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 6 > on a DEC 3000 - M600 running OpenVMS V7.3-2 > > I have my SMTP configured to drop connections trying to send email to > non-existent usernames. As is well known, they are only dropped if the > non-existent usernames are syntactically correct VMS usernames; in > particular, anything longer than 12 characters is not dropped (which > usually results in a bounce---which is bad, because this creates > backscatter spam). (By the way, is this fixed in a newer version of > TCPIP?) I just discovered the following: send email to > USERfldlfkdndueldlf where USER is a valid username and the rest of the > letters makes the bogus username longer than 12 characters---it gets > delivered to USER. > Switch to MX -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Sat, 6 Sep 2008 09:41:34 -0400 From: "nothome" Subject: Re: CIFS PDBEDIT -A gives a "Username not found!" error Message-ID: Hi, wrote in message news:b02f21e0-9c8e-4b0d-acab-b7b12b8bce82@a70g2000hsh.googlegroups.com... On Sep 5, 8:45 pm, Rich Jordan wrote: > user1 uic = [100,100] no go > user1 uic = [user234] no go > user1 uic = [yadda,user234] no go > user1 uic = [user1] ok > user1 uic = [yadda,user1] ok > >So should this work? > >UAF> show sampsa > >Username: SAMPSA Owner: SAMPSA LAINE >Account: SAMPSA UIC: [200,101] >([ADAM,SAMPSA]) >CLI: DCL Tables: DCLTABLES Is there an identifier associated with UIC [200,101] (it appears not): $ mc authorize show /ident sampsa Make sure sampsa identifier is mapped to uic [200,101]. CIFS does not recognize an account if it does not have a _unique_ identifier (no sharing of UICs). As a test, you might try: $ pdbedit -a system Also, the v1.0 documentation is wrong about using @samba$root:[bin]samba$grant_gidusers.com. Don't use it - there's no valid reason for doing what it does... HTH, Paul ------------------------------ Date: Sat, 6 Sep 2008 10:24:56 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Current status? Message-ID: In article , david20@alpha2.mdx.ac.uk writes: > >All mail I send anywhere via TCPIP goes through the host specified as > >the alternate gateway. The highest-priority MX record is the WAN > >address of my LAN, which gets forwarded to the cluster alias. On my ROUTER, of course, not on my LAN. > So your alternate gateway and MX record host are your designated MTAs which > should be allowed to communicate with the outside world over port 25. Right. > Any other systems on your internal network which wish to send mail out should > send out either directly or indirectly through the same alternate gateway. That's what they do. To the outside world, it looks like everything comes from the WAN address of the router. > Any mail for users on any other internal mail system should receive mail by it > first being passed to the MX system which then forwards it onto the internal > system. Internal mail is directly within the cluster, i.e. no TCPIP. > Hence the other internal systems do not require to open connections > directly to port 25 on arbitrary external systems or to have arbitrary > external systems connecting directly to port 25 on them. Your firewall can > therefore block those other internal systems from attempting such port 25 > connections. The outside world can see only the WAN address, and that goes to the cluster alias on the LAN. All systems have the same SMTP configuration, in particular the same alternate gateway. > (You mention the WAN address of your LAN which suggests that you probably have > an internal network which is using dynamic NAT. Right, NAT and PAT. > Hence NAT is probably taking > care of stopping direct external connections to your other internal systems on > port 25 anyway.) Right. ------------------------------ Date: Sat, 6 Sep 2008 18:14:25 +0200 From: "H Vlems" Subject: Re: Looking for a new home 2x MicroVAX 3100/10 Message-ID: <48c2ac61$0$29288$bf4948fe@news.tele2.nl> "Jan van Mastbergen" schreef in bericht news:xs0rk.74270$8y1.342@newsfe18.ams2... > Subject line says it all. I will need to retire to have the time to play > with them, which won't happen in the next 11 years if at all. > > These are the server version, so headless. About 2.5 VUP. One of them is > in working order, boots VMS 7.2, the other appears to have a disk that > won't spin up anymore but otherwise ok. Various goodies included (VMS CD, > TK50 cartridges, cables, thinwire repeater, terminators etc). > > These are in Nuenen, the Netherlands. Free for every one who appreciates > these classics. Mail me if you're interested. No shipping. > > Regards, Jan Both 3100-20e's are now quite happily up and running in an NI cluster. With a little more diskspace added :-) Thanks, Hans ------------------------------ Date: Sat, 6 Sep 2008 14:21:27 +0000 From: "Main, Kerry" Subject: RE: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) Message-ID: <9D02E14BC0A2AE43A5D16A4CD8EC5A593ED5F5CEEF@GVW1158EXB.americas.hpqcorp.net> > -----Original Message----- > From: david20@alpha2.mdx.ac.uk [mailto:david20@alpha2.mdx.ac.uk] > Sent: Wednesday, September 03, 2008 7:06 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Loose Cannon-dian (was: Re: DEFCON 16 and Hacking OpenVMS) > [snip ..] > > As reported here in the past IBM has been known to bid other > manufacturer's > systems in order to win a contract including bidding VMS > see > > http://groups.google.com/group/comp.os.vms/msg/854076c06a39bdfc > > > David Webb > Security team leader > CCSS > Middlesex University That is nothing new as all large SI vendors (including HP, IBM) will offer support for just about any other vendors product if the business case says it is the right thing to do. Some of our outsourcing Cust environments supported by HP have huge AIX, Solaris, MVS (z/OS) components - all supported by HP. http://www.hp.com/hpinfo/newsroom/press/2002/021104e.html Heck, as part of large bids I have led in the past, if a particular Cust had a Solaris environment and XYZ applic only ran on Solaris and its support was mandatory as part of a much larger bid, we would simply get a quote from a partner for Sun products, support and include it as part of the bid. [one bid included approx $250K of Sun prod, but the overall bid was approx $30M, so it was a no brainer decision] That is not unique to HP. All large SI vendors do this - you could not survive in the SI business without this approach. Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-254-8911 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Sat, 06 Sep 2008 17:22:59 +0200 From: Michael Unger Subject: Re: open TCPIP ports Message-ID: <6iflm6Fq9u3pU2@mid.individual.net> On 2008-09-05 17:36, "Phillip Helbig---remove CLOTHES to reply" wrote: > [...] > > I won't necessarily need all of these, but I hope there are none which I > do which are not on the list. You didn't tell much about your requirements ... ;-) POP3 (110), Auth (113), NTP (123), IMAP (143), SNMP (161), SNMPtrap (162), BGP (179), SysLog (514, UDP) might be of interest too. > [...] Michael -- Real names enhance the probability of getting real answers. My e-mail account at DECUS Munich is no longer valid. ------------------------------ Date: Sat, 06 Sep 2008 09:51:20 +0200 From: Michael Kraemer Subject: Re: OT: Carly speeks at convetion Message-ID: JF Mezei schrieb: > I am not sure that VMS enthusiasts were the only ones to have been > unimpressed (understatement) by La Carly. If there is sufficient > discontent with her as head of HP, Why should people, especially the CEO types, be discontent with her ? Bottom line is, that - as a result of her actions - HP now is a rather successful company, in par or even slightly larger than IBM, with similar profit margins. ------------------------------ Date: Sat, 06 Sep 2008 06:35:39 -0400 From: JF Mezei Subject: Re: OT: Carly speeks at convetion Message-ID: <48c25d37$0$9635$c3e8da3@news.astraweb.com> Michael Kraemer wrote: > Why should people, especially the CEO types, > be discontent with her ? > Bottom line is, that - as a result of her actions - > HP now is a rather successful company, in par or even > slightly larger than IBM, with similar profit margins. Many would disagree. Carly didn't fix HP. It was Hurd who came in and quietly made changes to the important parts of HP to ensure the pC business got fixed and became efficient and competitive and that the ink business continued to grow. He left the Livermore and Stallard types in the non-key business units which include VMS and integrity servers. Carly left early enough for HP to retain a portion of the ex Compaq customers in the PC/server business. But during Carly's tenure, Dell was doing better than HP. ------------------------------ Date: Sat, 06 Sep 2008 09:00:25 -0400 From: Bob Willard Subject: Re: OT: Carly speeks at convetion Message-ID: <4JudnYfguf8n41_VnZ2dnUVZ_gKdnZ2d@comcast.com> JF Mezei wrote: > Arne Vajhøj wrote: > > >>You think they are scared by the huge group of VMS enthusiasts ? > > > I am not sure that VMS enthusiasts were the only ones to have been > unimpressed (understatement) by La Carly. If there is sufficient > discontent with her as head of HP, someone vetting her would have done > google searches and probably seen a large variety of negative posts > about her. And if they quietly checked with someone on the board, the > later may have confirmed the public sentiment about her. > > > Some of the cabinet posts she is likely to get: > > Post Mistress to the General. > or > Under the Secretary of State. > > My guess is that the republican party is now in charge and telling > McCain what to say, and since McCain was seen as being too liberal, they > have to find some ultra right wing religious zealot to compensate and it > probably ruled out LaCarly and Romney. Postmaster General ceased to be a cabinet position during Nixon's (first?) term as president; since then, the USPS has been a private organization. The head of the USPS has a title of "Postmaster General and CEO", and is appointed by a Board of Governors that is, in turn, selected by POTUS. -- Cheers, Bob ------------------------------ Date: Sat, 06 Sep 2008 06:56:42 -0700 From: "Tom Linden" Subject: Security alarm msg Message-ID: I noted following on opcon. Why is the remote node id in decimal format? This is on 8.3 Itanium. Message from user AUDIT$SERVER on REX Security alarm (SECURITY) and security audit (SECURITY) on REX, system id: 2060 Auditable event: Network breakin detection Event time: 6-SEP-2008 06:49:14.22 PID: 20F0B1A8 Process name: TCPIP$FTPC00079 Username: newuser Remote node id: 998090410 Remote node fullname: 59-125-166-170.HINET-IP.hinet.net Remote username: FTP_3B7DA6AA Status: %LOGIN-F-NOSUCHUSER, no such user -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Sat, 06 Sep 2008 10:55:20 -0700 From: "Tom Linden" Subject: WGET Message-ID: GNU Wget 1.10.1a wget -r -k http://some_web_site/A/B/C downloads everythhing from some_web_site and not just C as I would have expected. Is this expected behaviour? -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Sat, 6 Sep 2008 18:02:57 +0800 From: "Richard Maher" Subject: Yes, WASD works with CrossDomain.xml (was: Google Chrome, VMS, and Tier3) Message-ID: Hi, "Retentive" wrote: - > > I'm concerned that crossdomain.xml is going to induce all sorts of > security nightmares amongst us System Managers. We've done > everything possible to keep our *our* VMS away from the > outside-world but, just in case, what should we do? Well spoted Retentive! I knew the cross-domain access issue was going to stir up a hornet's nest with you System Manager types. Look, first it was Flash, then SilverLight, and now Java Applets that are adhering to the crossdomain.xml (defacto) standard; I guess it's here to stay. It is also an extremely powerful configuration option for Ajax *and Socket* Inter/Intra-net support. Definitely worthy of discussion, if VMS was doing anything other than dying :-( I'm sure your HP/VMS rep can explain why it is about as important as an XHR$ RTL. Must have been discussed at length at Bootcamp? VMS Technical Journal perhaps? Cosa Vostre Star Chamber AGM? > But more importantly, would it be safer to be flown by an epileptic or a diabetic? Normal programming will now resume :-( Cheers Richard "Sleepin' with the fishes" Maher "Richard Maher" wrote in message news:g9lvt5$ol$1@news-01.bur.connect.com.au... > Hi, > > It's not DECforms, DECWindows, or even EDT on RSX-11, so no one here's > probably too interested (certainly none of the wankers employed at HP/VMS > that are chewing up the license fees on WSIT and gSOAP) but for those of you > who have downloaded the beta of Google's new Chrome WebBrowser and are > looking at the Tier3 Java Applet client examples, then please let me inform > you that you also need to download the latest (also beta) Java plugin: - > > http://www.google.com/support/chrome/bin/answer.py?answer=95697&topic=14687 > > (You may recall some of the wiz-bang features of Java 1.6_10 mentioned here > recently? Separate JVMs? JNLP-like deployment?) > > So as soon as you're kitted up with Chrome, Flex and Java plugins then > please, once again, try: - > > http://manson.vistech.net/t3$examples/demo_client_web.html > and > http://manson.vistech.net/t3$examples/demo_client_flex.html > > Username: TIER3_DEMO > Password: QUEUE > > Please also report any problems here, or to me directly. > > Cheers Richard Maher > > PS. I know it's based on the same engine as that piece o' shit Safari, but I > really like what I've seen of Chrome so far, and it is FAST! I also *really* > like the application-shortcuts and the almost *non-existent* browser > footprint!!! (Separate Task-Manager also good!) > > PPS. Ooops! I've just realized that it's currently only available in > BILLelzibub, microslop/shit, blah, blah, blah versions, so most here (along > with their pretentious-fuck soul-mates at HP/VMS Middle-Management) will > refuse to even glance at it out of principle. > > Imagine: - > > . Rock Solid VMS performance, disaster tolerance, and security > . Huge heritage of business-rules, data, and 3GL code > . Internet- Explorer, FireFox, Chrome, (and the also rans) as a launch-agent > . (JavaScript, HTML, Java, Flex) as your GUI and the world is yours!!! > . VMS applications fully integrated with your web-facing *nix or IIS > infrastructure > > Nah, on second thoughts give the incumbents (you know who) *yet another* > promotion :-( > > I tell ya what; when it comes to WebSockets and HTML5, why don't you wait 10 > years (like Java) and then you can *safely* implement something thats > waning? > > Full steam ahead - you're all doing very well! > > ------------------------------ End of INFO-VAX 2008.489 ************************