Trip Report - DECUS Spring 1996 Glenn C. Everhart The DECUS symposium & trade show was as usual enlightening. I gave 3 talks, one on security and two on SCSI (SCSI futures and SCSI cluster internals), all of which were well attended. Apart from my talks I gravitated to the campgrounds to lend a hand where possible. (This included serving in the security campground as one of the question-answerers.) General: The symposium was smaller than any has been since I started attending in 1978 (about 1200, attributed by some to the fact that Comdex was going on at the same time), but a very enthusiastic group. The VMS Campground was well set up and organized, though the others for the most part looked like ghost towns. The VMS campground however was well attended all week, and could have taken up a good deal more of the room profitably. The Internet product CD was important but didn't get announced anywhere, and was somewhat hidden in the back corner of the campground; I ran into several folks near the end of the Symposium who had missed it and wished they had not. (The CD ought to be sent to various net sites that have a lot of VMS offerings, just to partially ameliorate this.) There were a number of technical presentations, and I heard favorable comments about Nick Carr's in particular, but more were wished for. People expressed the desire for VMS base internals and hints 'n' kinks, and there were comments that there were not enough of these. Also the session notes process was criticized. Session notes must be bought for $300 for the whole set (most people need only partial sets) or $12 for notes of one session. When this was run by volunteers, $12 would buy many complete SIG sets and most people got only partial collections of what they needed. This was an effect of the prior DECUS BoD "mass firing" of 12/1993, and finding replacement volunteers to do this sort of thing will take awhile. This is not directly a Digital issue, but next time I will bring separate handouts instead of relying on having gotten the session notes into the "official" process. If anyone has some insight on how to get the whole mess put on a CD and can tell the relevant DECUS staffers, I suspect they'll do a great service here; the bulk of the cost is printing & transportation of sizeable books. The trade show attendance was light, and there were fewer booths than the prior show. Many third party booths got very light traffic, though the Digital booths seemed well attended. (Mind, I did not spend much time at the trade show either.) I used transparencies for all talks, as has been common, and had no problems with them; the AV gear all worked. (There was one incident at the "Digital Listens" session, where many mikes were needed, but they didn't get set up till 10-20 minutes into the session because someone hadn't arranged anything special. The participants and audience took it in good humor though.) I'll go over topics partly in the order of the talks I gave...the security talk first, then the SCSI and SCSI Cluster Internals talks later in the week. Security: In the security arena, I found there was a great deal of interest in network security, as well as in normal system security issues. My comparative features session was very well attended (room looked about half full, maybe 80 people, even though it ran opposite the beginning VMS update session). One of the DECUS BoD folks asked for it to be resubmitted, though I believe it needs a longer time slot. Questions in the halls and at the campground indicate that folks seem to understand how to secure their systems individually, but need information about how to secure networks, and on vulnerabilities from insiders. (This is very healthy, since insiders are probably the major threat.) Issues of how to block access from certain nodes or people, threats from common protocols, and how to be more selective about what files are able to be accessed locally and via Pathworks were among those asked. In answering these, the protected subsystem facility proved a very useful tool, though the ability to provide command file protection is needed also. We discussed some work-arounds involving images which would spawn processes, but only hypothetically...a symposium is not particularly conducive to coding experiments. I had some lengthy discussions with some DECUS security sig folks about Netscape and the like, specifically about securing Java. It appears to me that Java can be run securely in OVMS by use of some OS primitives. In fact, if one uses the protected subsystem facility to attach an identifier to say Netscape.exe, that alone can be used to differentiate the access its Java applets have from the access the user generally has. The desired protection would ensure that such browsers never run privileged, and that their file opens (except possibly for a specifically permitted list) result in yes/no requestors on the screen, so that authorization is in fact obtained. (I have code that can do this sort of thing.) In fact, access to other objects might well be regulated as well, and it may be that some of the integrity checking code in SEVMS could be usable here. It seemed worth mentioning since it appeared that a platform that can perform the useful operations that Java and similar remote execution techniques support, but do it safely, would probably be mandated in a number of organizations. Besides, it would be marvelous to watch Sun, HP, IBM, Microsoft and others all having to play catch up while VMS provides the *ONLY* safe platform to run remote code on. Affinity: I spoke with several folks doing software development and came away with some impressions that should be listed: 1. NT is proving less easy to develop for and use than had been hoped; Microsoft is not forthcoming easily with filesystem development info, and there is evidence that Microsoft-private internal interfaces that can and do interfere with internals development. Filesystem information is particularly hard to come by. There was a report too that all NT systems have a security back door, namely that NetBEUI is uncontrolled by NT security. (It was phrased in approximately this way to me.) NT is also being found wanting in large scale use, at least among those who have been used to VMS style robustness, and the underlying system services in WNT may be incomplete. There are also "secret APIs" being added, e.g. the disk defrag APIs which Executive Software has written and which Microsoft has apparently agreed to add, but "not document much" for a while at least. With no source listings and incomplete listings of available system services and of APIs, NT development is proving to be challenging both technically and legally. 2. There were a LOT of folks with buttons "Is OpenVMS really "open" without FX!32?" once these started to be distributed. The desire here is to be able to run NT apps somehow on VMS...even if not all apps can be worked. The Bristol solution is viewed as a fake by developers who try to investigate it, since they find that Bristol wants $25K for the developer package PER USER of the package, and in addition wants royalties on every copy of anything distributed using it. This amounts to tapping the keg at both ends, closes off possible freeware development, and in practice means most ISVs cannot use it. (Remember: the largest ISV in the VMS market is Raxco, ~200 employees; many ISVs are very small shops indeed.) Also, the solution is completely useless for anyone who simply wants to run some apps from NT on OVMS. What J Random person might be able to get in source will often be free, but a WINDU version on VMS cannot be, thanks to the Bristol T&Cs. A shareable library that could be programmed and linked to might take care of some of that, and something like FX!32 would provide SOME compatibility. At present there is none, and there may continue to be none except from the very largest vendors, should they choose to run that way. (What would you estimate the chance of Microsoft putting, say, Word and Excel up on VMS to be?) 3. There were many expressions of anger and frustration over the VMS Update session talking a lot about Windows NT, and hardly at all about VMS. There were also many expressions of happiness over the robustness of VMS. The crowd basically appeared to be very enthusiastic about OVMS, happy with it, and wanted very badly to see that Digital considers it to have a future AND TO SEE THAT ARTICULATED WHERE THEY SEE IT. Sales folks who don't suggest OVMS where it is clearly applicable, and marketing executives whose future directions talks mention OVMS little or not at all have wrought great harm. The tales about the "promised land" of NT turning out to have a sizeable helping of hype, at least to now, feed that attitude from customers. It was explained that the "VMS Update" session had in fact been moved and was mislabelled (due to some personal scheduling problems with the speaker for the talk that actually was given), but this had not been well publicized. People that came to hear technical details (which have been traditional at the VMS Update sessions) were very turned off to hear what sounded like a marketing pitch designed to reduce their OVMS use. A lot of these expressions occurred at the OVMS Technical Q&A, which meant that most of the Digital audience was from engineering, but they were all over in less concentrated numbers. Storage and SCSI: I gave two talks in the SCSI area, one on SCSI futures and features, and one on SCSI cluster internals. Both were well attended, with 40-50 people at each. A mixup occurred with the SCSI cluster internals talk, and I got to the room just in time to keep a sign that the session was cancelled from being put up (since I was acting as the virtual Dan O'Shaunessy who was to have acted as the virtual Tom Coughlan, who made up the slides for that one.) The SCSI futures talk outlined some new 7.1 features, and mentioned that work to support fibre channel and SCSI-3 is going on without being specific about details. After that I went into some of the behaviors of 3rd party devices that have been breaking, why they break things, and generally what can be done and what will be possible in the future (where the point was that 3rd party stuff should work better, but only where it appears that storage integrity is not compromised.) There were a number of questions afterwards asking about specific devices; a thrust seemed to be that people would like to know what generic disks will and won't work. My response was that the qual effort is what you pay for buying Digital part numbered disks, and tried (I think mostly successfully) to explain the magnitude of the job and the behaviors needed. (I also was able to point out that OVMS cluster shared disks are accessed from multiple initiators at once, and that no other OS does this, so shared devices have to be more solid for OVMS than for lesser OSs. (OK, I'm biased....so sue me...).) The cluster internals talk was also well attended; there were few questions afterwards, save that I needed to amplify the statement that for the present cluster traffic doesn't cross the SCSI bus. I pointed out that FC will probably change this in the future, since it does at least have a fairness feature in bus allocation. There were a number of questions in the hall and campground that people asked me about SCSI support and 3rd party devices (I got the impression that most shops have a lot of 3rd party gear.) Basically I think people left feeling happy with the explanations of behavior I gave and with such workarounds as I could share. Nobody asked about SCSI in the tech Q&A, possibly for these reasons. The IDE driver on the freeware CD has been noticed, and a few ISVs asked me about it. The consensus was that they'd like to be able to develop for OVMS but would like a cheap platform and would buy such if they knew it "worked", even if this was by way of using an unsupported driver that did no DMA. There was one guy who wanted to use OVMS on desktops and thought it could be done, due to security concerns, if the price point were low, even if it were with the freeware driver. They don't want to spend several $K though until they at least hear from a colleague that the system works. Miyata with an IDE drive, or Multia with IDE and OVMS, were configurations mentioned. (I have in fact seen IDE booting, but not on those platforms, and I wonder if the thing can be tried and an answer given that won't involve support commitments. Taking a driver off a freeware CD does after all tend to give a signal that said driver is not supported and that if OVMS happens to work, a buyer is on his own wrt later support. Some of these folks are comfortable enough with kernel code that they'd go for it.) (Then too, when you hear as a customer that something "works but isn't supported" on VMS, generally you find it works a heck of a lot better than most companies' supported stuff.) Futures: It was revealed at Tech Q&A that ODS-2 would be getting the 1,000,000-cluster limitation removed and that various other limitations of ODS-2 would be getting fixed. The kimono has begun to be lifted. This was in response to questions about handling large volumes. The notion of making a volume set out of virtual disks was given as a for-now workaround. So at least some customers now are expecting ODS-2 to get updated. No details on this were given., though. The questioner was clear he didn't think Spiralog would solve his problems. Apart from that, futures discussion I heard was mainly about 7.1 stuff, with much more vague references to later work that isn't done yet to reassure people to the extent that technies can that VMS has ambitious future plans.