INFO-VAX Mon, 25 Jun 2007 Volume 2007 : Issue 344 Contents: Re: AlphaServer power use Re: Another PDP-11/RSX MCR question Re: Application transparent file encryption (supported)? Re: Application transparent file encryption (supported)? Re: Dynamically loading/unloading libraries (dll/shared libs) HP "Support" for OpenVMS Re: HP "Support" for OpenVMS Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: OpenVMS - When downtime is not an option Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Re: SSH newbie question Upgrading Firmware on Itanium FC cards. Re: Upgrading Firmware on Itanium FC cards. VMS - Alpha Server - Software AG Tamino Replacement Re: wchar_t confusion ---------------------------------------------------------------------- Date: Mon, 25 Jun 2007 09:54:17 -0700 From: Rich Jordan Subject: Re: AlphaServer power use Message-ID: <1182790457.170411.111270@e9g2000prf.googlegroups.com> On Jun 24, 8:09 pm, "P. Sture" wrote: > In article <467eeb31$0$8717$ed261...@ptn-nntp-reader02.plus.net>, > "John Wallace" wrote: > > > > > "rtk" wrote in message > >news:1182718741.375428.129190@e16g2000pri.googlegroups.com... > > > I'm wondering if anyone has an idea on how much power an AlphaServer > > > 4/200 might typically use. It has 2 hard drives running. There is a > > > rating of 8.5A at 120V but I'm assuming that is a maximum. What's > > > typical? I'd expect it to be about the same as a standard PC. > > > > Ron > > > Sorry, insufficient data: > > a) You've not uniquely identified the box: Alphaserver xxx 4/200 could be > > e.g. Alphaserver 1000, 2000 or 2100, assuming the 4/200 is correct and not > > e.g. 4/233, which would open you up to different, possibly smaller, models > > which might well be "about the same as a standard PC" whereas the > > AlphaServer 1000 and up are more likely to be "about the same as standard > > servers". Bit vague, that, isn't it? > > b) You've not said why you want to know. E.g. the answer for > > air-conditioning sizing purposes isn't necessarily the same as the answer > > for UPS (or other mains power) sizing purposes. > > > Once you do identify the exact model, the relevant detailed specs will > > hopefully be findable via the Systems and Options Catalogue (SOC) Archive > > which is currently at > >http://h18000.www1.hp.com/products/quickspecs/soc_archives/80166.html > > Sadly not all of the documents offer detailed info on kW (or BTU/hr) which > > you want for aircon and kVA which you want for power supply but where it is > > available it tends to be close to the end of the SOC chapter. > > > You may also encounter some oddness on the SOC website too, so suggestions > > of other sources are most welcome. > > APC have a configuration tool which might be useful (requires Javascript) > > > > For example, I've just looked up a Digital Alphaserver 2100, selected a > likely looking configuration, and it gave me the following: > > Device: Digital AlphaServer 1000 > > Total Power (Watts): 213 # of Power Cords: 1 > Total Power (VA): 304 Quantity: 1 > Total Thermal (BTU/hr): 727 Plug Type: IEC-60320-C13/C14 > Operating Voltages: 230 > > -- > Paul Sture Just a suggestion. There are small plug-in power meters available for $30 and under that are wonderful for finding out this kind of stuff. "Kill a Watt" by P3 International is what I have at home, but I know there are others. You can view instantaneous power draw (watts), line voltage, amp draw, and KwH used over a period of time. Amazon.com carries them (not a specific recommendation, just info). We ended up making a lot of changes based on the unit I bought; I recently fixed a dead DS10L with a mainboard from a junked system and now have two DS10Ls running, with multiple external drives, for about 310 watts draw, which is far less than the single AS600-5/333 the previous single working DS10L had replaced. Christmas lights were drawing 800 watts (outside) and nearly 500 inside; next year we'll be running mostly LED strings purchased as after Christmas closeouts. CFLs replaced incadescents in standing lamps except for critical areas (reading lights, etc). Its amazing how much power some things were drawing. ------------------------------ Date: 25 Jun 2007 07:07:44 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Another PDP-11/RSX MCR question Message-ID: In article , Jeff Cameron writes: > Here I am, back again hoping to find a fellow Paleocyberneticist with a > particular inkling for the species PeeDeePeeElevinus-AreEssEcksiallis. > > I have become quite adept at scripting command procedures in my inherited > PDP-11 system running RSX. Its not VMS DCL, mind you, but I do know it was > ahead of its time. Later versions of RSX-11M support DCL. Not quite the same as VMS DCL, but pretty good. > > I'm trying to get the output of a MCR command to go to a file. The command > gets the specifics of where LAT terminal connections are coming from: > > MCR> LCP SHOW PORT > > In an indirect command procedure, I am just trying to get the output of this > command to a file. > > I have tried the ASN (Assign command), but we do not have logical name > support installed due to insufficient pool space. Then you might not be able to run DCL. I don't know if it needs pool when idle. IIRC Indirect had some capabilities similar to DCL @ when invoked, but I'm not sure. Check the docs on IN and see if there's an equivalent to /output for @. ------------------------------ Date: 25 Jun 2007 07:24:57 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Application transparent file encryption (supported)? Message-ID: <8ePwNwZgF2bm@eisner.encompasserve.org> In article <1182442811.984138.163670@q69g2000hsb.googlegroups.com>, Rich Jordan writes: > I've got a customer who is looking for the ability to encrypt on-disk > data files in an application transparent manner; sort of the way some > peecee utilities can encrypt an entire disk but apps running on the > system are presented with a view of a normal unencrypted filesystem > and file data after authenticating. I don't know what's available now, but in the past there have been "hardware" based products for this. That is the disk controller does the encryption/decryption if the host provides the right key. I agree this is something VMS needs, but I still use VMS on the desktop and would use it on a laptop if one was made. HP considers VMS a data-center only OS and that tends to lead them to think of locked rooms. Running Charon-VAX or SIMH on a host which has one of those PC type encryption tools is a workaround, if and only if you can survive with the host OS' level of insecurity. ------------------------------ Date: Mon, 25 Jun 2007 09:35:18 -0700 From: Rich Jordan Subject: Re: Application transparent file encryption (supported)? Message-ID: <1182789318.095460.176780@x35g2000prf.googlegroups.com> On Jun 25, 7:24 am, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article <1182442811.984138.163...@q69g2000hsb.googlegroups.com>, Rich Jordan writes: > > > I've got a customer who is looking for the ability to encrypt on-disk > > data files in an application transparent manner; sort of the way some > > peecee utilities can encrypt an entire disk but apps running on the > > system are presented with a view of a normal unencrypted filesystem > > and file data after authenticating. > > I don't know what's available now, but in the past there have been > "hardware" based products for this. That is the disk controller does > the encryption/decryption if the host provides the right key. > > I agree this is something VMS needs, but I still use VMS on the > desktop and would use it on a laptop if one was made. HP considers > VMS a data-center only OS and that tends to lead them to think of > locked rooms. > > Running Charon-VAX or SIMH on a host which has one of those PC type > encryption tools is a workaround, if and only if you can survive > with the host OS' level of insecurity. Maybe a locked room with disks in locked cabinets, with each disk having its own locked carrier. The concern is apparently a disk walking offsite, even with service due to a replacement, or a crooked employee, etc. ------------------------------ Date: 25 Jun 2007 07:17:56 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Dynamically loading/unloading libraries (dll/shared libs) Message-ID: In article <467c4d0d$1@dnews.tpgi.com.au>, Jim Duff writes: > Bob Koehler wrote: >> In article , DoubleU writes: >>> Well it is that I would like to be able to replace the old library with a >>> newer version containing the same symbol and replace all references to >>> the symbol in the unloaded version to references to the newly loaded >>> library >> >> lib$find_image_symbol returns an address, as long as you call that >> address you're getting that version. If you then do another >> lib$find_image_symbol on a newer image you'll get a different address >> and calls to that address will get the new version of the code. >> > > This statement contains the implicit assumption that you restart the > main image before calling lib$find_image_signal a second time, which is > not the case on linux with the dlopen, dlsym, and dlclose routines. No, it does not. (I'm assiming _signal is a typo.) ------------------------------ Date: Mon, 25 Jun 2007 15:16:42 -0000 From: Kel Boyer Subject: HP "Support" for OpenVMS Message-ID: <1182784602.844924.235300@z28g2000prd.googlegroups.com> An interview with Ann Livermore. I find the last sentence of this clip rather telling. http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=hardware&articleId=297018&taxonomyId=12&intsrc=kc_feat Q: Expertise and quality are a big issue. Last fall, I spoke with two high-profile HP partners who are OpenVMS consultants. They said the support technicians in places like China and India don't have the required expertise and aren't getting the training they need. What's your response? A: My view is that customer satisfaction and loyalty are at the heart of everything that HP does and stands for, and that the long-term success of almost any services business, and more broadly [of] almost any corporation, has to do with how well they satisfy customers. No matter where your resources are, at times you'll have an employee who, for some reason, may not meet the quality or performance standard. What we try to do is take the feedback and address it. We actually followed up on the feedback from those partners to see if we had a training issue specifically with some individuals, or if we had a turnover issue, or what the nature was. In particular for our OpenVMS customers, we are very focused on our installed base. We want our installed base to be happy, and if or when they ever want to migrate, we want them to migrate to another HP platform. ------------------------------ Date: Mon, 25 Jun 2007 09:16:26 -0700 From: "johnhreinhardt@yahoo.com" Subject: Re: HP "Support" for OpenVMS Message-ID: <1182788186.962791.227170@k79g2000hse.googlegroups.com> On Jun 25, 11:16 am, Kel Boyer wrote: > An interview with Ann Livermore. I find the last sentence of this clip > rather telling. > > http://computerworld.com/action/article.do?command=viewArticleBasic&t... > > Q: Expertise and quality are a big issue. Last fall, I spoke with two > high-profile HP partners who are OpenVMS consultants. They said the > support technicians in places like China and India don't have the > required expertise and aren't getting the training they need. What's > your response? > > A: My view is that customer satisfaction and loyalty are at the heart > of everything that HP does and stands for, and that the long-term > success of almost any services business, and more broadly [of] almost > any corporation, has to do with how well they satisfy customers. > > No matter where your resources are, at times you'll have an employee > who, for some reason, may not meet the quality or performance > standard. What we try to do is take the feedback and address it. We > actually followed up on the feedback from those partners to see if we > had a training issue specifically with some individuals, or if we had > a turnover issue, or what the nature was. In particular for our > OpenVMS customers, we are very focused on our installed base. We want > our installed base to be happy, and if or when they ever want to > migrate, we want them to migrate to another HP platform. This is old news, Kel. See the long and meandering thread from June 19th --> http://groups.google.com/group/comp.os.vms/browse_frm/thread/6b549c019872c59b/# ------------------------------ Date: 25 Jun 2007 10:30:30 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: OpenVMS - When downtime is not an option Message-ID: <5e9jq6F36u9fiU1@mid.individual.net> In article <7s7LSlkLnQKH@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article , "P. Sture" writes: > > >> And then there's the semi-retired odd job guy who got laid off last >> year. An ex-engineer, he used to give the generators a quick run up >> every now and then, but nobody does that anymore. > > That is trigger for me to mention the place I worked 30 years ago > where they rigorously tested the emergency generator every two weeks. > > When the actual power outage came they discovered the generator > fuel tank was empty. How about the one that was recently in Risks. Tested the generator religiously. Had a huge fuel tank outside the building that fed the small delivery tank on the gnerator itself. One day they had a real power falure. About an hour into it the generator shut down. Seems the pump that moved the fuel from the storage tank to the generator tank was hooked up to the commercial power and not the backed-up power. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 25 Jun 2007 07:01:05 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: OpenVMS - When downtime is not an option Message-ID: In article , "P. Sture" writes: > > Addendum: What _really_ cracked me up was the idea of a natural gas line > in a data centre in the first place. Someone hadn''t done their job > properly there. Not all that unusual. The boss assumes he needs heat in the winter. ------------------------------ Date: 25 Jun 2007 07:40:57 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: OpenVMS - When downtime is not an option Message-ID: <$O$RP5oj+Z3O@eisner.encompasserve.org> In article <467F3EE2.9030403@comcast.net>, "Richard B. Gilbert" writes: > > > During the great blackout back in the '60s a New York City hospital > discovered that the fuel pump for their emergency generator required 110 > VAC to operate! Somebody had to chop a hole in the top of the fuel tank > with a hatchet and dip out enough fuel to "prime the pump". Once they > got the generator running the fuel pump worked very well! During Y2K preparation we discovered that our generator wasn't electrically connected to anything. For years it powered itself up every now and then just to keep its own batteries charged. And then we fonud all the fire alarm switches that weren't connected to anything. ------------------------------ Date: Mon, 25 Jun 2007 14:02:15 -0000 From: IanMiller Subject: Re: OpenVMS - When downtime is not an option Message-ID: <1182780135.471087.279590@g4g2000hsf.googlegroups.com> On Jun 24, 10:47 pm, JF Mezei wrote: > >> There is now a white paper from Enterprise Strategy Group on the site > >> that describes the computing environment in more detail. It can be > >> found athttp://h71028.www7.hp.com/ERC/downloads/4AA1-3538ENW.pdf > > OK, one more question: > > On page 13: > > ## > HP has now taken that concept one giant step further by creating a > highly available disaster tolerant > environment, consisting of two data centers > ## > > Woudln't 2 data centres present the same quorum issues as having only 2 > nodes ? AKA: one data centre needs to have more votes than the other > which means that the site with the fewer votes cannot automatically > failover when the site with the more votes fails. > > For a true disaster recovery scheme, shouldn't there be 3 data centres > with the 3rd centre having ethernet link to both centres so that it can > play a role in deciding which of the 2 main sites should continue to > operate ? Look at the white paper. There was a quorum site. Physically for this demo it was next to the hardware that was not blown up. ------------------------------ Date: Mon, 25 Jun 2007 14:02:58 -0000 From: IanMiller Subject: Re: OpenVMS - When downtime is not an option Message-ID: <1182780178.757673.165710@c77g2000hse.googlegroups.com> On Jun 24, 10:50 pm, JF Mezei wrote: > Dr. Dweeb wrote: > > Folks were amazed though, esp. that the others were as quick as they were. > > Would it be correct to state that in an architecture where the backup > site must rebuild the database from transation logs, that the time to > become operaional would be directly proportional to the number of > transactions in those logs ? > > If a database rebuild is required, would it be correct to state that the > speed of the CPU would also determine how quickly the site can become > operational ? Yes. Read the white paper. This is mentioned. ------------------------------ Date: Mon, 25 Jun 2007 02:54:35 -0700 From: Neil Rieck Subject: Re: SSH newbie question Message-ID: <1182765275.703575.6560@u2g2000hsc.googlegroups.com> On Jun 24, 7:47 pm, JF Mezei wrote: > TCPIP Services 5.6, Alpha 8.3 > > I had to enable SSH on one alpha in order to be able to "telnet" to my > mac. (Macs for some reason don't enable/allow telnet connections.) > > Now, I didn't have to configure the mac on the VMS host and vice versa. > Somehow, they exchanged keys and voila. > > But low and behold, I started to see ssh login attempts from the > internet. OK, so I blocked port 22 on my router. > > However, this lead me to a big question: Why is SSH considered any more > secure than Telnet if anyone/everyone can connect to the host anyways ? > > Or is it expected that one edits some configuration file to limit host > access by IP or limit it to specifically exchanged keys ? > > At least intrusion detection did work for SSH intrusion attempt. (it > doesn't work for many other TCPIP services). We get thousands of SSH login attempts every week. I'm not sure why people would want to do this but I suspect they are looking for zombie candidates for some future DoS Attack or Malware Server. Lately these attacks come from Brazil and China but that doesn't mean anything other than someone might have taken over a machine in those countries. It is for these reasons that we've enabled only a few accounts on the machine that serves the public internet then only use DECnet to connect the two machines (these machines all have a second NIC which we use as a private LAN). This configuration makes for a cool non- standard firewall. Make sure that all passwords are at least 8 characters in length. Also, starting with OpenVMS-7.3-2 you can, and should, enable case-sesitive passwords. Neil Rieck Kitchener/Waterloo/Cambridge, Ontario, Canada. http://www3.sympatico.ca/n.rieck/ ------------------------------ Date: 25 Jun 2007 06:11:24 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: SSH newbie question Message-ID: In article <1182765275.703575.6560@u2g2000hsc.googlegroups.com>, Neil Rieck writes: > We get thousands of SSH login attempts every week. I'm not sure why > people would want to do this but I suspect they are looking for zombie > candidates for some future DoS Attack or Malware Server. Lately these > attacks come from Brazil and China but that doesn't mean anything > other than someone might have taken over a machine in those countries. > > It is for these reasons that we've enabled only a few accounts on the > machine that serves the public internet then only use DECnet to > connect the two machines (these machines all have a second NIC which > we use as a private LAN). This configuration makes for a cool non- > standard firewall. An acquaintance in that situation has a problem that the zombies attempting SSH logins use up all the memory for clusterwide breakin evasion locks, preventing legitimate users from logging in. Does anyone have a VMS solution for that ? (Presume the attackers will just attack more to fill up any additional increment of memory.) ------------------------------ Date: Mon, 25 Jun 2007 12:01:50 -0000 From: IanMiller Subject: Re: SSH newbie question Message-ID: <1182772910.984182.28720@g4g2000hsf.googlegroups.com> On Jun 25, 12:11 pm, Kilgal...@SpamCop.net (Larry Kilgallen) wrote: > In article <1182765275.703575.6...@u2g2000hsc.googlegroups.com>, Neil Rieck writes: > > > We get thousands of SSH login attempts every week. I'm not sure why > > people would want to do this but I suspect they are looking for zombie > > candidates for some future DoS Attack or Malware Server. Lately these > > attacks come from Brazil and China but that doesn't mean anything > > other than someone might have taken over a machine in those countries. > > > It is for these reasons that we've enabled only a few accounts on the > > machine that serves the public internet then only use DECnet to > > connect the two machines (these machines all have a second NIC which > > we use as a private LAN). This configuration makes for a cool non- > > standard firewall. > > An acquaintance in that situation has a problem that the zombies > attempting SSH logins use up all the memory for clusterwide breakin > evasion locks, preventing legitimate users from logging in. > > Does anyone have a VMS solution for that ? (Presume the attackers > will just attack more to fill up any additional increment of memory.) Reduce the SSH session limit. the default (1000?) is far too high. ------------------------------ Date: Mon, 25 Jun 2007 08:23:17 -0400 From: JF Mezei Subject: Re: SSH newbie question Message-ID: Thanks for the hint on the macosxhints website. Now, for those who have telnet disabled, tough luck. But one can now see full featured major motion pictures on DEC workstations with decterm: telnet to: towel.blinkenlights.nl and watch Star Wars Episode 4 on your DECTERM ! ------------------------------ Date: 25 Jun 2007 07:44:05 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: SSH newbie question Message-ID: In article <3753d$467f029d$cef8887a$24631@TEKSAVVY.COM>, JF Mezei writes: > > However, this lead me to a big question: Why is SSH considered any more > secure than Telnet if anyone/everyone can connect to the host anyways ? Because all your data, including your username and password, are sent encyrpted. Using TELNET it's fairly easy to sniff packets and read your password. The ability to limit the service to particular remote systems is nothing new. ------------------------------ Date: Mon, 25 Jun 2007 08:45:00 -0700 From: BaxterD@tessco.com Subject: Upgrading Firmware on Itanium FC cards. Message-ID: <1182786300.028015.69790@n2g2000hse.googlegroups.com> I am trying to upgrade the firmware on our new rx3600 (OpenVMS 8.3). The machine has two FC2243 HBA's and I am trying to apply the Firmware upgrade "fw_fc2243_bf210a10.zip". This unzips to "fw_fc2243_bf210a10.all", and for me, that is where everything stops. I am unable to find any upgrade or installation notes. The ".all" file is a non-ASCI file of some sort, but I have no idea of where to put it, or what to do with it. I am very close to telling HP where to put it and/or what to do with it, but that really wouldn't solve my problem. Is anyone out there familiar with this process. Can anyone direct me to the next step. Thanks Dave B. (410) 229 1614 ------------------------------ Date: Mon, 25 Jun 2007 09:31:42 -0700 From: Volker Halle Subject: Re: Upgrading Firmware on Itanium FC cards. Message-ID: <1182789102.111223.226810@a26g2000pre.googlegroups.com> Dave, the FC2243 HBA does not seem to be supported by OpenVMS. It's a Windows thing. http://h18006.www1.hp.com/products/quickspecs/12410_div/12410_div.html The supported FC HBAs for OpenVMS I64 are listed here: http://www.hp.com/products1/serverconnectivity/support_matrices.html#OpenVMS Volker. ------------------------------ Date: Mon, 25 Jun 2007 10:19:25 -0400 From: Chuck Aaron Subject: VMS - Alpha Server - Software AG Tamino Replacement Message-ID: I'm curious what you are using as a replacement for SAG's TAMINO. http://www.softwareag.com/Corporate/products/tamino/default.asp Thanks in Advance. ------------------------------ Date: 25 Jun 2007 07:27:49 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: wchar_t confusion Message-ID: <20n5M6QiR4Kg@eisner.encompasserve.org> In article <1182442875.787983.68930@n2g2000hse.googlegroups.com>, roger tucker writes: > Interesting... When the compiler is reading the literal L"=E4" and > widens it; it sign extends it. The assembler also shows this. Use / > LIST/MACHINE then look at the $DATA$ section. compare $$1 with $$2. > There is a lot of talk about this on the web; I googled "wchar_t > literal". This is a tricky subject. I fixed the problem using > wchar_t wstr[2] =3D { 0xe5, 0 }; If I understand this issue correctly, > (and I didn't have time to research it much), the question comes down > to "is the C source file in 7 bit ascii, 8 bit ascii or some other > character set" and how does it know which one so it can handle > litterals correctly. > It also comes down to the C language definition of char as an integer data type. Some compiler assume unsigned integers, some assume signed characters, most let you override thier assumptions. wchar_t grew out of this lack of definition so I suspect whether its a signed or unsigned type depends on the compiler. ------------------------------ End of INFO-VAX 2007.344 ************************