INFO-VAX Mon, 14 Jan 2008 Volume 2008 : Issue 28 Contents: Re: Anyway to "smarten up" the console terminal? Re: Anyway to "smarten up" the console terminal? Re: Anyway to "smarten up" the console terminal? Re: Changing passwords Re: Changing passwords Re: Changing passwords Re: Changing passwords Re: DoD use of VMS (was: Anyone interested in building a vms-like OS?) Re: DS10 failed to boot Re: DS10 failed to boot DS10 in need of power supply? Re: DS10 in need of power supply? Re: DS10 in need of power supply? Re: DS10 in need of power supply? Re: DS10 in need of power supply? Re: DS10 in need of power supply? Re: DS10 in need of power supply? Re: DS10 in need of power supply? network config Re: network config Re: network config Re: network config Re: network config Re: print queues and IP Re: print queues and IP Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? Re: Security level of SET PASS /GENERATE ? simh VAX 11/780 Re: simh VAX 11/780 ---------------------------------------------------------------------- Date: 14 Jan 2008 07:55:20 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Anyway to "smarten up" the console terminal? Message-ID: In article , Slor writes: > This may be a really silly question, but here goes anyway... > > I have OpenVMS 8.3 running on an old DEC 3000 with only 64MB of memory. > Following suggestions from this group based on this system's specs, I chose > not to install any of the windowing components, so my console is the basic > black text screen. A bit of web searching tells me that this console is > pretty much as dumb as it gets, so there's really no valid terminal type to > be used unless some helper like DECWindows is loaded and doing terminal > emulation in its windows. My question - is there any other way to get the > physical console to behave in a more full-featured manner for screen- > oriented text apps, command line editing support, etc.? I don't know about your saystem, but a lot of the consoles will emulate a VT52, even though they won't respond so to a "set terminal/inquire". Try "set terminal/vt52" once just to see. ------------------------------ Date: Mon, 14 Jan 2008 11:35:25 -0500 From: "FredK" Subject: Re: Anyway to "smarten up" the console terminal? Message-ID: The console VGA code isn't connected to the input stream - the FW gives the input right to OPDRIVER. So the escape sequence to get the terminal ID never gets seen by the VGA code. The command is SET TERM/DEVICE=VT52 Really old cards may not have this simple emulator in it. "Bob Koehler" wrote in message news:lyFU6gWcKLaP@eisner.encompasserve.org... > In article , Slor > writes: >> This may be a really silly question, but here goes anyway... >> >> I have OpenVMS 8.3 running on an old DEC 3000 with only 64MB of memory. >> Following suggestions from this group based on this system's specs, I >> chose >> not to install any of the windowing components, so my console is the >> basic >> black text screen. A bit of web searching tells me that this console is >> pretty much as dumb as it gets, so there's really no valid terminal type >> to >> be used unless some helper like DECWindows is loaded and doing terminal >> emulation in its windows. My question - is there any other way to get >> the >> physical console to behave in a more full-featured manner for screen- >> oriented text apps, command line editing support, etc.? > > I don't know about your saystem, but a lot of the consoles will > emulate a VT52, even though they won't respond so to a > "set terminal/inquire". Try "set terminal/vt52" once just to see. > ------------------------------ Date: Mon, 14 Jan 2008 19:08:06 +0100 From: "P. Sture" Subject: Re: Anyway to "smarten up" the console terminal? Message-ID: In article , "FredK" wrote: > The console VGA code isn't connected to the input stream - the FW gives the > input right to OPDRIVER. So the escape sequence to get the terminal ID > never gets seen by the VGA code. > > The command is SET TERM/DEVICE=VT52 > > Really old cards may not have this simple emulator in it. > I remember testing this out after you mentioned the capability here (circa 2000?) and indeed came across some older kit which didn't have the emulator. Sorry I don't remember model details at this stage. -- Paul Sture Sue's OpenVMS bookmarks: http://eisner.encompasserve.org/~sture/ovms-bookmarks.html ------------------------------ Date: Mon, 14 Jan 2008 14:33:28 +0100 From: "Ferry Bolhar" Subject: Re: Changing passwords Message-ID: <1200317692.749996@proxy.dienste.wien.at> "rtk": > Bob, this appears to have worked, thank you. Do you know how to clear > the password history file so I can set my, hopefully final, password > to the one I want? First, using AUTHORIZE with MODIFY /PASSWORD= you can set the password to whatever value you want. The password history is used only when you try to set the password using SET PASSWORD Second, you can exclude your account from password history checks (agains with AUTHORIZE): MODIFY /FLAGS=DISPWDHIS Doing so allows you to set any password with the SET PASSWORD command as well. Greetings, Ferry -- Ing Ferry Bolhar Magistrat der Stadt Wien - MA 14 A-1010 Wien E-Mail: ferdinand.bolhar-nordenkampf@wien.gv.at ------------------------------ Date: Mon, 14 Jan 2008 14:33:28 +0100 From: "Ferry Bolhar" Subject: Re: Changing passwords Message-ID: <1200318027.460466@proxy.dienste.wien.at> "rtk": > Bob, this appears to have worked, thank you. Do you know how to clear > the password history file so I can set my, hopefully final, password > to the one I want? First, using AUTHORIZE with MODIFY /PASSWORD= you can set the password to whatever value you want. The password history is used only when you try to set the password using SET PASSWORD Second, you can exclude your account from password history checks (agains with AUTHORIZE): MODIFY /FLAGS=DISPWDHIS Doing so allows you to set any password with the SET PASSWORD command as well. Greetings, Ferry -- Ing Ferry Bolhar Magistrat der Stadt Wien - MA 14 A-1010 Wien E-Mail: ferdinand.bolhar-nordenkampf@wien.gv.at ------------------------------ Date: 14 Jan 2008 08:05:25 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Changing passwords Message-ID: In article , rtk writes: > Greetings! > > I only use my old Alpha box periodically (VMS 7.3) and every time I > log back in I need to change my now expired password. So, here's my > question, how can I keep passwords from expiring at all or, if that is > not possible, disable the history list so I can use the same one > repeatedly? Read the system manager's manual. You really need to know something about keeping this beast running. ------------------------------ Date: Mon, 14 Jan 2008 14:39:17 +0100 From: "Ferry Bolhar" Subject: Re: Changing passwords Message-ID: <1200320031.495392@proxy.dienste.wien.at> "rtk": > Bob, this appears to have worked, thank you. Do you know how to clear > the password history file so I can set my, hopefully final, password > to the one I want? First, using AUTHORIZE with MODIFY /PASSWORD= you can set the password to whatever value you want. The password history is used only when you try to set the password using SET PASSWORD Second, you can exclude your account from password history checks (agains with AUTHORIZE): MODIFY /FLAGS=DISPWDHIS Doing so allows you to set any password with the SET PASSWORD command as well. Greetings, Ferry -- Ing Ferry Bolhar Magistrat der Stadt Wien - MA 14 A-1010 Wien E-Mail: ferdinand.bolhar-nordenkampf@wien.gv.at ------------------------------ Date: 14 Jan 2008 07:35:22 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DoD use of VMS (was: Anyone interested in building a vms-like OS?) Message-ID: <7DT9ZPMaydly@eisner.encompasserve.org> In article <5upe66F1hl2cnU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > > And, you do realize that the SRR/STIG process is user driven. If no > one is asking for VMS updates they will not be created. What does > that tell you about the use of VMS within DOD? That they're happy with the security and the guidance that comes from the vendor, as is. ------------------------------ Date: 14 Jan 2008 08:04:14 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: DS10 failed to boot Message-ID: In article , Ulrich Bellgardt writes: > Hello, > > > Can somebody give an "educated guess" or even an explanation of what > happened and why the power-up repaired everything? I've seen the same thing on a system with a dieing video card, but late in the boot when X11 is starting. There are a great many hardware components that could cause this kind of behaviour. You may be able to get some idea of what hardware is being accessed if you force a system crash anad look at the resulting dump. I think you said it was an Alpha, so just type "crash" at the >>> prompt. > Does this indicate some dying hardware component so that we can expect > more serious trouble in the near future? Oh, yes. ------------------------------ Date: Mon, 14 Jan 2008 11:43:27 -0500 From: "Jilly" Subject: Re: DS10 failed to boot Message-ID: <478b9164$0$4631$ec3e2dad@news.usenetmonster.com> "Ulrich Bellgardt" wrote in message news:fmcmkc$smo$1@online.de... > Hello, > > one of the DS10 computers in my company recently failed to boot. It > recognised all SCSI disks, it started booting OpenVMS (7.3-2), but then it > was stuck in a very early stage of the booting procedure. It did not > crash, but it did not do any disk access or any other activity. Control-P > could bring it back to the console prompt >>. > > I did not know what the colleagues have done before, nor did I know which > software products are on that machine, so I tried to perform a minimum > boot, but that showed the same result. > > Finally (and because I had no other idea) I switched off the box and > disconnected the A/C power cable for a couple of seconds. After that, the > computer booted as it always did. Of course I dislike this kind of voodoo, > and prefer to understand what happens. > > So, my questions are: > > Can somebody give an "educated guess" or even an explanation of what > happened and why the power-up repaired everything? > > Does this indicate some dying hardware component so that we can expect > more serious trouble in the near future? > > Thank you, > > -Uli Bellgardt Using a verbose boot mode may give you more info B -FL {root},30000 ------------------------------ Date: Mon, 14 Jan 2008 07:10:05 -0800 (PST) From: Galen Subject: DS10 in need of power supply? Message-ID: <9bffe3be-3b0b-42b4-a8d9-d58666a6929d@s12g2000prg.googlegroups.com> My DS10 died a couple of weeks ago. At power on the fans spin up and the power light turns on, but nothing ever happens at the graphics console or the serial ports. It also sounds like the drives aren't spinning up. The CD drive won't eject and its light never blinks after power up. I'm guessing that the power supply may have failed, so I'm looking for a 70-40890-01 power supply that won't bust the budget. Those I can find for sale via web searches all list for in excess of $250. It would be a real bummer to spend that much, install the module, and find the system still dead. Perhaps a reader here will have or know of a source for a less expensive power supply. I have checked with one other relatively local VMS user who may be able to help, but just in case he can't I'm also asking here. ------------------------------ Date: Mon, 14 Jan 2008 10:38:05 -0500 From: "Richard B. Gilbert" Subject: Re: DS10 in need of power supply? Message-ID: <478B81DD.1060202@comcast.net> Galen wrote: > My DS10 died a couple of weeks ago. At power on the fans spin up and > the power light turns on, but nothing ever happens at the graphics > console or the serial ports. It also sounds like the drives aren't > spinning up. The CD drive won't eject and its light never blinks after > power up. > > I'm guessing that the power supply may have failed, so I'm looking for > a 70-40890-01 power supply that won't bust the budget. Those I can > find for sale via web searches all list for in excess of $250. It > would be a real bummer to spend that much, install the module, and > find the system still dead. > > Perhaps a reader here will have or know of a source for a less > expensive power supply. I have checked with one other relatively local > VMS user who may be able to help, but just in case he can't I'm also > asking here. A cheap or borrowed volt meter would do a lot to settle the question!! It's a very useful tool to have around. I'd guess that you've lost +12 Volts but hard facts are more useful than guesses in a situation like this! ------------------------------ Date: Mon, 14 Jan 2008 11:02:10 -0500 From: "David Turner, Island Computers" Subject: Re: DS10 in need of power supply? Message-ID: <13on1s2866htid9@news.supernews.com> Well we have them made for us Our part number is IC-ZDS10-RP Price is $249 NEW with 1 yr warranty David -- David B Turner Island Computers US Corp 1207 East Highway 80 Suite D Tybee GA 31328 Toll Free: 877-6364332 x201 Intl: 912 786 8502 x201 Fax: 912 786 8505 E: dturner@islandco.com F: 912 201 0402 W: http://www.islandco.com The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. "Galen" wrote in message news:9bffe3be-3b0b-42b4-a8d9-d58666a6929d@s12g2000prg.googlegroups.com... > My DS10 died a couple of weeks ago. At power on the fans spin up and > the power light turns on, but nothing ever happens at the graphics > console or the serial ports. It also sounds like the drives aren't > spinning up. The CD drive won't eject and its light never blinks after > power up. > > I'm guessing that the power supply may have failed, so I'm looking for > a 70-40890-01 power supply that won't bust the budget. Those I can > find for sale via web searches all list for in excess of $250. It > would be a real bummer to spend that much, install the module, and > find the system still dead. > > Perhaps a reader here will have or know of a source for a less > expensive power supply. I have checked with one other relatively local > VMS user who may be able to help, but just in case he can't I'm also > asking here. ------------------------------ Date: Mon, 14 Jan 2008 11:03:06 -0500 From: "David Turner, Island Computers" Subject: Re: DS10 in need of power supply? Message-ID: <13on1tr4fmcn906@news.supernews.com> PS If you send the system to us we can diagnose it for free. Just pay parts and labor if you want us to fix it David -- David B Turner Island Computers US Corp 1207 East Highway 80 Suite D Tybee GA 31328 Toll Free: 877-6364332 x201 Intl: 912 786 8502 x201 Fax: 912 786 8505 E: dturner@islandco.com F: 912 201 0402 W: http://www.islandco.com The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. "Galen" wrote in message news:9bffe3be-3b0b-42b4-a8d9-d58666a6929d@s12g2000prg.googlegroups.com... > My DS10 died a couple of weeks ago. At power on the fans spin up and > the power light turns on, but nothing ever happens at the graphics > console or the serial ports. It also sounds like the drives aren't > spinning up. The CD drive won't eject and its light never blinks after > power up. > > I'm guessing that the power supply may have failed, so I'm looking for > a 70-40890-01 power supply that won't bust the budget. Those I can > find for sale via web searches all list for in excess of $250. It > would be a real bummer to spend that much, install the module, and > find the system still dead. > > Perhaps a reader here will have or know of a source for a less > expensive power supply. I have checked with one other relatively local > VMS user who may be able to help, but just in case he can't I'm also > asking here. ------------------------------ Date: Mon, 14 Jan 2008 08:36:53 -0800 (PST) From: Galen Subject: Re: DS10 in need of power supply? Message-ID: <6a70a506-1cf8-493a-8da9-8e123092e354@f47g2000hsd.googlegroups.com> > > A cheap or borrowed volt meter would do a lot to settle the question!! > It's a very useful tool to have around. I'd guess that you've lost +12 > Volts but hard facts are more useful than guesses in a situation like this! Richard, I do have a voltmeter and am comfortable probing around with it. Does the figure inside the system show which voltages are on which wires in the harness? If not maybe someone can point me in the right direction. > $250 Not a bad price at all in comparison to the others, David. If I can't scrounge up a free one locally I'll likely pick one up from you. Thanks for the offer to diagnose, just in case the power supply isn't at fault. Galen ------------------------------ Date: Mon, 14 Jan 2008 12:48:02 -0500 From: "David Turner, Island Computers" Subject: Re: DS10 in need of power supply? Message-ID: <13on82ii4uv1b50@news.supernews.com> No worries We have plenty in stock anyhoo. Also if it turns out to be a switch fans or whatever we stock ALL the parts for them in large quantity DT -- David B Turner Island Computers US Corp 1207 East Highway 80 Suite D Tybee GA 31328 Toll Free: 877-6364332 x201 Intl: 912 786 8502 x201 Fax: 912 786 8505 E: dturner@islandco.com F: 912 201 0402 W: http://www.islandco.com The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. "Galen" wrote in message news:6a70a506-1cf8-493a-8da9-8e123092e354@f47g2000hsd.googlegroups.com... > > >> A cheap or borrowed volt meter would do a lot to settle the question!! >> It's a very useful tool to have around. I'd guess that you've lost +12 >> Volts but hard facts are more useful than guesses in a situation like >> this! > > Richard, I do have a voltmeter and am comfortable probing around with > it. Does the figure inside the system show which voltages are on which > wires in the harness? If not maybe someone can point me in the right > direction. > >> $250 > > Not a bad price at all in comparison to the others, David. If I can't > scrounge up a free one locally I'll likely pick one up from you. > Thanks for the offer to diagnose, just in case the power supply isn't > at fault. > > Galen ------------------------------ Date: 14 Jan 2008 18:57:58 +0100 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: Re: DS10 in need of power supply? Message-ID: <478bb0b6@news.langstoeger.at> In article <13on1s2866htid9@news.supernews.com>, "David Turner, Island Computers" writes: >Well we have them made for us >Our part number is IC-ZDS10-RP > >Price is $249 NEW with 1 yr warranty Strange. I paid less than Eur 150.- here some years ago (when the euro was less than the dollar) Must have been becoming rarer and rarer (= more expensive) these days... -- Peter "EPLAN" LANGSTOEGER Network and OpenVMS system specialist E-mail peter@langstoeger.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: Mon, 14 Jan 2008 18:17:27 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: DS10 in need of power supply? Message-ID: In article <478bb0b6@news.langstoeger.at>, peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) writes: > > >In article <13on1s2866htid9@news.supernews.com>, "David Turner, Island Computers" writes: >>Well we have them made for us >>Our part number is IC-ZDS10-RP >> >>Price is $249 NEW with 1 yr warranty > >Strange. >I paid less than Eur 150.- here some years ago >(when the euro was less than the dollar) The dollar is less than the euro today! Way less! ~$1.50 to (Euro)1.00! -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Mon, 14 Jan 2008 04:52:33 -0800 (PST) From: "=?ISO-8859-1?B?cG92b2Hn428=?=" Subject: network config Message-ID: <1cbf208f-02df-4fab-8109-74448e499efa@v4g2000hsf.googlegroups.com> Can someone help me please. I know nothing about openvms and I need just only change the network parameter(IP, dns, gateway, route, etc...) Can someone point me some link or how-to this task ? thanks ------------------------------ Date: Mon, 14 Jan 2008 13:02:01 +0000 (UTC) From: gartmann@nonsense.immunbio.mpg.de (Christoph Gartmann) Subject: Re: network config Message-ID: In article <1cbf208f-02df-4fab-8109-74448e499efa@v4g2000hsf.googlegroups.com>, "=?ISO-8859-1?B?cG92b2Hn428=?=" writes: >Can someone help me please. I know nothing about openvms and I need >just only change the network parameter(IP, dns, gateway, route, >etc...) Can someone point me some link or how-to this task ? You should be a bit more specific: what TCP/IP-Stack are you using (e.g. TCP-IP-services from HP or Multinet or TCPware from Process Software)? Which version of OpenVMS is running on your machine? Regards, Christoph Gartmann -- Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452 Immunbiologie Postfach 1169 Internet: gartmann@immunbio dot mpg dot de D-79011 Freiburg, Germany http://www.immunbio.mpg.de/home/menue.html ------------------------------ Date: Mon, 14 Jan 2008 07:07:02 -0600 (CST) From: sms@antinode.org (Steven M. Schweda) Subject: Re: network config Message-ID: <08011407070257_206002CA@antinode.org> From: "=?ISO-8859-1?B?cG92b2Hn428=?=" > Can someone help me please. I know nothing about openvms and I need > just only change the network parameter(IP, dns, gateway, route, > etc...) Can someone point me some link or how-to this task ? It depends on whose IP software you're using, but you might try: @ SYS$MANAGER:TCPIP$CONFIG.COM Knowing more about your system (VMS version, hardware type, ...) might be helpful. "tcpip show version" may be informative. Otherwise: write sys$output f$getsyi( "version") ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-org 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: 14 Jan 2008 08:09:47 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: network config Message-ID: In article <1cbf208f-02df-4fab-8109-74448e499efa@v4g2000hsf.googlegroups.com>, "=?ISO-8859-1?B?cG92b2Hn428=?=" writes: > Can someone help me please. I know nothing about openvms and I need > just only change the network parameter(IP, dns, gateway, route, > etc...) Can someone point me some link or how-to this task ? You can get yourself in deep trouble in a short time. You really need to spend a few minutes reading this group's FAQ just so you know what issues you need to ask about. www.hoffmanlabs.com/vmsfaq/ ------------------------------ Date: Mon, 14 Jan 2008 14:20:16 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: network config Message-ID: In article <08011407070257_206002CA@antinode.org>, sms@antinode.org (Steven M. Schweda) writes: > > >From: "=?ISO-8859-1?B?cG92b2Hn428=?=" > >> Can someone help me please. I know nothing about openvms and I need >> just only change the network parameter(IP, dns, gateway, route, >> etc...) Can someone point me some link or how-to this task ? > > It depends on whose IP software you're using, but you might try: Then the first suggestion would have been to ask the poster to report back with the results of $ SHOW NETWORK. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Mon, 14 Jan 2008 14:07:34 +0100 From: "P. Sture" Subject: Re: print queues and IP Message-ID: In article <66ff7ce4-e5aa-4a4d-aae4-8dbd9dbdb2b9@u10g2000prn.googlegroups.com>, etmsreec@yahoo.co.uk wrote: > Depends whether the HP 2100 has Postscript in it. Most of the HP > printers that I've seen in the last ten years have Postscript as an > added cost extra (often as a memory SIMM). The alternative way to > look at the situation is that the printer would be able to decode > whatever stream of data got fed to it if it was IP capable but > wouldn't be able to print output from a DCPS queue if it didn't have > Postscript in it. > You pays your money and take syour choice. IIRC the 2100 M has Postscript (actually an HP emulation), the plain 2100 doesn't. -- Paul Sture Sue's OpenVMS bookmarks: http://eisner.encompasserve.org/~sture/ovms-bookmarks.html ------------------------------ Date: Mon, 14 Jan 2008 10:25:34 -0800 (PST) From: H Vlems Subject: Re: print queues and IP Message-ID: <32798992-a655-4559-abd9-a0a27a31be8a@d70g2000hsb.googlegroups.com> On 14 jan, 14:07, "P. Sture" wrote: > In article > <66ff7ce4-e5aa-4a4d-aae4-8dbd9dbdb...@u10g2000prn.googlegroups.com>, > > etmsr...@yahoo.co.uk wrote: > > Depends whether the HP 2100 has Postscript in it. Most of the HP > > printers that I've seen in the last ten years have Postscript as an > > added cost extra (often as a memory SIMM). The alternative way to > > look at the situation is that the printer would be able to decode > > whatever stream of data got fed to it if it was IP capable but > > wouldn't be able to print output from a DCPS queue if it didn't have > > Postscript in it. > > You pays your money and take syour choice. > > IIRC the 2100 M has Postscript (actually an HP emulation), the plain > 2100 doesn't. > > -- > Paul Sture > > Sue's OpenVMS bookmarks:http://eisner.encompasserve.org/~sture/ovms-bookmarks.html Correct Paul. Mine is a straight 2100 and doesn't know the difference between PS and ancient Chinese. Hans ------------------------------ Date: 14 Jan 2008 05:52:34 -0600 From: briggs@encompasserve.org Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article <5a8447d4-af7d-42fa-907f-68b55658d93f@j78g2000hsd.googlegroups.com>, AEF writes: > On Jan 11, 1:25 pm, bri...@encompasserve.org wrote: >> TheQuickBrownFoxJumpsOverTheLazyDog/Jan2008 >> >> Entropy in that password once you guess the password generation scheme >> is almost negligible. Given a 90 day password expiration policy >> you could brute-force the key space in four tries. > > Please clarify. Suppose that I as a user choose a password generation scheme: Whenever I am prompted to change my password, I will change it to "TheQuickBrownFoxJumpsOverTheLazyDog/" where the is determined from the then-current month and year. If I've reset the password sometime in the past three months then the entropy in the password is no more than 1-2 bits. If you as an attacker compromise one of my passwords and correctly guess the generation scheme then, in July you could crack my then-current password in four guesses: TheQuickBrownFoxJumpsOverTheLazyDog/Apr2008 TheQuickBrownFoxJumpsOverTheLazyDog/May2008 TheQuickBrownFoxJumpsOverTheLazyDog/Jun2008 TheQuickBrownFoxJumpsOverTheLazyDog/Jul2008 ------------------------------ Date: 14 Jan 2008 05:56:01 -0600 From: briggs@encompasserve.org Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article <006f275c-f86e-48f7-9b9f-96203bf35092@j78g2000hsd.googlegroups.com>, AEF writes: > On Jan 11, 3:23 pm, bri...@encompasserve.org wrote: >> In article <4786ee9e$0$16170$c3e8...@news.astraweb.com>, JF Mezei writes: >> >> > AEF wrote: >> >> >> Tell "them", whoever they are: LONGER IS STRONGER. PERIOD. COMPLEX IS >> >> MORE PAIN THAN GAIN. >> >> > Having a mandated password length is however a weakness since anyone >> > with some insider knowledge will know how to configure his password >> > guessing program to only try passwords of the mandated length. >> >> > Having variable password lengths means that the hackers don't know how >> > long a password will be and thus greatly increases the number of >> > attempts they must make before they get to the password. >> >> That turns out not to be true. >> >> Given any alphabet, the number of variable length strings with >> maximum length n is no more than twice the number of fixed length >> strings with length exactly equal to n. >> >> To put it another way, variable length buys you at most one bit of >> entropy. >> >> [There are some assumptions of uniformity needed to formalize the >> latter statement properly] >> >> Consider a decimal alphabet. >> >> There's one possible string of length 0 >> There are ten possible strings of length 1 >> There are 100 possible strings of length 2 >> and so on. >> >> If you have a length 6 password and your attacker searches the variable >> length search space then on average he'll have to search through >> >> 111,111 possibilities with length <= 5 > > Wouldn't that be 111,111/2 ? Nope. Note the stipulation. The password is length 6. The search through the space of 5 digit passwords is guaranteed to be fruitless. > >> 500,000 possibilities with length = 6 >> ------- >> 611,111 guesses on average before guessing right >> >> If the attacker knows that your password is length 6 then it >> takes him just 500,000 guesses on average. >> >> That's a 22% increase in work factor. About 1/4 of a bit of entropy. >> Not what I'd call a "great increase". >> >> Suppose you had to actually turn off your minimum password length to >> cost the attacker this penalty. And assume that 25% of your users take >> advantage of that to choose 5 character passwords. Then the attacker needs: >> >> 25% chance of needing 61,111 guesses on average to crack a 5 digit password >> + 75% chance of needing 611,111 guesses on average to crack a 6 digit password >> ------------------------------------------------------------------------------ >> 473,611 guesses on average. >> >> Variable length passwords don't make it harder on the attacker. They >> make it easier. > > What about passwords of exactly n characters vs. passwords with a min. > of n? I'd think that at least some would be n+1 or n+2, but I don't > know how many. If you want a quantitative analysis, you'll need to come up with a model for how many. Look up a couple paragraphs. When I suggested that 25% of the user community would choose 5 digit passwords, that was the model that allowed the quantitative analysis to proceed. ------------------------------ Date: Mon, 14 Jan 2008 12:35:30 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article , briggs@encompasserve.org writes: > > >In article <5a8447d4-af7d-42fa-907f-68b55658d93f@j78g2000hsd.googlegroups.com>, AEF writes: >> On Jan 11, 1:25 pm, bri...@encompasserve.org wrote: >>> TheQuickBrownFoxJumpsOverTheLazyDog/Jan2008 >>> >>> Entropy in that password once you guess the password generation scheme >>> is almost negligible. Given a 90 day password expiration policy >>> you could brute-force the key space in four tries. >> >> Please clarify. > >Suppose that I as a user choose a password generation scheme: > > Whenever I am prompted to change my password, I will change it > to "TheQuickBrownFoxJumpsOverTheLazyDog/" where the > is determined from the then-current month and year. > >If I've reset the password sometime in the past three months then >the entropy in the password is no more than 1-2 bits. > >If you as an attacker compromise one of my passwords and correctly >guess the generation scheme then, in July you could crack my then-current >password in four guesses: > > TheQuickBrownFoxJumpsOverTheLazyDog/Apr2008 > TheQuickBrownFoxJumpsOverTheLazyDog/May2008 > TheQuickBrownFoxJumpsOverTheLazyDog/Jun2008 > TheQuickBrownFoxJumpsOverTheLazyDog/Jul2008 I was at a site that had a password policy that required passwords to be changed every 45 days. People got smart to this and started using either the same password with a month/year or just the month/year. They would change their password at the beginning of the month every month. Doing a password crack for a security audit turned up a very very high precentage of guessed passwords. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: 14 Jan 2008 07:37:53 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article <47882B09.6050607@comcast.net>, "Richard B. Gilbert" writes: > > Never backing up the UAF is a possible solution but potentially an > expensive one! I didn't see anyone sayt not to back up the UAF. What I read was make sure you back it up to media that will not leave the facility intact. Surely you can keep track of those backups? ------------------------------ Date: Mon, 14 Jan 2008 05:41:50 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <363458c2-2898-42d2-9479-4c42d4efe113@v67g2000hse.googlegroups.com> On Jan 14, 6:52 am, bri...@encompasserve.org wrote: > In article <5a8447d4-af7d-42fa-907f-68b55658d...@j78g2000hsd.googlegroups.com>, AEF writes: > > > On Jan 11, 1:25 pm, bri...@encompasserve.org wrote: > >> TheQuickBrownFoxJumpsOverTheLazyDog/Jan2008 > > >> Entropy in that password once you guess the password generation scheme > >> is almost negligible. Given a 90 day password expiration policy > >> you could brute-force the key space in four tries. > > > Please clarify. > > Suppose that I as a user choose a password generation scheme: > > Whenever I am prompted to change my password, I will change it > to "TheQuickBrownFoxJumpsOverTheLazyDog/" where the > is determined from the then-current month and year. > > If I've reset the password sometime in the past three months then > the entropy in the password is no more than 1-2 bits. > > If you as an attacker compromise one of my passwords and correctly > guess the generation scheme then, in July you could crack my then-current > password in four guesses: > > TheQuickBrownFoxJumpsOverTheLazyDog/Apr2008 > TheQuickBrownFoxJumpsOverTheLazyDog/May2008 > TheQuickBrownFoxJumpsOverTheLazyDog/Jun2008 > TheQuickBrownFoxJumpsOverTheLazyDog/Jul2008 What does this have to do with longer is stronger? Once you correctly guess the scheme, it doesn't matter whether it's longer or complex. My point was that assuming the complex scheme enforced by Windows XP, there is little gain. Most people seem to think there is a log more gain than there really is. When you do the math, the number of possible passwords increases much faster with increasing length than with increasing complexity. I assume you are talking about an advantage of generated passwords, but you wrote this in response to my claim that longer is stronger. Sure it isn't any stronger ONCE you crack the generation scheme, and unless you've done that from an old backup tape, you're already in at that point anyway. And I did say it would be good to check for stupid passwords. AEF ------------------------------ Date: 14 Jan 2008 07:42:29 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: In article <5upd32F1j5pbhU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: > > Sounds like a security feature to me as it could not possibly ever > match, unless you had a real password that was 8 characters or less. :-) > If you mandated passwords longer than 8 characters no one would ever > use ftp. It did match, and my real password was longer, which tells us something about what login, passwd, et. al. were doing back then. And it was pre-ssh so FTP or rcp was what we had to use. ------------------------------ Date: Mon, 14 Jan 2008 05:54:05 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <3309101e-b18f-4e8c-a697-bc1cb4228bfd@q77g2000hsh.googlegroups.com> On Jan 14, 6:56 am, bri...@encompasserve.org wrote: > In article <006f275c-f86e-48f7-9b9f-96203bf35...@j78g2000hsd.googlegroups.com>, AEF writes: > > > > > On Jan 11, 3:23 pm, bri...@encompasserve.org wrote: > >> In article <4786ee9e$0$16170$c3e8...@news.astraweb.com>, JF Mezei writes: > > >> > AEF wrote: > > >> >> Tell "them", whoever they are: LONGER IS STRONGER. PERIOD. COMPLEX IS > >> >> MORE PAIN THAN GAIN. > > >> > Having a mandated password length is however a weakness since anyone > >> > with some insider knowledge will know how to configure his password > >> > guessing program to only try passwords of the mandated length. > > >> > Having variable password lengths means that the hackers don't know how > >> > long a password will be and thus greatly increases the number of > >> > attempts they must make before they get to the password. > > >> That turns out not to be true. > > >> Given any alphabet, the number of variable length strings with > >> maximum length n is no more than twice the number of fixed length > >> strings with length exactly equal to n. > > >> To put it another way, variable length buys you at most one bit of > >> entropy. > > >> [There are some assumptions of uniformity needed to formalize the > >> latter statement properly] > > >> Consider a decimal alphabet. > > >> There's one possible string of length 0 > >> There are ten possible strings of length 1 > >> There are 100 possible strings of length 2 > >> and so on. > > >> If you have a length 6 password and your attacker searches the variable > >> length search space then on average he'll have to search through > > >> 111,111 possibilities with length <= 5 > > > Wouldn't that be 111,111/2 ? > > Nope. Note the stipulation. The password is length 6. The search > through the space of 5 digit passwords is guaranteed to be fruitless. I assumed you meant the password could be up to length 6. Additionally, you said an AVERAGE of 111111. Well, it's ALWAYS going to be 111111 if there are no passwords with L < 6. So why say average? Therefore, I thought you meant the password had L .LE. 6. I also got confused by your use of the word 'search'. If you have N passwords to search through, on average you have to _try_ N/2 of them. But you sometimes used "search" when I would have used "try". > > >> 500,000 possibilities with length = 6 > >> ------- > >> 611,111 guesses on average before guessing right > > >> If the attacker knows that your password is length 6 then it > >> takes him just 500,000 guesses on average. > > >> That's a 22% increase in work factor. About 1/4 of a bit of entropy. > >> Not what I'd call a "great increase". 500000 is not 22% greater than 611111. OK, you meant the opposite. Yeah, I suppose these are all minor points, but they added up to confusing me. Sorry. > >> Suppose you had to actually turn off your minimum password length to > >> cost the attacker this penalty. And assume that 25% of your users take > >> advantage of that to choose 5 character passwords. Then the attacker needs: > > >> 25% chance of needing 61,111 guesses on average to crack a 5 digit password > >> + 75% chance of needing 611,111 guesses on average to crack a 6 digit password > >> ------------------------------------------------------------------------------ > >> 473,611 guesses on average. > > >> Variable length passwords don't make it harder on the attacker. They > >> make it easier. > > > What about passwords of exactly n characters vs. passwords with a min. > > of n? I'd think that at least some would be n+1 or n+2, but I don't > > know how many. > > If you want a quantitative analysis, you'll need to come up with a model > for how many. > > Look up a couple paragraphs. When I suggested that 25% of the user > community would choose 5 digit passwords, that was the model that allowed > the quantitative analysis to proceed. OK AEF ------------------------------ Date: Mon, 14 Jan 2008 05:55:14 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: On Jan 14, 8:37 am, koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote: > In article <47882B09.6050...@comcast.net>, "Richard B. Gilbert" writes: > > > > > Never backing up the UAF is a possible solution but potentially an > > expensive one! > > I didn't see anyone sayt not to back up the UAF. What I read was > make sure you back it up to media that will not leave the facility > intact. > > Surely you can keep track of those backups? Not if your site is destroyed! AEF ------------------------------ Date: Mon, 14 Jan 2008 06:01:54 -0800 (PST) From: AEF Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <77f128a3-201c-49d9-a1c0-2f33a956d51e@q39g2000hsf.googlegroups.com> On Jan 14, 8:41 am, AEF wrote: > On Jan 14, 6:52 am, bri...@encompasserve.org wrote: > > > > > In article <5a8447d4-af7d-42fa-907f-68b55658d...@j78g2000hsd.googlegroups.com>, AEF writes: > > > > On Jan 11, 1:25 pm, bri...@encompasserve.org wrote: > > >> TheQuickBrownFoxJumpsOverTheLazyDog/Jan2008 > > > >> Entropy in that password once you guess the password generation scheme > > >> is almost negligible. Given a 90 day password expiration policy > > >> you could brute-force the key space in four tries. > > > > Please clarify. > > > Suppose that I as a user choose a password generation scheme: > > > Whenever I am prompted to change my password, I will change it > > to "TheQuickBrownFoxJumpsOverTheLazyDog/" where the > > is determined from the then-current month and year. > > > If I've reset the password sometime in the past three months then > > the entropy in the password is no more than 1-2 bits. > > > If you as an attacker compromise one of my passwords and correctly > > guess the generation scheme then, in July you could crack my then-current > > password in four guesses: > > > TheQuickBrownFoxJumpsOverTheLazyDog/Apr2008 > > TheQuickBrownFoxJumpsOverTheLazyDog/May2008 > > TheQuickBrownFoxJumpsOverTheLazyDog/Jun2008 > > TheQuickBrownFoxJumpsOverTheLazyDog/Jul2008 > > What does this have to do with longer is stronger? Once you correctly > guess the scheme, it doesn't matter whether it's longer or complex. My > point was that assuming the complex scheme enforced by Windows XP, > there is little gain. Most people seem to think there is a log more > gain than there really is. When you do the math, the number of > possible passwords increases much faster with increasing length than > with increasing complexity. ^^^^^^^^^^^^^^^^^^^^^^^^^^ Correction! Change "with increasing complexity" to "with increasing the character space as currently implemented by Windows XP", which doesn't _really_ increase complexity as much as most people seem to think. You have to do the math and look at the actual scheme as implemented. And complex passwords are more likely to be written down than longer passwords. It's a little like being penny-wise and pound- foolish. > > I assume you are talking about an advantage of generated passwords, > but you wrote this in response to my claim that longer is stronger. > Sure it isn't any stronger ONCE you crack the generation scheme, and > unless you've done that from an old backup tape, you're already in at > that point anyway. > > And I did say it would be good to check for stupid passwords. > > AEF ------------------------------ Date: Mon, 14 Jan 2008 09:24:06 -0800 (PST) From: Jon Subject: Re: Security level of SET PASS /GENERATE ? Message-ID: <88b6c574-a8f2-49fa-b865-ff4cb2c9ff9b@t1g2000pra.googlegroups.com> On Jan 10, 6:11=A0am, VAXman- @SendSpamHere.ORG wrote: > In article , davi...@alpha2.mdx.ac.uk writ= es: > > >In article , VAXman- =A0@SendSpamHere.ORG wri= tes: > >>In article , moro...@world.std.spaamtrap.com= (Michael Moroney) writes: > > >>>=3D?ISO-8859-1?Q?Jan-Erik_S=3DF6derholm?=3D =A0 writes: > > >>>>> Jan-Erik S=F6derholm wrote: > >>>>>> In many places in the VMS docs one is recomended > >>>>>> to use the /GENERATEoption of SET PASS (or the > >>>>>> correspending flag in SYSUAF). What is the current > >>>>>> view of these generated passwords ? How safe are they > >>>>>> against hacking/probing/directory-attacs ? > > >>>>I know everything about all that. I was *specificaly* asking > >>>>about the builtin security of the *generated* passwords. > >>>>Nothing else... :-) > > >>>OK. > > >>>Without seeing the source, I'm going to _guess_ that the generated > >>>passwords use an "alphabet" of syllables, each about 3 characters long.= =A0 > >>>I have no idea how many "letters" are in this alphabet, but I suspect i= t > >>>is well over 26. =A0However, since there are 3 or so real letters in ea= ch > >>>syllable, a 12 character generated password may be the equivalent of on= ly > >>>about 4 "letters" long! =A0But there should be plenty of "letters" in t= he > >>>"alphabet" so the generated password really isn't as weak as a 4 letter= > >>>password. =A0But consider: > > >>Have a look at SYS$LOADABLE_IMAGES:VMS$FORGE_WORD.DATA -- The forged wor= d > >>database. =A0It's used by the $FORGE_WORD system servcie when creating i= ts > >>nonsense words. =A0 > > >>If you dump it out, you will see this file also contains a list of words= > >>that should NOT be forged by the password generator: > > >>..English..asshole.belgium.bitch.cock.c@@n.cunt.fuck.fuk.fuq.n!%%&r.piss= . > >>shit.tits. > > >>I've elided some characters from some words to keep Google's search engi= ne > >>from indexing on it. > > >>I didn't know belgium was a dirty word! =A0 > > >It is the most unspeakably rude word there is and the reason why Earth ha= s > >beened shunned by the rest of the Galaxy according to the > >Hitchhiker's guide to the galaxy. > > >See =A0http://www.bbc.co.uk/cult/hitchhikers/guide/belgium.shtml > > Thanks David, > > The humor of the VMS team never ceases to amuse. It's good to know that after 15+ years, someone finally noticed the joke. Derrell Piper and I did this. When we created sys$forge_word, one of the things we wanted to clean up from the previous password generator was the rude word scanning. The previous generator had accumulated rude words and particles of rude words from a good dozen languages. Since the whole point of sys $forge_word is to be tailored to a specific language, we wanted to cut out all of the other languages, and when people added in languages they could put in their own scanning. After much discussion, we settled on the basic Carlin words, the two racial epithets, and, of course the intergalactic ultimate rude word, which just had to be there. I don't know if it's there any more, but when we shipped it, there was one other language dictionary in sys$examples for a Sindarin password generator, as well. -- Jon Callas ------------------------------ Date: Mon, 14 Jan 2008 09:08:02 +0100 From: "Ferry Bolhar" Subject: simh VAX 11/780 Message-ID: <1200298093.496280@proxy.dienste.wien.at> Hi VMS folks, Does anyone know whether the simh VAX 11/780 emulator does support MA780 shared memory? Greetings, Ferry -- Ing Ferry Bolhar Magistrat der Stadt Wien - MA 14 A-1010 Wien E-Mail: ferdinand.bolhar-nordenkampf@wien.gv.at ------------------------------ Date: 14 Jan 2008 08:07:16 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: simh VAX 11/780 Message-ID: <4DdhNH$t4Y1I@eisner.encompasserve.org> In article <1200298093.496280@proxy.dienste.wien.at>, "Ferry Bolhar" writes: > Hi VMS folks, > > Does anyone know whether the simh VAX 11/780 emulator does support MA780 > shared memory? > You tryuing to emulate an 11/782? I'm failry sure SIMH doesn't do that, no matter what memory subsystem you emulate. ------------------------------ End of INFO-VAX 2008.028 ************************