INFO-VAX Thu, 19 Jul 2007 Volume 2007 : Issue 392 Contents: Re: %NONAME-W-NOMSG Re: AWK for I64 Re: cpu availability for ovms 8.3 Itanium Re: cpu availability for ovms 8.3 Itanium Re: cpu availability for ovms 8.3 Itanium Re: datatrieve Re: Delete Key? Re: Disk repair (soft / logical) Re: Disk repair (soft / logical) Re: Disk repair (soft / logical) Re: DS10 Deal for the rest of January Re: DS10 Deal for the rest of January Re: EDT Replacement ES45 Memory Special for July 07 Re: ES45 Memory Special for July 07 Re: ES45 Memory Special for July 07 Re: ES45 Memory Special for July 07 Re: ES45 Memory Special for July 07 Message NONAME-W-NOMSG Re: Message NONAME-W-NOMSG Re: MUTEX's to be investigated Re: MUTEX's to be investigated OT: from sshmucks to the real schmucks! Re: OT: Their shamelessness knows no bounds. Re: String manipulations Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... Re: these sshmucks are at it again... VAX in walled-in by accident Re: VAX in walled-in by accident Re: What OS version to run on a DEC 3000-M600 ---------------------------------------------------------------------- Date: Thu, 19 Jul 2007 12:15:20 -0400 From: Stephen Hoffman Subject: Re: %NONAME-W-NOMSG Message-ID: lalo wrote: > hola amigos, Today I execute one program by submit command and I found > this message on a queue batch. On the log file, i havent > found no one error, so whats these message means? > > Job CARGA_TBACK_JDA_CT (queue SYS$BATCH, entry 58) terminated with > error status > > %NONAME-W-NOMSG, Message number 00000000 > > On google, i find no one article belonged to this topic, so I want to > know your opininons about this. > > The server is running under OpenVMS version is v.7.3-2. I've seen this case when somebody aims a STOP command ($delprc call) at the batch job. Check system auditing for use of privileges or $delprc auditing, if enabled. Otherwise, upgrade the batch log output for next time, to see what image or tool failed. Look at enabling use-of-privileges or other auditing, if it is not already enabled. (Or review security, or get it reviewed.) As was mentioned in another reply, various C programs can (also) exit with a zero (which is a meaningless code on OpenVMS), and other executable images that exit with a 0 left in R0 will also show similar behavior. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: Thu, 19 Jul 2007 13:00:09 -0400 From: Stephen Hoffman Subject: Re: AWK for I64 Message-ID: onidin wrote: > Is there something way to use AWK on i64 platform ? Yes, awk and gawk ports can and do exist for OpenVMS I64, as do perl, php, python, tcl/tk, tar, gzip, zip and unzip, and various other common tools and languages. Pointers to many of the Unix tools are in the Frequently Asked Questions (FAQ), as are discussions of many of the common questions. The master OpenVMS FAQ is available at: Take a look at the awk and gawk ports that are available on the Freeware , or particularly take a look at the GNV environment -- GNV is a free downloaded installation kit from HP, and contains a large pile of common tools and utilities. I'll look at tweaking the wording of the FAQ to make it easier to find the gawk and awk stuff for next time. -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: Thu, 19 Jul 2007 10:45:49 -0400 From: "Syltrem" Subject: Re: cpu availability for ovms 8.3 Itanium Message-ID: <139uu8uca1agt34@corp.supernews.com> "itanium" wrote in message news:1184796653.736154.235630@i38g2000prf.googlegroups.com... > Hi > > I have a cluster with ovms 8.3 integrity rx262 > 2 cpus an 7 gb memory. > > I try execute a heavy process but I can saw only 100% cpu but looks > like that another cpu was available. > > I runed autogen and tunning all cluster > > moni modes show me 2 cpus but only 100% used > moni system cpu 100% used but not 110 o 115 etc etc. > > Some one knows if i need set any parameter o something for 2 cpus > works and not only one..? > > thanks > A single process will likely be able to use just one CPU unless it can do threads. Think about it: can you use 2 cars to go to work and get there faster? The same applies for your process. Regards, Syltrem ------------------------------ Date: Thu, 19 Jul 2007 08:27:34 -0700 From: etmsreec@yahoo.co.uk Subject: Re: cpu availability for ovms 8.3 Itanium Message-ID: <1184858854.231051.86420@r34g2000hsd.googlegroups.com> On 18 Jul, 23:10, itanium wrote: > Hi > > I have a cluster with ovms 8.3 integrity rx262 > 2 cpus an 7 gb memory. > > I try execute a heavy process but I can saw only 100% cpu but looks > like that another cpu was available. > > I runed autogen and tunning all cluster > > moni modes show me 2 cpus but only 100% used > moni system cpu 100% used but not 110 o 115 etc etc. > > Some one knows if i need set any parameter o something for 2 cpus > works and not only one..? > > thanks Do you have units = 2 on the OpenVMS OE license? Was the job capable of running more than one thread or was it only one (if you can't run in more than one thread then one job is not going to take more than 100% CPU, no matter how many CPUs you throw it at!) Steve ------------------------------ Date: Thu, 19 Jul 2007 12:05:51 -0400 From: Stephen Hoffman Subject: Re: cpu availability for ovms 8.3 Itanium Message-ID: itanium wrote: > I have a cluster with ovms 8.3 integrity rx262 > 2 cpus an 7 gb memory. > > I try execute a heavy process but I can saw only 100% cpu but looks > like that another cpu was available. > > I runed autogen and tunning all cluster > > moni modes show me 2 cpus but only 100% used > moni system cpu 100% used but not 110 o 115 etc etc. > > Some one knows if i need set any parameter o something for 2 cpus > works and not only one..? Hello Edgar, Sufficient FOE, EOE or MCOE license units will be needed for the numbers of cores present and active; you'll need enough per-core licenses (PCL) or the older per processor licenses (PPL) name to run the number of cores you have running. For this case, you'll need licenses for two cores and thus two units total. Based on the ITRC discussion, the license here is OPENVMS-I64-EOE, and I'd expect to see a 2 unit license for this box. The DCL command SHOW LICENSE/OE will show your license compliance, and see SHOW LICENSE/CHARGE for related information. SMP and multicore -- basically the same thing, for the purpose of this discussion -- don't make a single-threaded process go any faster. You can have 128 cores, and a single-threaded process will run at 1x; at the speed of one core. To get a single-threaded process to run to completion in less time on an SMP or multicore system, you have to explicitly divide up the workload, whether by creating additional processes to perform parts of the work, or by creating threads within a process. Quotas and AUTOGEN and such are not particularly relevant to parallel processing; yes, you need enough quotas to ensure the application is running efficiently, but there's no quota or setting to cause a non-multiprocessing or non-multithreaded application to run in parallel. There do exist parameter settings for applications that are already explicitly coded for threading; to allow existing threads to run in parallel. With a fully-licensed dual-core configuration, I'd expect to see an SMP or multicore box showing between 100% and 200% based on system activity, when there's something running in parallel with your "heavy process". You can demonstrate this to yourself with two DCL procedures or such that simply loop -- log in three times in parallel, run MONITOR SYSTEM or MONITOR ALL in one window, and two DCL loops in the other logins. Hoff -- This question is a carry-over from a thread in the ITRC discussion forum. http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1146075 -- www.HoffmanLabs.com Services for OpenVMS ------------------------------ Date: 19 Jul 2007 11:55:29 -0500 From: briggs@encompasserve.org Subject: Re: datatrieve Message-ID: In article , clarence writes: > > I need to be able to cross an RMS file that has a field with an occurs > clause to another file in datatrieve. How do I do that? If I recall correctly, you would first cross the domain that has the "occurs" clause with the occurs clause. e.g. if a boat has an occurs clause for decks and each deck has a type of flooring and you have a second domain with flooring types then: DTR> find boat cross decks cross deck-materials over flooring-type But bear in mind that I've never actually used this syntax and haven't used Datatrieve at all for about ten years now. (And I probably wouldn't use an inner join for this particular example in real life). ------------------------------ Date: 19 Jul 2007 07:45:24 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Delete Key? Message-ID: In article , Roger Ivie writes: > On 2007-07-11, Bob Koehler wrote: >> In article , glen herrmannsfeldt writes: >> But UNIX was already around. Maybe Larry knows whether TECO is older >> or UNIX (1968)? > > As I understand it, TECO was originally written for the PDP-1. > > I read it on the internet, it must be true. I read it when Larry posted it here, that gives me a lot more confidence. ------------------------------ Date: Thu, 19 Jul 2007 13:54:19 +0200 From: "P. Sture" Subject: Re: Disk repair (soft / logical) Message-ID: In article <139sni13ldd6m91@corp.supernews.com>, "Syltrem" wrote: > OVMS 8.3 Alpha or IA64 > Someone else ? OVMS 8.3 Alpha here. $ Directory DKA0: HELLO.C;1 HELLO.EXE;1 HELLO.OBJ;1 Total of 3 files. $ install add disk$alphasys:[temp]hello.exe/open/shared $ del dka0:*.*.*/lo %DELETE-I-FILDEL, DKA0:HELLO.C;1 deleted (18 blocks) %DELETE-I-FILDEL, DKA0:HELLO.EXE;1 deleted (18 blocks) %DELETE-I-FILDEL, DKA0:HELLO.OBJ;1 deleted (18 blocks) %DELETE-I-TOTAL, 3 files deleted (54 blocks) $ install lis disk$alphasys:[temp]hello.exe/fu DISK$ALPHASYS:.EXE HELLO;1 Open Shared Entry access count = 0 Current / Maximum shared = 1 / 0 Global section count = 1 $ install del disk$alphasys:[temp]hello.exe $ IOW, V8.3 doesn't seem to care if the original .EXE actually exists anymore. Note that it can be picky about the device name. For example, if added using DKA0:, the listing shows DISK$ALPHASYS, but that doesn't work for the delete: $ cre/dir dka0: $ copy hello.* dka0:/lo %COPY-S-COPIED, USER_SY:HELLO.C;1 copied to DKA0:HELLO.C;1 (1 block) %COPY-S-COPIED, USER_SY:HELLO.EXE;1 copied to DKA0:HELLO.EXE;1 (7 blocks) %COPY-S-COPIED, USER_SY:HELLO.OBJ;1 copied to DKA0:HELLO.OBJ;1 (4 blocks) %COPY-S-NEWFILES, 3 files created $ install add dka0:hello.exe/open/share/head $ install list dka0:hello.exe /full DISK$ALPHASYS:.EXE HELLO;1 Open Hdr Shared Entry access count = 0 Current / Maximum shared = 1 / 0 Global section count = 1 $ install del DISK$ALPHASYS:HELLO.EXE %INSTALL-W-FAIL, failed to REMOVE entry for DISK$ALPHASYS:HELLO.EXE -INSTALL-E-NOKFEFND, Known File Entry not found $ install del DKA0:HELLO.EXE $ A little bit of trial and error will probably get you there. -- Paul Sture ------------------------------ Date: Thu, 19 Jul 2007 16:04:13 +0100 From: "Richard Brodie" Subject: Re: Disk repair (soft / logical) Message-ID: "Syltrem" wrote in message news:139uu4h7mjbtmc0@corp.supernews.com... > I remember the name of one of the 2 directories I'm having problems with. I was able to > successfully remove the entries from it. The other one is a bit deeper (many levels) so > I will just do a backup/list of a tape that has it to find the correct path to the > installed files. "pipe install list > files.txt" might be quicker than messing around with tapes. ------------------------------ Date: Thu, 19 Jul 2007 12:19:25 -0400 From: "Syltrem" Subject: Re: Disk repair (soft / logical) Message-ID: <139v3oe22bhds72@corp.supernews.com> "Richard Brodie" wrote in message news:f7nuhc$sde$1@south.jnrs.ja.net... > > "Syltrem" wrote in message > news:139uu4h7mjbtmc0@corp.supernews.com... > >> I remember the name of one of the 2 directories I'm having problems with. >> I was able to successfully remove the entries from it. The other one is a >> bit deeper (many levels) so I will just do a backup/list of a tape that >> has it to find the correct path to the installed files. > > "pipe install list > files.txt" might be quicker than messing around with > tapes. > > Install LIST gives the path as [43456,0,0] That's the whole point... Syltrem ------------------------------ Date: 19 Jul 2007 10:04:52 +0200 From: peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) Subject: Re: DS10 Deal for the rest of January Message-ID: <469f3744@news.langstoeger.at> In article , "David Turner, Island Computers" writes: >[DS10 6/466, 2 disks $2075] >This is a good deal >Call around to other dealers ! But don't look at ebay (where they are down to $300 now, from $800 last year) SCNR -- Peter "EPLAN" LANGSTOEGER Network and OpenVMS system specialist E-mail peter@langstoeger.at A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist ------------------------------ Date: Thu, 19 Jul 2007 08:43:49 -0700 From: Rich Jordan Subject: Re: DS10 Deal for the rest of January Message-ID: <1184859829.635422.97290@q75g2000hsh.googlegroups.com> On Jul 18, 2:28 pm, "David Turner, Island Computers" wrote: > In stock > > In excess of 70 systems > > Configuration special > > Alphaserver DS10 466Mhz > 1GB Memory, Dual 10/100 Ethernet > Front Access Disk Cage with Low Profile CDROM > Dual 36GB 10KRPM Hot PLug Disk > U160 Dual Channel SCSI Controller > 4 PCI slots (one taken by U160 Ctr) > Works with all power variants worldwide > > Only $2075 > > 1 Yr Warranty on everything ! > > -- > > David B Turner > Island Computers US Corp > 2700 Gregory St, Suite 180 > Savannah GA 31404 > > T: 877-6364332 x201 > Intl: 001 912 447 6622 > > E: dtur...@islandco.com > F: 912 201 0402 > W:http://www.islandco.com If you can, please post pricing with licenses too. I'm bumping this up to the powers that be but if there's any prospects it would be for licensed systems. Wish I could afford one for hobby use at home though! My PWS600au is feeling a bit slow lately... Rich ------------------------------ Date: Thu, 19 Jul 2007 10:09:04 -0700 From: AEF Subject: Re: EDT Replacement Message-ID: <1184864944.834675.284580@q75g2000hsh.googlegroups.com> On Jul 18, 1:52 pm, moro...@world.std.spaamtrap.com (Michael Moroney) wrote: > John Sauter writes: > >My memory must be failing me in my old age. I seem to remember > >instrumenting EDT so it would write a record for each line read from and > >written to the terminal, then turning those records into a script for a > >test program, which we got from another group. It would play the > >recorded input lines and capture the output. > > EDT automagically logs its commands to a .JOU file, what you are talking > about must be a variation of this. If your process gets killed somehow > you can recover (most of) your work with $ EDIT/EDT/RECOVER, and it's > kind of neat watching the cursor fly around redoing all your edits. You can also use the .JOU file as a poor-man's Undo function. When you want to do an Undo, run the QUIT/SAVE command. Then edit the .JOU file, delete appropriate lines and/or "keystrokes" from the bottom, and then run the journal file with EDIT/EDT/RECOVER. You can press ESC followed by a key to see how that key is represented in the Journal file. > > I would guess that a substantial verification of EDT functionality > could be done by using a standard input and .JOU files, and compare > the resulting output file to a standard. AEF ------------------------------ Date: Thu, 19 Jul 2007 08:38:04 -0400 From: "David Turner, Island Computers" Subject: ES45 Memory Special for July 07 Message-ID: <139umosh7ncepff@news.supernews.com> We have a large qty of ES45 1GB Memory Kits Price is only $199 These are almost new HP original with the good buffer chips This is a very good price - and with 12 months warranty ! Davi -- David B Turner Island Computers US Corp 2700 Gregory St, Suite 180 Savannah GA 31404 T: 877-6364332 x201 Intl: 001 912 447 6622 E: dturner@islandco.com F: 912 201 0402 W: http://www.islandco.com ------------------------------ Date: Thu, 19 Jul 2007 09:58:12 -0400 From: "Richard B. Gilbert" Subject: Re: ES45 Memory Special for July 07 Message-ID: <469F6DF4.3000106@comcast.net> David Turner, Island Computers wrote: > We have a large qty of ES45 1GB Memory Kits > Price is only $199 > > These are almost new HP original with the good > buffer chips > > This is a very good price - and with 12 months warranty ! > > Davi > How things change. I can remember paying $10K for a gig of ES40 memory a few years ago! ------------------------------ Date: Thu, 19 Jul 2007 08:57:15 -0700 From: "Tom Linden" Subject: Re: ES45 Memory Special for July 07 Message-ID: On Thu, 19 Jul 2007 06:58:12 -0700, Richard B. Gilbert wrote: > David Turner, Island Computers wrote: >> We have a large qty of ES45 1GB Memory Kits >> Price is only $199 >> These are almost new HP original with the good >> buffer chips >> This is a very good price - and with 12 months warranty ! >> Davi >> > > How things change. I can remember paying $10K for a gig of ES40 memory > a few years ago! > I can remember paying $18k for 1 MB of Prime memory from Dick Egan when he first started EMC, and that was half of what prime was charging, ca. 1982 -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: 19 Jul 2007 16:42:43 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: ES45 Memory Special for July 07 Message-ID: <5g9ik3F3esvlnU1@mid.individual.net> In article , "Tom Linden" writes: > On Thu, 19 Jul 2007 06:58:12 -0700, Richard B. Gilbert > wrote: > >> David Turner, Island Computers wrote: >>> We have a large qty of ES45 1GB Memory Kits >>> Price is only $199 >>> These are almost new HP original with the good >>> buffer chips >>> This is a very good price - and with 12 months warranty ! >>> Davi >>> >> >> How things change. I can remember paying $10K for a gig of ES40 memory >> a few years ago! >> > I can remember paying $18k for 1 MB of Prime memory from Dick Egan when he > first started EMC, and that was half of what prime was charging, ca. 1982 You weren't by any chance present at the PUG Keynote speech he gave when he held up the first high-density :-) memory board for the Pr1me? I can't remember if it was Baltimore or Orlando but it is pretty funny to think back on those days now when I carry 1GB in my pocket all the time, "just in case". :-) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 19 Jul 2007 10:02:53 -0700 From: "Tom Linden" Subject: Re: ES45 Memory Special for July 07 Message-ID: On Thu, 19 Jul 2007 09:42:43 -0700, Bill Gunshannon wrote: > In article , > "Tom Linden" writes: >> On Thu, 19 Jul 2007 06:58:12 -0700, Richard B. Gilbert >> wrote: >> >>> David Turner, Island Computers wrote: >>>> We have a large qty of ES45 1GB Memory Kits >>>> Price is only $199 >>>> These are almost new HP original with the good >>>> buffer chips >>>> This is a very good price - and with 12 months warranty ! >>>> Davi >>>> >>> >>> How things change. I can remember paying $10K for a gig of ES40 memory >>> a few years ago! >>> >> I can remember paying $18k for 1 MB of Prime memory from Dick Egan when >> he >> first started EMC, and that was half of what prime was charging, ca. >> 1982 > You weren't by any chance present at the PUG Keynote speech he gave > when he held up the first high-density :-) memory board for the Pr1me? > I can't remember if it was Baltimore or Orlando but it is pretty funny > to think back on those days now when I carry 1GB in my pocket all the > time, "just in case". :-) > No, but he delivered it in person to my office downtown Boston on Atlantic Ave. > bill > -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 19 Jul 2007 14:36:36 -0000 From: lalo Subject: Message NONAME-W-NOMSG Message-ID: <1184855796.079178.319630@z24g2000prh.googlegroups.com> Hi everybody, I want to know about this message or this means a failure? I'd search on google but these answers werent enough ------------------------------------------------------------------------------------------ Job CARGA_TBACK_JDA_CT (queue SYS$NODE, entry 58) terminated with error status %NONAME-W-NOMSG, Message number 00000000 Server1::Prompt> Job CARGA_TBACK_JDA_CT (queue SYS$NODE, entry 59) terminated with error status %NONAME-W-NOMSG, Message number 00000000 Server1::Prompt> ------------------------------------------------------------------------------------------ These jobs are running with submit command on a queue when these are finished show these messages: This node is running under OpenVMS v.7.3-2 with tcpip v.5.4 I hope you opinions thanks. Eduardo ------------------------------ Date: Thu, 19 Jul 2007 17:09:09 GMT From: Rob Brown Subject: Re: Message NONAME-W-NOMSG Message-ID: On Thu, 19 Jul 2007, lalo wrote: > Hi everybody, I want to know about this message or this means a > failure? I'd search on google but these answers werent enough > > ------------------------------------------------------------------------------------------ > Job CARGA_TBACK_JDA_CT (queue SYS$NODE, entry 58) terminated with > error status > > %NONAME-W-NOMSG, Message number 00000000 This means either: 1. The .COM file that is the batch job has a $ EXIT 0 (or $ EXIT and symbol happens to have a 0 in it). or 2. The .COM file has ON WARNING EXIT, and some command or application that the .COM file runs is exiting with a 0 status. In either case, the appropriate next step would be to put a SET VERIFY in the .COM file so that there is more information in the .LOG file. hth - Rob -- Rob Brown b r o w n a t g m c l d o t c o m G. Michaels Consulting Ltd. (780)438-9343 (voice) Edmonton (780)437-3367 (FAX) http://gmcl.com/ ------------------------------ Date: Thu, 19 Jul 2007 11:04:56 -0000 From: IanMiller Subject: Re: MUTEX's to be investigated Message-ID: <1184843096.873416.238870@w3g2000hsg.googlegroups.com> Do you have a lot of logical names ? ------------------------------ Date: Thu, 19 Jul 2007 10:34:12 -0700 From: Volker Halle Subject: Re: MUTEX's to be investigated Message-ID: <1184866452.422165.52810@m3g2000hsh.googlegroups.com> Hans, you could try LNM tracing to find out, how often logical name translations are being done. $ ANAL/SYS SDA> LNM ! provides some help... SDA> LNM LOAD SDA> LNM START TRACE SDA> LNM SHOW TRACE/IDENT=epid ... SDA> LNM STOP TRACE SDA> LNM UNLOAD SDA> EXIT Volker. ------------------------------ Date: Thu, 19 Jul 2007 17:50:51 GMT From: VAXman- @SendSpamHere.ORG Subject: OT: from sshmucks to the real schmucks! Message-ID: <%vNni.38$Zi.11@newsfe12.lga> This one is of a personal nature/interest and, IMHO, should concern all. http://tmesis.com/pesky_fly.html -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/sig.jpg ------------------------------ Date: Thu, 19 Jul 2007 08:55:19 -0700 From: Rich Jordan Subject: Re: OT: Their shamelessness knows no bounds. Message-ID: <1184860519.762175.160530@k79g2000hse.googlegroups.com> On Jul 17, 9:25 pm, "Richard B. Gilbert" wrote: > Brad Hamilton wrote: > > In article , VAXman- @SendSpamHere.ORG wrote: > > >>Of personal interest... > > >>http://tmesis.com/seirea.html > > >>Please help. > > > I don't suppose there's any way to email Senators and Reps? There's a little > > irony that savenetradio.org does not have that alternative, but instead urges > > concerned folks to *call* their legislators. :-) > > [...] > > I'm sure there's a way to E-mail legislators. A little work with Google > might even turn up appropriate addresses for YOUR legislators. > > Don't expect too much however. Your legislators may never even see your > well reasoned arguments. One of my uncles served five terms in the > House of Representatives 1965-1975. I visited him once and saw how his > mail was handled. He got more than he could possibly read himself. His > staff opened and read the mail and maybe kept a for and against tally > for the current "hot button" issues. Everybody who wrote got a polite > and meaningless reply. He had something like a "DECWriter" with a paper > tape reader and paper tapes for the standard "form letters". His staff > were really good at forging his signature. If you visit the house and senate sites (senate.gov and house.gov, I believe) most of them have an online contact page for constituents to use. Many also state that snail mail will be delayed due to extra processing occurring since the anthrax attacks back in 2001 and that the online form is the 'preferred' method. Both of my Senators are pretty bad, but one of them has an excellent staff; I've always received responses relevant to what I wrote within 7-10 days (the other one, the true cretin, takes months, sends irrelevant boilerplate responses or even sends thank you for agreeing notes even when my contacts are extremely critical of his positions; he's a lock-in so obviously doesn't give a damn about anyone who disagrees with him). So calls are OK but the online contact form _MAY_ be worth considering, depending on the quality of your rep and their staff. ------------------------------ Date: Thu, 19 Jul 2007 07:21:04 -0400 From: "Neil Rieck" Subject: Re: String manipulations Message-ID: <469f3cd0$0$16294$88260bb3@free.teranews.com> "R.A.Omond" wrote in message news:f7mslb$f26$1$8300dec7@news.demon.co.uk... > Richard B. Gilbert wrote: [...snip...] >> >> Are you finding your homework a little too difficult? > > Actually, I view this as quite positive. At least *someone* > *somewhere* is being set VMS stuff for homework! > What's really perplexing is that someone without the hacker ethic would actually take a computer course. Back in the day, my classmates would solve something like this while still in class so that everyone would know that the first person across the finish line could bear the title "Hacker Supremo". p.s. back then, "hacker" was a compliment; not something illegal or unprofessional Neil -- Posted via a free Usenet account from http://www.teranews.com ------------------------------ Date: Thu, 19 Jul 2007 07:56:08 +0200 From: "P. Sture" Subject: Re: these sshmucks are at it again... Message-ID: In article , Rob Brown wrote: > On Wed, 18 Jul 2007, Richard B. Gilbert wrote: > > > Don't you have a router and/or firewall that you can configure to > > block access from the source IP or network? > > Last time I took a look at these SSH attacks, no two sets of attacks > came from the same place. I have a feeling these things are driven by zombies. I got fed up and blocked ssh at my router for several months. When I put it back, I chose a different port. But on the spam side, I can go several hours with no attempts, then suddenly get attacks from 2 or 3 addresses within the space of 1 minute. A simultaneous attack from Brazil, Portugal and Lithuania does point to zombies. -- Paul Sture ------------------------------ Date: Thu, 19 Jul 2007 07:33:04 +0200 From: "P. Sture" Subject: Re: these sshmucks are at it again... Message-ID: In article , bradhamilton@comcast.net (Brad Hamilton) wrote: > In article , VAXman- @SendSpamHere.ORG > wrote: > [...] > >I > >am just curious, as others have pointed out, whether or not it is a legit > >attack or some moron using Administrator or root. > > > > Most of the ssh "attacks" that I "suffer" seem to come from folks attempting > to > login as "SSH" (TCPware 5-7.2 on Alpha VMS 8.3); however, I'm confident > enough > that none of them will "break-in", and so I leave the normal SSH port "open", > as kind of a "poor man's Teergrube". :-) The more time the b****rds spend > trying to break into my system, the less time they have to break into some > other poor schmuck's system. A public service, I call it. :-) > [...] Yes, I've taken that attitude sometimes as well. My problem is that I can hear the disk activity; such an attack results in a recognizable rhythm, and I get fed up of that. PS. Now I think of it, I was a teergube myself back when I bought my first house. The area was newly built and plagued with window and insulation salesmen. I saw it my public duty to tie them up for as long as possible as a service to my neighbours :-) -- Paul Sture ------------------------------ Date: Thu, 19 Jul 2007 12:44:30 +0200 From: "P. Sture" Subject: Re: these sshmucks are at it again... Message-ID: In article <469eb405@dnews.tpgi.com.au>, Jim Duff wrote: > Michael Moroney wrote: > >[snipage] > > > > Does anyone know of a system service or $QIO that will do the above TCPIP > > commands, or the equivalent of a $ SET AUDIT/LISTENER=mailbox and > > $ SET AUDIT/NOLISTEN ? I especially want the latter in an exit handler, > > because if the program doesn't shut down properly, the mailbox gets full > > and the audit server gets upset and starts suspending all the processes! > > I don't want anyone getting pissed off at me because this program hung > > your system, even if it's the audit server at fault. If you try to log in > > to fix it, the audit server suspends the process before you get a chance > > to do anything! > > > > In a previous life, I wrote a program that listened to audit server > messages also. I came to the conclusion that the best way to do the > SET AUDIT/NOLISTEN was to declare an exit handler to generate an OPCOM > message (just to let people know what's going on) and then create a > detached process to perform the SET AUDIT/NOLISTEN. > > For the SET AUDIT/LISTEN, I just have a command procedure to start the > program as a detached process, and wait in a loop for the appropriate > mailbox logical to appear. FWIW, the early 1990s code snippet I have does (did?) a spawn for SET AUDIT/(NO)LISTEN. Can a call to spawn work if the audit mailbox is already there and full? There's some error processing in this routine which does a "COPY NL:" if the SET AUDIT/LISTEN command fails. It does this with a 12 second timeout since you won't see an EOF from the mailbox. > I'm unaware of any documented ways to perform these actions under > program control. If you have access to the source listings however... > I've just scanned the V8.3 System Services manual, but didn't find anything obvious. -- Paul Sture ------------------------------ Date: 19 Jul 2007 12:11:54 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: these sshmucks are at it again... Message-ID: <5g92oaF3823v7U1@mid.individual.net> In article <469F526A.6070404@comcast.net>, "Richard B. Gilbert" writes: > P. Sture wrote: >> In article , >> bradhamilton@comcast.net (Brad Hamilton) wrote: >> >> >>>In article , VAXman- @SendSpamHere.ORG >>>wrote: >>>[...] >>> >>>>I >>>>am just curious, as others have pointed out, whether or not it is a legit >>>>attack or some moron using Administrator or root. >>>> >>> >>>Most of the ssh "attacks" that I "suffer" seem to come from folks attempting >>>to >>>login as "SSH" (TCPware 5-7.2 on Alpha VMS 8.3); however, I'm confident >>>enough >>>that none of them will "break-in", and so I leave the normal SSH port "open", >>>as kind of a "poor man's Teergrube". :-) The more time the b****rds spend >>>trying to break into my system, the less time they have to break into some >>>other poor schmuck's system. A public service, I call it. :-) >>>[...] >> >> >> Yes, I've taken that attitude sometimes as well. >> >> My problem is that I can hear the disk activity; such an attack results in a >> recognizable rhythm, and I get fed up of that. >> > > > > Consider getting a cheap router/firewall from Linksys, DLink, etc. Mine > does not allow ANY incoming traffic that is not in response to some > outgoing traffic! IOW, don't call me, I'll call you!! > > Just for grins, I look at the logs this thing keeps and see three to six > attempts per minute around the clock! Most probes go to ports 1028 and > 1029; I've never figured out what that's supposed to accomplish. Windows Messenger bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Thu, 19 Jul 2007 05:45:58 -0700 From: ultradwc@gmail.com Subject: Re: these sshmucks are at it again... Message-ID: <1184849158.598276.221540@g4g2000hsf.googlegroups.com> On Jul 18, 8:21 am, VAXman- @SendSpamHere.ORG wrote: > More ssh attacks. They are mostly a nuisance. However, logs full of > OPCOM messages like this > > %%%%%%%%%%% OPCOM 18-JUL-2007 08:05:42.85 %%%%%%%%%%% > Message from user AUDIT$SERVER on ****** > Security alarm (SECURITY) and security audit (SECURITY) on ******, system id: 1234 > Auditable event: Network login > Event time: 18-JUL-2007 08:05:42.85 > PID: 20200D5E > Process name: TCPIP$SS_BG3304 > Username: TCPIP$SSH > Process owner: [TCPIP$AUX,TCPIP$SSH] > Image name: DKA0:[SYS0.SYSCOMMON.][SYSEXE]LOGINOUT.EXE > Remote node id: 11223344 (aa.bbb) > Remote node fullname: aa.bb.cc.dd > Remote username: TCPIP$SSH > Posix UID: -2 > Posix GID: -2 (%XFFFFFFFE) > > %%%%%%%%%%% OPCOM 18-JUL-2007 08:05:48.42 %%%%%%%%%%% > Message from user AUDIT$SERVER on ****** > Security alarm (SECURITY) and security audit (SECURITY) on ******, system id: 1234 > Auditable event: Network login failure > Event time: 18-JUL-2007 08:05:48.42 > PID: 20200D5E > Process name: TCPIP$SS_BG3304 > Username: TCPIP$SSH > Remote node fullname: SSH_PASSWORD:some.hackers.net > Remote username: SSH_11223344 > Status: %LOGIN-F-NOTVALID, user authorization failure > > would be much more useful if ONE of the above two logged messages would > include the username the hacker is trying to use for access. I do not > see it (the username under attack) in any of the SSH log files either. > > This is TCPIP services ssh, BTW. If anybody has a quick and dirty to get > the username under attack, I'd appreciate it. HP, if you are listening, > this would be a nice feature if it doesn't already exist (I didn't see a > way get it when I perused the ssh doc). > > -- > VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM > > "Well my son, life is like a beanstalk, isn't it?" > > http://tmesis.com/sig.jpg TCPware shows username, but if you have intrusion on for say 3 strikes and your out, then $ SHOW INTRUSION will show you the username also ... ------------------------------ Date: 19 Jul 2007 07:47:39 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: these sshmucks are at it again... Message-ID: In article <07071814223108_202003EE@antinode.org>, sms@antinode.org (Steven M. Schweda) writes: > > Unless it doesn't: > One more example of Multinet doing something for you that TCPIP Services doesn't. You'ld think by now someone would have learned TCPIP Services needs to catch up to and keep up with the competition. ------------------------------ Date: 19 Jul 2007 07:50:32 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: these sshmucks are at it again... Message-ID: In article , JF Mezei writes: > > Then the owners of VMS should port SSH to VAX so that hobbysist could > let the sshmucks try to login on all mighty microvax IIs :-) That would > slow them down :-) ? My VAXen have been running SSH for years. ------------------------------ Date: Thu, 19 Jul 2007 14:10:35 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: these sshmucks are at it again... Message-ID: In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > > >In article <07071814223108_202003EE@antinode.org>, sms@antinode.org (Steven M. Schweda) writes: >> >> Unless it doesn't: >> > > One more example of Multinet doing something for you that TCPIP > Services doesn't. > > You'ld think by now someone would have learned TCPIP Services needs > to catch up to and keep up with the competition. One of the features of Multinet and TCPware ssh that I like (and it is my technology that makes it possible) is the display of the Remote Port Info in a SHOW TERMINAL showing where the ssh connection is coming from. I've added this same capability to TCPIP Services ssh connections on my system. I am beginning to feel that if I want the username information to appear in an OPCOM security message, I may need to have to add this ability my- self as well. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/sig.jpg ------------------------------ Date: Thu, 19 Jul 2007 07:38:37 -0700 From: ultradwc@gmail.com Subject: Re: these sshmucks are at it again... Message-ID: <1184855917.378019.141180@x40g2000prg.googlegroups.com> On Jul 18, 8:21 am, VAXman- @SendSpamHere.ORG wrote: > More ssh attacks. They are mostly a nuisance. However, logs full of > OPCOM messages like this > > %%%%%%%%%%% OPCOM 18-JUL-2007 08:05:42.85 %%%%%%%%%%% > Message from user AUDIT$SERVER on ****** > Security alarm (SECURITY) and security audit (SECURITY) on ******, system id: 1234 > Auditable event: Network login > Event time: 18-JUL-2007 08:05:42.85 > PID: 20200D5E > Process name: TCPIP$SS_BG3304 > Username: TCPIP$SSH > Process owner: [TCPIP$AUX,TCPIP$SSH] > Image name: DKA0:[SYS0.SYSCOMMON.][SYSEXE]LOGINOUT.EXE > Remote node id: 11223344 (aa.bbb) > Remote node fullname: aa.bb.cc.dd > Remote username: TCPIP$SSH > Posix UID: -2 > Posix GID: -2 (%XFFFFFFFE) > > %%%%%%%%%%% OPCOM 18-JUL-2007 08:05:48.42 %%%%%%%%%%% > Message from user AUDIT$SERVER on ****** > Security alarm (SECURITY) and security audit (SECURITY) on ******, system id: 1234 > Auditable event: Network login failure > Event time: 18-JUL-2007 08:05:48.42 > PID: 20200D5E > Process name: TCPIP$SS_BG3304 > Username: TCPIP$SSH > Remote node fullname: SSH_PASSWORD:some.hackers.net > Remote username: SSH_11223344 > Status: %LOGIN-F-NOTVALID, user authorization failure > > would be much more useful if ONE of the above two logged messages would > include the username the hacker is trying to use for access. I do not > see it (the username under attack) in any of the SSH log files either. > > This is TCPIP services ssh, BTW. If anybody has a quick and dirty to get > the username under attack, I'd appreciate it. HP, if you are listening, > this would be a nice feature if it doesn't already exist (I didn't see a > way get it when I perused the ssh doc). > > -- > VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM > > "Well my son, life is like a beanstalk, isn't it?" > > http://tmesis.com/sig.jpg TCPware shows it, and also what about $ SHOW INTRUSION that protects your box as well as show the user locked out ------------------------------ Date: Thu, 19 Jul 2007 15:21:52 +0000 (UTC) From: moroney@world.std.spaamtrap.com (Michael Moroney) Subject: Re: these sshmucks are at it again... Message-ID: VAXman- @SendSpamHere.ORG writes: >>Just for grins, I look at the logs this thing keeps and see three to six >>attempts per minute around the clock! Most probes go to ports 1028 and >>1029; I've never figured out what that's supposed to accomplish. >IANA's list shows 1028 deprecated and 1029 is called "Solid Mux Server". >I don't know why they'd look to probe these other than there may be some >way to distinguish from the reponse whether or not there's some firewall >in the mix. Ports 1024 and up are for ports used as the return port no. of outbound calls as well as for unprivileged servers. It may be that an "out of the box" Windoze system, when it boots, starts using ports starting at 1024 for outbound calls, and application X (someone mentioned Messenger) happens to always get 1028 and/or 1029 when it eventually starts. The hacker is targeting Application X's outbound connection. Having said that, I don't know the order that Windows uses port numbers, and it may still may be some service. The IANA list entry probably means little. Microsoft often has an attituude that standards are for everyone else. ------------------------------ Date: Thu, 19 Jul 2007 15:29:13 +0000 (UTC) From: moroney@world.std.spaamtrap.com (Michael Moroney) Subject: Re: these sshmucks are at it again... Message-ID: "P. Sture" writes: >In article <469eb405@dnews.tpgi.com.au>, Jim Duff >wrote: >> I'm unaware of any documented ways to perform these actions under >> program control. If you have access to the source listings however... >> >I've just scanned the V8.3 System Services manual, but didn't find >anything obvious. I have since been told that audit server commands such as SET AUDIT/LISTEN are implemented as mailbox messages to a different audit server mailbox. ------------------------------ Date: Thu, 19 Jul 2007 08:55:43 -0700 From: Doug Phillips Subject: Re: these sshmucks are at it again... Message-ID: <1184860543.444417.232220@n2g2000hse.googlegroups.com> On Jul 18, 5:38 pm, moro...@world.std.spaamtrap.com (Michael Moroney) wrote: > VAXman- @SendSpamHere.ORG writes: > >In article <1184785605_1...@sp12lax.superfeed.net>, Jeff Campbell writes: > >>> This is TCPIP services ssh, BTW. If anybody has a quick and dirty to get > >>> the username under attack, I'd appreciate it. HP, if you are listening, > >>> this would be a nice feature if it doesn't already exist (I didn't see a > >>> way get it when I perused the ssh doc). > > Unfortunately, SSH doesn't report the username to the audit server > properly. See below. > > >>ANAL/AUDI will show you the attempted user names. On my system I see: > >From ssh? I don't think so... Here is what I see for both LOGFAIL and > >BREAKIN event types in my AUDIT logs: > > Date / Time Type Subtype Node Username ID Term > >18-JUL-2007 07:55:26.57 BREAKIN NETWORK ****** TCPIP$SSH 20200D4F > >18-JUL-2007 07:54:56.92 LOGFAIL NETWORK ****** TCPIP$SSH 20200D4A > >Using HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 6 > > I wrote a little program that listens to the audit server, and when it > detects a TCPIP breakin attempt, it'll disable the attacking IP address. > Except it's not all there. I do detect the breakin and figure out the > IP address to disable, but don't actually disable anything. It knows > about SSH, FTP and TELNET breakin attempts. What I found that makes this > a mess: > > There is a "remote node address" field where I'd think the IP address of > the attacker would go. TELNET puts it there. So does FTP, but in the > reverse byte order of TELNET! (Big-endian vs. little endian issue) > SSH doesn't use the field at all! I can figure out the SSH attacker > address via a hack. > > FTP and TELNET do tell you the username being attacked. SSH does - only > if it exists on the system! Otherwise it uses the username TCPIP$SSH. > > What's stopping me from the final touch and give it to you: > Being busy, and writing a simple LIB$SPAWN to do either a: > $ TCPIP SET COMMUNICATION/REJECT=ip.add.re.ss or > $ TCPIP SET ROUTE ip.add.re.ss /GATEWAY=black.hole or something, and > a LIB$SPAWN to do a SET AUDIT, plus cleanup. The hard part is done > and working. > > Does anyone know of a system service or $QIO that will do the above TCPIP > commands, or the equivalent of a $ SET AUDIT/LISTENER=mailbox and > $ SET AUDIT/NOLISTEN ? I especially want the latter in an exit handler, > because if the program doesn't shut down properly, the mailbox gets full > and the audit server gets upset and starts suspending all the processes! > I don't want anyone getting pissed off at me because this program hung > your system, even if it's the audit server at fault. If you try to log in > to fix it, the audit server suspends the process before you get a chance > to do anything! Seems like a bored VMS kernel level hacker could write a type of software honeypot/sandbox/tar pit that would run after x number of suspicious attempts and present whatever environment or message that you wanted to display. Maybe a prompt that shifts between various mainframe, *nix & windows looks, and eventually displays something like: "Traceback successful. Black helicopters will arrive momentarily. Offending system will be neutralized in 10......9.....8......7..." .5 * ;-) ------------------------------ Date: Thu, 19 Jul 2007 15:45:19 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: these sshmucks are at it again... Message-ID: In article , moroney@world.std.spaamtrap.com (Michael Moroney) writes: > > >"P. Sture" writes: > >>In article <469eb405@dnews.tpgi.com.au>, Jim Duff >>wrote: > >>> I'm unaware of any documented ways to perform these actions under >>> program control. If you have access to the source listings however... >>> > >>I've just scanned the V8.3 System Services manual, but didn't find >>anything obvious. > >I have since been told that audit server commands such as SET AUDIT/LISTEN >are implemented as mailbox messages to a different audit server mailbox. I've always hated this ill-conceived interface. If the listener program dies and the listener mailbox is still defined, the AUDIT_SERVER will con- tinue to write to the mailbox until it fills; then, all hell breaks loose. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/sig.jpg ------------------------------ Date: Thu, 19 Jul 2007 13:02:03 -0400 From: JF Mezei Subject: Re: these sshmucks are at it again... Message-ID: I think that the VMS management should take a step back, and then tell whatever engineers are left in the TCPIP group to make the TCPIP Services product compliant with VMS security. This include ensuring all attempst at verifying username/passwords are treated as a network login, complete with breaking evasion and COMPLETE LOGGING OF THE ATTEMPT, ensure that all inbound calls are logged in a consistent manner etc etc. If what is left of VMS versus the others is its security, then bringing TCPIP Services up to a minimum par should be an extreme priority. (And BTW, at 5.3 XDM also allowed unlimited login attempts, not sure at 5.6) ------------------------------ Date: Thu, 19 Jul 2007 12:05:32 -0400 From: "Stanley F. Quayle" Subject: VAX in walled-in by accident Message-ID: <469F538C.4713.39B7323@squayle.insight.rr.com> We've heard this story over the years. I have an eyewitness. Check out my blog at: http://www.stanq.com/blog/ --Stan Quayle Quayle Consulting Inc. ---------- Stanley F. Quayle, P.E. N8SQ Toll free: 1-888-I-LUV-VAX 8572 North Spring Ct., Pickerington, OH 43147 USA stan-at-stanq-dot-com http://www.stanq.com/charon-vax.html "OpenVMS, when downtime is not an option" ------------------------------ Date: Thu, 19 Jul 2007 09:33:54 -0700 From: "Tom Linden" Subject: Re: VAX in walled-in by accident Message-ID: On Thu, 19 Jul 2007 09:05:32 -0700, Stanley F. Quayle wrote: > We've heard this story over the years. I have an eyewitness. Check > out my blog at: > > http://www.stanq.com/blog/ Makes you want to hear more. Can you flesh out the story, how long was it walled up, what was it running, how was it serving the clients, connections, etc. Obviously the applications were written in PL/I, since it was still running:-) > > > --Stan Quayle > Quayle Consulting Inc. > > ---------- > Stanley F. Quayle, P.E. N8SQ Toll free: 1-888-I-LUV-VAX > 8572 North Spring Ct., Pickerington, OH 43147 USA > stan-at-stanq-dot-com http://www.stanq.com/charon-vax.html > "OpenVMS, when downtime is not an option" > > -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 19 Jul 2007 08:50:02 -0700 From: Rich Jordan Subject: Re: What OS version to run on a DEC 3000-M600 Message-ID: <1184860202.907167.195300@g4g2000hsf.googlegroups.com> On Jul 18, 12:26 pm, Slor wrote: > Thanks guys for all the feedback. > > -- > Jameshttp://www.e-host-direct.com > Reliable web hosting from $12/year. James, if you don't mind saying, are you in the US? Rich ------------------------------ End of INFO-VAX 2007.392 ************************