A VM/MVS sysprog with 2 ex-girlfriends??? Definitely fiction. %-) Martha
On Wed, 6 Apr 2011 11:20:18 -0400 Alan Altmark said: >On Tuesday, 04/05/2011 at 06:44 EDT, Karl Huf <k...@ntrs.com> wrote: >> Are there good reasons or am I making mountains where there are no >> molehills? > >When two disjoint entities have access to the same resources, there are >mountains that must be scaled. As others have noted, giving Entity One >access to the resources managed by Entity Two is a decision that you need >to *explicitly* make. Would you do it on other platforms? Is there a >policy? Do you need an approved waiver? A.k.a "Get Out of Jail Free >card." > >I ran across a problem when z/OS had access to z/VM dasd, and a *tape* >volser matched one of the z/VM *dasd* volsers. The tape mount on z/OS >failed. I was using the approved dasd naming convention - the Keepers of >the Convention had overlooked this issue. The MVS folks said, "Just >relabel all your disk volumes." I scoffed in their general direction and >told them to take VM dasd offline to MVS. But at some point the issue has >to be resolved because z/OS will be taking dasd backups of the z/VM >system, which is why it is shared. > >Now, on to Hollywood. Wednesday nights at 9pm on the CBC (Chuckie >Broadcasting System). This episode of "CSI: IT" opens with a VM systems >programmer sitting in a jail cell. We can tell he's a sysprog, btw, >because the guards keep rolling shiny balls in front of the cell, stopping >the sysprog in his tracks. (A bit of opening inside-joke humor while the >intro credits roll by.) As we watch, we find that: > >1. An MVS application is running, containing financial and personal >information of millions of people. Priceless. >(exciting, huh?) >2. A call from a throwaway cell phone (natch, don't bother checking) comes >into the CEO's office demanding $500M for the "return" of the above data >we now realize has been stolen. The voice is unfamiliar, but we >recognize an MVS accent. I think it's the way the caller said "dataset" >as all one word. [Obviously the story writer had been in the biz at some >point.] >3. There is a mad scramble to study the MVS SMF records. Nothing is >found. Squeaky clean. >4. The Class A IT Forensics team (night shift) is called in. [IT forensics >are best done at night, in the dark with the world's smallest flashlight.] >5. They discover shared dasd. Mangement says, "Is that a problem, >Inspector?" >(go to commercial for some new IT Security Software) >6. We "learn" that VM access to the dasd is not mediated by MVS security >controls (duh) >7. We "discover" that the jailed sysprog had unlimited power on VM (yawn >... duh x 2) >(wow...20 more minutes to solve the crime!) >8. Everyone involved gets an attorney and stops talking. (De rigeur for >all police dramas) >9. CSIs establish Means and Opportunity of the hapless sysprog. >10. They lean on the sysprog's gum-chewing ex-girlfriend and find that the >sysprog DID make some drunken statement at a party about the way >Management treated him on his last appraisal. They learn from another >ex-girlfriend that the sysprog spent 15 years working on MVS. They learn >from his mother that "he was always a quiet boy; just played his video >games." >11. Raising suspicions further, the sysprog did NOT advise Management of >the risks of such a configuration. >(go to commercial for platform-specific backup/restore software) > >And now you're caught up. You'll have to watch the rest of the episode to >find out what happens next. <spoiler alert> It's not what you think.... ></spoiler alert> > >Alan Altmark > >z/VM and Linux on System z Consultant >IBM System Lab Services and Training >ibm.com/systems/services/labservices >office: 607.429.3323 >mobile; 607.321.7556 >alan_altm...@us.ibm.com >IBM Endicott