Re: Encryption
John Abernethy wrote: Does anyone know if ICSF requires specialized hardware to run? On all machines before the z990 and z890, in order to run ICSF you need to have the CCFs (Cryptographic Coprocessor Feature) activated, a master key properly set and a CKDS (Cryptographic Key Data Set) allocated. On the z990 and z890, the minimum you need to be able to run ICSF is to have CPACF (CP Assist for Cryptographic Functions), a feature that comes with every processor, activated. Activation of the CCFs requires a Hardware Enablement Diskette (orderable as a feature) which needs to be loaded by an IBM CE over a POR (Power-On Reset). Activation of CPACF also requires a feature to be ordered but does not require a POR. -- Ulrich Boche SVA GmbH, Germany IBM Premier Business Partner -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Console logon(required) and routed MQS commands in a sysplex
On 6/7/2005 1:06 AM, Barbara Nitz wrote: OA12196 is also not trackable in AST. ;-( True. I'll let you know when the ptf is available. You can open an ETR with IBM and request subscription to the apar. IBM won't even tell me why they give me recommendations that are not explained at all. And *I know* that there is a gaping hole (I found it in the non-oco control blocks - and I have to assume that logon to one console right after IPL for the first time destroys the security environment of another, so that all commands routed in a sysplex issued from that other console will be accepted as if logon were not required). Also I wonder: I was told that neither the apar text nor the resolution are shown in the ++ptf. The thing will probably be marked so that it should be installed first chance. Are all of you installing ptfs just on IBM's say-so without knowing why? We normally don't do that... OA12196 is a Security APAR. Just as with Integrity APARs, IBM withholds details of the problem and the fix to decrease the chances that someone will find out the details and attack systems that do not have the fix applied yet. Yes, you're just supposed to install it, as with all other PTFs for Security/Integrity APARs. Walt Farrell, CISSP z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
-Original Message- From: Werner Kuehnel [EMAIL PROTECTED] To: IBM-MAIN@BAMA.UA.EDU Sent: Tue, 7 Jun 2005 12:15:54 +0200 Subject: Additional DASD devices Can someone tell me please, what storage areas will be used if I add let's say 4096 DASD devices (new DASD subsystem) to my HCD configuration? I seem to recall a situation months ago, when we defined our new STK V2XF with the maximum of addresses, the available private region went down by 1 MB. Unfortunately I can't remember what areas caused this. Werner I/O devices, channels, control units, etc., are described by control blocks that are in the part of central storage called the Hardware Storage Area (HSA), which is allocated from the top down. These control blocks are normally accessed and accessible only by the channel subsystem. Most of them are not documented in the Principles of Operations. I don't remember if there is any MVS operator command that can display how large the HSA is. Bill Fairchild -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
The command would be: D IOS,CONFIG(HSA) Salah -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Bill Fairchild Sent: Tuesday, June 07, 2005 6:55 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Additional DASD devices -Original Message- From: Werner Kuehnel [EMAIL PROTECTED] To: IBM-MAIN@BAMA.UA.EDU Sent: Tue, 7 Jun 2005 12:15:54 +0200 Subject: Additional DASD devices Can someone tell me please, what storage areas will be used if I add let's say 4096 DASD devices (new DASD subsystem) to my HCD configuration? I seem to recall a situation months ago, when we defined our new STK V2XF with the maximum of addresses, the available private region went down by 1 MB. Unfortunately I can't remember what areas caused this. Werner I/O devices, channels, control units, etc., are described by control blocks that are in the part of central storage called the Hardware Storage Area (HSA), which is allocated from the top down. These control blocks are normally accessed and accessible only by the channel subsystem. Most of them are not documented in the Principles of Operations. I don't remember if there is any MVS operator command that can display how large the HSA is. Bill Fairchild -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
/D IOS,CONFIG(HSA) in SDSF will give you the amount of the hardware system area (HSA) that is available to perform configuration changes. This is an excerpt from the z/OS 1.6 System Commands. -Original Message- From: Werner Kuehnel [EMAIL PROTECTED] To: IBM-MAIN@BAMA.UA.EDU Sent: Tue, 7 Jun 2005 12:15:54 +0200 Subject: Additional DASD devices Can someone tell me please, what storage areas will be used if I add let's say 4096 DASD devices (new DASD subsystem) to my HCD configuration? I seem to recall a situation months ago, when we defined our new STK V2XF with the maximum of addresses, the available private region went down by 1 MB. Unfortunately I can't remember what areas caused this. Werner I/O devices, channels, control units, etc., are described by control blocks that are in the part of central storage called the Hardware Storage Area (HSA), which is allocated from the top down. These control blocks are normally accessed and accessible only by the channel subsystem. Most of them are not documented in the Principles of Operations. I don't remember if there is any MVS operator command that can display how large the HSA is. Bill Fairchild -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html John Cassidy Dipl-Ing Schleswigstr. 7 51065 Cologne Tel: +41 76 4198 658 EU -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IEW2606S Doing C Programming
I went and RTFMed (C/C++ Runtime Library Reference) since my memory obviously needed refreshing; I found this note: If you cannot use a PDSE member or HFS file, and your program contains C++ code, or C code that is compiled with any of the RENT, LONGNAME, DLL or IPA compiler options, you must use the prelinker. C and C++ code compiled with the GOFF or XPLINK compiler options cannot be processed by the prelinker. So, the use of the prelinker allows you to avoid the use of PDSEs in some cases. COMPAT is one binder option which should be checked. Bill On Sat, 4 Jun 2005 09:52:32 -0600, Paul Gilmartin [EMAIL PROTECTED] wrote: In a recent note, Big Iron said: Date: Fri, 3 Jun 2005 16:02:37 -0500 There are also some binder options: COMPAT, CASE=MIXED, LONGNAME or DLL which can force the use of program objects. I couldn't resist trying this: //DOIT EXEC HLASMCL,PARM.C=(OBJECT,NOXOBJECT,TERM), // PARM.L='MAP,LET,LIST,NCAL,CASE=MIXED' [ ... ] //* //L.SYSLIN DD DISP=SHR,DSN=*.C.SYSLIN // DD * NAME MixCase(R) //L.SYSLMOD DD DSNTYPE=PDS ... with the result in L.SYSPRINT: SAVE OPERATION SUMMARY: MEMBER NAME MixCase LOAD LIBRARYSYS05155.T094053.RA000.MIXED.GOSET.H01 PROGRAM TYPELOAD MODULE ... so, apparently, CASE=MIXED still doesn't require PDSE. The only way I can imagine to execute a program so named is with ATTACH from an Assembler program. I'm confident (without trying) that even Rexx address 'ATTCHMVS' 'MixCase' wouldn't do it. (But how about C, COBOL, PL/I, FORTRAN?) -- gil -- StorageTek INFORMATION made POWERFUL -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
Anyone read about Citigroup blaming UPS for losing customer's information for 3.9 million customers? I have this picture of someone tossing a couple of tapes in a box and mailing them off without realizing how important they were. That's not a fair comment. They seem to have taken reasonable precautions: In the most recent incident, Citigroup executives say the box containing the tapes was handed over to U.P.S., along with other items for shipping, on May 2, under special security procedures that the bank required of the courier. One of those special procedures, said Citigroup's chief operations and technology officer, Debby Hopkins, included scanning the bar code on each package, rather than scanning only the single bar code on the shipment manifest, which is a summary document listing all the packages being moved in one shipment What else would one do? Send a courier for each shipment? Bob Shannon -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
No, I would not use a courier. On the other hand, it would be a simple matter to have encrypted the data on the tapes. It is nothing less than grossly irresponsible to ship this type of data in an unencrypted format. John P Baker Software Engineer -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Bob Shannon Sent: Tuesday, June 07, 2005 07:37 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Banks Anyone read about Citigroup blaming UPS for losing customer's information for 3.9 million customers? I have this picture of someone tossing a couple of tapes in a box and mailing them off without realizing how important they were. That's not a fair comment. They seem to have taken reasonable precautions: In the most recent incident, Citigroup executives say the box containing the tapes was handed over to U.P.S., along with other items for shipping, on May 2, under special security procedures that the bank required of the courier. One of those special procedures, said Citigroup's chief operations and technology officer, Debby Hopkins, included scanning the bar code on each package, rather than scanning only the single bar code on the shipment manifest, which is a summary document listing all the packages being moved in one shipment What else would one do? Send a courier for each shipment? Bob Shannon -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
It is nothing less than grossly irresponsible to ship this type of data in an unencrypted format. According to your metric, probably 99.9% of companies worldwide are grossly irresponsible. I'm not defending them, I'm just saying that in 2005 almost no one encrypts tapes. Bob Shannon -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Entry level readers?
Been a sysprog for 28 years, 22 of that in MVS(beginning with XA), and I still consider myself a junior tomost of the folks here. I have a feeling that there was a distinct advantage to being around MVS in the non-OCO days. I know that I have a better understanding of CICS from those days in the CICS world. Steve A. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
On Jun 6, 2005, at 11:52 PM, Paul Gilmartin wrote: In a recent note unmask] said: Date: Mon, 6 Jun 2005 22:31:05 -0400 IGZ0201W A file attribute mismatch was detected. File DDNAME in program xxx had a record length of mmm+4 and the file specified in the ASSIGN clause had a record length of qqq. My specific problem was that I wanted to describe a record as the set of all possible variable records: RECORD VARYING FROM 5 TO 32761 And then to be able to open any variable blocked file. Just another case of the system showing its age in the 21st century... Someone in this group lately called UNIX radically immature. Now you see z/OS as superannuated. UNIX appears to me to be in its robust prime: you wouldn't have that problem on UNIX. -- gil -- StorageTek INFORMATION made POWERFUL The both date back to the jurassic age of computing -- 1970 isn't exactly new. And 36 years compared to 41 years is just about the same in the grand scheme of things. The big difference that I see is that z/OS keeps design decisions around long after the need for them is gone. For example, Unix dropped 'card' type metaphors as soon as readers and punches departed -- z/OS still has them in every nook and cranny a quarter of a century later. There are many other examples, but I've held forth on those at length previously, there is no need to do so again. What I find most humorous about the above LRECL/FD agreement problem is that IBM's Cobol now supports parsing modern XML, but makes it almost impossible to read such content from a Data Set using their flagship compiler. After all, it must be an error if you don't know the size of the card deck you are putting into the reader... [EMAIL PROTECTED] The most effective type of birth control is learning Cobol. -DT -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
I tried the D IOS,CONFIG(HSA) command and got a display that did not tell me how big HSA is, but rather how much of HSA is available for adding more configuration changes, such as more control units or subchannels (more commonly pronounced devices). HSA stands for Hardware System Area, not Hardware Storage Area as I wrote in my previous post. The info on how many HSAs there are, how big each one is, and its beginning address is all contained in the Service Call Control Block (SCCB), mapped by SYS1.MACLIB(IHASCCB), and pointed to by CVTSCPIN. Service Call is a special SVC (I think it is 122) in MVS that invokes the Diagnose instruction to read hardware configuration info from the floppy disk. I learned about it by perusing some RMF microfiche in 1987. The SCCB also has info on various processor features that are installed, such as the Performed Lock Operation (PLO) instruction. I don't remember any software that displays the SCCB info. TMON/MVS might. It should be easy to build code to find and display the contents or to find it in a system dump that includes (E)CSA and (E)SQA. Since the beginning address of each HSA is a four-byte value (SCCBAHSA), it appears that all HSAs are allocated from the top down of the 2GB bar. Bill Fairchild -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Good article on mainframe not dead?
Also, please see www.illustro.com/mainframeconversions.htm. Here we have started an archive chronicling some less than successful conversions away from the mainframe. ** Eric Vaughan illustro Systems International, LLC --- See The Light--- Visit www.illustro.com to experience: z/Web-Host -- Easy Web Enablement for your Mainframe z/XML-Host -- Easy XML Enablement for your Mainframe Tel: +1.214.800.8900 Fax: +1.214.800.8989 ** -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Steve Comstock Sent: Monday, June 06, 2005 12:20 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Good article on mainframe not dead? Charles Mills wrote: I'm looking for one good, recent (last 12 months?) article I could send to someone who said to me you mean companies are still using mainframes? Is anyone still making new ones? The man in question is quite technical but obviously enterprise IT (and even computers specifically) is not his field. So the article could be fairly technical, but would not need to be. Thanks, Charles Mills Well, we have some pieces we call Very Short Presentations on moder mainframes on our site at: http://www.trainersfriend.com/General_content/VSP_site.htm A 28-page pdf article titled The Future of Mainframes Is Now can be found at: http://www.trainersfriend.com/Papers/ztalkpr.pdf There is a link to an IBM-sponsored article called The Dinosaur Myth at: http://www-306.ibm.com/software/info/zseries/ Hope this helps. Kind regards, -Steve Comstock The Trainer's Friend, Inc. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Good article on mainframe not dead?
In a message dated 6/7/2005 8:00:09 A.M. Central Standard Time, [EMAIL PROTECTED] writes: Also, please see www.illustro.com/mainframeconversions.htm. Here we have started an archive chronicling some less than successful conversions away from the mainframe. Are you aware of reboothill? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Werner Kuehnel Sent: Tuesday, June 07, 2005 5:16 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Additional DASD devices Can someone tell me please, what storage areas will be used if I add let's say 4096 DASD devices (new DASD subsystem) to my HCD configuration? I seem to recall a situation months ago, when we defined our new STK V2XF with the maximum of addresses, the available private region went down by 1 MB. Unfortunately I can't remember what areas caused this. Werner Probably having the UCBs below the line. Note that the size of the HSA has absolutely NOTHING to do with the size of the private region. Oh, I'm assuming you mean the below the line private, not the above the line private. We just got a new Shark. I had to put the UCBs above the line. I used to have them below the line due to some OEM products not tolerating them being above the line. -- John McKown Senior Systems Programmer UICI Insurance Center Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its' content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
Can someone tell me please, what storage areas will be used if I add let's say 4096 DASD devices (new DASD subsystem) to my HCD configuration? I seem to recall a situation months ago, when we defined our new STK V2XF with the maximum of addresses, the available private region went down by 1 MB. Unfortunately I can't remember what areas caused this. UCBs use E/SQA. They will reside above or below the line according to the device definition in HCD. Peter Hunkeler Senior IT Specialist, IBM zSeries Technical Sales Support, Switzerland -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO replacement? [WAS: RE: Userids]
Respectfully, I must disagree. The introduction of REXX was independent of MVS introducing releases. TSO V2 introduced REXX to the MVS world. It did have a prerequisite of XA, not ESA. When I went to work as a contractor at a large azure, software/hardware manufacturer in 1990, their MVS/XA systems had TSO V2 and I promptly proceeded to stun them by putting some functions out under TSO that I had written in VM. They knew REXX was there but had not even tried to use it yet - they were all still writing CLISTs. Jim Horne Lowe's Companies, Inc. IIRC that was TSO V2R1M0. And that had a prereq of MVS 3.1.0e for the LLA cacheing of CLISTs/ REXX execs. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO replacement? [WAS: RE: Userids]
Make that VLF rather than LLA. This week I can blame it on jetlag rather than an actual senior moment. Those are still ahead of me, I hope. :-) Martin Martin Packer, MBCS CITPMartin Packer/UK/IBM 020-8832-5167 in the UK (+44) (MOBX 273643, Internal 7-325167, Mobile 07802-245584) Las cosas de palacio van despacio External Blog: http://www-128.ibm.com/developerworks/blogs/dw_blog.jspa?blog=476 Internal Blog: http://barney.adtech.internet.ibm.com/pilot/weblogs/comments/[EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO replacement? [WAS: RE: Userids]
... BTW I would love to have MVS 310E as my car number plate ... A guy I worked with had DB2 GUY Because of DB2, he went from an entry-level to a senior sysprog. -teD (The secret to success is sincerity. If you can fake that, you've got it made!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
In a recent note, Clark Morris said: Date: Tue, 7 Jun 2005 09:35:44 -0300 The problem has nothing to do with z/OS vs. Unix. It is a simple IDIOTIC check that can't be disabled. It may make sense for fixed The thrust of my remark was that since UNIX maintains no metadata similar to LRECL, no such check is possible, and no such delusional error can be IDIOTICally reported. I suppose I can be accused of some inconsistency since I lately hailed UNIX for dutifully maintaining other metadata (file timestamps). But UNIX programs don't often fail because the system insists on validating a timestamp. block. The whole issue should be revisited by the COBOL compiler group. The 2002 COBOL standard might allow a graceful way for the compiler group to make the appropriate changes. In one sense the SHARE requirement might be to honor the Language Futures Task Force report. This would also have some other interesting advantages such as allowing COBOL programs to read or write either ESDS or QSAM files without program modification. Doesn't the standard support portability of COBOL programs to platforms that don't maintain LRECL as metadata? If so, the standard can't require validation of LRECL, since that isn't guaranteed to be available. It should be permissible simply to perform no such check. -- gil -- StorageTek INFORMATION made POWERFUL -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Good article on mainframe not dead?
... Are you aware of reboothill? ... Has it been updated recently? It seems to be at least 3 years since anything was added to it. -teD (The secret to success is sincerity. If you can fake that, you've got it made!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
... We just got a new Shark. I had to put the UCBs above the line. I used to have them below the line due to some OEM products not tolerating them being above the line ... That would be pretty old releases of ISV software. We had UCB's above the line for quite a long time (in my former life). -teD (The secret to success is sincerity. If you can fake that, you've got it made!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Paul Gilmartin Sent: Tuesday, June 07, 2005 8:12 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: COBOL short variable length files snip Doesn't the standard support portability of COBOL programs to platforms that don't maintain LRECL as metadata? If so, the standard can't require validation of LRECL, since that isn't guaranteed to be available. It should be permissible simply to perform no such check. -- gil -- And have the UNIX problem when somebody reads a record into a buffer which is too small to hold it. Classic buffer overflow problem. At least on z/OS, the program dies instead of quietly producing junk. We have other ways to quietly produce junk grin. -- John McKown Senior Systems Programmer UICI Insurance Center Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its' content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Good article on mainframe not dead?
As far as I can tell, it has not been updated this century. However, the site now has this disclaimer: You have requested information that is part of the ACTS Archives. While this information is several years old, it has been retained on our website by popular demand. Please be advised that much of this information was assembled during a time of great upheaval in the IT industry. It is important to learn from history, so that similar failures can be avoided. We hope that you find something useful herein. Greg Shirey Ben E. Keith Company -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Behalf Of Ted MacNEIL Sent: Monday, June 06, 2005 7:00 PM Has it been updated recently? It seems to be at least 3 years since anything was added to it. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ted MacNEIL Sent: Monday, June 06, 2005 7:00 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Additional DASD devices ... We just got a new Shark. I had to put the UCBs above the line. I used to have them below the line due to some OEM products not tolerating them being above the line ... That would be pretty old releases of ISV software. We had UCB's above the line for quite a long time (in my former life). -teD Well, yes, but once bitten, twice shy. Especially when the Windows weenies are __constantly__ jumping on any type of problem in the mainframe arena and lieing about how Windows just doesn't have those problems. Well, those problems is not a lie. Windows has an entirely different set of problems. But they don't count, of course. -- John McKown Senior Systems Programmer UICI Insurance Center Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its' content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there an indication when LINKLIST is available?
The LINKLIST is always available. Early in IPL it consists only of SYS1.NUCLEUS. Later in IPL it is the concatenation defined by PROGxx/LNKLSTxx. From the time that the first RIM runs forever CVTLINK points to a DCB which points to a DEB which represents what the system is going to treat as the LINKLIST. Is there really a place in the operating system where user code is expected to run that early? What exit are you referring to? Can you please be more specific about your environment and the return (and reason) code that you got back. Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
In a message dated 6/7/2005 6:57:27 A.M. Central Standard Time, [EMAIL PROTECTED] writes: According to your metric, probably 99.9% of companies worldwide are grossly irresponsible. I'm not defending them, I'm just saying that in 2005 almost no one encrypts tapes. Citigroup is a big company, don't know if we're seeing a pattern of missing data from Financial companies or just more reported missing data. UPS really is a tightly run shipper. If they lost something important it probably wasn't an accident. CNN reports a joint Citi/UPS task force in conjunction with the FEDS to investigate as the notifications and identifications continue. The best place to encrypt is at the source. Lacking that we're looking at track copies of images on DASD. If it wasn't encrypted to start with it's not encrypted on the backup. At present there's not a fungible compromise with hardware and software. The new FDRCrypt stuff may be really hot, but you better have a plan. Guess I can visualize instances of encrypted tapes unreadable by anything but the originating system. Which may or may not be available. While we're here, don't be too dependent on the 'Floor system' at you D/R. As convenient as it is, it also may not be there or your company has contracted for 'as available' service and in a large disaster may not have access to D/R where you've practiced. Guess I've told the Omaha story before. Large Insurance company had their own D/R 6 miles away. Late one Friday afternoon lightning hit an ammonium nitrate truck-32,000 lbs went WHOOM in between the two centers! Few broken windows, but no structural damage. Later in the evening during the backups-the internal bearings on the SLEDs started to fail. Nine days later after depleting North American bearing supply-were back on-line. what's plan B? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
In a recent note, Joe Zitzelberger said: Date: Tue, 7 Jun 2005 08:38:25 -0400 The most effective type of birth control is learning Cobol. -DT I can't conceive a fascination with COBOL so intense that I couldn't conceive. -- gil -- StorageTek INFORMATION made POWERFUL -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO replacement? [WAS: RE: Userids]
on 6/6/05 7:54 PM, Shmuel Metz (Seymour J.) at [EMAIL PROTECTED] wrote: In [EMAIL PROTECTED], on 06/06/2005 at 09:45 AM, Horne, Jim - James S [EMAIL PROTECTED] said: Rexx under TSO was available as of TSO v2. On VM,it was available by VM/SP release 3 - I don't think it was in release 2. Are you sure? I know that REXX wasn't in SEPP (MVS/SE), but I thought that it was in MVS/SP R2 at the latest. I remember it becoming available in either 1991 or 1992 (early). I was holding up another project as I wanted to do something in REXX that wasn't avail;able in clist. My vague recollection that it was 2.4 (But I wouldn't swear on it). Ed -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
In a message dated 6/7/2005 8:25:53 A.M. Central Standard Time, [EMAIL PROTECTED] writes: IBM, in contrast, tried to coerce perforated tape into the unit record mold. I recall that there were legendary difficulties reading on a 1620 tapes that lacked the necessary record separator codes. I think the symptom was overflowing buffer and wrapping memory. I don't know if it stopped when the READ instruction was finally overlaid. I don't recall whether the deficiency was in the control unit or the FORTRAN runtime system. One of my first real jobs was hooking a 33ASR to an 029. So the ATT toll information could be 'punched' for the billing system. The ATT tech couldn't view the IBM manual and the IBM CE couldn't view the ATT by copyright/legal working agreement. We put an eight pin terminator strip on the wall between the two machines. Didn't work. Well, what's you DTR---finally the IBM guy needed a break and laid his manual to the page on the 029. We decided we need a break too and laid our manual on the chair to the page-funny thing after the break was over. The thing started to work! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Console logon(required) and routed MQS commands in a sysplex
On Tue, 7 Jun 2005 07:06:00 +0200, Barbara Nitz [EMAIL PROTECTED] wrote: OA12196 is also not trackable in AST. ;-( True. I'll let you know when the ptf is available. You can open an ETR with IBM and request subscription to the apar. IBM won't even tell me why they give me recommendations that are not explained at all. And *I know* that there is a gaping hole (I found it in the non-oco control blocks - and I have to assume that logon to one console right after IPL for the first time destroys the security environment of another, so that all commands routed in a sysplex issued from that other console will be accepted as if logon were not required). Also I wonder: I was told that neither the apar text nor the resolution are shown in the ++ptf. The thing will probably be marked so that it should be installed first chance. Are all of you installing ptfs just on IBM's say-so without knowing why? We normally don't do that... Best regards, Barbara Isn't this S.O.P. for any integrity / security APARs? I guess we just don't get them (or notice them) often enough so it seems a little unusual when you do. Unlike M$SOFT where you get about 10 or more of these a month. :-) Mark -- Mark Zelden Sr. Software and Systems Architect mailto: [EMAIL PROTECTED] Systems Programming expert at http://Search390.com/ateExperts/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
E/SQA? I thought they were nucleus resident? Well, back in the day at least. I wonder because I did not increase the SQA= parameter in IEASYSnn when I added all the Shark devices. Or is SQA automagically increased? They were moved to (E)SQA in support if dynamic I/O, I think. If you add devices and do not IPL with CLPA, your available SQA will shrink since PLPA boundary is kept constant. With CLPA, the SQA= parameter from IEASYSxx is honoured and PLPA is moved, if necessary. Peter Hunkeler Senior IT Specialist, IBM zSeries Technical Sales Support, Switzerland -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Good article on mainframe not dead?
http://www.arcati.com/dino.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryption
I feel your pain. We've also been required to do more encryption with our vendors. We currently have PGP/GPG (the freeware copy) and bTrade (from Citigroup) loaded on our ftp server. This solution has been working ok so far. We'll be upgrading to a Z890 next year so that'll take care of ICSF. -Original Message- From: John Abernethy [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 07, 2005 7:27 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Encryption Ed, The machine is a z800. They want to encrypt things on a PC type machine and send it to the MAINFRAME. Decrypt it and process it and then save it on a file on the MAINFRAME in encrypted format. At least that is what I understand. The powers to be change their ideas from minute to minute and listen to no one with the knowledge(Which obviously is not me - maybe that means they'll at least listen)(being sarcastic sorry.) They are hoping to be able to encrypt/decrypt with only software. That is why I am asking about the hardware requirement(no money for the MAINFRAME - we have traversed to the dark side and I don't know when we will be back.) Thanks, John -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
Ask, and you shall receive... just got an announcement from Innovation on their forthcoming encryption software. Find it here... http://www.innovationdp.com/products/fdrcrypt/ I got it too. Now perhaps I can get the DR PHBs off my back about this. :-) Ever since that darn artical a month or so ago... The only issue I see is that at least this initial release doesn't support hardware acceleration via ICSF. We already use it at the shop and at DR. With all the recent news about backup tape loss, backup encryption has become Topic A. We used to get a couple of inquiries a year about encryption, now it is many calls a day!! So we have been working on FDRCRYPT for some time, and the work has progressed far enough to announce it (you never get vaporware from Innovation gr). On the hardware issue, you will notice in the announcement that the only encryption standard we support is AES (Advanced Encryption Standard). There is no hardware accelerator for AES. Although IBM's ICSF product has supported AES since z/OS 1.3, it is implemented entirely in software. We opted to do our own software implementation, so that it will be independent of MVS releases, and also because we believe that we can implement it more efficiently than IBM. If IBM someday comes out with an AES hardware feature, we will evaluate its performance (even hardware accelerators take CPU time). We also support several simple encryption techniques which are lower overhead than AES. You might wonder why we don't support DES (which is supported by the hardware accelerators). AES was created as a new standard in 2000 because DES had become more susceptible to cracking by today's high-speed processors. In fact, DES was recently de-certified by the Dept of Commerce as a US government option in favor of AES (even TDES, triple DES, is discouraged). We decided not to put our effort into supporting a fading standard. You can read about this at http://csrc.nist.gov/publications/fips/05-9945-DES-Withdrawl.pdf -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
On Tue, 2005-06-07 at 10:43 -0400, Bruce Black wrote: We opted to do our own [AES] implementation, so that it will be independent of MVS releases Also so that decryption would be supported by SAR? -- David Andrews A. Duda and Sons, Inc. [EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
Also so that decryption would be supported by SAR? Sorry, no plans to put it into SAR at this time. Our advice would be to not encrypt the backups of system volumes that you may need to restore with SAR. Such volumes will normally not contain sensitive data requring enryption. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
On Tue, 7 Jun 2005 10:43:10 -0400, Bruce Black [EMAIL PROTECTED] wrote: You might wonder why we don't support DES (which is supported by the hardware accelerators). I might. In fact it was my first question when I received the annoucement in my email. :-) Thanks for the information! Mark AES was created as a new standard in 2000 because DES had become more susceptible to cracking by today's high-speed processors. In fact, DES was recently de-certified by the Dept of Commerce as a US government option in favor of AES (even TDES, triple DES, is discouraged). We decided not to put our effort into supporting a fading standard. You can read about this at http://csrc.nist.gov/publications/fips/05-9945-DES-Withdrawl.pdf -- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
Speaking as one who was bitten by the issue described in II12396, you might want to check your INITSQA parameter if you plan on adding a bunch of new devices to a production system. Jon snip Well, I did some tests and added 4 CUs with 1024 devices to our test system. The output from D IOS,CONFIG(HSA) was: /snip Can someone tell me please, what storage areas will be used if I add let's say 4096 DASD devices (new DASD subsystem) to my HCD configuration? I seem to recall a situation months ago, when we defined our new STK V2XF with the maximum of addresses, the available private region went down by 1 MB. Unfortunately I can't remember what areas caused this. /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
Bob, Nothing unfair about the comment. Even, special security procedures, undergo an audit process and need to be reviewed. There are couriers that provide better assurances. When handling new product tapes for software we delivered them personally. In some cases couriers are bonded and the material hand cuffed to the courier. I once personally delivered product tapes for a release of VM to the CICS labs in Hursley. We sure weren't going to use some bar code procedure and rely on UPS. I wouldn't fault Debby Hopkins if she met the criteria set forth for her by legal at the bank but I still would have been concerned if I were Debby. As someone else said UPS is a common courier. Were the tapes insured for the amount represented by the total of all the money in the accounts of those who appeared on the tapes ? Paul Hanrahan -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Bob Shannon Sent: Tuesday, June 07, 2005 7:37 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Banks Anyone read about Citigroup blaming UPS for losing customer's information for 3.9 million customers? I have this picture of someone tossing a couple of tapes in a box and mailing them off without realizing how important they were. That's not a fair comment. They seem to have taken reasonable precautions: In the most recent incident, Citigroup executives say the box containing the tapes was handed over to U.P.S., along with other items for shipping, on May 2, under special security procedures that the bank required of the courier. One of those special procedures, said Citigroup's chief operations and technology officer, Debby Hopkins, included scanning the bar code on each package, rather than scanning only the single bar code on the shipment manifest, which is a summary document listing all the packages being moved in one shipment What else would one do? Send a courier for each shipment? Bob Shannon -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
on 6/7/05 10:06 AM, Bruce Black at [EMAIL PROTECTED] wrote: Also so that decryption would be supported by SAR? Sorry, no plans to put it into SAR at this time. Our advice would be to not encrypt the backups of system volumes that you may need to restore with SAR. Such volumes will normally not contain sensitive data requring enryption. Bruce, Now I wonder how many tapes will be encrypted and when they get to the DR site they will be useless Sounds like some possibility of Innovation getting a wrongfully accused black eye. I hope you highlight the DON'T ENCRYPT these types of tapes in your manual. Ed -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Advice on expanding VTOC index
IEC614I RENAME FAILED - RC 008, DIAGNOSTIC INFORMATION IS (0812041B) Ur right this does indicate CVAF CVSTAT code 1B, which is VTOCIX full. It is true that the space used in the VTOCIX is dependant on the length of dataset names, and also on the variability of the names. Similar names get compressed in the VTOCIX, with only the unlike portions appearing. IBM Info APAR II12841 describes this exact return code with info on how to expand the VTOCIX -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Started Task written in C ?
Hi all,
Can you provide s short segment of source about how to use these
two
functions? I just tried to use __console() send message to console but
got
nothing.
Thx!
here is a small test program using the __console() function to display a
message on the console and/or the system log, then wait for either a
MODIFY or a STOP command and then terminate.
I don't have a running program for the __console2() function. We simply
did not need the enhanced capabilities of routing code specifications
etc., so we settled with the __console().
Wolfgang
- cut here -
#include stdio.h
#include string.h
#include errno.h
#include sys/__messag.h
static char szHelloMessage[] = TEST Program for console() started ;
extern int main ( int argc , char *argv[] )
{
struct __cons_msg consoleMessage;
int rc;
char caCommandString[200];
int iConsoleCommand;
consoleMessage.__format.__f1.__msg_length = strlen(szHelloMessage);
consoleMessage.__format.__f1.__msg= szHelloMessage;
printf ( Calling __console() function\n );
rc = __console(consoleMessage,caCommandString,iConsoleCommand);
if ( rc == 0 )
{
switch ( iConsoleCommand )
{
case _CC_modify:
printf ( Modify command received, CMD = %s\n ,
caCommandString );
break;
case _CC_stop:
printf ( Stop command received\n );
break;
default:
printf ( Invalid command type received from __console(),
type = %d\n , iConsoleCommand );
break;
}
}
else
{
printf ( Call to __console() failed, errno = %d\n , errno );
}
}
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DFMSdss logical file format
sounds like you are planning on recreating a DSS restore program for a system which doesn' t have DSS. That could be a daunting task. There are many complexities to allocating and restoring all the various kinds of datasets that may appear on a backup tape. I recommend pursuing other options. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
BMC Mainview Products
Hi, Can these be installed as standalone components or do you also need a address space like TMON's HUB address space that provides services to it's components ? TIA Dean Dean Montevago Sr. Systems Specialist Visiting Nurse Service of New York phone: (212) 609 - 5596 email: [EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
In a message dated 6/7/2005 10:07:25 A.M. Central Standard Time, [EMAIL PROTECTED] writes: Sorry, no plans to put it into SAR at this time. Our advice would be to not encrypt the backups of system volumes that you may need to restore with SAR. Such volumes will normally not contain sensitive data requring enryption. But isn't that the weak link? Got all my backups encrypted, but the stuff to download the system and restore it is in the same turtle shell. Get the package, get the data? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Performance and Capacity Planning
z995 ? -Original Message- Phil Payne snip That presentation is now public domain - if I can't find it on the GSE site I'll post it on mine. I have the same for the z990 and the z995 - and for something else. unsnip -- Phil Payne +44 7833 654 800 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
-Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Finnell In a message dated 6/7/2005 10:07:25 A.M. Central Standard Time, [EMAIL PROTECTED] writes: Sorry, no plans to put it into SAR at this time. Our advice would be to not encrypt the backups of system volumes that you may need to restore with SAR. Such volumes will normally not contain sensitive data requring enryption. But isn't that the weak link? Got all my backups encrypted, but the stuff to download the system and restore it is in the same turtle shell. Get the package, get the data? Obviously, the key(s) should be stored / transported separately from the rest of the backups -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
In a message dated 6/7/2005 11:03:35 A.M. Central Standard Time, [EMAIL PROTECTED] writes: Obviously, the key(s) should be stored / transported separately from the rest of the backups Weak link two. Get the doc and wait for the tapes or just copy the tapes and let your inside guy ferret out the docs. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
On the other hand, it would be a simple matter to have encrypted the data on the tapes. As has been discussed in recent messages on this list, encrypting tapes is not always a simple matter. In general, encryption and decryption must be built into the applications that are reading and writing the tapes, which means that the appropriate encryption software (and sometimes hardware) must be available at both the sending and receiving sites. In this case, the bank was sending data to a credit bureau, so it was probably two totally different applications writing and reading the tape, possibly on two different operating systems, possibly on different hardware.Encryption was probably not so simple in this case. Not to say it is not a good idea, but it is not as simple as putting in a couple of JCL parameters. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
I don't know if this is related or not, but we converted from OS/390 2.10 to z/OS 1.4, this past weekend. We did not convert COBOL or LE. According to a developer, an extra four bytes (for blocksize) is added to the data for RECORDING MODE IS U. Has anybody every heard of this? Where is the doc? -teD (The secret to success is sincerity. If you can fake that, you've got it made!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
Weak link two. Get the doc and wait for the tapes or just copy the tapes and let your inside guy ferret out the docs. Ed, my sugar must be low (time for lunch). I read the above 3 times and I can't figure out what you are saying. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
But then again how do you know if nobody bothered to check , if it was the same op sys , the same hardware etc. Bruce Black [EMAIL PROTECTED]To: IBM-MAIN@BAMA.UA.EDU TION.COMcc: Sent by: IBM Subject: Re: Banks Mainframe Discussion List [EMAIL PROTECTED] .EDU 06/07/2005 12:06 PM Please respond to IBM Mainframe Discussion List On the other hand, it would be a simple matter to have encrypted the data on the tapes. As has been discussed in recent messages on this list, encrypting tapes is not always a simple matter. In general, encryption and decryption must be built into the applications that are reading and writing the tapes, which means that the appropriate encryption software (and sometimes hardware) must be available at both the sending and receiving sites. In this case, the bank was sending data to a credit bureau, so it was probably two totally different applications writing and reading the tape, possibly on two different operating systems, possibly on different hardware.Encryption was probably not so simple in this case. Not to say it is not a good idea, but it is not as simple as putting in a couple of JCL parameters. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
... Well, yes, but once bitten, twice shy. Especially when the Windows weenies are __constantly__ jumping on any type of problem in the mainframe arena ... Sometimes, you have no choice. We had some old CICS programmes that didn't know what an address greater than 24-bit. Adding the Shark in would have cost too much below. So, we started with the existing DASD and moved them all above. -teD (The secret to success is sincerity. If you can fake that, you've got it made!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
... Citigroup is a big company, don't know if we're seeing a pattern of missing data from Financial companies or just more reported missing data. ... I think it is both. We've had at least three Canadian Banks leak data, by accident. One did it by not wiping replaced PC's that they donated to local schools. -teD (The secret to success is sincerity. If you can fake that, you've got it made!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
In a message dated 6/7/2005 11:16:33 A.M. Central Standard Time, [EMAIL PROTECTED] writes: Ed, my sugar must be low (time for lunch). I read the above 3 times and I can't figure out what you are saying. Least you got sugar. The backup tapes and encrypted data is in one turtle shell and the doc and keys for processing are under separate cover. So unscrupulous me, knows the tapes are coming thru so but don't know where the DOC is so I just copy the tapes and tell the other guy watch for the DOC that matches turtle shell from XYZ corporation. Or the inside guy says I got the DOC for processing XYZ's data, watch for their turtle shell to come thru. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
Hardware based tape encryption has been available since the days of the 3490. I wonder why it hasn't caught on more. Encryption?? Are you thinking of compression/compaction? Not the same thing at all. There is no tape hardware encryption for mainframes that I am aware of. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
But isn't that the weak link? Got all my backups encrypted, but the stuff to download the system and restore it is in the same turtle shell. Get the package, get the data? In our experience, most customers at DR sites use a floor MVS system to restore their data, or at least the operating system environment. Very few use SAR. In the only recent SAR calls we have gotten, it was being used to setup a new data center. So the need for decryption in SAR is minimal. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Encryting Data on Tapes
In a message dated 6/7/2005 12:01:13 P.M. Central Standard Time, [EMAIL PROTECTED] writes: So the need for decryption in SAR is minimal. Murphy will be ready when you aren't -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
But then again how do you know if nobody bothered to check , if it was the same op sys , the same hardware etc. It is two different companies, exchanging data in a defined exchange format. I think it is more likely that they are running different op system on different hardware, than the same. Certainly the writing and reading application programs are different. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Good article on mainframe not dead?
Sure, but we decided to start providing links to covered stories in the press about these types of things, rather than the more generic approach. Same idea just a different way of offering the data. ** Eric Vaughan illustro Systems International, LLC --- See The Light--- Visit www.illustro.com to experience: z/Web-Host -- Easy Web Enablement for your Mainframe z/XML-Host -- Easy XML Enablement for your Mainframe Tel: +1.214.800.8900 Fax: +1.214.800.8989 ** -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ed Finnell Sent: Tuesday, June 07, 2005 8:03 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Good article on mainframe not dead? In a message dated 6/7/2005 8:00:09 A.M. Central Standard Time, [EMAIL PROTECTED] writes: Also, please see www.illustro.com/mainframeconversions.htm. Here we have started an archive chronicling some less than successful conversions away from the mainframe. Are you aware of reboothill? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Problem with sms and acs routines
Hi everybody : We are trying to define a pool of discs for maintenance reasons. The idea is create a storage class in the dd STORCLAS=SC0001, and then according to this storage class in the #SGxx we assign the storage group. The problem that we have its when we use the DD with the sentence Storage Class, the jcl its ok and we didn't define any unit or volume in the DD, but the file is allocated in a disk that its not in the storage group, it's a public disc. Its look like although we define the storage class, the sms assign to a public disc from esoteric sysallda or something like that. Of course, if we erase the sentence STORCLAS in the DD there is a JCL error because we didn't define any valid unit or volume. On the other side, if we catch the file thru the name with a FITLIST on the #SCxx, then its works. Any ideas ? TIA Milton -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
It sounds like you told the HCD to allocate the UCB's below the line as opposed to above. Check your specifications for the STK DASD you mention. HITACHI DATA SYSTEMS Raymond E. Noal Lab Manager, San Diego Facility Office: (858) 537 - 3268 Cell: (858) 248 - 1172 -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Werner Kuehnel Sent: Tuesday, June 07, 2005 3:16 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Additional DASD devices Can someone tell me please, what storage areas will be used if I add let's say 4096 DASD devices (new DASD subsystem) to my HCD configuration? I seem to recall a situation months ago, when we defined our new STK V2XF with the maximum of addresses, the available private region went down by 1 MB. Unfortunately I can't remember what areas caused this. Werner -- Werner Kuehnel IMD GmbH (Mannheimer Versicherung) Mannheim - Germany -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
SHARE in Boston
The agenda for SHARE in Boston (August 21 - 26) has been set. A total of 1114 sessions have been scheduled, of which 230 are technical sessions in the MVS Program. As with every SHARE, there's pervasive emphasis on what's coming well as lots of advice on how to make the most of what you already have in house. This meeting is a special one for us: the official commemoration of SHARE's Golden Anniversary, marking 50 full years since the first meeting in Santa Monica, CA in August of 1955. A number of events are planned to celebrate our five decades of success as the world's first association of computer professionals. SHARE offers each attendee more than a solid week's worth of professional education, meaning plenty to do and learn for as many employees as your company can be induced to send. Tracks in the MVS Program include - Feature and function in z/OS 1.6 and 1.7 - Workload Manager - ISPF - IBM's new DS8000 - All about WebSphere - FICON - Assembler Bootcamp - Channel programming - IBM z990 and z890 - Introduction to DFSMS - Advanced DFSMSrmm - VSAM (basics, advanced, RLS) - ICF Catalogs Visit http://www.share.org/events/Boston for information on conference registration, housing, and agenda details. . . . JO.Skip Robinson and Brian Peterson SHARE MVS Program Co-Managers -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: BMC Mainview Products
Thanks Chris. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Behalf Of Craddock, Chris Sent: Tuesday, June 07, 2005 2:12 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: BMC Mainview Products Can these be installed as standalone components or do you also need a address space like TMON's HUB address space that provides services to it's components ? Some MV products are essentially stand-alone code and can run with or without supporting infrastructure. For example, you can run CMF (an RMF alternative) as a plain-jane standalone product. It has less function when used this way, but you can do it. Others (e.g. MV-AO) have both product and infrastructure in the one bundle and do not require separate server address spaces But most of the products require the MV infrastructure. At present that is a separate started task that provides common services as well as being the communications hub for multisystem communication. Depending on your options you may also have one or more additional server address spaces, e.g. the MVE gateway address space provides communications for the MV Explorer GUI. We are in the process of revamping and restructuring all of our infrastructure technologies to make it simpler to install and configure and more reliable overall. Those changes will be rolled out over the next 9-18 months. When we are done there will probably be fewer address spaces, but they will be more flexibly configured. More than that I can't say without a whiteboard and an NDA. CC (MV Product Line Architect) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
John P Baker wrote: No, I would not use a courier. On the other hand, it would be a simple matter to have encrypted the data on the tapes. It is nothing less than grossly irresponsible to ship this type of data in an unencrypted format. Others already mentioned that virtually nobody encrypt mainframe tapes (because of lack of technology, technical and organizational problems and others). I would say more: encrypted tapes can be decrypted. It's a matter of time and money (how many PC machines do you use for that). Reading mainframe tapes is also matter of money - not every PFSCK has over 50k$ tape system at daddy's garage. Last but not least: disclosure of the data, even bank data usually is not very profitable or interesting. I remember some 'scandals' with printouts dropped with 'regular' garbage and then found by someone. Usually customers were not very excited with that. BTW: How about printouts ? I read K.Mitnick's book - he didn't decrypt tape data, even didn't read stolen tapes. He browsed trascans. -- Radoslaw Skorupka Lodz, Poland -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
I would say more: encrypted tapes can be decrypted. It's a matter of time and money (how many PC machines do you use for that). I am not a mathematician (although I played one in college) but I believe there are two basic approaches to decrypting unknown data when you know the encryption algorithm. 1) knowing the algorithm, there may be a mathemical approach to figuring out the key by analyzing patterns of data. AES was adopted because it was resistant to this sort of mathmetical attack, although I saw some recently published papers suggesting that an attack was possible given sufficient CPU power. 2) a brute-force attack, driving some encrypted data through the algorithm using all possible keys (billions and billions of them, Sagen would be proud) but this requirires the ability to recognize valid data when it is successfully decripted. If the data contains printable sequences or other well-known patterns (e.g., packed decimal data) this may be possible, again given sufficient horsepower to try all those keys. So someone trying to get your encrypted data has to be really motivated and have lots of resources available. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
Sorry, was thinking about the crypto feature which has nothing to do with tape. - Paul Hanrahan -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Black Sent: Tuesday, June 07, 2005 12:58 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Banks Hardware based tape encryption has been available since the days of the 3490. I wonder why it hasn't caught on more. Encryption?? Are you thinking of compression/compaction? Not the same thing at all. There is no tape hardware encryption for mainframes that I am aware of. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SESSION MANAGMENT
There's also Netpass from B.I.S. Software Systems Dave Gibney[EMAIL PROTECTED] System Programmer(509) 335-7359 Information Technology Washington State University Pullman, WA 99164-1222 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: *MASTER*, START PENDING device wxyz vs ISG343I DEVICE:wxyz ... RESERVED B...
In a message dated 6/7/2005 1:57:12 P.M. Central Standard Time, [EMAIL PROTECTED] writes: Any idea why *MASTER* might be suffering of START PENDING on a device wich contains HSM's OCDS? It's in use or failing? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Fw: COBOL short variable length files????
Clark Morris [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... On 6 Jun 2005 20:52:17 -0700, in bit.listserv.ibm-main you wrote: snip The problem has nothing to do with z/OS vs. Unix. It is a simple IDIOTIC check that can't be disabled. It may make sense for fixed block. The whole issue should be revisited by the COBOL compiler group. The 2002 COBOL standard might allow a graceful way for the compiler group to make the appropriate changes. In one sense the SHARE requirement might be to honor the Language Futures Task Force report. This would also have some other interesting advantages such as allowing COBOL programs to read or write either ESDS or QSAM files without program modification. A couple of things to say about this. A) FS=39 (fixed file attribute conflict) WAS clarified in about 1988 to indicate that it is UP TO EACH VENDOR which attributes they do (and do not) check. If enough paying customers were able to convince IBM *not* to check a specific attribute, they could do so (either optionally or always). So far, although FS=39 was a migration inhibitor (about a decade-and-a-half ago), I do NOT hear it being a significant problem for most customers today. B) There is an existing SHARE requirement for IBM to provide dynamic file attribute format of the FD, e.g. Record Varying in Size from data-name-1 to data-name-2 Block contains data-name-3 Please email me off-list (wmklein at ix.netcom.com) if you would like the SHARE requirement number so that your installation could submit a site-specific REQUEST adding support (how much you would PAY) for this functionality. C) All recent and currently supported COBOL compilers allow one to pass a DCB to a subprogram that may be written in COBOL, Assembler, or any other language. If playing with the DCB is what you want, then this is what you should use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Fw: COBOL short variable length files????
The difference (that I know of) for Recording Mode is U - STARTED with OS/390 2.10 - not after it. Check out: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/IGY3MG20/3.5.3 That page is worth reading for those who have made various suggestions to the original problem relying on specific behavior for U data sets, i.e. datasets CREATED as VB but treated as U. This is NOT something I would recommend as a long-term solution. Ted MacNEIL [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I don't know if this is related or not, but we converted from OS/390 2.10 to z/OS 1.4, this past weekend. We did not convert COBOL or LE. According to a developer, an extra four bytes (for blocksize) is added to the data for RECORDING MODE IS U. Has anybody every heard of this? Where is the doc? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Software keys under VM at DR
Thanks everyone for the input. I went ahead and opened an issue with CA to get an EKG (never heard of it before). One of our products is CA's TCP/IP. I think everyone would be mad at me if we went to Boulder from Little Rock and tcpip wouldn't work. ;) Regards, Robert -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DFS SMB Help
AFAIR this is controlled by a Windows registry key Send clear passwords Yes/No. I'm not a specialist in this area but AFAIR we setup a TSO DCE segment and use the USS command SMBPWD to change the password. Not sure if other setup is needed for SMB. Perhaps google or asking your Windows folks will help. Roland -Ursprüngliche Nachricht- Von: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Im Auftrag von Alan C. Field Gesendet: Dienstag, 7. Juni 2005 22:01 An: IBM-MAIN@BAMA.UA.EDU Betreff: DFS SMB Help I'm running DFS SMB on z/OS 1.6 and have files set up for use on my PC. Its been working for about 3 years. Now when I issue the NET USE F: \\domain\share it asks for a user and password. I tried my userid and password (same one us used for z/OS and network) but it is failing and I get Access denied. Been through the supposed wizards here but no luck. It never used to ask for user/password. Is this a mainframe issue, or has something changed in the network? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SESSION MANAGMENT
On Mon, 6 Jun 2005 09:08:41 -0500, McKown, John [EMAIL PROTECTED] wrote: ... Out of curiousity, why bother anymore? Surely very few people are running with true 3270 terminals. On a PC desktop (Windows or Linux or *BSD), you could just fire up multiple TN3270 sessions. ... One of the primary advantages of session managers has nothing to do with multiple sessions. It is protection against session outages. For most, if not all, session managers a network outage breaks the session between terminal and session manager, but not the session(s) between session manager and application. When a user's session is brokens he/she can log back on and be right back on the original sessions. maybe a screen has been lost, but not the session and its historical context. As an extra bonus, the LOSTERM or NSEXTIT code in the session manager is usually much lighter than the equivalent function in a CICS or IMS - no transaction backout, etc. Losing a bunch of sessions with a session manager puts a lot lighter load on the processors than losing the same number of sessions with a transaction processor. Pat O'Keefe -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
... The difference (that I know of) for Recording Mode is U - STARTED with OS/390 2.10 - not after it. Check out: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/IGY3MG20/3.5.3 ... We were okay on Friday. We converted from 2.10 to 1.4. It was broken on Monday. Both existing programmes and new compiles. But, I shall check your reference. No speak-ah dah COBOL good. (Haven't written one since 1st year university -- 197x). -teD (The secret to success is sincerity. If you can fake that, you've got it made!) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU wrote on 06/07/2005 08:43:45 AM: I tried the D IOS,CONFIG(HSA) command and got a display that did not tell me how big HSA is, but rather how much of HSA is available for adding more configuration changes, such as more control units or subchannels (more commonly pronounced devices). HSA stands for Hardware System Area, not Hardware Storage Area as I wrote in my previous post. The info on how many HSAs there are, how big each one is, and its beginning address is all contained in the Service Call Control Block (SCCB), mapped by SYS1.MACLIB(IHASCCB), and pointed to by CVTSCPIN. Service Call is a special SVC (I think it is 122) in MVS that invokes the Diagnose instruction to read hardware configuration info from the floppy disk. I learned about it by perusing some RMF microfiche in 1987. The SCCB also has info on various processor features that are installed, such as the Performed Lock Operation (PLO) instruction. I don't remember any software that displays the SCCB info. TMON/MVS might. It should be easy to build code to find and display the contents or to find it in a system dump that includes (E)CSA and (E)SQA. Since the beginning address of each HSA is a four-byte value (SCCBAHSA), it appears that all HSAs are allocated from the top down of the 2GB bar. D M=HSA displays any HSA ranges which are described in the SCCB. However, in LPAR mode, the SCCB for a logical partition describes only HSA ranges which are part of a storage increment in that zone. Usually there are none of those, so you will see D M=HSA IEE174I 17.06.09 DISPLAY M 715 HSA STATUS NO HSA IN MAIN STORE In the archives, see also: http://bama.ua.edu/cgi-bin/wa?A2=ind9902L=ibm-mainP=R70841I=1 http://bama.ua.edu/cgi-bin/wa?A2=ind9902L=ibm-mainP=R71439I=1 Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Additional DASD devices
IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU wrote on 06/07/2005 09:11:25 AM: UCBs use E/SQA. They will reside above or below the line according to the device definition in HCD. Peter Hunkeler Senior IT Specialist, IBM zSeries Technical Sales Support, Switzerland E/SQA? I thought they were nucleus resident? Well, back in the day at least. I wonder because I did not increase the SQA= parameter in IEASYSnn when I added all the Shark devices. Or is SQA automagically increased? UCBs were nucleus resident back when they were defined by IOGEN and later MVSCP. When defined in an IODF, they are in SQA/ESQA. Based on the contents of the IODF, IPL processing tries to estimate the SQA/ESQA requirements for UCBs and some other I/O related control blocks, and adds this to the initial SQA/ESQA size (the default size defined in IEAIPL04 plus the INITSQA in LOADxx, if specified). UCBs get built before the SQA= parameter in IEASYSxx is processed (since we need the UCBs for devices containing the data sets in the PARMLIB concatenation in order to open the PARMLIB concatenation). Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: LLA Question
IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU wrote on 06/07/2005 10:09:40 AM: In the process of reviewing out LLA libraries it was discovered that some libraries were not in LLA. I made the request to out outsourcer to add these datasets. Their response was that they are PDSEs and there is no advantage to adding PDSEs to LLA, even with the FREEZE option. Not that I think they would lie, but are the accurate? If what they say is true, is it more efficient to use a PDS and put it in LLA or leave it as a PDSE? Being old school I think the former is the better choice. Does anyone else have an opinion? http://bama.ua.edu/cgi-bin/wa?A2=ind0010L=ibm-mainP=R73420I=1 http://bama.ua.edu/cgi-bin/wa?A2=ind0105L=ibm-mainP=R30368I=1 http://bama.ua.edu/cgi-bin/wa?A2=ind0105L=ibm-mainP=R36742I=1 Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
In [EMAIL PROTECTED], on 06/06/2005 at 10:52 PM, Paul Gilmartin [EMAIL PROTECTED] said: you wouldn't have that problem on UNIX. Only because it doesn't have the functionality at all. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Console logon(required) and routed MQS commands in a sysplex
In [EMAIL PROTECTED], on 06/07/2005 at 06:05 AM, Walt Farrell [EMAIL PROTECTED] said: OA12196 is a Security APAR. Just as with Integrity APARs, IBM withholds details of the problem and the fix to decrease the chances that someone will find out the details and attack systems that do not have the fix applied yet. Quite rightly, IMHO. I've certainly asked for that handling in the past. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Problem with sms and acs routines
In [EMAIL PROTECTED], on 06/07/2005 at 11:06 AM, Hernández Ballestero Milton [EMAIL PROTECTED] said: We are trying to define a pool of discs for maintenance reasons. The idea is create a storage class in the dd STORCLAS=SC0001, and then according to this storage class in the #SGxx we assign the storage group. The problem that we have its when we use the DD with the sentence Storage Class, the jcl its ok and we didn't define any unit or volume in the DD, but the file is allocated in a disk that its not in the storage group, it's a public disc. Are you talking about a temporary data set? It sounds as though the data set is not SMS managed. Check the ACS. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Software keys under VM at DR
In [EMAIL PROTECTED], on 06/06/2005 at 12:00 AM, Ted MacNEIL [EMAIL PROTECTED] said: The 'problems' were lawsuits. I'm not surprised. They had broken promises as to the timeliness of key updates for DR. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL short variable length files????
In [EMAIL PROTECTED], on 06/06/2005 at 10:31 PM, Joe Zitzelberger [EMAIL PROTECTED] said: Just another case of the system showing its age in the 21st century... Not really; I would have considered that behavior to be broken back on OS/360. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Software keys under VM at DR
In [EMAIL PROTECTED], on 06/06/2005 at 03:45 PM, Johnston, Robert E [EMAIL PROTECTED] said: Greetings... We are getting ready for our 1st DR exercise (using IBM BCRS) and I have a question about vendor software keys when running z/OS under VM on another CPU. Although the CPUID xx in the VM directory is supposed to take care of the CPU serial number matching our real CPU serial number, in the IBM BCRS doc they mention checking with vendors to ensure there are no licensing issues. Right: just because it works doesn't mean that the license allows it. I'd check with your legal staff. Try to get a contract modification explicitly allowing it. I am mostly concerned with the keys for our CA products. The last time I dealt with them they were unable to provide keys within the promised time. The only way that we were able to get up was to run under VM with our home CPUID. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO replacement? [WAS: RE: Userids]
BTW I would love to have MVS 310E as my car number plate DB2 GUY Arnie Cashinghino, founder of the CBT Tape, had TURKEY for a license plate. The Turkey is the MVS symbol at SHARE. Once while driving near LAX I saw SYSUT2. I assume that was the household's second car... /Leonard -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Encryption has its own problems was Re: Banks
On 7 Jun 2005 04:57:29 -0700, in bit.listserv.ibm-main you wrote: It is nothing less than grossly irresponsible to ship this type of data in an unencrypted format. According to your metric, probably 99.9% of companies worldwide are grossly irresponsible. I'm not defending them, I'm just saying that in 2005 almost no one encrypts tapes. Bob Shannon While encryption might solve the problem of lost tapes, it has its own problems. The ability to decrypt the tape has to be somewhere separate from the tape and stored for the life of the tape. Actually I suspect that making certain that the tape is readable both physically and logically over the life of the tape is a greater problem. If this is a tape to be kept 7 years, then a drive capable of reading it will have to be available over that period. The program that reads the tape must maintain backward compatibility over that period. Then the individual files / database unloads / etc. must be logically accessible. That means the record layouts / data descriptions, etc. must be accessible and usable. Of course if you take the attitude that you just need the tape but nothing legally compels you to be able to read it these considerations are meaningless. While I understand that having tapes that can be read by a utility is an exposure since a Hercules equipped PC with MVS 3.8 can be used to at least hex print them, getting the tape hardware and then the time to decipher them isn't completely trivial. However there are probably easier ways for people to get interesting information. The current issue (vol. 22 issue 1) of 2600, The Hackers Quarterly has several interesting cases of exposure including a couple of job application PCs at a major retail chain. I also note that many of the practices of major companies resemble those of phishers. For example, I think that the ZDnet (Ziff Davis) html newsletter has web bugs. The other day I received a promotion e-mail that I believe is from American Express (I have one of their cards) but I haven't checked it closely enough. For a while one of the major banks home page had a link to x.112.2o7.net, a usage tracking company. The vulnerability of the public face of most organizations and the questionable practices of many in terms of numbing us to dangerous exposures are of far greater concern to me than the lack of encryption on tapes. If I were a crook I would rather steal PC's from an organizations office because the data is more easily readable. There have been Canadian instances of just that as well as instances of misdirected confidential faxes from banks. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DFS SMB Help
Skip Robinson wrote: First off, I've never issued NET USE. Is that a DOS command? It is a Windows command. Open a Command Prompt under XP and issue NET HELP for details. This (XP) procedure works consistently in our shop. - Click on the My Computer desktop icon - Click on Tools - Click on Map Network Drive Click, click, click, click, click, You can't put click into a script or program. The suite of 'NET' commands are what's really being issued under the covers -- - | Edward E. Jaffe|| | Mgr, Research Development| [EMAIL PROTECTED]| | Phoenix Software International | Tel: (310) 338-0400 x318 | | 5200 W Century Blvd, Suite 800 | Fax: (310) 338-0801| | Los Angeles, CA 90045 | http://www.phoenixsoftware.com | - -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DFS SMB Help
Shouldn't a mouse go squeak? CLICK is what the trap says to the mouse. Whatever works. I'm not the one having a problem. ;-) . . . JO.Skip Robinson Southern California Edison Company SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile [EMAIL PROTECTED] IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU wrote on 06/07/2005 17:01:55: Skip Robinson wrote: First off, I've never issued NET USE. Is that a DOS command? It is a Windows command. Open a Command Prompt under XP and issue NET HELP for details. This (XP) procedure works consistently in our shop. - Click on the My Computer desktop icon - Click on Tools - Click on Map Network Drive Click, click, click, click, click, You can't put click into a script or program. The suite of 'NET' commands are what's really being issued under the covers -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
TLS FTP
The latest FileZilla server has beta support for TLS/SSL so I thought I'd give it a try using z/OS 1.4 FTP client. It fails: EZA1701I AUTH TLS 334 Using authentication type TLS EZA2897I Authentication negotiation failed The FM and IBMLINK say to turn on SSL tracing by setting an ENVAR(GSK_TRACE=0x) I can't figure how to conveniently set this for EXEC PGM=FTP in JCL. When I try ftp from OMVS, it can't seem to find my RACF keyring. I'll RFM some more tomorrow, but I thought I'd ask. I expect that we will either decide to purchase a 3rd party (ISV for M$ world) SSL capable FTP server, or something. (Https driven from batch :( But I'd like to see if I can make FileZilla work. I am aware of Open SSH, but it doesn't understand traditional MVS files and all our existing FTP jobs start with a traditional PS file. Seems a waste to copy to HFS just to SFTP out. Dave Gibney[EMAIL PROTECTED] System Programmer(509) 335-7359 Information Technology Washington State University Pullman, WA 99164-1222 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TLS FTP
Dave, I haven't tried it with the FTP client, but our FTP server JCL looks like //FTPD PROC PARMS='', // TZ='NZST-12NZDT,M10.1.0,M3.3.0' //*** //* //* Descriptive Name:FTP Server Start Procedure //* //*** //FTPD EXEC PGM=FTPD,TIME=NOLIMIT, // PARM='POSIX(ON) ALL31(ON) ENVAR(TZ=TZ) /PARMS' to set the ENVAR TZ hth, Richard. Dave Gibney [EMAIL PROTECTED] To: IBM-MAIN@BAMA.UA.EDU Sent by: IBM cc: MainframeSubject: TLS FTP Discussion List [EMAIL PROTECTED] .EDU 08/06/2005 12:17 PM Please respond to IBM Mainframe Discussion List The latest FileZilla server has beta support for TLS/SSL so I thought I'd give it a try using z/OS 1.4 FTP client. It fails: EZA1701I AUTH TLS 334 Using authentication type TLS EZA2897I Authentication negotiation failed The FM and IBMLINK say to turn on SSL tracing by setting an ENVAR(GSK_TRACE=0x) I can't figure how to conveniently set this for EXEC PGM=FTP in JCL. When I try ftp from OMVS, it can't seem to find my RACF keyring. I'll RFM some more tomorrow, but I thought I'd ask. I expect that we will either decide to purchase a 3rd party (ISV for M$ world) SSL capable FTP server, or something. (Https driven from batch :( But I'd like to see if I can make FileZilla work. I am aware of Open SSH, but it doesn't understand traditional MVS files and all our existing FTP jobs start with a traditional PS file. Seems a waste to copy to HFS just to SFTP out. Dave Gibney[EMAIL PROTECTED] System Programmer(509) 335-7359 Information Technology Washington State University Pullman, WA 99164-1222 - The contents of this e-mail are confidential. If you have received this communication by mistake, please advise the sender immediately and delete the message and any attachments. Nothing in this email designates an information system for the purposes of Section 11(a) of the New Zealand Electronic Transactions Act 2002. Westpac Banking Corporation, ABN 33 007 457 141, is incorporated in Australia - -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Software keys under VM at DR
If you are specifically talking about CA products, I would call the Support Desk and ask for Temporary Keys for the D/R test. I'm not a lawyer; but I don't believe that using zVM to fake the serial number is a valid license. LMP keys are usually made available within 24 hours (or less). You can also request them at Support-Connect. When I worked for large Banks and Utilities, the D/R preparation included contacting all of our ISVs for the appropriate and valid use of their products for D/R. This made for a much smoother D/R test. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Shmuel Metz (Seymour J.) Sent: Tuesday, June 07, 2005 SYSN 3:05 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Software keys under VM at DR In [EMAIL PROTECTED], on 06/06/2005 at 03:45 PM, Johnston, Robert E [EMAIL PROTECTED] said: Greetings... We are getting ready for our 1st DR exercise (using IBM BCRS) and I have a question about vendor software keys when running z/OS under VM on another CPU. Although the CPUID xx in the VM directory is supposed to take care of the CPU serial number matching our real CPU serial number, in the IBM BCRS doc they mention checking with vendors to ensure there are no licensing issues. Right: just because it works doesn't mean that the license allows it. I'd check with your legal staff. Try to get a contract modification explicitly allowing it. I am mostly concerned with the keys for our CA products. The last time I dealt with them they were unable to provide keys within the promised time. The only way that we were able to get up was to run under VM with our home CPUID. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: REXX under TSO [WAS: TSO replacement? [WAS: RE: Userids]]
on 6/6/05 7:00 PM, Ted MacNEIL at [EMAIL PROTECTED] wrote: ... I remember it becoming available in either 1991 or 1992 (early). ... I wrote my first REXX programme in 197x(??). I wrote my first TSO/REXX in 1990. EXECIO only supported FB80. -teD (The secret to success is sincerity. If you can fake that, you've got it made!) Ted, REXX in TSO was only available somewhere around 1990 or later. I remember distinctly as we were a bleeding edge custome for it not ESP but as soon as it became available we installed it. I still remember talking with a TSO/e rexx developer at GUIDE . We found some interesting bugs . Unfortunetly its been almost 15 years and I don't remember specifice PTF numbers. REXX was available on VM for quite some time, I only ran VM 25+ years ago and that was to run DOS (r26 IIRC) foi our NY office and that was on a painfully slow 4331.. Ed -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
In response to my posting from this morning, several individuals have raised concerns in respect to encryption. These concerns clearly have some validity. At the same time, consider the costs to the individuals whose private financial records may have been compromised. If the tapes have been stolen, then 3.9 million individuals face the possibility that their identities will be used to open credit accounts, etc. It will take years and untold amounts of money to correct the problems. Will Citigroup pick up all of the direct and indirect costs incurred by those individuals victimized? Not too bloody likely! Any company that maintains non-public records of private financial transaction has a responsibility to ensure that those records are protected from access by unauthorized persons, whether such access occurs via the company's data processing systems or by access to copies of those records located upon some offline media. In particular, the movement of copies of such records from one secure facility to another must involve additional levels of security above those required for access to that data within a single secure facility. Since physical security measures are clearly not as dependable in the course of such movement, other processes must be implemented. Encryption is the obvious answer. As far as compatibility, XML structured data which has been encrypted using public key cryptography would be an obvious approach. For example, the Open Financial Exchange specification provides just such a mechanism. In any case, over the last few months there have been repeated cases where copies of financial records have been lost. These losses threaten our financial infrastructure. STEPS MUST BE TAKEN TO ADDRESS THE PROBLEM. The imposition of such steps may inconvenience some financial institutions. So what? How will you feel if someone steals your identity and it takes you the next 10 years to clear your name? As a Software Engineer, I have had people ask Why can't you put a stop to this? I have to answer that the technology is there, but management lacks the will to address the problem. When your neighbor becomes a victim of identify theft, what excuse will you offer? John P Baker Software Engineer -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
SESSION MANAGMENT
- Original Message - From: Farley, Peter x23353 [EMAIL PROTECTED] Newsgroups: bit.listserv.ibm-main Sent: Monday, June 06, 2005 10:30 AM Subject: RE: SESSION MANAGMENT John, a question to your question: If you don't use a session manager, how do remote users who lose their TN3270 session due to non-mainframe problems (timed-out VPN, blue-screen-of-death, etc.) log themselves off of TSO when they get back into the network? In a large organization, you do not want lots of people calling central operators for session cancels, it clogs the work arteries way too much. Where I am, Netview Access (or whatever it is now called) lets me log myself off TSO when I get back in without needing any operator intervention. It's probably the most-used feature, considering you can never get the same LU name coming back in as the one you had previously, so you always have to get your prior session logged off so you can logon again under the new LU. Peter Peter, Check out Gilbert St.Flour's IKJEFLN exit at http://gsf-soft.com. It doesn't work if you have OPERCMDS active, but Gilbert will be glad to sell you the fix ;-) I installed that bad boy on my P390, and finally got reconnected whenever my DSL dropped. Regards, Tom Conley -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SESSION MANAGMENT
The NetView product John M. was refering to is called NetView Access Services (NVAS). It is considered functionally stable and is not supposed to have any major enhancements. I have never used TUBES (a.k.a. IBM Session Manager), but my understaning is the major difference is that TUBES supports sessions to non-3270 (vt100/ansi) hosts and NVAS. D-Arbigny Pierre-Andre wrote: Hello all, Does someone know if it exist an other session manager (3270 VTAM) than TUBES/VTAM (MAcro4) and TPX (CA). Many thanks for informations. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
Mr. Baker, I find it ironic that the very institutions who are guilty of losing so much information are marketing identity theft insurance on the accounts they offer to customers. I couldn't agree with you more on the serousness of the situation. Paul Hanrahan -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of John P Baker Sent: Tuesday, June 07, 2005 10:22 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Banks In response to my posting from this morning, several individuals have raised concerns in respect to encryption. These concerns clearly have some validity. At the same time, consider the costs to the individuals whose private financial records may have been compromised. If the tapes have been stolen, then 3.9 million individuals face the possibility that their identities will be used to open credit accounts, etc. It will take years and untold amounts of money to correct the problems. Will Citigroup pick up all of the direct and indirect costs incurred by those individuals victimized? Not too bloody likely! Any company that maintains non-public records of private financial transaction has a responsibility to ensure that those records are protected from access by unauthorized persons, whether such access occurs via the company's data processing systems or by access to copies of those records located upon some offline media. In particular, the movement of copies of such records from one secure facility to another must involve additional levels of security above those required for access to that data within a single secure facility. Since physical security measures are clearly not as dependable in the course of such movement, other processes must be implemented. Encryption is the obvious answer. As far as compatibility, XML structured data which has been encrypted using public key cryptography would be an obvious approach. For example, the Open Financial Exchange specification provides just such a mechanism. In any case, over the last few months there have been repeated cases where copies of financial records have been lost. These losses threaten our financial infrastructure. STEPS MUST BE TAKEN TO ADDRESS THE PROBLEM. The imposition of such steps may inconvenience some financial institutions. So what? How will you feel if someone steals your identity and it takes you the next 10 years to clear your name? As a Software Engineer, I have had people ask Why can't you put a stop to this? I have to answer that the technology is there, but management lacks the will to address the problem. When your neighbor becomes a victim of identify theft, what excuse will you offer? John P Baker Software Engineer -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Banks
I do not expect to see financial institutions enacting adequate protections for these records. Nor do I expect them to pay for the damage caused by the ongoing thefts thereof. Not willingly. What I expect to see in the future are lawsuits against the financial institutions, charging gross irresponsibility for their failure to safeguard the very financial records they have been collecting. Unfortunately, it will not be the victims of identity theft who are compensated. It will be the lawyers. John P Baker Software Engineer -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Paul Hanrahan Sent: Tuesday, June 07, 2005 22:44 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Banks Mr. Baker, I find it ironic that the very institutions who are guilty of losing so much information are marketing identity theft insurance on the accounts they offer to customers. I couldn't agree with you more on the serousness of the situation. Paul Hanrahan -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SESSION MANAGMENT
Thanks for the tip, Tom. I'll take a look and ask my sysprogs to consider it. Peter -Original Message- From: Thomas Conley [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 07, 2005 10:25 PM To: IBM-MAIN@BAMA.UA.EDU Subject: SESSION MANAGMENT Snipped Peter, Check out Gilbert St.Flour's IKJEFLN exit at http://gsf-soft.com. It doesn't work if you have OPERCMDS active, but Gilbert will be glad to sell you the fix ;-) I installed that bad boy on my P390, and finally got reconnected whenever my DSL dropped. Regards, Tom Conley _ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Help - OS/2 consulting help needed
From the look of it, I am presuming its some kind of screen scrapping application. I think host657 is due to sys3175 of the previous modules. I would start with DIR /S /O-D to find the last accessed/updated files. Natarajan -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
