date:20070119

In <[EMAIL PROTECTED]>, on
01/18/2007
   at 01:05 PM, Hal Merritt <[EMAIL PROTECTED]> said:

>The UNIT seems to be valid. 

What is the unit name for that TSO user? Did you do a D U for each
address in the esoteric name? Does at least one volume show up as
STORAGE in the output of the D U?
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: DFHSM - Trying To Allocate Ouput Volume

2007-01-19 Thread willie bunter

Barry,
   
  Thanks for your response.  I checked that there are 29 storage vols 
available.  I am not sure what the state of the volumes were at that time so I 
wouldn't be able to answer if the disks were fragmented etc.  I have taken a 
note of this and will check the packs if this occurs.
  Yes, and it is normal for these units to be offline.  These are reserved 
dasds set aside for emergency use.
   
  Thanks again.

"Schwarz, Barry A" <[EMAIL PROTECTED]> wrote:
  SYS16002 is probably the program generated DD name being used by HSM for
a dynamic allocation. The message is the normal allocation recovery
when you (HSM) ask for a disk volume that is not mounted or a quantity
of units in excess of what is available.

HSM is apparently looking for non-SMS space. Otherwise there would have
been additional messages regarding storage groups and candidate volumes.

Do you have storage volumes defined? Do they have sufficient
unfragmented free space for HSM to use? Is it normal for the 20 units
identified to be offline?

-Original Message-
From: willie bunter [mailto:snip] 
Sent: Thursday, January 18, 2007 7:13 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: DFHSM - Trying To Allocate Ouput Volume

I am not sure why this is occurring or what DFHSM is attempting to do.
I scanned the syslog as well as the DFHSM log to no avail. I cannot
find what is associated with the SYS16002.
Below is the message in its entirety:

EF244I DFHSMG DFHSMG - UNABLE TO ALLOCATE 1 UNIT(S) 230
AT LEAST 1 OFFLINE UNIT(S) NEEDED. 
IEF877E DFHSMG NEEDS 1 UNIT(S) 231 
FOR DFHSMG SYS16002 
FOR VOLUME PRIVAT- 1 
OFFLINE 
922E-9230 923B 923D 9F03 9F0B-9F0E B418-B419 B43E-B445 
: 
OFFLINE, NOT ACCESSIBLE 
0FFF 
: 
IEF878I END OF IEF877E FOR DFHSMG DFHSMG SYS16002 
3164 IEF238D DFHSMG - REPLY DEVICE NAME OR 'CANCEL'. 

In the DFHSM log all I found is :
IEF506I DFHSMG DFHSMG SYS16002 - NO STORAGE VOLUMES. 'VOLUME=PRIVATE'
ASSUMED.

Can anybody hazard a guess as to how or where I can find more
information on SYS16002 and why DFHSM is complaining?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html


 
-
Check out the all-new Yahoo! Mail beta - Fire up a more powerful email and get 
things done faster.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

ADRDSSU and AWS

2007-01-19 Thread Dave Cartwright

I am trying to restore from some backup tapes that I converted to .AWS 
format, but I am having problems handling the 65520 blocksize.
How do people manage this? Most AWS utilities I have tried cannot recreate 
a tape like this.  Anyone know of a utility that can?


Dave

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: SYSPLEX for PDS-E Sharing

2007-01-19 Thread R.S.


Craddock, Chris wrote:

We started down the SYSPLEX road, but never could get hardware
resources, then dropped from 6 to 3 LPAR's after Y2K.


Setting up a ESCON CTC isn't all that difficult and won't cost you
anything except a pair of ESCON channels. With that, you can set up a
3-LPAR SYSPLEX with GRS capabilities and go forward from there.  Helps
immensely if you diagram it out before you start to define the IOCDS
entries.


Don't forget that (AFAIK) all currently supported processors support
some form of xMIF, meaning that you don't really need actual physical
CTCs for connections within the same
CEC/Box/ so if you're just connecting
LPARS in the same machine you can do it trivially.



Here we are in 2007. It is simply staggering to me that people are still
whining about perceived "problems" and costs associated with sysplex.
Those old chestnuts are bogus. There is NO GOOD REASON to run monoplexes
in preference to at least a basic sysplex.


There are. Different LPARs run different businesses, different 
companies. Different security rules. Strict for production, light for 
development.




And if you really do need to
run multiple LPARS for your work, then you need to do some soul
searching about parallel sysplex. The benefits are enormous and the
costs really aren't.


I can't find *ANY* benefit of running *unrelated* systems on one CPC in 
sysplex. If you have more than one machine then pricing model could rape 
you to do sysplex, however it could be cheaper and more convenient to 
have *ONE* CPC.
Sysplex always mean higher CPU utilization. Well tuned sysplex takes 
about 5% of CPU, but it can be 20-30% (it expected it during some tests).
Base sysplex or even GRSplex is a cost. Relatively small in terms of 
investmens, however there's also software cost - laready mentioned 
higher CPU utilization.
Parallel sysplex can improve work of sysplex, but the cost is 
significantly higher - ICF is approx. $120k. For "single-CPC" sysplex. 
When multi-CPC, you need much more equipment.

We still talk about connecting unrelated systems into sysplex.
Oh, one more "benefit": migration effort. 

Yes, I'm aware of RAS, five nines (99.999%) etc. However my business 
needs less nines, less costs.




--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: DISP=MOD and REWIND

In <[EMAIL PROTECTED]>, on 01/17/2007
   at 08:13 AM, Binyamin Dissen <[EMAIL PROTECTED]> said:

>On Tue, 16 Jan 2007 23:33:13 -0800 glen herrmannsfeldt
><[EMAIL PROTECTED]> wrote:

>:>Just to be sure, is that what DISP=MOD and REWIND do?
>Go to the load point.

Only with LABEL=(1,NL); in general, it goes to the beginning of the
file, not to the beginng on the medium. Don't confuse a FORTRAN rewind
with a hardware rewind.

-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

In <[EMAIL PROTECTED]>, on 01/18/2007
   at 04:55 PM, Tom Schmidt <[EMAIL PROTECTED]> said:

>You are describing one of the core differences between real
>mainframes and  etch-a-sketch computers -- the real McCoy use parity
>for memory

Parity is so 1950's. The real McCoy uses ECC, with logging of
single-bit failures.

Machines without any error checking don't even qualify as
etch-a-sketch; they're just junk.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Forbidding Special characters in passwords

In
<[EMAIL PROTECTED]>,
on 01/16/2007
   at 11:05 AM, Dave Reinken <[EMAIL PROTECTED]> said:

>A lot of software has trouble with two middle names or initials. When
>we moved to NY my wife had to get the manager of the DMV over to get
>her double middle name handled. They initially flat out refused to do
>it, despite the facts that a) it was on her marriage certificate, b)
>it was on her AZ driver's license, and c) it was on her social
>security card. They eventually let her keep it, but made her also use
>an initial for her first name so that it would all fit in their
>system.

While it's not worth the expense, a writ of mandamus would have fixed
it tout suite.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

In <[EMAIL PROTECTED]>, on 01/16/2007
   at 11:10 PM, Bill Seubert <[EMAIL PROTECTED]> said:

>My pet peeve is the tendancy of some of the unwashed masses to refer
>to Wintel and/or *IX systems as "open systems" versus "mainframes." 
>Seems they are ignorant of the support of the myriad of open
>standards that the mainframe provides. 

To say nothing of the standards that m$ doesn't support. The junk from
Redmond is the least open in the industry.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Forbidding Special characters in passwords

In <[EMAIL PROTECTED]>, on 01/16/2007
   at 06:25 PM, "R.S." <[EMAIL PROTECTED]> said:

>IMHO this is partially on topic. People provide strange names 
>(off-topic) and hwoe they interact with computer systems (ON-TOPIC).
>AFAIK there is in some countries *official standard* for people's
>names.

That only works for systems targetted to a single country.

>  It solves majority of the problems:

And infringes on personal liberty, especially in countries with
multiple languages. It's certainly unacceptable in a multicultural
society such as what the USA nominally has.

-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Forbidding Special characters in passwords

In
<[EMAIL PROTECTED]>,
on 01/16/2007
   at 07:21 PM, Ted MacNEIL <[EMAIL PROTECTED]> said:

>BTS (a bit of topic), you know longer have to say 'his(her)',
>'his/her', etc. 

I never had to, and I don't. 

>A few years ago, an English standard of they (he/she)
>and their (his/her), they, etc. was accepted as inclusive language.
>It looks odd, at first.

The use of "they" as a singular goes back much farther then the PC
nonsense.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

In
<[EMAIL PROTECTED]>,
on 01/17/2007
   at 07:30 AM, "Chase, John" <[EMAIL PROTECTED]> said:

>Indeed.  Windows is about as "open" as the former Soviet Union.

Under Stalin.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

In <[EMAIL PROTECTED]>, on 01/18/2007
   at 07:17 AM, Ed Gould <[EMAIL PROTECTED]> said:

>SIgh... and we won't talk about the current Z/os would you where IBM 
> continuously shrinks the source it sends out. JES2 is almost down to 
> bare bones, despite IBM promises to the contrary when IBM went  
>(mostly) OCO 10 or so years ago.

FSVO 10 much larger than the standard value. 

That's only one of the OCO promises that IBM broke.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

In <[EMAIL PROTECTED]>, on 01/18/2007
   at 07:56 PM, Shane <[EMAIL PROTECTED]> said:

>Do they just ???.
>That makes them tainted, and hence unable to report kernel oops'es to
>the kernel developers.

No. There is a difference between Linux and a Linux distribution. It's
only if they had proprietary changes to the kernel that it would be
tainted, but in that case it wouldn't be legal to distribute it at
all.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Tom Marchant

On Fri, 19 Jan 2007 07:08:19 -0500, Shmuel Metz (Seymour J.) wrote:

>In <[EMAIL PROTECTED]>, on 01/18/2007
>   at 04:55 PM, Tom Schmidt said:
>
>>You are describing one of the core differences between real
>>mainframes and  etch-a-sketch computers -- the real McCoy use parity
>>for memory
>
>Parity is so 1950's. The real McCoy uses ECC, with logging of
>single-bit failures.
>
>Machines without any error checking don't even qualify as
>etch-a-sketch; they're just junk.
>

When the IBM PC was first introduced in 1981, it was the first of
the PCs with parity.  Today there are only a few PC "servers" with
ECC memory, but the rest have nothing.  Try to find a laptop with
parity or ECC memory.

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

2007-01-19 Thread Thompson, Steve (SCI TW)

-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Timothy Sipples
Sent: Thursday, January 18, 2007 11:25 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Mainframe vs. "Server" (Was Just another example of
mainframe costs.)

It depends on the distribution of course, but the following popular
Linux
drivers are closed source:

NVIDIA (video)
ATI (video)
LSI Logic (storage)
some software-based modems (e.g. Lucent)
some ISDN drivers

There are others as well.  Some distributions (e.g. Debian, Ubuntu)
don't
include these drivers at all, and you have to go fetch them on your own
if
you want/need them.  Others include them as standard Web deliverables,
and
still others (e.g. Linspire) include them in their distributions.  For
NVIDIA and ATI there are open source alternatives, although
functionality
may be more limited with the alternatives.

Just so we are clear here, this can be a catch-22 situation. If you have
a notebook/laptop and it needs one of the aforementioned drivers, just
how do you boot so you can install it?

Being a Linspire (and before that Lindows) user I can tell you that ATI
drivers are a pain in the neck for this very reason. And it is one of
the reasons that I'm going to pure Debian (Linspire wants you to get
married to CnR (Click-n-Run), and so DON'T provide a C/C++ compiler or
kernel source until you CNR it).

Let's put this in a "mainframe" perspective: Imagine that you have
decided on a specific type of graphics display and you have only bought
those, and you must install a specific driver to use them. So you need
to install these during system build, but you can't install a z/OS
servrpac unless you can see what you are doing... 

But these issues aren't addressed when you buy an "open" system. And
they are accepted as just the way it is for the "open" systems. Because
of lack of standards for hardware interface, software behavior, install
of drivers and other software, the hidden cost of ownership/computing
can really bite you.

Later,
Steve Thompson

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

2007-01-19 Thread Ed Gould


On Jan 19, 2007, at 6:49 AM, Shmuel Metz (Seymour J.) wrote:


In <[EMAIL PROTECTED]>, on 01/18/2007
   at 07:17 AM, Ed Gould <[EMAIL PROTECTED]> said:


SIgh... and we won't talk about the current Z/os would you where IBM
continuously shrinks the source it sends out. JES2 is almost down to
bare bones, despite IBM promises to the contrary when IBM went
(mostly) OCO 10 or so years ago.


FSVO 10 much larger than the standard value.

That's only one of the OCO promises that IBM broke.



OK I was off my 5 or so years. I also realized that they did break  
other promises but people (like Timothy) wear rose color glasses in  
awe of IBM. The new crop of sysprogs just don't know (or don't care)  
about such things.


At SHARE I can remember distinctly the PUBs people swearing up and  
down that they will document *ANY AND ALL* messages and codes. First  
it started with TCP line and then spread to other OE type products  
and now its a standing joke with COBOL. I am sure I left out a  
product or two but the point is IBM has broken many promises and with  
their current regime its only going to get worse.


Ed

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

2007-01-19 Thread Thompson, Steve (SCI TW)

-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Ed Gould
Sent: Friday, January 19, 2007 7:57 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Mainframe vs. "Server" (Was Just another example of
mainframe costs.)

At SHARE I can remember distinctly the PUBs people swearing up and  
down that they will document *ANY AND ALL* messages and codes. First  
it started with TCP line and then spread to other OE type products  
and now its a standing joke with COBOL. I am sure I left out a  
product or two but the point is IBM has broken many promises and with  
their current regime its only going to get worse.

How about DFP and I/O?

[Boy is this a hot button with me.  must go get analgesic pain
killer.large doseAmber colored   from Scotland]

Later,
Steve Thompson

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Ed Finnell

 
In a message dated 1/19/2007 12:13:02 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:

particle  hits on memory were possible. I don't recall the 
precise figures, but seem  to recall it was around one hit per 
megabyte per 10**4 or 10**5 hours. For  memory with any means of 
error correction this is  negligible.



>>
We used to get them on a 400J. Usually concurrent maint. Kinda fun to watch  
the FRU replacement. Stop the component, turn off the power, turn off the  
water, pull off the piping, change the module, reconnect, start the water,  
check 
for leaks, add fungicide as required, start the unit, perform diagnostics,  
check for leaks, shoot the CE who left the whole thing in Service  mode...

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Tape mount difficulties

2007-01-19 Thread Roberto Halais


Dear Listers:

I received from IBM a tape cartridge with ptfs. On the label it said 3590
and den=828K and letter J.

We have a 3494 ATL and we inserted the tape as an unlabeled cart type J into
the ATL.
When I checked thru ISMF it appeared as a MEDIA3 , 128TRACKS.

When I run an SMP/E receive job I get the following message:

IGD330I ERROR OCCURRED DURING CBRXLCS PROCESSING-
NO DEVICE POOLS TO FULFILL REQUEST FOR THE SPECIFIED RECORDING TECHNOLOG
THE FAILING VOLSER IS G17901
IGD306I UNEXPECTED ERROR DURING ?CBRXLCS PROCESSING
RETURN CODE 12 REASON CODE 66
THE MODULE THAT DETECTED THE ERROR IS IGDCAT01
SMS MODULE TRACE BACK - CAT01 CAT00 SSIRT
SYMPTOM RECORD CREATED, PROBLEM ID IS IGD00223

We run CA-1 and we normally specify EXPDT=98000 for external tapes.

My jcl is:

//SMPHOLD DD   DISP=OLD,RECFM=FB,LRECL=80,BLKSIZE=27920,
// DSN=HOLDDATA,VOL=SER=G17901,LABEL=(4,NL),
// UNIT=ETAPE,
// EXPDT=98000
//SMPPTFINDD   DISP=OLD,RECFM=FB,LRECL=80,BLKSIZE=27920,
// DSN=PTF,VOL=SER=G17901,LABEL=(1,NL),
// UNIT=ETAPE,
// EXPDT=98000

ETAPE point to the ATL 3590 drives.

Any help would be greatly appreciated.

Kind Regards,
Roberto

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

2007-01-19 Thread Ed Finnell

 
In a message dated 1/19/2007 7:58:44 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:

At SHARE  I can remember distinctly the PUBs people swearing up and  
down that  they will document *ANY AND ALL* messages and codes. First  
it  started with TCP line and then spread to other OE type products  
and  now its a standing joke with COBOL. I am sure I left out a  
product  or two but the point is IBM has broken many promises and with   



>>
I don't remember which city, definitely West Coast early 80's and  Chester 
Hood(who was at Vandy Med Center) chaired the first SHARE OCO session.  Maybe 
the most vituperative SHARE session ever. Lots of yelling and pleading.  After 
we got back to work and were able to analyze it. Most of it depended on  IBM 
documenting interfaces to important modules and parameter calls. Most of our  
IBM reps and SHARE reps agreed that would be the key. Never happened...so we  
ponied up for Source distribution.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Command repeat for ISPF 3.4?

2007-01-19 Thread Larry R. Wright


David Long,

I tried your suggestion for s  , but it does not work for me. 
 I get Invalid command/The command entered is not valid for the Data Set 
List Utility.


Is this native code allowing this?FYI, I'm on z/OS 1.4.

Thanks,

Larry

_
Your Space. Your Friends. Your Stories. Share your world with Windows Live 
Spaces. http://discoverspaces.live.com/?loc=en-CA


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Clark Morris

On 19 Jan 2007 05:07:48 -0800, in bit.listserv.ibm-main you wrote:

>In <[EMAIL PROTECTED]>, on 01/18/2007
>   at 04:55 PM, Tom Schmidt <[EMAIL PROTECTED]> said:
>
>>You are describing one of the core differences between real
>>mainframes and  etch-a-sketch computers -- the real McCoy use parity
>>for memory
>
>Parity is so 1950's. The real McCoy uses ECC, with logging of
>single-bit failures.
>
>Machines without any error checking don't even qualify as
>etch-a-sketch; they're just junk.
> 
Unfortunately, that description applies to every commercially
available laptop that I have seen and a large percentage of home PCs.
Much to my disgusted resignation, the two newest computers in my house
are without any form of memory checking.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Transactions per Watt

2007-01-19 Thread Bill Richter

Great article suggesting "Measure transactions/watt""if you don't 
measure it, you can't improve it"

IBM should jump on this since this is a strength of z/OS transaction 
workloads and zLinux server consolidation.  I have not seen any statements 
of power efficiency on a transaction/watt metric.

http://www.addsimplicity.com/adding_simplicity_an_engi/2007/01/compute_power
_i.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Tape mount difficulties

2007-01-19 Thread Jack Kelly

You may want to review IBM's  II13276. Although it talks mostly about 
output, the portion about 'readcompat' might address your concern. 



Jack Kelly
LA Systems @ US Courts
x 202-502-2390

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Security on development was Re: SYSPLEX for PDS-E Sharing

2007-01-19 Thread Clark Morris

On 19 Jan 2007 04:37:48 -0800, in bit.listserv.ibm-main you wrote:

>Craddock, Chris wrote:
 We started down the SYSPLEX road, but never could get hardware
 resources, then dropped from 6 to 3 LPAR's after Y2K.

>>> Setting up a ESCON CTC isn't all that difficult and won't cost you
>>> anything except a pair of ESCON channels. With that, you can set up a
>>> 3-LPAR SYSPLEX with GRS capabilities and go forward from there.  Helps
>>> immensely if you diagram it out before you start to define the IOCDS
>>> entries.
>> 
>> Don't forget that (AFAIK) all currently supported processors support
>> some form of xMIF, meaning that you don't really need actual physical
>> CTCs for connections within the same
>> CEC/Box/ so if you're just connecting
>> LPARS in the same machine you can do it trivially.
>> 
>> 
>> 
>> Here we are in 2007. It is simply staggering to me that people are still
>> whining about perceived "problems" and costs associated with sysplex.
>> Those old chestnuts are bogus. There is NO GOOD REASON to run monoplexes
>> in preference to at least a basic sysplex.
>
>There are. Different LPARs run different businesses, different 
>companies. Different security rules. Strict for production, light for 
>development.
>
Gjiven the source of most test data, I believe that we in the
development area have been very lax in security. Being light on
security in the development area will come back to haunt us.  In most
of my development work I have had access to what was basically some
form of a copy of production data which has then been manipulated.

>> rest snipped

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Transactions per Watt

2007-01-19 Thread Paul Gilmartin

In a recent note, Bill Richter said:

> Date: Fri, 19 Jan 2007 09:08:17 -0600
> 
> Great article suggesting "Measure transactions/watt""if you don't
> measure it, you can't improve it"
> 
> IBM should jump on this since this is a strength of z/OS transaction
> workloads and zLinux server consolidation.  I have not seen any statements
> of power efficiency on a transaction/watt metric.
> 
Shouldn't that be transactions/Joule?  (Perhaps even transactions/BTU?)

> http://www.addsimplicity.com/adding_simplicity_an_engi/2007/01/compute_power_i.html

-- gil
-- 
StorageTek
INFORMATION made POWERFUL

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

On 19 Jan 2007 05:58:21 -0800, [EMAIL PROTECTED] (Ed Gould)
wrote:

>OK I was off my 5 or so years. I also realized that they did break  
>other promises but people (like Timothy) wear rose color glasses in  
>awe of IBM. The new crop of sysprogs just don't know (or don't care)  
>about such things.

I'm more likely to defend IBM mainframes nowadays when I'm defending
them against Wintel servers than in the old days when the competition
was other mainframe companies.

Maybe it's because big dominant guys don't need defending - and the
concept of IBM mainframes is no longer dominant in the public's mind.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Command repeat for ISPF 3.4?

2007-01-19 Thread David Long

Larry, 
Sine the command is working on selected members in your PDS/PDSE, you have 
to enter the command *after* you bring up the member list.  You probably 
did it before the list was displayed.

Dave

On Fri, 19 Jan 2007 09:51:58 -0500, Larry R. Wright 
<[EMAIL PROTECTED]> wrote:

>David Long,
>
>I tried your suggestion for s  , but it does not work for 
me.
>  I get Invalid command/The command entered is not valid for the Data Set
>List Utility.
>
>Is this native code allowing this?FYI, I'm on z/OS 1.4.
>
>Thanks,
>
>Larry

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRDSSU and AWS

2007-01-19 Thread Sebastian Welton

On Fri, 19 Jan 2007 06:20:51 -0600, Dave Cartwright
<[EMAIL PROTECTED]> wrote:

>I am trying to restore from some backup tapes that I converted to .AWS
>format, but I am having problems handling the 65520 blocksize.
>How do people manage this? Most AWS utilities I have tried cannot recreate
>a tape like this.  Anyone know of a utility that can?

Have you tried just using IEBGENER? I know it sounds silly but I create a
full  disk backup using ADRDSSU and then convert it to AWS format. To
restore it I then just use IEBGENER to copy the AWS file to a sequential
dataset on disk and then use ADRDSSU to restore it.

Seb.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Command repeat for ISPF 3.4?

2007-01-19 Thread Larry R. Wright

Thanks for the repy Dave,

That explains why it did not work for me.  I am trying to process a list of 
datasets - not members.

Larry

From: David Long <[EMAIL PROTECTED]>
Reply-To: IBM Mainframe Discussion List 
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Command repeat for ISPF 3.4?
Date: Fri, 19 Jan 2007 09:36:32 -0600

Larry,
Sine the command is working on selected members in your PDS/PDSE, you have
to enter the command *after* you bring up the member list.  You probably
did it before the list was displayed.

Dave

On Fri, 19 Jan 2007 09:51:58 -0500, Larry R. Wright
<[EMAIL PROTECTED]> wrote:

>David Long,
>
>I tried your suggestion for s  , but it does not work for
me.
>  I get Invalid command/The command entered is not valid for the Data Set
>List Utility.
>
>Is this native code allowing this?FYI, I'm on z/OS 1.4.
>
>Thanks,
>
>Larry

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

_
http://ideas.live.com/programpage.aspx?versionid=b2456790-90e6-4d28-9219-5d7207d94d45&mkt=en-ca

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Security on development was Re: SYSPLEX for PDS-E Sharing

2007-01-19 Thread Craddock, Chris

I said
> >> Those old chestnuts are bogus. There is NO GOOD REASON to run
> monoplexes
> >> in preference to at least a basic sysplex.

RS said
> >There are. Different LPARs run different businesses, different
> >companies. Different security rules. Strict for production, light for
> >development.

If each monoplex is a different business then ok. But that's not usually
the case. It is most often just multiple LPARs within the same business,
being operated as if it is still 1985. 

z/OS systems are not especially reliable or manageable when run like
that. The reliability of the base operating system and subsystems are
fine, but the net when you add in applications and workloads that push
systems into uncomfortable places in the design envelope is instability
and erratic service at best. The sysplex architecture is there for a
reason, not just to make IBM wealthy.

Clark said
> Gjiven the source of most test data, I believe that we in the
> development area have been very lax in security. Being light on
> security in the development area will come back to haunt us.  In most
> of my development work I have had access to what was basically some
> form of a copy of production data which has then been manipulated.

True enough and this is part of the "dirty little secret" we live with.
Security is only as good as the weakest link. Most systems run a mix of
IBM, ISV and home-grown software and it is almost laughably easy (for a
guy like me anyway) to find holes in that environment. 

It is entirely possible to make the platform all-but bulletproof, but
most aren't. That's one of the reasons you hear me harp on about
integrity from time to time. If you have integrity exposures, no matter
how slight, you don't really have security.

CC

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Jeffrey D. Smith

> -Original Message-
> From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
> Behalf Of Jeffrey Deaver
> Sent: Thursday, January 18, 2007 6:44 PM
> To: IBM-MAIN@BAMA.UA.EDU
> Subject: Re: Decoding the encryption puzzle
> 
> >I wouldn't encrypt data within a datacenter. The only data that gets
> >encrypted around here is data that goes out the door. Internal tapes are
> >not encrypted.
> 
> >If one level of backup are in your automated tape library, in a data
> center
> >with card-key access in a building with armed guards on all entrances who
> >inspect packages coming in AND going out, then I don't think you need to
> >encrypt that data.
> 
> Its too easy for one of those 'secure' tapes to walk out the door with a
> disgruntled employee.  And when the audit turns up a tape missing - its
> not
> going to care how or where it went - only that its missing and not
> encrypted.  More than once I've read notices from companies announcing
> breaches where they state that they are '99% sure its in a landfill,
> but...'.  And while that may be true and the data is more than likely
> safe,
> the damage to the reputation is already done, and the cost to notify is
> real.
> 
> For my money, if it >can< be carried out, its going to be encrypted.
> 
> Jeffrey Deaver, Engineer

My favorite management quote, "We have never had an undetected security
breach."

There are US government publications describing so-called "best practices"
for securing data and managing keys, which also describe themselves as
"evolving documents". That is, they are still inventing the processes
and updating the publications as new ideas are introduced.

If your datacenter is highly secure, that means both physical security
and data security (encrypted). Data is accessible only through a trusted
server that authenticates the user's security permissions (e.g., RACF
security label of the data and of the user). Permission to access
clear data is distinct from permission to access encrypted data (usually
for archival/restore purposes). Permission to read-only is distinct
from permission to read-write. The front-end application never sees
both encrypted and clear data at the same time; it's managed within a
secure boundary of a trusted server.

Jeffrey D. Smith
Principal Product Architect
Farsight Systems Corporation
700 KEN PRATT BLVD. #204-159
LONGMONT, CO 80501-6452
303-774-9381 direct
303-484-6170 FAX
http://www.farsight-systems.com/
see my résumé at my website

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Transactions per Watt

2007-01-19 Thread Charles Mills

Right. Or per watt-hour. People mis-use these ratios all the time. You hear
people talk about "how many MIPS a particular transaction uses." That's like
saying "how many miles per hour is it from New York to Boston?"

Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Paul Gilmartin
Sent: Friday, January 19, 2007 7:23 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Transactions per Watt

In a recent note, Bill Richter said:

> Date: Fri, 19 Jan 2007 09:08:17 -0600
> 
> Great article suggesting "Measure transactions/watt""if you don't
> measure it, you can't improve it"
> 
> IBM should jump on this since this is a strength of z/OS transaction
> workloads and zLinux server consolidation.  I have not seen any statements
> of power efficiency on a transaction/watt metric.
> 
Shouldn't that be transactions/Joule?  (Perhaps even transactions/BTU?)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: security on development

2007-01-19 Thread john gilmore


Chris Craddock writes:


True enough and this is part of the "dirty little secret" we live with.
Security is only as good as the weakest link. Most systems run a mix of
IBM, ISV and home-grown software and it is almost laughably easy (for a
guy like me anyway) to find holes in that environment.


This is the case for many of us, and I am not sure that it is nearly so 
problematic as it is usually represented to be.


Most large cities contain locksmiths who, given physical access, can open 
bank vaults almost at will; but they do not use their skills to burglarize 
banks; they open vaults only in response to legitimate, elaborately 
authenticated requests.  It is indeed arguable that if bank vaults are to be 
prevalent locksmiths who can open them in extremis are essential.


Insecure shops are highly problematic, but I know of shops of this kind in 
which security measures of various plausible-to-laymen kinds (and others 
represented, disingenuously, as useful by those who know better) have been 
effective only in hamstringing operations and performance.


I have just looked at a set of 23 security recommendations for a z/OS shop, 
prepared by an eminently respectable public accounting firm, of which three 
were reasonable, although not very important, and 20 were preposterous; and 
the sour tone of this post is perhaps attributable to that experience.



John Gilmore
Ashland, MA 01721-1817
USA

_
Get in the mood for Valentine's Day. View photos, recipes and more on your 
Live.com page. 
http://www.live.com/?addTemplate=ValentinesDay&ocid=T001MSN30A0701


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Command repeat for ISPF 3.4?

2007-01-19 Thread Mark Zelden

Doesn't exist.  

You can RYO program / exec / clist (yuck) using the LMDLIST service
with creating the list as part of the program.  You could pass 
the "3.4 dsn mask" and the command to the program.

SMOP. 


/* REXX */  
/*   */ 
/* AUTHOR: Mark Zelden   */ 
/*   */ 
//  
/* CMD34 - process commands against an ISPF 3.4 type DSLIST */  
/*  */  
/* SYNTAX:  TSO %CMD34 DSN_LVL COMMAND  */  
/*  */  
/* Example: TSO %CMD34 SYS2.OLD.PRODUCT.HLQ HMIG*/  
//  
Arg lvl cmd 
If lvl = '' | cmd = '' then do  
  Say 'Missing DSN_LVL or COMMAND to execute.'  
  Say ' '   
  Say 'SYNTAX:  TSO %CMD34 DSN_LVL COMMAND' 
  exit 12   
End 
 /* */  
 /* Quick ISPF save of data set names. This is much quicker */  
 /* than using OPT 3.4, because it does not do an obtain*/  
 /* for each data set in the list because of STATS(NO). */  
 /* The dsn created will be userid.CMD34.DATASETS   */  
 /* */  
Address ISPEXEC "CONTROL ERRORS RETURN" 
Address ISPEXEC "LMDINIT LISTID(LISTID) LEVEL("lvl")"   
Address ISPEXEC ,   
  "LMDLIST LISTID("listid") OPTION(SAVE) STATS(NO) GROUP(CMD34)"
Address ISPEXEC "LMDFREE LISTID("listid")"  

uid = sysvar('SYSUID')  
/* allocate dsn list file and read it */
"ALLOC FI(INPUT) DA('" || uid || ".CMD34.DATASETS') SHR REUSE"  
"EXECIO * DISKR INPUT (STEM INREC. FINIS"   
Do I = 1 to INREC.0 
  dsn = word(inrec.i,1) 
  Address TSO cmd dsn   
End 

junk = msg(off) 
"DELETE '" || uid || ".CMD34.DATASETS'" 
junk = msg(on)  

Exit 0  



--
Mark Zelden
Sr. Software and Systems Architect - z/OS Team Lead
Zurich North America / Farmers Insurance Group - GITO
mailto:[EMAIL PROTECTED]
z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/
Systems Programming expert at http://expertanswercenter.techtarget.com/
Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html

 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Dave Kopischke

On Thu, 18 Jan 2007 19:44:29 -0600, Jeffrey Deaver wrote:

>Its too easy for one of those 'secure' tapes to walk out the door with a
>disgruntled employee.  And when the audit turns up a tape missing - its not
>going to care how or where it went - only that its missing and not
>encrypted.  More than once I've read notices from companies announcing
>breaches where they state that they are '99% sure its in a landfill,
>but...'.  And while that may be true and the data is more than likely safe,
>the damage to the reputation is already done, and the cost to notify is
>real.
>
>For my money, if it >can< be carried out, its going to be encrypted.

So what happens when that disgruntled employee decrypts a tape and 
downloads it to a USB memory stick and walks out the door with that ??? 
Those memory sticks hold a lot of information and they're very small. At 
some point, you've got to evaluate the situation for reasonableness and 
call it good enough.

I would also argue that the disgruntled employee scenario is a data theft, 
not a data loss. Prosecute relentlessly or it will only get worse.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Compuware February 2006 Technical Spotlight Sessions

2007-01-19 Thread Dell'Anno, Aurora

APPROVED BY THE LIST OWNER
 
==
 
Hi All, 

please find below the February schedule for Spotlight Sessions, for all
you Compuware users/customers out there.  

Remember, our customers are required to register for FrontLine to access
these sessions, the February 6 Spotlight is a great opportunity to
register and gain an insight and understanding of how FrontLine can
benefit you.

ciao!
 
Aurora Emanuela Dell'Anno
Compuware Ltd.
Systems Engineer, Mainframe pre-Sales

___

email: [EMAIL PROTECTED]
tel. :  +44 (0)1753 444331
cell.:  +44 (0)7779 881331
 

___

No trees were killed in the sending of this message. However - a large
number of electrons were terribly inconvenienced.

 

Hello,

The February 2007 Spotlight sessions have been posted to FrontLine's
Events page.   February's schedule will consist of 4 sessions:  

 February 06   Strobe: Mini measurement, Mega data:
The CICS performance supplement 

 February 13   File-AID: Advanced Editing  Tips for DB2
Users ( Repeat Session due to customer requests)

 February 20   Abend-AID: Setting up 'On The Fly' for
Systems Programmers

 February 27   Xpediter/Code Coverage: Using Code
Coverage to Tag, Flag and Test critical code 



We have had great success with these sessions - you continue to respond
on the Spotlight surveys asking us for more!  

In addition, I've included the link to the Events page on FrontLine
(http://frontline.compuware.com/user/events/default.asp
 ) and the link
to the archives page where all the previous presentations and tip-sheets
can be found (http://frontline.compuware.com/user/events/16791.asp
 ) in case you
would like to see past Spotlight presentations (you will need to log on
to FrontLine to view either of these links).

If you have any questions or comments, please feel free to contact me. 

 

The contents of this e-mail are intended for the named addressee only. It 
contains information that may be confidential. Unless you are the named 
addressee or an authorized designee, you may not copy or use it, or disclose it 
to anyone else. If you received it in error please notify us immediately and 
then destroy it. 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Risks (Was Re: Decoding the encryption puzzle)

2007-01-19 Thread Eric Chevalier

On 19 Jan 2007 05:29:45 -0800,
[EMAIL PROTECTED] (Tom Marchant) wrote:

>On Fri, 19 Jan 2007 07:08:19 -0500, Shmuel Metz (Seymour J.) wrote:
>
>>Machines without any error checking don't even qualify as
>>etch-a-sketch; they're just junk.
>
>When the IBM PC was first introduced in 1981, it was the first of
>the PCs with parity.  Today there are only a few PC "servers" with
>ECC memory, but the rest have nothing.  Try to find a laptop with
>parity or ECC memory.

Come on, folks; let's have a little perspective on this issue! Perhaps
you can't find laptops with ECC memory because the non-ECC memory is
completely reliable for all _practical_ purposes? Am I running a risk
of data corruption on my laptop because of some random memory error
that goes undetected? Sure. But right now, I'm far more worried about
slipping on the ice from last weekend's storm as I go out to my truck,
falling on my backpack and breaking that laptop.

My employer's shiny new Z9 processor doesn't have to worry about that
particular risk! :-)

Eric

--
Eric Chevalier  E-mail: [EMAIL PROTECTED]
   Web: www.tulsagrammer.com
Is that call really worth your child's life?  HANG UP AND DRIVE!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Kirk Talman

One necessary step to security where desktops connect to secure 
information is to disable all outbound ports on the desktop.  Don't know 
if it is a windoz feature or ISV software.

IBM Mainframe Discussion List  wrote on 01/19/2007 
11:56:52 AM:

> So what happens when that disgruntled employee decrypts a tape and 
> downloads it to a USB memory stick and walks out the door with that ??? 
> Those memory sticks hold a lot of information and they're very small. At 

> some point, you've got to evaluate the situation for reasonableness and 
> call it good enough.

-
The information contained in this communication (including any
attachments hereto) is confidential and is intended solely for the
personal and confidential use of the individual or entity to whom
it is addressed. The information may also constitute a legally
privileged confidential communication. If the reader of this
message is not the intended recipient or an agent responsible for
delivering it to the intended recipient, you are hereby notified
that you have received this communication in error and that any
review, dissemination, copying, or unauthorized use of this
information, or the taking of any action in reliance on the
contents of this information is strictly prohibited. If you have
received this communication in error, please notify us immediately
by e-mail, and delete the original message. Thank you

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

>Those memory sticks hold a lot of information and they're very small.

Two days after I bought a 6GB USB drive for $117 CDN, I saw an 8GB one at The 
Source by Circuit City (formerly Radio Shack), for $105.

Years ago, I saw somebody bring in their own 30GB hard drive, after creating 
XMIT unloads, FTP'ing, and ZIP'ing, and used it to copy everything in his 'My 
Documents' folder (15GB'ish) onto it.
Then he took the drive out to his car, came back, turned in his laptop, badge, 
cell, & pager.

It was his last day.
He was downsized, as I would be a few years later.

Nobody stopped him!
And, it wasn't as subtle as a USB drive.

.
Questions?
Concerns?
(Screams of Outrage?)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

On 19 Jan 2007 08:57:13 -0800, [EMAIL PROTECTED] (Dave
Kopischke) wrote:

>So what happens when that disgruntled employee decrypts a tape and 
>downloads it to a USB memory stick and walks out the door with that ??? 
>Those memory sticks hold a lot of information and they're very small. At 
>some point, you've got to evaluate the situation for reasonableness and 
>call it good enough.
>
>I would also argue that the disgruntled employee scenario is a data theft, 
>not a data loss. Prosecute relentlessly or it will only get worse.

It seems that one part of security that isn't emphasized is to have a
procedure that checks to see if such a crime has been committed.   We
can't do that by examining our data to see if they're missing - we
have to monitor to see if they show up elsewhere.

That might mean we keep tracer data in our database that are designed
for this task.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

On 19 Jan 2007 09:10:53 -0800, [EMAIL PROTECTED] wrote:

>One necessary step to security where desktops connect to secure 
>information is to disable all outbound ports on the desktop.  Don't know 
>if it is a windoz feature or ISV software.

Why not go all the way?   Replace the customers' computers with
etch-a-sketches.   As long as we're not going to let them take home
documents to work on, make sure they don't have access to them in the
first place.So what if they can't do their jobs - the data are
safe!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Transactions per Watt

2007-01-19 Thread Ed Finnell

 
In a message dated 1/19/2007 10:30:12 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:

Right.  Or per watt-hour. People mis-use these ratios all the time. You hear
people  talk about "how many MIPS a particular transaction uses." That's  like
saying "how many miles per hour is it from New York to  Boston?"




>>
I'm sure it's a boundary value problem with eigenvalues all programmed in  
APL behind the wall behind the fence with some nerdy types providing copious  
annotations. The results just don't get out very often...I webcrawled  for
bipolar vs cmos and this old thing was good as it got...
 
_http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP390G4B.html_
 
(http://www-03.ibm.com/ibm/history/exhibits/mainframe/mainframe_PP390G4B.html)  
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Jeffrey Deaver

>So what happens when that disgruntled employee decrypts
>a tape and downloads it to a USB memory stick and walks
>out the door with that ???

Data loss (theft) and need to notify - if you even know about it.   There
are products available for PCs/laptops that will stop data copies to
removable media unless its encrypted - but then what about email?  This
really gets to the point that if you want to protect sensitive data, it has
to be encrypted from time of creation - otherwise there is always an
opportunity for a copy of it to move somewhere.

Heck - even if its encrypted from creation - the 'analog hole' will still
be an opportunity for data leaks as account reps or the like talk with
customers and have access to view that sensitive information on their
monitors.   But the point there is that its a smaller amount of data - one
customer at a time.  The amount of damage that can be done is limited.
While the back-end stores of data that provide the opportunity for leaks
thousands of times bigger is protected all the time.


>At some point, you've got to evaluate the situation for
>reasonableness and call it good enough.

I don't get to define reasonable.


>Prosecute relentlessly or it will only get worse.

Agreed.  But again, not my department.

Jeffrey Deaver, Engineer
Systems Engineering
[EMAIL PROTECTED]
651-665-4231(v)
651-610-7670(p)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Writing subprograms that may be called from batch or CICS modules

2007-01-19 Thread Gilbert Saint-Flour

On Friday 19 January 2007 11:31, BillD wrote:

> We have several modules that are maintained in both batch and online
> versions.  This may have been necessary in the past, but we are now
> running z/OS and there ought to be a way to handle dynamic calls to
> modules that will work in either environment using the COBOL LE
> (Language Environment.)  My module works when called by a batch driver.
>  My initial try in CICS got me a Segment-Translation Exception on the
> statement that moves an item from the linkage section to the working
> storage section.  Anyone else already cross this bridge?

This type of problem is common when converting CICS programs from VSE to MVS.
The most typical example is MOVE DFHCOMMAREA TO ws-, where length(ws-) 
is longer than length(DFHCOMMAREA).  This is something that's generally 
noticed (and corrected) when the converted applications are being tested.  

For DFHCOMMAREA, there's a simple way to ensure that the MOVE instruction only 
transfers data that's available, and prevent the abend : 

MOVE DFHCOMMAREA(1:EIBCALEN) TO ws-

-- 
 Gilbert Saint-Flour
 GSF Software
 http://gsf-soft.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Tape mount difficulties

2007-01-19 Thread Roberto Halais


Jack:

Thank you for II13276.

It has a nice debugging method for this type of problem.

The problem was exactly what you said:  READCOMPAT.

I did what the apar suggested and altered the volume's  TCDB  for
readcompat.

My job worked first shot.

Thank you again!

Kind regards,
Roberto



On 1/19/07, Jack Kelly <[EMAIL PROTECTED]> wrote:


You may want to review IBM's  II13276. Although it talks mostly about
output, the portion about 'readcompat' might address your concern.



Jack Kelly
LA Systems @ US Courts
x 202-502-2390

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html





--
"I am as you, in you, for you. One as you in all, as all, forever. My call
is your call."

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

2007-01-19 Thread Clark Morris

On 19 Jan 2007 06:44:35 -0800, in bit.listserv.ibm-main you wrote:

> 
>In a message dated 1/19/2007 7:58:44 A.M. Central Standard Time,  
>[EMAIL PROTECTED] writes:
>
>At SHARE  I can remember distinctly the PUBs people swearing up and  
>down that  they will document *ANY AND ALL* messages and codes. First  
>it  started with TCP line and then spread to other OE type products  
>and  now its a standing joke with COBOL. I am sure I left out a  
>product  or two but the point is IBM has broken many promises and with   
>
>
>
>>>
>I don't remember which city, definitely West Coast early 80's and  Chester 
>Hood(who was at Vandy Med Center) chaired the first SHARE OCO session.  Maybe 
>the most vituperative SHARE session ever. Lots of yelling and pleading.  After 
>we got back to work and were able to analyze it. Most of it depended on  IBM 
>documenting interfaces to important modules and parameter calls. Most of our  
>IBM reps and SHARE reps agreed that would be the key. Never happened...so we  
>ponied up for Source distribution.
>
I think (my recollection of those events is not even 80 percent
accurate) that they even said lack of documentation would be APARable.
It might be interesting to pursue that avenue of attack.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Cart & Disk Allocation

2007-01-19 Thread Jim Marshall

There has been a running discussion about allocation of drive, carts or 
disk which harkens back to the early days of MVS (later days of MVT) where 
a shortage of drives, some drive was broken, or good SYSPROGs sysgen'ed 
into the system more devices than they needed to keep from doing IOGENs. 
The problem was since the device was gen'ed and OFFLINE, it was a 
candidate for ALLOCATION. 

To resolve this problem, I found (and believe is still there) was a bit in 
the UCB which was turned on when the CE ran OLTEP. If this bit was on, the 
system thought it was unavailable. I wrote a small program which could be 
run as a STC, passing the UCB address and whether to turn it ON or OFF. If 
the bit was on for a broken drive (or non-existent one), the system would 
think it had OLTEP running on it and skip any allocation attempts. 

The byte is the UCBFLG5 where the bit is the UCBNALOC EQU X'04' which 
says "Offline device is in use by a System Component". I have not tried 
this a long time but it might solve some issues folks have. 

Jim 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Zos 1.7 looking at some changes

2007-01-19 Thread O'Brien, David W. (NIH/CIT) [C]

We currently run 4 LPARs each of which has its own:
 
Mastercat
Global CSI for MVS
Sysres (actually a set of 4 3390-3)
 
I'm wondering and the person doing the install is willing to consider 
consolidating some or all of these functions.
Would anybody care to comment on the feasibility or advisability of running off 
of one set of sysres volumes as opposed to the 4 sets we currently. 
Is a single Mastercat possible?
Is there any reason to have more than one Global CSI for Zos?
 
All comments and suggestions are welcome.
 
TIA,
Dave O'Brien

 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

AOPBATCH Continuation character

2007-01-19 Thread Schiradin,Roland HG-Dir itb-db/dc

Hi folks, 
anybody know the continuation character for AOPBTACH if any?
The command might be larger then 80 charachters. 

Currently I have a workaround using environment variables but

//STEP010   EXEC PGM=AOPBATCH,PARM='sh' 
//STDOUTDD SYSOUT=T 
//STDERRDD SYSOUT=T 
//STDIN DD  *   
cd /smpt/usr/lpp/java/J1.4/IBM/J1.4/lib/ext/;   
hugo=/usr/lpp/db2/db2810/jcc/classes;   
export hugo;
ln -s $hugo/db2jcc.jar db2jcc.jar;  
ln -s $hugo/db2jcc_javax.jar db2jcc_javax.jar;  
ln -s $hugo/db2jcc_license_cisuz.jar db2jcc_license_cisuz.jar;  
ln -s $hugo/sqlj.zip sqlj.zip   


Roland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Zos 1.7 looking at some changes

2007-01-19 Thread Richards.Bob

David,

It is ALL possible and I recommend it. I have set up and run with shared
SYSRES, a shared MASTERCAT, and one GLOBAL CSI for MVS. I know of no
good reason to have multiple GLOBAL CSIs for MVS. I would retain a
second set of SYSRES volumes and a spare mastercat volume to use for
maintenance or new releases. 

The IBM-Main archives contain a lot of discussions on this very topic:
http://bama.ua.edu/archives/ibm-main.html


Bob Richards 


-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of O'Brien, David W. (NIH/CIT) [C]
Sent: Friday, January 19, 2007 1:24 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Zos 1.7 looking at some changes

We currently run 4 LPARs each of which has its own:
 
Mastercat
Global CSI for MVS
Sysres (actually a set of 4 3390-3)
 
I'm wondering and the person doing the install is willing to consider
consolidating some or all of these functions.
Would anybody care to comment on the feasibility or advisability of
running off of one set of sysres volumes as opposed to the 4 sets we
currently. 
Is a single Mastercat possible?
Is there any reason to have more than one Global CSI for Zos?
 
All comments and suggestions are welcome.
 
TIA,
Dave O'Brien 
  
  
  
LEGAL DISCLAIMER 
The information transmitted is intended solely for the individual or entity to 
which it is addressed and may contain confidential and/or privileged material. 
Any review, retransmission, dissemination or other use of or taking action in 
reliance upon this information by persons or entities other than the intended 
recipient is prohibited. If you have received this email in error please 
contact the sender and delete the material from any computer. 
  
SunTrust and Seeing beyond money are federally registered service marks of 
SunTrust Banks, Inc. 
[ST:XCL] 
 
 
 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: CICS interface to CA-7

2007-01-19 Thread Alan Schwartz

<>
We have a CICS program that builds the parameter list and then issues
the CA-7 SVC to Demand jobs. 

This worked on CA-7 Rel 3.3,

We have just tried (and had to fall back) to upgrade to CA-7 11.0 because 
this technique

No longer works. 
<>

I asked the question to CA support specific to the way we have it coded in 
one of our CICS regions (posted earlier).  Here is their response:

"And as far as I know there is no problem executing the U7SVC from a
COBOL program, so I don't know what the IBM issue is about.  We have had
one customer who was trying to issue CA 7's SVC directly from CICS
and when they went to 11.0 could not do this because some of the
areas used by the SVC are different for 11.0 than with past releases.
As long as you are using the U7SVC, this should not be a problem."


Alan Schwartz
Assurant Shared Business Services
Lead Systems Programmer
Phone:  651-361-4758
Fax:   651-361-5625
**
This e-mail message and all attachments transmitted with it may contain legally 
privileged and/or confidential information intended solely for the use of the 
addressee(s). If the reader of this message is not the intended recipient, you 
are hereby notified that any reading, dissemination, distribution, copying, 
forwarding or other use of this message or its attachments is strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete this message and all copies and backups thereof.

Thank you.
**

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Command repeat for ISPF 3.4?

2007-01-19 Thread Mark Zelden

On Fri, 19 Jan 2007 10:42:17 -0600, Mark Zelden <[EMAIL PROTECTED]>
wrote:

>Doesn't exist.
>
>You can RYO program / exec / clist (yuck) using the LMDLIST service
>with creating the list as part of the program.  You could pass
>the "3.4 dsn mask" and the command to the program.
>
>SMOP.



I was missing quotes around the command (3.4 adds them).  It also
occurred to me you would need to substitute the DSN for slashes.

Here is the new and improved code:

http://home.flash.net/~mzelden/mvsfiles/cmd34.txt

I will add it to my CBT file and web site.

Cheers,

Mark
--
Mark Zelden
Sr. Software and Systems Architect - z/OS Team Lead
Zurich North America / Farmers Insurance Group - GITO
mailto:[EMAIL PROTECTED]
z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/
Systems Programming expert at http://expertanswercenter.techtarget.com/
Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Zos 1.7 looking at some changes

2007-01-19 Thread Brian France

How about a yes to all. Have been doing the below for more years than 
I can go back in my head. Now, what we have here are 2 prod lpars 
sharing sysres and master cat. We have 2 test lpars sharing sysres 
and master cat. We also have a target sysres for SMP/e work. Our 
SMP/e world points to the target sysres.


At 01:24 PM 1/19/2007, you wrote:

We currently run 4 LPARs each of which has its own:

Mastercat
Global CSI for MVS
Sysres (actually a set of 4 3390-3)

I'm wondering and the person doing the install is willing to 
consider consolidating some or all of these functions.
Would anybody care to comment on the feasibility or advisability of 
running off of one set of sysres volumes as opposed to the 4 sets we 
currently.

Is a single Mastercat possible?
Is there any reason to have more than one Global CSI for Zos?

All comments and suggestions are welcome.

TIA,
Dave O'Brien



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html



Brian W. France
Systems Administrator (Mainframe)
Pennsylvania State University
Administrative Information Services - Infrastructure/SYSARC
Rm 25 Shields Bldg., University Park, Pa. 16802
814-863-4739
[EMAIL PROTECTED]




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: AOPBATCH Continuation character

2007-01-19 Thread Ray Mullins

IIRC, it's the shell, not AOPBATCH, that deals with continuation characters.

Try a backslash at the end of the line - although I'm not sure how this will
translate with fixed 80 column input - e.g.

ln -s $/usr/lpp/db2/db2810/jcc/classes/db2jcc.jar \
 db2jcc.jar; 

Later,
Ray

-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Schiradin,Roland HG-Dir itb-db/dc
Sent: Friday January 19 2007 10:31
To: IBM-MAIN@BAMA.UA.EDU
Subject: AOPBATCH Continuation character

Hi folks, 
anybody know the continuation character for AOPBTACH if any?
The command might be larger then 80 charachters. 

Currently I have a workaround using environment variables but

//STEP010   EXEC PGM=AOPBATCH,PARM='sh' 
//STDOUTDD SYSOUT=T 
//STDERRDD SYSOUT=T 
//STDIN DD  *   
cd /smpt/usr/lpp/java/J1.4/IBM/J1.4/lib/ext/;   
hugo=/usr/lpp/db2/db2810/jcc/classes;   
export hugo;
ln -s $hugo/db2jcc.jar db2jcc.jar;  
ln -s $hugo/db2jcc_javax.jar db2jcc_javax.jar;  
ln -s $hugo/db2jcc_license_cisuz.jar db2jcc_license_cisuz.jar;  
ln -s $hugo/sqlj.zip sqlj.zip   

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Zos 1.7 looking at some changes

2007-01-19 Thread Imbriale, Donald (Exchange)

A single mastercat and a single set of sysres volumes is doable.  I
avoid it because of the single point of failure.

A single global CSI is advisable.  Then have a target zone for each set
of sysres volumes.  The target zone can be built by a cloning process.
Install maint on target A.  Copy volumes and its target zone to the
volumes and target zone for B, then C, then D.  Start over again.

Don Imbriale

-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of O'Brien, David W. (NIH/CIT) [C]
Sent: Friday, January 19, 2007 1:24 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Zos 1.7 looking at some changes

We currently run 4 LPARs each of which has its own:
 
Mastercat
Global CSI for MVS
Sysres (actually a set of 4 3390-3)
 
I'm wondering and the person doing the install is willing to consider
consolidating some or all of these functions.
Would anybody care to comment on the feasibility or advisability of
running off of one set of sysres volumes as opposed to the 4 sets we
currently. 
Is a single Mastercat possible?
Is there any reason to have more than one Global CSI for Zos?
 
All comments and suggestions are welcome.
 



***
Bear Stearns is not responsible for any recommendation, solicitation, 
offer or agreement or any information about any transaction, customer 
account or account activity contained in this communication.
***

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

On 19 Jan 2007 09:15:38 -0800, [EMAIL PROTECTED] (Ted MacNEIL)
wrote:

>Two days after I bought a 6GB USB drive for $117 CDN, I saw an 8GB one at The 
>Source by Circuit City (formerly Radio Shack), for $105.

I've seen drives for around $12.

>Years ago, I saw somebody bring in their own 30GB hard drive, after creating 
>XMIT unloads, FTP'ing, and ZIP'ing, and used it to copy everything in his 'My 
>Documents' folder (15GB'ish) onto it.
>Then he took the drive out to his car, came back, turned in his laptop, badge, 
>cell, & pager.

Decades before, people kept printed copies of programs they wrote.
Sometimes they even used them in job interviews.

Is that significantly different?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Anne & Lynn Wheeler


Anne & Lynn Wheeler wrote:
for a little drift ... another crypto related thread  (FDE ... full disk 
encryption)
http://www.garlic.com/~lynn/aadsm26.htm#23 It's a Presidential Mandate, 
Feds use it. How come you are not using FDE?


re:
http://www.garlic.com/~lynn/2007c.html#1 Decoding the encryption puzzle

the older article

Feds crawl toward encryption
http://weblog.infoworld.com/techwatch/archives/009492.html

from above:

Such appears to be the case with this year's infamous data-leak episode of 
millions of U.S. veterans' private information last May, which prompted the 
White House to issue a presidential mandate [PDF] requiring all agency mobile 
laptops and devices storing sensitive data to have fully encrypted hard drives.

... snip ...

and the referenced gov. document
http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

new article

Firms face pressure to encrypt data
http://www.boston.com/business/articles/2007/01/18/firms_face_pressure_to_encrypt_data/

and new item on vulnerability

Retail security breach may be biggest in U.S.
http://www.iht.com/articles/2007/01/19/business/data.php

and, of course, old posting on security proportional to risk
http://www.garlic.com/~lynn/2001h.html#61

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe vs. "Server" (Was Just another example of mainframe costs.)

2007-01-19 Thread Dean Kent

"Timothy Sipples" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]

>Now, whether this matters to you or not is another question.  Still, I
>think it's a small but interesting detail that there are no closed source
>Linux drivers for System z, so far as I'm aware.  It's all open source now.

Forgive me for jumping in late to the discussion - but wouldn't this be an
issue of IBM more-or-less controlling the hardware environment?  The
closed-source drivers you mentioned are all on 'open systems', which refers
more to the fact that anyone can manufacture devices for them rather than
referring to the software.  Isn't that true?   I seem to recall x86 systems
being called 'open' before the open source movement was widespread...

Regards,
   Dean

>- - - - -
>Timothy Sipples
>IBM Consulting Enterprise Software Architect
>Specializing in Software Architectures Related to System z
>Based in Tokyo, Serving IBM Japan and IBM Asia-Pacific
>E-Mail: [EMAIL PROTECTED]
>--
>For IBM-MAIN subscribe / signoff / archive access instructions,
>send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
>Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Anne & Lynn Wheeler


Howard Brazee wrote:

Decades before, people kept printed copies of programs they wrote.
Sometimes they even used them in job interviews.

Is that significantly different?


potentially by several orders of magnitude ... also might completely change the possible fraud "return-on-investment" equation. 


something that might have 1percent fraud ... if it changed by two orders of 
magnitude ... it could go to nearly all fraud ... possibly resulting in 
collapse of the infrastructure

recent posts in this thread:
http://www.garlic.com/~lynn/2007c.html#1 Decoding the encryption puzzle
http://www.garlic.com/~lynn/2007c.html#9 Decoding the encryption puzzle

the whole data breach, security breach that has been in the news for the past year 
or two ... is that the attacker's cost for an electronic breach and to translate 
than electronic information directly into fraud can be a couple orders of magnitude 
per account ... than saying physical operation of holdup at gunpoint to obtain 
somebody's wallet. If you take the time&effort of a physical holdup for a 
couple of credit cards   the cost to the attacker (per account) can be easily 
several orders of magnitude larger compared to the cost to the attacker (per 
account) for an electronic breach involving a couple million accounts records.

and of course, reference to old security proportional to risk post
http://www.garlic.com/~lynn/2001h.html#61

lots of past posts involving some kind of fraud, threat, vulnerability, 
exploit, etc
http://www.garlic.com/~lynn/subintegrity.html#fraud

and loads of past posts specifically mentioning data breaches and/or security 
breaches
http://www.garlic.com/~lynn/aadsmail.htm#mfraud AADS, X9.59, security, flaws, 
privacy
http://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management 
and Information Security
http://www.garlic.com/~lynn/aepay7.htm#nonrep3 non-repudiation, was Re: crypto 
flaw in secure mail standards
http://www.garlic.com/~lynn/aepay7.htm#nonrep5 non-repudiation, was Re: crypto 
flaw in secure mail standards
http://www.garlic.com/~lynn/aepay7.htm#nonrep6 non-repudiation, was Re: crypto 
flaw in secure mail standards
http://www.garlic.com/~lynn/ansiepay.htm#breach Security breach raises 
questions about Internet shopping
http://www.garlic.com/~lynn/ansiepay.htm#theory Security breach raises 
questions about Internet shopping
http://www.garlic.com/~lynn/aadsm5.htm#shock2 revised Shocking Truth about 
Digital Signatures
http://www.garlic.com/~lynn/aadsm6.htm#terror4 [FYI] Did Encryption Empower 
These Terrorists?
http://www.garlic.com/~lynn/aepay12.htm#5 Law aims to reduce identity theft

http://www.garlic.com/~lynn/aadsm11.htm#47 maximize best case, worst case, or 
average case? (TCPA)
http://www.garlic.com/~lynn/aadsm17.htm#32 visa cards violated, BofA reissuing 
after hack attack
http://www.garlic.com/~lynn/aadsm18.htm#35 Credit card leaks continue at a 
furious pace
http://www.garlic.com/~lynn/aadsm18.htm#49 one more time now, Leading Cause of 
Data Security breaches Are Due to Insiders, Not Outsiders
http://www.garlic.com/~lynn/aadsm19.htm#21 Citibank discloses private 
information to improve security
http://www.garlic.com/~lynn/aadsm19.htm#28 "SSL stops credit card sniffing" is 
a correlation/causality myth
http://www.garlic.com/~lynn/aadsm19.htm#45 payment system fraud, etc
http://www.garlic.com/~lynn/aadsm19.htm#47 the limits of crypto and 
authentication
http://www.garlic.com/~lynn/aadsm20.htm#1 Keeping an eye on ATM fraud
http://www.garlic.com/~lynn/aadsm20.htm#2 US consumers want companies fined for 
security breaches
http://www.garlic.com/~lynn/aadsm20.htm#9 the limits of crypto and 
authentication
http://www.garlic.com/~lynn/aadsm20.htm#12 the limits of crypto and 
authentication
http://www.garlic.com/~lynn/aadsm20.htm#17 the limits of crypto and 
authentication
http://www.garlic.com/~lynn/aadsm20.htm#18 the limits of crypto and 
authentication
http://www.garlic.com/~lynn/aadsm20.htm#41 Another entry in the internet 
security hall of shame
http://www.garlic.com/~lynn/aadsm21.htm#18 'Virtual Card' Offers Online 
Security Blanket
http://www.garlic.com/~lynn/aadsm21.htm#34 X.509 / PKI, PGP, and IBE Secure 
Email Technologies
http://www.garlic.com/~lynn/aadsm22.htm#2 GP4.3 - Growth and Fraud - Case #3 - 
Phishing
http://www.garlic.com/~lynn/aadsm22.htm#3 GP4.3 - Growth and Fraud - Case #3 - 
Phishing
http://www.garlic.com/~lynn/aadsm22.htm#21 FraudWatch - Chip&Pin, a new tenner 
(USD10)
http://www.garlic.com/~lynn/aadsm22.htm#22 FraudWatch - Chip&Pin, a new tenner 
(USD10)
http://www.garlic.com/~lynn/aadsm22.htm#25 FraudWatch - Chip&Pin, a new tenner 
(USD10)
http://www.garlic.com/~lynn/aadsm22.htm#26 FraudWatch - Chip&Pin, a new tenner 
(USD10)
http://www.garlic.com/~lynn/aadsm22.htm#33 Meccano Trojans coming to a desktop 
near you
http://www.garlic.com/~lynn/aadsm22.htm#36 Unforgeable Blinded Credentials
http://www.garlic.com/~lynn/aadsm23.htm#0 Separation of Roles - an example
http:

Re: Decoding the encryption puzzle

>Decades before, people kept printed copies of programs they wrote.
>Sometimes they even used them in job interviews.

>Is that significantly different?

No. They're both wrong.
It's just easier, now.


$12? 6/8 GB? (NOTE: That's a 'G' -- GIG!)


.
Questions?
Concerns?
(Screams of Outrage?)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Dave Reinken

> From: Ted MacNEIL <[EMAIL PROTECTED]>
> Date: Fri, January 19, 2007 4:22 pm
>
> $12? 6/8 GB? (NOTE: That's a 'G' -- GIG!)

I don't know about that, but here is 500GB for $158:
http://ecost.com/ecost/shop/detail.asp?DPNo=705654

Storage costs are WAY down...

Buy two, 1TB for $316 ain't bad...

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

May get JESx Data Areas back??

2007-01-19 Thread Jack Kelly

User Group Number - MR1113062722
Document Status - Recognized
Title - JES2 and JES3 Data Areaes no longer available with z/OS 1.7 and
above
IBM agrees with the request and a solution appears to be a desirable
objective. A solution however may not presently appear feasible or
implementable. No IBM commitment is made or implied as to the eventual
delivery of an acceptable solution.


Jack Kelly
LA Systems @ US Courts
x 202-502-2390

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Tape Encryption Products List - Version 3.0

2007-01-19 Thread Jeffrey Deaver

Been awhile since I saw this list so asked Tim if I could update it. I
added and update (See the (*) ) a few things I know about. I did not
verify that all the old links and information are still correct. Please
feel free to correct if you know something to be wrong. I also left Tim's
comments at the bottom as they still seem appropriate.

Software

ASE
SLiKZiP
http://www.slikzip.com/szabout.htm

CA (*)
Brightstor-BTE
http://www3.ca.com/Solutions/Product.aspx?ID=5764

Data21
ZIP/390
http://www.data21.com/products/zip/default.asp

IBM (*)
Encryption Facility for z/OS
http://www-03.ibm.com/servers/eserver/zseries/zos/encryption_facility/

Innovation Data Processing (*)
FDRCRYPT
http://www.innovationdp.com/products/fdrcrypt/index.cfm

McAfee
E-Business Server for OS/390 ("PGP")
http://www.mcafeesecurity.com/us/products/mcafee/encryption/ebusiness_server_os390.htm

Online Technical Productions
MegaCryption/MVS
http://www.megacryption.cc

OpenTech Systems (*)
CopyCrypt
http://www.opentechsystems.com/copycrypt.php

PKWARE
SecureZIP for zSeries
http://pkzip.com/products/enterprise/zseries/sz/index.php

(*) Supports ICSF hardware crypto acceleration (if available), relieving
some processing overhead from CPs.

Hardware

CentricStor
CentricStor-Decru Encryption Appliance
http://www.centricstorusa.com/English/Products/CentricStor_DataFort.html

IBM (*)
TS1120 Tape Drive
http://www-03.ibm.com/servers/storage/tape/ts1120/index.html

NeoScale and Luminex
http://www.luminex.com/about/press/pr082205a.html
http://www.neoscale.com/English/Collaterals/Press_Releases/2005/20050822_Luminex.html

Peakdata and Decru
http://www.peakdatallc.com/English/Collaterals/Press_Releases/2005/20050816_SecureMainframe.php

SecureAgent Software
SecureTape Solution
http://www.secureagent.com/securetape/securetape2.htm

Sun/StorageTek (*)
T1 Tape Drive
http://www.sun.com/storagetek/tape_storage/tape_drives/t1/

NOTES and COMMENTS
--

1. Products vary in whether they use ICSF for key management services (in
addition to crypto acceleration). Regardless, careful planning is required
for key management to assure authorized recoverability, especially in DR
situations. Loss of keys means data loss! Treat the key database just like
any other precious security resource, such as RACF (or ACF2 or TopSecret)
databases. Some products support simple passwords as encryption keys.

2. In some sense encryption of backup tapes is philosophically incompatible
with rapid and easy data access in the event of an emergency, so many
organizations will initially opt for tape encryption only when tapes leave
the data center (e.g. for partner exchange).

3. Hardware-based approaches typically require compatible equipment at
recovery and recipient sites, although some may offer a lower performance
software fallback option. Bear in mind that hardward-based solutions, when
applied to data archiving, must themselves be durable, i.e. available and
working to support decryption many years hence.

4. Products vary in whether they support pre-compression (and in the
effectiveness and processing intensity of that pre-compression) prior to
writing to tape. Encrypted data arriving at the tape drive will typically
not compress well, so plan accordingly.

5. Products may vary in their ability to generate tape formats readable on
non-zSeries systems. However, nearly all use standard encryption formats
such as AES that generally interoperate cross-platform.

6. None of these solutions will solve the problem of tape recipients who
then intentionally or inadvertantly lose authorized custody of data once
unencrypted. (If the data lands on somebody's notebook computer which is
then stolen, same problem.) In other words, data protection involves
end-to-end planning and procedures.

7. ICSF crypto performance will vary according to chosen encryption
algorithm and server model. For example, every zSeries system has at least
two types of hardware acceleration: crypto card-based (such as the
CryptoExpress2 PCI adapters) and PU-based (CPACF a.k.a. CP Assist). If the
goal is to offload as much processing work from main CPs, then, generally,
storage-related encryption (including tape) works best on the CP Assist
hardware. Network-related encryption (e.g. SSL) does well with the crypto
cards. CP Assist has a more limited set of supported encryption algorithms,
so choose carefully. 3DES is available, but the System z9 adds AES (and
SHA-256) into CP Assist. Organizations starting to use more AES, especially
for storage-related encryption, should factor that into capacity planning
and model upgrade decisions to see if a System z9 would offer any financial
savings. Most monitoring products (Tivoli OMEGAMON, TMON, MainView, etc.)
offer standard or optional ICSF monitoring to keep tabs on resource
utilization.

8. I've concentrated on z/OS-related products in this list. I'd very much
like to add options for the other operating systems to this list if

Re: Tape Encryption Products List - Version 3.0

>ASE
>SLiKZiP
>http://www.slikzip.com/szabout.htm

I could be wrong (it happens), but I believe that SLIKZIP is 'stabilised' at 
the OS/390 2.10 level.
I did a study last year to replace PKZIP with another 'work-alike'.

SLIKZIP was in the running until we found out there was no new development 
going on.

We went with ZIP/390.

.
Questions?
Concerns?
(Screams of Outrage?)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: security on development

2007-01-19 Thread Rick Fochtman



I have just looked at a set of 23 security recommendations for a z/OS 
shop, prepared by an eminently respectable public accounting firm, of 
which three were reasonable, although not very important, and 20 were 
preposterous; and the sour tone of this post is perhaps attributable to 
that experience.

---
If you don't mind, I'd like to see those; I could use a good laugh. 
Offlist if you like.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Tape Encryption Products List - Version 3.0

2007-01-19 Thread Arthur T.

On 19 Jan 2007 13:57:56 -0800, in bit.listserv.ibm-main 
(Message-ID:<[EMAIL PROTECTED]>) 
[EMAIL PROTECTED] (Jeffrey Deaver) wrote:


Loss of keys means data loss! Treat the key database just 
like
any other precious security resource, such as RACF (or 
ACF2 or TopSecret)

databases.


 If a company loses its RACF database (and all 
backups), it can start over from scratch and eventually 
continue running as it was before.  Loss of the RACF 
database does not permanently restrict access to data.


 If a company loses its key database, it could be out 
of business, especially if some of its DASD data are 
encrypted.  I can't think of anything else in IT whose loss 
would cripple a company more.  (And there are very few 
things outside of IT whose loss could be more crippling.)


 Rather than suggesting it be treated "like any other 
precious security resource", I'd advise treating it like 
it's essential to your paycheck.


--
I cannot receive mail at the address this was sent from.
To reply directly, send to ar23hur "at" intergate "dot" com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle

2007-01-19 Thread Eric N. Bielefeld

The last 2 weeks I spent at my last job, I spent a lot of time FTPing stuff 
to my PC.  I made 2 CDs worth, as it wouldn't quite fit on 1 CD.  I kept all 
my JCL libraries, all of the mainframe system documentation libraries I 
could find, and all of our Parmlib, system Proclib, etc.  There was no 
company data.  This was also done with the blessing of my manager.


I would have much prefered to write everything to a 3490 tape, but since I 
had no idea whether the place I went to would have 3490 tape drives, I 
figured the CD was a better choice.  As it turns out, we do have a couple 
3490 drives at my current employer.  I'm sure it would have taken me a lot 
less time setting up the JCL than the FTPs took.  I think a 5 Cyl JCL file 
with about 1,000 members took 10 or 15 minutes.


I downloaded one PDS to the mainframe at my current job, but I do look at 
other stuff on the CDs every now and then.  It can be very helpfull.


Eric Bielefeld
Sr. z/OS Systems Programmer
Lands End
Dodgeville, Wisconsin
414-475-7434

- Original Message - 
From: "Ted MacNEIL" <[EMAIL PROTECTED]>



>Those memory sticks hold a lot of information and they're very small.

Two days after I bought a 6GB USB drive for $117 CDN, I saw an 8GB one at 
The Source by Circuit City (formerly Radio Shack), for $105.


Years ago, I saw somebody bring in their own 30GB hard drive, after 
creating XMIT unloads, FTP'ing, and ZIP'ing, and used it to copy 
everything in his 'My Documents' folder (15GB'ish) onto it.
Then he took the drive out to his car, came back, turned in his laptop, 
badge, cell, & pager.


It was his last day.
He was downsized, as I would be a few years later.

Nobody stopped him!
And, it wasn't as subtle as a USB drive. 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Decoding the encryption puzzle