1/25/ Dilbert?
Meant to send this yesterday but my atomic clock says 8/14 so it may warp into tomorrow??? _http://www.dilbert.com/comics/dilbert/archive/dilbert-20070125.html_ (http://www.dilbert.com/comics/dilbert/archive/dilbert-20070125.html) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBM URL of all available lists?
In a message dated 1/26/2007 6:27:16 P.M. Central Standard Time, [EMAIL PROTECTED] writes: No, there's no -IBM- web page that lists all the lists, because IBM does not run nor own these lists. Perhaps someone else will have a pointer to something non-IBM that has the list you want; many readers of this list will not have seen your message, because you posted it to the >> I guess they're ashamed? _www.cbttape.org_ (http://www.cbttape.org) has references to others lists and other IBM related web pages like _www.planetmvs.com_ (http://www.planetmvs.com) . Lsoft is predominate software for LISTSERV functions at _www.lsoft.com_ (http://www.lsoft.com) . Under Catalist they have a search function for names or lists containing. But it only serves for public lists. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Writing assembler code to do a racroute?
Let me second what Walt says. Don't even do this as your SECOND project in assembler! I have done this, and it's all documented, but the interdependencies of the parameters, their implications, and what works when, and so forth, can be difficult and frustrating. (Sorry -- I no longer have access to the code I wrote.) Further, unless you have a sandbox system that you totally "own," or that is totally dedicated to development by a relatively small team, you may find that the powers that be take a dim view of your messing around in RACF. Note that there are older versions of the RACROUTE macro with names like RACINIT and RACHECK. Just ignore those unless you are modifying old code that uses them -- stick with RACROUTE, which supports every current feature. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Walt Farrell Sent: Friday, January 26, 2007 4:33 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Writing assembler code to do a racroute? On 1/26/2007 5:08 PM, scott wrote: >How does one code some assembler statement to do a racroute to check > if a userid and password are valid? Where can one find such > information, in a book, on how to do this? The RACROUTE Macro Reference describes the macros, but does not provide much guidance on how to use them. But it will describe the macro(s) and their parameters. You can find the book online at http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ICHZC671/CCONTENT S?SHELF=EZ2ZO10H&DN=SA22-7692-09&DT=20060928211139 or http://preview.tinyurl.com/35j8xd Note that you need to run APF-authorized to do what you want, which may not be possible depending on the environment in which your code will run. You should also already be familiar with doing assembler coding. Don't make this your first project in assembler. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
On Fri, 2007-01-26 at 16:17 -0600, Johnston, Robert E wrote:
> I don't see a /etc/profile. This is pretty early on in the install process -
> little customization has been done. Maybe it will get created later?
>
> My /etc/httpd.envvars looks similar to John's, but I don't have JAVA_HOME in
> there. Is that where I am supposed to update the JAVA_HOME directory?
>
> My serverpac was created back in July 2006. Any ideas why didn't it come with
> a later Java installed?
>
> I got the path name from the JAVA SDK Program Directory. It had the /bin on
> the end of it. Beats me if it's right.
>
> I think I am going to proceed as Tim Hare suggested:
>
> 1.Change SETUP.SH back to read JAVA_HOME=${JAVA_HOME:-}
> 2. In OMVS, type ECHO $JAVA_HOME to see if it is set; if it is then run
> SETUP.SH
> 3. If not set, use the command EXPORT JAVA_HOME = '
> /usr/lpp/java/IBI/J5.0/bin' (or one of the other suggestions depending upon
> what Java you actually have), then run SETUP.SH
At home having just walked the mutts, and my 1.7 build was a few months
back - so all that follows is from memory. Value it accordingly.
Contrary to John, I prefer to have these things system-wide - i.e.
in /etc/profile. Just like SYS1.PARMLIB - I look after it, and it's my
responsibility to make it right.
We have always set JAVA_HOME without the "/bin"; when constructing the
$PATH, I then use $PATH:$JAVA_HOME/bin. That way it's always built
correctly when versions change. As I was installing the 64 bit 1.5 with
z/OS 1.7, and there was 31-bit 1.4 (Java) on my old (z/OS) 1.4 system, I
wrapped some simple "if logic" around the assignment of JAVA_HOME so I
could IPL either z/OS 1.4 or 1.7 without screwing up the Java
environment.
Well, not too much anyway.
Java needs to be ordered - the 1.4 used to be freely downloadable, but
(later ???) the SMP packaged version needed to be ordered. Too long ago
to remember exactly I'm afraid. For us the 64-bit had to be
specifically added to the 1.7 order.
BTW, those "echo" and "export" (and similar) commands need tobe in lower
case. Obvious I know, but ...
Shane ...
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBM URL of all available lists?
From a mailing list reader... All the LISTSERV lists are at http://www.lsoft.com/lists/listref.html, I'm sure there are others. For newsgroups, you'll have to use your ISP's newsgroup list. Bob Walt Farrell wrote: On 1/26/2007 4:47 PM, John <[EMAIL PROTECTED]> wrote: Is there a URL for any IBM webpage that lists all of the various mailing lists such as this one? I'm only on this one because I found it in USENET, but I'd like to know about the others, in case I need to post a subject to a more appropriate list. No, there's no -IBM- web page that lists all the lists, because IBM does not run nor own these lists. Perhaps someone else will have a pointer to something non-IBM that has the list you want; many readers of this list will not have seen your message, because you posted it to the newsgroup instead of the mailing list. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Writing assembler code to do a racroute?
On 1/26/2007 5:08 PM, scott wrote: How does one code some assembler statement to do a racroute to check if a userid and password are valid? Where can one find such information, in a book, on how to do this? The RACROUTE Macro Reference describes the macros, but does not provide much guidance on how to use them. But it will describe the macro(s) and their parameters. You can find the book online at http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ICHZC671/CCONTENTS?SHELF=EZ2ZO10H&DN=SA22-7692-09&DT=20060928211139 or http://preview.tinyurl.com/35j8xd Note that you need to run APF-authorized to do what you want, which may not be possible depending on the environment in which your code will run. You should also already be familiar with doing assembler coding. Don't make this your first project in assembler. Walt Farrell, CISSP z/OS Security Design, IBM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBM URL of all available lists?
On 1/26/2007 4:47 PM, John <[EMAIL PROTECTED]> wrote: Is there a URL for any IBM webpage that lists all of the various mailing lists such as this one? I'm only on this one because I found it in USENET, but I'd like to know about the others, in case I need to post a subject to a more appropriate list. No, there's no -IBM- web page that lists all the lists, because IBM does not run nor own these lists. Perhaps someone else will have a pointer to something non-IBM that has the list you want; many readers of this list will not have seen your message, because you posted it to the newsgroup instead of the mailing list. Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: AOPBATCH Continuation character
Just for the archive and perhaps for some offline reader. The continuation character is indeed, as Jantje pointed out, the '\' but by default for codepage 1047 and not 273 we're using in germany. Also the character can be placed somewhere at the end not usually at 80th position for instream STDIN. So this leaves at least two choices 1. Switch to mode hex and enter x'E0' as a backslash (x'EC' is for cp273) 2. use iconv -t IBM-1047 -f IBM-273 ! /bin/sh (the '!' vary from codepage to coderpage) at first statement in your STDIN I hope this helps someone in the future Roland -Original Message- From: Schiradin,Roland HG-Dir itb-db/dc Sent: Friday, January 26, 2007 7:49 PM To: 'IBM Mainframe Discussion List'; '[EMAIL PROTECTED]' Subject: RE: AOPBATCH Continuation character Jantje, at first thanks for your posting. However it doesn't seems to work for me +1+2+3+4+5+6 +7+8 //STEP010 EXEC PGM=AOPBATCH,PARM='sh' //STDOUTDD SYSOUT=T //STDERRDD SYSOUT=T //STDIN DD * ln -s /usr/lpp/db2/db2810/jcc/classes/db2jcc_license_cisuz.jar db2jcc_license_c\ isuz.jar gets ln: FSUM6245 link to target "db2jcc_license_c\" failed: EDC5111I Permission denied. isuz.jar: FSUM7351 not found The permission denied is fine as I choose a directy without permission just to verify the continuation character. I'll now also post to MVS-OE Roland -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Jan MOEYERSONS Sent: Monday, January 22, 2007 11:09 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: AOPBATCH Continuation character > >ln: FSUM6245 link to target "\" failed: EDC5111I Permission denied. >db2jcc_license_cisuz.jar: FSUM7351 not found >IIRC, it's the shell, not AOPBATCH, that deals with continuation >characters. > >Try a backslash at the end of the line - although I'm not sure how this >will translate with fixed 80 column input - e.g. > >ln -s $/usr/lpp/db2/db2810/jcc/classes/db2jcc.jar \ > db2jcc.jar; It is the back slash alright and it is the shell that is dealing with it. But if your input is fixed length (and it tends to be if it is instream data in a JCL...) then the backslash has to go in exactly the 80th position. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
Thanks everyone for the responses. Yes, I am talking about the free IBM HTTP
server that comes with z/OS.
I don't see a /etc/profile. This is pretty early on in the install process -
little customization has been done. Maybe it will get created later?
My /etc/httpd.envvars looks similar to John's, but I don't have JAVA_HOME in
there. Is that where I am supposed to update the JAVA_HOME directory?
My serverpac was created back in July 2006. Any ideas why didn't it come with
a later Java installed?
I got the path name from the JAVA SDK Program Directory. It had the /bin on
the end of it. Beats me if it's right.
I think I am going to proceed as Tim Hare suggested:
1.Change SETUP.SH back to read JAVA_HOME=${JAVA_HOME:-}
2. In OMVS, type ECHO $JAVA_HOME to see if it is set; if it is then run
SETUP.SH
3. If not set, use the command EXPORT JAVA_HOME = '
/usr/lpp/java/IBI/J5.0/bin' (or one of the other suggestions depending upon
what Java you actually have), then run SETUP.SH
Again, thanks a bunch to everyone. Hope you have a good weekend...
Robert
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
HTTP server and JAVA Serverpac question
Robert, I ran my HIMW530M with the JDK install path is /usr/lpp/java/IBM/J1.3 I noticed you had '/bin' at the end of yours. Cliff McNeill _ From predictions to trailers, check out the MSN Entertainment Guide to the Academy Awards® http://movies.msn.com/movies/oscars2007/?icid=ncoscartagline1 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Name of HSM duplex tapes?
The HSM users guide said that SMS ACS routines can be used to determine the tape library used. It does not say how to do this. Do I test for a different name than the originals? I have seen references to HSM.COPY.HMIGTAPE.DATASET in the archives. What are the names of the HSM alternate tape, when the duplex option is used? Where is the documented? The names of our original files are DFHSM.HMIGTAPE.DATASET and DFHSM.BACKTAPE.DATASET. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
- Original Message -
From: "Johnston, Robert E" <[EMAIL PROTECTED]>
Newsgroups: bit.listserv.ibm-main
Sent: Friday, January 26, 2007 3:58 PM
Subject: HTTP server and JAVA Serverpac question
Once again I crawl to the list for help, a broken and weary soul...
I am working on a 1.4 to 1.7 conversion and trying to finish up the
serverpac
jobs. Job HIMW530M is to set up the HTTP Server. It says, "If your order
includes JAVA it is recommended that you update the JAVA_HOME directory
before running this job."
I have spent since yesterday afternoon trying to figure out what that
meant.
I decided that it meant to update the SETUP.SH in /usr/lpp/internet/sbin/,
which the HIMW530M job is going to run. I changed a line that read:
JAVA_HOME=${JAVA_HOME:-}
To
JAVA_HOME='/usr/lpp/java/IBM/J1.3/bin'
Robert,
You need to upgrade your Java to at least V1R4M2. That's the minimum level
for z/OS V1R4 and up. Without it you can't do any of the neat SMP/E stuff
like RECEIVE ORDER, so don't waste your time with V1R3.
http://www-03.ibm.com/servers/eserver/zseries/software/java/
Regards,
Tom Conley
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
1.Change SETUP.SH back to read JAVA_HOME=${JAVA_HOME:-}
2. In OMVS, type ECHO $JAVA_HOME to see if it is set; if it is then run
SETUP.SH
3. If not set, use the command EXPORT JAVA_HOME = '
/usr/lpp/java/IBI/J5.0/bin' (or one of the other suggestions depending
upon what Java you actually have), then run SETUP.SH
Tim Hare
Senior Systems Programmer
Florida Department of Transportation
(850) 414-4209
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
I am running z/OS 1.6. There is a "free" HTTPD server. Is that the one
that you are referring to? On my system, there is a UNIX file
(/etc/httpd.envvars) that contains the following:
PATH=/bin:/usr/sbin:/usr/lpp/internet/bin:/usr/lpp/internet/sbin:/usr/lp
p/ldap/bin:/usr/lpp/java/IBM/J1.3/bin:/usr/local/bin
SHELL=/bin/sh
TZ=CST6CDT
LANG=C
LC_ALL=en_US.IBM-1047
NLSPATH=/usr/lib/nls/msg/%L/%N:/usr/lpp/internet/%L/%N:/usr/lpp/ldap/lib
/nls/msg/%L/%N
LIBPATH=/usr/lpp/internet/bin:/usr/lpp/internet/sbin:/usr/lpp/ldap/lib
JAVA_HOME=/usr/lpp/jdk142/J1.4
CLASSPATH=/usr/lpp/internet/server_root/CAServlet
STEPLIB=CURRENT
these are the environment variables for things which run under the HTTPD
server.
When I look at the JCL for this STC, I see:
//IMWPROC PROC LEPARM='ENVAR("_CEE_ENVFILE=/etc/httpd.envvars")',
//* ICSPARM='-p 80 -r /etc/httpd.conf'
// ICSPARM='-p 80 -r /etc/httpd.conf -vv' -vv is the trace fun.
The LEPARM shows where the /etc/httpd.envvars comes from. Updating
things such as /etc/profile and others only works for programs which
will "source"(read) this member (like the /bin/sh program which is the
default UNIX shell).
Ref:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/IMWZIU17/CCON
TENTS
--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology
The information contained in this e-mail message may be privileged
and/or confidential. It is for intended addressee(s) only. If you are
not the intended recipient, you are hereby notified that any disclosure,
reproduction, distribution or other use of this communication is
strictly prohibited and could, in certain circumstances, be a criminal
offense. If you have received this e-mail in error, please notify the
sender by reply and delete this message without copying or disclosing
it.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
Use JAVA_HOME='/usr/lpp/java/IBM/J1.4/bin' (JAVA JRE 1.4 31 bit) or
JAVA_HOME='/usr/lpp/jav64a/IBM/J1.4_64/bin' (JAVA JRE 1.4 64 bit)
or
JAVA_HOME='/usr/lpp/java/IBM/J5.0/bin' (JAVA JRE 1.5 31 bit) or
JAVA_HOME='/usr/lpp/jav64a/IBM/J5.0_64/bin' (JAVA JRE 1.5 64 bit)
Instead.
JAVA_HOME='/usr/lpp/java/IBM/J1.3/bin' represents the Java 1.3 JRE
environment. This came out w/OS/390 2.10 IIRC,
And is no longer supported by IBM.
HTH
I have spent since yesterday afternoon trying to figure out what that
meant.
I decided that it meant to update the SETUP.SH in
/usr/lpp/internet/sbin/, which the HIMW530M job is going to run. I
changed a line that read:
JAVA_HOME=${JAVA_HOME:-}
To
JAVA_HOME='/usr/lpp/java/IBM/J1.3/bin'
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Breaking Event Address (SDWABEA)
David Cole wrote: At 1/26/2007 03:00 PM, EJaffe wrote: Our software checks for a zero/non-zero SDWABEA value. It will be non-zero only when the supported hardware/software is present. Coupled with a check for z/OS R1.7 and newer, that would work, of course. That's not how I read it. The SDWARC4 (64-bit stuff) is 0CL128 in older (pre-z/OS 1.7) releases as well. Just testing for the presence of SDWARC4 is good enough to know whether SDWABEA is "available" for inspection. In older releases (e.g., z/OS 1.6), SDWABEA will always be zeros. It will be zeros even on z/OS 1.7 and higher if running on older (pre-z9) hardware. -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO Storage Usage, Limits, etc.
> -Original Message- > From: IBM Mainframe Discussion List On Behalf Of Tom Schmidt > > On Fri, 26 Jan 2007 13:30:55 -0600, Chase, John wrote: > > >> -Original Message- > >> From: IBM Mainframe Discussion List On Behalf Of Tom > Schmidt On Fri, > >> 26 Jan 2007 10:40:55 -0600, Chase, John wrote: > >> > >> >Also, our current limitations notwithstanding, a snippet > of a TASID > >> >display of TSO address spaces shows this (jobname and > procname have > >> >been "anonymized"): > >> > > >> >== > >> >Jobname | Procname Stepname CPU Time Storage > >> >-- > >> >UTSO001 ... TPROC001 ... EXEC ...21:53.3490.2M > >> >== > >> > > >> >How is it that this user has apparently been able to > >> allocate and use > >> >90.2M storage, considering: > >> > > >> >1. We have JES2 JOBCLASS(TSU) REGION=4M, 2. TPROC001 specifies > >> >REGION=6144K on the EXEC card, 3. The user's TSO segment in RACF > >> >specifies MAXSIZE(6144), and 4. We have NO > >> installation-written IEFUxx > >> >exits in use? > >> > >> Hi John, > >> > >> [ snip ] > >> > >> Do you happen to know if the user's TSO segment allows for region > >> override? If so, maybe the user cranks it up during > logon. (I know > >> that I do; I have to look at dumps sometimes and my region is very > >> considerably larger than 6M or even > >> 32M.) Check TSO MAXSIZE. > > > >Looks like it got obfuscated in the reformatting: The user's TSO > >segment MAXSIZE is 6144. > > ...so it does, so it does. (My bad.) > > Do you have anything like Batch Optimizer installed? (That > would be ISV software that is willing (and able) to throw > hundreds or thousands of buffers at VSAM/QSAM files.) No, but that user normally runs an ISV product called "FOCUS". All I know about FOCUS is that it includes an APF-authorized library and an LPA library (and I believe a subsystem interface), so it likely has the ability to bypass certain limitations. > Maybe if you could cut & paste the (obfuscated) output of "D > A,UTSO001" to this thread so we could see if there are any > hiperspaces or data spaces attached to the address space; > that could illuminate things considerably. > > Also, if you could use TASID to display the files allocated > to the user's session - we don't need to see names but the > number of files (and the number of VSAM files vs. non-VSAM, > if you can tell which is which) would be helpful from the > standpoint of (E)LSQA. Unfortunately, that user has already logged off. Thanks for the insights, though. -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
On Fri, 2007-01-26 at 22:02 +0100, Schiradin,Roland wrote: > Not sure about SETUP.SH but we set the JAVA_HOME in /etc/profile As do we. Useful for setting up the PATH if the Java version is also changing. Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HTTP server and JAVA Serverpac question
Not sure about SETUP.SH but we set the JAVA_HOME in /etc/profile
Roland
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Johnston, Robert E
Sent: Friday, January 26, 2007 9:58 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: HTTP server and JAVA Serverpac question
Once again I crawl to the list for help, a broken and weary soul...
I am working on a 1.4 to 1.7 conversion and trying to finish up
the serverpac jobs. Job HIMW530M is to set up the HTTP Server.
It says, "If your order includes JAVA it is recommended that
you update the JAVA_HOME directory before running this job."
I have spent since yesterday afternoon trying to figure out
what that meant. I decided that it meant to update the SETUP.SH
in /usr/lpp/internet/sbin/, which the HIMW530M job is going to
run. I changed a line that read:
JAVA_HOME=${JAVA_HOME:-}
To
JAVA_HOME='/usr/lpp/java/IBM/J1.3/bin'
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
On Jan 26, 2007, at 9:24 AM, Craddock, Chris wrote: SNIP-- Omegamon, like all of the other commercial tools, follows the security rules. It isn't a security risk unless your shop has sloppy administration of security policy. I guess I would agree with you to a point. There are *OTHER* products out there that are *NOT* so nice. I am sure the ones you talk about are reputable. There are others that are not and they come "hidden" from some consultants bags of tricks. Beware of such tools. Ed CC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
HTTP server and JAVA Serverpac question
Once again I crawl to the list for help, a broken and weary soul...
I am working on a 1.4 to 1.7 conversion and trying to finish up the serverpac
jobs. Job HIMW530M is to set up the HTTP Server. It says, "If your order
includes JAVA it is recommended that you update the JAVA_HOME directory
before running this job."
I have spent since yesterday afternoon trying to figure out what that meant.
I decided that it meant to update the SETUP.SH in /usr/lpp/internet/sbin/,
which the HIMW530M job is going to run. I changed a line that read:
JAVA_HOME=${JAVA_HOME:-}
To
JAVA_HOME='/usr/lpp/java/IBM/J1.3/bin'
When I ran HIMW530M everything looks pretty good except for 1 message that I
received - "JAVA_HOME is not pointing at the JDK; no JAVA setup has been done
in httpd.envvars." Here is most of the output:
*** (5697-D43) IBM HTTP Server 5.3 ***
Processing: default server install path is /usr/lpp/internet
actual server install path is /usr/lpp/internet
JDK install path is /usr/lpp/java/IBM/J1.3/bin
Processing: install English version of server
Processing: symbolic link of translatable files
Processing: symbolic link of files in ../server_root/Admin
Processing: symbolic link of files in ../samples/config
Processing: set file properties
*** setuplns.sh HAS COMPLETED ***
Processing: copying configuration and environment files
Processing: backup, copy and customize configuration file (httpd.conf)
Processing: backup, copy and customize configuration file (httpd.envvars)
Processing: backup, copy and customize configuration file (mvsds.conf)
JAVA_HOME is not pointing at the JDK; no Java setup
has been done in httpd.envvars.
Processing: backup, copy and customize configuration file (socks.conf)
Install Process Information:
- Language installed: English
- Server install path is: /usr/lpp/internet
- JDK install path is:
- Server configuration files copied to: /etc and /usr/lpp/internet/etc
- Server configuration files default path is: /etc
*** setup.sh HAS COMPLETED ***
Did I do the right thing by updating SETUP.SH or should I put it back like it
was and rerun HIMW530M or do what?
Thanks for any help. Obviously I am pretty weak in this area, but I hope we
will make use of these new fangled things in the near future.
Robert Johnston
UAMS - Little Rock
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Breaking Event Address (SDWABEA)
Damn. My mistake. I thought BEA was newer than that. Thanks for straightening me out, Tom. Sorry. Dave At 1/26/2007 03:34 PM, you wrote: On Fri, 26 Jan 2007 14:47:02 -0500, David Cole <[EMAIL PROTECTED]> wrote: >Hi, > >Does anyone know what flag is set in what control block that >indicates the presence of support for reporting the location of the >last branch instruction that actually branched? > >I imagine STFLE would report the presence of this capability in the >hardware, but since BEA is newer than the most recently published >PoPs (a year and a half ago!), ... > The Fifth Edition (September, 2005) (SA22-7832-04) has it on page 4-34 of the PDF. AFAIK, there is no .boo. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Breaking Event Address (SDWABEA)
At 1/26/2007 03:00 PM, EJaffe wrote: David Cole wrote: Hi, Does anyone know what flag is set in what control block that indicates the presence of support for reporting the location of the last branch instruction that actually branched? I imagine STFLE would report the presence of this capability in the hardware, but since BEA is newer than the most recently published PoPs (a year and a half ago!), ... Our software checks for a zero/non-zero SDWABEA value. It will be non-zero only when the supported hardware/software is present. -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ Coupled with a check for z/OS R1.7 and newer, that would work, of course. At 1/26/2007 02:55 PM, DKreiss wrote: Dave, Try this sequence: IF(TM,FLCARCH,PSAESAME,O),AND, If Arch Level 2 and* (ICM,R14,15,CVTSCPIN,NZ) Service Call Control Block USING SCCB,R14 IF(TM,SCCBCN12,SCCBPER3,O) If PER 3 support available * PER 3 (BEAR) available ENDIF , DROP R14 ENDIF , Dave Thanks, Dave. I didn't know about SCCBPER3. Still, I'd sure like to know what STFLE would say. Dave Cole REPLY TO: [EMAIL PROTECTED] Cole Software WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Breaking Event Address (SDWABEA)
On Fri, 26 Jan 2007 14:47:02 -0500, David Cole <[EMAIL PROTECTED]> wrote: >Hi, > >Does anyone know what flag is set in what control block that >indicates the presence of support for reporting the location of the >last branch instruction that actually branched? > >I imagine STFLE would report the presence of this capability in the >hardware, but since BEA is newer than the most recently published >PoPs (a year and a half ago!), ... > The Fifth Edition (September, 2005) (SA22-7832-04) has it on page 4-34 of the PDF. AFAIK, there is no .boo. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SVCs
previous post http://www.garlic.com/~lynn/2007c.html#47 SVCs ... and old email on dispatching "disabled" from long ago and far away To: wheeler Date: 21 January 1986, 07:11:46 CST Subject: Dispatcher change for VM/XA I am planning on changing the XA dispatcher to execute the SIE instruction with I/O interrupts disabled (external interrupts will still be enabled). The SIE instruction is a very expensive instruction and I want to give the virtual machine a chance to do some productive work before taking an interrupt. With I/O interrupts disabled, the virtual machine will get to run until it relinquishes control to CP or hits the end of the dispatcher timeslice. The I/O supervisor already uses the TPI instruction to process all pending interrupts before returning control to the dispatcher. Do you have any thoughts on the matter? I have read CPDESIGN FORUM on the IBMVM disk, so I know what has been discussed there. Do you have a ballpark figure for the maximum allowable dispatcher timeslice which would allow satisfactory I/O throughput? I am thinking about disabling I/O interrupts for a maximum of 10 milliseconds. Another alternative would be to have DMKSTP set/reset the interrupt mask based upon the observed I/O interrupt rate. ... snip ... i.e. some amount of the stuff in the original vm370 resource manager got modified in unusual ways over extended period of time (i.e from decade earlier that above email) misc. collected posts mentioning resource manager, dynamic adaptive resource control, fair share, etc http://www.garlic.com/~lynn/subtopic.html#fairshare previous post http://www.garlic.com/~lynn/2006j.html#27 virtual memory with old email discussing SIE implementation differences between 3081 and 3090 in some detail http://www.garlic.com/~lynn/2006j.html#email810630 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO Storage Usage, Limits, etc.
On Fri, 26 Jan 2007 13:30:55 -0600, Chase, John wrote: >> -Original Message- >> From: IBM Mainframe Discussion List On Behalf Of Tom Schmidt >> On Fri, 26 Jan 2007 10:40:55 -0600, Chase, John wrote: >> >> >Also, our current limitations notwithstanding, a snippet of a TASID >> >display of TSO address spaces shows this (jobname and procname have >> >been "anonymized"): >> > >> >== >> >Jobname | Procname Stepname CPU Time Storage >> >-- >> >UTSO001 ... TPROC001 ... EXEC ...21:53.3490.2M >> >== >> > >> >How is it that this user has apparently been able to >> allocate and use >> >90.2M storage, considering: >> > >> >1. We have JES2 JOBCLASS(TSU) REGION=4M, 2. TPROC001 specifies >> >REGION=6144K on the EXEC card, 3. The user's TSO segment in RACF >> >specifies MAXSIZE(6144), and 4. We have NO >> installation-written IEFUxx >> >exits in use? >> >> Hi John, >> >> [ snip ] >> >> Do you happen to know if the user's TSO segment allows for >> region override? If so, maybe the user cranks it up during >> logon. (I know that I do; I have to look at dumps sometimes >> and my region is very considerably larger than 6M or even >> 32M.) Check TSO MAXSIZE. > >Looks like it got obfuscated in the reformatting: The user's TSO >segment MAXSIZE is 6144. ...so it does, so it does. (My bad.) Do you have anything like Batch Optimizer installed? (That would be ISV software that is willing (and able) to throw hundreds or thousands of buffers at VSAM/QSAM files.) Maybe if you could cut & paste the (obfuscated) output of "D A,UTSO001" to this thread so we could see if there are any hiperspaces or data spaces attached to the address space; that could illuminate things considerably. Also, if you could use TASID to display the files allocated to the user's session - we don't need to see names but the number of files (and the number of VSAM files vs. non-VSAM, if you can tell which is which) would be helpful from the standpoint of (E)LSQA. -- Tom Schmidt Madison, WI -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
[no subject]
NOTICE: All information in and attached to the e-mail(s) below may be proprietary, confidential, privileged and otherwise protected from improper or erroneous disclosure. If you are not the sender's intended recipient, you are not authorized to intercept, read, print, retain, copy, forward, or disseminate this message. If you have erroneously received this communication, please notify the sender immediately by phone (704-758-1000) or by e-mail and destroy all copies of this message (electronic, paper, or otherwise). Thank you. Sorry. Wrong address. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Gray, Larry - Larry A Sent: Friday, January 26, 2007 3:11 PM To: IBM-MAIN@BAMA.UA.EDU Subject: SEARCH IBM-MAIN DST -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
[no subject]
NOTICE: All information in and attached to the e-mail(s) below may be proprietary, confidential, privileged and otherwise protected from improper or erroneous disclosure. If you are not the sender's intended recipient, you are not authorized to intercept, read, print, retain, copy, forward, or disseminate this message. If you have erroneously received this communication, please notify the sender immediately by phone (704-758-1000) or by e-mail and destroy all copies of this message (electronic, paper, or otherwise). Thank you. SEARCH IBM-MAIN DST -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
David, In IPCS option 0, set the source to "active" and then enter ip l 10?+c8?+84?+d0? str l(512) This will show you who's actually handling SVC 26 (it's CVT->SVCT->SVCTABLE->entry for SVC 26->entry point). ip l 10?+c8?+88?+270? str l(512) will show who was previously handling SVC 26 (it's ...SVC recording table->entry for SVC 26...). If this isn't the IBM module, ip l 10?+c8?+88?+284 l(2) will show the number of updates to SVC 26 (from the SVC recording table entry). Bob -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Breaking Event Address (SDWABEA)
Dave, Try this sequence: IF(TM,FLCARCH,PSAESAME,O),AND, If Arch Level 2 and* (ICM,R14,15,CVTSCPIN,NZ) Service Call Control Block USING SCCB,R14 IF(TM,SCCBCN12,SCCBPER3,O) If PER 3 support available * PER 3 (BEAR) available ENDIF , DROP R14 ENDIF , Dave -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of David Cole Sent: Friday, January 26, 2007 11:47 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Breaking Event Address (SDWABEA) Hi, Does anyone know what flag is set in what control block that indicates the presence of support for reporting the location of the last branch instruction that actually branched? I imagine STFLE would report the presence of this capability in the hardware, but since BEA is newer than the most recently published PoPs (a year and a half ago!), ... Thanks, Dave Cole REPLY TO: [EMAIL PROTECTED] Cole Software WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Breaking Event Address (SDWABEA)
David Cole wrote: Hi, Does anyone know what flag is set in what control block that indicates the presence of support for reporting the location of the last branch instruction that actually branched? I imagine STFLE would report the presence of this capability in the hardware, but since BEA is newer than the most recently published PoPs (a year and a half ago!), ... Our software checks for a zero/non-zero SDWABEA value. It will be non-zero only when the supported hardware/software is present. -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Breaking Event Address (SDWABEA)
Hi, Does anyone know what flag is set in what control block that indicates the presence of support for reporting the location of the last branch instruction that actually branched? I imagine STFLE would report the presence of this capability in the hardware, but since BEA is newer than the most recently published PoPs (a year and a half ago!), ... Thanks, Dave Cole REPLY TO: [EMAIL PROTECTED] Cole Software WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO Storage Usage, Limits, etc.
> -Original Message- > From: IBM Mainframe Discussion List On Behalf Of Tom Schmidt > > On Fri, 26 Jan 2007 10:40:55 -0600, Chase, John wrote: > > >Also, our current limitations notwithstanding, a snippet of a TASID > >display of TSO address spaces shows this (jobname and procname have > >been "anonymized"): > > > >== > >Jobname | Procname Stepname CPU Time Storage > >-- > >UTSO001 ... TPROC001 ... EXEC ...21:53.3490.2M > >== > > > >How is it that this user has apparently been able to > allocate and use > >90.2M storage, considering: > > > >1. We have JES2 JOBCLASS(TSU) REGION=4M, 2. TPROC001 specifies > >REGION=6144K on the EXEC card, 3. The user's TSO segment in RACF > >specifies MAXSIZE(6144), and 4. We have NO > installation-written IEFUxx > >exits in use? > > Hi John, > > [ snip ] > > Do you happen to know if the user's TSO segment allows for > region override? If so, maybe the user cranks it up during > logon. (I know that I do; I have to look at dumps sometimes > and my region is very considerably larger than 6M or even > 32M.) Check TSO MAXSIZE. Looks like it got obfuscated in the reformatting: The user's TSO segment MAXSIZE is 6144. -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: AOPBATCH Continuation character
Jantje, at first thanks for your posting. However it doesn't seems to work for me +1+2+3+4+5+6+7+8 //STEP010 EXEC PGM=AOPBATCH,PARM='sh' //STDOUTDD SYSOUT=T //STDERRDD SYSOUT=T //STDIN DD * ln -s /usr/lpp/db2/db2810/jcc/classes/db2jcc_license_cisuz.jar db2jcc_license_c\ isuz.jar gets ln: FSUM6245 link to target "db2jcc_license_c\" failed: EDC5111I Permission denied. isuz.jar: FSUM7351 not found The permission denied is fine as I choose a directy without permission just to verify the continuation character. I'll now also post to MVS-OE Roland -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Jan MOEYERSONS Sent: Monday, January 22, 2007 11:09 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: AOPBATCH Continuation character > >ln: FSUM6245 link to target "\" failed: EDC5111I Permission denied. >db2jcc_license_cisuz.jar: FSUM7351 not found >IIRC, it's the shell, not AOPBATCH, that deals with continuation >characters. > >Try a backslash at the end of the line - although I'm not sure how this >will translate with fixed 80 column input - e.g. > >ln -s $/usr/lpp/db2/db2810/jcc/classes/db2jcc.jar \ > db2jcc.jar; It is the back slash alright and it is the shell that is dealing with it. But if your input is fixed length (and it tends to be if it is instream data in a JCL...) then the backslash has to go in exactly the 80th position. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HyperPAV
On Tue, 31 Oct 2006 14:04:11 -0500, Knutson, Sam <[EMAIL PROTECTED]> wrote: >The combination of the relief provided by z9 & z/OS R7 to use the second >subchannel set and now HyperPAV has delivered some serious relief for >the 64K device limitation. Kudo's to the wizards in IBM! > > > >IBM System Storage DS8000 series (machine type 2107) delivers HyperPAV > >http://www.ibm.com/common/ssi/rep_ca/1/897/ENUS106-811/ENUS106-811.PDF > >Parallel Access Volumes (PAV) enables a single System z server to >simultaneously process multiple I/O >operations to the same logical volume, which can help to significantly >reduce device queue delays. This is >achieved by defining multiple addresses per volume. Dynamic PAV allows >the assignment of addresses to >volumes and can be automatically managed to help meet performance >objectives and reduce overall queuing. >Today's announcement allows many DS8000 series users to benefit from >enhancements to PAV with support for >HyperPAV. HyperPAV allows an alias address to be used to access any base >on the same control unit image per I/O >base. This capability also allows different HyperPAV hosts to use one >alias to access different bases, which >reduces the number of alias addresses required to support a set of bases >in a System z environment with no >latency in targeting an alias to a base. This functionality is also >designed to enable applications to achieve equal >or better performance than possible with the original PAV feature alone >while also using the same or fewer z/OS >resources. > >HyperPAV is an optional feature on the DS8000 series. > > > >Best Regards, > >Sam Knutson, GEICO Does anyone know if EMC has duplicated this technology? TIA, Patrick Lyon -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TSO Storage Usage, Limits, etc.
On Fri, 26 Jan 2007 10:40:55 -0600, Chase, John wrote: >Also, our current limitations notwithstanding, a snippet of a TASID >display of TSO address spaces shows this (jobname and procname have been >"anonymized"): > >== >Jobname | Procname Stepname CPU Time Storage >-- >UTSO001 ... TPROC001 ... EXEC ...21:53.3490.2M >== > >How is it that this user has apparently been able to allocate and use >90.2M storage, considering: > >1. We have JES2 JOBCLASS(TSU) REGION=4M, >2. TPROC001 specifies REGION=6144K on the EXEC card, >3. The user's TSO segment in RACF specifies MAXSIZE(6144), and >4. We have NO installation-written IEFUxx exits in use? Hi John, The 6144K (6M) limit controls below-the-line storage only; the IBM default allows for up to 32M above the line in addition to that 6M. ISPF's Cut & Paste facility was changed a while ago to use data spaces for its clipboard memory. If the user in question was a COBOL programmer you might expect a fair amount of cut & paste activity and possibly even the use of multiple clipboards if the user is adept at it. The system I verified those claims on allowed my clipboards to be 239 frames, which is the default data space size here, YMMV. (That is also IBM's default data space size for unauthorized callers.) The TASID display shows real storage (not virtual) and that will include all private virtual storage plus LSQA plus data spaces. Do you happen to know if the user's TSO segment allows for region override? If so, maybe the user cranks it up during logon. (I know that I do; I have to look at dumps sometimes and my region is very considerably larger than 6M or even 32M.) Check TSO MAXSIZE. -- Tom Schmidt Madison, WI -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
> -Original Message- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Clark Morris > Sent: Friday, January 26, 2007 6:18 AM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Re: Cross Memory and AR ASC Mode > /snip/ > > What are the security implications of allowing uninvited snooping? Is > this a good way to pick up confidential information if someone > understands the application? How does Omegamon handle this and can > the method used be made available assuming the security concerns are > met? By definition, an authorized program is a trusted program. It can do whatever it wants and is presumed to maintain the confidentiality of any application data that it sees. Placing a program into an APF library is a management policy decision, not a technical issue. If management trusts the author of the program, then let the system security adminstrator and systems programmer put it in the APF library and let it do its thing. Otherwise, just say no. Jeffrey D. Smith Principal Product Architect Farsight Systems Corporation 700 KEN PRATT BLVD. #204-159 LONGMONT, CO 80501-6452 303-774-9381 direct 303-484-6170 FAX http://www.farsight-systems.com/ see my résumé at my website (yes, I am looking for employment) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
> -Original Message- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Peter Relson > Sent: Friday, January 26, 2007 5:36 AM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Re: Cross Memory and AR ASC Mode > /snip/ > > Jeffrey Smith mentioned LASP: I hope it isn't surprising to anyone that > you > are not supposed to use that instruction, just as you are not supposed to > do all sorts of things provided for the base OS to use in order to make it > possible for your applications to run (including such obvious things as > using LCTL to set various things). > /snip/ > > Peter Relson Just to be clear, I mentioned LASP as one of the many instructions intended for the operating system to use for preparing a unit of work for dispatch. When a unit of work is suspended, its current primary and secondary ASN are saved somewhere and later restored with LASP (or equivalent). A similar function may occur when popping a PC state entry with the Program Return (PR) instruction. Either way, before the advent of ASN-LX-REUSE-FACILITY, (ALRF), there was no way to know for sure whether the ASN was the same "logical" address space that was bound to the unit of work at suspension. Setting secondary addressability (SSAR) to an arbitrary space clearly violates system integrity rules. On a sandbox system intended to crash and burn, who cares? On a production system, it's clearly a no-no, but I would guess there are still some ISV products being used on production systems, which violate system integrity rules in a variety of ways, including inappropriately referencing arbitrary address spaces, elevating authorization for a unit of work running in an insecure environment, using problem key storage in the common area, the list goes on and on. I've seen all kinds of such shenanigans and I was slapped down by management when I complained. (But I'm not bitter about iteek!) Two cents worth. Your mileage may vary. Cheers Jeffrey D. Smith Principal Product Architect Farsight Systems Corporation 700 KEN PRATT BLVD. #204-159 LONGMONT, CO 80501-6452 303-774-9381 direct 303-484-6170 FAX http://www.farsight-systems.com/ see my résumé at my website (yes, I am looking for employment) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
TSO Storage Usage, Limits, etc.
Hi, All, Just rolling out z/OS 1.7 and are looking to "modernize" some things, including TSO storage allocations and limits. Currently using "XA-period" limitations like REGION=6144K in the logon proc, MAXSIZE=6144 in the TSO segment of the users' RACF profiles, etc. What would be "reasonable" limits for a z/OS 1.7 image running on a z9-BC with 4GiB central storage, averaging around 75 - 90 TSO users (mostly COBOL programmers) daily? Also, our current limitations notwithstanding, a snippet of a TASID display of TSO address spaces shows this (jobname and procname have been "anonymized"): == Jobname | Procname Stepname CPU Time Storage -- UTSO001 ... TPROC001 ... EXEC ...21:53.3490.2M == How is it that this user has apparently been able to allocate and use 90.2M storage, considering: 1. We have JES2 JOBCLASS(TSU) REGION=4M, 2. TPROC001 specifies REGION=6144K on the EXEC card, 3. The user's TSO segment in RACF specifies MAXSIZE(6144), and 4. We have NO installation-written IEFUxx exits in use? TIA, -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
Yes - around 2001/2002 IIRC. Rob Scott Rocket Software, Inc 275 Grove Street Newton, MA 02466 617-614-2305 [EMAIL PROTECTED] http://www.rs.com/portfolio/mxi_g2 -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Thompson, Steve (SCI TW) Sent: 26 January 2007 11:03 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Who intercepted SVC 26? -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Rob Scott Sent: Friday, January 26, 2007 9:15 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Who intercepted SVC 26? >Are they in Perth? Yep - it was transferred down there a few years back. ISPF/PDF went to Perth? Steve Thompson -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Rob Scott Sent: Friday, January 26, 2007 9:15 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Who intercepted SVC 26? >Are they in Perth? Yep - it was transferred down there a few years back. ISPF/PDF went to Perth? Steve Thompson -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is "command reject" trying to tell me?
The support center would be an inappropriate resource, based on my >experience. I believe they do not "help with problems" -- they "resolve >defects." Had I called them up and said "what the heck does this message >mean?" they would have (politely) told me to go away. On my IBMLINK menu, under ETR, there are two options: "report a defect" and "ask a question". I think that the "ask a question" is an extra-cost option. They have been very good at "what does this message mean" and "how do you do something", as long as the question is not extremely technical. They even transfer questions to the defect queue if they feel it is a defect. But I don't know if they would work with you to make your program work. -- Bruce A. Black Senior Software Developer for FDR Innovation Data Processing 973-890-7300 personal: [EMAIL PROTECTED] sales info: [EMAIL PROTECTED] tech support: [EMAIL PROTECTED] web: www.innovationdp.fdr.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: LPAR performance questions ?
On Thu, 25 Jan 2007 21:56:09 +, Ted MacNEIL <[EMAIL PROTECTED]> wrote: > >PS: I am not really enamoured of the "I'm too lazy..." comment. >This list works better if the posters do their homework. Totally uncalled for comment - *especially* considering the person it was directed to. Ed used those word but it isn't really a matter of being "lazy". This wasn't a "whats the operator command to do xyx?" type of question. ROTs are seldom documented in manuals and this particular one really does "depend". This list also works better when people post replies to questions when they are sure of the answer instead of posting erroneous information from memory or obsolete information. But I don't think you've ever done that, have you? -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group: G-ITO mailto:[EMAIL PROTECTED] z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/ Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Kristine Harper's blog
In a message dated 1/26/2007 9:26:06 A.M. Central Standard Time, [EMAIL PROTECTED] writes: I used structured macros when I consulted at the Federal Reserve Bank around 1981. It was used for a custom-built messaging system running on CICS. It was a new thing then and it was fun to use. But, assembler is assembler, and you still have to keep track of the registers you use. To >> IIRC there were a set shipped with source for JES328x. One of the DASD admins had code a set of programs using them to manage HSM. It worked great for many moons then something changed along the way and his programs quit working and corrupted the BCDS...fun and games. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
Craddock, Chris wrote: Ed said The main reason for using ASCBINTS is that it is accessible from the address space that schedules the SRB. The TTOKEN of the "cross memory owning" TCB isn't. That TCB and its TTOKEN reside in the SRB schedulee's private area, thus creating a "chicken and egg" problem. True, but Jim's point was for the SRB routine to save it after the first schedule and arrange to pass that value as a parameter and use it for validation on dispatch during the second and subsequent schedules. At least that is how I interpreted it. I agree this would work for "second and subsequent" schedules. I needed something that would work for all schedules -- including the first and/or only. -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
In a message dated 1/26/2007 9:15:10 A.M. Central Standard Time, [EMAIL PROTECTED] writes: Yep - it was transferred down there a few years back. >> Don't know if it was a sideways demotion or just another way of deflating Raleigh. Maybe somebody will write a book...or post a video on youtube! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: REXX programming question
In a recent note, Jim McAlpine said: > Date: Fri, 26 Jan 2007 15:14:10 + > > Many thanks Paul. I'll take a look at that. > You're welcome. Additional thought: If you're using Rexx only to perform the allocation, BPXWDYN might be callable directly from COBOL with no need for Rexx. But: o The rtddn() key is available only in Rexx (IBM development is reported to be working on removing the restriction). You'd need to generate the catenand DDNAMEs yourself. o The string manipulations might be easier in Rexx anyway. MVS-OE and TSO-REXX might be better lists for this question. At least MVS-OE. Some TSO-REXX readers resent the U-word: "After all, this _is_ a _TSO_ list!" -- gil -- StorageTek INFORMATION made POWERFUL -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SVCs
>> a detailed discussion with Joel between sessions so I politely (as I >> remember it :-) ) asked him to desist. He's probably the one who wrote >> "chairman is a fascist" on his evaluation card. > >> > Brave new world I guess. The other thing I remember about those sessions > were the number of 'suits' in attendance. I don't know if they were > lawyers or > undertakers...seems like most of them wandered off after the second > session Well don't forget, Joel was from Amdahl and back in the day there was a whole lot of (ahem) "distrust" between Big Blue and Big Red. And Joel was talking openly about the innards of the, then brand new and still dripping wet, flagship operating system. I'm not surprised there was a bunch of suits in attendance. :-) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Kristine Harper's blog
I used structured macros when I consulted at the Federal Reserve Bank around 1981. It was used for a custom-built messaging system running on CICS. It was a new thing then and it was fun to use. But, assembler is assembler, and you still have to keep track of the registers you use. To make it readable, don't expand the macros. Skip Robinson <[EMAIL PROTECTED]> Sent by: IBM Mainframe Discussion List 01/25/2007 06:39 PM Please respond to IBM Mainframe Discussion List To IBM-MAIN@BAMA.UA.EDU cc Subject Kristine Harper's blog (This time with content.) Here's the URL for Kristine Harper's blog. Kristine is the SHARE zNextGen Project Manager. She's probably too modest to blow her own horn, but this is fine stuff. http://www.neonesoft.com/blog/blogs/kharper/default.aspx . . JO.Skip Robinson Southern California Edison Company SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile [EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
Clark asks > What are the security implications of allowing uninvited snooping? It depends on who is doing the snooping and why they are doing it. All of the major commercial monitoring products and even the non-commercial ones need access to "other" address spaces from time to time. The only way they can "see" what's going on in another address space is to schedule an SRB (or other even more dastardly techniques we won't discuss) and "sniff around". There is basically ZERO security implication in what these tools do and your only risk is from design or coding errors. You're hardly likely to have a system outage from RMF, but it has happened once or twice. In general they need access ONLY to sniff around in system control blocks and report on the state they found. That's what they're doing when you use the tool to examine performance problems. Other cases like the application profiling tools (Inspect, InTune and Strobe, plus Dave Cole's XDCCDF) are more specifically interested in what code each TCB is executing in the address space being monitored/profiled. They have a much deeper/more invasive view of what's going on, but they are "invited in" FSVO "invited" because they don't do anything at all unless you specifically ask them to. Those tools do allow you to see code or data (and in XDC's case, change it on the fly) and in that respect they might be considered a yawning security hole except for one thing. They each require the user to have a security privilege to access any other address space than their own. So the security question is handed off to the installation's security policy. If you've got the stones for it, you get access. Otherwise nada. > Is this a good way to pick up confidential information if someone > understands the application? Yes, but you would have had to have security permission to do it anyway (see above) so the tool would only be a convenience for you. You could have gotten that information yourself by other means. So (IMNSHO) the tools are not a security risk at all, provided the installation's security policies are properly administered. Now if your shop allows any grinning idiot access to the secret druid stuff then anyone could be a black hat and you'd never know. > How does Omegamon handle this and can > the method used be made available assuming the security concerns are > met? Omegamon, like all of the other commercial tools, follows the security rules. It isn't a security risk unless your shop has sloppy administration of security policy. CC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
>Are they in Perth? Yep - it was transferred down there a few years back. Rob Scott Rocket Software, Inc 275 Grove Street Newton, MA 02466 617-614-2305 [EMAIL PROTECTED] http://www.rs.com/portfolio/mxi_g2 -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ed Finnell Sent: 26 January 2007 10:12 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Who intercepted SVC 26? In a message dated 1/26/2007 8:52:35 A.M. Central Standard Time, [EMAIL PROTECTED] writes: TASID is now being maintained by the ISPF Development team (well done guys!) - version 5.12 is the latest I believe. >> Are they in Perth? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: REXX programming question
Many thanks Paul. I'll take a look at that.
Jim McAlpine
On 1/26/07, Paul Gilmartin <[EMAIL PROTECTED]> wrote:
In a recent note, Jim McAlpine said:
> Date: Fri, 26 Jan 2007 12:43:49 +
>
> We are now playing with calling Java from COBOL and need to concatenate
some
> PATH definitions onto the SYSLIB definition. Is there a way to achieve
> this.
>
Yes. Abandon ALLOCATE and use BPXWDYN instead.
Use BPXWDYN( 'alloc {path|dsname}(...) ..' ) to allocate each
individual catenand.
Use the 'ddn(SYSLIB)' operand on the first catenand. Omit ddn
and use 'rtddn(varname)' to retrieve the generated ddname of
each subsequent catenand.
Use BPXWDYN( 'concat ddlist(list-of-catenand-ddnames' ) to
perform the final concatenation.
Linkname: Requesting dynamic concatenation
URL:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/BPXZB661/6.7
Title: z/OS V1R7.0 Using REXX and z/OS UNIX System Services
Document Number: SA22-7806-09
-- gil
--
StorageTek
INFORMATION made POWERFUL
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
In a message dated 1/26/2007 8:52:35 A.M. Central Standard Time, [EMAIL PROTECTED] writes: TASID is now being maintained by the ISPF Development team (well done guys!) - version 5.12 is the latest I believe. >> Are they in Perth? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SVCs
In a message dated 1/25/2007 10:52:09 P.M. Central Standard Time, [EMAIL PROTECTED] writes: a detailed discussion with Joel between sessions so I politely (as I remember it :-) ) asked him to desist. He's probably the one who wrote "chairman is a fascist" on his evaluation card. >> Brave new world I guess. The other thing I remember about those sessions were the number of 'suits' in attendance. I don't know if they were lawyers or undertakers...seems like most of them wandered off after the second session -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
Last I heard Doug was in Websphere land. TASID is now being maintained by the ISPF Development team (well done guys!) - version 5.12 is the latest I believe. Rob Scott Rocket Software, Inc 275 Grove Street Newton, MA 02466 617-614-2305 [EMAIL PROTECTED] http://www.rs.com/portfolio/mxi_g2 -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of David Andrews Sent: 26 January 2007 09:41 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Who intercepted SVC 26? On Fri, 2007-01-26 at 07:22 -0700, Lester, Bob wrote: >Do you have CA-Allocate (VAM) on the system? No, we don't. I installed TASID a few years ago, then let it languish and eventually it fell out. Have to look at it again I suppose. (And at right-angles to the topic at hand: what is Doug Nadel doing these days?) -- David Andrews A. Duda and Sons, Inc. [EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
On Fri, 2007-01-26 at 07:22 -0700, Lester, Bob wrote: >Do you have CA-Allocate (VAM) on the system? No, we don't. I installed TASID a few years ago, then let it languish and eventually it fell out. Have to look at it again I suppose. (And at right-angles to the topic at hand: what is Doug Nadel doing these days?) -- David Andrews A. Duda and Sons, Inc. [EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRDSSU and AWS
On Fri, 26 Jan 2007 08:27:14 -0600, Dave Cartwright <[EMAIL PROTECTED]> wrote: >Why would QSAM ignore DCBIBLKSI and write the block at 65520? Typo. DCBEBLKSI DC -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRDSSU and AWS
On Fri, 19 Jan 2007 06:20:51 -0600, Dave Cartwright <[EMAIL PROTECTED]> wrote: >I am trying to restore from some backup tapes that I converted to .AWS >format, but I am having problems handling the 65520 blocksize. >How do people manage this? Most AWS utilities I have tried cannot recreate >a tape like this. Anyone know of a utility that can? > I received some replies suggesting work-arounds, but no one could name a program that works. I therefore looked for candidates and discovered AWSLL from Reed Petty on file 606 of the CBT tape. I thought it would be easy enough to add LBI support in csect AWSICOPY, and the coding did indeed seem fairly easy. However, I am now tearing my hair out (what remains) because it writes out EVERY block at 65520, and ADRDSSU does not like that. Debuggging with OC1 abends shows that just before the first PUT instruction the DCBE contains the length of the AWS block as shown by registers used (72 bytes). This is correct on the original tape and on the AWS version. Why would QSAM ignore DCBIBLKSI and write the block at 65520? Does the LBI only work above 32k-1? Ideas gratefully received. Dave -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Who intercepted SVC 26?
Hi David, Do you have CA-Allocate (VAM) on the system? Thanks! <*BobL*> -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of David Andrews Sent: Thursday, January 25, 2007 2:08 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Who intercepted SVC 26? -- This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications. == -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: REXX programming question
In a recent note, Jim McAlpine said:
> Date: Fri, 26 Jan 2007 12:43:49 +
>
> We are now playing with calling Java from COBOL and need to concatenate some
> PATH definitions onto the SYSLIB definition. Is there a way to achieve
> this.
>
Yes. Abandon ALLOCATE and use BPXWDYN instead.
Use BPXWDYN( 'alloc {path|dsname}(...) ..' ) to allocate each
individual catenand.
Use the 'ddn(SYSLIB)' operand on the first catenand. Omit ddn
and use 'rtddn(varname)' to retrieve the generated ddname of
each subsequent catenand.
Use BPXWDYN( 'concat ddlist(list-of-catenand-ddnames' ) to
perform the final concatenation.
Linkname: Requesting dynamic concatenation
URL:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/BPXZB661/6.7
Title: z/OS V1R7.0 Using REXX and z/OS UNIX System Services
Document Number: SA22-7806-09
-- gil
--
StorageTek
INFORMATION made POWERFUL
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: EXTERNAL INTERRUPT and SAPL
On 1/26/2007 7:30 AM, R.S. wrote: Everytime I read software manual, i.e. MVS Diagnosis, and the manual decribes some actions on "hardware side", I find completely unclear and usually obsolete explanations. Dear manual authors - there is no more ES9000 or 4381 in production. We use more recent machines, all them have HMC. It has been for *YEARS*. Why don't you update the hardware descriptions in your manuals? I understand when I read about ES9000 console and its frames, although I have never seen it. I really never ever seen S360 and its EXTERNAL INTERRUPT key. Please submit a Reader's Comment, Radoslaw. The book authors are not reading IBM-MAIN. BTW: Recently I submitted RCF about GRS manual. They widely describe 3088 CTC device and its advantages over built-in CTCA adapter. ESCON CTC is poorly mentioned. No information about FICON. No such channel at all. Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
>What are the security implications of allowing uninvited snooping? Is this a good way to pick up confidential information if someone understands the application? I would imagine this is the same as the implications for the "DUMP" z/OS system command. Rob Scott Rocket Software, Inc 275 Grove Street Newton, MA 02466 617-614-2305 [EMAIL PROTECTED] http://www.rs.com/portfolio/mxi_g2 -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Clark Morris Sent: 26 January 2007 08:18 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Cross Memory and AR ASC Mode On 25 Jan 2007 15:17:44 -0800, in bit.listserv.ibm-main you wrote: >Peter Relson said this a few years back on IBM-MAIN : > >"There is no intended programming interface for obtaining the STOKEN of >a "given" address space. If the owner of that space wants you poking >around in his storage, then it is up to that owner to provide a >mechanism for you to obtain his STOKEN." > >I understand what he is saying here, however there are instances in >vendor code (and IBM-code surely??) where SRBs are scheduled into other >address spaces uninvited. > >If you use SCHEDULE to shoot the SRB and there is something wrong with >the ASCB in SRBASCB or the STOKEN you get an *abend* and now obviously >have to provide recovery around the SCHEDULE to cater for this. >SCHEDULE is also only an async service - so you have some WAIT amd >cross-memory POST logic going on as well. > >IEAMSCHD is a *much* improved service to handle SRBs and provides a >sequence of *return+reason* codes for situations where the STOKEN is >bad (no abend - hooray!). IEAMSCHD also provides the ability to operate >as a synchronous service - so no need to WAIT/POST (hooray again!). > >However, IEAMSCHD only accepts STOKENs as the specification for the >target foreign address space - and this is why I personally find >ASSBSTKN not being GUPI frustrating - but that is probably down to the >fact that the software I write does a lot of uninvited snooping. What are the security implications of allowing uninvited snooping? Is this a good way to pick up confidential information if someone understands the application? How does Omegamon handle this and can the method used be made available assuming the security concerns are met? > >Anyone think it might be worth a SHARE requirement request to ask for >ASSBSTKN to be marked GUPI for all address spaces? > > > >Rob Scott >Rocket Software, Inc >275 Grove Street >Newton, MA 02466 >617-614-2305 >[EMAIL PROTECTED] >http://www.rs.com/portfolio/mxi_g2 > >> rest snipped -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
On 25 Jan 2007 15:17:44 -0800, in bit.listserv.ibm-main you wrote: >Peter Relson said this a few years back on IBM-MAIN : > >"There is no intended programming interface for obtaining the STOKEN of >a "given" address space. If the owner of that space wants you poking >around in his storage, then it is up to that owner to provide a >mechanism for you to obtain his STOKEN." > >I understand what he is saying here, however there are instances in >vendor code (and IBM-code surely??) where SRBs are scheduled into other >address spaces uninvited. > >If you use SCHEDULE to shoot the SRB and there is something wrong with >the ASCB in SRBASCB or the STOKEN you get an *abend* and now obviously >have to provide recovery around the SCHEDULE to cater for this. SCHEDULE >is also only an async service - so you have some WAIT amd cross-memory >POST logic going on as well. > >IEAMSCHD is a *much* improved service to handle SRBs and provides a >sequence of *return+reason* codes for situations where the STOKEN is bad >(no abend - hooray!). IEAMSCHD also provides the ability to operate as a >synchronous service - so no need to WAIT/POST (hooray again!). > >However, IEAMSCHD only accepts STOKENs as the specification for the >target foreign address space - and this is why I personally find >ASSBSTKN not being GUPI frustrating - but that is probably down to the >fact that the software I write does a lot of uninvited snooping. What are the security implications of allowing uninvited snooping? Is this a good way to pick up confidential information if someone understands the application? How does Omegamon handle this and can the method used be made available assuming the security concerns are met? > >Anyone think it might be worth a SHARE requirement request to ask for >ASSBSTKN to be marked GUPI for all address spaces? > > > >Rob Scott >Rocket Software, Inc >275 Grove Street >Newton, MA 02466 >617-614-2305 >[EMAIL PROTECTED] >http://www.rs.com/portfolio/mxi_g2 > >> rest snipped -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
REXX programming question
We have some REXX code which we use to do our COBOL compile/links etc, part
of which allocates the SYSLIB concatenation for the link-edit step like this
-
/*--- input load libraries via SYSLIB */
sysLibs = nameObjLibs.prgVersion nameAddQuotes(CBL_LIB)
if prgVersion = fgVersion &,
left(TPMON,4) = 'CICS' then
sysLibs = sysLibs nameAddQuotes(CICS_LOAD)
if left(TPMON,3) = 'IMS' then
sysLibs = sysLibs nameAddQuotes(IMS_RES)
if pgenSqlPresent.prgVersion then
sysLibs = sysLibs nameAddQuotes(DB2_LOAD)
sysLibs= sysLibs nameAddQuotes(CEE_LKED)
sysLibs= syslibs nameAddQuotes(TCPLIB)
call fileAlloc 'dsn('||sysLibs||') ddn(SYSLIB) shr reuse'
/* end */
and fileAlloc looks like this -
/**/
/**/
/* allocate file and remember ddn for 'fileFree' routine */
/**/
/**/
fileAlloc: procedure expose allocList
do w = 1 to words(arg(1))
currWord = word(arg(1),w)
if left(currWord,4) <> 'ddn(' then iterate
leave
end
if currWord = 'ddn(SYSPRINT)' then
call freeDDN 'SYSPRINT'
if currWord = 'ddn(SYSTERM)' then
call freeDDN 'SYSTERM'
if currWord = 'ddn(SYSIN)' then
call freeDDN 'SYSIN'
currWord = left(currWord,length(currWord) - 1)
allocList = allocList substr(currWord,5)
'alloc' arg(1)
savedRc = rc
if savedRc <> 0 then
do
call msgMsg 'alloc' arg(1) ' RC='||savedRc
call exitJob 16,'ALLOC'
end
return
/* end of fileAlloc */
We are now playing with calling Java from COBOL and need to concatenate some
PATH definitions onto the SYSLIB definition. Is there a way to achieve
this.
Jim McAlpine
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Cross Memory and AR ASC Mode
>GUPI for ASID 1. Not an intended interface for other ASIDs. > >I don't know why it says that. My best guess would be >that maybe it was intended to deter someone from considering >fetching ASSBSTKN from an ASSB to which they did not have >proper serialization. Rob Scott found an old append of mine which does pertain to this point. It is precisely because of doing something uninvited which could be detrimental to the "owner" of that space that it is not appropriate to snoop in that way. And Jim Mulder properly points out that you cannot just reference a random ASCB/ASSB as those can be freemained if you do not hold proper serialization. Jeffrey Smith mentioned LASP: I hope it isn't surprising to anyone that you are not supposed to use that instruction, just as you are not supposed to do all sorts of things provided for the base OS to use in order to make it possible for your applications to run (including such obvious things as using LCTL to set various things). Chris Craddock mentioned ALET=1 then apologized and changed to ALET=2. In his scenario, either would do. I prefer using ALET=1 if addressing the "space of my caller" because that is known to work even if the caller changes and is no longer issuing it from PRIMARY=HOME. That does depend on the PC definition being such that SASN is set to the caller's PASN (which we tend to do all the time, though you can request otherwise). Barry Merrill wrote ... there is no way to tell the ASID was gone, except to schedule the SRB, which then was forced into IBM recovery routines That is hardly true. It is very simple to issue LOCASCB for an ASID and check the return information. It doesn't tell you that it's the "right instance" but it certainly lets you know when it is not there. Obviously in the window after you check and before you schedule it good go away. Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: EXTERNAL INTERRUPT and SAPL
Everytime I read software manual, i.e. MVS Diagnosis, and the manual decribes some actions on "hardware side", I find completely unclear and usually obsolete explanations. Dear manual authors - there is no more ES9000 or 4381 in production. We use more recent machines, all them have HMC. It has been for *YEARS*. Why don't you update the hardware descriptions in your manuals? I understand when I read about ES9000 console and its frames, although I have never seen it. I really never ever seen S360 and its EXTERNAL INTERRUPT key. BTW: Recently I submitted RCF about GRS manual. They widely describe 3088 CTC device and its advantages over built-in CTCA adapter. ESCON CTC is poorly mentioned. No information about FICON. No such channel at all. -- Radoslaw Skorupka Lodz, Poland Tomas Fott wrote: From an HMC, logon to the SE of the LPAR to which you want to initiate the external interrupt key. Somewhere on the SE is something to click to cause the external interrupt function. To perform external interrupt function, you have to select LPAR and processor: Open "Task List" from Views area, open "CP Toolbox". CP Toolbox contains icon of the "interrupt" task. Open "Groups" from Views area, open Images, right click on image, select processor. Drag and drop processor on the "interrupt" task. Read online manual on HMC or support element (Support element operations guide). [...] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Condition code checking for FTP
Paul So, what you are suggesting goes something like the following perhaps: /* REXX */ /**/ QUEUE "Userid" QUEUE "Password" QUEUE "CD /DIROFINTEREST" QUEUE "GET thefirstfile" QUEUE "QUIT" "FTP 123.456.78.9 (EXIT" SAY 'FTP OF 'thefirstfile' RETURN CODE=' RC /**/ QUEUE "Userid" QUEUE "Password" QUEUE "CD /DIROFINTEREST" QUEUE "GET thesecondfile" QUEUE "QUIT" "FTP 123.456.78.9 (EXIT" SAY 'FTP OF 'thesecondfile' RETURN CODE=' RC /**/ QUEUE "Userid" QUEUE "Password" QUEUE "CD /DIROFINTEREST" QUEUE "GET thethirdfile" QUEUE "QUIT" "FTP 123.456.78.9 (EXIT" SAY 'FTP OF 'thethirdfile' RETURN CODE=' RC /**/ and so on, which, if more extensive, clearly calls out for a looped structure - but I won't spoil Lucy's fun by trying to work that out for her! Chris Mason - Original Message - From: "Paul Gilmartin" <[EMAIL PROTECTED]> Newsgroups: bit.listserv.ibm-main To: Sent: Friday, 26 January, 2007 3:28 AM Subject: Re: Condition code checking for FTP > On Thu, 25 Jan 2007 16:10:25 -0800, Greg Grimm wrote: > > > > I 'get' two files. > > The first step is IKJEFT01 - it runs the following REXX > > ... > Heck, if you're writing an EXEC, do it all in one step, with an invocation > of FTP to GET each file and omit the DIR. This avoids numerous problems: > > o Authorization: DIR shows the file exists, but GET fails because > you haven't sufficient permission on the server system to read it. > > o Timing: the DIR step reports the file exists, but another process > deletes it before the GET, which fails. > > o Syntactic: The format of the reply from DIR on the remote system is > different from what you expect. > > o Structural: the files to be fetched exist in different directories, > and a single call to DIR doesn't show them all. > > ... and it's less code. > > -- gil > -- > StorageTek > INFORMATION made POWERFUL -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: VIPA tcpip profile definitions
Matthew I'm also glad that Dennis Leong has asked the question since it has prompted you to provide the benefit of your experience. Have you seen the thread in the IBMTCP-L list entitled "VIPARANGE definitions"? Presumably not or you would have provided a similar response there when the matter of having OSA ports and VIPAs sharing the same address range arose. Alan Watthey is planning to try this so your experience is some encouragement. I've made a few comments on your post already in my reply to Dennis. In addition I would like to make a couple more. In terms of what is relevant to Dennis's project, there is nothing you show in the IPCONFIG statement which is actually needed - with one possible exception. The possible exception is the MULTIPATH parameter. In the part of the redbook which describes features of the OSA "ARP Takeover" in section 1.2.8, "ARP cache management", it is suggested that MULTIPATH is necessary in order to cause the OSA backup mechanism to happen. It's just about impossible to see why there should be a connection between the OSA backup mechanism and the IPCONFIG MULTIPATH parameter. Rather I think that the idea that the IPCONFIG MULTIPATH parameter should be specified is that, when you have two OSA ports connected to the same LAN, you will have the benefit of using them, that is, both of them when they are both working, only when you specify IPCONFIG MULTIPATH. This is actually the way the need for the MULTIPATH parameter reads in Appendix G - just about. A scan for the word "MULTIPATH" in System z9 and eServer zSeries Open Systems Adapter-Express Customer's Guide and Reference shows it used only with reference to "multipath channel" (MPC) and there is no mention of MULTIPATH in the section where relevant IPCONFIG parameters are discussed, section 1.7.2.2.1, "Recommendations" under 1.7.2.2, "Updating the TCP/IP Profile for QDIO". The following paragraph from a post of mine from last year applies if you have specified the MULTIPATH parameter of the IPCONFIG statement: If you switch to MULTIPATH, you are going to have to choose between PERCONNECTION and PERPACKET. Some folk insist on PERCONNECTION since this can avoid problems associated with fragmentation. If you have so designed your network that you can see that there will not be problems with fragmentation (or full packets arriving out of sequence), you may well prefer PERPACKET. For example, if your printer is being driven within one TCP connection, you won't see any change from what you have right now obviously with PERCONNECTION. I see you have MULTIPATH PERCONNECTION but it's not evident from the sample statements you supply that you potentially have multiple routes to some or all destinations. Specifically, you show only one set of definitions for an OSA port. Similar considerations apply to the IPCONFIG DATAGRAMFWD FWDMULTIPATH PERPACKET parameter with the additional point that you do not appear to be using your CS IP instance as a router. Maybe you have so pruned your definitions that what you show can't be taken as a consistent set of definitions. If this is so what you shouldn't have pruned is the set of definitions for your second OSA port. You do refer at the end of your post to OSA features in the plural. By "Preferably the VIPA IP address should be used in all instances." do you mean that the VIPA, a static VIPA in your example, should always be used as the destination address representing your applications? I would tend to qualify this by suggesting the following: a) that a single VIPA should be used as the destination for each application b) that it may as well be a VIPARANGE dynamic VIPA activated by use of the PORT statement entry BIND parameter today even if setting up backup LPARs and Automatic Restart Management (ARM) is for the future c) that each application service is identified in the name server using a name which describes that particular service and is associated with the (VIPARANGE dynamic) VIPA d) that there remains just one static VIPA which is associated with the node, may be so identified in the name server and is used for services necessarily tied to the node such as the SNMP agent Chris Mason - Original Message - From: "Matthew Stitt" <[EMAIL PROTECTED]> Newsgroups: bit.listserv.ibm-main To: Sent: Thursday, 25 January, 2007 11:41 PM Subject: Re: VIPA tcpip profile definitions > Glad you asked this question. I just did something similar to your request. > Here are some key definitions I used: > > IPCONFIG > ARPTO 1200 > DATAGRamfwd FWDMULTipath PERPacket > SOURCEVIPA > NOSYSPLEXRouting > IGNORERedirect > MULTIPATH PERConnection > PATHMTUDISCovery > NODYNAMICXCF > NOIQDIORouting > TTL60 > > ; DEVICE and LINK for VIPA Devices: > DEVICE VIPA1 VIRTUAL 0 > LINKVIPA1 VIRTUAL 0 VIPA1 > ; > ; DEVICE and LINK for MPCIPA QDIO Devices: > ; > ; QDIO (gen - OSD), see NET.VTAMLST(TRL??) > DEVICE OSA4VME MPCIPA NONRouter AUTORESTART > LINK Z990CH41L
Re: VIPA tcpip profile definitions
Dennis Have you seen the thread in the IBMTCP-L list entitled "VIPARANGE definitions"? This thread, focusing on just one of the original questions asked, has discussed the essence of what you want to do, namely having VIPAs defined in the IP address range which is also defined for the LAN to which OSA feature ports are attached. Unfortunately nobody contributing to the thread knew specifically whether this would work even though there are many hints that it would work in the two key documents: - System z9 and eServer zSeries Open Systems Adapter-Express Customer's Guide and Reference - SA22-7935-05 - OSA-Express Implementation Guide - SG24-5948-04 I'm glad that Matthew Stitt confirmed that he was, indeed, putting a VIPA in the LAN address range and, presumably, it works for him. One point he didn't mention - and neither did you - is the issue[1] of using a dynamic routing protocol. In principle, he shouldn't need to because ARP and the QDIO mechanisms should be taking care of the dynamic discovery of the location of the VIPA. Particularly to do what you want, you should read and digest Appendix G in the redbook "OSA-Express Implementation Guide". This describes the scenario you want with the very unfortunate omission of the VIPA. However, if indeed, your configuration is limited to one LPAR and two OSA feature ports on separate adapters, you do not actually need a VIPA. This is nothing to do with the redbook having not used a VIPA - although actually they may not have used a VIPA because it wouldn't add anything to the basic point they were making - but it is because you could have used either of the IP addresses defined for the OSA ports. In the failure/backup scenario described in Appendix G, when there is a failure, *both* OSA port IP addresses can be found using ARP on the surviving OSA port *and*, very importantly, any adjacent router ARP caches will be forced to make the change because, at the time of the failure, a "gratuitous" ARP is sent out describing the new association between the IP address, previously associated with the MAC of the failing OSA port, and the MAC address of the surviving OSA port. The manuals mention, most explicitly in section 1.2.9, "Enhanced IP network availability" of the OSA-Express Implementation Guide redbook, that, if there is a VIPA, it too is included in the ARP mechanism just like the IP address associated with the OSA port - and the IP address of any OSA port which is being backed up. The OSA-Express feature port then responds to ARP requests for its own IP address and for VIPAs. I can understand why you don't want to run multiple instances of the Communications Server IP main address space since that is totally unnecessary - but - I don't follow why you should have an aversion to "binding" an application to an IP address. In principle, this is what VIPAs are all about. You should, at least, plan to associate each of your applications to an IP address so that, when (rather than "if") in the future, also for the purposes of high availability during planned maintenance and following "unforced errors" (it's tennis time again - the Australian Open ), you have another production LPAR which can act as a backup for your current production LPAR, you can convert your static VIPAs to become dynamic VIPAs - although you may as well define them as VIPARANGE dynamic VIPAs together with "binding" each application to an IP address from the very beginning. However, in the interim, you could associate one static VIPA to each of your server applications using the BIND parameter of the PORT statement or the parameters of the server application itself. It now occurs to me that the former is probably to be encouraged as it provides more appropriate documentation regarding the association than having to go trawling though started task procedures to find where the VIPA is used. I think your brain outstripped your fingers in the following sentence: "The setup just needs to provide connectivity to my LPAR in the event of a failure to port on switch connected to the first OSA." Probably you meant: "The setup just needs to provide connectivity to my LPAR in the event of a failure of the port on the switch connected to the first OSA." In fact, the OSA backup mechanism will allow for the failure of either OSA port so that either of the OSA ports which survives can, as it were, pretend to be the failed OSA port until the failed port is repaired. Take a good look at that Appendix G. In terms of configuration, there is really nothing at all special that you need to do for the basic backup scenario as described in that Appendix G. It's all provided free, "under-the-covers" by the OSA features when run in QDIO mode.[3] The only extension to the standard statements to be found in the PROFILE data set in order for the VIPA to participate is what is shown in Matthew Stitt's post is placing the VIPA in the same address range as is used for the LAN to which the OSA ports connect, obviously
