AUTO: Frank Krueger is in vacation. (returning 06/11/2012)
I am out of the office until 06/11/2012. Vacation - travelling somewhere in Europe. No mail access. In urgent cases try Mobile Phone or contact Peter Kimmel. Note: This is an automated response to your message IBM-MAIN Digest - 26 May 2012 to 27 May 2012 (#2012-148) sent on 28/5/2012 6:00:01. This is the only notification you will receive while this person is away. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
On Fri, 25 May 2012 11:00:14 -0500 Roberts, John J jrobe...@dhs.state.ia.us wrote: :If you have ICSF configured you might be able to use one of the One-Way :Hash Generate Callable Services (CSNBOWH or CSNBOWH1 and CSNEOWH or :CSNEOWH1) :I don't know if we have ICSF installed. But even if we did, I would doubt if any hash function could meet my requirement #2 (uniqueness) and may even have trouble with #3 (PIC 9(9) result). And of course if truncation is needed to meet requirement #3, this itself would probably defeat #2. :But I thank you for the suggestion. If I strike out otherwise, I will ask the SYSPROGs about ICSF. Depending on how many of the numbers may be generated, your best approach to minimize storage and processing is a hash table where the value comes from an incrementing number. If not found, add one to the number and store in the table. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
UUIDGEN?
Hi. I'm trying to find what I should use instead of the uuidgen command, since this was part of DCE that is withdrawn. So is there a easy replacement for the uuidgen command to use in a USS script? Br. Magnus Persson -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Transferring stuff from Mainframe to a RDz/UT clone of itself
On 5/28/2012 1:26 AM, melvinjac...@iinet.net.au wrote: On Friday, 25 May 2012 22:13:55 UTC+10, Thomas Conley wrote: On 5/25/2012 2:03 AM, mpjac...@comcen.com.au wrote: Hi all Can't readily see how to search the group, so apologies if this info is in here somewhere I'm just after opinion as to the best way to transfer files across from a normal MF Lpar , including some USS directories, to a copy of this Lpar running on RDz/UT under RedHat linux on a VM server. I'm told that shared DASD is not possible between the MF Lpar the RDz instance, we have FTP or NJE (don't know which is quicker). The basic scenario is to do regular incremental refreshes of the RDz/UT environment from it's big brother MF instance I'm posting this last thing on a Fri arvo, so may not get back to it before Monday (it's just gone 4pm here in Sydney) Thx Melvyn Jacobs Melvyn, I would run DFDSS DUMP, TERSE, FTP binary, DETERSE, then DFDSS RESTORE. Regards, Tom Conley dumb question - the plan that I was given just said basically DFDSS DUMP, FTP, RESTORE - what advantage does On Friday, 25 May 2012 22:13:55 UTC+10, Thomas Conley wrote: On 5/25/2012 2:03 AM, mpjac...@comcen.com.au wrote: Hi all Can't readily see how to search the group, so apologies if this info is in here somewhere I'm just after opinion as to the best way to transfer files across from a normal MF Lpar , including some USS directories, to a copy of this Lpar running on RDz/UT under RedHat linux on a VM server. I'm told that shared DASD is not possible between the MF Lpar the RDz instance, we have FTP or NJE (don't know which is quicker). The basic scenario is to do regular incremental refreshes of the RDz/UT environment from it's big brother MF instance I'm posting this last thing on a Fri arvo, so may not get back to it before Monday (it's just gone 4pm here in Sydney) Thx Melvyn Jacobs Melvyn, I would run DFDSS DUMP, TERSE, FTP binary, DETERSE, then DFDSS RESTORE. Regards, Tom Conley -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN Hi Tom Thanks for that - any particular reason for including TERSE, over just DFDSS FTP ? cheers Melvyn Melvyn, The DFDSS dump dataset is a RECFM=U file. I've had difficulty in transferring RECFM=U files with FTP, so TERSEing them creates a nice FB 1024 format that can FTP cleanly in binary mode. I also get the compression for a faster FTP. Someone else in this thread recommended TSO XMIT which basically does the same thing without compression, by creating an FB 80 format record. Regards, Tom Conley -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
John M wrote (snipped): A full billion, 5 byte, packed numbers would require 5 billion bytes of storage (5 Gb), or about 2^23 bytes. If you wanted to, you could run a program and save this in a VSAM Linear dataset. You could then use this dataset as your permanent map and access it as a DIV (Data In Virtual) file, using very efficient memory mapping. Or create it as an ESDS and access it in RBA mode. Or perhaps even an VSAM RRDS. Generating the file may take a while, especially to guarantee the uniqueness of the random map. The biggest problem might be finding a random number generator which can actually generate uniformly random values in the range [0..5,000,000,000]. Do it over a weekend. Or in a low priority batch job. The dataset should fit on 3 volumes of 3390-3 space. Unfortunately, I believe DIV is limited to 2G. You only need (want) 1 billion random numbers. I think multiplying each 9 digit number by a prime greater than 1 billion and dividing by 1 billion will generate a unique 9 digit remainder for each number. John R wrote (snipped): Another idea could be to have two indexes: one for the first five digits, and the other for the last four. If you break it up like this, the combined result is still unique, deterministic, and impossible to reverse engineer unless you have access to the translation index. What if you broke it up into 9 indexes, one for each digit; wouldn't that fit the same criteria? Gary Weinhold Data Kinetics, Ltd. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
DFSMS SG POOL Enablement
Hello, I've a SG in the following status: SCDS Name . . . . : PROD.SMS.SCDS Storage Group Name : SGDR Storage Group Type : POOL To ALTER Storage Group System/ Sys Group Status, Specify: System/Sys SMS SG System/Sys SMS SG Group Name Status Group Name Status -- -- -- -- *PARTPLEX === DISNEW PA1 === DISNEW PA2 === DISNEW PB1 === DISNEW doing D SMS,SG(SGDR), I get: RESPONSE=PA1 IGD002I 14:16:00 DISPLAY SMS 625 STORGRP TYPESYSTEM= 1 2 3 4 SGDR POOLD D D D I want to ENABLE this SG onl all systems and I tried: V SMS,STORGRP(SGDR,ALL),ENABLE IGD010I STORAGE GROUP (SGDR,ALL ) STATUS IS NOW ENABLED then: SETSMS SCDS(PROD.SMS.SCDS) IGD008I NEW CONFIGURATION ACTIVATED FROM SCDS PROD.SMS.SCDS but after doing: D SMS,SG(SGDR), I get: RESPONSE=PA1 IGD002I 14:16:00 DISPLAY SMS 625 STORGRP TYPESYSTEM= 1 2 3 4 SGDR POOLD D D D Can you pls give me an help on what am I missing here ?? Many thx, Antonio Cecilio. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Spool offload
I'm going to cold start JES2. I would like to preserve my spool content by using spool offload. I changed parameters of OFF* devices to the following values: OFFLOAD1 DSN=SYS1.OFFLOAD,STATUS=DRAINED,ARCHIVE=ONE, CRTIME=RESET,LABEL=SL,PROTECT=NO,RETPD=0, TRACE=NO,UNIT=(3390,1),VALIDATE=YES,VOLS=255 Changes: RETPD=0 and unit=3390, dataset preallocated OFF1.JT STATUS=STARTABLE,CLASS=,CREATOR=,DISP=KEEP, HOLD=,JOBNAME=,LIMIT=(0,*),NOTIFY=NO, RANGE=(J1,99),ROUTECDE=(),START=YES, SCHENV=,SRVCLASS=,SYSAFF=(NONE),VOLUME=(,,,), WS=(/) OFF1.ST STATUS=STARTABLE,CREATOR=,DISP=KEEP, OUTDISP=(WRITE,KEEP),HOLD=,JOBNAME=,NOTIFY=NO, RANGE=(J1,99),ROUTECDE=(),START=YES, VOLUME=(,,,),WS=(/),BURST=,FCB=,FLASH=, FORMS=(,,,),LIMIT=(0,*),PLIM=(0,*), PRMODE(),QUEUE=,UCS=,WRITER= Changes: WS changed to everything, DISP=KEEP (does not delete or change existing entries). Q: did I miss something? -- Radoslaw Skorupka Lodz, Poland -- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2012 r. kapitał zakładowy BRE Banku SA (w całości wpłacony) wynosi 168.410.984 złotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Spool offload
On Mon, 28 May 2012 15:56:24 +0200, R.S. r.skoru...@bremultibank.com.pl wrote: I'm going to cold start JES2. I would like to preserve my spool content by using spool offload. I changed parameters of OFF* devices to the following values: OFFLOAD1 DSN=SYS1.OFFLOAD,STATUS=DRAINED,ARCHIVE=ONE, CRTIME=RESET,LABEL=SL,PROTECT=NO,RETPD=0, TRACE=NO,UNIT=(3390,1),VALIDATE=YES,VOLS=255 Changes: RETPD=0 and unit=3390, dataset preallocated OFF1.JT STATUS=STARTABLE,CLASS=,CREATOR=,DISP=KEEP, HOLD=,JOBNAME=,LIMIT=(0,*),NOTIFY=NO, RANGE=(J1,99),ROUTECDE=(),START=YES, SCHENV=,SRVCLASS=,SYSAFF=(NONE),VOLUME=(,,,), WS=(/) OFF1.ST STATUS=STARTABLE,CREATOR=,DISP=KEEP, OUTDISP=(WRITE,KEEP),HOLD=,JOBNAME=,NOTIFY=NO, RANGE=(J1,99),ROUTECDE=(),START=YES, VOLUME=(,,,),WS=(/),BURST=,FCB=,FLASH=, FORMS=(,,,),LIMIT=(0,*),PLIM=(0,*), PRMODE(),QUEUE=,UCS=,WRITER= Changes: WS changed to everything, DISP=KEEP (does not delete or change existing entries). Q: did I miss something? -- Radoslaw Skorupka Lodz, Poland I assume you are asking if they are correct prior to starting the offload. If so, it looks okay. If not, then of course you need to start offload1. Are you sure you disk output is big enough to hold everything? If you have tape output available, you can use that and avoid a potential space abend. Just out of curiosity, why do you need to cold start? Regards, Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: DFSMS SG POOL Enablement
Well, I guess this will do it: //MYLIBJCLLIB ORDER=SYS1.SACBCNTL //* //STEP1 EXEC ACBJBAOB, //TABL2=PROD.TEST.ISPTABL //SYSUDUMP DD SYSOUT=* //SYSTSIN DD * PROFILE PREFIX(MYUSER) ISPSTART CMD(ACBQBAJ2 + ALTER + SCDS('PROD.SMS.SCDS') + STORGRP(SGDR) + SGSTSALL(ENABLE) + ) /* //TEMPFILE DD DSN=TEMPFILE,DISP=(MOD,PASS), // SPACE=(TRK,(1,1)),LRECL=300,RECFM=F,BLKSIZE=300 //* //STEP2 EXEC ACBJBAOB, //TABL2=PROD.TEST.ISPTABL //SYSUDUMP DD SYSOUT=* //SYSTSIN DD DSN=TEMPFILE,DISP=(OLD,DELETE,DELETE) //* //STEP3 EXEC PGM=ICEGENER //SYSPRINT DD SYSOUT=* //SYSUT2 DD SYSOUT=(*,INTRDR) //SYSINDD DUMMY //SYSUT1 DD DATA,DLM='$$' /*$VS,'SETSMS SCDS(PROD.SMS.SCDS)' $$ /* Ok, many thx to all and me, A.Cecilio. On Mon, May 28, 2012 at 2:22 PM, af dc acbi...@gmail.com wrote: Hello, I've a SG in the following status: SCDS Name . . . . : PROD.SMS.SCDS Storage Group Name : SGDR Storage Group Type : POOL To ALTER Storage Group System/ Sys Group Status, Specify: System/Sys SMS SG System/Sys SMS SG Group Name Status Group Name Status -- -- -- -- *PARTPLEX === DISNEW PA1 === DISNEW PA2 === DISNEW PB1 === DISNEW doing D SMS,SG(SGDR), I get: RESPONSE=PA1 IGD002I 14:16:00 DISPLAY SMS 625 STORGRP TYPESYSTEM= 1 2 3 4 SGDR POOLD D D D I want to ENABLE this SG onl all systems and I tried: V SMS,STORGRP(SGDR,ALL),ENABLE IGD010I STORAGE GROUP (SGDR,ALL ) STATUS IS NOW ENABLED then: SETSMS SCDS(PROD.SMS.SCDS) IGD008I NEW CONFIGURATION ACTIVATED FROM SCDS PROD.SMS.SCDS but after doing: D SMS,SG(SGDR), I get: RESPONSE=PA1 IGD002I 14:16:00 DISPLAY SMS 625 STORGRP TYPESYSTEM= 1 2 3 4 SGDR POOLD D D D Can you pls give me an help on what am I missing here ?? Many thx, Antonio Cecilio. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
On Mon, 28 May 2012 09:17:04 -0400, Gary Weinhold wrote: You only need (want) 1 billion random numbers. I think multiplying each 9 digit number by a prime greater than 1 billion and dividing by 1 billion will generate a unique 9 digit remainder for each number. (Why didn't I think of that!?) Of course, the multiplier, M, needn't be greater than 1 billion. For any M, M mod 1 billion produces identical results. And it needn't be prime; only relatively prime to 1 billion, i.e. any number whose final decimal digit is 1, 3, 7, or 9. M must be kept secret. But I suspect it can easily be inferred, even if only by exhaustion, given any single key in its clear and masked forms. If there is no requirement that the masked key be numeric, the search space can be enlarged, however slightly, by using a base85 encoding (see RFC 1924, April 1, 1996). Even if the intruder knows no key in its clear and masked representations, but knows that keys in some set are invalid, he might be able to make a good guess at M by the absence of certain masked values in a sufficiently large sample. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Spool offload
W dniu 2012-05-28 17:10, Mark Zelden pisze: [...] I assume you are asking if they are correct prior to starting the offload. If so, it looks okay. If not, then of course you need to start offload1. Good assumption! My explanations weren't good enough. :-) Are you sure you disk output is big enough to hold everything? If you have tape output available, you can use that and avoid a potential space abend. Yes, I'm sure, the spool is small, it's not production system. Just out of curiosity, why do you need to cold start? Change some parameters in JES2PARM. -- Radoslaw Skorupka Lodz, Poland -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Spool offload
OK, I'll bite. Which parameters cannot be changed dynamically? I think you mentioned in another thread about having to resolve name conflicts. There ways to juggle things around via multiple incremental changes to achieve the desired result. I have systems last cold started in 1995. . . JO.Skip Robinson SCE Infrastructure Technology Services Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com From: R.S. r.skoru...@bremultibank.com.pl To: IBM-MAIN@bama.ua.edu Date: 05/28/2012 08:35 AM Subject:Re: Spool offload Sent by:IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu W dniu 2012-05-28 17:10, Mark Zelden pisze: [...] I assume you are asking if they are correct prior to starting the offload. If so, it looks okay. If not, then of course you need to start offload1. Good assumption! My explanations weren't good enough. :-) Are you sure you disk output is big enough to hold everything? If you have tape output available, you can use that and avoid a potential space abend. Yes, I'm sure, the spool is small, it's not production system. Just out of curiosity, why do you need to cold start? Change some parameters in JES2PARM. -- Radoslaw Skorupka Lodz, Poland -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
IMO the risk is not to have a non reversible key, but to hide this a bit. with a small number of output bits there are not many options. some approaches - take a prime number p large then the name space and smaller than the space to hold the result, take a generator g of the multiplicative group, and compute output = (g ** input) mod p. for all 1 input p you can iterate this using different primes, add some magic bijectif functions, permutation of bits etc. - take a fixed secret, and encrypt with des = 8 octets. - if your key space is large, 16 octets, you an hmac with 1 billion times md5 of the input or something like than. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: DFSMS SG POOL Enablement
The VARY command updates the active configuration in the SMS address space, not the SCDS dataset. By issuing the SETSMS after the VARY, you restored everything back the way it was, in effect undoing the vary. Either 1 - update an SCDS and then activate it or 2 - update the active configuration with VARY commands and then perform SETSMS SAVESCDS(dsn) to save the updated configuration in an SCDS. :: -Original Message- :: From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On :: Behalf Of af dc :: Sent: Monday, May 28, 2012 6:23 AM :: To: IBM-MAIN@bama.ua.edu :: Subject: DFSMS SG POOL Enablement :: :: Hello, :: I've a SG in the following status: :: :: SCDS Name . . . . : PROD.SMS.SCDS :: Storage Group Name : SGDR :: Storage Group Type : POOL :: To ALTER Storage Group System/ :: Sys Group Status, Specify: :: :: System/Sys SMS SG System/Sys SMS SG :: Group Name Status Group Name Status :: -- -- -- -- :: *PARTPLEX === DISNEW PA1 === DISNEW :: PA2 === DISNEW PB1 === DISNEW :: :: doing D SMS,SG(SGDR), I get: :: RESPONSE=PA1 :: IGD002I 14:16:00 DISPLAY SMS 625 :: :: STORGRP TYPESYSTEM= 1 2 3 4 :: SGDR POOLD D D D :: :: I want to ENABLE this SG onl all systems and I tried: :: V SMS,STORGRP(SGDR,ALL),ENABLE :: IGD010I STORAGE GROUP (SGDR,ALL ) STATUS IS NOW ENABLED :: :: then: :: SETSMS SCDS(PROD.SMS.SCDS) :: IGD008I NEW CONFIGURATION ACTIVATED FROM SCDS PROD.SMS.SCDS :: :: but after doing: :: D SMS,SG(SGDR), I get: :: RESPONSE=PA1 :: IGD002I 14:16:00 DISPLAY SMS 625 :: :: STORGRP TYPESYSTEM= 1 2 3 4 :: SGDR POOLD D D D -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Snap dump question
Aw John, don't be grumpy. By obtuse I just meant you merely alluded to the solution, you didn't explicitly say if you really coded LECL you need to correct it to LRECL. No harm intended. Sorry for the offense. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of John Gilmore Sent: Friday, May 25, 2012 5:47 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Snap dump question Charles Mills writes begin extract DBB LECL will almost certainly not assemble (as John G. was pointing out, a bit obtusely). Should be LRECL /end extract Equally, 'DBB' should of course be 'DCB'. My point--serendipitously well illustrated by what you typed--was that, since the OP obviously knows that 'LECL'. should be 'LRECL', there was a strong possibility that his typo was a transcription error, defective in his post but not in his code. In reviewing the language I used to make this point I find no basis for the notion that it is obtuse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
Peter Sylvester wrote: IMO the risk is not to have a non reversible key, but to hide this a bit. with a small number of output bits there are not many options. Well, if the goal is to protect the data, then it needs to be cryptographically secure. Security through obscurity isn't security. plug Voltage SecureData is an encryption platform that provides Format-Preserving Encryption, using a mode of AES (almost but not quite through the NIST approvals process-awaiting final comments only) that does what it sounds like: preserves the format of the input. So if you encrypt a 9-digit number, you get back a 9-digit number. If you encrypt Peter Sylvester, 123 Main St, you get back X X, nnn Xxxx Xx, where the Xs and Ns are characters and digits, respectively. And there are lots more options. Using this technology is a great way to mask data: it requires no maintenance-intensive back-end databases (as do traditional masking products) and can be added to an existing procedure as a single extra step. The fact that the data is obviously masked (that is, Peter is unlikely to encrypt to something that actually LOOKS like a regular name) is actually a plus, since it makes the auditors happy to be able to verify that the data is protected by sampling, rather than having to test or read code. /plug I'm not a crypto guy, but I know enough to be very uncomfortable with some of the suggestions that have been made on this topic from a security standpoint. This hiding-data-for-test isn't just A Good Idea: it's mandated by various regulations. And given the number of breaches we read about daily, coupled with the (typically) lower security on test systems (or unknown security on partner systems!), it isn't something to take casually: it's playing you-bet-your-company (or at least your job) in many cases. Cheers, -- ...phsiii Phil Smith III p...@voltage.commailto:p...@voltage.com Voltage Security, Inc. www.voltage.comhttp://www.voltage.com (703) 476-4511 (home office) (703) 568-6662 (cell) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
On Fri, 25 May 2012 10:30:45 -0500, Roberts, John J wrote: So all Personally Identifiable Information (PII) fields must be masked. I have figured out techniques to mask names and addresses. But I now need to figure out a technique to mask a nine digit numeric key. This field is used as either a primary or secondary key in many files. So I can't just substitute a random number, since the relationships need to be maintained. I have identified some requirements for the masking algorithm: (1) It must be deterministic (same input produces same output always). (2) Uniqueness must be maintained. Therefore no two original values can translate to the same masked value. (3) The masked result must also be a nine digit numeric value. (4) It must not be possible to calculate the original value from the masked value (i.e. a one-way transformation). Is there any validity check performed on these keys? Will that validity check be performed on the masked keys, requiring a mapping into the valid subset of the 9-digit key space. Just curious: how would you mask names and addresses? Of course, if these are not used as keys some constraints such as uniqueness are relaxed. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
On Mon, 28 May 2012 11:19:01 -0700, Phil Smith a...@efghijk.lmn wrote: Well, if the goal is to protect the data, then it needs to be cryptographically secure. Security through obscurity isn't security. plug Voltage SecureData is an encryption platform that provides Format-Preserving Encryption, using a mode of AES (almost but not quite through the NIST approvals process-awaiting final comments only) that does what it sounds like: preserves the format of the input. So if you encrypt a 9-digit number, you get back a 9-digit number. If you encrypt Peter Sylvester, 123 Main St, you get back X X, nnn Xxxx Xx, where the Xs and Ns are characters and digits, respectively. And there are lots more options. ... /plug Can it deal with validity constraints such as the credit card check digit: http://en.wikipedia.org/wiki/Luhn_algorithm ...? And I understand that some 9-digit keys eschew any values that contain the sequence 666 as a courtesy to the client. (Actually at the client's option, but suppose it were to be made a rule.) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: TS7700 Scheduled Downtime Procedures
Hello, basically those are main issues to take care, what i usually do on ts7740 is: 1) 30mins before outage, vary all virtual addresses offline. Maybe there's jobs still running. 2) Put on hold all dfhsm tape functions 3)Verify is all virtual addresses are offline 4) Libs off 5) Channels off 6) inihibt reclaim Deliver box to hw. A.Cecilio. On Wed, May 16, 2012 at 10:29 PM, David G. Schlecht dschle...@admin.nv.govwrote: We’ve switched to using the TS7720 as a stand-alone VTS and are planning an outage this weekend for microcode upgrade. In the old days, for an outage we had to: 1. Vary the libraries offline 2. Vary the drives offline 3. Vary the chanel paths offline 4. When varying the final drives off line, we had to use Force because they were the last attached devices. Looking over the Planning and Intro book and the Virtual Engine book (SG24-7712-02) it appears the same procedures are needed for today’s VTS. Is there anything else that is required or something else to watch for with today’s TS7700? David G. Schlecht | Information Technology Professional State of Nevada | Department of Administration | Enterprise IT Services T:(775)684-4328 | F: (775) 684‐4324 | E:dschle...@admin.nv.gov -- New Address This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to which it is addressed. Any review, dissemination or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and delete all copies of the original message. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: TS7700 Scheduled Downtime Procedures
and wait 7 hours. On Mon, May 28, 2012 at 9:30 PM, af dc acbi...@gmail.com wrote: Hello, basically those are main issues to take care, what i usually do on ts7740 is: 1) 30mins before outage, vary all virtual addresses offline. Maybe there's jobs still running. 2) Put on hold all dfhsm tape functions 3)Verify is all virtual addresses are offline 4) Libs off 5) Channels off 6) inihibt reclaim Deliver box to hw. A.Cecilio. On Wed, May 16, 2012 at 10:29 PM, David G. Schlecht dschle...@admin.nv.gov wrote: We’ve switched to using the TS7720 as a stand-alone VTS and are planning an outage this weekend for microcode upgrade. In the old days, for an outage we had to: 1. Vary the libraries offline 2. Vary the drives offline 3. Vary the chanel paths offline 4. When varying the final drives off line, we had to use Force because they were the last attached devices. Looking over the Planning and Intro book and the Virtual Engine book (SG24-7712-02) it appears the same procedures are needed for today’s VTS. Is there anything else that is required or something else to watch for with today’s TS7700? David G. Schlecht | Information Technology Professional State of Nevada | Department of Administration | Enterprise IT Services T:(775)684-4328 | F: (775) 684‐4324 | E:dschle...@admin.nv.gov -- New Address This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to which it is addressed. Any review, dissemination or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and delete all copies of the original message. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Masking Numeric Keys
Paul Gilmartin wrote: Can it deal with validity constraints such as the credit card check digit: http://en.wikipedia.org/wiki/Luhn_algorithm Of course...it will optionally recalculate it, leave it as-is, or force it invalid (another way to tell that the data is masked-although it turns out that there are actually cards in the wild with invalid Luhn checksums, but most companies won't accept those anyway). You can also tell it to just mask specific parts of a card number-for example, leave the BIN (first n digits) and the last 4 in plaintext, and just encrypt the middle 6, which are the actual account number. Lots of options. ...? And I understand that some 9-digit keys eschew any values that contain the sequence 666 as a courtesy to the client. (Actually at the client's option, but suppose it were to be made a rule.) Never seen that requirement from any of our customers, including Fortune 50 and three of the top ten card processors. Actually, since the masked data is never seen by any customers, I'm not sure that it would even matter-would it? -- ...phsiii Phil Smith III p...@voltage.commailto:p...@voltage.com Voltage Security, Inc. www.voltage.comhttp://www.voltage.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: How to leave ISPF
In 4f439d1e-1523-49ed-815c-6fa3dcd87...@comcast.net, on 05/27/2012 at 10:36 AM, Ed Gould edgould1...@comcast.net said: I think that was because that way back when IBM had a TSO product called PCF. If memory serves me one of the feature that PCF offered was to be able to stack commands and to separate them it used the field mark key as a delimiter. No; you could use FM as a separator without PCF. As I recall, PCF allowed you to use other characters, e.g., semicolon, as a separator, but did not disable the recognition of the FM. Although admittedly the biggest feature of PCF was to do data set dasd pooling Not command accounting? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: How to leave ISPF
In 0898286174563950.wa.markmzelden@bama.ua.edu, on 05/25/2012 at 06:44 PM, Mark Zelden m...@mzelden.com said: I don't know. But when used the way I described, you are in TSO READY from the =x;;x prior to the field mark, so it is SO at that point, not ISPF. No, you are not at the READY prompt; ISPF puts the residual data on the stack. Is the FM recognition done by the TMP or by the VTIOC? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN