wtf ? - was Catalog system for Unix et al
What am I missing here ?. (only occasionally having dipped into a thread that seemed to have run its course some time back). Linux (in particular) these days uses mlocate which is inotify aware and eventually the major distros incorporated it. Now you don't get the lame page cache flushing every night. So the locate command *with* regex is a fine/fast/efficient way to retrieve filenames. The history of the desktop (read DE) search tools is littered with appalling implementation - take Beagle and strigi. Please. On z/OS (with damn near everything on SMS), what's wrong with the CSI ?. As far as inotify goes, I presume the porting request is for the userspace inotify-tools - what chance of IBM providiing (in z/OS) the inotify (and prerequsiite fsnotify) functionality in the BCP ?. To me, it seems the tools are already there - and they work ok in both systems. Gotta be missing something deep-and-meaningful in this thread(s). Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
HMC REXX for Automating LPAR Controls (IMFEXEC)
I have been asked to provide support for the creation, as part of an Automation process, a REXX exec, that has a timed execution schedule, triggered by an automation rule. The REXX will perform HMC 'Change LPAR controls' in effect. The process presently occurs 'MANUALLY' on a daily basis to adjust CPU percentages during daytime hours to allow for development work to receive favorable CPU resources and adjusted during evening hours to allow batch processes to receive the favorable service. I have searched documentation libraries and can not find any documentation relative to a solution. Thanks, Rob Jackson rwjackso...@msn.com Cell: (615) 689-1435 Home: (615) 697-2047 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
On 03.12.2013 07:13, David Crayford wrote: On 3/12/2013 4:16 AM, Kirk Wolf wrote: I would guess that the tricky part would be replacing the interface to inotify with w_ioctl / Iocc#regFileInt I could be wrong but it looks like Iocc#regFileInt doesn't support monitoring directories, which diminishes it's value. A port of inotify for z/OS would be a very nice to have. It is true as we have tried to use this to detect directoy changes. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Kind regards, / Mit freundlichen Grüßen Miklos Szigetvari Research Development ISIS Papyrus Europe AG Alter Wienerweg 12, A-2344 Maria Enzersdorf, Austria T: +43(2236) 27551 333, F: +43(2236)21081 E-mail: miklos.szigetv...@isis-papyrus.com Info: i...@isis-papyrus.com Hotline: +43-2236-27551-111 Visit our brand new extended Website at www.isis-papyrus.com --- This e-mail is only intended for the recipient and not legally binding. Unauthorised use, publication, reproduction or disclosure of the content of this e-mail is not permitted. This email has been checked for known viruses, but ISIS Papyrus accepts no responsibility for malicious or inappropriate content. --- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC REXX for Automating LPAR Controls (IMFEXEC)
Rob JACKSON wrote: I have been asked to provide support for the creation, as part of an Automation process, a REXX exec, that has a timed execution schedule, triggered by an automation rule. The REXX will perform HMC 'Change LPAR controls' in effect. Where will that REXX run? TSO? Batch? Elsewhere? What are your intended commands to perform HMC functions? The process presently occurs 'MANUALLY' on a daily basis to adjust CPU percentages during daytime hours to allow for development work to receive favorable CPU resources and adjusted during evening hours to allow batch processes to receive the favorable service. We do that something similar, but via WLM. We let automation issue V WLM,POLICY=... where needed at certain times of the day depending on LPAR. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC REXX for Automating LPAR Controls (IMFEXEC)
Rob, BCPii Rexx is only available on z/OS 2.1. If you're not 2.1 yet, you could write an assembler program that issues BCPii commands. If CA OPS is your automation package you may have some options there. MA -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DESERV function get DCB address
Don't you mean ASXBFTCB Sent from my iPhone On Dec 2, 2013, at 8:06 AM, Peter Relson rel...@us.ibm.com wrote: Two questions 1) can BLDL or DESERV differentiate between TASK STEP or JOBLIB BLDL does, if you give it a DCB address of 0, returning information in PDS2LIBF (AKA the Z byte) which indicates whether this was found in the LNKLST, joblib/steplib, or the Nth tasklib. DESERV does not support an input DCB address of 0. Neither BLDL nor DESERV cares what your input DCB represents if you give it a DCB. Could they differentiate? Sure. But so could you. There is no reason that they should. Their goal is to provide you information based on the DCB, and that does not require caring what that DCB is. The only thing that is truly important is to know if the DCB is for the LNKLST because that DCB is of special formation (such that DEBCHECK would not succeed). Only the initiator (term used loosely to represent all the code that would handle this) knows if TCBJLB of the ASCBXTCB task represents a joblib or a steplib. 2) is there any way to get DSN name given a DCB I seem to recall RDJFCB doing that but that was with EXLST pram on the DCB Since you recall, I suggest that you look at it to see. Yes, I believe that you can determine the data set name using RDJFCB, given an open DCB and the concatenation number (PDS2CNCT, AKA the K byte, from BLDL) Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC REXX for Automating LPAR Controls (IMFEXEC)
AFAIK the BCPii is not old enough. Last, but not least: Netview is not default component. I would be nice to better define the environment you have. BTW: does it has to be REXX? AFAIK using C/C++ the BCPii is available on z/OS 1.x. -- Radoslaw Skorupka Lodz, Poland W dniu 2013-12-03 13:27, Robin Atwood pisze: I distinctly remember writing a Rexx to use the NetView BCPii interface to adjust LPAR weightings back in 1998! This should not be that difficult. HTH Robin -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mary Anne Matyaz Sent: 03 December 2013 20:11 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: HMC REXX for Automating LPAR Controls (IMFEXEC) Rob, BCPii Rexx is only available on z/OS 2.1. If you're not 2.1 yet, you could write an assembler program that issues BCPii commands. If CA OPS is your automation package you may have some options there. MA -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.pl Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2013 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.555.904 złote. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HMC REXX for Automating LPAR Controls (IMFEXEC)
I met such case recently..however, I'm not good at Automation, or Rexx.. Hence I proposed LPAR GROUP CONTROL' on HMC...which is a different thing/think for capacity management..[compare to changing weights by hand].. ,so it is not accepted.. On Tue, Dec 3, 2013 at 7:24 PM, Rob JACKSON rwjackso...@msn.com wrote: I have been asked to provide support for the creation, as part of an Automation process, a REXX exec, that has a timed execution schedule, triggered by an automation rule. The REXX will perform HMC 'Change LPAR controls' in effect. The process presently occurs 'MANUALLY' on a daily basis to adjust CPU percentages during daytime hours to allow for development work to receive favorable CPU resources and adjusted during evening hours to allow batch processes to receive the favorable service. I have searched documentation libraries and can not find any documentation relative to a solution. Thanks, Rob Jackson rwjackso...@msn.com Cell: (615) 689-1435 Home: (615) 697-2047 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Cobe Xu Best Regards --- z/OS Performance Capacity Analyst z/OS System Programmer Email: cob...@gmail.com --- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IXGBRWSE - SMF Logstream
That answer hasn't changed since SMF was originally shipped ... Except for the addition of IEFU84 and IEFU85, right? Not to disagree at all with your fundamental points, of course. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of William Richardson Sent: Monday, December 02, 2013 8:42 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: IXGBRWSE - SMF Logstream Jose, The LOGGER provided SUBSYS DD interface (using IFASEXIT for SMF records) gives you direct access to the data in the logstream and is essentially a 'well-behaved logger' aplication that is doing the IXGCONN and IXGBRWSE (and dealing with the multiplicity of error codes) for you and giving you 'record' level access to the data via basic (old fashioned) QSAM or BSAM OPEN/GET/CLOSE level interfaces. IF you want to get close-to-real time access to the data in the logstream then you are correct that you have to build an application from the ground up using LOGGER IXG* services - the only SMF specific thing in the application is the data itself (and the format of the blocks). Which is back to your original point about the mapping of these BLOCKS. More to your actual point (I think) ... IF you want REAL time access to the data being written to SMF (DASD or LOGSTREAM) you have to use the SMF provided SMF interface exits (IEFU83/4/5) to capture and process the data AS IT is passed to SMF to be written. That answer hasn't changed since SMF was originally shipped (but it was made a whole lot simpler with the implementation of 'Dynamic Exits' back in 1992). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: wtf ? - was Catalog system for Unix et al
On Tue, 3 Dec 2013 03:54:19 -0600, Shane Ginnane wrote: As far as inotify goes, I presume the porting request is for the userspace inotify-tools - what chance of IBM providiing (in z/OS) the inotify (and prerequsiite fsnotify) functionality in the BCP ?. To me, it seems the tools are already there - and they work ok in both systems. Gotta be missing something deep-and-meaningful in this thread(s). Gossip is that POSIX compliance was a marketing requirement. Beyond that, it's questionable how competitively strategic IBM regards Unix System Services. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: wtf ? - was Catalog system for Unix et al
paulgboul...@aim.com (Paul Gilmartin) writes: Gossip is that POSIX compliance was a marketing requirement. Beyond that, it's questionable how competitively strategic IBM regards Unix System Services. I've mentioned before in the late 80s, senior disk engineer opening talk at annual, world-wide communication group conference with statement that the communication group was going to be responsible for demise of disk division ... communication group had corporate strategic ownership of everything crossing datacenter wall, protecting their dumb terminal paradigm and install base, fiercely fighting off client/server and distributed computing. disk division was seeing fall in mainframe disk sales with data fleeing to more distributed computing friendly platforms. the disk division had come up with number of solutions ... which were being constantly vetoed by the communication group. This was also factor leading up to IBM going into the red a couple years later ... and the subsequent re-organization into the 13 baby blues in preparation for breaking up the company (which was reversed when the board brought in Guerstner). we knew his senior vp and would get asked to help in work-arounds to the communication group ... one of which was the original POSIX support in MVS. There is separate claim about gov. bids requiring POSIXs. other activity was putting investments into other companies as part of those companies turning out distributed computing solutions for mainframe (and we were asked to periodically come in to those companies to assist with their activity). we did point out that main motivation behind POSIX was so that customers could more easily migrate to the lowest cost platform (disk division was looking to ease port of many of these applications to the mainframe ... which was one of the highest cost platforms). recent posts mentioning demise of disk divsion talk http://www.garlic.com/~lynn/2013.html#75 mainframe selling points http://www.garlic.com/~lynn/2013b.html#32 Ethernet at 40: Its daddy reveals its turbulent youth http://www.garlic.com/~lynn/2013b.html#57 Dualcase vs monocase. Was: Article for the boss http://www.garlic.com/~lynn/2013c.html#75 Still not convinced about the superiority of mainframe security vs distributed? http://www.garlic.com/~lynn/2013d.html#76 IBM Spent A Million Dollars Renovating And Staffing Its Former CEO's Office http://www.garlic.com/~lynn/2013e.html#17 The Big, Bad Bit Stuffers of IBM http://www.garlic.com/~lynn/2013f.html#57 The cloud is killing traditional hardware and software http://www.garlic.com/~lynn/2013f.html#58 The cloud is killing traditional hardware and software http://www.garlic.com/~lynn/2013f.html#70 How internet can evolve http://www.garlic.com/~lynn/2013g.html#17 Tech Time Warp of the Week: The 50-Pound Portable PC, 1977 http://www.garlic.com/~lynn/2013g.html#34 What Makes code storage management so cool? http://www.garlic.com/~lynn/2013h.html#10 The cloud is killing traditional hardware and software http://www.garlic.com/~lynn/2013i.html#2 IBM commitment to academia http://www.garlic.com/~lynn/2013i.html#17 Should we, as an industry, STOP using the word Mainframe and find (and start using) something more up-to-date http://www.garlic.com/~lynn/2013l.html#44 Teletypewriter Model 33 http://www.garlic.com/~lynn/2013l.html#49 The Original IBM Basic Beliefs for those that have never seen them http://www.garlic.com/~lynn/2013m.html#5 Voyager 1 just left the solar system using less computing powerthan your iP -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: When should we ACCEPT DB2 PTFs?
I NEVER accept PTFS - but for an entirely different reason I like to build meaningful reports as to what has been applied - when applied, the corresponding APAR#, a description, is it hiper? The RSU to which it belongs, and the owning product affected by the PTF To build this report - I run a LISTMCS to create a ptf/apar xref - BUT ACCEPTING the ptf removes entry from the MCS (when I ACCEPTED the FMIDs at instell time, I first captured the apar/ptf xref for the ptfs that were bundled with the install - otherwise - after our semi-annual RSU apply (we are limited in how often we can apply proactive maint) - I run my report - but ACCEPTING PTFS would limit the effectiveness of my report - I am amazed how often I get a call - do we have PMx installed? To save a trip the IBM website - the xref comes in handy Chris hoelscher Technology Architect | Database Infrastructure Services Technology Solution Services 123 East Main Street |Louisville, KY 40202 choelsc...@humana.com Humana.com (502) 476-2538 - office (502) 714-8615 - blackberry Keeping CAS and Metavance safe for all HUMANAty -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Joel C. Ewing Sent: Saturday, November 23, 2013 10:29 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] When should we ACCEPT DB2 PTFs? I can't recall ever seeing such an ACCEPT recommendation from IBM, probably because your own installation maintenance practices play such a major role here. The only reason for not ACCEPTing PTFs (USERMODS and APAR fixes should typically never be accepted) is because you might need to RESTORE a PTF; but if you have been successfully running with a PTF installed for months, it is highly unlikely you would ever need to RESTORE it, and even if some subsequent error HOLD was placed on the PTF, if it is not an issue that has caused problems in your environment it is just as likely that a resolving PTF will become available allowing you to go forward in maintenance rather than having to back out the PTF. I have even had a few rare cases where I have bypassed an ERROR HOLD to force an ACCEPT of a PTF and clean up a zone when the nature of the error HOLD was such that it would clearly never be an issue for us. The most likely point at which you might actually need to do a RESTORE would be shortly after another mass APPLY of PTF's (not just any next APPLY). Failure to ACCEPT previous mass maintenance for PTFs already running in production sometime before doing the next mass APPLY means any RESTORE after that point is likely to also force a back out of PTFs with which you have been successfully running for months. I would expect this to add unnecessary risk by placing your system in configurations further at variance from those with which IBM and others (including your own installation) have done rigorous RSU-level testing. Joel C. Ewing On 11/22/2013 05:30 PM, Mike Schwab wrote: How about not until IBM tells you to? As in you must accept before apply this PTF? On Fri, Nov 22, 2013 at 8:40 AM, Staller, Allan allan.stal...@kbmg.com wrote: IMO, the short answer is just before the next APPLY. HTH, -- Joel C. Ewing,Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: wtf ? - was Catalog system for Unix et al
On Tue, 3 Dec 2013 10:00:23 -0500, Anne Lynn Wheeler wrote: we did point out that main motivation behind POSIX was so that customers could more easily migrate to the lowest cost platform (disk division was looking to ease port of many of these applications to the mainframe ... which was one of the highest cost platforms). Which is that lowest cost platform? What was IBM's business rationale for encouraging that migration? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: wtf ? - was Catalog system for Unix et al
I'm not sure why Shane wanted a new thread; it seems like this thread has been garliced into the ditch. I think that (Posix) file search tools that are typically based on inotify are probably what the OP was asking for. There don't seem to be any available for z/OS, and it isn't clear how hard it would be to port them since inotify isn't available. Kirk Wolf Dovetailed Technologies http://dovetail.com On Tue, Dec 3, 2013 at 9:26 AM, Paul Gilmartin paulgboul...@aim.com wrote: On Tue, 3 Dec 2013 10:00:23 -0500, Anne Lynn Wheeler wrote: we did point out that main motivation behind POSIX was so that customers could more easily migrate to the lowest cost platform (disk division was looking to ease port of many of these applications to the mainframe ... which was one of the highest cost platforms). Which is that lowest cost platform? What was IBM's business rationale for encouraging that migration? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HEAPCHECK and HEAPZONE difference in zOS 2.1
FWIW I use HEAPCHK as part of the standard regression testing of a product written in C++. I don't notice the performance impact while the product is running (but that is a very subjective don't notice -- I have made no attempt to measure the impact because I don't really care about the performance of one test). I use RPTSTG(ON) as part of the same test and one of them really slows down termination: a product termination that normally is essentially instantaneous takes perhaps 30 seconds. I do a lot of delete's at that point so perhaps it is HEAPCHK that slows things down. //CEEOPTS DD * RPTSTG(ON) HEAPCHK(ON,1,0,10,10,1024,0) /* HEAPZONE sounds useful. A similar feature is the default in MS Visual Studio (where I do my alpha testing -- and I suspect similarly in things like Eclipse). It works great. If you allocate 27 bytes and use 28, then on the free() or delete C++ asserts. You tend to find buffer overruns shortly after they happen, rather than down the road when all sorts of seemingly unrelated things start misbehaving. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Monday, December 02, 2013 6:15 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: HEAPCHECK and HEAPZONE difference in zOS 2.1 Miklos, I found HEAPCHK in z/OS Language Environment Customization HEAPCHK Derivation: HEAP storage CHecKing Use HEAPCHK to run additional heap check tests. If HEAPCHK(ON) is used with STORAGE(,heap_free_value), the free areas of the heap will also be checked. If HEAPCHK(ON) is specified, this will result in a performance degradation due to the additional error checking that is performed. A U4042 abend dump will be generated when an error is detected, but no CEEDUMP will be produced. And for HEAPZONE I found in z/OS Language Environment Programming Reference Derivation: HEAP check ZONES The HEAPZONES runtime option is used to turn on overlay toleration and checking for user heaps. When activated, the runtime option affects any obtained storage that can be controlled by the HEAP or HEAP64 runtime options. HEAPZONES also affects storage obtained from a heap pool. A heap check zone is an additional piece of storage that is appended to an allocated element during a storage request. The size of the check zone depends on the size31 and size64 suboptions of HEAPZONES. The check zone can be examined for overlays when the heap element is freed. So it looks that HEAPCHK has a performance overhead and validates heaps of (I think) all HEAPS and the other a runtime option to provide overly toleration and check for USER heaps. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: wtf ? - was Catalog system for Unix et al
paulgboul...@aim.com (Paul Gilmartin) writes: Which is that lowest cost platform? What was IBM's business rationale for encouraging that migration? re: http://www.garlic.com/~lynn/2013n.html#78 wtf ? - was Catalog system for Unix et al at very high executive level ... POSIX just appears to make porting easy including the port of non-mainframe applications to mainframe ... helping with the issue with moving distributed computing applications to the mainframe. that major market motivation for POSIX was to make it easy to frequently migrate to whatever the current best price/performance platform that happen to be at the moment (masking proprietary hardware and operating system features ... that would lock in customers). note in this time-frame we had come up with 3-tier architecture and taking lots of arrows in the back from the communication group. we had mainframes at top tier ... but (of course) none of the mainframe hardware attachments were from the communication group. part of 3-tier and the non-ibm mainframe interfaces ... also included 10mbit ethernet ... and communication group, SAA orgination and the token-ring people were generating all sorts of FUD. my wife had written 3-tier into response to large gov. RFI that also happened to have the very highest security requirements. We were also doing 3-tier customer executive presentations (that the communication group was trying to shutdown and/or at least discredit). lots of past posts http://www.garlic.com/~lynn/subnetwork.html#3tier old posts with pieces of 1988 3-tier pitch http://www.garlic.com/~lynn/96.html#16 middle layer http://www.garlic.com/~lynn/96.html#17 middle layer http://www.garlic.com/~lynn/99.html#202 Middleware - where did that come from http://www.garlic.com/~lynn/2002q.html#40 ibm time machine a trivial example of the communication orientation ... was the 16mbit t/r microchannel adapter card. it had been shown that aggregate 10mbit ethernet LAN throughput was higher than 16mbit t/r as well as having lower latency. however, the 16mbit microchannel t/r adapter also had very low per card throughput ... design was 300+ stations doing terminal emulation all sharing common bandwidth. the workstation group had done their own 4mbit t/r card for the PC/RT (PC/AT 16bit bus). for the rs/6000 with microchannel, the group was told they couldn't do any of their own cards (communication group at it again). the problem was that the per card throughput of the standard 16mbit t/r card was (also) less than the pc/rt 4mbit t/r card ... aka a pc/rt 4mbit t/r server had higher server throughput than rs/6000 server with 16mbit t/r microchannel card. recent posts mentioning corporate FUD http://www.garlic.com/~lynn/2013d.html#76 IBM Spent A Million Dollars Renovating And Staffing Its Former CEO's Office http://www.garlic.com/~lynn/2013i.html#4 IBM commitment to academia http://www.garlic.com/~lynn/2013i.html#83 Metcalfe's Law: How Ethernet Beat IBM and Changed the World http://www.garlic.com/~lynn/2013j.html#23 The cloud is killing traditional hardware and software http://www.garlic.com/~lynn/2013m.html#7 Voyager 1 just left the solar system using less computing powerthan your iP http://www.garlic.com/~lynn/2013m.html#18 Voyager 1 just left the solar system using less computing powerthan your iP http://www.garlic.com/~lynn/2013m.html#35 Why is the mainframe so expensive? http://www.garlic.com/~lynn/2013n.html#30 SNA vs TCP/IP -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: HEAPCHECK and HEAPZONE difference in zOS 2.1
Thank you, we also using the HEAPCHK to check the heap corruption, but we find it is very slow and not always easy to find the place of error(it is sometimes far from the check). I hope HEAPZONE will be faster. In the meantime my colleague find the SHARE presentation Heap Damage Get into Zone On 03.12.2013 16:51, Charles Mills wrote: FWIW I use HEAPCHK as part of the standard regression testing of a product written in C++. I don't notice the performance impact while the product is running (but that is a very subjective don't notice -- I have made no attempt to measure the impact because I don't really care about the performance of one test). I use RPTSTG(ON) as part of the same test and one of them really slows down termination: a product termination that normally is essentially instantaneous takes perhaps 30 seconds. I do a lot of delete's at that point so perhaps it is HEAPCHK that slows things down. //CEEOPTS DD * RPTSTG(ON) HEAPCHK(ON,1,0,10,10,1024,0) /* HEAPZONE sounds useful. A similar feature is the default in MS Visual Studio (where I do my alpha testing -- and I suspect similarly in things like Eclipse). It works great. If you allocate 27 bytes and use 28, then on the free() or delete C++ asserts. You tend to find buffer overruns shortly after they happen, rather than down the road when all sorts of seemingly unrelated things start misbehaving. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Monday, December 02, 2013 6:15 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: HEAPCHECK and HEAPZONE difference in zOS 2.1 Miklos, I found HEAPCHK in z/OS Language Environment Customization HEAPCHK Derivation: HEAP storage CHecKing Use HEAPCHK to run additional heap check tests. If HEAPCHK(ON) is used with STORAGE(,heap_free_value), the free areas of the heap will also be checked. If HEAPCHK(ON) is specified, this will result in a performance degradation due to the additional error checking that is performed. A U4042 abend dump will be generated when an error is detected, but no CEEDUMP will be produced. And for HEAPZONE I found in z/OS Language Environment Programming Reference Derivation: HEAP check ZONES The HEAPZONES runtime option is used to turn on overlay toleration and checking for user heaps. When activated, the runtime option affects any obtained storage that can be controlled by the HEAP or HEAP64 runtime options. HEAPZONES also affects storage obtained from a heap pool. A heap check zone is an additional piece of storage that is appended to an allocated element during a storage request. The size of the check zone depends on the size31 and size64 suboptions of HEAPZONES. The check zone can be examined for overlays when the heap element is freed. So it looks that HEAPCHK has a performance overhead and validates heaps of (I think) all HEAPS and the other a runtime option to provide overly toleration and check for USER heaps. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Kind regards, / Mit freundlichen Grüßen Miklos Szigetvari Research Development ISIS Papyrus Europe AG Alter Wienerweg 12, A-2344 Maria Enzersdorf, Austria T: +43(2236) 27551 333, F: +43(2236)21081 E-mail: miklos.szigetv...@isis-papyrus.com Info: i...@isis-papyrus.com Hotline: +43-2236-27551-111 Visit our brand new extended Website at www.isis-papyrus.com --- This e-mail is only intended for the recipient and not legally binding. Unauthorised use, publication, reproduction or disclosure of the content of this e-mail is not permitted. This email has been checked for known viruses, but ISIS Papyrus accepts no responsibility for malicious or inappropriate content. --- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IXGBRWSE - SMF Logstream
Hi, Bill. Thank you for your answer. I think the better option (for my case) is the using IXGBRWSE, even with the format of the block not well resolved (I could be more confortable with this block mapped with a IBM macro). With the IXGBRWSE it is possible to require a specific date and time (TOD format) to beginning the browser (with the intrinsic risk and control). José ADAUTO Ribeiro De: William Richardson bi...@us.ibm.com Enviada: Segunda-feira, 2 de Dezembro de 2013 14:41 Para: IBM-MAIN@LISTSERV.UA.EDU Assunto: Re: IXGBRWSE - SMF Logstream Jose, The LOGGER provided SUBSYS DD interface (using IFASEXIT for SMF records) gives you direct access to the data in the logstream and is essentially a 'well-behaved logger' aplication that is doing the IXGCONN and IXGBRWSE (and dealing with the multiplicity of error codes) for you and giving you 'record' level access to the data via basic (old fashioned) QSAM or BSAM OPEN/GET/CLOSE level interfaces. IF you want to get close-to-real time access to the data in the logstream then you are correct that you have to build an application from the ground up using LOGGER IXG* services - the only SMF specific thing in the application is the data itself (and the format of the blocks). Which is back to your original point about the mapping of these BLOCKS. More to your actual point (I think) ... IF you want REAL time access to the data being written to SMF (DASD or LOGSTREAM) you have to use the SMF provided SMF interface exits (IEFU83/4/5) to capture and process the data AS IT is passed to SMF to be written. That answer hasn't changed since SMF was originally shipped (but it was made a whole lot simpler with the implementation of 'Dynamic Exits' back in 1992). Bill (former SMF Component owner) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: When should we ACCEPT DB2 PTFs?
Use NOPURGE in the global zone options member to not delete the PTFs when they are accepted (if that's what is desired). A cross zone query can be done to see if a resolving PTF for an APAR has been applied. Just replace the first character of the APAR number with an 'A'.In your example PMx would become AMx. If a superseding PTF has been replied it will show SUP. Bill Skeldum -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Chris Hoelscher Sent: Tuesday, December 03, 2013 8:17 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: When should we ACCEPT DB2 PTFs? I NEVER accept PTFS - but for an entirely different reason I like to build meaningful reports as to what has been applied - when applied, the corresponding APAR#, a description, is it hiper? The RSU to which it belongs, and the owning product affected by the PTF To build this report - I run a LISTMCS to create a ptf/apar xref - BUT ACCEPTING the ptf removes entry from the MCS (when I ACCEPTED the FMIDs at instell time, I first captured the apar/ptf xref for the ptfs that were bundled with the install - otherwise - after our semi-annual RSU apply (we are limited in how often we can apply proactive maint) - I run my report - but ACCEPTING PTFS would limit the effectiveness of my report - I am amazed how often I get a call - do we have PMx installed? To save a trip the IBM website - the xref comes in handy Chris hoelscher Technology Architect | Database Infrastructure Services Technology Solution Services 123 East Main Street |Louisville, KY 40202 choelsc...@humana.com Humana.com (502) 476-2538 - office (502) 714-8615 - blackberry Keeping CAS and Metavance safe for all HUMANAty -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Joel C. Ewing Sent: Saturday, November 23, 2013 10:29 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] When should we ACCEPT DB2 PTFs? I can't recall ever seeing such an ACCEPT recommendation from IBM, probably because your own installation maintenance practices play such a major role here. The only reason for not ACCEPTing PTFs (USERMODS and APAR fixes should typically never be accepted) is because you might need to RESTORE a PTF; but if you have been successfully running with a PTF installed for months, it is highly unlikely you would ever need to RESTORE it, and even if some subsequent error HOLD was placed on the PTF, if it is not an issue that has caused problems in your environment it is just as likely that a resolving PTF will become available allowing you to go forward in maintenance rather than having to back out the PTF. I have even had a few rare cases where I have bypassed an ERROR HOLD to force an ACCEPT of a PTF and clean up a zone when the nature of the error HOLD was such that it would clearly never be an issue for us. The most likely point at which you might actually need to do a RESTORE would be shortly after another mass APPLY of PTF's (not just any next APPLY). Failure to ACCEPT previous mass maintenance for PTFs already running in production sometime before doing the next mass APPLY means any RESTORE after that point is likely to also force a back out of PTFs with which you have been successfully running for months. I would expect this to add unnecessary risk by placing your system in configurations further at variance from those with which IBM and others (including your own installation) have done rigorous RSU-level testing. Joel C. Ewing On 11/22/2013 05:30 PM, Mike Schwab wrote: How about not until IBM tells you to? As in you must accept before apply this PTF? On Fri, Nov 22, 2013 at 8:40 AM, Staller, Allan allan.stal...@kbmg.com wrote: IMO, the short answer is just before the next APPLY. HTH, -- Joel C. Ewing,Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN The information contained in this electronic communication and any document attached hereto or transmitted herewith is confidential and intended for the exclusive use of the individual or entity named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified
Re: Un-authorized caller calling authorized services.
On Mon, 2 Dec 2013 13:36:43 -0600, Ray Overby ray.ove...@kr-inc.com wrote: When creating authorized code I use the following guidelines: - It is not good enough that the authorized code functions as designed. Authorized code has a higher standard that it must adhere to. Your code must not allow malicious or uninformed users to make it do things outside of its scope. - Pay attention to how you obtain your parameters. -Parameters should be accessed in the requesters PSW Key. -Make a copy of the parameters so that they cannot be changed after you have validated them and before you use them (time of check 2 time of use vulnerability). -Make sure sensitive data is kept in fetch protected storage. -Make sure your design does not allow the requester to control where the authorized code branches to: -By branching to a user specified address in an authorized state -By branching on a function code whose value is not verified to be in a specific range -Be careful issuing authorized services in your code AND allowing user parameters to be specified in the authorized services parameter list. - Return data to requester in their PSW Key. - Don't return control to the requester with a higher level of authority -Don't dynamically elevate their security credentials -Don't allow the requester the ability to MODESET -Don't return control in a different PSW Key or State Ray Overby Key Resources, Inc Ensuring System Integrity for z/Series (312) 574-0007 I've lost track of the number of issues I found in this sort of code over the years. A lot of those problems would have been avoided by following the advice above. Some of the more common problems: Flawed function code validation. Like this in an SVC routine that was supposed to be called with a function code of 0, 4 or 8 in R1. CHR1,=H'8' IF FUNCTION CODE TOO LARGE BHRETURN THEN IGNORE IT B BTABLE(R1) USE BRANCH TABLE TO GO TO REQUIRED * FUNCTION BTABLE B HERE FUNCTION=0 B THERE FUNCTION=4 B EVERYWHERE FUNCTION=8 So what happens if it is called with a function code that is not a multiple of 4? Actually, it has a bigger problem than that, can you spot it? Still, that is better than the two SVC routines I encountered, both of which were only two bytes long, and that could have been called IEFBR15 and IEFBR1 respectively, or the SVC which performed an MVCL using caller provided addresses and lengths, with absolutely no validation at all. Another common problem was SVC routines that found it necessary to examine a CDE to assist with distinguishing the good guys from the bad (a notoriously difficult task if the bad guys refuse to cooperate). They followed a pointer from the caller's RB to locate the CDE, forgetting that not all RBs point to CDEs. The result was that they could be trivially deceived by calling them from an IRB. Another issue was inadvertently making an assumption about the contents of some register. This was more common in PC routines but I also saw more than one SVC that started out with: STM R14,R12,12(R13) Another flawed good guy test I saw over and over again was to assume that if you knew the location of your caller (say PLPA) or if the caller's code resided in system key storage, then they could be trusted. I suspect this false notion may have its roots in the original, and somewhat infamous SPFCOPY SVC. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Un-authorized caller calling authorized services.
flawed function code validation - If you pass a negative number or a large positive number you can control where the SVC branches to. I have seen these types of problems in the wild where I was able to branch to a private area where any code you wanted could be executed. Ray Overby Key Resources, Inc Ensuring System Integrity for z/Series (312) 574-0007 On 12/3/2013 12:46 PM, Andy Wood wrote: On Mon, 2 Dec 2013 13:36:43 -0600, Ray Overby ray.ove...@kr-inc.com wrote: When creating authorized code I use the following guidelines: - It is not good enough that the authorized code functions as designed. Authorized code has a higher standard that it must adhere to. Your code must not allow malicious or uninformed users to make it do things outside of its scope. - Pay attention to how you obtain your parameters. -Parameters should be accessed in the requesters PSW Key. -Make a copy of the parameters so that they cannot be changed after you have validated them and before you use them (time of check 2 time of use vulnerability). -Make sure sensitive data is kept in fetch protected storage. -Make sure your design does not allow the requester to control where the authorized code branches to: -By branching to a user specified address in an authorized state -By branching on a function code whose value is not verified to be in a specific range -Be careful issuing authorized services in your code AND allowing user parameters to be specified in the authorized services parameter list. - Return data to requester in their PSW Key. - Don't return control to the requester with a higher level of authority -Don't dynamically elevate their security credentials -Don't allow the requester the ability to MODESET -Don't return control in a different PSW Key or State Ray Overby Key Resources, Inc Ensuring System Integrity for z/Series (312) 574-0007 I've lost track of the number of issues I found in this sort of code over the years. A lot of those problems would have been avoided by following the advice above. Some of the more common problems: Flawed function code validation. Like this in an SVC routine that was supposed to be called with a function code of 0, 4 or 8 in R1. CHR1,=H'8' IF FUNCTION CODE TOO LARGE BHRETURN THEN IGNORE IT B BTABLE(R1) USE BRANCH TABLE TO GO TO REQUIRED * FUNCTION BTABLE B HERE FUNCTION=0 B THERE FUNCTION=4 B EVERYWHERE FUNCTION=8 So what happens if it is called with a function code that is not a multiple of 4? Actually, it has a bigger problem than that, can you spot it? Still, that is better than the two SVC routines I encountered, both of which were only two bytes long, and that could have been called IEFBR15 and IEFBR1 respectively, or the SVC which performed an MVCL using caller provided addresses and lengths, with absolutely no validation at all. Another common problem was SVC routines that found it necessary to examine a CDE to assist with distinguishing the good guys from the bad (a notoriously difficult task if the bad guys refuse to cooperate). They followed a pointer from the caller's RB to locate the CDE, forgetting that not all RBs point to CDEs. The result was that they could be trivially deceived by calling them from an IRB. Another issue was inadvertently making an assumption about the contents of some register. This was more common in PC routines but I also saw more than one SVC that started out with: STM R14,R12,12(R13) Another flawed good guy test I saw over and over again was to assume that if you knew the location of your caller (say PLPA) or if the caller's code resided in system key storage, then they could be trusted. I suspect this false notion may have its roots in the original, and somewhat infamous SPFCOPY SVC. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Un-authorized caller calling authorized services.
In eqhp99hrteh41cg45872irb1a8ru18c...@4ax.com, on 12/02/2013 at 07:47 PM, Binyamin Dissen bdis...@dissensoftware.com said: On Sun, 1 Dec 2013 18:04:18 -0500 Shmuel Metz (Seymour J.) shmuel+ibm-m...@patriot.net wrote: :In :b6c1eb4364c30e47950e0f68ef65f467015...@proditmailbox1.us.syncsort.com, :on 11/30/2013 : at 09:53 PM, Blaicher, Christopher Y. cblaic...@syncsort.com :said: : :- Don't ever read data from a caller's address space when you are :.not in the caller's key. :MVCK MVCSK MVCOS :- Don't EVER, EVER write data to a caller's address space when :you are not in the caller's key. :MVCK MVCDK MVCOS The point being that there are half a dozen specialized instructions that do the necessary key checking without any need to be in the callers key; the particular instructions that are appropriate depend, e.g., on the environment. MVCK was just a particular counterexample, appropriate for some cases but not for others. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
In 529cd1c5.9030...@tulsagrammer.com, on 12/02/2013 at 12:30 PM, Eric Chevalier et...@tulsagrammer.com said: I believe the issue some people are trying to address with a Unix catalog is the case where you DON'T know the full path. A central repository won't solve that problem. I know it's called stroganoff.txt Unless it's your only recipe, you've got a problem. Now suppose I have some sort of index file where the key is the unqualified file name and the data is the path to that file. Such facilities already exist, without the need for a central repository. They aren't very helpful for background scripts. What I see as more helpful would be Multics-style search rules (STEPCAT on steroids), but that still leaves the issue of getting the right one when there are duplicates. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
In CAE1XxDF9CN8XdrzH4rBVgzkNTW0aD=rb9ue4v6odux-dbdq...@mail.gmail.com, on 12/02/2013 at 02:48 PM, John Gilmore jwgli...@gmail.com said: Worth noting, and not at all to clear from, indeed antiothetical to, the title of this thread is that we are now addressing a deficiency of UNIX, not one of the MVS side of z/OS. The issue exists in both, in slightly different form. In neither case do I see a central repository doing anything for the user. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
In CAArMM9QE1XRUYPzNjuwW6uj2HoC9RAN0RQaovr1OU=uveo9...@mail.gmail.com, on 12/02/2013 at 06:19 PM, Tony Harminc t...@harminc.net said: I'm not sure in what sense it replies on it. Consider the STATUS command. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DESERV function get DCB address
In a6c1919a-f0ad-4e73-b6ca-1a1091b3f...@optonline.net, on 12/02/2013 at 10:12 PM, Micheal Butz michealb...@optonline.net said: The TIOT entry only says if it's a joblib If the ddname in the entry is 'STEPLIB ' then it's a steplib. Or do you have two DD statements with the same ddname? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Hillgang 11 Dec - registration
If the new method of registration (Doodle) is causing you grief or your corporate firewall prevents you from using it, just send email to ne...@sinenomine.net if you¹d like to register for the event. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DESERV function get DCB address
Sorry you are correct Sent from my iPhone On Dec 3, 2013, at 2:49 PM, Shmuel Metz (Seymour J.) shmuel+ibm-m...@patriot.net wrote: In a6c1919a-f0ad-4e73-b6ca-1a1091b3f...@optonline.net, on 12/02/2013 at 10:12 PM, Micheal Butz michealb...@optonline.net said: The TIOT entry only says if it's a joblib If the ddname in the entry is 'STEPLIB ' then it's a steplib. Or do you have two DD statements with the same ddname? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Un-authorized caller calling authorized services.
In 2958507380311552.wa.woodagozemail.com...@listserv.ua.edu, on 12/03/2013 at 12:46 PM, Andy Wood woo...@ozemail.com.au said: So what happens if it is called with a function code that is not a multiple of 4? Actually, it has a bigger problem than that, can you spot it? ITYM a smaller problem g, d r My favorite was an SVC with an exposure that I was ordered to not tell the auditors about, although I was eventually allowed to fix it. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Has anyone measured CPU savings using external SORT's vs. internal (COBOL) SORT's?
Except that IBM COBOL only provides us with the ability to give a record to the SORT during INPUT PROCEDURE processing, requiring us to use COBOL I/O to read the records to be massaged and then sorted, whereas a true E15 exit gets the records read from SORTIN by the sort itself passed to it, and then decides what to do with each record -- use the one given, insert another in its place, or delete it. Similar logic is required in the COBOL OUTPUT PROCEDURE, which only gets records back from the SORT, and must write them out using only COBOL I/O facilities, whereas a true E35 exit can give the record back to the SORT and let SORT use its own I/O facilities to write out the sorted and massaged record. There may be some potential for decrease in CPU time for true E15/E35 exits which would come from taking advantage of the SORT's own optimized I/O facilities, but that is just a theory which I have not tested. Other replacements for COBOL SORT processing discussed in this thread do certainly seem to be almost guaranteed to increase rather than decrease CPU consumption, if only from the increase in the number of passes that must be made over the data. And paying attention to optimizing SORT's control parameters both on a shop-wide and particular-application level seems likely to produce some benefits without any program restructuring at all. Thanks to all who participated in this discussion. I appreciate the help. Peter -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Staller, Allan Sent: Monday, December 02, 2013 9:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Has anyone measured CPU savings using external SORT's vs. internal (COBOL) SORT's? Sorry about the late reply. The last time I seriously looked, the COBOL sort verb invoked the installation sort (DFsort, SYNCSORT,). The COBOL program effectively became the E15/E35 sort exits. On that basis, I would not expect any significant difference in CPU time consumed, *AND* as someone previously noted, a possible significant increase in elapsed time. HTH, snip It has been suggested to management here that there could be potentially significant CPU savings from re-engineering application programs such that any SORT's are done in a separate step, so that a program with a single internal SORT would be broken up into a pre-SORT process followed by an external SORT of the massaged data followed by a post-process of the SORTed data. /snip -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
On 2 December 2013 14:02, Paul Gilmartin paulgboul...@aim.com wrote: On Mon, 2 Dec 2013 12:30:29 -0600, Eric Chevalier wrote: [...] Now suppose I have some sort of index file where the key is the unqualified file name and the data is the path to that file. I can search the index for my file name and it should quickly show me all the locations where a file by that name is located. (Note that Windows has had such a facility since at least XP.) As has OS X. Also search by substring of filename, and by content. I don't know about OS X, but recent version of Windows have seriousl dumbed down the search interface to the point that it's almost impossible to distinguish between file names and approximate strings inside the files. But for that matter, even Google insists on searching for things vaguely close to what I asked for, rather then the actual thing. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Un-authorized caller calling authorized services.
On 12/3/2013 1:59 PM, Ray Overby wrote: flawed function code validation - If you pass a negative number or a large positive number you can control where the SVC branches to. I have seen these types of problems in the wild where I was able to branch to a private area where any code you wanted could be executed. BTDTGTTS - long ago I discovered how to kill two flies with one stone - in the example, change the test to CL R1,=F'8' - after that, extraneous bits may be tested with an EX R1, Gerhard Postpischil Bradford, Vermont -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
Tony, Sloppy coding at google ? Scott ford www.identityforge.com from my IPAD 'Infinite wisdom through infinite means' On Dec 3, 2013, at 7:00 PM, Tony Harminc t...@harminc.net wrote: On 2 December 2013 14:02, Paul Gilmartin paulgboul...@aim.com wrote: On Mon, 2 Dec 2013 12:30:29 -0600, Eric Chevalier wrote: [...] Now suppose I have some sort of index file where the key is the unqualified file name and the data is the path to that file. I can search the index for my file name and it should quickly show me all the locations where a file by that name is located. (Note that Windows has had such a facility since at least XP.) As has OS X. Also search by substring of filename, and by content. I don't know about OS X, but recent version of Windows have seriousl dumbed down the search interface to the point that it's almost impossible to distinguish between file names and approximate strings inside the files. But for that matter, even Google insists on searching for things vaguely close to what I asked for, rather then the actual thing. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
On Tue, Dec 3, 2013 at 7:00 PM, Tony Harminc t...@harminc.netmailto:t...@harminc.net wrote: I don't know about OS X, but recent version of Windows have seriousl dumbed down the search interface to the point that it's almost impossible to distinguish between file names and approximate strings inside the files. But for that matter, even Google insists on searching for things vaguely close to what I asked for, rather then the actual thing. Thank you, Tony: I thought it was just me! Drives me nuts. I wind up opening a command prompt and using DIR (or grep, depending). Re Google: use verbatim search. Look under Search tools, then All results to find that. I discovered this when I was trying to factcheck a story about an elderly man who got a sensitive part of his anatomy stuck in a chair (I forget why this was interesting at the time, honest!). The word I was searching for has three syllables and begins with t, but Google kept presenting results that had the word balls in them. Smart is good - when I search for 5 cups and it offers five cups, that's a GOOD thing. But it does go too far sometimes. (Also try searching for a restaurant whose name is Italian in Virginia [VA] - va is a common Italian word, so you get tons of hits *from Italy, in Italian*. Adding language:english to the search helps there). ...phsiii -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
My thought. While you are typing a command with a partial Unix file name, leave the cursor at the end of the file name and press a PF key. The routine would open a popup window with a list of possible matches. You could select a option by tabbing to the line with the desired match and pressing enter, or alter the search argument and pressing enter to search again. Would work very much like ISPF 3.4 or the mentioned directory listing. On Tue, Dec 3, 2013 at 6:48 PM, Phil Smith p...@voltage.com wrote: On Tue, Dec 3, 2013 at 7:00 PM, Tony Harminc t...@harminc.netmailto:t...@harminc.net wrote: I don't know about OS X, but recent version of Windows have seriousl dumbed down the search interface to the point that it's almost impossible to distinguish between file names and approximate strings inside the files. But for that matter, even Google insists on searching for things vaguely close to what I asked for, rather then the actual thing. Thank you, Tony: I thought it was just me! Drives me nuts. I wind up opening a command prompt and using DIR (or grep, depending). Re Google: use verbatim search. Look under Search tools, then All results to find that. I discovered this when I was trying to factcheck a story about an elderly man who got a sensitive part of his anatomy stuck in a chair (I forget why this was interesting at the time, honest!). The word I was searching for has three syllables and begins with t, but Google kept presenting results that had the word balls in them. Smart is good - when I search for 5 cups and it offers five cups, that's a GOOD thing. But it does go too far sometimes. (Also try searching for a restaurant whose name is Italian in Virginia [VA] - va is a common Italian word, so you get tons of hits *from Italy, in Italian*. Adding language:english to the search helps there). ...phsiii -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
On Tue, Dec 3, 2013 at 6:53 PM, Mike Schwab mike.a.sch...@gmail.com wrote: My thought. While you are typing a command with a partial Unix file name, leave the cursor at the end of the file name and press a PF key. The routine would open a popup window with a list of possible matches. You could select a option by tabbing to the line with the desired match and pressing enter, or alter the search argument and pressing enter to search again. Would work very much like ISPF 3.4 or the mentioned directory listing. In a true shell environment (not TSO OMVS), The BASH shell does this with the TAB key (I guess in TSO OMVS, this would be a ctrl-i, using the TSO OMVS escape character to emulate the ctrl key press). If you use the standard /bin/sh in z/OS UNIX, and do a set -o vi, then if there exists at least one file name which matches the prefix you entered, a Ctrl-\ (^\) will either: (1) extend the name with the remaining characters in the unique name or; (2) extend the remaining shared characters in the set of possibly matching names. In case #2, with BASH, hitting the TAB key a second time will show all matching names, letting you type in some more characters, then TAB again. Unfortunately, /bin/sh does _NOT_ help in this situation. Which is why I often have _TWO_ shell prompts up in separate windows. One with my command, and another to do an ls command to see which file name I want. I then cut from the ls window and paste into the other window which contains my command. -- Maranatha! John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Catalog system for Unix Was: Re: z/OS is antique WAS: Aging Sysprogs = Aging Farmers
Mike, I like that solution, very nice . Love time savers ...especially when your up to your ...in alligators Scott ford www.identityforge.com from my IPAD 'Infinite wisdom through infinite means' On Dec 3, 2013, at 7:53 PM, Mike Schwab mike.a.sch...@gmail.com wrote: My thought. While you are typing a command with a partial Unix file name, leave the cursor at the end of the file name and press a PF key. The routine would open a popup window with a list of possible matches. You could select a option by tabbing to the line with the desired match and pressing enter, or alter the search argument and pressing enter to search again. Would work very much like ISPF 3.4 or the mentioned directory listing. On Tue, Dec 3, 2013 at 6:48 PM, Phil Smith p...@voltage.com wrote: On Tue, Dec 3, 2013 at 7:00 PM, Tony Harminc t...@harminc.netmailto:t...@harminc.net wrote: I don't know about OS X, but recent version of Windows have seriousl dumbed down the search interface to the point that it's almost impossible to distinguish between file names and approximate strings inside the files. But for that matter, even Google insists on searching for things vaguely close to what I asked for, rather then the actual thing. Thank you, Tony: I thought it was just me! Drives me nuts. I wind up opening a command prompt and using DIR (or grep, depending). Re Google: use verbatim search. Look under Search tools, then All results to find that. I discovered this when I was trying to factcheck a story about an elderly man who got a sensitive part of his anatomy stuck in a chair (I forget why this was interesting at the time, honest!). The word I was searching for has three syllables and begins with t, but Google kept presenting results that had the word balls in them. Smart is good - when I search for 5 cups and it offers five cups, that's a GOOD thing. But it does go too far sometimes. (Also try searching for a restaurant whose name is Italian in Virginia [VA] - va is a common Italian word, so you get tons of hits *from Italy, in Italian*. Adding language:english to the search helps there). ...phsiii -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Un-authorized caller calling authorized services.
Definitely a large positive number over 2^16-1 (so there is something other than zeros in the high 2 bytes). The low 2 bytes have to be between x and x0008 to pass the CH R1,=H8 check. As to negative numbers, that number also has to be within certain boundaries so the low bytes meet the same range check. At 12:59 -0600 on 12/03/2013, Ray Overby wrote about Re: Un-authorized caller calling authorized services.: flawed function code validation - If you pass a negative number or a large positive number you can control where the SVC branches to. I have seen these types of problems in the wild where I was able to branch to a private area where any code you wanted could be executed. Ray Overby Key Resources, Inc Ensuring System Integrity for z/Series (312) 574-0007 On 12/3/2013 12:46 PM, Andy Wood wrote: On Mon, 2 Dec 2013 13:36:43 -0600, Ray Overby ray.ove...@kr-inc.com wrote: When creating authorized code I use the following guidelines: - It is not good enough that the authorized code functions as designed. Authorized code has a higher standard that it must adhere to. Your code must not allow malicious or uninformed users to make it do things outside of its scope. - Pay attention to how you obtain your parameters. -Parameters should be accessed in the requesters PSW Key. -Make a copy of the parameters so that they cannot be changed after you have validated them and before you use them (time of check 2 time of use vulnerability). -Make sure sensitive data is kept in fetch protected storage. -Make sure your design does not allow the requester to control where the authorized code branches to: -By branching to a user specified address in an authorized state -By branching on a function code whose value is not verified to be in a specific range -Be careful issuing authorized services in your code AND allowing user parameters to be specified in the authorized services parameter list. - Return data to requester in their PSW Key. - Don't return control to the requester with a higher level of authority -Don't dynamically elevate their security credentials -Don't allow the requester the ability to MODESET -Don't return control in a different PSW Key or State Ray Overby Key Resources, Inc Ensuring System Integrity for z/Series (312) 574-0007 I've lost track of the number of issues I found in this sort of code over the years. A lot of those problems would have been avoided by following the advice above. Some of the more common problems: Flawed function code validation. Like this in an SVC routine that was supposed to be called with a function code of 0, 4 or 8 in R1. CHR1,=H'8' IF FUNCTION CODE TOO LARGE BHRETURN THEN IGNORE IT B BTABLE(R1) USE BRANCH TABLE TO GO TO REQUIRED * FUNCTION BTABLE B HERE FUNCTION=0 B THERE FUNCTION=4 B EVERYWHERE FUNCTION=8 So what happens if it is called with a function code that is not a multiple of 4? Actually, it has a bigger problem than that, can you spot it? Still, that is better than the two SVC routines I encountered, both of which were only two bytes long, and that could have been called IEFBR15 and IEFBR1 respectively, or the SVC which performed an MVCL using caller provided addresses and lengths, with absolutely no validation at all. Another common problem was SVC routines that found it necessary to examine a CDE to assist with distinguishing the good guys from the bad (a notoriously difficult task if the bad guys refuse to cooperate). They followed a pointer from the caller's RB to locate the CDE, forgetting that not all RBs point to CDEs. The result was that they could be trivially deceived by calling them from an IRB. Another issue was inadvertently making an assumption about the contents of some register. This was more common in PC routines but I also saw more than one SVC that started out with: STM R14,R12,12(R13) Another flawed good guy test I saw over and over again was to assume that if you knew the location of your caller (say PLPA) or if the caller's code resided in system key storage, then they could be trusted. I suspect this false notion may have its roots in the original, and somewhat infamous SPFCOPY SVC. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send
Re: HMC REXX for Automating LPAR Controls (IMFEXEC)
You are right, I was getting contracts confused! I actually wrote that code in 2004 while working on a GDPS project. Robin -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: 03 December 2013 20:49 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: HMC REXX for Automating LPAR Controls (IMFEXEC) AFAIK the BCPii is not old enough. Last, but not least: Netview is not default component. I would be nice to better define the environment you have. BTW: does it has to be REXX? AFAIK using C/C++ the BCPii is available on z/OS 1.x. -- Radoslaw Skorupka Lodz, Poland W dniu 2013-12-03 13:27, Robin Atwood pisze: I distinctly remember writing a Rexx to use the NetView BCPii interface to adjust LPAR weightings back in 1998! This should not be that difficult. HTH Robin -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mary Anne Matyaz Sent: 03 December 2013 20:11 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: HMC REXX for Automating LPAR Controls (IMFEXEC) Rob, BCPii Rexx is only available on z/OS 2.1. If you're not 2.1 yet, you could write an assembler program that issues BCPii commands. If CA OPS is your automation package you may have some options there. MA -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.pl Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2013 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.555.904 złote. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN