Re: PCOM Question

2024-03-06 Thread Gadi Ben-Avi 
I have a custom keyboard map for this session.
The custom keyboard map Is accessible.

Gadi

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
ITschak Mugzach
Sent: יום ה 07 מרץ 2024 09:00
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: PCOM Question

[You don't often get email from 05a7ced721d8-dmarc-requ...@listserv.ua.edu. 
Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Gadi,

The name is PCOMM. Did you copy (or edit) the keyboard map)?

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring for 
z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Mar 7, 2024 at 8:13 AM Gadi Ben-Avi  wrote:

> Hi,
> I upgraded from PCOM v13.0.1 to v 13.0.7.
> When I press ENTER, there is no indication in the OIA.
> How do I enable this?
>
> Thanks
>
> Gadi
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread ITschak Mugzach 
I think that SMF itself is not sufficient for security alerts. Only part of
the activity is recorded and the event is not understood by the auditors. A
good example is adding a dataset to APF by a sysprog. He got a call the
first time, saying this is his day job, second call, but as the wolf and
the shepherd,  they will white list the event. However, such change has
side effects on security. For example, the dataset is not properly
protected and can be used by others.
Many MVS commands allow change of system configuration on the fly and,
again, are not visible to SMF. In general, I think SIEM is nice to have,
but you need to have a more accurate solution that goes directly to SOC
telling the event and how it affects security by creating new attack
vectors.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Wed, Mar 6, 2024 at 6:02 PM Charles Mills  wrote:

> I of course saw first-hand a lot of mainframe -> SIEM or Splunk
> integrations, and they ran the gamut. Some were as you describe; some were
> quite effective. The worst I saw was one company that was printing an SMF
> report to spool, using a mainframe product to convert the spooled report to
> a PDF, and sending it to the SIEM, which dutifully archived it. Made the
> auditors happy: mission accomplished. On the other hand, believe me, there
> were customers doing truly amazing "production" and ad hoc analyses both of
> security and performance data, using Splunk and other tools. (Recall I have
> no financial or similar interest in BMC, Splunk, or anything similar.)
> Splunk is not my favorite product -- the company was extremely difficult to
> deal with and the product is expensive to license, but it is an AMAZING
> product and many customers and customer people absolutely LOVE it. (That of
> course is why they are able to charge what they charge.)
>
> I was personally on a Zoom call with a very major financial institution
> that you would recognize in a heartbeat, doing a product new-feature demo,
> when we caught an intruder in the mainframe, real time. It was a contractor
> who was authorized to be on the mainframe but who had managed to improperly
> elevate his privileges to SPECIAL. it was an amazing moment, going from
> routine vendor product demo to "what the heck is HE doing -- hey, we gotta
> go."
>
> I was not aware of all of the exact details but our processing in
> conjunction with a SIEM was instrumental in uncovering a money-laundering
> scheme at a large bank in Mexico.
>
> My main interest was the security stuff, but yes, customers are doing very
> effective analysis of RMF and similar data. You are making a mistake if you
> discount the effectiveness of industry-standard tools in analyzing
> mainframe data.
>
> Charles
>
> On Wed, 6 Mar 2024 15:26:47 +, kekronbekron <
> kekronbek...@protonmail.com> wrote:
>
> >Exactly. I have my reservations on whether we as mainframe folks are
> choosing this (log analytics products) or are defaulting to it because no
> one is challenging for appropriate options from the mainframe technical
> side.
> >For an org, there is of course the valid point of correlation that
> Charles mentions, however, if you objectively work out costs and that, I
> don't think it works out as cost-effective.
> >
> >We may see kubernetes platforms sending auth logs, syslog, and whatever
> else to log analytics, but they don't send system metrics.
> >Time-series data is a different beast altogether. However much
> elastic/splunk/whoever else says they also do metrics, they're only
> secondary features at best.
> >There's a reason time-series databases exist, and are necessary.
> >
> >
> >
> >On Wednesday, March 6th, 2024 at 20:48, Dave Beagle <
> 0525eaef6620-dmarc-requ...@listserv.ua.edu> wrote:
> >
> >> We used Splunk at a former employer. Well, not really used it. An
> auditor “suggested” we implement it to “improve” our mainframe security.
> The auditor knew nothing about mainframe security. Likely read about Splunk
> somewhere or saw a session on it at a conference. And of course the topic
> of “security” is at the top of the heap among executives who wouldn’t know
> Top Secret from ACF2 from RACF. Especially when they hear that other
> companies are being hacked or blackmailed in the media nearly every day.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: PCOM Question

2024-03-06 Thread ITschak Mugzach 
Gadi,

The name is PCOMM. Did you copy (or edit) the keyboard map)?

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Mar 7, 2024 at 8:13 AM Gadi Ben-Avi  wrote:

> Hi,
> I upgraded from PCOM v13.0.1 to v 13.0.7.
> When I press ENTER, there is no indication in the OIA.
> How do I enable this?
>
> Thanks
>
> Gadi
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

PCOM Question

2024-03-06 Thread Gadi Ben-Avi 
Hi,
I upgraded from PCOM v13.0.1 to v 13.0.7.
When I press ENTER, there is no indication in the OIA.
How do I enable this?

Thanks

Gadi

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: What am I doing wrong with BPXWUNIX sort?

2024-03-06 Thread David Crayford 
You’re using the same stem variable for input and output. Use a specific 
stdout. stem and see if that fixes it. Kolusu’s snippet works for me. 

> On 7 Mar 2024, at 8:41 am, Charles Mills  wrote:
> 
> Thanks. As I said, I have tried both -k2 and -k 2, and also -k1 and +1, all 
> with the same result.
> 
> CM
> 
> On Thu, 7 Mar 2024 00:27:21 +, Sri Hari Kolusu  wrote:
> 
>> Charles,
>> 
>> Try a space after k.
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: What am I doing wrong with BPXWUNIX sort?

2024-03-06 Thread Dale R. Smith 
On Wed, 6 Mar 2024 18:10:28 -0600, Charles Mills  wrote:

>I am trying to sort a Rexx "array" starting with the second "word" of the 
>variables. My "array" is in Index.n and contains records of the form some descriptive string> where  is 0001, 0002, 0003, etc. and string is 2 
>to 5 Rexx "words."
>
>Here's my Rexx code:
>
>  Say "Before sort" Index.0 Index.1 Index.2 Index.3
>  stdout.0 = 0
>  stderr.0 = 0
>  Call BPXWUNIX "/bin/sort -k2",Index.,Index.,stderr.
>  Do i = 1 to stderr.0
>Say "Sort error:" stderr.i
>End i
>  Say "After  sort" Index.0 Index.1 Index.2 Index.3
>
>And here is the output:
>
>Before sort 8 0001 Main Check 0002 OMVS (FTP Session) 0003 C Validation 
>After  sort 8 0001 Main Check 0002 OMVS (FTP Session) 0003 C Validation 
>
>My expectation is that -k2 would have caused sort to sort on the "descriptive 
>strings" (ignoring the ) but obviously that is not what has happened. What 
>am I doing wrong? (I have tried both -k2 and -k 2, and also -k1 and +1 -- all 
>with the same results.)
>
>Thanks,
>Charles

Use a different Stem Name for the output, it can't be the same name as the 
input.

-- 
Dale R. Smith

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread kekronbekron 
> You are making a mistake if you discount the effectiveness of 
> industry-standard tools in analyzing mainframe data.

Let me clarify... I'm not saying don't use it at all. Just saying that there 
seems to be a tendency to lean too heavily on it, after it has gotten its foot 
through the door (for receiving security events).
I don't expect it to be great for either real-time processing of high volume 
perf data or for archival of said data efficiently, and allowing for historical 
reporting/charting etc.




On Wednesday, March 6th, 2024 at 21:32, Charles Mills  wrote:

> I of course saw first-hand a lot of mainframe -> SIEM or Splunk integrations, 
> and they ran the gamut. Some were as you describe; some were quite effective. 
> The worst I saw was one company that was printing an SMF report to spool, 
> using a mainframe product to convert the spooled report to a PDF, and sending 
> it to the SIEM, which dutifully archived it. Made the auditors happy: mission 
> accomplished. On the other hand, believe me, there were customers doing truly 
> amazing "production" and ad hoc analyses both of security and performance 
> data, using Splunk and other tools. (Recall I have no financial or similar 
> interest in BMC, Splunk, or anything similar.) Splunk is not my favorite 
> product -- the company was extremely difficult to deal with and the product 
> is expensive to license, but it is an AMAZING product and many customers and 
> customer people absolutely LOVE it. (That of course is why they are able to 
> charge what they charge.)
> 
> 
> I was personally on a Zoom call with a very major financial institution that 
> you would recognize in a heartbeat, doing a product new-feature demo, when we 
> caught an intruder in the mainframe, real time. It was a contractor who was 
> authorized to be on the mainframe but who had managed to improperly elevate 
> his privileges to SPECIAL. it was an amazing moment, going from routine 
> vendor product demo to "what the heck is HE doing -- hey, we gotta go."
> 
> I was not aware of all of the exact details but our processing in conjunction 
> with a SIEM was instrumental in uncovering a money-laundering scheme at a 
> large bank in Mexico.
> 
> My main interest was the security stuff, but yes, customers are doing very 
> effective analysis of RMF and similar data. You are making a mistake if you 
> discount the effectiveness of industry-standard tools in analyzing mainframe 
> data.
> 
> Charles
> 
> On Wed, 6 Mar 2024 15:26:47 +, kekronbekron kekronbek...@protonmail.com 
> wrote:
> 
> > Exactly. I have my reservations on whether we as mainframe folks are 
> > choosing this (log analytics products) or are defaulting to it because no 
> > one is challenging for appropriate options from the mainframe technical 
> > side.
> > For an org, there is of course the valid point of correlation that Charles 
> > mentions, however, if you objectively work out costs and that, I don't 
> > think it works out as cost-effective.
> > 
> > We may see kubernetes platforms sending auth logs, syslog, and whatever 
> > else to log analytics, but they don't send system metrics.
> > Time-series data is a different beast altogether. However much 
> > elastic/splunk/whoever else says they also do metrics, they're only 
> > secondary features at best.
> > There's a reason time-series databases exist, and are necessary.
> > 
> > On Wednesday, March 6th, 2024 at 20:48, Dave Beagle 
> > 0525eaef6620-dmarc-requ...@listserv.ua.edu wrote:
> > 
> > > We used Splunk at a former employer. Well, not really used it. An auditor 
> > > “suggested” we implement it to “improve” our mainframe security. The 
> > > auditor knew nothing about mainframe security. Likely read about Splunk 
> > > somewhere or saw a session on it at a conference. And of course the topic 
> > > of “security” is at the top of the heap among executives who wouldn’t 
> > > know Top Secret from ACF2 from RACF. Especially when they hear that other 
> > > companies are being hacked or blackmailed in the media nearly every day.
> 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM Announces the z/OS Container Platform

2024-03-06 Thread Timothy Sipples 
(Cross-posted to MVS-OE.) A little more information on the IBM z/OS Container 
Platform is now available here:

https://www.ibm.com/support/z-content-solutions/zos-container-platform/

Here’s my quick functional summary of some related offerings:


  *   IBM z/OS Container Extensions: runs containerized Linux applications on 
z/OS
  *   OpenShift on z/OS (“zCX Foundation for Red Hat OpenShift”): runs 
containerized Linux applications on z/OS with advanced provisioning, 
clustering, orchestration, and management
  *   IBM z/OS Container Platform: runs containerized z/OS UNIX™️ applications
  *   Statement of Direction announced with the IBM z/OS Container Platform: 
“Kubernetes orchestration support”
  *   IBM z/OS Cloud Broker: allows OpenShift environments to provision and 
orchestrate z/OS-hosted services, including “classic” services

Yes, IBM is introducing an Open Container Initiative (OCI)-compliant container 
image standard for z/OS UNIX applications. The IBM z/OS Container Platform (IBM 
Program No. 5655-MC3) should be Generally Available on March 15, 2024. The full 
documentation should also be available on that date.

I understand IBM publicly demonstrated (for the first time) the IBM z/OS 
Container Platform at SHARE about 12 hours ago as I write this. Any first 
person reports?

—
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM Z/LinuxONE, Asia-Pacific
sipp...@sg.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: What am I doing wrong with BPXWUNIX sort?

2024-03-06 Thread Charles Mills 
Thanks. As I said, I have tried both -k2 and -k 2, and also -k1 and +1, all 
with the same result.

CM

On Thu, 7 Mar 2024 00:27:21 +, Sri Hari Kolusu  wrote:

>Charles,
>
>Try a space after k.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: What am I doing wrong with BPXWUNIX sort?

2024-03-06 Thread Sri Hari Kolusu 
Charles,

Your example data

/* REXX */
stdin.0=3
stdin.1="0001 Main Check"
stdin.2="0002 OMVS (FTP Session)"
stdin.3="0003 C Validation"

cmd="sort -k 2"
call bpxwunix cmd,stdin.,stdout.,stderr.

say "stdout:"
say "==="
do i=1 to stdout.0
  say stdout.i
end

say "stderr:"
say "==="
do i=1 to stderr.0
   say stderr.i
end

produces


stdout:
===
0003 C Validation
0001 Main Check
0002 OMVS (FTP Session)
stderr:
===

Thanks,
Kolusu


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: What am I doing wrong with BPXWUNIX sort?

2024-03-06 Thread Sri Hari Kolusu 
Charles,

Try a space after k.

Something like this

/* REXX */
stdin.0=5
stdin.1="KIJJ 3"
stdin.2="KQWR 1"
stdin.3="ADGF 2"
stdin.4="OEPE 6"
stdin.5="VNVV 5"

cmd="sort -k 2"
call bpxwunix cmd,stdin.,stdout.,stderr.

say "stdout:"
say "==="
do i=1 to stdout.0
  say stdout.i
end

say "stderr:"
say "==="
do i=1 to stderr.0
   say stderr.i
end

Thanks,
Kolusu


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

What am I doing wrong with BPXWUNIX sort?

2024-03-06 Thread Charles Mills 
I am trying to sort a Rexx "array" starting with the second "word" of the 
variables. My "array" is in Index.n and contains records of the form  where  is 0001, 0002, 0003, etc. and string is 2 to 5 
Rexx "words."

Here's my Rexx code:

  Say "Before sort" Index.0 Index.1 Index.2 Index.3
  stdout.0 = 0
  stderr.0 = 0
  Call BPXWUNIX "/bin/sort -k2",Index.,Index.,stderr.
  Do i = 1 to stderr.0
Say "Sort error:" stderr.i
End i
  Say "After  sort" Index.0 Index.1 Index.2 Index.3

And here is the output:

Before sort 8 0001 Main Check 0002 OMVS (FTP Session) 0003 C Validation 
After  sort 8 0001 Main Check 0002 OMVS (FTP Session) 0003 C Validation 

My expectation is that -k2 would have caused sort to sort on the "descriptive 
strings" (ignoring the ) but obviously that is not what has happened. What 
am I doing wrong? (I have tried both -k2 and -k 2, and also -k1 and +1 -- all 
with the same results.)

Thanks,
Charles

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: VTAM Display of DSESLIM

2024-03-06 Thread roscoe5 
Found this, will see if it is what we need.
D NET,CNOS,ID=xxA,LUNAME=xxT,LOGMODE=SNASVCMG

Sent from [Proton Mail](https://proton.me/mail/home) for iOS

On Wed, Mar 6, 2024 at 1:11 PM, roscoe5 
<[056b62686b81-dmarc-requ...@listserv.ua.edu](mailto:On Wed, Mar 6, 2024 at 
1:11 PM, roscoe5 < wrote:

> Good afternoon,
> I’m working with a shop that wants to test tweaks to DSESLIM and DMINWNR.
> We changed source, did the Vary Inact/Act, and basic checkout in Test LPAR.
> Before proceeding into Production, for doc or S, they asked if we could 
> Display the change.
> It would be nice for Change control or completeness to Display before and 
> after, but I cannot find any such command.
>
> Any feedback is welcomed.
>
> Thanks,
> R
>
> Sent from [Proton Mail](https://proton.me/mail/home) for iOS
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

VTAM Display of DSESLIM

2024-03-06 Thread roscoe5 
Good afternoon,
I’m working with a shop that wants to test tweaks to DSESLIM and DMINWNR.
We changed source, did the Vary Inact/Act, and basic checkout in Test LPAR.
Before proceeding into Production, for doc or S, they asked if we could 
Display the change.
It would be nice for Change control or completeness to Display before and 
after, but I cannot find any such command.

Any feedback is welcomed.

Thanks,
R

Sent from [Proton Mail](https://proton.me/mail/home) for iOS

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread Dave Beagle 
Any contractor who elevates his/her security access should immediately be fired 
and possibly reported to authorities. Unless of course the security people at 
the shop were negligent in giving him the authority to elevate him/herself. The 
shop I was referring to in which I worked, had mainframe security people who 
weren’t mainframers telling the Systems Programmers (or installers) with 40+ 
years of experience, including decades of RACF/ACF2/TSS experience how they 
knew more about security and how critical Splunk is to insuring MF security. 
Utter BS. 


Sent from Yahoo Mail for iPhone


On Wednesday, March 6, 2024, 11:02 AM, Charles Mills  wrote:

I of course saw first-hand a lot of mainframe -> SIEM or Splunk integrations, 
and they ran the gamut. Some were as you describe; some were quite effective. 
The worst I saw was one company that was printing an SMF report to spool, using 
a mainframe product to convert the spooled report to a PDF, and sending it to 
the SIEM, which dutifully archived it. Made the auditors happy: mission 
accomplished. On the other hand, believe me, there were customers doing truly 
amazing "production" and ad hoc analyses both of security and performance data, 
using Splunk and other tools. (Recall I have no financial or similar interest 
in BMC, Splunk, or anything similar.) Splunk is not my favorite product -- the 
company was extremely difficult to deal with and the product is expensive to 
license, but it is an AMAZING product and many customers and customer people 
absolutely LOVE it. (That of course is why they are able to charge what they 
charge.) 

I was personally on a Zoom call with a very major financial institution that 
you would recognize in a heartbeat, doing a product new-feature demo, when we 
caught an intruder in the mainframe, real time. It was a contractor who was 
authorized to be on the mainframe but who had managed to improperly elevate his 
privileges to SPECIAL. it was an amazing moment, going from routine vendor 
product demo to "what the heck is HE doing -- hey, we gotta go."

I was not aware of all of the exact details but our processing in conjunction 
with a SIEM was instrumental in uncovering a money-laundering scheme at a large 
bank in Mexico.

My main interest was the security stuff, but yes, customers are doing very 
effective analysis of RMF and similar data. You are making a mistake if you 
discount the effectiveness of industry-standard tools in analyzing mainframe 
data.

Charles

On Wed, 6 Mar 2024 15:26:47 +, kekronbekron  
wrote:

>Exactly. I have my reservations on whether we as mainframe folks are choosing 
>this (log analytics products) or are defaulting to it because no one is 
>challenging for appropriate options from the mainframe technical side.
>For an org, there is of course the valid point of correlation that Charles 
>mentions, however, if you objectively work out costs and that, I don't think 
>it works out as cost-effective.
>
>We may see kubernetes platforms sending auth logs, syslog, and whatever else 
>to log analytics, but they don't send system metrics.
>Time-series data is a different beast altogether. However much 
>elastic/splunk/whoever else says they also do metrics, they're only secondary 
>features at best.
>There's a reason time-series databases exist, and are necessary.
>
>
>
>On Wednesday, March 6th, 2024 at 20:48, Dave Beagle 
><0525eaef6620-dmarc-requ...@listserv.ua.edu> wrote:
>
>> We used Splunk at a former employer. Well, not really used it. An auditor 
>> “suggested” we implement it to “improve” our mainframe security. The auditor 
>> knew nothing about mainframe security. Likely read about Splunk somewhere or 
>> saw a session on it at a conference. And of course the topic of “security” 
>> is at the top of the heap among executives who wouldn’t know Top Secret from 
>> ACF2 from RACF. Especially when they hear that other companies are being 
>> hacked or blackmailed in the media nearly every day.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BASE64 Decode / EPOCH Conversion Code Samples

2024-03-06 Thread Amr@Systemz 
 
Java has java.util.Base64.Decoder since 1.8. JRE should be available on USS 
On Tuesday, March 5, 2024 at 11:21:17 PM MST, Frank Bonaduce 
<05e50174f43c-dmarc-requ...@listserv.ua.edu> wrote:  
 
 Hello Folks. Is anyone aware of where one might locate any sample assembler 
code, macros or APIs to perform the following:
- Base64 Decoding (to EBCDIC)- EPOCH Conversion
Thanks in advance for the assistance.   Frank.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread Charles Mills 
I of course saw first-hand a lot of mainframe -> SIEM or Splunk integrations, 
and they ran the gamut. Some were as you describe; some were quite effective. 
The worst I saw was one company that was printing an SMF report to spool, using 
a mainframe product to convert the spooled report to a PDF, and sending it to 
the SIEM, which dutifully archived it. Made the auditors happy: mission 
accomplished. On the other hand, believe me, there were customers doing truly 
amazing "production" and ad hoc analyses both of security and performance data, 
using Splunk and other tools. (Recall I have no financial or similar interest 
in BMC, Splunk, or anything similar.) Splunk is not my favorite product -- the 
company was extremely difficult to deal with and the product is expensive to 
license, but it is an AMAZING product and many customers and customer people 
absolutely LOVE it. (That of course is why they are able to charge what they 
charge.) 

I was personally on a Zoom call with a very major financial institution that 
you would recognize in a heartbeat, doing a product new-feature demo, when we 
caught an intruder in the mainframe, real time. It was a contractor who was 
authorized to be on the mainframe but who had managed to improperly elevate his 
privileges to SPECIAL. it was an amazing moment, going from routine vendor 
product demo to "what the heck is HE doing -- hey, we gotta go."

I was not aware of all of the exact details but our processing in conjunction 
with a SIEM was instrumental in uncovering a money-laundering scheme at a large 
bank in Mexico.

My main interest was the security stuff, but yes, customers are doing very 
effective analysis of RMF and similar data. You are making a mistake if you 
discount the effectiveness of industry-standard tools in analyzing mainframe 
data.

Charles

On Wed, 6 Mar 2024 15:26:47 +, kekronbekron  
wrote:

>Exactly. I have my reservations on whether we as mainframe folks are choosing 
>this (log analytics products) or are defaulting to it because no one is 
>challenging for appropriate options from the mainframe technical side.
>For an org, there is of course the valid point of correlation that Charles 
>mentions, however, if you objectively work out costs and that, I don't think 
>it works out as cost-effective.
>
>We may see kubernetes platforms sending auth logs, syslog, and whatever else 
>to log analytics, but they don't send system metrics.
>Time-series data is a different beast altogether. However much 
>elastic/splunk/whoever else says they also do metrics, they're only secondary 
>features at best.
>There's a reason time-series databases exist, and are necessary.
>
>
>
>On Wednesday, March 6th, 2024 at 20:48, Dave Beagle 
><0525eaef6620-dmarc-requ...@listserv.ua.edu> wrote:
>
>> We used Splunk at a former employer. Well, not really used it. An auditor 
>> “suggested” we implement it to “improve” our mainframe security. The auditor 
>> knew nothing about mainframe security. Likely read about Splunk somewhere or 
>> saw a session on it at a conference. And of course the topic of “security” 
>> is at the top of the heap among executives who wouldn’t know Top Secret from 
>> ACF2 from RACF. Especially when they hear that other companies are being 
>> hacked or blackmailed in the media nearly every day.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread kekronbekron 
Exactly. I have my reservations on whether we as mainframe folks are choosing 
this (log analytics products) or are defaulting to it because no one is 
challenging for appropriate options from the mainframe technical side.
For an org, there is of course the valid point of correlation that Charles 
mentions, however, if you objectively work out costs and that, I don't think it 
works out as cost-effective.

We may see kubernetes platforms sending auth logs, syslog, and whatever else to 
log analytics, but they don't send system metrics.
Time-series data is a different beast altogether. However much 
elastic/splunk/whoever else says they also do metrics, they're only secondary 
features at best.
There's a reason time-series databases exist, and are necessary.



On Wednesday, March 6th, 2024 at 20:48, Dave Beagle 
<0525eaef6620-dmarc-requ...@listserv.ua.edu> wrote:

> We used Splunk at a former employer. Well, not really used it. An auditor 
> “suggested” we implement it to “improve” our mainframe security. The auditor 
> knew nothing about mainframe security. Likely read about Splunk somewhere or 
> saw a session on it at a conference. And of course the topic of “security” is 
> at the top of the heap among executives who wouldn’t know Top Secret from 
> ACF2 from RACF. Especially when they hear that other companies are being 
> hacked or blackmailed in the media nearly every day.
> 
> 
> Sent from Yahoo Mail for iPhone
> 
> 
> On Wednesday, March 6, 2024, 10:02 AM, kekronbekron 
> 02dee3fcae33-dmarc-requ...@listserv.ua.edu wrote:
> 
> > I guess you might say that the whole point of products such as these is 
> > converting dense "strings & numbers" into logs.
> 
> I agree, except that I think the goal is not to squirrel metrics into logs, 
> but to get metrics and/or logs (actual SYSLOG) to tooling used outside of 
> mainframe.
> 
> > no, we want to manage mainframe security 100% on the mainframe" and that 
> > may be valid, but not every enterprise feels that way.
> 
> Not saying this, I certainly see the value in common tools, especially if it 
> means adopting good tech from distributed.
> 
> I just don't see how high volume metrics (even if we filter down to just a 
> few 100, from all SMF types) can be equated to more or less logs, and handle 
> them like that, except because it's already in use elsewhere in the org. 
> Instead of chosing the right tool for the job.
> 
> 
> 
> On Wednesday, March 6th, 2024 at 20:20, Charles Mills charl...@mcn.org wrote:
> 
> > I guess you might say that the whole point of products such as these is 
> > converting dense "strings & numbers" into logs. A mainframe security 
> > "event" is surely as significant to the enterprise as a Linux server 
> > security event -- it makes sense to many enterprises to get it into their 
> > enterprise security analysis solution (Splunk, Sumo Logic, or a "SIEM"). 
> > You may say "no, we want to manage mainframe security 100% on the 
> > mainframe" and that may be valid, but not every enterprise feels that way. 
> > I feel that there is a benefit to correlating the two worlds, and 
> > correlation is what SIEMs and Splunk are good at. In other words, it may be 
> > relevant that the mainframe is seeing hundreds of invalid password attempts 
> > at the same time that a Linux server is seeing DoS attacks.
> > 
> > When you think of SMF you may primarily think in terms of job accounting 
> > and resource management, but the first record type that customers usually 
> > want to export to Splunk or a SIEM is RACF's type 80.
> > 
> > Yes, SMF is very "dense" and Syslog -- the industry standard logging 
> > "thing" -- too loosely defined to be called a standard, and not to be 
> > confused with what we mainframers call SYSLOG -- is basically 
> > human-readable ASCII text and not very dense at all. The most common format 
> > is some variant of tag = value, so one binary byte at offset 20 into an SMF 
> > 80 record might become EventCode = 1 or perhaps Event = RACINIT.
> > 
> > It's a big job. I just looked. At the point I turned the product over to 
> > BMC it consisted of about 100,000 lines of C++, 26,000 lines of assembler, 
> > and 60,000 lines of a proprietary schema that mapped, for example, a binary 
> > byte at offset 20 in an SMF 80 record, to EventCode = nn.
> > 
> > Charles
> > 
> > On Wed, 6 Mar 2024 02:15:14 +, kekronbekron kekronbek...@protonmail.com 
> > wrote:
> > 
> > > I don't understand this at all... we all know that SMF is not a log, it's 
> > > a whole bunch of strings & mostly numbers... metrics.
> > > Why has it become acceptable to send metrics to a log search tool, 
> > > knowing full well that these are different categories with different 
> > > solutions.
> > > Splunk etc. are meant to collect and search through things like http web 
> > > server log, not metrics.
> > > The information density in a log is low. In SMF, it's very high (there 
> > > are no fluff words, just metrics which may or may not

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread Dave Beagle 
We used Splunk at a former employer. Well, not really used it. An auditor 
“suggested” we implement it to “improve” our mainframe security. The auditor 
knew nothing about mainframe security. Likely read about Splunk somewhere or 
saw a session on it at a conference. And of course the topic of “security” is 
at the top of the heap among executives who wouldn’t know Top Secret from ACF2 
from RACF. Especially when they hear that other companies are being hacked or 
blackmailed in the media nearly every day.


Sent from Yahoo Mail for iPhone


On Wednesday, March 6, 2024, 10:02 AM, kekronbekron 
<02dee3fcae33-dmarc-requ...@listserv.ua.edu> wrote:

> I guess you might say that the whole point of products such as these is 
> converting dense "strings & numbers" into logs.
I agree, except that I think the goal is not to squirrel metrics into logs, but 
to get metrics and/or logs (actual SYSLOG) to tooling used outside of mainframe.

> no, we want to manage mainframe security 100% on the mainframe" and that may 
> be valid, but not every enterprise feels that way.
Not saying this, I certainly see the value in common tools, especially if it 
means adopting good tech from distributed.

I just don't see how high volume metrics (even if we filter down to just a few 
100, from all SMF types) can be equated to more or less logs, and handle them 
like that, except because it's already in use elsewhere in the org. Instead of 
chosing the right tool for the job.



On Wednesday, March 6th, 2024 at 20:20, Charles Mills  wrote:

> I guess you might say that the whole point of products such as these is 
> converting dense "strings & numbers" into logs. A mainframe security "event" 
> is surely as significant to the enterprise as a Linux server security event 
> -- it makes sense to many enterprises to get it into their enterprise 
> security analysis solution (Splunk, Sumo Logic, or a "SIEM"). You may say 
> "no, we want to manage mainframe security 100% on the mainframe" and that may 
> be valid, but not every enterprise feels that way. I feel that there is a 
> benefit to correlating the two worlds, and correlation is what SIEMs and 
> Splunk are good at. In other words, it may be relevant that the mainframe is 
> seeing hundreds of invalid password attempts at the same time that a Linux 
> server is seeing DoS attacks.
> 
> When you think of SMF you may primarily think in terms of job accounting and 
> resource management, but the first record type that customers usually want to 
> export to Splunk or a SIEM is RACF's type 80.
> 
> Yes, SMF is very "dense" and Syslog -- the industry standard logging "thing" 
> -- too loosely defined to be called a standard, and not to be confused with 
> what we mainframers call SYSLOG -- is basically human-readable ASCII text and 
> not very dense at all. The most common format is some variant of tag = value, 
> so one binary byte at offset 20 into an SMF 80 record might become EventCode 
> = 1 or perhaps Event = RACINIT.
> 
> It's a big job. I just looked. At the point I turned the product over to BMC 
> it consisted of about 100,000 lines of C++, 26,000 lines of assembler, and 
> 60,000 lines of a proprietary schema that mapped, for example, a binary byte 
> at offset 20 in an SMF 80 record, to EventCode = nn.
> 
> Charles
> 
> On Wed, 6 Mar 2024 02:15:14 +, kekronbekron kekronbek...@protonmail.com 
> wrote:
> 
> > I don't understand this at all... we all know that SMF is not a log, it's a 
> > whole bunch of strings & mostly numbers... metrics.
> > Why has it become acceptable to send metrics to a log search tool, knowing 
> > full well that these are different categories with different solutions.
> > Splunk etc. are meant to collect and search through things like http web 
> > server log, not metrics.
> > The information density in a log is low. In SMF, it's very high (there are 
> > no fluff words, just metrics which may or may not be of use during a given 
> > activity).
> 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM Announces the z/OS Container Platform

2024-03-06 Thread kekronbekron 
It's neither a supplement or a replacement. So it's an 'other'.

This is how I interpret the situation - 
zCX is for people who don't have Linux on Z, and/or would like to keep this 
slice of linux in the mainframe domain's garden.
zCX is not just Ubuntu. A few other distros will work too, if not all.

As you say DJ, zCP is "just" isolation for USS processes.
They don't code today for USS, but a whole world of possibility w.r.t tooling 
is opening up because of the LLVM-based compiler options that IBM provides now.
Decades of tools written in C/C++ (now with make, cmake, clang working in zOS) 
are now "game" in zOS.
Same for tools written in Go from recent times.

So zCP is a way to deploy them as they would be off of mainframe.

The more that native zOS stuff is unix-ified, the more of zOS administration 
can be managed/controlled from OpenShift Operator for zOS or whatever it's 
called.
At the moment, Ansible is trying to help for working with the MVS-native side.
I say "trying to" because I see automated workflows getting horribly 
complicated -- and still embedding JCL -- and being sold as modernized/improved.
300+ lines of python + yaml to replace 20 lines of JCL... where the 300+ lines 
embeds said JCL.



On Wednesday, March 6th, 2024 at 19:01, Allan Staller 
<0387911dea17-dmarc-requ...@listserv.ua.edu> wrote:

> Classification: Confidential
> 
> How does this compare to z/CX. IS this a supplement? Replacement? Other?
> 
> -Original Message-
> From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of 
> Timothy Sipples
> 
> Sent: Tuesday, March 5, 2024 7:45 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: IBM Announces the z/OS Container Platform
> 
> [CAUTION: This Email is from outside the Organization. Unless you trust the 
> sender, Don't click links or open attachments as it may be a Phishing email, 
> which can steal your Information and compromise your Computer.]
> 
> I'd like to draw your attention to this IBM announcement:
> 
> https://www.ibm.com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zoshttps://www.ibm.com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos?region=US
> 
> 
> -
> Timothy Sipples
> Senior Architect
> Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, 
> Asia-Pacific sipp...@sg.ibm.com
> 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
> lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> ::DISCLAIMER::
> 
> The contents of this e-mail and any attachment(s) are confidential and 
> intended for the named recipient(s) only. E-mail transmission is not 
> guaranteed to be secure or error-free as information could be intercepted, 
> corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses 
> in transmission. The e mail and its contents (with or without referred 
> errors) shall therefore not attach any liability on the originator or HCL or 
> its affiliates. Views or opinions, if any, presented in this email are solely 
> those of the author and may not necessarily reflect the views or opinions of 
> HCL or its affiliates. Any form of reproduction, dissemination, copying, 
> disclosure, modification, distribution and / or publication of this message 
> without the prior written consent of authorized representative of HCL is 
> strictly prohibited. If you have received this email in error please delete 
> it and notify the sender immediately. Before opening any email and/or 
> attachments, please check them for viruses and other defects.
> 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread kekronbekron 
> I guess you might say that the whole point of products such as these is 
> converting dense "strings & numbers" into logs.
I agree, except that I think the goal is not to squirrel metrics into logs, but 
to get metrics and/or logs (actual SYSLOG) to tooling used outside of mainframe.

> no, we want to manage mainframe security 100% on the mainframe" and that may 
> be valid, but not every enterprise feels that way.
Not saying this, I certainly see the value in common tools, especially if it 
means adopting good tech from distributed.

I just don't see how high volume metrics (even if we filter down to just a few 
100, from all SMF types) can be equated to more or less logs, and handle them 
like that, except because it's already in use elsewhere in the org. Instead of 
chosing the right tool for the job.



On Wednesday, March 6th, 2024 at 20:20, Charles Mills  wrote:

> I guess you might say that the whole point of products such as these is 
> converting dense "strings & numbers" into logs. A mainframe security "event" 
> is surely as significant to the enterprise as a Linux server security event 
> -- it makes sense to many enterprises to get it into their enterprise 
> security analysis solution (Splunk, Sumo Logic, or a "SIEM"). You may say 
> "no, we want to manage mainframe security 100% on the mainframe" and that may 
> be valid, but not every enterprise feels that way. I feel that there is a 
> benefit to correlating the two worlds, and correlation is what SIEMs and 
> Splunk are good at. In other words, it may be relevant that the mainframe is 
> seeing hundreds of invalid password attempts at the same time that a Linux 
> server is seeing DoS attacks.
> 
> When you think of SMF you may primarily think in terms of job accounting and 
> resource management, but the first record type that customers usually want to 
> export to Splunk or a SIEM is RACF's type 80.
> 
> Yes, SMF is very "dense" and Syslog -- the industry standard logging "thing" 
> -- too loosely defined to be called a standard, and not to be confused with 
> what we mainframers call SYSLOG -- is basically human-readable ASCII text and 
> not very dense at all. The most common format is some variant of tag = value, 
> so one binary byte at offset 20 into an SMF 80 record might become EventCode 
> = 1 or perhaps Event = RACINIT.
> 
> It's a big job. I just looked. At the point I turned the product over to BMC 
> it consisted of about 100,000 lines of C++, 26,000 lines of assembler, and 
> 60,000 lines of a proprietary schema that mapped, for example, a binary byte 
> at offset 20 in an SMF 80 record, to EventCode = nn.
> 
> Charles
> 
> On Wed, 6 Mar 2024 02:15:14 +, kekronbekron kekronbek...@protonmail.com 
> wrote:
> 
> > I don't understand this at all... we all know that SMF is not a log, it's a 
> > whole bunch of strings & mostly numbers... metrics.
> > Why has it become acceptable to send metrics to a log search tool, knowing 
> > full well that these are different categories with different solutions.
> > Splunk etc. are meant to collect and search through things like http web 
> > server log, not metrics.
> > The information density in a log is low. In SMF, it's very high (there are 
> > no fluff words, just metrics which may or may not be of use during a given 
> > activity).
> 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

2024-03-06 Thread Charles Mills 
I guess you might say that the whole point of products such as these is 
converting dense "strings & numbers" into logs. A mainframe security "event" is 
surely as significant to the enterprise as a Linux server security event -- it 
makes sense to many enterprises to get it into their enterprise security 
analysis solution (Splunk, Sumo Logic, or a "SIEM"). You may say "no, we want 
to manage mainframe security 100% on the mainframe" and that may be valid, but 
not every enterprise feels that way. I feel that there is a benefit to 
correlating the two worlds, and correlation is what SIEMs and Splunk are good 
at. In other words, it may be relevant that the mainframe is seeing hundreds of 
invalid password attempts at the same time that a Linux server is seeing DoS 
attacks.

When you think of SMF you may primarily think in terms of job accounting and 
resource management, but the first record type that customers usually want to 
export to Splunk or a SIEM is RACF's type 80.

Yes, SMF is very "dense" and Syslog -- the industry standard logging "thing" -- 
too loosely defined to be called a standard, and not to be confused with what 
we mainframers call SYSLOG -- is basically human-readable ASCII text and not 
very dense at all. The most common format is some variant of tag = value, so 
one binary byte at offset 20 into an SMF 80 record might become EventCode = 1 
or perhaps Event = RACINIT.

It's a big job. I just looked. At the point I turned the product over to BMC it 
consisted of about 100,000 lines of C++, 26,000 lines of assembler, and 60,000 
lines of a proprietary schema that mapped, for example, a binary byte at offset 
20 in an SMF 80 record, to EventCode = nn.

Charles

On Wed, 6 Mar 2024 02:15:14 +, kekronbekron  
wrote:

>I don't understand this at all... we all know that SMF is not a log, it's a 
>whole bunch of strings & mostly numbers... metrics.
>Why has it become acceptable to send metrics to a log search tool, knowing 
>full well that these are different categories with different solutions.
>Splunk etc. are meant to collect and search through things like http web 
>server log, not metrics.
>The information density in a log is low. In SMF, it's very high (there are no 
>fluff words, just metrics which may or may not be of use during a given 
>activity).

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM Announces the z/OS Container Platform

2024-03-06 Thread Seymour J Metz 
Weren't there jails in MULTICS?

--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר


From: IBM Mainframe Discussion List  on behalf of 
Rick Troth <058ff5c2d0a7-dmarc-requ...@listserv.ua.edu>
Sent: Wednesday, March 6, 2024 8:55 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM Announces the z/OS Container Platform

For clarity, start with "chroot" or "change root".
Unix has had thechroot() function and the 'chroot' command since before
my time, thus POSIX and Linux have it too.
Within a changed root environment, the process or program can only "see"
files from the new root directory on down.
The hardware architecture and the operating system (ABI or application
binary interface) remain the same.

The downside to this (or maybe the upside, depending on what you need)
is that programs running under 'chroot' "see" the same network stack and
devices. They also "see" other processes (and can signal them).
I used to say that 'chroot' was the closest thing Unix had to a virtual
machine. It's fantastic for development, and often useful for security.
But then came containers.

Containers are like "chroot on steroids". Processes running in a
container have the "root" indicated, but also have their own unique
_network address_ and a private _process space_. The advantage is
sharing of the kernel (or nucleus); no need to intercept I/O or
virtualize devices.
The hardware architecture and the operating system (ABI or application
binary interface) remain the same.

A container hosted by Linux is a Linux environment. A container hosted
by Slolaris is a Slolaris environment. A container (called a "jail")
hosted by FreeBSD* is a FreeBSD environment.
_Presumably a container hosted by z/OS (USS) is a z/OS (USS)
environment,_ but the sales pitches are perhaps vague. (It's also
possible that I'm just dense! I concede.)

So ... Timothy ... please speak it plainly for slowpokes like me.
*What exactly are these various offerings? *

Thanks!

*FreeBSD (or possibly one of the other BSDs) was first with this, by the
way. They call it a "jail".

-- R; <><




On 3/6/24 08:04, Matt Hogstrom wrote:
> At Broadcom we announced support for K8s deployments of what I call the 
> surround z/OS software deployment.   Internally we’ve tested deployments on 
> x86, zLinux and zCX with the latter two using OCP.
>
> Its called WatchTower and leverages public REST APIs across the on z/OS and 
> off z/OS products.   K8s makes deployment,management and upgrades so much 
> easier.
>
> We started with x86 as most Z shops are not ready on zLinux or zCX   Cant 
> wait for that though.
>
> Matt Hogstrom
> PGP key 0F143BC1
>
>> On Mar 6, 2024, at 07:48, Jousma, 
>> David<01a0403c5dc1-dmarc-requ...@listserv.ua.edu>  wrote:
>>
>> Timothy,
>>
>> I’ll wait to see more information as it becomes available.   So zCX is 
>> Ubuntu Linux on z/OS, IBM has labelled Redhat Openshift as zCX-OCP, and now 
>> we have zOSCP.   I like the container Ideas, but this literally sounds like 
>> z/OS Unix inside a container?   I guess that surprises me, as I don’t hear 
>> about people actively coding in z/OS Unix.   Or is this something else?
>>
>> BTW, I am a big proponent of ZCX, and would like to see IBM move its 
>> ancillary mainframe support software into a docker container.   I know TWS 
>> DWC, Omegamon TEPS, and others are moving that way.   Just waiting for more 
>> to come. We are also running Rocker Terminal Emulator Webedition in ZCX 
>> to replace all of our desktop out-of-date Bluezone implementations.
>>
>> Dave Jousma
>> Vice President | Director, Technology Engineering
>>
>>
>> From: IBM Mainframe Discussion List  on behalf of 
>> Timothy Sipples
>> Date: Tuesday, March 5, 2024 at 8:46 PM
>> To:IBM-MAIN@LISTSERV.UA.EDU  
>> Subject: IBM Announces the z/OS Container Platform
>> I’d like to draw your attention to this IBM announcement: https: 
>> //urldefense. com/v3/__https: //www. ibm. 
>> com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKdSvtHkw$>  //urldefense. com/v3/__https: //www. ibm. 
>> com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos?region=US__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKZu1F5Bg$>
>>
>>
>> I’d like to draw your attention to this IBM announcement:
>>
>>
>>
>>

Re: IBM Announces the z/OS Container Platform

2024-03-06 Thread Rick Troth 

For clarity, start with "chroot" or "change root".
Unix has had thechroot() function and the 'chroot' command since before 
my time, thus POSIX and Linux have it too.
Within a changed root environment, the process or program can only "see" 
files from the new root directory on down.
The hardware architecture and the operating system (ABI or application 
binary interface) remain the same.


The downside to this (or maybe the upside, depending on what you need) 
is that programs running under 'chroot' "see" the same network stack and 
devices. They also "see" other processes (and can signal them).
I used to say that 'chroot' was the closest thing Unix had to a virtual 
machine. It's fantastic for development, and often useful for security.

But then came containers.

Containers are like "chroot on steroids". Processes running in a 
container have the "root" indicated, but also have their own unique 
_network address_ and a private _process space_. The advantage is 
sharing of the kernel (or nucleus); no need to intercept I/O or 
virtualize devices.
The hardware architecture and the operating system (ABI or application 
binary interface) remain the same.


A container hosted by Linux is a Linux environment. A container hosted 
by Slolaris is a Slolaris environment. A container (called a "jail") 
hosted by FreeBSD* is a FreeBSD environment.
_Presumably a container hosted by z/OS (USS) is a z/OS (USS) 
environment,_ but the sales pitches are perhaps vague. (It's also 
possible that I'm just dense! I concede.)


So ... Timothy ... please speak it plainly for slowpokes like me.
*What exactly are these various offerings? *

Thanks!

*FreeBSD (or possibly one of the other BSDs) was first with this, by the 
way. They call it a "jail".


-- R; <><




On 3/6/24 08:04, Matt Hogstrom wrote:

At Broadcom we announced support for K8s deployments of what I call the 
surround z/OS software deployment.   Internally we’ve tested deployments on 
x86, zLinux and zCX with the latter two using OCP.

Its called WatchTower and leverages public REST APIs across the on z/OS and off 
z/OS products.   K8s makes deployment,management and upgrades so much easier.

We started with x86 as most Z shops are not ready on zLinux or zCX   Cant wait 
for that though.

Matt Hogstrom
PGP key 0F143BC1


On Mar 6, 2024, at 07:48, Jousma, 
David<01a0403c5dc1-dmarc-requ...@listserv.ua.edu>  wrote:

Timothy,

I’ll wait to see more information as it becomes available.   So zCX is Ubuntu 
Linux on z/OS, IBM has labelled Redhat Openshift as zCX-OCP, and now we have 
zOSCP.   I like the container Ideas, but this literally sounds like z/OS Unix 
inside a container?   I guess that surprises me, as I don’t hear about people 
actively coding in z/OS Unix.   Or is this something else?

BTW, I am a big proponent of ZCX, and would like to see IBM move its ancillary 
mainframe support software into a docker container.   I know TWS DWC, Omegamon 
TEPS, and others are moving that way.   Just waiting for more to come. We 
are also running Rocker Terminal Emulator Webedition in ZCX to replace all of 
our desktop out-of-date Bluezone implementations.

Dave Jousma
Vice President | Director, Technology Engineering


From: IBM Mainframe Discussion List  on behalf of Timothy 
Sipples
Date: Tuesday, March 5, 2024 at 8:46 PM
To:IBM-MAIN@LISTSERV.UA.EDU  
Subject: IBM Announces the z/OS Container Platform
I’d like to draw your attention to this IBM announcement: https: //urldefense. 
com/v3/__https: //www. ibm. 
com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKdSvtHkw$


I’d like to draw your attention to this IBM announcement:

Re: IBM Announces the z/OS Container Platform

2024-03-06 Thread Allan Staller 
Classification: Confidential

How does this compare to z/CX. IS this a supplement? Replacement? Other?

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Timothy Sipples
Sent: Tuesday, March 5, 2024 7:45 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: IBM Announces the z/OS Container Platform

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don't click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

I'd like to draw your attention to this IBM announcement:

https://www.ibm.com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos

-
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, 
Asia-Pacific sipp...@sg.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
::DISCLAIMER::

The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only. E-mail transmission is not guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or may contain viruses in transmission. 
The e mail and its contents (with or without referred errors) shall therefore 
not attach any liability on the originator or HCL or its affiliates. Views or 
opinions, if any, presented in this email are solely those of the author and 
may not necessarily reflect the views or opinions of HCL or its affiliates. Any 
form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of this message without the prior written 
consent of authorized representative of HCL is strictly prohibited. If you have 
received this email in error please delete it and notify the sender 
immediately. Before opening any email and/or attachments, please check them for 
viruses and other defects.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: WLM - service class and Dispatch priority

2024-03-06 Thread Scott Chapman 
Well, a significant portion of the value proposition for WLM when it was 
introduced in the mid 90s was in fact to eliminate the static assignment of 
dispatching priorities and the fact that WLM would potentially adjust the 
dispatching priorities every 10 seconds to attempt to balance the performance 
of different workloads at different importances to optimize overall throughput 
of the system. 

WLM makes those decisions based on how the different workloads are performing 
relative to their goals. But of course if the goals and importances are set 
"poorly" the results may not be ideal. 

The CPU Critical attribute can be set for service classes to keep a service 
class at a dispatching priority above all SCs at a lower importance. Well 
mostly... except for promotion that can happen for a variety of reasons to help 
resolve things like resource contention. But CPU Critical is generally not the 
first tool to be pulled out of the tool box.

If you want a (relatively) quick overview of WLM, you might check the 
presentations section of our website: https://pivotor.com/content.html You 
might want to click on the topic view button at the top and scroll down to the 
WLM section. The "Introdution to the WLM" presentation might be a good place to 
start. "WLM’s Algorithms – How WLM Works" might be another good early one to 
look at. It sounds like "Revisiting Goals over Time" might also be of interest. 
:)

Scott Chapman


On Wed, 6 Mar 2024 08:33:14 +0400, Peter  wrote:

>Hello
>
>I must confess that I am not a WLM expert but I just wanted to understand
>how this works
>
>In our environment we have few started where their Service class(Velocity)
>and Dispatch priority keeps changing on its own.
>
>Based on what constraint or definition in WLM the service class and
>Dispatch priority are dynamic? Keeping a static value would be right thing
>to do ?
>Sometimes those task loop and freezes the entire zOS. So If I make those
>started task Service class and DP static then will it help consuming the
>zOS memory due to looping?
>
>Sorry if this question are basic and lacks some information
>
>Any suggestions or advice are much appreciated
>
>Peter
>
>--
>For IBM-MAIN subscribe / signoff / archive access instructions,
>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BASE64 Decode / EPOCH Conversion Code Samples

2024-03-06 Thread Sri Hari Kolusu 
>>. Is anyone aware of where one might locate any sample assembler code, macros 
>>or APIs to perform the following:
- Base64 Decoding (to EBCDIC)- EPOCH Conversion Thanks in advance for the 
assistance.   

Frank,

Check this link for BASE64 decoding and encoding

https://github.com/cicsdev/base64

EPOCH conversion is easy.

Just convert EPOCH to TOD and use SYS1.MACLIB(STCKCONV) to convert it to 
readable date and time format.

TOD =  (epoc * 409600) + 90480181248 


Thanks,
Kolusu

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM Announces the z/OS Container Platform

2024-03-06 Thread Matt Hogstrom 
At Broadcom we announced support for K8s deployments of what I call the 
surround z/OS software deployment.   Internally we’ve tested deployments on 
x86, zLinux and zCX with the latter two using OCP.   

Its called WatchTower and leverages public REST APIs across the on z/OS and off 
z/OS products.   K8s makes deployment,management and upgrades so much easier.

We started with x86 as most Z shops are not ready on zLinux or zCX   Cant wait 
for that though.  

Matt Hogstrom
PGP key 0F143BC1

> On Mar 6, 2024, at 07:48, Jousma, David 
> <01a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote:
> 
> Timothy,
> 
> I’ll wait to see more information as it becomes available.   So zCX is Ubuntu 
> Linux on z/OS, IBM has labelled Redhat Openshift as zCX-OCP, and now we have 
> zOSCP.   I like the container Ideas, but this literally sounds like z/OS Unix 
> inside a container?   I guess that surprises me, as I don’t hear about people 
> actively coding in z/OS Unix.   Or is this something else?
> 
> BTW, I am a big proponent of ZCX, and would like to see IBM move its 
> ancillary mainframe support software into a docker container.   I know TWS 
> DWC, Omegamon TEPS, and others are moving that way.   Just waiting for more 
> to come. We are also running Rocker Terminal Emulator Webedition in ZCX 
> to replace all of our desktop out-of-date Bluezone implementations.
> 
> Dave Jousma
> Vice President | Director, Technology Engineering
> 
> 
> From: IBM Mainframe Discussion List  on behalf of 
> Timothy Sipples 
> Date: Tuesday, March 5, 2024 at 8:46 PM
> To: IBM-MAIN@LISTSERV.UA.EDU 
> Subject: IBM Announces the z/OS Container Platform
> I’d like to draw your attention to this IBM announcement: https: 
> //urldefense. com/v3/__https: //www. ibm. 
> com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKdSvtHkw$  //urldefense. com/v3/__https: //www. ibm. 
> com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos?region=US__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKZu1F5Bg$>
> 
> 
> I’d like to draw your attention to this IBM announcement:
> 
> 
> 
> https://urldefense.com/v3/__https://www.ibm.com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKdSvtHkw$>
> 
> 
> 
> —
> 
> Timothy Sipples
> 
> Senior Architect
> 
> Digital Assets, Industry Solutions, and Cybersecurity
> 
> IBM Z/LinuxONE, Asia-Pacific
> 
> sipp...@sg.ibm.com
> 
> 
> 
> 
> 
> --
> 
> For IBM-MAIN subscribe / signoff / archive access instructions,
> 
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> 
> This e-mail transmission contains information that is confidential and may be 
> privileged.   It is intended only for the addressee(s) named above. If you 
> receive this e-mail in error, please do not read, copy or disseminate it in 
> any manner. If you are not the intended recipient, any disclosure, copying, 
> distribution or use of the contents of this information is prohibited. Please 
> reply to the message immediately by informing the sender that the message was 
> misdirected. After replying, please erase it from your computer system. Your 
> assistance in correcting this error is appreciated.
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe /

Re: IBM Announces the z/OS Container Platform

2024-03-06 Thread Jousma, David 
Timothy,

I’ll wait to see more information as it becomes available.   So zCX is Ubuntu 
Linux on z/OS, IBM has labelled Redhat Openshift as zCX-OCP, and now we have 
zOSCP.   I like the container Ideas, but this literally sounds like z/OS Unix 
inside a container?   I guess that surprises me, as I don’t hear about people 
actively coding in z/OS Unix.   Or is this something else?

BTW, I am a big proponent of ZCX, and would like to see IBM move its ancillary 
mainframe support software into a docker container.   I know TWS DWC, Omegamon 
TEPS, and others are moving that way.   Just waiting for more to come. We 
are also running Rocker Terminal Emulator Webedition in ZCX to replace all of 
our desktop out-of-date Bluezone implementations.

Dave Jousma
Vice President | Director, Technology Engineering


From: IBM Mainframe Discussion List  on behalf of 
Timothy Sipples 
Date: Tuesday, March 5, 2024 at 8:46 PM
To: IBM-MAIN@LISTSERV.UA.EDU 
Subject: IBM Announces the z/OS Container Platform
I’d like to draw your attention to this IBM announcement: https: //urldefense. 
com/v3/__https: //www. ibm. 
com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKdSvtHkw$


I’d like to draw your attention to this IBM announcement:



https://urldefense.com/v3/__https://www.ibm.com/docs/en/announcements/zos-container-platform-delivers-industry-standard-cloud-technologies-build-run-zos-unix-applications-as-containers-natively-zos__;!!MwwqYLOC6b6whF7V!g9jgcYA166VI9yCFuvhNkTfHy8dDjgaHN__msC1njoKwcSod3-qptPTbiM-TB68jc0uSWrpixIKdSvtHkw$>



—

Timothy Sipples

Senior Architect

Digital Assets, Industry Solutions, and Cybersecurity

IBM Z/LinuxONE, Asia-Pacific

sipp...@sg.ibm.com





--

For IBM-MAIN subscribe / signoff / archive access instructions,

send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN