Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Stafford Winters]

I've never met Hunter, but I will say I've used MGLOGIN, replaced by 
HGLOGIN, and it has been very useful.  I've also used CONTRL, PEEK & 
SPY, and SUPERVISE.  All of these have worked without problems.


In the early 90's, I did try to use WATCH a few times, but it seems like 
it generally crashed the system, and not just when I tried to use it.


I appreciate Hunter's contributions to the VMS community.

On 3/25/2020 8:27 AM, Hunter Goatley wrote:

On 3/25/2020 10:03 AM, Hittner, David T [US] (MS) wrote:


For a while, there was a company selling a SPY utility for VMS, as 
well as freebie versions floating around. The commercial version 
allowed the watcher to enter data in the watched session by using a 
special command sequence to enable remote data entry. I don’t recall 
any of the freebie versions ever allowing data entry from the 
watcher, for fairly obvious security reasons.


Clyde Digital Systems had AUDIT and CONTRL that let you do that (AUDIT 
logged, CONTRL let an admin watch and/or take over a terminal 
session). Networking Dynamics had PEEK and SPY, which were competing 
products.


I should say "has." Networking Dynamics still sells PEEK & SPY, and 
Raxco still sells AUDIT and CONTRL.


I worked for Clyde Digital.

There was a freeware program called WATCH. It did not allow for taking 
over a session, just watching it. Or maybe it did allow it and was 
just so buggy that you were advised not to.


Then there was the Supervisor Series, sold by Precision Data Systems. 
They were later acquired by Security Pacific Software Services. In 
1992, they released the Supervisor Series into the public domain. At 
that point, I took it over, added features, fixed bugs, and maintained 
it as the Supervisor Series freeware project.


I maintained that for several years, but due to the litigious nature 
of yet another company with competing products, I never ported the 
Supervisor Series to Alpha (which means it was never ported to 
Itanium, either).


The Supervisor Series still runs on OpenVMS VAX V5.0 or later. You can 
find it here:


http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=supervisor===Either=All===


There was also another highly privileged program on the DECUS tapes, 
GLOGIN, which allowed a privileged user to login as another user, so 
that you could see what application behavior occurred within the 
context of a specific user. I found a weird bug in one of our 
application programs that only occurred when the username was 
_exactly_ 7 characters long using GLOGIN to login as the user who had 
reported the bug that we couldn’t duplicate ourselves. J


The original GLOGIN used the pseudo-terminal routines that used to 
float around. When DEC added the supported PTD$ routines for pseudo 
terminals, I wrote my own version of that called HGLOGIN. Here's part 
of the readme:


HGLOGIN lets privileged users log in to a named account without
having to know the password for that account.  A process running
under the target username is created.  Its input and output are
read from a pseudo-terminal, which is controlled by HGLOGIN.

Unlike BECOME and SWAP, the process created by HGLOGIN is a full
process, with all the privileges, rights identifiers, quotas, DCL
symbols, logical names, etc., as well as anything else that is set
up in the target user's LOGIN.COM.

BECOME and SWAP were two other kernel-mode programs that modified the 
username and UIC of the running process to be some other user. They 
were handy, but they had kernel-mode code and they didn't change 
quotas, etc. HGLOGIN was also much safer to use, as it used a 
documented interface provided by VMS.


HGLOGIN is also available in my freeware archive. It runs on all 
platforms, but requires whatever version of VMS introduced the PTD$ 
routines.


http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=hglogin===Either=All===

If you're not familiar with my VMS freeware archive:

http://www.process.com/resources/openvms/index.html


--
Hunter
--
Hunter Goatley, Process Software,http://www.process.com/
goathun...@goatley.comhttp://hunter.goatley.com/

___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh
___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] VMS Hobbyist Licenses

[Johnny Billquist]

Yes, of course.
If not, how would you ever be able to enter a license?

Console login can always be done.

  Johnny

On 2020-03-25 23:10, Jonathan Welch wrote:
I fired up my simh VMS system for the first time in a few weeks only to 
see I was getting expired license messages.


Even with VAX-VMS expired I could log in with my own account to OPA0.

On Thu, Mar 19, 2020, 10:29 AM Robert Thomas > wrote:


The potential real revenue stream from VAX users with hobbyist
licenses is small, but HPE should be able to put a significant
dollar value on the Good Will generated by issuing perpetual
licenses.

__ __

Historically the sales and marketing people at DEC, COMPAQ, HP and
HPE have placed no value on customer loyalty and good will.  Too
many of their marketing decisions have been short sighted killing
the cash cow that users created using the various flavors of RSX on
PDP-11’s and VMS on VAXen, AXP and Itanium.

__ __

Sincerely,

Robert F. Thomas

*A. S. Thomas, Inc.*

44 Industrial Way
Norwood, MA USA 02062
(Office Phone - (781) 329-9200
*mail to: r...@asthomas.com 



__ __

___
Simh mailing list
Simh@trailing-edge.com 
http://mailman.trailing-edge.com/mailman/listinfo/simh


___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh




--
Johnny Billquist  || "I'm on a bus
  ||  on a psychedelic trip
email: b...@softjar.se ||  Reading murder books
pdp is alive! ||  tryin' to stay hip" - B. Idol
___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] VMS Hobbyist Licenses

[Jonathan Welch]

I fired up my simh VMS system for the first time in a few weeks only to see
I was getting expired license messages.

Even with VAX-VMS expired I could log in with my own account to OPA0.

On Thu, Mar 19, 2020, 10:29 AM Robert Thomas  wrote:

> The potential real revenue stream from VAX users with hobbyist licenses is
> small, but HPE should be able to put a significant dollar value on the Good
> Will generated by issuing perpetual licenses.
>
>
>
> Historically the sales and marketing people at DEC, COMPAQ, HP and HPE
> have placed no value on customer loyalty and good will.  Too many of their
> marketing decisions have been short sighted killing the cash cow that users
> created using the various flavors of RSX on PDP-11’s and VMS on VAXen, AXP
> and Itanium.
>
>
>
> Sincerely,
>
> Robert F. Thomas
>
> *A. S. Thomas, Inc.*
>
>  44 Industrial Way
> Norwood, MA USA 02062
> (  Office Phone - (781) 329-9200
> * mail to: r...@asthomas.com
>
>
>
>
> ___
> Simh mailing list
> Simh@trailing-edge.com
> http://mailman.trailing-edge.com/mailman/listinfo/simh
___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Jonathan Welch]

I fired up my simh VMS system and saw we have a watch.exe from 1995. As it
needs another person to observe I couldn't use it in action.

On Wed, Mar 25, 2020, 11:44 AM Bob Eager  wrote:

> I just looked at the sources of the SPY program I have.
>
> It's quite small, and most of it is a driver in Macro-32.
>
> There are only two names in the sources - it says it's based on work by
> one, but written by another. The other is me - just shows how bad my
> memory is.
>
> Anyway, if anyone wants it...the ZIP file is only 13kB. The sources
> have spurious Ctrl-Z characters at the end at present.
> ___
> Simh mailing list
> Simh@trailing-edge.com
> http://mailman.trailing-edge.com/mailman/listinfo/simh
___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Bob Eager]

I just looked at the sources of the SPY program I have.

It's quite small, and most of it is a driver in Macro-32.

There are only two names in the sources - it says it's based on work by
one, but written by another. The other is me - just shows how bad my
memory is.

Anyway, if anyone wants it...the ZIP file is only 13kB. The sources
have spurious Ctrl-Z characters at the end at present.
___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

[Simh] Re: Releasing terspy.mar - vax/vms terminal spy program

[Hunter Goatley]

On 3/25/2020 10:03 AM, Hittner, David T [US] (MS) wrote:


For a while, there was a company selling a SPY utility for VMS, as 
well as freebie versions floating around. The commercial version 
allowed the watcher to enter data in the watched session by using a 
special command sequence to enable remote data entry. I don’t recall 
any of the freebie versions ever allowing data entry from the watcher, 
for fairly obvious security reasons.


Clyde Digital Systems had AUDIT and CONTRL that let you do that (AUDIT 
logged, CONTRL let an admin watch and/or take over a terminal session). 
Networking Dynamics had PEEK and SPY, which were competing products.


I should say "has." Networking Dynamics still sells PEEK & SPY, and 
Raxco still sells AUDIT and CONTRL.


I worked for Clyde Digital.

There was a freeware program called WATCH. It did not allow for taking 
over a session, just watching it. Or maybe it did allow it and was just 
so buggy that you were advised not to.


Then there was the Supervisor Series, sold by Precision Data Systems. 
They were later acquired by Security Pacific Software Services. In 1992, 
they released the Supervisor Series into the public domain. At that 
point, I took it over, added features, fixed bugs, and maintained it as 
the Supervisor Series freeware project.


I maintained that for several years, but due to the litigious nature of 
yet another company with competing products, I never ported the 
Supervisor Series to Alpha (which means it was never ported to Itanium, 
either).


The Supervisor Series still runs on OpenVMS VAX V5.0 or later. You can 
find it here:


http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=supervisor===Either=All===


There was also another highly privileged program on the DECUS tapes, 
GLOGIN, which allowed a privileged user to login as another user, so 
that you could see what application behavior occurred within the 
context of a specific user. I found a weird bug in one of our 
application programs that only occurred when the username was 
_exactly_ 7 characters long using GLOGIN to login as the user who had 
reported the bug that we couldn’t duplicate ourselves. J


The original GLOGIN used the pseudo-terminal routines that used to float 
around. When DEC added the supported PTD$ routines for pseudo terminals, 
I wrote my own version of that called HGLOGIN. Here's part of the readme:


   HGLOGIN lets privileged users log in to a named account without
   having to know the password for that account.  A process running
   under the target username is created.  Its input and output are read
   from a pseudo-terminal, which is controlled by HGLOGIN.

   Unlike BECOME and SWAP, the process created by HGLOGIN is a full
   process, with all the privileges, rights identifiers, quotas, DCL
   symbols, logical names, etc., as well as anything else that is set
   up in the target user's LOGIN.COM.

BECOME and SWAP were two other kernel-mode programs that modified the 
username and UIC of the running process to be some other user. They were 
handy, but they had kernel-mode code and they didn't change quotas, etc. 
HGLOGIN was also much safer to use, as it used a documented interface 
provided by VMS.


HGLOGIN is also available in my freeware archive. It runs on all 
platforms, but requires whatever version of VMS introduced the PTD$ 
routines.


http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=hglogin===Either=All===

If you're not familiar with my VMS freeware archive:

http://www.process.com/resources/openvms/index.html


--
Hunter
--
Hunter Goatley, Process Software, http://www.process.com/
goathun...@goatley.com   http://hunter.goatley.com/

___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] EXT :Re: Releasing terspy.mar - vax/vms terminal spy program

[Hittner, David T [US] (MS)]

Oh no… management frequently asked VMS admins to ‘spy’ on general users for a 
few reasons back in the day, before the politically-correct era.

-  Make sure users were not defrauding the company [stealing inventory 
with illegal transactions, etc.]  (without user consent)

-  Watch user sessions when managers reported various discipline 
problems (without user consent)

-  Debugging full-screen application behavior from a remote location by 
having the user walk us through what they did (with user consent)


SET HOST/LOG sessions are difficult to use to see where full-screen 
applications went wrong, since you have to manually interpret all of the logged 
VT escape sequences. ☹

For a while, there was a company selling a SPY utility for VMS, as well as 
freebie versions floating around. The commercial version allowed the watcher to 
enter data in the watched session by using a special command sequence to enable 
remote data entry. I don’t recall any of the freebie versions ever allowing 
data entry from the watcher, for fairly obvious security reasons.

There was also another highly privileged program on the DECUS tapes, GLOGIN, 
which allowed a privileged user to login as another user, so that you could see 
what application behavior occurred within the context of a specific user. I 
found a weird bug in one of our application programs that only occurred when 
the username was exactly 7 characters long using GLOGIN to login as the user 
who had reported the bug that we couldn’t duplicate ourselves. ☺

David

From: Simh  On Behalf Of Robert Armstrong
Sent: Wednesday, March 25, 2020 10:23 AM
To: simh@trailing-edge.com
Subject: EXT :Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

>$ SET HOST/LOG will log your own session. This program logs someone else's 
>session.

  That’s true – I’m assuming the person being spied upon wants to be spied on.

Bob

___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Robert G. Schaffrath]

Back in the late 1980's, my firm had a program called WATCH (binary is 
WATCHMAN.EXE) that allowed both passive and interactive monitoring of a 
terminal. In passive mode, you could see the activity on the specified 
line without any interaction (WATCH/NOINPUT). In interactive mode, you 
could interact with the session. It was a very useful tool for helping 
remote users. Much like Windows software now that lets you (and 
scammers) provide remote assistance to someone's computer.


I searched the binary for any strings indicating authorship and I cannot 
find anything. The firm had other "interesting" VMS tools besides this 
one including what I considered to be the best deleted file recovery 
utility (RECOVER.EXE) but I never found out where they all came from. 
One of our employees was the late John Wisnewski, who had started the 
VMS Hobbyist Program, so it is possible they were something he obtained. 
When I visited him at our office in Dallas back in the 80's, he gave me 
a tape with all kinds of interesting "toys". Sadly I do not have that 
tape any longer.


On 3/25/2020 10:40 AM, simh-requ...@trailing-edge.com wrote:

Re:  Releasing terspy.mar - vax/vms terminal spy program


___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Dan Gahlinger]

actually not so much.
the docs say it was to log assignment work.

but it was generally accepted that this tool should never be released because 
of the potential for abuse.

now that vms is dead I figure it's probably safe.

I doubt a smart phone camera pic of the printout will work, the quality will 
suck, esp for the old font

Dan

Try: https://www.grammarly.com


From: Simh  on behalf of Robert Armstrong 

Sent: Wednesday, March 25, 2020 10:23:01 AM
To: simh@trailing-edge.com 
Subject: Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program


>$ SET HOST/LOG will log your own session. This program logs someone else's 
>session.



  That’s true – I’m assuming the person being spied upon wants to be spied on.



Bob


___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Robert Armstrong]

>$ SET HOST/LOG will log your own session. This program logs someone else's 
>session.

 

  That’s true – I’m assuming the person being spied upon wants to be spied on.

 

Bob

 

___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Robert Armstrong]

  I've never heard of this particular program, but on VMS there's SET
HOST/LOG which kinda sorta gives a similar result.  In 1980 that might not
have existed, but it's there in most "modern" VMS versions.

 

Bob

 

From: Simh [mailto:simh-boun...@trailing-edge.com] On Behalf Of Supratim
Sanyal
Sent: Wednesday, March 25, 2020 12:36 AM
To: simh@trailing-edge.com
Subject: Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

 

wouldn't taking pictures with a smart phone and running a OCR app work?

 

supratim

 

On 3/25/20 1:56 AM, Dan Gahlinger wrote:

I have a paper printout of a program called terspy.mar - which is a terminal
spy program for vax/vms

 

it was written by Bob Vera, DEC, April 28, 1980
Don't know if anyone here knows him, or knew him, I never met him or knew
him.
I've had this printout in my collection since shortly after the day it was
written (or so).

 

I'd forgotten what a pain it is to scan in fan-fold DEC teletype printouts,
the pages are too long to fit.

 

I've done a scan of it, but the bottom line or so of each page is always
cut-off.
I'm thinking of editing the PDF (Acrobat) and putting in the lines that were
missed manually.

 

from the comments in the program:

 

This tool is designed to kidnap characters out of a designated terminal's
output buffer and record them in a disk file which is subsequently printed
out on the printer when the session is finished.

by default, it creates a log file with the users' name with a .LOG
extension.

also by default, when the session is done, it auto-prints the log file, then
erases it when the print is completed.

 

It's a little over 7 pages long (original printout)

 

If this is a well-known util, I won't waste my time, but I've never seen it
in any archives.

obviously you need appropriate privileges to use it on another user's
terminal.

I don't see anything that specifies which privileges it needs,

but the comments say it's scanning the IRP's, which is what it says it uses
to do its work.


Aside from doing scans a half-page at a time, if anyone has any suggestions
on scanning it, I'd welcome some advice.


Dan.





___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

-- 
Supratim Sanyal, W1XMT
39.19151 N, 77.23432 W
QCOCAL::SANYAL via HECnet
___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Bob Eager]

I have another called SPY, which is in FORTRAN and Macro-32.

It includes a loadable driver.

I expect it's well known, but if not I'll make it available.

On Wed, 25 Mar 2020 05:56:59 +
Dan Gahlinger  wrote:

> I have a paper printout of a program called terspy.mar - which is a
> terminal spy program for vax/vms
> 
> it was written by Bob Vera, DEC, April 28, 1980
> Don't know if anyone here knows him, or knew him, I never met him or
> knew him. I've had this printout in my collection since shortly after
> the day it was written (or so).
> 
> I'd forgotten what a pain it is to scan in fan-fold DEC teletype
> printouts, the pages are too long to fit.
> 
> I've done a scan of it, but the bottom line or so of each page is
> always cut-off. I'm thinking of editing the PDF (Acrobat) and putting
> in the lines that were missed manually.
> 
> from the comments in the program:
> 
> This tool is designed to kidnap characters out of a designated
> terminal's output buffer and record them in a disk file which is
> subsequently printed out on the printer when the session is finished.
> by default, it creates a log file with the users' name with a .LOG
> extension. also by default, when the session is done, it auto-prints
> the log file, then erases it when the print is completed.
> 
> It's a little over 7 pages long (original printout)
> 
> If this is a well-known util, I won't waste my time, but I've never
> seen it in any archives. obviously you need appropriate privileges to
> use it on another user's terminal. I don't see anything that
> specifies which privileges it needs, but the comments say it's
> scanning the IRP's, which is what it says it uses to do its work.
> 
> Aside from doing scans a half-page at a time, if anyone has any
> suggestions on scanning it, I'd welcome some advice.
> 
> Dan.

___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh

Re: [Simh] Releasing terspy.mar - vax/vms terminal spy program

[Supratim Sanyal]

wouldn't taking pictures with a smart phone and running a OCR app work?


supratim


On 3/25/20 1:56 AM, Dan Gahlinger wrote:
I have a paper printout of a program called terspy.mar - which is a 
terminal spy program for vax/vms


it was written by Bob Vera, DEC, April 28, 1980
Don't know if anyone here knows him, or knew him, I never met him or 
knew him.
I've had this printout in my collection since shortly after the day it 
was written (or so).


I'd forgotten what a pain it is to scan in fan-fold DEC teletype 
printouts, the pages are too long to fit.


I've done a scan of it, but the bottom line or so of each page is 
always cut-off.
I'm thinking of editing the PDF (Acrobat) and putting in the lines 
that were missed manually.


from the comments in the program:

This tool is designed to kidnap characters out of a designated 
terminal's output buffer and record them in a disk file which is 
subsequently printed out on the printer when the session is finished.
by default, it creates a log file with the users' name with a .LOG 
extension.
also by default, when the session is done, it auto-prints the log 
file, then erases it when the print is completed.


It's a little over 7 pages long (original printout)

If this is a well-known util, I won't waste my time, but I've never 
seen it in any archives.
obviously you need appropriate privileges to use it on another user's 
terminal.

I don't see anything that specifies which privileges it needs,
but the comments say it's scanning the IRP's, which is what it says it 
uses to do its work.


Aside from doing scans a half-page at a time, if anyone has any 
suggestions on scanning it, I'd welcome some advice.


Dan.

___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh


--
Supratim Sanyal, W1XMT
39.19151 N, 77.23432 W
QCOCAL::SANYAL via HECnet

___
Simh mailing list
Simh@trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh