W dniu 2017-04-21 o 21:48, Tony Harminc pisze:
On 21 April 2017 at 15:09, R.S. <[email protected]> wrote:
Regarding the "call home" method - I DONT LIKE IT!
Really, that's not good idea to enforce Internet connection just to perform
such an action. I would agree for HMC to communicate, however I have no idea
whether it's possible. Can BCPii be enhanced used for such purposse? That
would be preferrable to use IBM call home site as the hub. ISV's shoudl
communicate to IBM, instead of customer. Too complex IMHO.
More practical approach: the product periodically or just by demand create
some token. Admin sends the token using copy-paste and e-mail or webservice.
The he gets some response (again, numerical token) which should be put into
the product in order to elongate licence period. I should be required once a
quarter or less frequently, it should be able to be performed just today,
because tomorron I start my holiday, etc.
Both the "call home" method and the "send a token" have the same
objection from customers - the content is not transparent. Who knows
if some encrypted string contains a summary of other ISV products that
were found running, number of userids in RACF, etc. etc. info that is
potentially useful for the ISV's sales efforts, and that the customer
would not willingly give out. "Exfiltration" of data, as Snowden and
other recent revelations have popularized. Of course if the token is
very small, well not too much info can be in there. How small is small
enough, though - maybe 64-bits? 128? Ask it another way: would your
national government's TLAs permit this token to leave their
datacentre?
1. I'm not sure our TLAs are aware of computer existence already.
Sometimes they produce soma "standards" which clearly show the authors
have very limited IT knowledge. ;-)
2. Yes, you are right - some (SMALL!) portion of data is being sent.
However you do it already. Every SCRT report contains "black magic
characters at the bottom. Is it control sum or just a PIN code of some
of your customers?
What about HMC call home? Some informations from the system (z/OS) is
being sent - at least type, version and cpu utilization. Can you prove a
RACF db is not included?
3. Last but not least: I think there is a way to make the process of
token preparation transparent. In such case there is no afraid about
other data. BTW: can't it be just open text (sent vie TLS/SSL just for
transmission security).
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is
intended solely for business use of the addressee. This e-mail may only be
received by the addressee and may not be disclosed to any third parties. If you
are not the intended addressee of this e-mail or the employee authorized to
forward it to the addressee, be advised that any dissemination, copying,
distribution or any other similar activity is legally prohibited and may be
punishable. If you received this e-mail by mistake please advise the sender
immediately by using the reply facility in your e-mail software and delete
permanently this e-mail including any copies of it either printed or saved to
hard drive.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,
www.mBank.pl, e-mail: [email protected]ąd Rejonowy dla m. st. Warszawy XII
Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców
KRS 0000025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2016 r. kapitał
zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.955.696 złotych.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
