Re: COBOL - no longer being taught - is a problem
This is not only a problem of universites not teaching its students COBOL, PL/I, IBM Mainframes, etc. It is also a home made problem of the companies requiring this kind of skills. Many of them had their own IT school with which they took care of educating employees in the skills they need for that company. They also sent students to classromm courses in matters not worth teaching by themselves. At least in Switzerland, this has vanished into thin air during the last decade or so. And now intelligent management all over a sudden realizes that they are heading into the problem of retiring employees and complains that they can't find new employees with the demanded skills. It is sure nice to have IT architects that look ahead and preach JAVA, but neglecting that there are legacy systems which for many companies are its heart, is simply not in the interest of those companies. This leads back to the universities. Can you expect someone to preach a matter they don't now abaout? Rarely, probably. -- Peter Hunkeler CREDIT SUISSE AG -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Getting Partition name defined in the IODF
You can use the BCPii interface to talk to any CPC within the HMC domain to get (or modify) info on capacity records and image/activation profiles. Code can be C or assembler and is authorised. It's documented in MVS Programming Callable Services for High-Level Languages. I'm just starting to play with it now, but I want to display results on a web page. I imagine I'm going to have to teach myself something about XML. Cheers, Ant. NT Govt, Australia -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mark Zelden Sent: Thursday, 22 April 2010 5:20 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Getting Partition name defined in the IODF On Wed, 21 Apr 2010 22:35:40 +0800, Vatsal z/OS vatsal...@gmail.com wrote: Thanks Mark, Can we get the same data for all the lpars in the same sysplex as well? Thanks once again. The value I showed was for this system. The information for this CPC (all the LPARs on this CPC, not sysplex) is available from the hardware, but you can't get there from here in REXX. At least not that I know of. Perhaps by using the RMF API, if RMF was active in the plex. But there is no guarantee of that. If you are really want to look at what's defined in the IODF, perhaps get the current IODF name (see code in IPLINFO) and run an HCD report and extract the names from that. That would get you CF partitions, Linux, VM, etc. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:mzel...@flash.net Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Code page for Java on USS
On Wed, Apr 21, 2010 at 8:07 PM, Kirk Wolf k...@dovetail.com wrote: This isn't necessarily what the OP asked - but I would suggest that you don't want to put your Java source code on z/OS anyway! Much better IMO is to code, compile, and even remotely debug your z/OS Java code on your workstation. An IDE like Eclipse (which is free) makes this a far superior alternative to developing code on z/OS. The JZOS Cookbook on http://www.alphaworks.ibm.com/tech/zosjavabatchtk is available to help you get started. Eclipse will integrate with your favorite SCCS, which might be hosted on z/OS or more likely another platform.It is really not necessary to compile your Java code on z/OS; you can have an IDE like Eclipse compile as you type and then simply transfer binary class files or jars to z/OS for execution. The JZOS Cookbook comes with a sample project that includes Ant scripts that will build and deploy your project to z/OS in one click. BTW - the codepage used by your terminal emulator to display Java characters isn't really related to running or compiling Java. Java internally *always* use UTF for characters and strings, so encoding is really only an issue when it comes to getting data in and out of Java. As John mentioned, -Dfile.encoding sets the *default* character set used by Java when converting from bytes to/from UTF strings, but Java code can easily use a different encoding on a file-by-file basis. Regards, Kirk Wolf Dovetailed Technologies http://dovetail.com ( and IBM JZOS Development) Thanks for that information. I'll certainly take a look at the JZOS cookbook as we are about to embark on more Java development. Jim McAlpine -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Another Receive Order Problem
Hi, Last night, I ran a receive order problem. The job downloaded a file named S0001.SHOPZ.S9084121.SMPMCS.pax.Z that is 895,749,120 bytes. A few other files (SMPHOLD and some XML files) were downloaded. That job abended because there was no space in the file system with message: pax: FSUM6260 write error on file /etc/ptfs/work/smpe2010112054737554188/S0001.SHOPZ.S9084121.SMPMCS: EDC5133I NO SPACE LEFT ON DEVICE. Is there a way to find out the actual size of S0001.SHOPZ.S9084121.SMPMCS? I tried running the command pax –rvf S0001.SHOPZ.S9084121.SMPMCS.pax.Z, but it too abended because of space problems. When I ran the command, a file named GIMFAF.XML was created. Its contents are: ?xml version=1.0 ? FILELIST FILEATTR name=SHOPZ.S9084121.SMPMCS level=03.02.00.00 type=SMPPTFIN dsorg=PS recfm=FB lrecl=80 blksize=27920 allocunits=RECORD length=27920 avgrec=U secondary=4410 primary=41970 /FILEATTR /FILELIST Once I enlarge the ZFS to the correct size, what would be the best way to continue the process? Gadi לשימת לבך, בהתאם לנהלי החברה וזכויות החתימה בה, כל הצעה, התחייבות או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה עסקית או משפטית כלשהי. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On Wed, 21 Apr 2010 14:55:50 -0600, Mark Post mp...@novell.com wrote: It was actually an Oracle server consolidation onto a brand-new z9BC, followed by installation of even more virtual Oracle servers. Paid for itself in less than a year. Actually it was on a five IFL z9 EC (not BC). And in any case, that was the Quebec Government, not the Federal Government which was the subject of the Auditor General report. Jim -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Obtain memory question
On Wed, 21 Apr 2010 10:56:15 -0500, Ward, Mike S mw...@ssfcu.org wrote: Hello all, I can obtain memory that lasts for the duration of a job, but how can I share that memory with different routines that are called by that job. Is there some way of setting a pointer that would last for the duration of the job? Or even longer... Take a look at the shmemget() and related C runtime library functions. These are Unix-type shared memory segments and they work in regular MVS batch program too. Be sure to clean up after your self, because un-freed segments tend to remain until the next IPL... Cheers, Jantje. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On Wed, 21 Apr 2010 09:35:00 -0500, Kelman, Tom thomas.kel...@commercebank.com wrote: John, That WikiPedia article also states that DMSII was created by Burroughs (later UniSys) as a database to run on its processors. Does that mean they are still running UniSys machines. If so they have problems over and above COBOL not being taught. It sounds like a typical government non-upgrade environment. Now they are caught in the dark ages and instead of upgrading to modern DB2 and COBOL on proper processors they are probably going to throw out the baby with the bath water and get OMG - WINDOWS. Tom Kelman Tom: The report was misleading (confusing) in many ways in that it talked about all of the government. The specific department involved here regarding DMSII (Human Resources Development Canada, HRDC) is running an older UNISYS environment. Much of the Canadian Government IT environment is on very current technology (and yes that includes lots of IBM System z). However, the canard about COBOL is one that always bothers me. A year or two ago the Toronto Star had an article about COBOL being a deal language. COBOL could paraphrase Mark Twain, The reports of my death have been greatly exaggerated.. IMHO, there is probably more business server application code written in COBOL than any other language still, and I see no reason for that to change. Jim -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On Thu, 22 Apr 2010 05:47:27 -0500, Jim Elliott, IBM jim_elli...@ca.ibm.com wrote: However, the canard about COBOL is one that always bothers me. A year or two ago the Toronto Star had an article about COBOL being a deal language. COBOL could paraphrase Mark Twain, The reports of my death have been greatly exaggerated.. IMHO, there is probably more business server application code written in COBOL than any other language still, and I see no reason for that to change. Jim Oops, typo above. I meant to say DEAD language not deal language. Jim -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
25 reasons why hardware is still hot at IBM
Read this link... http://www.itweb.co.za/index.php? option=com_contentview=articleid=32333:25-reasons-why-hardware-is-still- hot-at-ibmcatid=86:computingItemid=64 or use this link to go to above URL... http://tinyurl.com/2b7kbkp or http://preview.tinyurl.com/2b7kbkp Enjoy reading... ;-D Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Scott Ford Sent: Wednesday, April 21, 2010 7:14 PM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem Its interesting now people in various organizations are in a 4 star panic when the word Cobol comes up. Everyone is so into JAVA and the other object languages. The other interesting fact is how many kids (20-30 yr olds) want to learn Assembler or Cobol ...they go where the money is thats JAVAm C#, C++, etc. I dont fault them, just think its a sign of changes going on. Scott J Ford COBOL can be object oriented as well. And it does interoperate with Java, at least with z/OS Enterprise COBOL (tho not as well as some would like).. It's just that people don't seem too interested in upgrading their COBOL skills into the new facilities. An example here is some COBOL which does XML to interchange data with a Windows system. It was written by one of our more rogue programmers (who was let go in a recent downsizing). It works well. Other programmers don't like it because they are unfamiliar with and dislike XML. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets® 9151 Boulevard 26 . N. Richland Hills . TX 76010 (817) 255-3225 phone . (817)-961-6183 cell john.mck...@healthmarkets.com . www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets® is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Mainframe Applications Development using a modern GUI
Does anybody know any new technologies which can be used in order to develop new modern applications for the mainframe platform ? IBM offers EGL ( http://en.wikipedia.org/wiki/EGL_%28programming_language% 29or: http://www.ibm.com/developerworks/rational/products/egl/egldoc.html ) I remember that IBM had visualage agnerator in the past (http://www- 01.ibm.com/software/awdtools/visgen/ ) Any recommended alternatives to IBM ? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 25 reasons why hardware is still hot at IBM
Elardus, The article was written in South Africa. You think the author of this article read the IBM financial results that was published this week ? ( In the USA ) I do not think so... in fact, I know he/she/it did not read it and maybe tried to justify the advertising revenue given to them by IBM. Note: In the USA, this article would be classified as Airport trash/news for naive executives Anton On 4/22/2010 5:27 AM, Elardus Engelbrecht wrote: Read this link... http://www.itweb.co.za/index.php? option=com_contentview=articleid=32333:25-reasons-why-hardware-is-still- hot-at-ibmcatid=86:computingItemid=64 or use this link to go to above URL... http://tinyurl.com/2b7kbkp or http://preview.tinyurl.com/2b7kbkp Enjoy reading... ;-D Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 25 reasons why hardware is still hot at IBM
Anton Britz wrote: The article was written in South Africa. Of course. You think the author of this article read the IBM financial results that was published this week ? ( In the USA ) Good question. That ITWeb article was written on 19 April 2010. When during last week was that IBM financial results published? Please be very kind to give the address or link of that results, if you can. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Getting Partition name defined in the IODF
Yes, but the OP wanted to do it in REXX. Also, I think BCPii is overkill. If you didn't want to do it in REXX, why not just assembler and diag? Not to mention the fact that BCPii is new and has had some nasty bugs that could take down your system / sysplex. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:mzel...@flash.net Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ On Thu, 22 Apr 2010 17:28:29 +0930, Anthony Thompson anthony.thomp...@nt.gov.au wrote: You can use the BCPii interface to talk to any CPC within the HMC domain to get (or modify) info on capacity records and image/activation profiles. Code can be C or assembler and is authorised. It's documented in MVS Programming Callable Services for High-Level Languages. I'm just starting to play with it now, but I want to display results on a web page. I imagine I'm going to have to teach myself something about XML. Cheers, Ant. NT Govt, Australia -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mark Zelden Sent: Thursday, 22 April 2010 5:20 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Getting Partition name defined in the IODF On Wed, 21 Apr 2010 22:35:40 +0800, Vatsal z/OS vatsal...@gmail.com wrote: Thanks Mark, Can we get the same data for all the lpars in the same sysplex as well? Thanks once again. The value I showed was for this system. The information for this CPC (all the LPARs on this CPC, not sysplex) is available from the hardware, but you can't get there from here in REXX. At least not that I know of. Perhaps by using the RMF API, if RMF was active in the plex. But there is no guarantee of that. If you are really want to look at what's defined in the IODF, perhaps get the current IODF name (see code in IPLINFO) and run an HCD report and extract the names from that. That would get you CF partitions, Linux, VM, etc. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:mzel...@flash.net Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Wed, 21 Apr 2010 21:20:03 +0100, Sam Siegel s...@pscsi.net wrote: : If you use SYNCH or ATTACH with JSTCB=YES, then you're in a whole : different world, but System Integrity is still very much your : responsibility. :I was going to use SYNCH(X). ATTACH(X) does not make sense for this design. Then you are using the same JSCB as the authorized caller. Thus the caller must make sure that APF is turned off before invoking the routine. All previous comments about storage still apply. Thanks again for the sage advice. Very easy to follow and worked perfectly. Synched to problem program abended with S047 when issuing MODESET. JSCB bits adjusted prior to Synch. Did you retain any authorization when doing the SYNCH (such as, having your program running in supervisor state or a system key)? If so, you are likely to still have some major system integrity holes. Mixing unauthorized and authorized code is extremely tricky, and most people get it wrong, in my experience. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Another Receive Order Problem
On Thu, 22 Apr 2010 11:35:41 +0300, G+D+J+ B+N% #B+J+ wrote: Last night, I ran a receive order problem. The job downloaded a file named S0001.SHOPZ.S9084121.SMPMCS.pax.Z that is 895,749,120 bytes. A few other files (SMPHOLD and some XML files) were downloaded. That job abended because there was no space in the file system with message: pax: FSUM6260 write error on file /etc/ptfs/work/smpe2010112054737554188/S0001.SHOPZ.S9084121.SMPMCS: EDC5133I NO SPACE LEFT ON DEVICE. Is there a way to find out the actual size of S0001.SHOPZ.S9084121.SMPMCS? You should be able to infer that from the allocation parameters in GIMPAF.XML. I tried running the command pax rvf S0001.SHOPZ.S9084121.SMPMCS.pax.Z, but it too abended because of space problems. When I ran the command, a file named GIMFAF.XML was created. Its contents are: ?xml version=1.0 ? FILELIST FILEATTR name=SHOPZ.S9084121.SMPMCS level=03.02.00.00 type=SMPPTFIN dsorg=PS recfm=FB lrecl=80 blksize=27920 allocunits=RECORD length=27920 avgrec=U secondary=4410 primary=41970 /FILEATTR /FILELIST Once I enlarge the ZFS to the correct size, what would be the best way to continue the process? It appears that the problem was not with the ZFS, but with the Classic data set, S0001.SHOPZ.S9084121.SMPMCS. At this point, the transfer should have been complete. Try a RECEIVE FROMNTS, possibly with a bigger SMPWKDIR. Or copy the ZFS files, and retry the RECEIVE ORDER. It should detect that the files have already been transferred and resume from the point of failure. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
I havent used the Cobol in the sense of Objects yet. I am some John: I havent used the Cobol in the sense of Objects yet. I am somewhat familar with XML, etc. I guess IMHO I was fortunate to have learned Assembler first and then Cobol. I worked in A CICS macro shop for a bunch of years in the early days, CICS 1.4 , we have VSE runnng CICS and VM. At that time we VMers were kinda rogue. I was younger and loved VM, still do. I dont feel there is anything wrong with rogue ideas , as long as the the ideas that are put into practice can be supported. Some of the newer languages are really good and hve no issue with them. But learning them sometimes is the age old problem, when your buried with work. Scott J Ford From: McKown, John john.mck...@healthmarkets.com To: IBM-MAIN@bama.ua.edu Sent: Thu, April 22, 2010 8:20:05 AM Subject: Re: COBOL - no longer being taught - is a problem -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Scott Ford Sent: Wednesday, April 21, 2010 7:14 PM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem Its interesting now people in various organizations are in a 4 star panic when the word Cobol comes up. Everyone is so into JAVA and the other object languages. The other interesting fact is how many kids (20-30 yr olds) want to learn Assembler or Cobol ...they go where the money is thats JAVAm C#, C++, etc. I dont fault them, just think its a sign of changes going on. Scott J Ford COBOL can be object oriented as well. And it does interoperate with Java, at least with z/OS Enterprise COBOL (tho not as well as some would like).. It's just that people don't seem too interested in upgrading their COBOL skills into the new facilities. An example here is some COBOL which does XML to interchange data with a Windows system. It was written by one of our more rogue programmers (who was let go in a recent downsizing). It works well. Other programmers don't like it because they are unfamiliar with and dislike XML. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets® 9151 Boulevard 26 . N. Richland Hills . TX 76010 (817) 255-3225 phone . (817)-961-6183 cell john.mck...@healthmarkets.com . www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets® is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
Did you retain any authorization when doing the SYNCH (such as, having your program running in supervisor state or a system key)? If so, you are likely to still have some major system integrity holes. Mixing unauthorized and authorized code is extremely tricky, and most people get it wrong, in my experience. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design Walt, Do you have some guidance for the most people? Rob Schramm Sirius Computer Solutions -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, 22 Apr 2010 08:14:27 -0500 Walt Farrell wfarr...@us.ibm.com wrote: :On Wed, 21 Apr 2010 21:20:03 +0100, Sam Siegel s...@pscsi.net wrote: : : If you use SYNCH or ATTACH with JSTCB=YES, then you're in a whole : : different world, but System Integrity is still very much your : : responsibility. : :I was going to use SYNCH(X). ATTACH(X) does not make sense for this : design. : Then you are using the same JSCB as the authorized caller. Thus the caller : must make sure that APF is turned off before invoking the routine. All : previous comments about storage still apply. :Thanks again for the sage advice. Very easy to follow and worked perfectly. :Synched to problem program abended with S047 when issuing MODESET. JSCB :bits adjusted prior to Synch. :Did you retain any authorization when doing the SYNCH (such as, having your :program running in supervisor state or a system key)? If so, you are likely :to still have some major system integrity holes. Mixing unauthorized and :authorized code is extremely tricky, and most people get it wrong, in my :experience. Do they? You are aware, of course, that the OPEN SVC branches to unauthorized user code via SYNCH. As long as all work areas used by the authorized program are in system key there should not be any exposure by using SYNCH. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, Apr 22, 2010 at 2:28 PM, Rob Schramm rob.schr...@siriuscom.comwrote: Did you retain any authorization when doing the SYNCH (such as, having your program running in supervisor state or a system key)? If so, you are likely to still have some major system integrity holes. Mixing unauthorized and authorized code is extremely tricky, and most people get it wrong, in my experience. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design Walt, Do you have some guidance for the most people? Advice and guideance would be greatly apreciated. I'm hoping to use the experience of the list reader to avoid problems. Rob Schramm Sirius Computer Solutions -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 25 reasons why hardware is still hot at IBM
Hi, a) *ARMONK, N.Y. - 19 Apr 2010: *http://www-03.ibm.com/press/us/en/pressrelease/29942.wss Consulting services signings were up 18 percent, with 25 percent of signings related to Smarter Planet and Business Analytics. Strategic Outsourcing signings increased 6 percent. b) January 19, 2010 : http://www.communities.hp.com/online/blogs/legacy-transformation/archive/2010/01/22/a-view-of-ibm-mainframe-4q-2009-financial-results.aspx c) 20/04/2010 08:18:00 : http://www.techworld.com.au/article/343687/ibm_q1_profit_jumps_16_percent But System z and Power system revenues both fell 17 percent. Conclusion : Stop reading ITWEB because the news is TEN years old in there... Anton On 4/22/2010 7:02 AM, Elardus Engelbrecht wrote: Anton Britz wrote: The article was written in South Africa. Of course. You think the author of this article read the IBM financial results that was published this week ? ( In the USA ) Good question. That ITWeb article was written on 19 April 2010. When during last week was that IBM financial results published? Please be very kind to give the address or link of that results, if you can. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
It is true that back in the good old days companies would have internal training to teach programming skills. My first job after college and the military was with a bank as an application programmer. Back then they coded everything in IBM Assembler because it was more efficient than COBOL. Up until then I had coded COBOL, Fortran, and ALGOL (my college had a Burroughs B5500 for student work). I hadn't done anything in assembler so it was very new to me. The company had an excellent self-paced course to train in the basics of assembler. I picked up on it quickly. Besides that there were several people there who made great mentors in the topic. There was one in particular who is still a good friend of mine. There is a problem today that companies complain about not having the skills available in areas like COBOL, but they are not willing to spend the money or time to train their employees in those skills. Tom Kelman Enterprise Capacity Planner Commerce Bank of Kansas City (816) 760-7632 -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Hunkeler Peter (KIUP 4) Sent: Thursday, April 22, 2010 1:24 AM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem This is not only a problem of universites not teaching its students COBOL, PL/I, IBM Mainframes, etc. It is also a home made problem of the companies requiring this kind of skills. Many of them had their own IT school with which they took care of educating employees in the skills they need for that company. They also sent students to classromm courses in matters not worth teaching by themselves. At least in Switzerland, this has vanished into thin air during the last decade or so. And now intelligent management all over a sudden realizes that they are heading into the problem of retiring employees and complains that they can't find new employees with the demanded skills. It is sure nice to have IT architects that look ahead and preach JAVA, but neglecting that there are legacy systems which for many companies are its heart, is simply not in the interest of those companies. This leads back to the universities. Can you expect someone to preach a matter they don't now abaout? Rarely, probably. -- Peter Hunkeler CREDIT SUISSE AG -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html * If you wish to communicate securely with Commerce Bank and its affiliates, you must log into your account under Online Services at http://www.commercebank.com or use the Commerce Bank Secure Email Message Center at https://securemail.commercebank.com NOTICE: This electronic mail message and any attached files are confidential. The information is exclusively for the use of the individual or entity intended as the recipient. If you are not the intended recipient, any use, copying, printing, reviewing, retention, disclosure, distribution or forwarding of the message or any attached file is not authorized and is strictly prohibited. If you have received this electronic mail message in error, please advise the sender by reply electronic mail immediately and permanently delete the original transmission, any attachments and any copies of this message from your computer system. * -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
Yea, a lot of this has to do with the way the media reports it. Just like the Mainframe is Dead situation of several years ago, they feel the if something new comes along - new hardware, new programming language - the old has to go. There is no understanding that each has a place and a purpose. Also, even when it is shown to not be dead they don't change their tune. Tom Kelman Enterprise Capacity Planner Commerce Bank of Kansas City (816) 760-7632 -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Jim Elliott, IBM Sent: Thursday, April 22, 2010 5:47 AM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem On Wed, 21 Apr 2010 09:35:00 -0500, Kelman, Tom thomas.kel...@commercebank.com wrote: John, That WikiPedia article also states that DMSII was created by Burroughs (later UniSys) as a database to run on its processors. Does that mean they are still running UniSys machines. If so they have problems over and above COBOL not being taught. It sounds like a typical government non-upgrade environment. Now they are caught in the dark ages and instead of upgrading to modern DB2 and COBOL on proper processors they are probably going to throw out the baby with the bath water and get OMG - WINDOWS. Tom Kelman Tom: The report was misleading (confusing) in many ways in that it talked about all of the government. The specific department involved here regarding DMSII (Human Resources Development Canada, HRDC) is running an older UNISYS environment. Much of the Canadian Government IT environment is on very current technology (and yes that includes lots of IBM System z). However, the canard about COBOL is one that always bothers me. A year or two ago the Toronto Star had an article about COBOL being a deal language. COBOL could paraphrase Mark Twain, The reports of my death have been greatly exaggerated.. IMHO, there is probably more business server application code written in COBOL than any other language still, and I see no reason for that to change. Jim -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html * If you wish to communicate securely with Commerce Bank and its affiliates, you must log into your account under Online Services at http://www.commercebank.com or use the Commerce Bank Secure Email Message Center at https://securemail.commercebank.com NOTICE: This electronic mail message and any attached files are confidential. The information is exclusively for the use of the individual or entity intended as the recipient. If you are not the intended recipient, any use, copying, printing, reviewing, retention, disclosure, distribution or forwarding of the message or any attached file is not authorized and is strictly prohibited. If you have received this electronic mail message in error, please advise the sender by reply electronic mail immediately and permanently delete the original transmission, any attachments and any copies of this message from your computer system. * -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote: As long as all work areas used by the authorized program are in system key there should not be any exposure by using SYNCH. The code also needs to be in storage protected by a system key. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Repro Variable blocked records
Hi I am reproing a VB qsam file to Variable KSDS When I look the VB qsam in ISPF there are 50 trailing blanks at the end of the record However after the repro The 50 trailing blanks get trucated Sent from my iPhone -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Calling unauthorized code from an authorized address space
Hi All, Switching subject lines to something more appropriate. I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. I'd like to be able to do the following. 1) Provide an anchor word so that the user exit can allocate and retain memory from call to call. 2) Pass a buffer of data (or the address of the buffer) to the user exit so that the user exit can modify the data. 3) Allow the user exit to pass the address of data it has generated back to the authorized caller. 3.1) Data in item 3 will most likely be in a different buffer than data in item 2. Pointers (with enough detail please so I can do the research) on how to do this and maintain system integrity will be greatly appreciated. Thanks, Sam -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman joereich...@optonline.netwrote: Hi I am reproing a VB qsam file to Variable KSDS When I look the VB qsam in ISPF there are 50 trailing blanks at the end of the record However after the repro The 50 trailing blanks get trucated Sent from my iPhone Is that not just ISPF padding out to the maximun record size ? Jim McAlpine -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Sam Siegel Sent: Thursday, April 22, 2010 9:08 AM To: IBM-MAIN@bama.ua.edu Subject: Calling unauthorized code from an authorized address space Hi All, Switching subject lines to something more appropriate. I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. I'd like to be able to do the following. 1) Provide an anchor word so that the user exit can allocate and retain memory from call to call. 2) Pass a buffer of data (or the address of the buffer) to the user exit so that the user exit can modify the data. 3) Allow the user exit to pass the address of data it has generated back to the authorized caller. 3.1) Data in item 3 will most likely be in a different buffer than data in item 2. Pointers (with enough detail please so I can do the research) on how to do this and maintain system integrity will be greatly appreciated. Thanks, Sam SNIP One of the ways to protect yourself is to force the EXITs to use a storage key that is different from yours, and enforce that rule. Why? The EXITs are running in your address space, and so may change storage that is in the key they are running in. So can you attach them such that they will be in KEY10? Or, can you set up all your code to be loaded in KEY10 or KEY0 so that the exit code can't modify your code? Now, can you put all of your control blocks (or structures) in KEY10 or other than KEY8/9 if the exits will run in KEY8? If the exits will run in KEY10, then you can operate normally. Now, any address that is passed back to you, must be checked for a valid storage KEY. It can't be an address of your storage. If it is, the EXIT has passed a bad address. OR, the address passed back to you must be an address you passed it. But now, how do you tell if the EXIT wrote beyond what you intended? If the EXITs run in a different address space, you can use PC/PT/PR to deal with all of this. I'm sure there will be others who will give more gotchas for this type of problem. Regards, Steve Thompson -- Opinions expressed by this poster may not reflect those of poster's employer -- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, 22 Apr 2010 15:07:52 +0100 Sam Siegel s...@pscsi.net wrote: :I'm trying to write some authorized code that has a requirement to invoke :unauthorized user exits. Why? What is the business case? :I'd like to be able to do the following. :1) Provide an anchor word so that the user exit can allocate and retain :memory from call to call. No problem. :2) Pass a buffer of data (or the address of the buffer) to the user exit so :that the user exit can modify the data. Also, no problem. :3) Allow the user exit to pass the address of data it has generated back to :the authorized caller. You must ensure that the unauthorized code has access to the storage provided. One way is to use MVCK/MVCSK when copying it to your buffers. :3.1) Data in item 3 will most likely be in a different buffer than data in :item 2. :Pointers (with enough detail please so I can do the research) on how to do :this and maintain system integrity will be greatly appreciated. The first issue - is the authorized caller an SVC or a program? As stated previously, the latter case involves a lot more work. You must make sure that APF is not on when the unauthorized program is called and all storage used by the authorized code, including the programs, are in system key storage. That includes the initiators save area - you cannot restore from it. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
Jim McAlpine jim.mcalp...@gmail.com wrote in message news:j2h21d1f8c21004220723lc4f0f15bi861d4c3d01ce...@mail.gmail.com... On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman joereich...@optonline.netwrote: Hi I am reproing a VB qsam file to Variable KSDS When I look the VB qsam in ISPF there are 50 trailing blanks at the end of the record However after the repro The 50 trailing blanks get trucated Sent from my iPhone Is that not just ISPF padding out to the maximun record size ? Jim McAlpine Sure. Joe, try an IDCAMS PRINT of the VB file and you will see the real contents of the records. Kees. For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, Apr 22, 2010 at 2:57 PM, Tom Marchant m42tom-ibmm...@yahoo.comwrote: On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote: As long as all work areas used by the authorized program are in system key there should not be any exposure by using SYNCH. The code also needs to be in storage protected by a system key. The authorized code is RENT and marked RENT. I'm pretty user the operating system will put this in write protected storage on load. I don't think I have much control over this as it is the EXEC PGM= program. Storage for the unauthorized code is Key=8 (per LOAD macro ADRNAPF doc) and is in being placed in sp=252 if it is RENT or sp=251 if it is NON-RENT. After reading the Auth Assember guide, i'm not completely sure what key should be used when allocating storage for the un-authorized code. The LOAD macro doc say to allocate storage in the Key of the eventual user of the program loaded using ADRNAPF. Since this is a problem state program SYNCH is starting it in problem state with a key of 8, it seems like the program storage should be key 8. The Auth assembler guide says to allocate storage loaded via ADRNAPF in your key. At the time the LOAD is issued, the authorized program is in key 0. If this is used as a guide line, then the storage should be allocated in Key 0. Let me know if this is setup right or if I need to make some changes. Thanks, Sam -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. Use SYNCH. Assume all data received from the exit is untrusted and insure the caller verifies it. Caller can save addresses on behalf of the exit. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
SIGNOFF IBM-MAIN
Kenneth R. Barkhau -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 3:32 PM, Thompson, Steve steve_thomp...@stercomm.com wrote: -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Sam Siegel Sent: Thursday, April 22, 2010 9:08 AM To: IBM-MAIN@bama.ua.edu Subject: Calling unauthorized code from an authorized address space Hi All, Switching subject lines to something more appropriate. I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. I'd like to be able to do the following. 1) Provide an anchor word so that the user exit can allocate and retain memory from call to call. 2) Pass a buffer of data (or the address of the buffer) to the user exit so that the user exit can modify the data. 3) Allow the user exit to pass the address of data it has generated back to the authorized caller. 3.1) Data in item 3 will most likely be in a different buffer than data in item 2. Pointers (with enough detail please so I can do the research) on how to do this and maintain system integrity will be greatly appreciated. Thanks, Sam SNIP One of the ways to protect yourself is to force the EXITs to use a storage key that is different from yours, and enforce that rule. Why? The EXITs are running in your address space, and so may change storage that is in the key they are running in. So can you attach them such that they will be in KEY10? Or, can you set up all your code to be loaded in KEY10 or KEY0 so that the exit code can't modify your code? Now, can you put all of your control blocks (or structures) in KEY10 or other than KEY8/9 if the exits will run in KEY8? If the exits will run in KEY10, then you can operate normally. Now, any address that is passed back to you, must be checked for a valid storage KEY. It can't be an address of your storage. If it is, the EXIT has passed a bad address. OR, the address passed back to you must be an address you passed it. But now, how do you tell if the EXIT wrote beyond what you intended? If the EXITs run in a different address space, you can use PC/PT/PR to deal with all of this. I'm sure there will be others who will give more gotchas for this type of problem. Thanks for all the detail. It is going to take me a bit to study this and do some tests. Regards, Steve Thompson -- Opinions expressed by this poster may not reflect those of poster's employer -- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 3:34 PM, Binyamin Dissen bdis...@dissensoftware.com wrote: On Thu, 22 Apr 2010 15:07:52 +0100 Sam Siegel s...@pscsi.net wrote: :I'm trying to write some authorized code that has a requirement to invoke :unauthorized user exits. Why? What is the business case? :I'd like to be able to do the following. :1) Provide an anchor word so that the user exit can allocate and retain :memory from call to call. No problem. :2) Pass a buffer of data (or the address of the buffer) to the user exit so :that the user exit can modify the data. Also, no problem. :3) Allow the user exit to pass the address of data it has generated back to :the authorized caller. You must ensure that the unauthorized code has access to the storage provided. One way is to use MVCK/MVCSK when copying it to your buffers. :3.1) Data in item 3 will most likely be in a different buffer than data in :item 2. :Pointers (with enough detail please so I can do the research) on how to do :this and maintain system integrity will be greatly appreciated. The first issue - is the authorized caller an SVC or a program? As stated previously, the latter case involves a lot more work. You must make sure that APF is not on when the unauthorized program is called and all storage used by the authorized code, including the programs, are in system key storage. That includes the initiators save area - you cannot restore from it. Thanks also. Need some time to study this and do some tests. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
It's a VB so When I create it in my Easytrieve program I display the record Length and the length includes the trailing blanks is there any way to dump the RDW Sent from my iPhone On Apr 22, 2010, at 10:34 AM, Vernooij, CP - SPLXM kees.vern...@klm.com wrote: Jim McAlpine jim.mcalp...@gmail.com wrote in message news: j2h21d1f8c21004220723lc4f0f15bi861d4c3d01ce...@mail.gmail.com... On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman joereich...@optonline.netwrote: Hi I am reproing a VB qsam file to Variable KSDS When I look the VB qsam in ISPF there are 50 trailing blanks at the end of the record However after the repro The 50 trailing blanks get trucated Sent from my iPhone Is that not just ISPF padding out to the maximun record size ? Jim McAlpine Sure. Joe, try an IDCAMS PRINT of the VB file and you will see the real contents of the records. Kees. For information, services and offers, please visit our web site: http://www.klm.com . This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/ or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
45+ years ago when I started playing around with this stuff, even then there were too many programming languages for it to be practical for students to take formal courses to learn all the major programming languages, and since then languages and their dialects have continued to change and expand. Students then were given basic understanding of some macro assembler language and at least one procedural oriented language and then expected to become fluent enough in what was available to complete other assignments that depended on programming skills. Language Reference manuals were your friend. Once you understood the basics, you could pick up a new assembler or higher-level language in few days from the manuals, and become reasonably proficient from examples and experience after a few weeks of use. I think the only semi-formal class I had in the early days was a week Introduction to 1410 Autocoder one summer. By the time I would have taken an undergraduate Fortran class, I already knew the material and became a lab instructor. In graduate school at Purdue, I was expected to already know how to use their computers, which had a different architecture and different dialect of Fortran than I had previously used. After reading the available Assembler and IBSYS manuals, I wrote a IBM 7094 macro-assembler implementation of a bootstrap compiler for a simple language that generated 7094 object decks, and later used reference manuals to become proficient in writing CDC 6000 Assembler code for other projects. One of the most useful courses at Purdue was a survey course that introduced a number of different programming languages, including PL/I, COBOL, SNOBOL, LISP, etc. - enough to give a flavor of the context in which a language would be useful with no attempt to teach proficiency in any language. Considering how many different programming languages I've had to deal with over the course of my career, one of the most useful skills I acquired in school was the ability to learn new programming languages, not the ability to program in some specific language. The most critical programming skills for having a long-term career in this business are the ability to think logically, to understand how to convert requirements into algorithms, and to understand the nature of the process of mapping algorithms to available language features. If you have that, you can quickly learn how to be proficient in some specific implementation language. If you lack those skills, you will be a bad programmer no matter what the language. JC Ewing On 04/21/2010 12:21 PM, Ted MacNEIL wrote: Who cares whether the universities are requiring COBOL or not? In co-op programmes, it does matter if you are preparing for the work force, so it (IMO) is important. There are plenty of places and ways to learn it ... But, if I'm already enrolled in a Computer Science stream, why should I have to spend extra (time or money) to learn it, elsewhere? I'm not trying to put words in your mouth, but this sounds suspiciously like the argument:Universities are not here to prepare you for the work place; rather to teach you how to learn. If that's the case, I disagree. I enrolled in the University of Waterloo to prepare myself for a career in computers. Many, along with UOW, have co-op programes. All have employment counselling programmes to help place you post-graduation. If that isn't preparing for the workplace, what is? To me, not teaching COBOL, is like a future surgeon not being taught anatomy. - Too busy driving to stop for gas! ... -- Joel C. Ewing, Fort Smith, ARjremoveccapsew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon bshan...@rocketsoftware.comwrote: I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. Use SYNCH. Assume all data received from the exit is untrusted and insure the caller verifies it. Caller can save addresses on behalf of the exit. SYNCH was previously suggested and I'm using it. To verify data my intention is to use VSMLOC. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
Joe Reichman of the IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu wrote on 04/22/2010 09:53:37 AM: It's a VB so When I create it in my Easytrieve program I display the record Length and the length includes the trailing blanks is there any way to dump the RDW Yes, use the LIST DUMP subcommand of the PDS command processor (CBT file 182). Regards, John K -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SIGNOFF IBM-MAIN
Address such to lists...@bama.ua.edu, not IBM-MAIN -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Kenneth R Barkhau Sent: Thursday, April 22, 2010 9:44 AM To: IBM-MAIN@bama.ua.edu Subject: SIGNOFF IBM-MAIN Kenneth R. Barkhau -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, 22 Apr 2010 15:46:27 +0100 Sam Siegel s...@pscsi.net wrote: :On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon bshan...@rocketsoftware.comwrote: : I'm trying to write some authorized code that has a requirement to invoke : unauthorized user exits. : Use SYNCH. Assume all data received from the exit is untrusted and insure : the caller verifies it. Caller can save addresses on behalf of the exit. :SYNCH was previously suggested and I'm using it. :To verify data my intention is to use VSMLOC. Not good. Even IVSK is not enough. You have to consider that you will be interrupted and the status of the storage location may change. Only safe way is to use the keyed instructions so the reference is real time. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
Considering how many different programming languages I've had to deal with over the course of my career, one of the most useful skills I acquired in school was the ability to learn new programming languages, not the ability to program in some specific language. I don't disagree with that concept, but in the case of the rookie (or co-op) programmer, why not teach them COBOL while you're teaching them programming skills. They have to learn some language, and COBOL is still a major need in the IT working world. - Too busy driving to stop for gas! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On 21 Apr 2010 08:22:23 -0700, in bit.listserv.ibm-main you wrote: Who cares whether the universities are requiring COBOL or not? There are plenty of places and ways to learn it, and any Programmer worth employing should be able to pick it up relatively easy. They may not be as good as a seasoned programmer, but you can't expect a college graduate to perform at the same level as someone with work experience, no matter the language. Universities are for teaching conceptual processes, how to learn and grasp the fundamentals of how programming works, not how to use a specific language, that's what a trade school, or specific class is for. One of the interesting problems is that COBOL differs significantly in concept from the FORTRAN/Algol/C/C++ languages in that it is fixed length field and array oriented with differentiation between decimal and binary. The others are string and array oriented. COBOL is related more to the accounting department while the others to the mathematics department which has neither liked nor accepted the premises of COBOL. As someone who was a systems programmer and an applications programmer using COBOL and related proprietary languages (primarily DYL280 with some Easytrieve) I have my doubts about the long term survival of both COBOL and the mainframe, in part due to bad decisions. It is far cheaper to develop things on other platforms. One person who had worked extensively in COBOL including CICS is now using Microsoft tools and C# because he can develop things faster with less effort and even the free versions of the Microsoft tools are extremely capable. Also for the Windows and Unix environment, a developer has to make certain that the entity buy the COBOL package also has bought the run times which is not a problem with C/C++/C#. If a recent (or future) grad only finds jobs advertising for COBOL programmers, they need to learn it to compete, the same goes for other languages. If a company (or government) needs applications supported using a *relatively* less used language that they have trouble finding proper skills for, they increase the pay offered, and the people (and skills) will come. It might be painful, but it is not impossible by any stretch of the imagination. Frank Finley -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Bob goolsby Sent: Wednesday, April 21, 2010 9:50 AM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem Mornin' -- Well the first thing I found on a search for 'COBOL School' was http://www.askedu.net/training_topic/k_COBOL_1.htm which asked me to further clarify my self (and incidentally open me up to being spammed by the loverly children, I expect). But, scroll down to the bottom of the page and there is a block of links under the heading Find COBOL courses and training in countries:, and both Canada and the USA are included. A bit of exploration shows a lot of XXX (Javva and .Net, mostly) for the COBOL programmer, no surprise; but I also see Intro and Advanced COBOL courses advertised along with a couple of DB2 Using COBOL classes. Most of these are online education, but hey. As to what you can do to improve the situation, wander off to your local Higher Education Venue and your local community college and/or trade school. Fund a scholarship or two; endow a Chair in the CS department (Associate Professor of Dead Computer Linguistics); get involved now. It is already later than you think. By the way, how old is your Systems Programming team? On Wed, Apr 21, 2010 at 6:25 AM, Mike Baldwin m...@cartagena.com wrote: Hi IBM-MAIN, Yesterday Canada's well-respected auditor-general released a report complaining that aging government computer systems could halt delivery of basic services. So we're bracing for the usual criticism of 'old mainframe' systems. Today there are some specifics, including COBOL: Auditor-General reports that updating systems could cost billions ... Ms. Fraser said the problem is so bad that some key programs may shut down. ... Meanwhile, Canada's National Immigration Program runs on a programming language - COBOL - that is no longer being taught and the staff that understand it are retiring. The program also uses a database system called DMSII that dates back to the 1970s http://www.theglobeandmail.com/news/politics/government-wont-let-aging-computers-halt-basic-services-day-says/article1540750/ Maybe you guys and girls have some ideas that would save us taxpayers from paying rising interest on more billions borrowed. Regards, Mike Baldwin Cartagena Software Limited Markham, Ontario, Canada http://www.cartagena.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at
Re: COBOL - no longer being taught - is a problem
On Thu, 22 Apr 2010 05:47:27 -0500, Jim Elliott, IBM jim_elli...@ca.ibm.com wrote: IMHO, there is probably more business server application code written in COBOL than any other language still, and I see no reason for that to change. This is close to the thought that occurred to me when I read it. If the government's I.T. expert, and the departments that apparently agree with her think that COBOL is a problem, at the little ol' government of Canada (OK, maybe not that little), do they not realize that the Earth turns on its axis, financially at least, thanks in great part to COBOL? And if they must change it, in global terms I suppose the world should consider a Y2K-like project but some orders of magnitude larger. Maybe (probably?) this is misreported by the media, but if true, I think they need to be informed of the absurdity. Is someone carrying the flag for COBOL? I hope he/she doesn't prove their point by retiring without a successor! Regards, Mike Baldwin Cartagena Software Limited Markham, Ontario, Canada http://www.cartagena.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 4:04 PM, Binyamin Dissen bdis...@dissensoftware.com wrote: On Thu, 22 Apr 2010 15:46:27 +0100 Sam Siegel s...@pscsi.net wrote: :On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon bshan...@rocketsoftware.comwrote: : I'm trying to write some authorized code that has a requirement to invoke : unauthorized user exits. : Use SYNCH. Assume all data received from the exit is untrusted and insure : the caller verifies it. Caller can save addresses on behalf of the exit. :SYNCH was previously suggested and I'm using it. :To verify data my intention is to use VSMLOC. Not good. Even IVSK is not enough. You have to consider that you will be interrupted and the status of the storage location may change. Only safe way is to use the keyed instructions so the reference is real time. Ahh. I will do that. Thanks. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On 22 Apr 2010 03:48:05 -0700, in bit.listserv.ibm-main you wrote: On Wed, 21 Apr 2010 09:35:00 -0500, Kelman, Tom thomas.kel...@commercebank.com wrote: John, That WikiPedia article also states that DMSII was created by Burroughs (later UniSys) as a database to run on its processors. Does that mean they are still running UniSys machines. If so they have problems over and above COBOL not being taught. It sounds like a typical government non-upgrade environment. Now they are caught in the dark ages and instead of upgrading to modern DB2 and COBOL on proper processors they are probably going to throw out the baby with the bath water and get OMG - WINDOWS. Tom Kelman Tom: The report was misleading (confusing) in many ways in that it talked about all of the government. The specific department involved here regarding DMSII (Human Resources Development Canada, HRDC) is running an older UNISYS environment. Much of the Canadian Government IT environment is on very current technology (and yes that includes lots of IBM System z). However, the canard about COBOL is one that always bothers me. A year or two ago the Toronto Star had an article about COBOL being a deal language. COBOL could paraphrase Mark Twain, The reports of my death have been greatly exaggerated.. IMHO, there is probably more business server application code written in COBOL than any other language still, and I see no reason for that to change. With the many conversions off the mainframe and with the growth of packages such as SAP, I seriously wonder whether this is still true. A large amount of code has been replaced. Jim -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
Don't know if they will let me down load anything work for Emigrant Bank I think they do auditing to see if down load any files Sent from my iPhone On Apr 22, 2010, at 11:01 AM, John P Kalinich jkali...@csc.com wrote: Joe Reichman of the IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu wrote on 04/22/2010 09:53:37 AM: It's a VB so When I create it in my Easytrieve program I display the record Length and the length includes the trailing blanks is there any way to dump the RDW Yes, use the LIST DUMP subcommand of the PDS command processor (CBT file 182). Regards, John K -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On 22 April 2010 10:46, Sam Siegel s...@pscsi.net wrote: On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon bshan...@rocketsoftware.comwrote: I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. Use SYNCH. Assume all data received from the exit is untrusted and insure the caller verifies it. Caller can save addresses on behalf of the exit. SYNCH was previously suggested and I'm using it. To verify data my intention is to use VSMLOC. TOCTTOU! Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On 21 Apr 2010 07:35:48 -0700, in bit.listserv.ibm-main you wrote: John, That WikiPedia article also states that DMSII was created by Burroughs (later UniSys) as a database to run on its processors. Does that mean they are still running UniSys machines. If so they have problems over and above COBOL not being taught. It sounds like a typical government non-upgrade environment. Now they are caught in the dark ages and instead of upgrading to modern DB2 and COBOL on proper processors they are probably going to throw out the baby with the bath water and get OMG - WINDOWS. The intelligent upgrade would be to a current Unisys offering which has a migration path from the existing system if disruption is to be avoided. Another alternative would be to consolidate on a platform already understood by the agency. I suspect that moving to COBOL and DB2 on z could be more painful and costly than a number of other alternatives. Tom Kelman Enterprise Capacity Planner Commerce Bank of Kansas City (816) 760-7632 -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of McKown, John Sent: Wednesday, April 21, 2010 8:37 AM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem Easy solution. Declare COBOL a national treasure and force all Universities in Canada to teach it as a prerequisite to any other Computer Science class. Or at least as a graduation requirement for a Bachelor's degree in CS. That's the government way. Just pass a law. I mean, I had to take classes that I didn't like in order to get my B.Sc. in Math. (like English and History), Why not require COBOL? It's no more arbitrary than anything else that nobody wants to take. And there are PC based COBOL compilers (at least for Windows). DMSII doesn't ring a bell, but according to Wikipedia: quoteDMSII provided: an ISAM model for data access, transaction isolation and database recovery capabilities./quote http://en.wikipedia.org/wiki/Unisys_DMSII . So all that is needed is another database system which has the same API to replace it. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mike Baldwin Sent: Wednesday, April 21, 2010 8:25 AM To: IBM-MAIN@bama.ua.edu Subject: COBOL - no longer being taught - is a problem Hi IBM-MAIN, Yesterday Canada's well-respected auditor-general released a report complaining that aging government computer systems could halt delivery of basic services. So we're bracing for the usual criticism of 'old mainframe' systems. Today there are some specifics, including COBOL: Auditor-General reports that updating systems could cost billions ... Ms. Fraser said the problem is so bad that some key programs may shut down. ... Meanwhile, Canada's National Immigration Program runs on a programming language - COBOL - that is no longer being taught and the staff that understand it are retiring. The program also uses a database system called DMSII that dates back to the 1970s http://www.theglobeandmail.com/news/politics/government-wont-l et-aging-computers-halt-basic-services-day-says/article1540750/ Maybe you guys and girls have some ideas that would save us taxpayers from paying rising interest on more billions borrowed. Regards, Mike Baldwin Cartagena Software Limited Markham, Ontario, Canada http://www.cartagena.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html * If you wish to communicate securely with Commerce Bank and its affiliates, you must log into your account
Re: Repro Variable blocked records
snip is there any way to dump the RDW /snip IDCAMS's PRINT should print the entire record in hex for you. Or if you have the TTR, then use ZAP. Jack Kelly 202-502-2390 (Office) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
Just did that with dump option record is truncated Sent from my iPhone On Apr 22, 2010, at 11:29 AM, John Kelly john_j_ke...@ao.uscourts.gov wrote: snip is there any way to dump the RDW /snip IDCAMS's PRINT should print the entire record in hex for you. Or if you have the TTR, then use ZAP. Jack Kelly 202-502-2390 (Office) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
I am reproing a VB qsam file to Variable KSDS When I look the VB qsam in ISPF there are 50 trailing blanks at the end of the record However after the repro The 50 trailing blanks get trucated If you have DataSet Services (DSS), you could try the print command. If that does not show the RDW, printtrk should show the entire block. Regards, John NOTICE: The information contained in this electronic mail transmission is intended by Convergys Corporation for the use of the named individual or entity to which it is directed and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or by telephone (collect), so that the sender's address records can be corrected. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Joe Reichman Sent: Thursday, April 22, 2010 9:54 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Repro Variable blocked records It's a VB so When I create it in my Easytrieve program I display the record Length and the length includes the trailing blanks is there any way to dump the RDW SNIPPAGE Yes. You specify the following (you will have to manually deblock from the dump which will be done as physical blocks): //IDCAMS EXEC PGM=IDCAMS //SYSUT1 DD DISP=SHR,DSN=your.data.set.name.here, // DCB=(RECFM=U,LRECL=32760) //SYSPRINT DD SYSOUT=* //SYSINDD * PRINT IFILE(SYSUT1) DUMP COUNT(2) /* Sent from my HP Mobile WORKSTATION which doubles as my Dick Tracy Two Way Wrist TV. -- Opinions expressed by this poster may not reflect the opinions of poster's employer -- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
DCOLLECT QUESTION
G'day All I am using DCOLLECT (via ISMF) to extra a list of dsns for a certain management class. All goes well. The list is produced however when I attempt to issue the save file1 I receive a IEC031I D37-04. Is there a way of saving the file to a pds? I tried to do so but I get prompted with a - LIST NAME TOO LONG. Is there some way of getting around this problem or do I have to whittle down my search criteria which would take a while. Thanks. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
That would be hard to say without really studying the current environment. I would imagine that the current Unisys environment is as far from what they are running on as would be System z using DB2 and Cobol. However, since they are on an old Unisys/Burroughs environment they might be able to get some serious assistance from current Unisys to upgrade. You can never tell until you ask. Tom Kelman Enterprise Capacity Planner Commerce Bank of Kansas City (816) 760-7632 -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Clark Morris Sent: Thursday, April 22, 2010 10:29 AM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem On 21 Apr 2010 07:35:48 -0700, in bit.listserv.ibm-main you wrote: John, That WikiPedia article also states that DMSII was created by Burroughs (later UniSys) as a database to run on its processors. Does that mean they are still running UniSys machines. If so they have problems over and above COBOL not being taught. It sounds like a typical government non-upgrade environment. Now they are caught in the dark ages and instead of upgrading to modern DB2 and COBOL on proper processors they are probably going to throw out the baby with the bath water and get OMG - WINDOWS. The intelligent upgrade would be to a current Unisys offering which has a migration path from the existing system if disruption is to be avoided. Another alternative would be to consolidate on a platform already understood by the agency. I suspect that moving to COBOL and DB2 on z could be more painful and costly than a number of other alternatives. Tom Kelman Enterprise Capacity Planner Commerce Bank of Kansas City (816) 760-7632 -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of McKown, John Sent: Wednesday, April 21, 2010 8:37 AM To: IBM-MAIN@bama.ua.edu Subject: Re: COBOL - no longer being taught - is a problem Easy solution. Declare COBOL a national treasure and force all Universities in Canada to teach it as a prerequisite to any other Computer Science class. Or at least as a graduation requirement for a Bachelor's degree in CS. That's the government way. Just pass a law. I mean, I had to take classes that I didn't like in order to get my B.Sc. in Math. (like English and History), Why not require COBOL? It's no more arbitrary than anything else that nobody wants to take. And there are PC based COBOL compilers (at least for Windows). DMSII doesn't ring a bell, but according to Wikipedia: quoteDMSII provided: an ISAM model for data access, transaction isolation and database recovery capabilities./quote http://en.wikipedia.org/wiki/Unisys_DMSII . So all that is needed is another database system which has the same API to replace it. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mike Baldwin Sent: Wednesday, April 21, 2010 8:25 AM To: IBM-MAIN@bama.ua.edu Subject: COBOL - no longer being taught - is a problem Hi IBM-MAIN, Yesterday Canada's well-respected auditor-general released a report complaining that aging government computer systems could halt delivery of basic services. So we're bracing for the usual criticism of 'old mainframe' systems. Today there are some specifics, including COBOL: Auditor-General reports that updating systems could cost billions ... Ms. Fraser said the problem is so bad that some key programs may shut down. ... Meanwhile, Canada's National Immigration Program runs on a programming language - COBOL - that is no longer being taught and the staff that understand it are retiring. The program also uses a database system called DMSII that dates back to the 1970s http://www.theglobeandmail.com/news/politics/government-wont-l et-aging-computers-halt-basic-services-day-says/article1540750/ Maybe you guys and girls have some ideas that would save us taxpayers from paying rising interest on more billions borrowed. Regards, Mike Baldwin
MFNetDisk is free and ready.
HI, You can download MFNetDisk from my site. This is a free MFNetDisk. The LICKEY statement can be delete from the MFNetDisk MVS statements. I add source code of GUI which implement the MVSAPIDLL api to read MVS file directly from PC without MVS. The source code is part of the installation file. Using the source code I give permission to change the GUI and to add more functionality to this GUI or any other program which will use my MVSAPI DLL file. So to be more clear, anyone can use my API but will enable other users to use it free as well. Now there is one code for Linux and for Windows, that will make easier to manage the MFNetDisk code. Some people ask me if I plan to deliver the source code of MFNetDisk, currently I am not. I am sure that I will do it latter. I need to consider all my options with the product before I will do any steps. Thanks, Shai -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: MFNetDisk is free and ready.
Hmmm, reading a dataset without MVS. Sure beats having to deal with that pesky RACF. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Shai Hess Sent: Thursday, April 22, 2010 11:59 AM To: IBM-MAIN@bama.ua.edu Subject: MFNetDisk is free and ready. HI, You can download MFNetDisk from my site. This is a free MFNetDisk. The LICKEY statement can be delete from the MFNetDisk MVS statements. I add source code of GUI which implement the MVSAPIDLL api to read MVS file directly from PC without MVS. The source code is part of the installation file. Using the source code I give permission to change the GUI and to add more functionality to this GUI or any other program which will use my MVSAPI DLL file. So to be more clear, anyone can use my API but will enable other users to use it free as well. Now there is one code for Linux and for Windows, that will make easier to manage the MFNetDisk code. Some people ask me if I plan to deliver the source code of MFNetDisk, currently I am not. I am sure that I will do it latter. I need to consider all my options with the product before I will do any steps. Thanks, Shai -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DCOLLECT QUESTION
G'day All I am using DCOLLECT (via ISMF) to extra a list of dsns for a certain management class. All goes well. The list is produced however when I attempt to issue the save file1 I receive a IEC031I D37-04. Is there a way of saving the file to a pds? I tried to do so but I get prompted with a - LIST NAME TOO LONG. Is there some way of getting around this problem or do I have to whittle down my search criteria which would take a while. Are you using the Data Collection Entry Panel? In which case, you can specify an existing output data set of the appropriate size (with the Replace Contents option) If you're using the Data Set print Entry Panel You can all specify an existing output dataset to use. Pretty much all the options I've looked at give you an opportunity to specify the output dsn a Replace option. Am I missing something here? ddk This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, 22 Apr 2010 15:36:50 +0100, Sam Siegel s...@pscsi.net wrote: On Thu, Apr 22, 2010 at 2:57 PM, Tom Marchant m42tom-ibmm...@yahoo.comwrote: On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote: As long as all work areas used by the authorized program are in system key there should not be any exposure by using SYNCH. The code also needs to be in storage protected by a system key. The authorized code is RENT and marked RENT. I'm pretty user the operating system will put this in write protected storage on load. I don't think I have much control over this as it is the EXEC PGM= program. Storage for the unauthorized code is Key=8 (per LOAD macro ADRNAPF doc) and is in being placed in sp=252 if it is RENT or sp=251 if it is NON-RENT. After reading the Auth Assember guide, i'm not completely sure what key should be used when allocating storage for the un-authorized code. The LOAD macro doc say to allocate storage in the Key of the eventual user of the program loaded using ADRNAPF. Since this is a problem state program SYNCH is starting it in problem state with a key of 8, it seems like the program storage should be key 8. The Auth assembler guide says to allocate storage loaded via ADRNAPF in your key. At the time the LOAD is issued, the authorized program is in key 0. If this is used as a guide line, then the storage should be allocated in Key 0. And what key does the authorized code run in? What key did it start in? Does it have any data in key 8 storage (such as, for example, its initial save area that it got from the initiator when it started in key 8)? -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen bdis...@dissensoftware.com wrote: On Thu, 22 Apr 2010 08:14:27 -0500 Walt Farrell wfarr...@us.ibm.com wrote: :Did you retain any authorization when doing the SYNCH (such as, having your :program running in supervisor state or a system key)? If so, you are likely :to still have some major system integrity holes. Mixing unauthorized and :authorized code is extremely tricky, and most people get it wrong, in my :experience. Do they? You are aware, of course, that the OPEN SVC branches to unauthorized user code via SYNCH. As long as all work areas used by the authorized program are in system key there should not be any exposure by using SYNCH. OPEN is not most people and most people do not try to do this from an SVC, Binyamin. Most people I've seen try to do this from a basic APF-authorized program that started out in key 8 and then wants to invoke a piece of unauthorized code. I've seen what TSO/E had to do to allow this with integrity, and what SDSF had to do to allow it. And how many times IBM has gotten it subtly wrong along the way. It is not simple, and there are a lot of subtle, hidden traps to watch out for. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: MFNetDisk is free and ready.
MFNetDisk will not access disks you do not like to access (Do not specify secured disk to MFNetDisk). Shai On Thu, Apr 22, 2010 at 10:15 AM, Tony @ Comcast tbabo...@comcast.netwrote: Hmmm, reading a dataset without MVS. Sure beats having to deal with that pesky RACF. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Shai Hess Sent: Thursday, April 22, 2010 11:59 AM To: IBM-MAIN@bama.ua.edu Subject: MFNetDisk is free and ready. HI, You can download MFNetDisk from my site. This is a free MFNetDisk. The LICKEY statement can be delete from the MFNetDisk MVS statements. I add source code of GUI which implement the MVSAPIDLL api to read MVS file directly from PC without MVS. The source code is part of the installation file. Using the source code I give permission to change the GUI and to add more functionality to this GUI or any other program which will use my MVSAPI DLL file. So to be more clear, anyone can use my API but will enable other users to use it free as well. Now there is one code for Linux and for Windows, that will make easier to manage the MFNetDisk code. Some people ask me if I plan to deliver the source code of MFNetDisk, currently I am not. I am sure that I will do it latter. I need to consider all my options with the product before I will do any steps. Thanks, Shai -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DCOLLECT QUESTION
Darth, I am using the DATA SET SELECTION ENTRY PANEL i.e option 1 in the ISMF PRIMARY OPTION MENU. Pardon my bad eye sight however I don't see any place, in this option, to plug the dsn. Below is what I see in option 1. For a Data Set List, Select Source of Generated List . . 2 (1 or 2) 1 Generate from a Saved List Query Name To List Name . . Save or Retrieve 2 Generate a new list from criteria below Data Set Name . . . 'SYSIDCS1.**' Enter / to select option / Generate Exclusive list Specify Source of the new list . . 2 (1 - VTOC, 2 - Catalog) 1 Generate list from VTOC Volume Serial Number . . . (fully or partially specified) Storage Group Name . . . . (fully specified) 2 Generate list from Catalog Catalog Name . . . Volume Serial Number . . . (fully or partially specified) Acquire Data from Volume . . . . . . . N (Y or N) Acquire Data if DFSMShsm Migrated . . N (Y or N) Use ENTER to Perform Selection; Use DOWN Command to View next Selection Panel; Use HELP Command for Help; Use END Command to Exit. --- On Fri, 23/4/10, Darth Keller darth.kel...@assurant.com wrote: From: Darth Keller darth.kel...@assurant.com Subject: Re: DCOLLECT QUESTION To: IBM-MAIN@bama.ua.edu Received: Friday, 23 April, 2010, 3:16 AM G'day All I am using DCOLLECT (via ISMF) to extra a list of dsns for a certain management class. All goes well. The list is produced however when I attempt to issue the save file1 I receive a IEC031I D37-04. Is there a way of saving the file to a pds? I tried to do so but I get prompted with a - LIST NAME TOO LONG. Is there some way of getting around this problem or do I have to whittle down my search criteria which would take a while. Are you using the Data Collection Entry Panel? In which case, you can specify an existing output data set of the appropriate size (with the Replace Contents option) If you're using the Data Set print Entry Panel You can all specify an existing output dataset to use. Pretty much all the options I've looked at give you an opportunity to specify the output dsn a Replace option. Am I missing something here? ddk This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe Applications Development using a modern GUI
On Thu, 22 Apr 2010 07:22:23 -0500, Eyal Rothfeld wrote: Does anybody know any new technologies which can be used in order to develop new modern applications for the mainframe platform ? IBM offers EGL ( http://en.wikipedia.org/wiki/EGL_%28programming_language% 29or: http://www.ibm.com/developerworks/rational/products/egl/egldoc.html ) I remember that IBM had visualage agnerator in the past (http://www- 01.ibm.com/software/awdtools/visgen/ ) Any recommended alternatives to IBM ? Ironically, there was an alternative: Continuus -- TeleLogic -- IBM CM/Synergy. So, no longer an alternative to IBM. I wonder if they'll retrofit it to z? But requires coupling to cross-platform language processors such as SAS/Tachyon/Dignus. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm rob.schr...@siriuscom.com wrote: Did you retain any authorization when doing the SYNCH (such as, having your program running in supervisor state or a system key)? If so, you are likely to still have some major system integrity holes. Mixing unauthorized and authorized code is extremely tricky, and most people get it wrong, in my experience. Do you have some guidance for the most people? In all honesty and sincerity, Rob, I have one simple piece of guidance: Do not try to mix authorized and unauthorized code in the same address space. That way lies either madness, or system integrity exposures, or both :) But that leads into my (personal) preferred solution: separate the non-authorized code by using the UNIX fork() function to put it into a different address space. That's the safest and most secure method of separation I've seen so far. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote: I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. First, why do they have to be unauthorized? Your life is a lot simpler if you require that they come from an APF-authorized library and make the customer responsible for ensuring only valid code goes into those libraries. Second, do you really mean user exits (that is, load modules whose names and locations the end-users supply) or installation exits (that is, load modules whose names and locations the system programmers supply)? The concerns are different, in my opinion, for user- vs installation-exits. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Repro Variable blocked records
On Thu, 22 Apr 2010 15:23:02 +0100, Jim McAlpine wrote: On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman wrote: I am reproing a VB qsam file to Variable KSDS When I look the VB qsam in ISPF there are 50 trailing blanks at the end of the record However after the repro The 50 trailing blanks get trucated Sent from my iPhone Is that not just ISPF padding out to the maximun record size ? EDIT lies; BROWSE (not VIEW, which is just EDIT in drag) tells the truth. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe Applications Development using a modern GUI
Why not use you favorite rich web toolkit (Flash, Dojo, Gwt, etc, etc) in front of z/OS web services (WAS, Tomcat, CICS)? FWIW, we will be giving a presentation at SHARE in Boston. The preliminary title/abstract is: IBM JZOS meets Web 2.0 Abstract: The development and deployment of rich web applications on z/OS will be discussed including: * Using JZOS (part of the IBM z/OS Java SDK) in a z/OS web container * Using Eclipse as a development environment * Developing rich browser clients in toolkits such as Adobe Flex/Flash, Dojo, GWT, etc. * Deploying rich client web applications on z/OS as interfaces to legacy systems * Demos Kirk Wolf Dovetailed Technologies http://dovetail.com IBM JZOS Development http://www-03.ibm.com/systems/z/os/zos/tools/java/products/jzos/overview.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, 22 Apr 2010 11:28:19 -0400, Tony Harminc wrote: TOCTTOU! YLSED. Thanks for the lesson, gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, Apr 22, 2010 at 6:18 PM, Walt Farrell wfarr...@us.ibm.com wrote: On Thu, 22 Apr 2010 15:36:50 +0100, Sam Siegel s...@pscsi.net wrote: On Thu, Apr 22, 2010 at 2:57 PM, Tom Marchant m42tom-ibmm...@yahoo.com wrote: On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote: As long as all work areas used by the authorized program are in system key there should not be any exposure by using SYNCH. The code also needs to be in storage protected by a system key. The authorized code is RENT and marked RENT. I'm pretty user the operating system will put this in write protected storage on load. I don't think I have much control over this as it is the EXEC PGM= program. Storage for the unauthorized code is Key=8 (per LOAD macro ADRNAPF doc) and is in being placed in sp=252 if it is RENT or sp=251 if it is NON-RENT. After reading the Auth Assember guide, i'm not completely sure what key should be used when allocating storage for the un-authorized code. The LOAD macro doc say to allocate storage in the Key of the eventual user of the program loaded using ADRNAPF. Since this is a problem state program SYNCH is starting it in problem state with a key of 8, it seems like the program storage should be key 8. The Auth assembler guide says to allocate storage loaded via ADRNAPF in your key. At the time the LOAD is issued, the authorized program is in key 0. If this is used as a guide line, then the storage should be allocated in Key 0. And what key does the authorized code run in? What key did it start in? Does it have any data in key 8 storage (such as, for example, its initial save area that it got from the initiator when it started in key 8)? Points mades. Per previous comments, I'm going to use an SVC 3 to exit or use a BAKR/PR pair. The initiator supplied save area will be ignored. Per comments by other posters, I'm going to change the allocation around to ensure that no key 8 storage is used by the authorized program. Authorized program will then run in that system key. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, Apr 22, 2010 at 6:36 PM, Walt Farrell wfarr...@us.ibm.com wrote: On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm rob.schr...@siriuscom.com wrote: Did you retain any authorization when doing the SYNCH (such as, having your program running in supervisor state or a system key)? If so, you are likely to still have some major system integrity holes. Mixing unauthorized and authorized code is extremely tricky, and most people get it wrong, in my experience. Do you have some guidance for the most people? In all honesty and sincerity, Rob, I have one simple piece of guidance: Do not try to mix authorized and unauthorized code in the same address space. That way lies either madness, or system integrity exposures, or both :) But that leads into my (personal) preferred solution: separate the non-authorized code by using the UNIX fork() function to put it into a different address space. That's the safest and most secure method of separation I've seen so far. I hear what you are saying. I'm not sure that I want to go down the separate address space route. Perhaps I should consider using attach with JSCB=YES and SZERO=NO. Would that tend to eliminate exposure risks? Thanks. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com wrote: On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote: I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. First, why do they have to be unauthorized? Your life is a lot simpler if you require that they come from an APF-authorized library and make the customer responsible for ensuring only valid code goes into those libraries. The requirements exists because I'm trying to write something that will be Ziip enabled and leased as a product. Prior to passing the buffer to a work queue for the SRB, there is the possibility that the user (which can be a normal programmer) will need to modify the data in the buffer or provide additional data once the data source has been drained. I don't want the to impose a requirement of authorized code for the exit as most shop will not allow application programmers to put code in an authorized library. Having systems staff write the code creates a bottleneck on the application rate of change. Second, do you really mean user exits (that is, load modules whose names and locations the end-users supply) or installation exits (that is, load modules whose names and locations the system programmers supply)? Yes I really mean user-exits and not installation exits. The concerns are different, in my opinion, for user- vs installation-exits. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, 22 Apr 2010 19:13:07 +0100 Sam Siegel s...@pscsi.net wrote: :On Thu, Apr 22, 2010 at 6:36 PM, Walt Farrell wfarr...@us.ibm.com wrote: : On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm rob.schr...@siriuscom.com : : wrote: : Did you retain any authorization when doing the SYNCH (such as, having : your : program running in supervisor state or a system key)? If so, you are : likely : to still have some major system integrity holes. Mixing unauthorized : and : authorized code is extremely tricky, and most people get it wrong, in my : experience. : Do you have some guidance for the most people? : In all honesty and sincerity, Rob, I have one simple piece of guidance: Do : not try to mix authorized and unauthorized code in the same address space. : That way lies either madness, or system integrity exposures, or both :) : But that leads into my (personal) preferred solution: separate the : non-authorized code by using the UNIX fork() function to put it into a : different address space. That's the safest and most secure method of : separation I've seen so far. :I hear what you are saying. I'm not sure that I want to go down the :separate address space route. :Perhaps I should consider using attach with JSCB=YES and SZERO=NO. Would :that tend to eliminate exposure risks? You will still need to protect your storage. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DCOLLECT QUESTION
I am using the DATA SET SELECTION ENTRY PANEL i.e option 1 in the ISMF PRIMARY OPTION MENU. Pardon my bad eye sight however I don't see any place, in this option, to plug the dsn. Below is what I see in option 1. OK - this is the same way I was generating a similar list. Once my list is displayed, I'd use the LISTPRT command to copy the output to my dsn. The panel shown after the LISTPRT is entered looks like this to me. With Standard, the fields are side by side across the page; with Roster, each field is on a new line - which way I chose to print my list generally depends on how many fields I want and how I intend to process the output. Select Format Type . . . . . 1 (1 - Standard, 2 - Roster) Report Data Set Name . . . . test.listprt your pre-allocated dsn here Replace Report Contents . . . y (Y or N) Lines/Page . . . 55 (12 to 99) 'Y' to replace Specify Tags to be Printed: === 26 3 prints the DSN, Allocated Space, MgmtClass; tags are separated by blanks Line Operator(24) Change Indicator Data Set Name (6) Compressed Format (3) Allocated Space (20) Creation Date (9) Allocation Unit (25) Data Class Name (14) Block/CI Size(30) Data Set Name Type (16) Block Unused (34) DDM Attributes (35) CCSID Description(19) Device Type (39) CF CACHE Set Name(29) DS Environment (38) CF CACHE Structure Name (11) DS Organisation (37) CF Monitor Status(32) Entry Type (36) CF Status Indicator (21) Expiration Date Use ENTER to Perform Print; Use DOWN Command for next Panel; Additional options, like the MgmtClas are on the next page. These are the default values here that I would use if I were going to pre-allocate a dataset with a larger allocation are Data class . . . . . : DCSTDFLT Organization . . . : PS Record format . . . : FBA Record length . . . : 133 Block size . . . . : 27930 1st extent cylinders: 100 Secondary cylinders : 20 Hope that all helps. ddk This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
On Thu, 22 Apr 2010 19:13:07 +0100, Sam Siegel wrote: On Thu, Apr 22, 2010 at 6:36 PM, Walt Farrell wrote: On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm wrote: Do you have some guidance for the most people? But that leads into my (personal) preferred solution: separate the non-authorized code by using the UNIX fork() function to put it into a different address space. That's the safest and most secure method of separation I've seen so far. I hear what you are saying. I'm not sure that I want to go down the separate address space route. PITA, because the child address space doesn't inherit allocations from the parent. Can't because of ENQ conflicts. Wishlist item: An option to fork() allowing _all_ (even better, selected) allocations to be passed to the child and removed fro the parent. Second choice would be a utility (necessarily authorized) which would perform allocations from a list in the environment (TSOALLOC?) and invoke an executable in the correct APF state. An extension to BPX1EXM. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
--snip TOCTTOU! YLSED. --unsnip Would someone explain this to me? Offlist is OK. Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe Applications Development using a modern GUI
If you use the Dignus tool set, you can do your C/C++ and ASM development on your PC/Linux/Unix, with just about any GUI environment you'd like. So - pick your favorite! This can make for a very powerful developing environment. - Dave Rivers - Paul Gilmartin wrote: On Thu, 22 Apr 2010 07:22:23 -0500, Eyal Rothfeld wrote: Does anybody know any new technologies which can be used in order to develop new modern applications for the mainframe platform ? IBM offers EGL ( http://en.wikipedia.org/wiki/EGL_%28programming_language% 29or: http://www.ibm.com/developerworks/rational/products/egl/egldoc.html ) I remember that IBM had visualage agnerator in the past (http://www- 01.ibm.com/software/awdtools/visgen/ ) Any recommended alternatives to IBM ? Ironically, there was an alternative: Continuus -- TeleLogic -- IBM CM/Synergy. So, no longer an alternative to IBM. I wonder if they'll retrofit it to z? But requires coupling to cross-platform language processors such as SAS/Tachyon/Dignus. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- riv...@dignus.comWork: (919) 676-0847 Get your mainframe programming tools at http://www.dignus.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On 22 April 2010 14:56, Rick Fochtman rfocht...@ync.net wrote: --snip TOCTTOU! YLSED. --unsnip Would someone explain this to me? Offlist is OK. I first saw the acronym in IBM's original MVS description of System Integrity. It's the Time Of Check To Time Of Use problem, that I'm sure you're well aware of. The main reason why things like VSMLOC are not a good approach to checking storage addresses. You Learn Something Every Day. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
a different variation on the COBOL theme Moving old code from mainframe to servers http://www.fiercecio.com/story/moving-old-code-mainframe-servers/2010-04-21 One firm's story: The mainframe goes, but Cobol stays behind http://www.computerworld.com/s/article/9175840/One_firm_s_story_The_mainframe_goes_but_Cobol_stays_behind?source=rss_news from above: A lot of Cobol-based applications have a plot line similar to the first Star Trek movie. In it, the crew of the Enterprise discovers a huge, intelligent cloud they called V'ger. It turns out (plot spoiler alert), though, that V'ger was an unmanned spacecraft called Voyager that had been launched from Earth some 300 years earlier and then readapted by alien forces. ... snip ... -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
Interesting. If Cobol would be a problem, I would expect most of IBM mainframe shops to develop new applications in (so called) modern languages. I don't see it here in Israel. Most of the new code is still developed in Cobol, Natural and some PL/I. farther more, if you are a mainframe centric shop, it would be so cleaver to distribute your applications when everybody is doing the opposite (server consolidation, green computing, etc.). What I do see is a movement from direct coding to rule engines and code generators. At end, programming will be like tailoring. Experts will develop the rules, and the programmer will just drive the records in and our invoking the rules. As other wrote, Cobol is just another language in the forest, an easier one to understand. ITschak On Thu, Apr 22, 2010 at 11:29 PM, Anne Lynn Wheeler l...@garlic.comwrote: a different variation on the COBOL theme Moving old code from mainframe to servers http://www.fiercecio.com/story/moving-old-code-mainframe-servers/2010-04-21 One firm's story: The mainframe goes, but Cobol stays behind http://www.computerworld.com/s/article/9175840/One_firm_s_story_The_mainframe_goes_but_Cobol_stays_behind?source=rss_news from above: A lot of Cobol-based applications have a plot line similar to the first Star Trek movie. In it, the crew of the Enterprise discovers a huge, intelligent cloud they called V'ger. It turns out (plot spoiler alert), though, that V'ger was an unmanned spacecraft called Voyager that had been launched from Earth some 300 years earlier and then readapted by alien forces. ... snip ... -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
imugz...@gmail.com (Itschak Mugzach) writes: Interesting. If Cobol would be a problem, I would expect most of IBM mainframe shops to develop new applications in (so called) modern languages. I don't see it here in Israel. Most of the new code is still developed in Cobol, Natural and some PL/I. farther more, if you are a mainframe centric shop, it would be so cleaver to distribute your applications when everybody is doing the opposite (server consolidation, green computing, etc.). What I do see is a movement from direct coding to rule engines and code generators. At end, programming will be like tailoring. Experts will develop the rules, and the programmer will just drive the records in and our invoking the rules. As other wrote, Cobol is just another language in the forest, an easier one to understand. re: http://www.garlic.com/~lynn/2010h.html#46 COBOL - no longer being taught - is a problem there was big push in the 90s to re-engineer a lot of legacy financial applications (large percentage cobal) that were running settlement batch applications running overnight; using new languages, new processes, large numbers of killer micros and parallel operation ... in order to have straight through processing (eliminating overnight batch settlement for transactions). the toy demos looked good but things collapsed when it came to production rollout. they had ignored speedsfeeds and the technology used had something like 100 times more overhead than the batch cobol (totally swamping any anticipated increased thruput from large numbers of killer micros). In the past decade, I've done some consulting with company that has developed an infrastructure that translates high-level financial business rules into fine-grain SQL transactions. they've been able to demo rapid development/deployment of straight through processing ... with highly parallelized and very high transaction rates. A primary difference compared to the 90s efforts ... is that they rely on the significant parallel technology that has been developed by RDBMS vendors (rather than trying to invent everything from scratch). The parallel RDBMS implementation may have 4-5 times the overhead compared to non-parallelized/sequential batch cobol with vsam ... but the real-time thruput is significantly increased with parallel operation (able to accomplish straight through processing and eliminate the overnight batch settlement). -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Stopping zOS
http://bama.ua.edu/cgi-bin/wa?A2=ind0910L=ibm-mainP=R29080I=1X=- Use RESET CLEAR just to be sure On Tue, Apr 20, 2010 at 11:41 PM, R.S. r.skoru...@bremultibank.com.plwrote: McKown, John pisze: -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Tony Harminc Sent: Tuesday, April 20, 2010 11:39 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Stopping zOS On 20 April 2010 12:35, Mark Zelden mzel...@flash.net wrote: There is also a QUIESCE command, which puts the system in a x'CCC' wait state that is restartable. You wouldn't want to normally do that these days. Why? Tony H. The IP connectivity goes into the toliet and all the clients would need to reconnect. QUIESCE is not of any particular use, other than perhaps after a Z EOD to make sure that all I/O is complete. I.e. you'd never want to do a restart after doing a QUIESCE. IMHO the best way to stop I/O and clear or the reservations is to use HMC Reset icon. -- Radoslaw Skorupka Lodz, Poland -- BRE Bank SA ul. Senatorska 18 00-950 Warszawa www.brebank.pl S d Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru S dowego, nr rejestru przedsi biorców KRS 025237 NIP: 526-021-50-88 Wed ug stanu na dzie 01.01.2009 r. kapita zak adowy BRE Banku SA (w ca o ci wp acony) wynosi 118.763.528 z otych. W zwi zku z realizacj warunkowego podwy szenia kapita u zak adowego, na podstawie uchwa y XXI WZ z dnia 16 marca 2008r., oraz uchwa y XVI NWZ z dnia 27 pa dziernika 2008r., mo e ulec podwy szeniu do kwoty 123.763.528 z . Akcje w podwy szonym kapitale zak adowym BRE Banku SA b d w ca o ci op acone. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Guy Gardoit z/OS Systems Programming -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
From: Ted MacNEIL eamacn...@yahoo.ca To: IBM-MAIN@bama.ua.edu Sent: Thu, April 22, 2010 10:05:02 AM Subject: Re: COBOL - no longer being taught - is a problem Considering how many different programming languages I've had to deal with over the course of my career, one of the most useful skills I acquired in school was the ability to learn new programming languages, not the ability to program in some specific language. I don't disagree with that concept, but in the case of the rookie (or co-op) programmer, why not teach them COBOL while you're teaching them programming skills. They have to learn some language, and COBOL is still a major need in the IT working world. --- Ted: Interesting issue. I have talked to people who do the hiring of application types and the consensus that I have heard is that the more languages an application knows the more likely he/she will be hired. Now I am talking reasonably current languages, not Fortran RPG etc... COBOL still is a MUST. Having said that saying you know a language is a far stretch (at times) from working in it on a day to day basis. Some of the comments on here seem to think that things like DYL and EASYTREIVE RPG, frankly I do not agree they are really languages. I am not trying to put down the report programs but you must admit they are a little far from a computer language, NO? In fact I have seen clerks (and I do mean clerks) write a program. Now these programs were compiled with assembler H. They were essentially HUGE Macro's. The easytrieve category is somewhat more programmer oriented as you had to work with fields in a record. Where the assembler programs it was all done underneath the covers so the clerks did not have to worry about record layouts. The idea of language is getting a little loose I will grant you but I will stand on RPG, EASYTREIVE, DYL and others in my opinion are not anything close to a language. I am curious as to what other have to say about what is and what isn't a language. Ed -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 1:19 PM, Sam Siegel s...@pscsi.net wrote: On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com wrote: On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote: I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. First, why do they have to be unauthorized? Your life is a lot simpler if you require that they come from an APF-authorized library and make the customer responsible for ensuring only valid code goes into those libraries. The requirements exists because I'm trying to write something that will be Ziip enabled and leased as a product. Prior to passing the buffer to a work queue for the SRB, there is the possibility that the user (which can be a normal programmer) will need to modify the data in the buffer or provide additional data once the data source has been drained. I don't want the to impose a requirement of authorized code for the exit as most shop will not allow application programmers to put code in an authorized library. Having systems staff write the code creates a bottleneck on the application rate of change. Second, do you really mean user exits (that is, load modules whose names and locations the end-users supply) or installation exits (that is, load modules whose names and locations the system programmers supply)? Yes I really mean user-exits and not installation exits. I really don't want to be rude about this so please be tolerant of my apparent insensitivity. Your questions indicate a basic lack of understanding of the intricacies of this kind of software. Without understanding all of the nuances it is almost impossible to avoid wandering into dangerous territory and putting your customers at significant availability and integrity risk. Writing an SRB-mode application that runs reliably all the time is hard enough on its own. Writing a mixed mode application that (safely) provides access for non-privileged callers is really hard and there's just no pretending otherwise. Walt's advice here and in the other ADRNAPF thread is exactly right. Borrowing an old saying about the price of a Rolls-Royce... if you have to ask, you can't afford it. In all honesty I would strongly recommend walking away from this idea. -- This email might be from the artist formerly known as CC (or not) You be the judge. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 11:22 PM, Chris Craddock crashlu...@gmail.comwrote: On Thu, Apr 22, 2010 at 1:19 PM, Sam Siegel s...@pscsi.net wrote: On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com wrote: On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote: I'm trying to write some authorized code that has a requirement to invoke unauthorized user exits. First, why do they have to be unauthorized? Your life is a lot simpler if you require that they come from an APF-authorized library and make the customer responsible for ensuring only valid code goes into those libraries. The requirements exists because I'm trying to write something that will be Ziip enabled and leased as a product. Prior to passing the buffer to a work queue for the SRB, there is the possibility that the user (which can be a normal programmer) will need to modify the data in the buffer or provide additional data once the data source has been drained. I don't want the to impose a requirement of authorized code for the exit as most shop will not allow application programmers to put code in an authorized library. Having systems staff write the code creates a bottleneck on the application rate of change. Second, do you really mean user exits (that is, load modules whose names and locations the end-users supply) or installation exits (that is, load modules whose names and locations the system programmers supply)? Yes I really mean user-exits and not installation exits. I really don't want to be rude about this so please be tolerant of my apparent insensitivity. Your questions indicate a basic lack of understanding of the intricacies of this kind of software. Without understanding all of the nuances it is almost impossible to avoid wandering into dangerous territory and putting your customers at significant availability and integrity risk. Writing an SRB-mode application that runs reliably all the time is hard enough on its own. Writing a mixed mode application that (safely) provides access for non-privileged callers is really hard and there's just no pretending otherwise. Walt's advice here and in the other ADRNAPF thread is exactly right. Borrowing an old saying about the price of a Rolls-Royce... if you have to ask, you can't afford it. In all honesty I would strongly recommend walking away from this idea. Chris, I understand what you are saying and I'm not taking anything personally. However, I must ask how is one to learn these things. I'm not pretending to be anything or diminishing the complexity. I thought my approach was exactly the opposite. Ask for advice from those that know. I knew that the questions expose my level of experience when I wrote them. There must be some way to gain this expertise. I believe my product idea is usefully and I want to make sure that it is also safe. Clearly just writing an authorized only program and not allowing a problem state user exit is the preferred way to go. However, if it is reasonably possible to provide a problem state user exit, I would like to explore it. I'm trying my best to ensure integrity and still create something marketable. If you and Walt are saying this is impossible outside of IBM or a vendor environment like BMC or CA then this is unfortunately. It would really be great if the people with the experience and scars would provide the details required to write this type of application correctly. I'm open to suggestions and would very much appreciate them. Again any advice on how to accomplish this would be greatly appreciated. Or a confirmation that this is just not possible regardless of the advice provided would also be appreciated. Sam -- This email might be from the artist formerly known as CC (or not) You be the judge. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
It is possible but there are quite a few gotcha's. And these gotcha's could allow an application programmer to crash the system. Do not wish to appear to be insensitive, but its takes quite a bit of experience to do this correctly. You need a real mentor - hands on - to walk you thru your design and code. As you appear to be writing from a software house, perhaps your colleagues can help. On Thu, 22 Apr 2010 23:49:04 +0100 Sam Siegel s...@pscsi.net wrote: :On Thu, Apr 22, 2010 at 11:22 PM, Chris Craddock crashlu...@gmail.comwrote: : : On Thu, Apr 22, 2010 at 1:19 PM, Sam Siegel s...@pscsi.net wrote: : : On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com : wrote: : : On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote: : : I'm trying to write some authorized code that has a requirement to : invoke : unauthorized user exits. : : First, why do they have to be unauthorized? Your life is a lot simpler : if : you require that they come from an APF-authorized library and make the : customer responsible for ensuring only valid code goes into those : libraries. : : : The requirements exists because I'm trying to write something that will : be : Ziip enabled and leased as a product. : : Prior to passing the buffer to a work queue for the SRB, there is the : possibility that the user (which can be a normal programmer) will need to : modify the data in the buffer or provide additional data once the data : source has been drained. : : I don't want the to impose a requirement of authorized code for the exit : as : most shop will not allow application programmers to put code in an : authorized library. : : Having systems staff write the code creates a bottleneck on the : application : rate of change. : : : : Second, do you really mean user exits (that is, load modules whose : names : and : locations the end-users supply) or installation exits (that is, load : modules : whose names and locations the system programmers supply)? : : : Yes I really mean user-exits and not installation exits. : : : : I really don't want to be rude about this so please be tolerant of my : apparent insensitivity. Your questions indicate a basic lack of : understanding of the intricacies of this kind of software. Without : understanding all of the nuances it is almost impossible to avoid wandering : into dangerous territory and putting your customers at significant : availability and integrity risk. Writing an SRB-mode application that runs : reliably all the time is hard enough on its own. Writing a mixed mode : application that (safely) provides access for non-privileged callers is : really hard and there's just no pretending otherwise. Walt's advice here : and : in the other ADRNAPF thread is exactly right. Borrowing an old saying about : the price of a Rolls-Royce... if you have to ask, you can't afford it. : : In all honesty I would strongly recommend walking away from this idea. : : :Chris, : :I understand what you are saying and I'm not taking anything personally. : However, I must ask how is one to learn these things. I'm :not pretending to be anything or diminishing the complexity. I thought my :approach was exactly the opposite. Ask for advice from those that know. : I knew that the questions expose my level of experience when I wrote them. : :There must be some way to gain this expertise. : :I believe my product idea is usefully and I want to make sure that it is :also safe. Clearly just writing an authorized only program and not allowing :a problem state user exit is the preferred way to go. However, if it is :reasonably possible to provide a problem state user exit, I would like to :explore it. : :I'm trying my best to ensure integrity and still create something :marketable. : :If you and Walt are saying this is impossible outside of IBM or a :vendor environment like BMC or CA then this is unfortunately. : :It would really be great if the people with the experience and scars would :provide the details required to write this type of application correctly. : I'm open to suggestions and would very much appreciate them. : :Again any advice on how to accomplish this would be greatly appreciated. Or :a confirmation that this is just not possible regardless of the advice :provided would also be appreciated. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On Thu, Apr 22, 2010 at 5:49 PM, Sam Siegel s...@pscsi.net wrote: I understand what you are saying and I'm not taking anything personally. However, I must ask how is one to learn these things. I'm not pretending to be anything or diminishing the complexity. I thought my approach was exactly the opposite. Ask for advice from those that know. I knew that the questions expose my level of experience when I wrote them. There must be some way to gain this expertise. Ah yes, there's the rub. There IS a way to do it, but as I am fond of saying, it takes approximately 30 years to get 30 years of experience :-) The big problem is that this platform has evolved over 45 years or so. Back when it started out nobody knew about integrity and there wasn't a lot of difference between the programming environment seen by the system and the application. As time passed things got a whole lot more sophisticated and vastly more complex, but the documentation didn't keep up. In the mainframe community there were always two tribes; the systems software tribe (made up of IBM and the ISVs) and everyone else. Within the systems software tribe, the knowledge of the elders was passed around by word of mouth (or by reading microfiche/dumps :-) ) so by and large nobody within IBM really felt there was a need to spell out the how-tos. But fast forward to today and unless you have spent quite a lot of time working in a professional software development environment where this sort of thing is the daily grind, there's just no way to get a complete picture in anything approaching a reasonable amount of time. If I am brutally honest, most of the programmers remaining in the systems software tribe don't really know all the rules anymore (if ever) and don't (or shouldn't) write that kind of code. Aside from the likes of a few well known names from around here, very little of this sort of code is actually being written from whole cloth any more. Mostly it is little changes being grafted onto existing code here and there, so providing the existing code's basic infrastructure is sound the risks are minimized. But even so, there are some giant yawning chasms of exposures out there. They're just not as well known or recognized as they are on other platforms. Security/Integrity through obscurity is more common than anything else. (Oops, did I say that out loud? My bad!) I believe my product idea is usefully and I want to make sure that it is also safe. Clearly just writing an authorized only program and not allowing a problem state user exit is the preferred way to go. However, if it is reasonably possible to provide a problem state user exit, I would like to explore it. I'm trying my best to ensure integrity and still create something marketable. If you and Walt are saying this is impossible outside of IBM or a vendor environment like BMC or CA then this is unfortunately. It would really be great if the people with the experience and scars would provide the details required to write this type of application correctly. I'm open to suggestions and would very much appreciate them. Again any advice on how to accomplish this would be greatly appreciated. Or a confirmation that this is just not possible regardless of the advice provided would also be appreciated. It is possible to write this kind of thing, but without the benefit of having someone to look over your shoulder (IMO) there isn't ANY chance of getting it right. Certainly not the first, second or third try. I would personally rule out running unauthorized code within the confines of an authorized address space NO MATTER WHAT. I would not tackle it myself and if I was the person looking over your shoulder, I would just say no. But if you can go to the trouble of setting things up with two address spaces (perhaps by using fork() as Walt suggested, or just a garden variety long running non-APF started task) then you would be at least part way there. The problem that remains is that it turns out to be a mountain of code and setup and you would still have to deal with xmemory serialization, integrity and security issues. So your biggest problem isn't that what you're trying to do is necessarily a bad idea, it is just too big and too hard to tackle as a learning exercise. Now if you could tackle something else smaller and more manageable to get your feet wet first, that would be a good thing. -- This email might be from the artist formerly known as CC (or not) You be the judge. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Calling unauthorized code from an authorized address space
On 22 April 2010 14:19, Sam Siegel s...@pscsi.net wrote: The requirements exists because I'm trying to write something that will be Ziip enabled and leased as a product. Prior to passing the buffer to a work queue for the SRB, there is the possibility that the user (which can be a normal programmer) will need to modify the data in the buffer or provide additional data once the data source has been drained. I don't want the to impose a requirement of authorized code for the exit as most shop will not allow application programmers to put code in an authorized library. Is there a true requirement that your end users/application programmers supply assembler language (or C or similar) code to do this buffer changing? I ask because another approach may be to interpret something the user supplies - whether a control language of your own invention, or something more general like REXX, for which interpreters are already available - that does not have the ability to execute arbitrary code on the metal. (Yes, I realize that REXX can write to storage, but that sort of thing can be controlled quite tightly.) In theory you could interpret compiled assembler code, but what would be the point? Since you mention a data source, and the possibility of its being drained and needing refilling, yet another approach may be to treat this as a pipe that gets filled by an unauthorized program from another address space. You can use UNIX piping techniques, or any of various shared memory schemes. Or even TCP/IP or SNA... How usable this will be depends largely on throughput vs latency issues. Of course it's hard to understand what you are really trying to accomplish, and I appreciate you don't want to give a full description for presumably commercial reasons, but if you can explain a bit more, I'll bet there will be good ideas here. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?
As long as all work areas used by the authorized program are in system key there should not be any exposure by using SYNCH. True in an absolute theoretical sense, but in reality there is NO way to guarantee that. If we're talking about a function like OPEN as the example case of a privileged program SYNCHing to a non-privileged one, we're also talking about a system function where the chain of integrity is maintained from the point of entry to the supervisor state environment and there used to be exposures even there. In the general case there just isn't any way to make it work out safely. ALL authorized address spaces start out in key 8 (unless there's a PPT entry to dictate otherwise) and there are a bazillion storage areas laying around that the SYNCH'd-to program could diddle with as it pleases, ergo a giant integrity hole. If the address space has a system key (via PPT) then every task mode unit of work is going to have a PKM that allows it to switch to that key, so even turning off JSCBAUTH and passing control to the unauthorized code would not be any safer and even worse, if you have code that is trying to run in a key other than the job step key, there are a whole lot of things in MVS that just flat out don't work because there are embedded assumptions about the job step key (e.g. anything using step level storage pools) So the system does not ever (so far as I am aware) give control to non-authorized code within an address space that can be considered authorized in ANY way. The other (opposite) case mentioned elsewhere is one of calling privileged user-written code from within an unauthorized address space is not really relevant, but in any case it requires unnatural acts internally; basically stopping every non-authized TCB while the authorized code runs. I realize you're not arguing that Sam should do this sort of thing, but I think you're unintentionally giving some hope that it is doable when it really isn't. -- This email might be from the artist formerly known as CC (or not) You be the judge. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On 22 April 2010 17:59, Ed Gould ps2...@yahoo.com wrote: The idea of language is getting a little loose I will grant you but I will stand on RPG, EASYTREIVE, DYL and others in my opinion are not anything close to a language. I am curious as to what other have to say about what is and what isn't a language. No doubt the most obvious example is Excel (or similar spreadsheets). Any number of managers, clerks, professionals and so on write their own spreadsheet formulas, and sometimes macros, and any number of them are wrong in so many ways. But life and business continues... Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
On 22 Apr 2010 14:59:57 -0700, in bit.listserv.ibm-main you wrote: From: Ted MacNEIL eamacn...@yahoo.ca To: IBM-MAIN@bama.ua.edu Sent: Thu, April 22, 2010 10:05:02 AM Subject: Re: COBOL - no longer being taught - is a problem Considering how many different programming languages I've had to deal with over the course of my career, one of the most useful skills I acquired in school was the ability to learn new programming languages, not the ability to program in some specific language. I don't disagree with that concept, but in the case of the rookie (or co-op) programmer, why not teach them COBOL while you're teaching them programming skills. They have to learn some language, and COBOL is still a major need in the IT working world. --- Ted: Interesting issue. I have talked to people who do the hiring of application types and the consensus that I have heard is that the more languages an application knows the more likely he/she will be hired. Now I am talking reasonably current languages, not Fortran RPG etc... COBOL still is a MUST. Having said that saying you know a language is a far stretch (at times) from working in it on a day to day basis. Some of the comments on here seem to think that things like DYL and EASYTREIVE RPG, frankly I do not agree they are really languages. I am not trying to put down the report programs but you must admit they are a little far from a computer language, NO? In fact I have seen clerks (and I do mean clerks) write a program. Now these programs were compiled with assembler H. They were essentially HUGE Macro's. The easytrieve category is somewhat more programmer oriented as you had to work with fields in a record. Where the assembler programs it was all done underneath the covers so the clerks did not have to worry about record layouts. The idea of language is getting a little loose I will grant you but I will stand on RPG, EASYTREIVE, DYL and others in my opinion are not anything close to a language. DYL280 has a VERY strong set of procedural capabilities including bit manipulation, the ability to use COBOL record descriptions, SORT verb, etc. I have used it to reformat SMF 30 records and play with directory blocks. It can be more powerful than COBOL for many things besides report writing. I am curious as to what other have to say about what is and what isn't a language. Ed -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 25 reasons why hardware is still hot at IBM
#26: IBM hasn't figured out how to run software without hardware yet. Or vice versa. Despite Wall Street accounting, from a technical point of view there's increasing blurring between software and hardware, for a variety of very sensible reasons. (Is an Apple iPhone software or hardware? Yes. Is the IBM Smart Analytics System 9600 software or hardware? Yes.) I see every indication that trend will continue. Speaking only for myself, per usual. - - - - - Timothy Sipples Resident Architect (Based in Singapore) STG Value Creation and Complex Deals Team IBM Growth Markets E-Mail: timothy.sipp...@us.ibm.com Phone: +1 603 472 4234 or +65 9232 2015 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe Applications Development using a modern GUI
For COBOL, PL/I, Assembler, REXX, JCL, C, C++, Java, EGL, and several other development disciplines, the flagship tool is Rational Developer for System z: http://www.ibm.com/software/awdtools/rdz Every CICS TS and IMS TM customer for the past few years has received at least one no charge license, and anybody can download an evaluation version. RDz is based on the Eclipse open source framework. Fault Analyzer, File Manager, Debug Tool, and SCLM are among the development tools that plug right into RDz for graphical fault analysis, file/database management, cross-language debugging, and source library support. Micro Focus offers many graphical tools as well, particularly for COBOL, although I'd argue that IBM Rational has zoomed past now. Of course practically any development tool relevant to other servers is also highly relevant to the mainframe. For example, you should take a look at the JZOS Cookbook if you'd like instructions on using the Eclipse open source development framework with Java on z/OS. Java Enterprise Edition development tools, such as Rational Application Developer, are exactly the same as you'd use to target WebSphere Application Server for z/OS and for Linux on z. (That's the whole point.) The same Portlet Factory targets WebSphere Portal for z/OS and for Linux on z. WebSphere Business Modeler/WebSphere Integration Developer target WebSphere Process Server for z/OS and for Linux on z. The Broker Toolkit targets WebSphere Message Broker for z/OS and for Linux on z. And so on. So, given that, what's your favorite development tool? Chances are pretty darn excellent that it'll target the mainframe. - - - - - Timothy Sipples Resident Architect (Based in Singapore) STG Value Creation and Complex Deals Team IBM Growth Markets E-Mail: timothy.sipp...@us.ibm.com Phone: +1 603 472 4234 or +65 9232 2015 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: COBOL - no longer being taught - is a problem
I'm just the messenger... but I'll add that street parking is easy, you needn't pay a garage. And I'd rate the usual refreshments better than light. - http://www.dcacm.org/default.aspx The Washington DC Chapter of the Association for Computing Machinery, with support from the New America Foundation, is proud to present the May 2010 lecture. Dr. Allen Tucker, Is There a Good Programming Language Out There? Topic: The history of programming languages provides a fascinating backdrop for discussing the idea of quality in language design. Over the years, many languages have introduced some excellent features, but no single language has captured the imagination of such a large audience that it has become the lingua franca of computing. This talk proposes a small set of ideal qualities that programming languages should possess. We then explore a variety of past and current language features that represent these qualities, both well and poorly. Finally, we suggest yet another programming language that can possesses all these ideal qualities simultaneously, considering also the challenges that would accompany its effective implementation. When: Monday May 17th, 2010 7:30pm to 9:00pm Where: New America Foundation 1899 L Street NW Suite 400 (4th Floor) Washington, DC 20036 Near Farragut North Metro Station. Parking is available until midnight at a garage on 19th between M and L streets for $7.00. This lecture is free of charge and open to the public. ACM membership is not required to attend, nor is an RSVP necessary. Please feel free to bring friends and colleagues. Light refreshments will be served. Joel C. Ewing said: Considering how many different programming languages I've had to deal with over the course of my career, one of the most useful skills I acquired in school was the ability to learn new programming languages, not the ability to program in some specific language. -- Gabriel Goldberg, Computers and Publishing, Inc. (703) 204-0433 3401 Silver Maple Place, Falls Church, VA 22042g...@gabegold.com LinkedIn: http://www.linkedin.com/in/gabegold -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 25 reasons why hardware is still hot at IBM
Timothy, IBM's claim to fame is all about manipulating their prices when the customer has no other option.. If you read the book about IBM and their Business plan then you will see that it's all about : Trying to get as much money from UNKNOWING/NAIVE customers and making them feel proud to give so much money to IBM Summary: You claim in your posting that it's not about Wall street accounting but more about the quality of their new products. Have you ever been to the IBM labs in Austin, TX ? They only have old products in there and that is what they proudly show you... as if they are selling to people that do not know what technology is all about. Note: Not sure that you can compare/mention Apple's innovativeness to IBMS for the last 10 years. It is like somebody comparing a F-22 Raptor to a Ford Model T .. but then again, people might still be buying Ford Model T's in Singapore. http://en.wikipedia.org/wiki/F-22_Raptor http://en.wikipedia.org/wiki/Ford_Model_T On 4/22/2010 10:18 PM, Timothy Sipples wrote: #26: IBM hasn't figured out how to run software without hardware yet. Or vice versa. Despite Wall Street accounting, from a technical point of view there's increasing blurring between software and hardware, for a variety of very sensible reasons. (Is an Apple iPhone software or hardware? Yes. Is the IBM Smart Analytics System 9600 software or hardware? Yes.) I see every indication that trend will continue. Speaking only for myself, per usual. - - - - - Timothy Sipples Resident Architect (Based in Singapore) STG Value Creation and Complex Deals Team IBM Growth Markets E-Mail: timothy.sipp...@us.ibm.com Phone: +1 603 472 4234 or +65 9232 2015 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html