date:20100422

On Wed, 21 Apr 2010 21:20:03 +0100, Sam Siegel s...@pscsi.net wrote:

 : If you use SYNCH or ATTACH with JSTCB=YES, then you're in a whole
 : different world, but System Integrity is still very much your
 : responsibility.

 :I was going to use SYNCH(X).  ATTACH(X) does not make sense for this
 design.

 Then you are using the same JSCB as the authorized caller. Thus the caller
 must make sure that APF is turned off before invoking the routine. All
 previous comments about storage still apply.


Thanks again for the sage advice.  Very easy to follow and worked perfectly.
Synched to problem program abended with S047 when issuing MODESET.  JSCB
bits adjusted prior to Synch.


Did you retain any authorization when doing the SYNCH (such as, having your
program running in supervisor state or a system key)?  If so, you are likely
to still have some major system integrity holes.  Mixing unauthorized and
authorized code is extremely tricky, and most people get it wrong, in my
experience.

-- 
Walt Farrell, CISSP
IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Another Receive Order Problem

On Thu, 22 Apr 2010 11:35:41 +0300, G+D+J+ B+N% #B+J+ wrote:

Last night, I ran a receive order problem.
The job downloaded a file named S0001.SHOPZ.S9084121.SMPMCS.pax.Z that is 
895,749,120 bytes.
A few other files (SMPHOLD and some XML files) were downloaded.

That job abended because there was no space in the file system with message:
pax: FSUM6260 write error on file 
/etc/ptfs/work/smpe2010112054737554188/S0001.SHOPZ.S9084121.SMPMCS: EDC5133I 
NO SPACE LEFT ON DEVICE.

Is there a way to find out the actual size of S0001.SHOPZ.S9084121.SMPMCS?

You should be able to infer that from the allocation parameters in GIMPAF.XML.

I tried running the command pax rvf S0001.SHOPZ.S9084121.SMPMCS.pax.Z, but it 
too abended because of space problems.
When I ran the command, a file named GIMFAF.XML was created. Its contents are:
?xml version=1.0 ?
FILELIST
FILEATTR
name=SHOPZ.S9084121.SMPMCS
level=03.02.00.00
type=SMPPTFIN
dsorg=PS
recfm=FB
lrecl=80
blksize=27920
allocunits=RECORD
length=27920
avgrec=U
secondary=4410
primary=41970
/FILEATTR
/FILELIST

Once I enlarge the ZFS to the correct size, what would be the best way to 
continue the process?

It appears that the problem was not with the ZFS, but with the Classic
data set, S0001.SHOPZ.S9084121.SMPMCS.

At this point, the transfer should have been complete.  Try a RECEIVE FROMNTS,
possibly with a bigger SMPWKDIR.

Or copy the ZFS files, and retry the RECEIVE ORDER.  It should detect that
the files have already been transferred and resume from the point of failure.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Scott Ford

I havent used the Cobol in the sense of Objects yet. I am some
John:

I havent used the Cobol in the sense of Objects yet. I am somewhat familar with 
XML, etc. I guess IMHO I was fortunate to have learned Assembler first and then 
Cobol. I worked in A CICS macro shop for a bunch of years in the early days, 
CICS 1.4 , we have VSE runnng CICS and VM.  At that time we VMers were kinda 
rogue. I was younger and loved VM, still do. I dont feel there is anything 
wrong with rogue ideas , as long as the the ideas that are put into practice 
can be supported. Some of the newer languages are really good and hve no issue 
with them. But learning them sometimes is the age old problem, when your buried 
with work. 
 
Scott J Ford
 





From: McKown, John john.mck...@healthmarkets.com
To: IBM-MAIN@bama.ua.edu
Sent: Thu, April 22, 2010 8:20:05 AM
Subject: Re: COBOL - no longer being taught - is a problem

 -Original Message-
 From: IBM Mainframe Discussion List 
 [mailto:ibm-m...@bama.ua.edu] On Behalf Of Scott Ford
 Sent: Wednesday, April 21, 2010 7:14 PM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: COBOL - no longer being taught - is a problem
 
 Its interesting now people in various organizations are in a 
 4 star panic when the word Cobol comes up. Everyone is so 
 into JAVA and the other object languages. The other 
 interesting fact is how many kids (20-30 yr olds) want to 
 learn Assembler or Cobol ...they go where the money is thats 
 JAVAm C#, C++, etc. I dont fault them, just think its a sign 
 of  changes going on.
 
  
 Scott J Ford

COBOL can be object oriented as well. And it does interoperate with Java, at 
least with z/OS Enterprise COBOL (tho not as well as some would like).. It's 
just that people don't seem too interested in upgrading their COBOL skills into 
the new facilities. An example here is some COBOL which does XML to interchange 
data with a Windows system. It was written by one of our more rogue 
programmers (who was let go in a recent downsizing). It works well. Other 
programmers don't like it because they are unfamiliar with and dislike XML.

--
John McKown 
Systems Engineer IV
IT

Administrative Services Group

HealthMarkets®

9151 Boulevard 26 . N. Richland Hills . TX 76010
(817) 255-3225 phone . (817)-961-6183 cell
john.mck...@healthmarkets.com . www.HealthMarkets.com

Confidentiality Notice: This e-mail message may contain confidential or 
proprietary information. If you are not the intended recipient, please contact 
the sender by reply e-mail and destroy all copies of the original message. 
HealthMarkets® is the brand name for products underwritten and issued by the 
insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance 
Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA 
Life and Health Insurance Company.SM



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html





--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

2010-04-22 Thread Rob Schramm

 Did you retain any authorization when doing the SYNCH (such as, having 
your
 program running in supervisor state or a system key)?  If so, you are 
likely
 to still have some major system integrity holes.  Mixing unauthorized 
and
 authorized code is extremely tricky, and most people get it wrong, in my
 experience.
 
 -- 
 Walt Farrell, CISSP
 IBM STSM, z/OS Security Design

Walt,

Do you have some guidance for the most people?

Rob Schramm
Sirius Computer Solutions

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, 22 Apr 2010 08:14:27 -0500 Walt Farrell wfarr...@us.ibm.com wrote:

:On Wed, 21 Apr 2010 21:20:03 +0100, Sam Siegel s...@pscsi.net wrote:

: : If you use SYNCH or ATTACH with JSTCB=YES, then you're in a whole
: : different world, but System Integrity is still very much your
: : responsibility.

: :I was going to use SYNCH(X).  ATTACH(X) does not make sense for this
: design.

: Then you are using the same JSCB as the authorized caller. Thus the caller
: must make sure that APF is turned off before invoking the routine. All
: previous comments about storage still apply.

:Thanks again for the sage advice.  Very easy to follow and worked perfectly.
:Synched to problem program abended with S047 when issuing MODESET.  JSCB
:bits adjusted prior to Synch.

:Did you retain any authorization when doing the SYNCH (such as, having your
:program running in supervisor state or a system key)?  If so, you are likely
:to still have some major system integrity holes.  Mixing unauthorized and
:authorized code is extremely tricky, and most people get it wrong, in my
:experience.

Do they?

You are aware, of course, that the OPEN SVC branches to unauthorized user code
via SYNCH.

As long as all work areas used by the authorized program are in system key
there should not be any exposure by using SYNCH.

--
Binyamin Dissen bdis...@dissensoftware.com
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, Apr 22, 2010 at 2:28 PM, Rob Schramm rob.schr...@siriuscom.comwrote:

  Did you retain any authorization when doing the SYNCH (such as, having
 your
  program running in supervisor state or a system key)?  If so, you are
 likely
  to still have some major system integrity holes.  Mixing unauthorized
 and
  authorized code is extremely tricky, and most people get it wrong, in my
  experience.
 
  --
  Walt Farrell, CISSP
  IBM STSM, z/OS Security Design

 Walt,

 Do you have some guidance for the most people?


Advice and guideance would be greatly apreciated.  I'm hoping to use the
experience of the list reader to avoid problems.


 Rob Schramm
 Sirius Computer Solutions

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: 25 reasons why hardware is still hot at IBM

2010-04-22 Thread Anton Britz

Hi,

a) *ARMONK, N.Y. - 19 Apr 2010:

*http://www-03.ibm.com/press/us/en/pressrelease/29942.wss

Consulting services signings were up 18 percent, with 25 percent of
signings related to Smarter Planet and Business Analytics.

Strategic Outsourcing signings increased 6 percent.

b) January 19, 2010 :

http://www.communities.hp.com/online/blogs/legacy-transformation/archive/2010/01/22/a-view-of-ibm-mainframe-4q-2009-financial-results.aspx

c) 20/04/2010 08:18:00 :

http://www.techworld.com.au/article/343687/ibm_q1_profit_jumps_16_percent

But System z and Power system revenues both fell 17 percent.

Conclusion : Stop reading ITWEB because the news is TEN years old in
there...

Anton

On 4/22/2010 7:02 AM, Elardus Engelbrecht wrote:

Anton Britz wrote:

The article was written in South Africa.

Of course.

You think the author of this article read the IBM financial results that

was published this week ? ( In the USA )

Good question. That ITWeb article was written on 19 April 2010.

When during last week was that IBM financial results published? Please be
very kind to give the address or link of that results, if you can.

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Kelman, Tom

It is true that back in the good old days companies would have
internal training to teach programming skills.  My first job after
college and the military was with a bank as an application programmer.
Back then they coded everything in IBM Assembler because it was more
efficient than COBOL.  Up until then I had coded COBOL, Fortran, and
ALGOL (my college had a Burroughs B5500 for student work).  I hadn't
done anything in assembler so it was very new to me.  The company had an
excellent self-paced course to train in the basics of assembler.  I
picked up on it quickly.  Besides that there were several people there
who made great mentors in the topic.  There was one in particular who is
still a good friend of mine.

There is a problem today that companies complain about not having the
skills available in areas like COBOL, but they are not willing to spend
the money or time to train their employees in those skills.

Tom Kelman
Enterprise Capacity Planner
Commerce Bank of Kansas City
(816) 760-7632
 -Original Message-
 From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
 Behalf Of Hunkeler Peter (KIUP 4)
 Sent: Thursday, April 22, 2010 1:24 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: COBOL - no longer being taught - is a problem
 
 This is not only a problem of universites not teaching
 its students COBOL, PL/I, IBM Mainframes, etc. It is also
 a home made problem of the companies requiring this
 kind of skills. Many of them had their own IT school
 with which they took care of educating employees in the
 skills they need for that company. They also sent students
 to classromm courses in matters not worth teaching
 by themselves. At least in Switzerland, this has
 vanished into thin air during the last decade or so.
 And now intelligent management all over a sudden realizes
 that they are heading into the problem of retiring
 employees and complains that they can't find
 new employees with the demanded skills.
 
 It is sure nice to have IT architects that look ahead
 and preach JAVA, but neglecting that there are legacy
 systems which for many companies are its heart, is
 simply not in the interest of those companies.
 
 This leads back to the universities. Can you expect
 someone to preach a matter they don't now abaout?
 Rarely, probably.
 
 --
 Peter Hunkeler
 CREDIT SUISSE AG
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


*
If you wish to communicate securely with Commerce Bank and its
affiliates, you must log into your account under Online Services at 
http://www.commercebank.com or use the Commerce Bank Secure
Email Message Center at https://securemail.commercebank.com

NOTICE: This electronic mail message and any attached files are
confidential. The information is exclusively for the use of the
individual or entity intended as the recipient. If you are not
the intended recipient, any use, copying, printing, reviewing,
retention, disclosure, distribution or forwarding of the message
or any attached file is not authorized and is strictly prohibited.
If you have received this electronic mail message in error, please
advise the sender by reply electronic mail immediately and
permanently delete the original transmission, any attachments
and any copies of this message from your computer system.
*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Kelman, Tom

Yea, a lot of this has to do with the way the media reports it.  Just
like the Mainframe is Dead situation of several years ago, they feel
the if something new comes along - new hardware, new programming
language - the old has to go.  There is no understanding that each has a
place and a purpose.  Also, even when it is shown to not be dead they
don't change their tune.

Tom Kelman
Enterprise Capacity Planner
Commerce Bank of Kansas City
(816) 760-7632

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
 Behalf Of Jim Elliott, IBM
 Sent: Thursday, April 22, 2010 5:47 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: COBOL - no longer being taught - is a problem
 
 On Wed, 21 Apr 2010 09:35:00 -0500, Kelman, Tom
 thomas.kel...@commercebank.com wrote:
 
 John,
 
 That WikiPedia article also states that DMSII was created by
Burroughs
 (later UniSys) as a database to run on its processors.  Does that
mean
 they are still running UniSys machines.  If so they have problems
over
 and above COBOL not being taught.  It sounds like a typical
government
 non-upgrade environment.  Now they are caught in the dark ages and
 instead of upgrading to modern DB2 and COBOL on proper processors
they
 are probably going to throw out the baby with the bath water and
get
 OMG - WINDOWS.
 
 Tom Kelman
 
 Tom:
 
 The report was misleading (confusing) in many ways in that it talked
about
 all of the government. The specific department involved here regarding
 DMSII
 (Human Resources Development Canada, HRDC) is running an older UNISYS
 environment.
 
 Much of the Canadian Government IT environment is on very current
 technology
 (and yes that includes lots of IBM System z).
 
 However, the canard about COBOL is one that always bothers me. A year
or
 two
 ago the Toronto Star had an article about COBOL being a deal
language.
 COBOL could paraphrase Mark Twain, The reports of my death have been
 greatly exaggerated.. IMHO, there is probably more business server
 application code written in COBOL than any other language still, and I
see
 no reason for that to change.
 
 Jim
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


*
If you wish to communicate securely with Commerce Bank and its
affiliates, you must log into your account under Online Services at 
http://www.commercebank.com or use the Commerce Bank Secure
Email Message Center at https://securemail.commercebank.com

NOTICE: This electronic mail message and any attached files are
confidential. The information is exclusively for the use of the
individual or entity intended as the recipient. If you are not
the intended recipient, any use, copying, printing, reviewing,
retention, disclosure, distribution or forwarding of the message
or any attached file is not authorized and is strictly prohibited.
If you have received this electronic mail message in error, please
advise the sender by reply electronic mail immediately and
permanently delete the original transmission, any attachments
and any copies of this message from your computer system.
*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

2010-04-22 Thread Tom Marchant

On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote:


As long as all work areas used by the authorized program are in system key
there should not be any exposure by using SYNCH.

The code also needs to be in storage protected by a system key.

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Repro Variable blocked records


Hi
I am reproing a VB qsam file to Variable KSDS
When I look the VB qsam in ISPF there are 50 trailing blanks at the  
end of the record However after the repro

The 50 trailing blanks get trucated

Sent from my iPhone

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Calling unauthorized code from an authorized address space

Hi All,

Switching subject lines to something more appropriate.

I'm trying to write some authorized code that has a requirement to invoke
unauthorized user exits.

I'd like to be able to do the following.

1) Provide an anchor word so that the user exit can allocate and retain
memory from call to call.
2) Pass a buffer of data (or the address of the buffer) to the user exit so
that the user exit can modify the data.
3) Allow the user exit to pass the address of data it has generated back to
the authorized caller.
3.1) Data in item 3 will most likely be in a different buffer than data in
item 2.

Pointers (with enough detail please so I can do the research) on how to do
this and maintain system integrity will be greatly appreciated.

Thanks,
Sam

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records

2010-04-22 Thread Jim McAlpine

On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman joereich...@optonline.netwrote:

 Hi
 I am reproing a VB qsam file to Variable KSDS
 When I look the VB qsam in ISPF there are 50 trailing blanks at the end of
 the record However after the repro
 The 50 trailing blanks get trucated

 Sent from my iPhone

 Is that not just ISPF padding out to the maximun record size ?

Jim McAlpine

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

2010-04-22 Thread Thompson, Steve

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Sam Siegel
Sent: Thursday, April 22, 2010 9:08 AM
To: IBM-MAIN@bama.ua.edu
Subject: Calling unauthorized code from an authorized address space

Hi All,

Switching subject lines to something more appropriate.

I'm trying to write some authorized code that has a requirement to
invoke
unauthorized user exits.

I'd like to be able to do the following.

1) Provide an anchor word so that the user exit can allocate and retain
memory from call to call.
2) Pass a buffer of data (or the address of the buffer) to the user exit
so
that the user exit can modify the data.
3) Allow the user exit to pass the address of data it has generated back
to
the authorized caller.
3.1) Data in item 3 will most likely be in a different buffer than data
in
item 2.

Pointers (with enough detail please so I can do the research) on how to
do
this and maintain system integrity will be greatly appreciated.

Thanks,
Sam

SNIP

One of the ways to protect yourself is to force the EXITs to use a
storage key that is different from yours, and enforce that rule.

Why? The EXITs are running in your address space, and so may change
storage that is in the key they are running in. So can you attach them
such that they will be in KEY10?

Or, can you set up all your code to be loaded in KEY10 or KEY0 so that
the exit code can't modify your code?

Now, can you put all of your control blocks (or structures) in KEY10 or
other than KEY8/9 if the exits will run in KEY8? If the exits will run
in KEY10, then you can operate normally.

Now, any address that is passed back to you, must be checked for a valid
storage KEY. It can't be an address of your storage. If it is, the EXIT
has passed a bad address. OR, the address passed back to you must be an
address you passed it. But now, how do you tell if the EXIT wrote beyond
what you intended?

If the EXITs run in a different address space, you can use PC/PT/PR to
deal with all of this.

I'm sure there will be others who will give more gotchas for this type
of problem.

Regards,
Steve Thompson

-- Opinions expressed by this poster may not reflect those of poster's
employer --

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, 22 Apr 2010 15:07:52 +0100 Sam Siegel s...@pscsi.net wrote:

:I'm trying to write some authorized code that has a requirement to invoke
:unauthorized user exits.

Why? What is the business case?

:I'd like to be able to do the following.

:1) Provide an anchor word so that the user exit can allocate and retain
:memory from call to call.

No problem.

:2) Pass a buffer of data (or the address of the buffer) to the user exit so
:that the user exit can modify the data.

Also, no problem. 

:3) Allow the user exit to pass the address of data it has generated back to
:the authorized caller.

You must ensure that the unauthorized code has access to the storage provided.
One way is to use MVCK/MVCSK when copying it to your buffers.

:3.1) Data in item 3 will most likely be in a different buffer than data in
:item 2.

:Pointers (with enough detail please so I can do the research) on how to do
:this and maintain system integrity will be greatly appreciated.

The first issue - is the authorized caller an SVC or a program? 

As stated previously, the latter case involves a lot more work. You must make
sure that APF is not on when the unauthorized program is called and all
storage used by the authorized code, including the programs, are in system key
storage. That includes the initiators save area - you cannot restore from it.

--
Binyamin Dissen bdis...@dissensoftware.com
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records

2010-04-22 Thread Vernooij, CP - SPLXM

Jim McAlpine jim.mcalp...@gmail.com wrote in message
news:j2h21d1f8c21004220723lc4f0f15bi861d4c3d01ce...@mail.gmail.com...
 On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman
joereich...@optonline.netwrote:
 
  Hi
  I am reproing a VB qsam file to Variable KSDS
  When I look the VB qsam in ISPF there are 50 trailing blanks at the
end of
  the record However after the repro
  The 50 trailing blanks get trucated
 
  Sent from my iPhone
 
  Is that not just ISPF padding out to the maximun record size ?
 
 Jim McAlpine
 

Sure.

Joe, try an IDCAMS PRINT of the VB file and you will see the real
contents of the records.

Kees.

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, Apr 22, 2010 at 2:57 PM, Tom Marchant m42tom-ibmm...@yahoo.comwrote:

 On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote:

 
 As long as all work areas used by the authorized program are in system key
 there should not be any exposure by using SYNCH.

 The code also needs to be in storage protected by a system key.


The authorized code is RENT and marked RENT.  I'm pretty user the operating
system will put this in write protected storage on load.  I don't think I
have much control over this as it is the EXEC PGM= program.

Storage for the unauthorized code is Key=8 (per LOAD macro ADRNAPF doc) and
is in being placed in sp=252 if it is RENT or sp=251 if it is NON-RENT.

After reading the Auth Assember guide, i'm not completely sure what key
should be used when allocating storage for the un-authorized code.

The LOAD macro doc say to allocate storage in the Key of the eventual user
of the program loaded using ADRNAPF.  Since this is a problem state program
SYNCH is starting it in problem state with a key of 8, it seems like the
program storage should be key 8.

The Auth assembler guide says to allocate storage loaded via ADRNAPF in your
key.  At the time the LOAD is issued, the authorized program is in key 0.
If this is used as a guide line, then the storage should be allocated in Key
0.

Let me know if this is setup right or if I need to make some changes.

Thanks,
Sam


 --
 Tom Marchant

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

2010-04-22 Thread Bob Shannon

I'm trying to write some authorized code that has a requirement to invoke
unauthorized user exits.

Use SYNCH. Assume all data received from the exit is untrusted and insure the 
caller verifies it. Caller can save addresses on behalf of the exit.

Bob Shannon
Rocket Software


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

SIGNOFF IBM-MAIN

2010-04-22 Thread Kenneth R Barkhau

Kenneth R.  Barkhau

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, Apr 22, 2010 at 3:32 PM, Thompson, Steve 
steve_thomp...@stercomm.com wrote:

  -Original Message-
 From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
 Behalf Of Sam Siegel
 Sent: Thursday, April 22, 2010 9:08 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Calling unauthorized code from an authorized address space

 Hi All,

 Switching subject lines to something more appropriate.

 I'm trying to write some authorized code that has a requirement to
 invoke
 unauthorized user exits.

 I'd like to be able to do the following.

 1) Provide an anchor word so that the user exit can allocate and retain
 memory from call to call.
 2) Pass a buffer of data (or the address of the buffer) to the user exit
 so
 that the user exit can modify the data.
 3) Allow the user exit to pass the address of data it has generated back
 to
 the authorized caller.
 3.1) Data in item 3 will most likely be in a different buffer than data
 in
 item 2.

 Pointers (with enough detail please so I can do the research) on how to
 do
 this and maintain system integrity will be greatly appreciated.

 Thanks,
 Sam

 SNIP

 One of the ways to protect yourself is to force the EXITs to use a
 storage key that is different from yours, and enforce that rule.

 Why? The EXITs are running in your address space, and so may change
 storage that is in the key they are running in. So can you attach them
 such that they will be in KEY10?

 Or, can you set up all your code to be loaded in KEY10 or KEY0 so that
 the exit code can't modify your code?

 Now, can you put all of your control blocks (or structures) in KEY10 or
 other than KEY8/9 if the exits will run in KEY8? If the exits will run
 in KEY10, then you can operate normally.

 Now, any address that is passed back to you, must be checked for a valid
 storage KEY. It can't be an address of your storage. If it is, the EXIT
 has passed a bad address. OR, the address passed back to you must be an
 address you passed it. But now, how do you tell if the EXIT wrote beyond
 what you intended?

 If the EXITs run in a different address space, you can use PC/PT/PR to
 deal with all of this.

 I'm sure there will be others who will give more gotchas for this type
 of problem.

Thanks for all the detail.  It is going to take me a bit to study this and
do some tests.

 Regards,
 Steve Thompson

 -- Opinions expressed by this poster may not reflect those of poster's
 employer --

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, Apr 22, 2010 at 3:34 PM, Binyamin Dissen bdis...@dissensoftware.com
 wrote:

 On Thu, 22 Apr 2010 15:07:52 +0100 Sam Siegel s...@pscsi.net wrote:

 :I'm trying to write some authorized code that has a requirement to invoke
 :unauthorized user exits.

 Why? What is the business case?

 :I'd like to be able to do the following.

 :1) Provide an anchor word so that the user exit can allocate and retain
 :memory from call to call.

 No problem.

 :2) Pass a buffer of data (or the address of the buffer) to the user exit
 so
 :that the user exit can modify the data.

 Also, no problem.

 :3) Allow the user exit to pass the address of data it has generated back
 to
 :the authorized caller.

 You must ensure that the unauthorized code has access to the storage
 provided.
 One way is to use MVCK/MVCSK when copying it to your buffers.

 :3.1) Data in item 3 will most likely be in a different buffer than data
 in
 :item 2.

 :Pointers (with enough detail please so I can do the research) on how to
 do
 :this and maintain system integrity will be greatly appreciated.

 The first issue - is the authorized caller an SVC or a program?

 As stated previously, the latter case involves a lot more work. You must
 make
 sure that APF is not on when the unauthorized program is called and all
 storage used by the authorized code, including the programs, are in system
 key
 storage. That includes the initiators save area - you cannot restore from
 it.



Thanks also.  Need some time to study this and do some tests.


 --
 Binyamin Dissen bdis...@dissensoftware.com
 http://www.dissensoftware.com

 Director, Dissen Software, Bar  Grill - Israel


 Should you use the mailblocks package and expect a response from me,
 you should preauthorize the dissensoftware.com domain.

 I very rarely bother responding to challenge/response systems,
 especially those from irresponsible companies.

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records


It's a VB so When I create it in my
Easytrieve program I display the record
Length and the length includes the trailing blanks is there any way to  
dump the

RDW

Sent from my iPhone

On Apr 22, 2010, at 10:34 AM, Vernooij, CP - SPLXM kees.vern...@klm.com 
 wrote:



Jim McAlpine jim.mcalp...@gmail.com wrote in message
news: 
j2h21d1f8c21004220723lc4f0f15bi861d4c3d01ce...@mail.gmail.com...

On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman

joereich...@optonline.netwrote:



Hi
I am reproing a VB qsam file to Variable KSDS
When I look the VB qsam in ISPF there are 50 trailing blanks at the

end of

the record However after the repro
The 50 trailing blanks get trucated

Sent from my iPhone

Is that not just ISPF padding out to the maximun record size ?


Jim McAlpine



Sure.

Joe, try an IDCAMS PRINT of the VB file and you will see the real
contents of the records.

Kees.

For information, services and offers, please visit our web site: http://www.klm.com 
. This e-mail and any attachment may contain confidential and  
privileged material intended for the addressee only. If you are not  
the addressee, you are notified that no part of the e-mail or any  
attachment may be disclosed, copied or distributed, and that any  
other action related to this e-mail or attachment is strictly  
prohibited, and may be unlawful. If you have received this e-mail by  
error, please notify the sender immediately by return e-mail, and  
delete this message.


Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/ 
or its employees shall not be liable for the incorrect or incomplete  
transmission of this e-mail or any attachments, nor responsible for  
any delay in receipt.
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal  
Dutch Airlines) is registered in Amstelveen, The Netherlands, with  
registered number 33014286



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Joel C. Ewing

45+ years ago when I started playing around with this stuff, even then
there were too many programming languages for it to be practical for
students to take formal courses to learn all the major programming
languages, and since then languages and their dialects have continued to
change and expand.  Students then were given basic understanding of some
macro assembler language and at least one procedural oriented language
and then expected to become fluent enough in what was available to
complete other assignments that depended on programming skills.

Language Reference manuals were your friend.  Once you understood the
basics, you could pick up a new assembler or higher-level language in
few days from the manuals, and become reasonably proficient from
examples and experience after a few weeks of use.  I think the only
semi-formal class I had in the early days was a week Introduction to
1410 Autocoder one summer.  By the time I would have taken an
undergraduate Fortran class, I already knew the material and became a
lab instructor.

In graduate school at Purdue, I was expected to already know how to use
their computers, which had a different architecture and different
dialect of Fortran than I had previously used.  After reading the
available Assembler and IBSYS manuals, I wrote a IBM 7094
macro-assembler implementation of a bootstrap compiler for a simple
language that generated 7094 object decks, and later used reference
manuals to become proficient in writing CDC 6000 Assembler code for
other projects.  One of the most useful courses at Purdue was a survey
course that introduced a number of different programming languages,
including PL/I, COBOL, SNOBOL, LISP, etc. - enough to give a flavor of
the context in which a language would be useful with no attempt to teach
proficiency in any language.

Considering how many different programming languages I've had to deal
with over the course of my career, one of the most useful skills I
acquired in school was the ability to learn new programming languages,
not the ability to program in some specific language.  The most critical
programming skills for having a long-term career in this business are
the ability to think logically, to understand how to convert
requirements into algorithms, and to understand the nature of the
process of mapping algorithms to available language features.  If you
have that, you can quickly learn how to be proficient in some specific
implementation language.  If you lack those skills, you will be a bad
programmer no matter what the language.
   JC Ewing



On 04/21/2010 12:21 PM, Ted MacNEIL wrote:
 Who cares whether the universities are requiring COBOL or not?
 
 In co-op programmes, it does matter if you are preparing for the work force, 
 so it (IMO) is important.
 
 There are plenty of places and ways to learn it ...
 
 But, if I'm already enrolled in a Computer Science stream, why should I have 
 to spend extra (time or money) to learn it, elsewhere?
 
 I'm not trying to put words in your mouth, but this sounds suspiciously like 
 the argument:Universities are not here to prepare you for the work 
 place; rather to teach you how to learn.
 
 If that's the case, I disagree.
 I enrolled in the University of Waterloo to prepare myself for a career in 
 computers.
 Many, along with UOW, have co-op programes.
 All have employment counselling programmes to help place you post-graduation.
 If that isn't preparing for the workplace, what is?
 
 To me, not teaching COBOL, is like a future surgeon not being taught anatomy.
 
 -
 Too busy driving to stop for gas!
 
...


-- 
Joel C. Ewing, Fort Smith, ARjremoveccapsew...@acm.org

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon bshan...@rocketsoftware.comwrote:

 I'm trying to write some authorized code that has a requirement to invoke
 unauthorized user exits.

 Use SYNCH. Assume all data received from the exit is untrusted and insure
 the caller verifies it. Caller can save addresses on behalf of the exit.


SYNCH was previously suggested and I'm using it.

To verify data my intention is to use VSMLOC.



 Bob Shannon
 Rocket Software


 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records

2010-04-22 Thread John P Kalinich

Joe Reichman of the IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu 
wrote on 04/22/2010 09:53:37 AM:

 It's a VB so When I create it in my
 Easytrieve program I display the record
 Length and the length includes the trailing blanks 

 is there any way to dump the RDW

Yes, use the LIST DUMP subcommand of the PDS command processor (CBT file 
182).

Regards,
John K

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: SIGNOFF IBM-MAIN

2010-04-22 Thread Hal Merritt

Address such to lists...@bama.ua.edu, not IBM-MAIN


 


-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of 
Kenneth R Barkhau
Sent: Thursday, April 22, 2010 9:44 AM
To: IBM-MAIN@bama.ua.edu
Subject: SIGNOFF IBM-MAIN

Kenneth R.  Barkhau

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
NOTICE: This electronic mail message and any files transmitted with it are 
intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged 
information.
Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, 22 Apr 2010 15:46:27 +0100 Sam Siegel s...@pscsi.net wrote:

:On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon 
bshan...@rocketsoftware.comwrote:

: I'm trying to write some authorized code that has a requirement to invoke
: unauthorized user exits.

: Use SYNCH. Assume all data received from the exit is untrusted and insure
: the caller verifies it. Caller can save addresses on behalf of the exit.

:SYNCH was previously suggested and I'm using it.

:To verify data my intention is to use VSMLOC.

Not good.

Even IVSK is not enough.

You have to consider that you will be interrupted and the status of the
storage location may change.

Only safe way is to use the keyed instructions so the reference is real time.

--
Binyamin Dissen bdis...@dissensoftware.com
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Ted MacNEIL

Considering how many different programming languages I've had to deal
with over the course of my career, one of the most useful skills I acquired in 
school was the ability to learn new programming languages,
not the ability to program in some specific language.

I don't disagree with that concept, but in the case of the rookie (or co-op) 
programmer, why not teach them COBOL while you're teaching them programming 
skills.
They have to learn some language, and COBOL is still a major need in the IT 
working world.

-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

On 21 Apr 2010 08:22:23 -0700, in bit.listserv.ibm-main you wrote:

Who cares whether the universities are requiring COBOL or not?  There are 
plenty of places and ways to learn it, and any Programmer worth employing 
should be able to pick it up relatively easy.  They may not be as good as a 
seasoned programmer, but you can't expect a college graduate to perform at the 
same level as someone with work experience, no matter the language.  

Universities are for teaching conceptual processes, how to learn and grasp the 
fundamentals of how programming works, not how to use a specific language, 
that's what a trade school, or specific class is for.

One of the interesting problems is that COBOL differs significantly in
concept from the FORTRAN/Algol/C/C++ languages in that it is fixed
length field and array oriented with differentiation between decimal
and binary.  The others are string and array oriented.  COBOL is
related more to the accounting department while the others to the
mathematics department which has neither liked nor accepted the
premises of COBOL.

As someone who was a systems programmer and an applications programmer
using COBOL and related proprietary languages (primarily DYL280 with
some Easytrieve) I have my doubts about the long term survival of both
COBOL and the mainframe, in part due to bad decisions.  It is far
cheaper to develop things on other platforms.  One person who had
worked extensively in COBOL including CICS is now using Microsoft
tools and C# because he can develop things faster with less effort and
even the free versions of the Microsoft tools are extremely capable.
Also for the Windows and Unix environment, a developer has to make
certain that the entity buy the COBOL package also has bought the run
times which is not a problem with C/C++/C#.

If a recent (or future) grad only finds jobs advertising for COBOL 
programmers, they need to learn it to compete, the same goes for other 
languages.  If a company (or government) needs applications supported using a 
*relatively* less used language that they have trouble finding proper skills 
for, they increase the pay offered, and the people (and skills) will come.  It 
might be painful, but it is not impossible by any stretch of the imagination.

Frank Finley


-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of 
Bob goolsby
Sent: Wednesday, April 21, 2010 9:50 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: COBOL - no longer being taught - is a problem

Mornin' --

Well the first thing I found on a search for 'COBOL School' was
http://www.askedu.net/training_topic/k_COBOL_1.htm which asked me to
further clarify my self (and incidentally open me up to being spammed
by the loverly children, I expect).  But, scroll down to the bottom of
the page and there is a block of links under the heading Find COBOL
courses and training in countries:, and both Canada and the USA are
included.  A bit of exploration shows a lot of XXX (Javva and .Net,
mostly) for the COBOL programmer, no surprise; but I also see Intro
and Advanced COBOL courses advertised along with a couple of DB2 Using
COBOL classes.  Most of these are online education, but hey.

As to what you can do to improve the situation, wander off to your
local Higher Education Venue and your local community college and/or
trade school.  Fund a scholarship or two; endow a Chair in the CS
department (Associate Professor of Dead Computer Linguistics); get
involved now.  It is already later than you think.

By the way, how old is your Systems Programming team?

On Wed, Apr 21, 2010 at 6:25 AM, Mike Baldwin m...@cartagena.com wrote:
 Hi IBM-MAIN,

 Yesterday Canada's well-respected auditor-general released a report
 complaining that aging government computer systems could halt delivery of
 basic services.  So we're bracing for the usual criticism of 'old mainframe'
 systems.  Today there are some specifics, including COBOL:

 Auditor-General reports that updating systems could cost billions
 ...
 Ms. Fraser said the problem is so bad that some key programs may shut down.
 ...
 Meanwhile, Canada's National Immigration Program runs on a programming
 language - COBOL - that is no longer being taught and the staff that
 understand it are retiring. The program also uses a database system called
 DMSII that dates back to the 1970s

 http://www.theglobeandmail.com/news/politics/government-wont-let-aging-computers-halt-basic-services-day-says/article1540750/

 Maybe you guys and girls have some ideas that would save us taxpayers from
 paying rising interest on more billions borrowed.

 Regards,
 Mike Baldwin
 Cartagena Software Limited
 Markham, Ontario, Canada
 http://www.cartagena.com

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Mike Baldwin

On Thu, 22 Apr 2010 05:47:27 -0500, Jim Elliott, IBM
jim_elli...@ca.ibm.com wrote:

IMHO, there is probably more business server
application code written in COBOL than any other language still, and I see
no reason for that to change.

This is close to the thought that occurred to me when I read it.
If the government's I.T. expert, and the departments that apparently
agree with her think that COBOL is a problem, at the little ol'
government of Canada (OK, maybe not that little), do they not
realize that the Earth turns on its axis, financially at least, thanks
in great part to COBOL?  And if they must change it, in global
terms I suppose the world should consider a Y2K-like project
but some orders of magnitude larger.  Maybe (probably?) this
is misreported by the media, but if true, I think they need to
be informed of the absurdity.  Is someone carrying the flag
for COBOL?  I hope he/she doesn't prove their point by retiring
without a successor!

Regards,
Mike Baldwin
Cartagena Software Limited
Markham, Ontario, Canada
http://www.cartagena.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, Apr 22, 2010 at 4:04 PM, Binyamin Dissen bdis...@dissensoftware.com
 wrote:

 On Thu, 22 Apr 2010 15:46:27 +0100 Sam Siegel s...@pscsi.net wrote:

 :On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon 
 bshan...@rocketsoftware.comwrote:

 : I'm trying to write some authorized code that has a requirement to
 invoke
 : unauthorized user exits.

 : Use SYNCH. Assume all data received from the exit is untrusted and
 insure
 : the caller verifies it. Caller can save addresses on behalf of the
 exit.

 :SYNCH was previously suggested and I'm using it.

 :To verify data my intention is to use VSMLOC.

 Not good.

 Even IVSK is not enough.

 You have to consider that you will be interrupted and the status of the
 storage location may change.

 Only safe way is to use the keyed instructions so the reference is real
 time.


Ahh.  I will do that. Thanks.


 --
 Binyamin Dissen bdis...@dissensoftware.com
 http://www.dissensoftware.com

 Director, Dissen Software, Bar  Grill - Israel


 Should you use the mailblocks package and expect a response from me,
 you should preauthorize the dissensoftware.com domain.

 I very rarely bother responding to challenge/response systems,
 especially those from irresponsible companies.

 --
  For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

On 22 Apr 2010 03:48:05 -0700, in bit.listserv.ibm-main you wrote:

On Wed, 21 Apr 2010 09:35:00 -0500, Kelman, Tom
thomas.kel...@commercebank.com wrote:

John,

That WikiPedia article also states that DMSII was created by Burroughs
(later UniSys) as a database to run on its processors.  Does that mean
they are still running UniSys machines.  If so they have problems over
and above COBOL not being taught.  It sounds like a typical government
non-upgrade environment.  Now they are caught in the dark ages and
instead of upgrading to modern DB2 and COBOL on proper processors they
are probably going to throw out the baby with the bath water and get
OMG - WINDOWS.

Tom Kelman

Tom: 

The report was misleading (confusing) in many ways in that it talked about
all of the government. The specific department involved here regarding DMSII
(Human Resources Development Canada, HRDC) is running an older UNISYS
environment.

Much of the Canadian Government IT environment is on very current technology
(and yes that includes lots of IBM System z). 

However, the canard about COBOL is one that always bothers me. A year or two
ago the Toronto Star had an article about COBOL being a deal language.
COBOL could paraphrase Mark Twain, The reports of my death have been
greatly exaggerated.. IMHO, there is probably more business server
application code written in COBOL than any other language still, and I see
no reason for that to change.

With the many conversions off the mainframe and with the growth of
packages such as SAP, I seriously wonder whether this is still true. A
large amount of code has been replaced.  

Jim


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records


Don't know if they will let me down load anything work for Emigrant Bank
I think they do auditing to see if down load any files

Sent from my iPhone

On Apr 22, 2010, at 11:01 AM, John P Kalinich jkali...@csc.com wrote:

Joe Reichman of the IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu 


wrote on 04/22/2010 09:53:37 AM:


It's a VB so When I create it in my
Easytrieve program I display the record
Length and the length includes the trailing blanks



is there any way to dump the RDW


Yes, use the LIST DUMP subcommand of the PDS command processor (CBT  
file

182).

Regards,
John K

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On 22 April 2010 10:46, Sam Siegel s...@pscsi.net wrote:
 On Thu, Apr 22, 2010 at 3:39 PM, Bob Shannon 
 bshan...@rocketsoftware.comwrote:

 I'm trying to write some authorized code that has a requirement to invoke
 unauthorized user exits.

 Use SYNCH. Assume all data received from the exit is untrusted and insure
 the caller verifies it. Caller can save addresses on behalf of the exit.


 SYNCH was previously suggested and I'm using it.

 To verify data my intention is to use VSMLOC.

TOCTTOU!

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

On 21 Apr 2010 07:35:48 -0700, in bit.listserv.ibm-main you wrote:

John,

That WikiPedia article also states that DMSII was created by Burroughs
(later UniSys) as a database to run on its processors.  Does that mean
they are still running UniSys machines.  If so they have problems over
and above COBOL not being taught.  It sounds like a typical government
non-upgrade environment.  Now they are caught in the dark ages and
instead of upgrading to modern DB2 and COBOL on proper processors they
are probably going to throw out the baby with the bath water and get
OMG - WINDOWS.

The intelligent upgrade would be to a current Unisys offering which
has a migration path from the existing system if disruption is to be
avoided.  Another alternative would be to consolidate on a platform
already understood by the agency.  I suspect that moving to COBOL and
DB2 on z could be more painful and costly than a number of other
alternatives.

Tom Kelman
Enterprise Capacity Planner
Commerce Bank of Kansas City
(816) 760-7632

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
 Behalf Of McKown, John
 Sent: Wednesday, April 21, 2010 8:37 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: COBOL - no longer being taught - is a problem
 
 Easy solution. Declare COBOL a national treasure and force all
 Universities in Canada to teach it as a prerequisite to any other
Computer
 Science class. Or at least as a graduation requirement for a
Bachelor's
 degree in CS. That's the government way. Just pass a law. I mean, I
had
 to take classes that I didn't like in order to get my B.Sc. in Math.
(like
 English and History), Why not require COBOL? It's no more arbitrary
than
 anything else that nobody wants to take. And there are PC based COBOL
 compilers (at least for Windows). DMSII doesn't ring a bell, but
according
 to Wikipedia: quoteDMSII provided: an ISAM model for data access,
 transaction isolation and database recovery capabilities./quote
 http://en.wikipedia.org/wiki/Unisys_DMSII . So all that is needed is
 another database system which has the same API to replace it.
 
 --
 John McKown
 Systems Engineer IV
 IT
 
 Administrative Services Group
 
 HealthMarkets(r)
 
 9151 Boulevard 26 * N. Richland Hills * TX 76010
 (817) 255-3225 phone * (817)-961-6183 cell
 john.mck...@healthmarkets.com * www.HealthMarkets.com
 
 Confidentiality Notice: This e-mail message may contain confidential
or
 proprietary information. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the
original
 message. HealthMarkets(r) is the brand name for products underwritten
and
 issued by the insurance subsidiaries of HealthMarkets, Inc. -The
 Chesapeake Life Insurance Company(r), Mid-West National Life Insurance
 Company of TennesseeSM and The MEGA Life and Health Insurance
Company.SM
 
 
 
  -Original Message-
  From: IBM Mainframe Discussion List
  [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mike Baldwin
  Sent: Wednesday, April 21, 2010 8:25 AM
  To: IBM-MAIN@bama.ua.edu
  Subject: COBOL - no longer being taught - is a problem
 
  Hi IBM-MAIN,
 
  Yesterday Canada's well-respected auditor-general released a report
  complaining that aging government computer systems could halt
  delivery of
  basic services.  So we're bracing for the usual criticism of
  'old mainframe'
  systems.  Today there are some specifics, including COBOL:
 
  Auditor-General reports that updating systems could cost billions
  ...
  Ms. Fraser said the problem is so bad that some key programs
  may shut down.
  ...
  Meanwhile, Canada's National Immigration Program runs on a
programming
  language - COBOL - that is no longer being taught and the staff that
  understand it are retiring. The program also uses a database
  system called
  DMSII that dates back to the 1970s
 
  http://www.theglobeandmail.com/news/politics/government-wont-l
  et-aging-computers-halt-basic-services-day-says/article1540750/
 
  Maybe you guys and girls have some ideas that would save us
  taxpayers from
  paying rising interest on more billions borrowed.
 
  Regards,
  Mike Baldwin
  Cartagena Software Limited
  Markham, Ontario, Canada
  http://www.cartagena.com
 
 
--
  For IBM-MAIN subscribe / signoff / archive access instructions,
  send email to lists...@bama.ua.edu with the message: GET IBM-MAIN
INFO
  Search the archives at http://bama.ua.edu/archives/ibm-main.html
 
 
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


*
If you wish to communicate securely with Commerce Bank and its
affiliates, you must log into your account

Re: Repro Variable blocked records

2010-04-22 Thread John Kelly

snip
is there any way to dump the RDW
/snip

IDCAMS's PRINT should print the entire record in hex for you. Or if you 
have the TTR, then use ZAP.

Jack Kelly
202-502-2390 (Office)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records


Just did that with dump option record is truncated

Sent from my iPhone

On Apr 22, 2010, at 11:29 AM, John Kelly  
john_j_ke...@ao.uscourts.gov wrote:



snip
is there any way to dump the RDW
/snip

IDCAMS's PRINT should print the entire record in hex for you. Or if  
you

have the TTR, then use ZAP.

Jack Kelly
202-502-2390 (Office)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records

2010-04-22 Thread John H Kington

I am reproing a VB qsam file to Variable KSDS
When I look the VB qsam in ISPF there are 50 trailing blanks at the
end of the record However after the repro
The 50 trailing blanks get trucated

If you have DataSet Services (DSS), you could try the print command.
If that does not show the RDW, printtrk should show the entire block.

Regards,
John

NOTICE:  The information contained in this electronic mail transmission is 
intended by Convergys Corporation for the use of the named individual or entity 
to which it is directed and may contain information that is privileged or 
otherwise confidential.  If you have received this electronic mail transmission 
in error, please delete it from your system without copying or forwarding it, 
and notify the sender of the error by reply email or by telephone (collect), so 
that the sender's address records can be corrected.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records

2010-04-22 Thread Thompson, Steve

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Joe Reichman
Sent: Thursday, April 22, 2010 9:54 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Repro Variable blocked records

It's a VB so When I create it in my
Easytrieve program I display the record
Length and the length includes the trailing blanks is there any way to  
dump the
RDW

SNIPPAGE

Yes. You specify the following (you will have to manually deblock from
the dump which will be done as physical blocks):

//IDCAMS   EXEC PGM=IDCAMS
//SYSUT1   DD  DISP=SHR,DSN=your.data.set.name.here,  
// DCB=(RECFM=U,LRECL=32760)  
//SYSPRINT DD  SYSOUT=*   
//SYSINDD  *  
  PRINT IFILE(SYSUT1) DUMP COUNT(2)   
  
/*  

Sent from my HP Mobile WORKSTATION which doubles as my Dick Tracy Two
Way Wrist TV.

-- Opinions expressed by this poster may not reflect the opinions of
poster's employer --  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

DCOLLECT QUESTION

2010-04-22 Thread John Dawes

G'day All
 
I am using DCOLLECT (via ISMF) to extra a list of dsns for a certain management 
class.
 
All goes well.  The list is produced however when I attempt to issue the save 
file1 I receive a IEC031I D37-04.
 
Is there a way of saving the file to a pds?  I tried to do so but I get 
prompted with a - LIST NAME TOO LONG.
 
Is there some way of getting around this problem or do I have to whittle 
down my search criteria which would take a while.
 
Thanks.




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Kelman, Tom

That would be hard to say without really studying the current
environment.  I would imagine that the current Unisys environment is as
far from what they are running on as would be System z using DB2 and
Cobol.  However, since they are on an old Unisys/Burroughs environment
they might be able to get some serious assistance from current Unisys to
upgrade.  You can never tell until you ask.

Tom Kelman
Enterprise Capacity Planner
Commerce Bank of Kansas City
(816) 760-7632

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
 Behalf Of Clark Morris
 Sent: Thursday, April 22, 2010 10:29 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: COBOL - no longer being taught - is a problem
 
 On 21 Apr 2010 07:35:48 -0700, in bit.listserv.ibm-main you wrote:
 
 John,
 
 That WikiPedia article also states that DMSII was created by
Burroughs
 (later UniSys) as a database to run on its processors.  Does that
mean
 they are still running UniSys machines.  If so they have problems
over
 and above COBOL not being taught.  It sounds like a typical
government
 non-upgrade environment.  Now they are caught in the dark ages and
 instead of upgrading to modern DB2 and COBOL on proper processors
they
 are probably going to throw out the baby with the bath water and
get
 OMG - WINDOWS.
 
 The intelligent upgrade would be to a current Unisys offering which
 has a migration path from the existing system if disruption is to be
 avoided.  Another alternative would be to consolidate on a platform
 already understood by the agency.  I suspect that moving to COBOL and
 DB2 on z could be more painful and costly than a number of other
 alternatives.
 
 Tom Kelman
 Enterprise Capacity Planner
 Commerce Bank of Kansas City
 (816) 760-7632
 
  -Original Message-
  From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu]
On
  Behalf Of McKown, John
  Sent: Wednesday, April 21, 2010 8:37 AM
  To: IBM-MAIN@bama.ua.edu
  Subject: Re: COBOL - no longer being taught - is a problem
 
  Easy solution. Declare COBOL a national treasure and force all
  Universities in Canada to teach it as a prerequisite to any other
 Computer
  Science class. Or at least as a graduation requirement for a
 Bachelor's
  degree in CS. That's the government way. Just pass a law. I mean,
I
 had
  to take classes that I didn't like in order to get my B.Sc. in
Math.
 (like
  English and History), Why not require COBOL? It's no more arbitrary
 than
  anything else that nobody wants to take. And there are PC based
COBOL
  compilers (at least for Windows). DMSII doesn't ring a bell, but
 according
  to Wikipedia: quoteDMSII provided: an ISAM model for data access,
  transaction isolation and database recovery capabilities./quote
  http://en.wikipedia.org/wiki/Unisys_DMSII . So all that is needed
is
  another database system which has the same API to replace it.
 
  --
  John McKown
  Systems Engineer IV
  IT
 
  Administrative Services Group
 
  HealthMarkets(r)
 
  9151 Boulevard 26 * N. Richland Hills * TX 76010
  (817) 255-3225 phone * (817)-961-6183 cell
  john.mck...@healthmarkets.com * www.HealthMarkets.com
 
  Confidentiality Notice: This e-mail message may contain
confidential
 or
  proprietary information. If you are not the intended recipient,
please
  contact the sender by reply e-mail and destroy all copies of the
 original
  message. HealthMarkets(r) is the brand name for products
underwritten
 and
  issued by the insurance subsidiaries of HealthMarkets, Inc. -The
  Chesapeake Life Insurance Company(r), Mid-West National Life
Insurance
  Company of TennesseeSM and The MEGA Life and Health Insurance
 Company.SM
 
 
 
   -Original Message-
   From: IBM Mainframe Discussion List
   [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mike Baldwin
   Sent: Wednesday, April 21, 2010 8:25 AM
   To: IBM-MAIN@bama.ua.edu
   Subject: COBOL - no longer being taught - is a problem
  
   Hi IBM-MAIN,
  
   Yesterday Canada's well-respected auditor-general released a
report
   complaining that aging government computer systems could halt
   delivery of
   basic services.  So we're bracing for the usual criticism of
   'old mainframe'
   systems.  Today there are some specifics, including COBOL:
  
   Auditor-General reports that updating systems could cost
billions
   ...
   Ms. Fraser said the problem is so bad that some key programs
   may shut down.
   ...
   Meanwhile, Canada's National Immigration Program runs on a
 programming
   language - COBOL - that is no longer being taught and the staff
that
   understand it are retiring. The program also uses a database
   system called
   DMSII that dates back to the 1970s
  
   http://www.theglobeandmail.com/news/politics/government-wont-l
   et-aging-computers-halt-basic-services-day-says/article1540750/
  
   Maybe you guys and girls have some ideas that would save us
   taxpayers from
   paying rising interest on more billions borrowed.
  
   Regards,
   Mike Baldwin

MFNetDisk is free and ready.

2010-04-22 Thread Shai Hess

HI,

 You can download MFNetDisk from my site.
 This is a free MFNetDisk. 
 The LICKEY statement can be delete from the MFNetDisk MVS statements.

 I add source code of GUI which implement the MVSAPIDLL api to read MVS 
file directly from PC without MVS. The source code is part of the installation 
file.
 Using the source code I give permission to change the GUI and to add more 
functionality to this GUI or any other program which will use my MVSAPI DLL 
file. So to be more clear, anyone can use my API but will enable other users to 
use it free as well.

 Now there is one code for Linux and for Windows, that will make easier to 
manage the MFNetDisk code.

 Some people ask me if I plan to deliver the source code of MFNetDisk, 
currently I am not. I am sure that I will do it latter. 
 I need to consider all my options with the product before I will do any steps.

 
 Thanks,
 Shai

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: MFNetDisk is free and ready.

2010-04-22 Thread Tony @ Comcast

Hmmm, reading a dataset without MVS.  Sure beats having to deal with
that pesky RACF. 

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf
Of Shai Hess
Sent: Thursday, April 22, 2010 11:59 AM
To: IBM-MAIN@bama.ua.edu
Subject: MFNetDisk is free and ready.

HI,

 You can download MFNetDisk from my site.
 This is a free MFNetDisk. 
 The LICKEY statement can be delete from the MFNetDisk MVS statements.

 I add source code of GUI which implement the MVSAPIDLL api to read MVS 
file directly from PC without MVS. The source code is part of the
installation 
file.
 Using the source code I give permission to change the GUI and to add more 
functionality to this GUI or any other program which will use my MVSAPI DLL 
file. So to be more clear, anyone can use my API but will enable other users
to 
use it free as well.

 Now there is one code for Linux and for Windows, that will make easier to 
manage the MFNetDisk code.

 Some people ask me if I plan to deliver the source code of MFNetDisk, 
currently I am not. I am sure that I will do it latter. 
 I need to consider all my options with the product before I will do any
steps.

 Thanks,
 Shai

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: DCOLLECT QUESTION

2010-04-22 Thread Darth Keller

G'day All
 
I am using DCOLLECT (via ISMF) to extra a list of dsns for a certain 
management class.
 
All goes well.  The list is produced however when I attempt to issue the 
save file1 I receive a IEC031I D37-04.
 
Is there a way of saving the file to a pds?  I tried to do so but I get 
prompted with a - LIST NAME TOO LONG.
 
Is there some way of getting around this problem or do I have to whittle 
down my search criteria which would take a while.


Are you using the Data Collection Entry Panel?  In which case, you can 
specify an existing output data set of the appropriate size (with the 
Replace Contents option) 
 
If you're using the Data Set print Entry Panel  You can all specify an 
existing output dataset to use.

Pretty much all the options I've looked at give you an opportunity to 
specify the output dsn  a Replace option.

Am I missing something here?
ddk

This e-mail message and all attachments transmitted with it may
contain legally privileged and/or confidential information intended
solely for the use of the addressee(s). If the reader of this
message is not the intended recipient, you are hereby notified that
any reading, dissemination, distribution, copying, forwarding or
other use of this message or its attachments is strictly
prohibited. If you have received this message in error, please
notify the sender immediately and delete this message and all
copies and backups thereof. Thank you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, 22 Apr 2010 15:36:50 +0100, Sam Siegel s...@pscsi.net wrote:

On Thu, Apr 22, 2010 at 2:57 PM, Tom Marchant m42tom-ibmm...@yahoo.comwrote:

 On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote:

 
 As long as all work areas used by the authorized program are in system key
 there should not be any exposure by using SYNCH.

 The code also needs to be in storage protected by a system key.


The authorized code is RENT and marked RENT.  I'm pretty user the operating
system will put this in write protected storage on load.  I don't think I
have much control over this as it is the EXEC PGM= program.

Storage for the unauthorized code is Key=8 (per LOAD macro ADRNAPF doc) and
is in being placed in sp=252 if it is RENT or sp=251 if it is NON-RENT.

After reading the Auth Assember guide, i'm not completely sure what key
should be used when allocating storage for the un-authorized code.

The LOAD macro doc say to allocate storage in the Key of the eventual user
of the program loaded using ADRNAPF.  Since this is a problem state program
SYNCH is starting it in problem state with a key of 8, it seems like the
program storage should be key 8.

The Auth assembler guide says to allocate storage loaded via ADRNAPF in your
key.  At the time the LOAD is issued, the authorized program is in key 0.
If this is used as a guide line, then the storage should be allocated in Key
0.

And what key does the authorized code run in?  What key did it start in?
Does it have any data in key 8 storage (such as, for example, its initial
save area that it got from the initiator when it started in key 8)?

-- 
Walt Farrell, CISSP
IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen
bdis...@dissensoftware.com wrote:

On Thu, 22 Apr 2010 08:14:27 -0500 Walt Farrell wfarr...@us.ibm.com wrote:

:Did you retain any authorization when doing the SYNCH (such as, having your
:program running in supervisor state or a system key)?  If so, you are likely
:to still have some major system integrity holes.  Mixing unauthorized and
:authorized code is extremely tricky, and most people get it wrong, in my
:experience.

Do they?

You are aware, of course, that the OPEN SVC branches to unauthorized user code
via SYNCH.

As long as all work areas used by the authorized program are in system key
there should not be any exposure by using SYNCH.


OPEN is not most people and most people do not try to do this from an
SVC, Binyamin.  Most people I've seen try to do this from a basic
APF-authorized program that started out in key 8 and then wants to invoke a
piece of unauthorized code.

I've seen what TSO/E had to do to allow this with integrity, and what SDSF
had to do to allow it.  And how many times IBM has gotten it subtly wrong
along the way.

It is not simple, and there are a lot of subtle, hidden traps to watch out for.

-- 
Walt Farrell, CISSP
IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: MFNetDisk is free and ready.

2010-04-22 Thread shai hess

MFNetDisk will not access disks you do not like to access (Do not specify
secured disk to MFNetDisk).
Shai

On Thu, Apr 22, 2010 at 10:15 AM, Tony @ Comcast tbabo...@comcast.netwrote:

 Hmmm, reading a dataset without MVS.  Sure beats having to deal with
 that pesky RACF.

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
 Behalf
 Of Shai Hess
 Sent: Thursday, April 22, 2010 11:59 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: MFNetDisk is free and ready.

 HI,

  You can download MFNetDisk from my site.
  This is a free MFNetDisk.
  The LICKEY statement can be delete from the MFNetDisk MVS statements.

  I add source code of GUI which implement the MVSAPIDLL api to read MVS
 file directly from PC without MVS. The source code is part of the
 installation
 file.
  Using the source code I give permission to change the GUI and to add more
 functionality to this GUI or any other program which will use my MVSAPI DLL
 file. So to be more clear, anyone can use my API but will enable other
 users
 to
 use it free as well.

  Now there is one code for Linux and for Windows, that will make easier to
 manage the MFNetDisk code.

  Some people ask me if I plan to deliver the source code of MFNetDisk,
 currently I am not. I am sure that I will do it latter.
  I need to consider all my options with the product before I will do any
 steps.


  Thanks,
  Shai

  --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: DCOLLECT QUESTION

2010-04-22 Thread John Dawes

Darth,
 
I am using the DATA SET SELECTION ENTRY PANEL i.e option 1 in the ISMF PRIMARY 
OPTION MENU.  Pardon my bad eye sight however I don't see any place, in this 
option, to plug the dsn.  Below is what I see in option 1.
 
 For a Data Set List, Select Source of Generated List  . . 2  (1 or 2)  
    
   1  Generate from a Saved List Query Name To  
 List Name  . .  Save or 
Retrieve   
    
   2  Generate a new list from criteria below   
 Data Set Name . . . 
'SYSIDCS1.**'    
    Enter / to select option   /  Generate Exclusive list 
    Specify Source of the new list  . . 2    (1 - VTOC, 2 - Catalog)    
 1 Generate list from 
VTOC   
    Volume Serial Number . . .    (fully or partially 
specified) 
    Storage Group Name . . . .    (fully 
specified)  
 2 Generate list from 
Catalog    
    Catalog Name . . 
.   
   Volume Serial Number . . .    (fully or partially specified) 
    Acquire Data from Volume . . . . . . . N  (Y or 
N)   
   Acquire Data if DFSMShsm Migrated  . . N  (Y or N)   
 Use ENTER to Perform Selection; Use DOWN Command to View next Selection Panel; 
  Use HELP Command for Help; Use END Command to 
Exit.    




--- On Fri, 23/4/10, Darth Keller darth.kel...@assurant.com wrote:


From: Darth Keller darth.kel...@assurant.com
Subject: Re: DCOLLECT QUESTION
To: IBM-MAIN@bama.ua.edu
Received: Friday, 23 April, 2010, 3:16 AM


G'day All

I am using DCOLLECT (via ISMF) to extra a list of dsns for a certain 
management class.

All goes well.  The list is produced however when I attempt to issue the 
save file1 I receive a IEC031I D37-04.

Is there a way of saving the file to a pds?  I tried to do so but I get 
prompted with a - LIST NAME TOO LONG.

Is there some way of getting around this problem or do I have to whittle 
down my search criteria which would take a while.


Are you using the Data Collection Entry Panel?  In which case, you can 
specify an existing output data set of the appropriate size (with the 
Replace Contents option) 

If you're using the Data Set print Entry Panel  You can all specify an 
existing output dataset to use.

Pretty much all the options I've looked at give you an opportunity to 
specify the output dsn  a Replace option.

Am I missing something here?
ddk

This e-mail message and all attachments transmitted with it may
contain legally privileged and/or confidential information intended
solely for the use of the addressee(s). If the reader of this
message is not the intended recipient, you are hereby notified that
any reading, dissemination, distribution, copying, forwarding or
other use of this message or its attachments is strictly
prohibited. If you have received this message in error, please
notify the sender immediately and delete this message and all
copies and backups thereof. Thank you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html





--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe Applications Development using a modern GUI

On Thu, 22 Apr 2010 07:22:23 -0500, Eyal Rothfeld wrote:

Does anybody know any new technologies which can be used in order to
develop new modern applications for the mainframe platform ?

IBM offers EGL ( http://en.wikipedia.org/wiki/EGL_%28programming_language%
29or:
http://www.ibm.com/developerworks/rational/products/egl/egldoc.html )
I remember that IBM had visualage agnerator in the past (http://www-
01.ibm.com/software/awdtools/visgen/ )

Any recommended alternatives to IBM ?

Ironically, there was an alternative:

Continuus -- TeleLogic -- IBM CM/Synergy.

So, no longer an alternative to IBM.  I wonder if they'll
retrofit it to z?

But requires coupling to cross-platform language processors such
as SAS/Tachyon/Dignus.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm rob.schr...@siriuscom.com
wrote:

 Did you retain any authorization when doing the SYNCH (such as, having
your
 program running in supervisor state or a system key)?  If so, you are
likely
 to still have some major system integrity holes.  Mixing unauthorized
and
 authorized code is extremely tricky, and most people get it wrong, in my
 experience.

Do you have some guidance for the most people?


In all honesty and sincerity, Rob, I have one simple piece of guidance: Do
not try to mix authorized and unauthorized code in the same address space. 
That way lies either madness, or system integrity exposures, or both :)

But that leads into my (personal) preferred solution: separate the
non-authorized code by using the UNIX fork() function to put it into a
different address space.  That's the safest and most secure method of
separation I've seen so far.  

-- 
Walt Farrell, CISSP
IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote:

I'm trying to write some authorized code that has a requirement to invoke
unauthorized user exits.

First, why do they have to be unauthorized?  Your life is a lot simpler if
you require that they come from an APF-authorized library and make the
customer responsible for ensuring only valid code goes into those libraries.

Second, do you really mean user exits (that is, load modules whose names and
locations the end-users supply) or installation exits (that is, load modules
whose names and locations the system programmers supply)?

The concerns are different, in my opinion, for user- vs installation-exits.

-- 
Walt Farrell, CISSP
IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Repro Variable blocked records

On Thu, 22 Apr 2010 15:23:02 +0100, Jim McAlpine wrote:

On Thu, Apr 22, 2010 at 3:00 PM, Joe Reichman wrote:

 I am reproing a VB qsam file to Variable KSDS
 When I look the VB qsam in ISPF there are 50 trailing blanks at the end of
 the record However after the repro
 The 50 trailing blanks get trucated

 Sent from my iPhone

 Is that not just ISPF padding out to the maximun record size ?

EDIT lies; BROWSE (not VIEW, which is just EDIT in drag) tells the truth.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe Applications Development using a modern GUI

2010-04-22 Thread Kirk Wolf

Why not use you favorite rich web toolkit  (Flash, Dojo, Gwt, etc,
etc) in front of z/OS web services (WAS, Tomcat, CICS)?

FWIW, we will be giving a presentation at SHARE in Boston.   The
preliminary title/abstract is:


IBM JZOS meets Web 2.0
Abstract: The development and deployment of rich web applications on
z/OS will be discussed including:
* Using JZOS (part of the IBM z/OS Java SDK) in a z/OS web container
* Using Eclipse as a development environment
* Developing rich browser clients in toolkits such as Adobe
Flex/Flash, Dojo, GWT, etc.
* Deploying rich client web applications on z/OS as interfaces to legacy systems
* Demos


Kirk Wolf
Dovetailed Technologies
http://dovetail.com
IBM JZOS Development
http://www-03.ibm.com/systems/z/os/zos/tools/java/products/jzos/overview.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, 22 Apr 2010 11:28:19 -0400, Tony Harminc wrote:

TOCTTOU!

YLSED.

Thanks for the lesson,
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, Apr 22, 2010 at 6:18 PM, Walt Farrell wfarr...@us.ibm.com wrote:

 On Thu, 22 Apr 2010 15:36:50 +0100, Sam Siegel s...@pscsi.net wrote:

 On Thu, Apr 22, 2010 at 2:57 PM, Tom Marchant m42tom-ibmm...@yahoo.com
 wrote:
 
  On Thu, 22 Apr 2010 16:29:51 +0300, Binyamin Dissen wrote:
 
  
  As long as all work areas used by the authorized program are in system
 key
  there should not be any exposure by using SYNCH.
 
  The code also needs to be in storage protected by a system key.
 
 
 The authorized code is RENT and marked RENT.  I'm pretty user the
 operating
 system will put this in write protected storage on load.  I don't think I
 have much control over this as it is the EXEC PGM= program.
 
 Storage for the unauthorized code is Key=8 (per LOAD macro ADRNAPF doc)
 and
 is in being placed in sp=252 if it is RENT or sp=251 if it is NON-RENT.
 
 After reading the Auth Assember guide, i'm not completely sure what key
 should be used when allocating storage for the un-authorized code.
 
 The LOAD macro doc say to allocate storage in the Key of the eventual user
 of the program loaded using ADRNAPF.  Since this is a problem state
 program
 SYNCH is starting it in problem state with a key of 8, it seems like the
 program storage should be key 8.
 
 The Auth assembler guide says to allocate storage loaded via ADRNAPF in
 your
 key.  At the time the LOAD is issued, the authorized program is in key 0.
 If this is used as a guide line, then the storage should be allocated in
 Key
 0.

 And what key does the authorized code run in?  What key did it start in?
 Does it have any data in key 8 storage (such as, for example, its initial
 save area that it got from the initiator when it started in key 8)?


Points mades.

Per previous comments, I'm going to use an SVC 3 to exit or use a BAKR/PR
pair.  The initiator supplied save area will be ignored.

Per comments by other posters, I'm going to change the allocation around to
ensure that no key 8 storage is used by the authorized program.  Authorized
program will then run in that system key.



 --
 Walt Farrell, CISSP
 IBM STSM, z/OS Security Design

  --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, Apr 22, 2010 at 6:36 PM, Walt Farrell wfarr...@us.ibm.com wrote:

 On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm rob.schr...@siriuscom.com
 
 wrote:

  Did you retain any authorization when doing the SYNCH (such as, having
 your
  program running in supervisor state or a system key)?  If so, you are
 likely
  to still have some major system integrity holes.  Mixing unauthorized
 and
  authorized code is extremely tricky, and most people get it wrong, in my
  experience.
 
 Do you have some guidance for the most people?
 

 In all honesty and sincerity, Rob, I have one simple piece of guidance: Do
 not try to mix authorized and unauthorized code in the same address space.
 That way lies either madness, or system integrity exposures, or both :)

 But that leads into my (personal) preferred solution: separate the
 non-authorized code by using the UNIX fork() function to put it into a
 different address space.  That's the safest and most secure method of
 separation I've seen so far.



I hear what you are saying.  I'm not sure that I want to go down the
separate address space route.

Perhaps I should consider using attach with JSCB=YES and SZERO=NO.  Would
that tend to eliminate exposure risks?

Thanks.



 --
 Walt Farrell, CISSP
 IBM STSM, z/OS Security Design

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com wrote:

 On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote:
 
 I'm trying to write some authorized code that has a requirement to invoke
 unauthorized user exits.

 First, why do they have to be unauthorized?  Your life is a lot simpler if
 you require that they come from an APF-authorized library and make the
 customer responsible for ensuring only valid code goes into those
 libraries.


The requirements exists because I'm trying to write something that will be
Ziip enabled and leased as a product.

Prior to passing the buffer to a work queue for the SRB, there is the
possibility that the user (which can be a normal programmer) will need to
modify the data in the buffer or provide additional data once the data
source has been drained.

I don't want the to impose a requirement of authorized code for the exit as
most shop will not allow application programmers to put code in an
authorized library.

Having systems staff write the code creates a bottleneck on the application
rate of change.



 Second, do you really mean user exits (that is, load modules whose names
 and
 locations the end-users supply) or installation exits (that is, load
 modules
 whose names and locations the system programmers supply)?


Yes I really mean user-exits and not installation exits.


 The concerns are different, in my opinion, for user- vs installation-exits.

 --
 Walt Farrell, CISSP
 IBM STSM, z/OS Security Design

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, 22 Apr 2010 19:13:07 +0100 Sam Siegel s...@pscsi.net wrote:

:On Thu, Apr 22, 2010 at 6:36 PM, Walt Farrell wfarr...@us.ibm.com wrote:

: On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm rob.schr...@siriuscom.com
: 
: wrote:

:  Did you retain any authorization when doing the SYNCH (such as, having
: your
:  program running in supervisor state or a system key)?  If so, you are
: likely
:  to still have some major system integrity holes.  Mixing unauthorized
: and
:  authorized code is extremely tricky, and most people get it wrong, in my
:  experience.

: Do you have some guidance for the most people?

: In all honesty and sincerity, Rob, I have one simple piece of guidance: Do
: not try to mix authorized and unauthorized code in the same address space.
: That way lies either madness, or system integrity exposures, or both :)

: But that leads into my (personal) preferred solution: separate the
: non-authorized code by using the UNIX fork() function to put it into a
: different address space.  That's the safest and most secure method of
: separation I've seen so far.

:I hear what you are saying.  I'm not sure that I want to go down the
:separate address space route.

:Perhaps I should consider using attach with JSCB=YES and SZERO=NO.  Would
:that tend to eliminate exposure risks?

You will still need to protect your storage.

--
Binyamin Dissen bdis...@dissensoftware.com
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: DCOLLECT QUESTION

2010-04-22 Thread Darth Keller

I am using the DATA SET SELECTION ENTRY PANEL i.e option 1 in the ISMF 
PRIMARY OPTION MENU.  Pardon my bad eye sight however I don't see any 
place, in this option, to plug the dsn.  Below is what I see in option 
1.
 
OK - this is the same way I was generating a similar list.  Once my list 
is displayed, I'd use the LISTPRT command to copy the output to my dsn. 
The panel shown after the LISTPRT is entered looks like this to me.  With 
Standard, the fields are side by side across the page; with Roster, each 
field is on a new line - which way I chose to print my list generally 
depends on how many fields I want and how I intend to process the output.
  
Select Format Type  . . . . . 1  (1 - Standard, 2 - Roster)  
Report Data Set Name  . . . .  test.listprt your 
pre-allocated dsn here 
Replace Report Contents . . . y  (Y or N)  Lines/Page . . . 55  (12 to 99) 
    'Y' to replace 
Specify Tags to be Printed:  
===  26 3    prints the DSN, 
Allocated Space,  MgmtClass; tags are separated by blanks 
 
   Line Operator(24)  Change Indicator  
   Data Set Name (6)  Compressed Format  
  (3)  Allocated Space  (20)  Creation Date  
  (9)  Allocation Unit  (25)  Data Class Name  
 (14)  Block/CI Size(30)  Data Set Name Type  
 (16)  Block Unused (34)  DDM Attributes  
 (35)  CCSID Description(19)  Device Type  
 (39)  CF CACHE Set Name(29)  DS Environment  
 (38)  CF CACHE Structure Name  (11)  DS Organisation  
 (37)  CF Monitor Status(32)  Entry Type  
 (36)  CF Status Indicator  (21)  Expiration Date  
Use ENTER to Perform Print; Use DOWN Command for next Panel; 

Additional options, like the MgmtClas are on the next page.  These are the 
default values here that I would use if I were going to pre-allocate
a dataset with a larger allocation are
Data class . . . . . : DCSTDFLT 
 Organization  . . . : PS 
 Record format . . . : FBA 
 Record length . . . : 133 
 Block size  . . . . : 27930 
 1st extent cylinders: 100 
 Secondary cylinders : 20 

Hope that all helps.
ddk

This e-mail message and all attachments transmitted with it may
contain legally privileged and/or confidential information intended
solely for the use of the addressee(s). If the reader of this
message is not the intended recipient, you are hereby notified that
any reading, dissemination, distribution, copying, forwarding or
other use of this message or its attachments is strictly
prohibited. If you have received this message in error, please
notify the sender immediately and delete this message and all
copies and backups thereof. Thank you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

On Thu, 22 Apr 2010 19:13:07 +0100, Sam Siegel wrote:

On Thu, Apr 22, 2010 at 6:36 PM, Walt Farrell wrote:

 On Thu, 22 Apr 2010 09:28:32 -0400, Rob Schramm wrote:

 Do you have some guidance for the most people?

 But that leads into my (personal) preferred solution: separate the
 non-authorized code by using the UNIX fork() function to put it into a
 different address space.  That's the safest and most secure method of
 separation I've seen so far.

I hear what you are saying.  I'm not sure that I want to go down the
separate address space route.

PITA, because the child address space doesn't inherit allocations
from the parent.  Can't because of ENQ conflicts.  Wishlist item:
An option to fork() allowing _all_ (even better, selected) allocations
to be passed to the child and removed fro the parent.

Second choice would be a utility (necessarily authorized) which
would perform allocations from a list in the environment (TSOALLOC?)
and invoke an executable in the correct APF state.  An extension
to BPX1EXM.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

2010-04-22 Thread Rick Fochtman


--snip


TOCTTOU!
   


YLSED.
 


--unsnip
Would someone explain this to me? Offlist is OK.

Rick

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe Applications Development using a modern GUI

2010-04-22 Thread Thomas David Rivers


If you use the Dignus tool set, you can do your C/C++ and
ASM development on your PC/Linux/Unix, with just about any GUI
environment you'd like.  So - pick your favorite!

This can make for a very powerful developing environment.

 - Dave Rivers -



Paul Gilmartin wrote:

On Thu, 22 Apr 2010 07:22:23 -0500, Eyal Rothfeld wrote:



Does anybody know any new technologies which can be used in order to
develop new modern applications for the mainframe platform ?

IBM offers EGL ( http://en.wikipedia.org/wiki/EGL_%28programming_language%
29or:
http://www.ibm.com/developerworks/rational/products/egl/egldoc.html )
I remember that IBM had visualage agnerator in the past (http://www-
01.ibm.com/software/awdtools/visgen/ )

Any recommended alternatives to IBM ?



Ironically, there was an alternative:

Continuus -- TeleLogic -- IBM CM/Synergy.

So, no longer an alternative to IBM.  I wonder if they'll
retrofit it to z?

But requires coupling to cross-platform language processors such
as SAS/Tachyon/Dignus.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html



--
riv...@dignus.comWork: (919) 676-0847
Get your mainframe programming tools at http://www.dignus.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On 22 April 2010 14:56, Rick Fochtman rfocht...@ync.net wrote:
 --snip

 TOCTTOU!

 YLSED.
 --unsnip
 Would someone explain this to me? Offlist is OK.

I first saw the acronym in IBM's original MVS description of System
Integrity. It's the Time Of Check To Time Of Use problem, that I'm
sure you're well aware of. The main reason why things like VSMLOC are
not a good approach to checking storage addresses.

You Learn Something Every Day.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Anne Lynn Wheeler

a different variation on the COBOL theme

Moving old code from mainframe to servers
http://www.fiercecio.com/story/moving-old-code-mainframe-servers/2010-04-21
One firm's story: The mainframe goes, but Cobol stays behind
http://www.computerworld.com/s/article/9175840/One_firm_s_story_The_mainframe_goes_but_Cobol_stays_behind?source=rss_news

from above:

A lot of Cobol-based applications have a plot line similar to the first
Star Trek movie.

In it, the crew of the Enterprise discovers a huge, intelligent cloud
they called V'ger. It turns out (plot spoiler alert), though, that
V'ger was an unmanned spacecraft called Voyager that had been launched
from Earth some 300 years earlier and then readapted by alien forces.

... snip ...

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Itschak Mugzach

Interesting. If Cobol would be a problem, I would expect most of IBM
mainframe shops to develop new applications in (so called) modern languages.
I don't see it here in Israel. Most of the new code is still developed in
Cobol, Natural and some PL/I. farther more, if you are a mainframe centric
shop, it would be so cleaver to distribute your applications when everybody
is doing the opposite (server consolidation, green computing, etc.). What I
do see is a movement from direct coding to rule engines and code generators.
At end, programming will be like tailoring. Experts will develop the rules,
and the programmer will just drive the records in and our invoking the
rules.

As other wrote, Cobol is just another language in the forest, an easier one
to understand.

ITschak

On Thu, Apr 22, 2010 at 11:29 PM, Anne Lynn Wheeler l...@garlic.comwrote:

a different variation on the COBOL theme

Moving old code from mainframe to servers
http://www.fiercecio.com/story/moving-old-code-mainframe-servers/2010-04-21
One firm's story: The mainframe goes, but Cobol stays behind

http://www.computerworld.com/s/article/9175840/One_firm_s_story_The_mainframe_goes_but_Cobol_stays_behind?source=rss_news

from above:

A lot of Cobol-based applications have a plot line similar to the first
Star Trek movie.

In it, the crew of the Enterprise discovers a huge, intelligent cloud
they called V'ger. It turns out (plot spoiler alert), though, that
V'ger was an unmanned spacecraft called Voyager that had been launched
from Earth some 300 years earlier and then readapted by alien forces.

... snip ...

--
42yrs virtualization experience (since Jan68), online at home since Mar1970

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Anne Lynn Wheeler

imugz...@gmail.com (Itschak Mugzach) writes:
 Interesting. If Cobol would be a problem, I would expect most of IBM
 mainframe shops to develop new applications in (so called) modern languages.
 I don't see it here in Israel. Most of the new code is still developed in
 Cobol, Natural and some PL/I. farther more, if you are a mainframe centric
 shop, it would be so cleaver to distribute your applications when everybody
 is doing the opposite (server consolidation, green computing, etc.). What I
 do see is a movement from direct coding to rule engines and code generators.
 At end, programming will be like tailoring. Experts will develop the rules,
 and the programmer will just drive the records in and our invoking the
 rules.

 As other wrote, Cobol is just another language in the forest, an easier one
 to understand.

re:
http://www.garlic.com/~lynn/2010h.html#46 COBOL - no longer being taught - is a 
problem

there was big push in the 90s to re-engineer a lot of legacy financial
applications (large percentage cobal) that were running settlement batch
applications running overnight; using new languages, new processes,
large numbers of killer micros and parallel operation ... in order to
have straight through processing (eliminating overnight batch
settlement for transactions). the toy demos looked good but things
collapsed when it came to production rollout. they had ignored
speedsfeeds and the technology used had something like 100 times more
overhead than the batch cobol (totally swamping any anticipated
increased thruput from large numbers of killer micros).

In the past decade, I've done some consulting with company that has
developed an infrastructure that translates high-level financial
business rules into fine-grain SQL transactions. they've been able to
demo rapid development/deployment of straight through processing
... with highly parallelized and very high transaction rates. A primary
difference compared to the 90s efforts ... is that they rely on the
significant parallel technology that has been developed by RDBMS vendors
(rather than trying to invent everything from scratch).

The parallel RDBMS implementation may have 4-5 times the overhead
compared to non-parallelized/sequential batch cobol with vsam ... but
the real-time thruput is significantly increased with parallel operation
(able to accomplish straight through processing and eliminate the
overnight batch settlement).

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Stopping zOS

2010-04-22 Thread Guy Gardoit

http://bama.ua.edu/cgi-bin/wa?A2=ind0910L=ibm-mainP=R29080I=1X=-

Use RESET CLEAR just to be sure

On Tue, Apr 20, 2010 at 11:41 PM, R.S. r.skoru...@bremultibank.com.plwrote:

 McKown, John pisze:

  -Original Message-
 From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
 Behalf Of Tony Harminc
 Sent: Tuesday, April 20, 2010 11:39 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: Stopping zOS

 On 20 April 2010 12:35, Mark Zelden mzel...@flash.net wrote:

 There is also a QUIESCE command, which puts the system in a x'CCC'
 wait state that is restartable.  You wouldn't want to

 normally do that

 these days.

 Why?

 Tony H.


 The IP connectivity goes into the toliet and all the clients would need to
 reconnect. QUIESCE is not of any particular use, other than perhaps after a
 Z EOD to make sure that all I/O is complete. I.e. you'd never want to do a
 restart after doing a QUIESCE.


 IMHO the best way to stop I/O and clear or the reservations is to use HMC
 Reset icon.

 --
 Radoslaw Skorupka
 Lodz, Poland


 --
 BRE Bank SA
 ul. Senatorska 18
 00-950 Warszawa
 www.brebank.pl

 S d Rejonowy dla m. st. Warszawy XII Wydzia  Gospodarczy Krajowego Rejestru
 S dowego, nr rejestru przedsi biorców KRS 025237
 NIP: 526-021-50-88
 Wed ug stanu na dzie  01.01.2009 r. kapita  zak adowy BRE Banku SA (w ca o
 ci wp acony) wynosi 118.763.528 z otych. W zwi zku z realizacj  warunkowego
 podwy szenia kapita u zak adowego, na podstawie uchwa y XXI WZ z dnia 16
 marca 2008r., oraz uchwa y XVI NWZ z dnia 27 pa dziernika 2008r., mo e ulec
 podwy szeniu do kwoty 123.763.528 z . Akcje w podwy szonym kapitale zak
 adowym BRE Banku SA b d  w ca o ci op acone.


 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html




-- 
Guy Gardoit
z/OS Systems Programming

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

2010-04-22 Thread Ed Gould

From: Ted MacNEIL eamacn...@yahoo.ca
To: IBM-MAIN@bama.ua.edu
Sent: Thu, April 22, 2010 10:05:02 AM
Subject: Re: COBOL - no longer being taught - is a problem

Considering how many different programming languages I've had to deal
with over the course of my career, one of the most useful skills I acquired in 
school was the ability to learn new programming languages,
not the ability to program in some specific language.

I don't disagree with that concept, but in the case of the rookie (or co-op) 
programmer, why not teach them COBOL while you're teaching them programming 
skills. They have to learn some language, and COBOL is still a major need in 
the IT working world.
---
Ted:
Interesting issue. I have talked to people who do the hiring of application 
types and the consensus that I have heard is that the more languages an 
application knows the more likely he/she will be hired. Now I am talking 
reasonably current languages, not Fortran RPG etc... COBOL still is a MUST. 
Having said that saying you know a language is a far stretch (at times) from 
working in it on a day to day basis.

Some of the comments on here seem to think that things like DYL and EASYTREIVE 
RPG, frankly I do not agree they are really languages. I am not trying to put 
down the report programs but you must admit they are a little far from a 
computer language, NO? In fact I have seen clerks (and I do mean clerks) write 
a program. Now these programs were compiled with assembler H. They were 
essentially HUGE Macro's. The easytrieve category is somewhat more programmer 
oriented as you had to work with fields in a record. Where the assembler 
programs it was all done underneath the covers so the clerks did not have to 
worry about  record layouts.

The idea of language is getting a little loose I will grant you but I will 
stand on RPG, EASYTREIVE, DYL and others in my opinion are not anything close 
to a language.

I am curious as to what other have to say about what is and what isn't a 
language.

Ed

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

2010-04-22 Thread Chris Craddock

On Thu, Apr 22, 2010 at 1:19 PM, Sam Siegel s...@pscsi.net wrote:

 On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com wrote:

  On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote:
  
  I'm trying to write some authorized code that has a requirement to
 invoke
  unauthorized user exits.
 
  First, why do they have to be unauthorized?  Your life is a lot simpler
 if
  you require that they come from an APF-authorized library and make the
  customer responsible for ensuring only valid code goes into those
  libraries.
 

 The requirements exists because I'm trying to write something that will be
 Ziip enabled and leased as a product.

 Prior to passing the buffer to a work queue for the SRB, there is the
 possibility that the user (which can be a normal programmer) will need to
 modify the data in the buffer or provide additional data once the data
 source has been drained.

 I don't want the to impose a requirement of authorized code for the exit as
 most shop will not allow application programmers to put code in an
 authorized library.

 Having systems staff write the code creates a bottleneck on the application
 rate of change.


 
  Second, do you really mean user exits (that is, load modules whose names
  and
  locations the end-users supply) or installation exits (that is, load
  modules
  whose names and locations the system programmers supply)?
 

 Yes I really mean user-exits and not installation exits.



I really don't want to be rude about this so please be tolerant of my
apparent insensitivity. Your questions indicate a basic lack of
understanding of the intricacies of this kind of software. Without
understanding all of the nuances it is almost impossible to avoid wandering
into dangerous territory and putting your customers at significant
availability and integrity risk. Writing an SRB-mode application that runs
reliably all the time is hard enough on its own. Writing a mixed mode
application that (safely) provides access for non-privileged callers is
really hard and there's just no pretending otherwise. Walt's advice here and
in the other ADRNAPF thread is exactly right. Borrowing an old saying about
the price of a Rolls-Royce... if you have to ask, you can't afford it.

In all honesty I would strongly recommend walking away from this idea.

-- 
This email might be from the
artist formerly known as CC
(or not) You be the judge.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On Thu, Apr 22, 2010 at 11:22 PM, Chris Craddock crashlu...@gmail.comwrote:

 On Thu, Apr 22, 2010 at 1:19 PM, Sam Siegel s...@pscsi.net wrote:

  On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com
 wrote:
 
   On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote:
   
   I'm trying to write some authorized code that has a requirement to
  invoke
   unauthorized user exits.
  
   First, why do they have to be unauthorized?  Your life is a lot simpler
  if
   you require that they come from an APF-authorized library and make the
   customer responsible for ensuring only valid code goes into those
   libraries.
  
 
  The requirements exists because I'm trying to write something that will
 be
  Ziip enabled and leased as a product.
 
  Prior to passing the buffer to a work queue for the SRB, there is the
  possibility that the user (which can be a normal programmer) will need to
  modify the data in the buffer or provide additional data once the data
  source has been drained.
 
  I don't want the to impose a requirement of authorized code for the exit
 as
  most shop will not allow application programmers to put code in an
  authorized library.
 
  Having systems staff write the code creates a bottleneck on the
 application
  rate of change.
 
 
  
   Second, do you really mean user exits (that is, load modules whose
 names
   and
   locations the end-users supply) or installation exits (that is, load
   modules
   whose names and locations the system programmers supply)?
  
 
  Yes I really mean user-exits and not installation exits.



 I really don't want to be rude about this so please be tolerant of my
 apparent insensitivity. Your questions indicate a basic lack of
 understanding of the intricacies of this kind of software. Without
 understanding all of the nuances it is almost impossible to avoid wandering
 into dangerous territory and putting your customers at significant
 availability and integrity risk. Writing an SRB-mode application that runs
 reliably all the time is hard enough on its own. Writing a mixed mode
 application that (safely) provides access for non-privileged callers is
 really hard and there's just no pretending otherwise. Walt's advice here
 and
 in the other ADRNAPF thread is exactly right. Borrowing an old saying about
 the price of a Rolls-Royce... if you have to ask, you can't afford it.

 In all honesty I would strongly recommend walking away from this idea.


Chris,

I understand what you are saying and I'm not taking anything personally.
 However, I must ask how is one to learn these things.  I'm
not pretending to be anything or diminishing the complexity.  I thought my
approach was exactly the opposite.  Ask for advice from those that know.
 I knew that the questions expose my level of experience when I wrote them.

There must be some way to gain this expertise.

I believe my product idea is usefully and I want to make sure that it is
also safe.  Clearly just writing an authorized only program and not allowing
a problem state user exit is the preferred way to go.  However, if it is
reasonably possible to provide a problem state user exit, I would like to
explore it.

I'm trying my best to ensure integrity and still create something
marketable.

If you and Walt are saying this is impossible outside of IBM or a
vendor environment like BMC or CA then this is unfortunately.

It would really be great if the people with the experience and scars would
provide the details required to write this type of application correctly.
 I'm open to suggestions and would very much appreciate them.

Again any advice on how to accomplish this would be greatly appreciated.  Or
a confirmation that this is just not possible regardless of the advice
provided would also be appreciated.

Sam


 --
 This email might be from the
 artist formerly known as CC
 (or not) You be the judge.

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

It is possible but there are quite a few gotcha's. And these gotcha's could
allow an application programmer to crash the system.

Do not wish to appear to be insensitive, but its takes quite a bit of
experience to do this correctly. You need a real mentor - hands on - to walk
you thru your design and code. As you appear to be writing from a software
house, perhaps your colleagues can help.



On Thu, 22 Apr 2010 23:49:04 +0100 Sam Siegel s...@pscsi.net wrote:

:On Thu, Apr 22, 2010 at 11:22 PM, Chris Craddock crashlu...@gmail.comwrote:
:
: On Thu, Apr 22, 2010 at 1:19 PM, Sam Siegel s...@pscsi.net wrote:
:
:  On Thu, Apr 22, 2010 at 6:42 PM, Walt Farrell wfarr...@us.ibm.com
: wrote:
: 
:   On Thu, 22 Apr 2010 15:07:52 +0100, Sam Siegel s...@pscsi.net wrote:
:   
:   I'm trying to write some authorized code that has a requirement to
:  invoke
:   unauthorized user exits.
:  
:   First, why do they have to be unauthorized?  Your life is a lot simpler
:  if
:   you require that they come from an APF-authorized library and make the
:   customer responsible for ensuring only valid code goes into those
:   libraries.
:  
: 
:  The requirements exists because I'm trying to write something that will
: be
:  Ziip enabled and leased as a product.
: 
:  Prior to passing the buffer to a work queue for the SRB, there is the
:  possibility that the user (which can be a normal programmer) will need to
:  modify the data in the buffer or provide additional data once the data
:  source has been drained.
: 
:  I don't want the to impose a requirement of authorized code for the exit
: as
:  most shop will not allow application programmers to put code in an
:  authorized library.
: 
:  Having systems staff write the code creates a bottleneck on the
: application
:  rate of change.
: 
: 
:  
:   Second, do you really mean user exits (that is, load modules whose
: names
:   and
:   locations the end-users supply) or installation exits (that is, load
:   modules
:   whose names and locations the system programmers supply)?
:  
: 
:  Yes I really mean user-exits and not installation exits.
:
:
:
: I really don't want to be rude about this so please be tolerant of my
: apparent insensitivity. Your questions indicate a basic lack of
: understanding of the intricacies of this kind of software. Without
: understanding all of the nuances it is almost impossible to avoid wandering
: into dangerous territory and putting your customers at significant
: availability and integrity risk. Writing an SRB-mode application that runs
: reliably all the time is hard enough on its own. Writing a mixed mode
: application that (safely) provides access for non-privileged callers is
: really hard and there's just no pretending otherwise. Walt's advice here
: and
: in the other ADRNAPF thread is exactly right. Borrowing an old saying about
: the price of a Rolls-Royce... if you have to ask, you can't afford it.
:
: In all honesty I would strongly recommend walking away from this idea.
:
:
:Chris,
:
:I understand what you are saying and I'm not taking anything personally.
: However, I must ask how is one to learn these things.  I'm
:not pretending to be anything or diminishing the complexity.  I thought my
:approach was exactly the opposite.  Ask for advice from those that know.
: I knew that the questions expose my level of experience when I wrote them.
:
:There must be some way to gain this expertise.
:
:I believe my product idea is usefully and I want to make sure that it is
:also safe.  Clearly just writing an authorized only program and not allowing
:a problem state user exit is the preferred way to go.  However, if it is
:reasonably possible to provide a problem state user exit, I would like to
:explore it.
:
:I'm trying my best to ensure integrity and still create something
:marketable.
:
:If you and Walt are saying this is impossible outside of IBM or a
:vendor environment like BMC or CA then this is unfortunately.
:
:It would really be great if the people with the experience and scars would
:provide the details required to write this type of application correctly.
: I'm open to suggestions and would very much appreciate them.
:
:Again any advice on how to accomplish this would be greatly appreciated.  Or
:a confirmation that this is just not possible regardless of the advice
:provided would also be appreciated.

--
Binyamin Dissen bdis...@dissensoftware.com
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

2010-04-22 Thread Chris Craddock

On Thu, Apr 22, 2010 at 5:49 PM, Sam Siegel s...@pscsi.net wrote:

 I understand what you are saying and I'm not taking anything personally.
  However, I must ask how is one to learn these things.  I'm
 not pretending to be anything or diminishing the complexity.  I thought my
 approach was exactly the opposite.  Ask for advice from those that know.
  I knew that the questions expose my level of experience when I wrote them.

 There must be some way to gain this expertise.



Ah yes, there's the rub. There IS a way to do it, but as I am fond of
saying, it takes approximately 30 years to get 30 years of experience :-)

The big problem is that this platform has evolved over 45 years or so. Back
when it started out nobody knew about integrity and there wasn't a lot of
difference between the programming environment seen by the system and the
application. As time passed things got a whole lot more sophisticated and
vastly more complex, but the documentation didn't keep up. In the mainframe
community there were always two tribes; the systems software tribe (made up
of IBM and the ISVs) and everyone else. Within the systems software
tribe, the knowledge of the elders was passed around by word of mouth (or by
reading microfiche/dumps :-) ) so by and large nobody within IBM really felt
there was a need to spell out the how-tos. But fast forward to today and
unless you have spent quite a lot of time working in a professional software
development environment where this sort of thing is the daily grind, there's
just no way to get a complete picture in anything approaching a reasonable
amount of time.

If I am brutally honest, most of the programmers remaining in the systems
software tribe don't really know all the rules anymore (if ever) and don't
(or shouldn't) write that kind of code. Aside from the likes of a few well
known names from around here, very little of this sort of code is actually
being written from whole cloth any more. Mostly it is little changes being
grafted onto existing code here and there, so providing the existing code's
basic infrastructure is sound the risks are minimized. But even so, there
are some giant yawning chasms of exposures out there. They're just not as
well known or recognized as they are on other platforms. Security/Integrity
through obscurity is more common than anything else. (Oops, did I say that
out loud? My bad!)



 I believe my product idea is usefully and I want to make sure that it is
 also safe.  Clearly just writing an authorized only program and not
 allowing
 a problem state user exit is the preferred way to go.  However, if it is
 reasonably possible to provide a problem state user exit, I would like to
 explore it.

 I'm trying my best to ensure integrity and still create something
 marketable. If you and Walt are saying this is impossible outside of IBM or
 a
 vendor environment like BMC or CA then this is unfortunately.

 It would really be great if the people with the experience and scars would
 provide the details required to write this type of application correctly.
  I'm open to suggestions and would very much appreciate them.

 Again any advice on how to accomplish this would be greatly appreciated.
  Or
 a confirmation that this is just not possible regardless of the advice
 provided would also be appreciated.



It is possible to write this kind of thing, but without the benefit of
having someone to look over your shoulder (IMO) there isn't ANY chance of
getting it right. Certainly not the first, second or third try. I would
personally rule out running unauthorized code within the confines of an
authorized address space NO MATTER WHAT. I would not tackle it myself and if
I was the person looking over your shoulder, I would just say no. But if you
can go to the trouble of setting things up with two address spaces (perhaps
by using fork() as Walt suggested, or just a garden variety long running
non-APF started task) then you would be at least part way there. The problem
that remains is that it turns out to be a mountain of code and setup and you
would still have to deal with xmemory serialization, integrity and security
issues. So your biggest problem isn't that what you're trying to do is
necessarily a bad idea, it is just too big and too hard to tackle as a
learning exercise.

Now if you could tackle something else smaller and more manageable to get
your feet wet first, that would be a good thing.

-- 
This email might be from the
artist formerly known as CC
(or not) You be the judge.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Calling unauthorized code from an authorized address space

On 22 April 2010 14:19, Sam Siegel s...@pscsi.net wrote:

 The requirements exists because I'm trying to write something that will be
 Ziip enabled and leased as a product.

 Prior to passing the buffer to a work queue for the SRB, there is the
 possibility that the user (which can be a normal programmer) will need to
 modify the data in the buffer or provide additional data once the data
 source has been drained.

 I don't want the to impose a requirement of authorized code for the exit as
 most shop will not allow application programmers to put code in an
 authorized library.

Is there a true requirement that your end users/application
programmers supply assembler language (or C or similar) code  to do
this buffer changing? I ask because another approach may be to
interpret something the user supplies - whether a control language of
your own invention, or something more general like REXX, for which
interpreters are already available - that does not have the ability to
execute arbitrary code on the metal. (Yes, I realize that REXX can
write to storage, but that sort of thing can be controlled quite
tightly.)

In theory you could interpret compiled assembler code, but what would
be the point?

Since you mention a data source, and the possibility of its being
drained and needing refilling, yet another approach may be to treat
this as a pipe that gets filled by an unauthorized program from
another address space. You can use UNIX piping techniques, or any of
various shared memory schemes. Or even TCP/IP or SNA... How usable
this will be depends largely on throughput vs latency issues. Of
course it's hard to understand what you are really trying to
accomplish, and I appreciate you don't want to give a full description
for presumably commercial reasons, but if you can explain a bit more,
I'll bet there will be good ideas here.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: ADRNAPF was IEBCOP Y losing APF authori sation i n mi ddle of JOB - etc?

2010-04-22 Thread Chris Craddock


 As long as all work areas used by the authorized program are in system key
 there should not be any exposure by using SYNCH.



True in an absolute theoretical sense, but in reality there is NO way to
guarantee that. If we're talking about a function like OPEN as the example
case of a privileged program SYNCHing to a non-privileged one, we're also
talking about a system function where the chain of integrity is maintained
from the point of entry to the supervisor state environment and there used
to be exposures even there. In the general case there just isn't any way to
make it work out safely. ALL authorized address spaces start out in key 8
(unless there's a PPT entry to dictate otherwise) and there are a bazillion
storage areas laying around that the SYNCH'd-to program could diddle with as
it pleases, ergo a giant integrity hole. If the address space has a system
key (via PPT) then every task mode unit of work is going to have a PKM that
allows it to switch to that key, so even turning off JSCBAUTH and passing
control to the unauthorized code would not be any safer and even worse, if
you have code that is trying to run in a key other than the job step key,
there are a whole lot of things in MVS that just flat out don't work because
there are embedded assumptions about the job step key (e.g. anything using
step level storage pools)

So the system does not ever (so far as I am aware) give control to
non-authorized code within an address space that can be considered
authorized in ANY way. The other (opposite) case mentioned elsewhere is one
of calling privileged user-written code from within an unauthorized address
space is not really relevant, but in any case it requires unnatural acts
internally; basically stopping every non-authized TCB while the authorized
code runs.

I realize you're not arguing that Sam should do this sort of thing, but I
think you're unintentionally giving some hope that it is doable when it
really isn't.


-- 
This email might be from the
artist formerly known as CC
(or not) You be the judge.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem

On 22 April 2010 17:59, Ed Gould ps2...@yahoo.com wrote:

 The idea of language is getting a little loose I will grant you but I will 
 stand on RPG, EASYTREIVE, DYL and others in my opinion are not anything close 
 to a language.

 I am curious as to what other have to say about what is and what isn't a 
 language.

No doubt the most obvious example is Excel (or similar spreadsheets).
Any number of managers, clerks, professionals and so on write their
own spreadsheet formulas, and sometimes macros, and any number of them
are wrong in so many ways. But life and business continues...

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: COBOL - no longer being taught - is a problem