Re: When will MVS be able to use cheap dasd
He was talking about TCA. [Ron Hawkins] He was talking about True Copy Asynch? I don't get the connection. Total cost of acquisition. Just because I'm using a non-company e-mail, maybe because they do not want Ms people to appear to be their spokespeople, does not invalidate my response. [Ron Hawkins] Oh fiddlesticks. I don't use a company email either. Go take a paranoia pill and stop building straw men. And, then what did your comment mean, about my e-mail address? And, I went through it, a couple of times! [Ron Hawkins] What did you go through? Therapy? Ad hominem! It looks more to me like it was someone else's complaint, related to you at SCIDS or similar. Glad you can read minds! It was a job interview, and it was one of his issues. [Ron Hawkins] What did your email say? Let's see now: I was discussing this with a Storage Manager at a large Canadian Bank. OK, let's do multiple choice. This sounds like you were having: a) A job interview So, now I have to give a detailed description of every conversation I've ever had? b) A conversation at SCIDS Never been to SCIDS. c) A PTA meeting Ad hominem d) A triple latte at the coffee machine Ad hominem. Mine, as well. I lived through it, at one (or more) site(s). W[Ron Hawkins] OK, calm down Ted. I'm glad you lived through it. I made a comment. You attacked. Maybe lived through it is too livid for your taste. But, I've attempted to explain that we have bought the same hardware for open and z and the z version cost more. We all know these things are like surviving in a Chilean Copper mine. Ha! Ha! So, I'm just checking for where your mentioned your experience in the email we are referring to. Bank Manager says His biggest complaint was that the same DASD cost more if he used it under z/OS than the case under LINUX/AIX/UNIX/etc. Ted says... errr, ahh, hmmm, well I don't see anything you said about your experience Ted. Am I supposed to read your mind? Gee, I forgot to consolidate every e-mail I've ever posted! Just because it does not match your experience, it's not invalid. [Ron Hawkins] You never told us what your experience is, and I did not say your Bank Manager's opinion is invalid: are you reading my mind. You did say it doesn't happen. You didn't provide any qualification or quantification of his comment, so I offered an opinion as to what I thought the scope of the comment may be. What's your problem with that? In your whole life you have never said I think what he meant was... Ted, in that email you just repeated someone else's experience and did not mention your own. I did originally. [Ron Hawkins] I really try my best to stick to the facts when I respond to you Ted, but I really can do without this sort of insult and your boorish lack of respect for others. I see! Therapy SCIDS! That must show respect, in spades. when I read your EXCP/IOTM comment the other week I almost fell off the chair laughing. How do you get the same thing wrong twice? I'm not sure what you're talking about here, but I was stating, if I have this correct, that there was an option to change EXCPs to connect time, rather than blocks transfered.n You disagreed, and I told you when it happened. If it's something else, than I'm lost. Mate, here's your big chance. Step up to the plate and describe where in those three paragraphs I attack you in that email response, or STFU. The SCIDS comment, for one. This, I read as ridicule. It happened, and nothing you can say will change that! [Ron Hawkins] Errr what happened? Read the post. This was the fact that it cost more for the same hardware under 'z' than under open. I didn't think I had to repeat that which was already stated. - I'm a SuperHero with neither powers, nor motivation! [Ron Hawkins] Well, I don't agree that you're a superhero. You need to find someone else to debate the level of your other abilities. Of course, that was NOT an attack. Well done Ted, you just pushed all my buttons. That was NOT my intent. I've been involved three times with DASD costing more for the same hardware on 'z' than open. One of my posts asked why, and you stated it has never happened in your experience, and when I stated it had you started this set of responses. I had also stated that I had a discusion with a Storage Manager at a large Canadian Bank, even before you chimed in with that comment about it not happening. I didn't realise I had to tape the comments and provide a notarised affidavit. Suddenly, we're at odds. If that's boorish, fine. Ron (who usually plays well with others) NOT this time. - I'm a SuperHero with neither powers, nor motivation! Kimota! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
EZASOKET returns zero for socket descriptor in SOCKET call.
Hi, For the SOCKET function in the EZASOKET call, I always get zero as the socket descriptor. This happens even when I am doing INITAPI before SOCKET. Although, the manual describes that SOCKET will implicitly make a INITAPI call. Where am I going wrong ? I am doing this in COBOL in batch environment (to be later emulated in CICS as well). Nagesh -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: JES2 Control Block
I don't believe so. All the execution node does is look at the NOTIFY statement on the jobcard (if it is there) and sends a message back to the the origin node via JES2 services/RTAM, and the origin JES2 sends a notify to the userid via MVS SEND. The execution node tries to use the same job number that the originating node allocated provided it's not already in use and it's in the job number range. It's all talked about in the JES2 Init and Tuning Guide. Ant. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of vatsal raicha Sent: Thursday, 14 October 2010 2:21 PM To: IBM-MAIN@bama.ua.edu Subject: JES2 Control Block Hi, I am submitting a job at one lpar with /*route xeq statement to NJE it over to another lpar. Once the Job is received at another lpar, the sending lpar receives a message with the job number assigned at the receiving lpar. Does Jes2 save this Job number( from the receiving lpar) somewhere at the sending lpar? If yes, can it be accessed via any jes2 control blocks? Thanks, Vatsal -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: JES2 Control Block
Does Jes2 save this Job number( from the receiving lpar) somewhere at the sending lpar? Once a job is sent to another node, the transmitting JES2 cuts a SMF26 record, and 'forgets' everything about the transmitted job. There is nothing left. - I'm a SuperHero with neither powers, nor motivation! Kimota! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: JES2 Control Block
Hi Anthony, I agree with you, but one more thing that made me feel that some where the new Job number might be saved some where as when the execution is complete and the output is received back at the node which sent the job, should be able to match the two jobs. If I see in sdsf, the job numbe on ST panel is different and the job number in the jesmsglg is diff, so Jes should be able to match these two or may be it does something else to ensure this. Thanks, Vatsal On Thu, Oct 14, 2010 at 2:41 PM, Anthony Thompson anthony.thomp...@nt.gov.au wrote: I don't believe so. All the execution node does is look at the NOTIFY statement on the jobcard (if it is there) and sends a message back to the the origin node via JES2 services/RTAM, and the origin JES2 sends a notify to the userid via MVS SEND. The execution node tries to use the same job number that the originating node allocated provided it's not already in use and it's in the job number range. It's all talked about in the JES2 Init and Tuning Guide. Ant. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of vatsal raicha Sent: Thursday, 14 October 2010 2:21 PM To: IBM-MAIN@bama.ua.edu Subject: JES2 Control Block Hi, I am submitting a job at one lpar with /*route xeq statement to NJE it over to another lpar. Once the Job is received at another lpar, the sending lpar receives a message with the job number assigned at the receiving lpar. Does Jes2 save this Job number( from the receiving lpar) somewhere at the sending lpar? If yes, can it be accessed via any jes2 control blocks? Thanks, Vatsal -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: JES2 Control Block
If I see in sdsf, the job numbe on ST panel is different and the job number in the jesmsglg is diff, so Jes should be able to match these two or may be it does something else to ensure this. JES2 doesn't match anything. The job comes back from the node it was transmitted to, but the number will be that from the transmitted site. And, again, the number can be changed because it's a duplicate, or outside the range. Job numbers are irrelevent. They are unique within a node, but that's about all that can be said. Once you ship a job to another node, there are no guarantees. - I'm a SuperHero with neither powers, nor motivation! Kimota! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: JES2 Control Block
As Ted said. The NJE job headers only bother to record the job number assigned on the originating node as the job travels through the various nodes. Ant. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of vatsal raicha Sent: Thursday, 14 October 2010 4:24 PM To: IBM-MAIN@bama.ua.edu Subject: Re: JES2 Control Block Hi Anthony, I agree with you, but one more thing that made me feel that some where the new Job number might be saved some where as when the execution is complete and the output is received back at the node which sent the job, should be able to match the two jobs. If I see in sdsf, the job numbe on ST panel is different and the job number in the jesmsglg is diff, so Jes should be able to match these two or may be it does something else to ensure this. Thanks, Vatsal On Thu, Oct 14, 2010 at 2:41 PM, Anthony Thompson anthony.thomp...@nt.gov.au wrote: I don't believe so. All the execution node does is look at the NOTIFY statement on the jobcard (if it is there) and sends a message back to the the origin node via JES2 services/RTAM, and the origin JES2 sends a notify to the userid via MVS SEND. The execution node tries to use the same job number that the originating node allocated provided it's not already in use and it's in the job number range. It's all talked about in the JES2 Init and Tuning Guide. Ant. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of vatsal raicha Sent: Thursday, 14 October 2010 2:21 PM To: IBM-MAIN@bama.ua.edu Subject: JES2 Control Block Hi, I am submitting a job at one lpar with /*route xeq statement to NJE it over to another lpar. Once the Job is received at another lpar, the sending lpar receives a message with the job number assigned at the receiving lpar. Does Jes2 save this Job number( from the receiving lpar) somewhere at the sending lpar? If yes, can it be accessed via any jes2 control blocks? Thanks, Vatsal -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Using ADDRESS SDSF in OPS/MVS
For running Address SDSF under NetView I had to code the following: isfjesname = 'JES2' before the ISFCALLS(ON) mainly because NetView is started with SUB=MSTR and so doesn't run under JES2. Maybe the same for OPS/MVS? Sebastian -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Control-D replacement?
Control-D bundling function uses indexing method to create report bundles which does not really creates new files. The products I looked into, uses a different technology that creates a phisical report file for each user. I wonder if there are other products that uses mainframe created files to do the same function outside the mainframe. Itschak -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: JES2 Control Block
Anthony, Back at a site where this was important we used to manage the job number problem by assigning ranges to each JES2. Jobs submitted in Melbourne got 0-1000 and 3000 to 3999, and jobs submitted in Sydney got 2000 to 2999. This meant that when a job was submitted in Melbourne and run in Sydney it kept its original job number from Melbourne because there was not a duplicate on SPOOL at that Sydney node. Perhaps this is a way to solve your problem. And yes it was a long time ago - just 1000 job numbers LOL. Ron -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Anthony Thompson Sent: Thursday, October 14, 2010 12:36 AM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] JES2 Control Block As Ted said. The NJE job headers only bother to record the job number assigned on the originating node as the job travels through the various nodes. Ant. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of vatsal raicha Sent: Thursday, 14 October 2010 4:24 PM To: IBM-MAIN@bama.ua.edu Subject: Re: JES2 Control Block Hi Anthony, I agree with you, but one more thing that made me feel that some where the new Job number might be saved some where as when the execution is complete and the output is received back at the node which sent the job, should be able to match the two jobs. If I see in sdsf, the job numbe on ST panel is different and the job number in the jesmsglg is diff, so Jes should be able to match these two or may be it does something else to ensure this. Thanks, Vatsal On Thu, Oct 14, 2010 at 2:41 PM, Anthony Thompson anthony.thomp...@nt.gov.au wrote: I don't believe so. All the execution node does is look at the NOTIFY statement on the jobcard (if it is there) and sends a message back to the the origin node via JES2 services/RTAM, and the origin JES2 sends a notify to the userid via MVS SEND. The execution node tries to use the same job number that the originating node allocated provided it's not already in use and it's in the job number range. It's all talked about in the JES2 Init and Tuning Guide. Ant. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of vatsal raicha Sent: Thursday, 14 October 2010 2:21 PM To: IBM-MAIN@bama.ua.edu Subject: JES2 Control Block Hi, I am submitting a job at one lpar with /*route xeq statement to NJE it over to another lpar. Once the Job is received at another lpar, the sending lpar receives a message with the job number assigned at the receiving lpar. Does Jes2 save this Job number( from the receiving lpar) somewhere at the sending lpar? If yes, can it be accessed via any jes2 control blocks? Thanks, Vatsal -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
FW: The meaning of SCIDS.
All, I know what it is, but I never really knew what it stood for. One reference I found, the only one, says it means The SHARE Committee for Imbibers, Drinkers and Sots. Is this correct? Ron -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
Yes. Like one of the previous posters to this thread the company I work for used to offer a service of testing the site's defenses that we called a System Access Security Audit (SASA). This audit was completely unlike our normal System Audit which we still perform. The current System Audit checks the entire system (including security) for problems, performance issues, etc. and offers a lot of advice on what can be done to make things better, but the SASA's weren't concerned with fixing anything, just getting in and obtaining physical proof that we were there. I think we performed a little over 100 of them, and we were NEVER unsuccessful. As you can imagine, we didn't always/ever play by the Marquis of Queensbury rules, actually there were NO rules, but as I said, we were ALWAYS successful. After we had the first few under our belt, we even offered the sites a deal up front where they could choose and option that would get them the audit for free if we were unsuccessful, but pay a premium price for the SASA if we were successful. No sites ever took us up on the double or nothing option. I'm not saying that it was always easy to gain access, but I can't really say that it was overly difficult either. The easiest ones were those that we were allowed (or obtained) physical access to the site. On the other hand, a good portion of the code for VTAM, NCP, SNA and TCP (and several of the main subsystems (CICS, IMS, etc.)) was developed with the help of the people on the team. My expertise came into play once we got access to the hardware via one of the installed teleprocessing systems. Does what we did constitute hacking? I guess it depends on how you look at it. We never destroyed anything (at least not something that we couldn't fix). We didn't do it for free, and no small animals were harmed in the process. Several people were VERY unhappy with finding out they were vulnerable but I don't think anyone was ever fired for it. I think what may have upset people most was that we had to tell them that (except for the places that were really screwed up and did something really dumb like left terminals already signed on and open for us) there was almost nothing they could do about making it COMPLETELY secure in the future. No one wants to pay that much, find out they really ARE vulnerable and then be told that, short of shutting off their network and just running BATCH jobs, (although depending on their hardware service vendor and options even that would get us access to their physical tape and DASD hardware), that we would have gotten in and exposed their data regardless of what they did, or will do, in the future. It's not that we didn't show a huge number of places that they COULD make significant changes and improvements that would make it less vulnerable, but time and resources were always on our side. Remember, it's not like the casual teenage kid with a modem and Wii or a PS/3 is going to have a chance of getting in. I was happy when we finally stopped (in 2008) offering the service, it was not exactly what one would term exciting. Brian -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
Done that many times during security assessments at customers sites. for example, Look at your SYS1.UADS dataset and compare it to RACF. You probably will find users that are defined in your UADS dataset, but not in RACF. More then that, IBM's ships UADS dataset with few users that probably not defined in your racf... There are many other ways we use, but this is not the proper place to discuss them ;-) ITschak On Thu, Oct 14, 2010 at 7:14 AM, Ron Hawkins ron.hawkins1...@sbcglobal.netwrote: Ed, Your dates may be a little out. The site where I was an Operator turned on RACF in 1983. I remember because we were able to browse SYS1.UADS and get everyone's passwords after the conversion. Ron -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Ed Gould Sent: Wednesday, October 13, 2010 9:17 PM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] Mainframe hacking? --- On Wed, 10/13/10, Ricc Harding ricc.hard...@gmail.com wrote: From: Ricc Harding ricc.hard...@gmail.com Subject: Re: Mainframe hacking? To: IBM-MAIN@bama.ua.edu Date: Wednesday, October 13, 2010, 3:56 PM When I worked for a large computer manufacturing company in 1984, I would go ---SNIP- Were the shops using any security product ie RACF/ACF2/Top Secret ?I suspect at that point in time they probably did not. I certainly did not know of any installations that were using them, except perhaps 1 and I think that one got the ACF/2 free (UIC). Also I think at that time from my rather poor memory was that even with a security package the systems were just not locked as they should have been. Somewhere in the late 80's (if memory serves me) companies really got serious about security. Of course if people posted the passwords with stickem notes then all bets are off on any security package. My vague recollection is that the first few years of RACF were pretty bad (for security) I just remember hearing people saying RACF can't ddo this or that and * could. My impression of these complaints were at best poor as even the product that claimed to be able to do the requested item was at best iffy and was very prone PTF retrofits and zaps on top of IBM modules. I am not so much as defending RACF (or any of the other products) as saying IBM had not put in SAF entirely every where it needed to go. I guess I would make this statement as far as any security product. If IBM doesn't make the insertion of the SAF call trying to insert any vendors codes is doomed to failue. Ed -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
I'd always heard Social Conversation in a Drunken Stupor. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
On Thu, Oct 14, 2010 at 6:07 AM, Mary Anne Matyaz maryanne4...@gmail.com wrote: I'd always heard Social Conversation in a Drunken Stupor. And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots. But I was also told that the true origin was losts in the mists of time. -- zMan -- I've got a mainframe and I'm not afraid to use it -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: How many CPACFs do I have on z10 EC model E12?
On Wed, 13 Oct 2010 15:26:30 -0700, Phil Smith p...@voltage.com wrote: Yes. CPACF is millicode, and is logically on the die with our old friends LA and MVC and ST (I'm actually guessing that it really IS mostly on the die, and the millicode just enables it, but I don't really know that). ...phsiii Phil: The Central Processor Assist for Cryptographic Function (CPACF) is a coprocessor that uses the DES, TDES, AES-128, AES-256, SHA-1, and SHA-256 ciphers to perform symmetric key encryption and calculate message digests in hardware. DES, TDES, AES-128, and AES-256 are used for symmetric key encryption. SHA-1 and SHA-256 are used for message digests. CPACF also provides a pseudo-random number generator and assist for compression. CPACF is implemented in hardware, not millicode. On every z10/z196 chip there are 4 processor cores and 2 coprocessors which provide CPACF. Each coprocessor is shared between two processor cores. Now as to the original question, how many do you get, it really depends on how a customer's cores are assigned. CPs, zAAPs, zIIPs and IFLs can all have programs using the CPACF provided instructions. I suspect there is a way to find this out, but I don't know what it is. Jim -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: How many CPACFs do I have on z10 EC model E12?
Jim Elliott wrote: The Central Processor Assist for Cryptographic Function (CPACF) is a coprocessor that uses the DES, TDES, AES-128, AES-256, SHA-1, and SHA-256 ciphers to perform symmetric key encryption and calculate message digests in hardware. DES, TDES, AES-128, and AES-256 are used for symmetric key encryption. SHA-1 and SHA-256 are used for message digests. CPACF also provides a pseudo-random number generator and assist for compression. And some even less familiar and spellable functions on z196 (MSA-4, GCM, CMAC, GHASH, XTS). :-) CPACF is implemented in hardware, not millicode. On every z10/z196 chip there are 4 processor cores and 2 coprocessors which provide CPACF. Each coprocessor is shared between two processor cores. OK, but it's *enabled* by millicode, yes? And since Protected Key was added by MES, there must be *some* millicode functionality... Now as to the original question, how many do you get, it really depends on how a customer's cores are assigned. CPs, zAAPs, zIIPs and IFLs can all have programs using the CPACF provided instructions. I suspect there is a way to find this out, but I don't know what it is. Thanks. That confirms my suspicion that zAAPs/zIIPs could actually use CPACF. -- ...phsiii Phil Smith III p...@voltage.com Voltage Security, Inc. www.voltage.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots That's the definition I'd heard, but I don't think anyone really knows what SCIDS stands for. Q: What does SHARE stand for? A: SHARE is not an acronym. It stood for sharing information. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Different versions of PTFs from IBM
There should *never* be two versions of any PTF released outside IBM. If you really got two copies of a PTF that are not exactly the same, this is a problem you should report to the support center. Note that ++ASSIGN statements are not a part of PTFs, even though they are in the same file as the PTFs. Yannig Guiomard wrote: I have some questions about the manner that PTFs are distributed, which I hope someone can clear up for me! Take PTF UA54182, which I received 10166. Obviously, without some action on my part, it will not be re-received again (from a RSU tape or whatever). Today I noticed that it was posted on IBMLINK again, with a changed date of 10/5/10. Curious to see what the change might be, I reordered it and compared it to the version that I have received on 10166. So, this is where I get into trouble! There were several changes (some assign statements added, which is fine) but also it seems that the actual PTF was also modified. So here are my questions: Does IBM usually modify a PTF after it has been released? How do I know if the version that I have is the latest one? Do other people receive all the PTFs on a RSU tape (which apply to your FMIDs, etc), even ones that they have already received? snip -- John Eells z/OS Technical Marketing IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
Share Conference Informal Discussion Groups is the original name. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Bob Shannon Sent: Thursday, October 14, 2010 5:58 AM To: IBM-MAIN@bama.ua.edu Subject: Re: FW: The meaning of SCIDS. And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots That's the definition I'd heard, but I don't think anyone really knows what SCIDS stands for. Q: What does SHARE stand for? A: SHARE is not an acronym. It stood for sharing information. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: The meaning of SCIDS.
On Thu, 14 Oct 2010 06:12:12 -0400 zMan wrote: And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots. Well in that case, I certainly did my bit. Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
-Original Message- From: IBM Mainframe Discussion List On Behalf Of Dave Kopischke [ snip ] As for the original question, I'll quote the OP: His question was why can't mvs use scsi or san dasd, VSE and VM can. That does not look like a price gouging claim to me. I believe he's asking about direct attached support in z/OS for SCSI over Fibre Channel. Google a price for this: SEAGATE ST3500320NS465.76 GiB CDW's website says: This product was discontinued as of Wednesday, July 21, 2010. Call for availability. Their price: $95.99. Our vendor charges us $1200 each for these. We have to use theirs to maintain support. C'est la vie. A similar disparity exists between certain airplane engine accessories and the identical automotive counterparts. The airplane accessories (alternator, IME) are required by regulation (force of law) to have a label affixed, containing the letters FAA PMA and a number. That label multiplies the price of the accessory by (at least) 10. Perhaps your vendor's disk drives have a similar magic label? Not direct attached. Contents of an array behind a VTL appliance. Attached to a mainframe. The disk cost the same no matter what host they're attached to. Not sure if this meets your definition of price gouging nor cheap disk. Probably doesn't matter. Some sellers charge exorbitant prices simply because they can. -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
That sounds quite reasonable. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Tom Harper Sent: Thursday, October 14, 2010 4:41 AM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] FW: The meaning of SCIDS. Share Conference Informal Discussion Groups is the original name. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Bob Shannon Sent: Thursday, October 14, 2010 5:58 AM To: IBM-MAIN@bama.ua.edu Subject: Re: FW: The meaning of SCIDS. And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots That's the definition I'd heard, but I don't think anyone really knows what SCIDS stands for. Q: What does SHARE stand for? A: SHARE is not an acronym. It stood for sharing information. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Using ADDRESS SDSF in OPS/MVS
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Ted MacNEIL Sent: Wednesday, October 13, 2010 5:43 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Using ADDRESS SDSF in OPS/MVS home='' home=environment('HOME') Not as a criticism; rather curiosity. What is the purpose of: home='' ? Paranoid insanity? Truely, I don't remember why I initialized home to ''. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On Thu, 14 Oct 2010 07:11:33 -0500, Chase, John wrote: -Original Message- From: IBM Mainframe Discussion List On Behalf Of Dave Kopischke Google a price for this: SEAGATE ST3500320NS465.76 GiB CDW's website says: This product was discontinued as of Wednesday, July 21, 2010. Call for availability. Their price: $95.99. Our vendor charges us $1200 each for these. We have to use theirs to maintain support. You can get a set of spark plugs for a few dollars. It costs considerably more to take your car in for a tune-up. And if you had a contract to have someone come out and replace them without you being inconvenienced, it would be considerably more. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
-Original Message- From: IBM Mainframe Discussion List On Behalf Of Mary Anne Matyaz I'd always heard Social Conversation in a Drunken Stupor. SHARE Conference Independent Communication Session. :-) -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: EZASOKET returns zero for socket descriptor in SOCKET call.
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of ?? ??? (Nagesh S) Sent: Thursday, October 14, 2010 1:17 AM To: IBM-MAIN@bama.ua.edu Subject: EZASOKET returns zero for socket descriptor in SOCKET call. Hi, For the SOCKET function in the EZASOKET call, I always get zero as the socket descriptor. This happens even when I am doing INITAPI before SOCKET. Although, the manual describes that SOCKET will implicitly make a INITAPI call. Where am I going wrong ? I am doing this in COBOL in batch environment (to be later emulated in CICS as well). Nagesh In the words of Dan Fielding (Night Court - a sitcom from the 1980s) So what's your point?. Zero is a valid socket descriptor. This relates to UNIX file descriptors, which start at 0 and go up. If your program is not a UNIX program, then the first file descriptor likely to be returned is 0. http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/f1a1d470/3.4.9.36.2 -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
I didn't see anyone explicitly mention social engineering. IMO this may be an easier way to get a not-very-technical user's id, but then you are back to how to hack with a normal user TSO account. But if a system guy gave out a password for an reason then, well, you know. What about digging through the trash? Dropping some USB sticks around with interesting programs on them? A few people mentioned some few months back how to get a program authorized from a non-authorized library (or something like that), but nobody gave any details. For sure no script kiddies should ever get in, and if they did they wouldn't know what to do. One thing I didn't see in this thread, was what is the purpose of this hacking. What is to be gained? Sensitive information would be one thing I can think of. Lindy -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On Thu, 14 Oct 2010 06:17:04 +, Ted MacNEIL wrote: And, then what did your comment mean, about my e-mail address? He didn't say anything about your email address. What he wrote, and what you quoted was, Based on your email do you think The question was in regards to the email __message__ that you sent to the list, not the email __address__ that was used to send it. c) A PTA meeting Ad hominem d) A triple latte at the coffee machine Ad hominem. Come on, Ted. Do you have any notion what ad hominem means? Even if he had asked you if the comment was one that you heard at the coffee machine or a PTA meeting it would not be an attack on you. He did not do that though. Why did you take offense when he asked if it was something that you heard as SCIDS? SCIDS is an excellent place for system programmers to share their experiences and learn from others. Rather than answer the question, you cry Ad hominem. In fact, that is a form of ad hominem attack. I'm a SuperHero with neither powers, nor motivation! [Ron Hawkins] Well, I don't agree that you're a superhero. You need to find someone else to debate the level of your other abilities. Of course, that was NOT an attack. That's correct. It is not. For you to claim to be a superhero is absurd. I don't believe it either. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Tom Marchant Sent: Thursday, October 14, 2010 7:58 AM To: IBM-MAIN@bama.ua.edu Subject: Re: When will MVS be able to use cheap dasd snip That's correct. It is not. For you to claim to be a superhero is absurd. I don't believe it either. -- Tom Marchant Not to really been seen to be defending Ted, but I think that sig is meant in jest. Sig lines should never be taken seriously. Except, of course, for the legal one at the end of my posts because they are obviously meant (by our legal dept) to be obeyed under threat of LAW! grin type=crooked/ -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: The meaning of SCIDS.
SHARE Conference Independent Communication Session. :-) That would be SCICS! :-( Date: Thu, 14 Oct 2010 07:42:20 -0500 From: jch...@ussco.com Subject: Re: FW: The meaning of SCIDS. To: IBM-MAIN@bama.ua.edu -Original Message- From: IBM Mainframe Discussion List On Behalf Of Mary Anne Matyaz I'd always heard Social Conversation in a Drunken Stupor. SHARE Conference Independent Communication Session. :-) -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
I think that sig is meant in jest. Of course it is! If people are taking it seriously ... - I'm a SuperHero with neither powers, nor motivation! Kimota! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: The meaning of SCIDS.
On Thu, Oct 14, 2010 at 9:13 AM, J R jayare...@hotmail.com wrote: SHARE Conference Independent Communication Session. :-) That would be SCICS! :-( Yeah, but back then, there was hard liquor at SCIDS, so they spelled it wrong... -- zMan -- I've got a mainframe and I'm not afraid to use it -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On 10/14/2010 3:17 PM, Ted MacNEIL wrote: I think that sig is meant in jest. Of course it is! If people are taking it seriously ... - I'm a SuperHero with neither powers, nor motivation! Kimota! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html Maybe late in this track, but we have cheap DASD , as we have zDASD from StorageTech and DS4300 IBM Raid Array behind. (can emulate ESCON or FICON channels and using the Raid array behind) Till we don't have serious problems it was cheap, but as we got DASD errors in the daily backup jobs, it started to be not so cheap. After some GTF traces StorageTech has fixed this problem, so it it cheap again ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
On Wed, 2010-10-13 at 18:38 -0400, Rick Fochtman wrote: I ALWAYS left the IBMUSER active on the system but the first thing I also did was to change to password to some very obscure value. A *very* long time ago, before a few ibm-mainers were born, there was an early public-access packet switching network named Telenet. You could point your modem at a local phone number, type in the five-or-six digit number of a Telenet subscriber, and be connected to their system wherever it may be. You could stay up all night typing in random subscriber IDs to see what you would get. It didn't take long to discover that the first three digits of a subscriber ID was the telephone area code of the subscriber. That cut down on the search space quite a bit. Area code 212 (New York City) was a target-rich environment! There were a fair number of TSO systems that were Telenet-attached, and some of those had IBMUSER accounts with default or stupid passwords. (That particular complacency wasn't limited to MVS administrators. There were other systems, foreign to me, which permitted easy access.) No, I never stayed long; got the heck OUT of there in fact. Login... holy $#!+... logoff. What were they thinking? -- David Andrews A. Duda and Sons, Inc. david.andr...@duda.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Opcode tables
All, (message cross-posted to other assembler-related lists) I have all but completed the updates of the opcode tables on hlasm.com There's a peculiarity I'd like to discuss here. Various instructions have been introduced over the last couple of years that are a kind of umbrella operation. They take an operand (IBM calls it a function code) that specifies the exact operation (or function) to perform. The ones I have found are: KIMD KLMD KM KMAC KMC KMCTR KMF KMO PCC PCKMO PFPO PLO PTFF PXLO SYSOP For PLO and PTFF these functions have been named and supplied with an appropriate mnemonic. For all the other opcodes, the functions are listed in the Principles of Operation, but no mnemonic has been assigned to those functions. I would, of course, dearly love to have all these function mnemonics defined by IBM and published in the PoP. It would at least resolve the inconsistency between PLO and PTFF on the one hand and the other instructions listed above on the other one. Does anybody know whether or not such mnemonics have been assigned or will be assigned? Since they are not in the PoP, I suspect there might be a member (or maybe even members) in sys1.maclib or sys1.modgen holding equates with appropriate symbolic names. Does anybody know if such a member exists, and if it does, what names it specifies for the various functions? For the sake of completeness: you can find the current (outdated) version of the opcode pages starting at: http://www.hlasm.com/english/opcd00.htm Please be aware that individual instruction descriptions are currently far from complete. Many of them are missing. Kind regards, Abe Kornelis. = -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: EZASOKET returns zero for socket descriptor in SOCKET call.
I have seen the same problem. I ported some Windows socket code to z/OS. The Windows code treated a return of = 0 as an error. However, the documentation states that a return of less than zero indicates an error. Changing it to check for 0 was an easy fix, and the code remained portable back to Windows, as apparently Winsock never returns a zero at all. Return values A nonnegative socket descriptor indicates success. The value -1 indicates an error. Errno identifies the specific error. You should treat the socket number as a magic cookie - its numeric value has no significance, it's only a magic token - just so long as it is not less than zero. Charles From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of McKown, John Sent: Thursday, October 14, 2010 5:52 AM To: IBM-MAIN@bama.ua.edu Subject: Re: EZASOKET returns zero for socket descriptor in SOCKET call. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of ?? ??? (Nagesh S) Sent: Thursday, October 14, 2010 1:17 AM To: IBM-MAIN@bama.ua.edu Subject: EZASOKET returns zero for socket descriptor in SOCKET call. Hi, For the SOCKET function in the EZASOKET call, I always get zero as the socket descriptor. This happens even when I am doing INITAPI -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
For the non-imbibers, I heard Share Conference Informal Discussion Sessions -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Bob Shannon Sent: Thursday, October 14, 2010 5:58 AM To: IBM-MAIN@bama.ua.edu Subject: Re: FW: The meaning of SCIDS. And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots That's the definition I'd heard, but I don't think anyone really knows what SCIDS stands for. Q: What does SHARE stand for? A: SHARE is not an acronym. It stood for sharing information. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Different versions of PTFs from IBM
I am wondering if the old one he has was a pre-release test version? On Thu, Oct 14, 2010 at 6:50 AM, John Eells ee...@us.ibm.com wrote: There should *never* be two versions of any PTF released outside IBM. If you really got two copies of a PTF that are not exactly the same, this is a problem you should report to the support center. Note that ++ASSIGN statements are not a part of PTFs, even though they are in the same file as the PTFs. Yannig Guiomard wrote: I have some questions about the manner that PTFs are distributed, which I hope someone can clear up for me! Take PTF UA54182, which I received 10166. Obviously, without some action on my part, it will not be re-received again (from a RSU tape or whatever). Today I noticed that it was posted on IBMLINK again, with a changed date of 10/5/10. Curious to see what the change might be, I reordered it and compared it to the version that I have received on 10166. So, this is where I get into trouble! There were several changes (some assign statements added, which is fine) but also it seems that the actual PTF was also modified. So here are my questions: Does IBM usually modify a PTF after it has been released? How do I know if the version that I have is the latest one? Do other people receive all the PTFs on a RSU tape (which apply to your FMIDs, etc), even ones that they have already received? snip -- John Eells z/OS Technical Marketing IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
I always thought it was Society for the Consumption of Intoxicating Distilled Solutions Regards Otto Schumacher HP Enterprise Services Infrastructure Specialist Ahold Account CICS Capacity Technical Support P.O. Box 6462 2000 Wade Hampton Blvd. LC1-302 Greenville, South Carolina, 29606 Cell: 864 569--5338 Tel: 864 987-1417 Fax: 864 987-4500 E-mail: otto.schumac...@hp.com -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Pitsanuk, Tim Sent: Thursday, October 14, 2010 9:47 AM To: IBM-MAIN@bama.ua.edu Subject: Re: FW: The meaning of SCIDS. For the non-imbibers, I heard Share Conference Informal Discussion Sessions -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Bob Shannon Sent: Thursday, October 14, 2010 5:58 AM To: IBM-MAIN@bama.ua.edu Subject: Re: FW: The meaning of SCIDS. And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots That's the definition I'd heard, but I don't think anyone really knows what SCIDS stands for. Q: What does SHARE stand for? A: SHARE is not an acronym. It stood for sharing information. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: The meaning of SCIDS.
Social Contact and Informal Discussion Sessions From: J R jayare...@hotmail.com To: IBM-MAIN@bama.ua.edu Date: 10/14/2010 08:14 AM Subject: Re: The meaning of SCIDS. Sent by: IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu SHARE Conference Independent Communication Session. :-) That would be SCICS! :-( Date: Thu, 14 Oct 2010 07:42:20 -0500 From: jch...@ussco.com Subject: Re: FW: The meaning of SCIDS. To: IBM-MAIN@bama.ua.edu -Original Message- From: IBM Mainframe Discussion List On Behalf Of Mary Anne Matyaz I'd always heard Social Conversation in a Drunken Stupor. SHARE Conference Independent Communication Session. :-) -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Connect to Grid via TCP/IP
Good morning listers, We are researching a rather unusual approach to redirect our high-volume VSAM I/O to a Grid server that would act as a real-time cached image of the data. From the little I know, the server will be connected through TCP/IP and once a connection is established all the READ/WRITE/REWRITE/DELETE/etc requests will be SYNCHRONOUSLY sent to the Grid. Questions - has anyone tried this already? If yes, any gotchas? Also, are there any limitations on the number of TCP/IP connections to a given server? Can the same port be reused by multiple requesters [various batch jobs in our case]? If yes, any limits? As always, all your input is greatly appreciated, -Victor- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
At 10/13/2010 10:26 AM, Greg Shirey wrote: I liked this article, and it's fairly recent. (Jan 2010) http://www.mainframezone.com/it-management/mainframe-hacking-fact-or-fiction/P1 Greg I read that article, and it is a good one. Interestingly (to me at least), on the article's third web page, there is an excerpt from a post I made here in 2006. It's nice to know that someone is paying attention. My entire post can be found at: http://bama.ua.edu/cgi-bin/wa?A2=ind0608L=IBM-MAINP=R63457X=147B1F23465267AA41Y=dbcole%40colesoft.com I think the information in that post are highly relevant to the current thread. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Connect to Grid via TCP/IP
A gotcha is the actual network data throughput*. Very likely that it will be unacceptably slow. I would imagine you would have a lot of application programming to do as well as some expensive infrastructure to put in place. At the end of the day, a nice DS8xxx DASD unit would likely cost a lot less. *Not line speed. A gigabit line will not move anywhere near a gigabit of data. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Victor Gil Sent: Thursday, October 14, 2010 9:12 AM To: IBM-MAIN@bama.ua.edu Subject: Connect to Grid via TCP/IP Good morning listers, We are researching a rather unusual approach to redirect our high-volume VSAM I/O to a Grid server that would act as a real-time cached image of the data. From the little I know, the server will be connected through TCP/IP and once a connection is established all the READ/WRITE/REWRITE/DELETE/etc requests will be SYNCHRONOUSLY sent to the Grid. Questions - has anyone tried this already? If yes, any gotchas? Also, are there any limitations on the number of TCP/IP connections to a given server? Can the same port be reused by multiple requesters [various batch jobs in our case]? If yes, any limits? As always, all your input is greatly appreciated, -Victor- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
maryanne4...@gmail.com (Mary Anne Matyaz) writes: I'd always heard Social Conversation in a Drunken Stupor. the definition I was told in the 60s was the Society for Continuous Inebreation During Share back in the days of open bar ... and one of the activities was seeing how many bottles could be slipped into your jacket for when SCIDS was closed. The story I was told at the time was that IBM'ers weren't allowed to include alcohol in travel expenses ... so it was bundled as part of SHARE registration. The other activity was thursday night (actually very early friday am), after scids was closed ... the unconsumed beverage was taken to the SHARE president's suite ... and one of the activities was helping limit the amount that had to be dealt with. -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Connect to Grid via TCP/IP
Performance? I have no idea. Hope you have a 10GBe network infrastructure. A port can be in use for many concurrent sessions. Remember that only one session can be sending data at a time, per OSA. How many concurrent sessions? I'm fairly sure that the theoritical limit is 64K sockets. For z/OS batch jobs, look at the MAXFILEPROC in the OMVS segment for the RACF ids for the batch job. One session requires (generally) one socket. Some software (such as SSH in master control mode) can multiplex multiple sessions over a single socket. Of course, this single threads tranmission over those connections. But in any case, all TCPIP communications are (in a sense) single threaded unless they come in over separate OSAs. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Victor Gil Sent: Thursday, October 14, 2010 9:12 AM To: IBM-MAIN@bama.ua.edu Subject: Connect to Grid via TCP/IP Good morning listers, We are researching a rather unusual approach to redirect our high-volume VSAM I/O to a Grid server that would act as a real-time cached image of the data. From the little I know, the server will be connected through TCP/IP and once a connection is established all the READ/WRITE/REWRITE/DELETE/etc requests will be SYNCHRONOUSLY sent to the Grid. Questions - has anyone tried this already? If yes, any gotchas? Also, are there any limitations on the number of TCP/IP connections to a given server? Can the same port be reused by multiple requesters [various batch jobs in our case]? If yes, any limits? As always, all your input is greatly appreciated, -Victor- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On Thu, Oct 14, 2010 at 8:11 AM, McKown, John john.mck...@healthmarkets.com wrote: -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Tom Marchant Sent: Thursday, October 14, 2010 7:58 AM To: IBM-MAIN@bama.ua.edu Subject: Re: When will MVS be able to use cheap dasd snip That's correct. It is not. For you to claim to be a superhero is absurd. I don't believe it either. -- Tom Marchant Not to really been seen to be defending Ted, but I think that sig is meant in jest. Sig lines should never be taken seriously. Except, of course, for the legal one at the end of my posts because they are obviously meant (by our legal dept) to be obeyed under threat of LAW! grin type=crooked/ -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM Notice: This email has been sent to a publicly accessable email list with a web archive. Attempts to get the email deleted from all the recipients computers would be highly unlikely. Deleting the email from the archive could be done by the moderators per authors reasonalble request or for censorship reasons such as very off topic, personal attacks, breach of non-disclosure agreements, bypassing copyrights, etc. Your employer could discipline you up to firing you for personall attack emails or simple misuse of resources. So if you aren't posting here as part of your job, you might want to use a non-employer email, like yahoo.com or gmail.com. Then anything you say is your persoanl opinion and you are not exposing your company to any complains we might have, or liability for mis-statement.s. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mike Schwab Sent: Thursday, October 14, 2010 9:29 AM To: IBM-MAIN@bama.ua.edu Subject: Re: When will MVS be able to use cheap dasd snip Notice: This email has been sent to a publicly accessable email list with a web archive. Attempts to get the email deleted from all the recipients computers would be highly unlikely. Deleting the email from the archive could be done by the moderators per authors reasonalble request or for censorship reasons such as very off topic, personal attacks, breach of non-disclosure agreements, bypassing copyrights, etc. Your employer could discipline you up to firing you for personall attack emails or simple misuse of resources. So if you aren't posting here as part of your job, you might want to use a non-employer email, like yahoo.com or gmail.com. Then anything you say is your persoanl opinion and you are not exposing your company to any complains we might have, or liability for mis-statement.s. -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? I do have permission from my manager to post via my work account. But you have a very good point. I just got a new gmail account for my personal smartphone. Perhaps I should resign this email and go with that one instead. Thanks for the thought! To answer your sig's question: I'd guess NYC, LA, or Tokyo. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On Thu, Oct 14, 2010 at 9:46 AM, McKown, John john.mck...@healthmarkets.com wrote: deleted -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? I do have permission from my manager to post via my work account. But you have a very good point. I just got a new gmail account for my personal smartphone. Perhaps I should resign this email and go with that one instead. Thanks for the thought! To answer your sig's question: I'd guess NYC, LA, or Tokyo. I would like to think repelling up the local skyscraper. Assisted by an electric winch. Attached by a steel cable and a device called an elevator cage. -- John McKown Systems Engineer IV IT -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
Is this hypothetical forest ranger rappelling up the skyscraper or being repelled up the skyscraper by the pressure of the human throngs down on the street? Probably both. Oh, well. It's almost Friday again. :-) Bill Fairchild Rocket Software -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mike Schwab Sent: Thursday, October 14, 2010 9:54 AM To: IBM-MAIN@bama.ua.edu Subject: Re: When will MVS be able to use cheap dasd Where do Forest Rangers go to get away from it all? To answer your sig's question: I'd guess NYC, LA, or Tokyo. I would like to think repelling up the local skyscraper. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Different versions of PTFs from IBM
None such should ever escape IBM. Externally, it is allowed to have multiple ++APAR fixes, but one and only one ++PTF with a given PTF number. Although I can't assert it has never happened, I have personally never heard of two versions of a PTF ever being shipped to a customer. Mike Schwab wrote: I am wondering if the old one he has was a pre-release test version? On Thu, Oct 14, 2010 at 6:50 AM, John Eellsee...@us.ibm.com wrote: There should *never* be two versions of any PTF released outside IBM. If you really got two copies of a PTF that are not exactly the same, this is a problem you should report to the support center. Note that ++ASSIGN statements are not a part of PTFs, even though they are in the same file as the PTFs. snip -- John Eells z/OS Technical Marketing IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd - 24/7 DASD on PCs
At 10/8/2010 03:35 PM, Rick Fochtman wrote: -unsnip- My 2 cents worth: the cheap DASD doesn't live up to the reliability standards that IBM demands for z/OS. Stop and think, really hard, about the demands on z/OS DASD storage, as opposed to the standards you enjoy with your PC DASD. How many of your PC's stay up, with DASD spinning, on a 24/7 basis, for several years without problems? Rick FWIW: We've run around 10 PCs 24/7... for years! One for a decade! The hard drives do just fine... Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Different versions of PTFs from IBM
On Thu, 14 Oct 2010 07:50:58 -0400, John Eells ee...@us.ibm.com wrote: There should *never* be two versions of any PTF released outside IBM. Yannig Guiomard wrote: I have some questions about the manner that PTFs are distributed, which I hope someone can clear up for me! Take PTF UA54182, which I received 10166. Obviously, without some action on my part, it will not be re-received again (from a RSU tape or whatever). Today I noticed that it was posted on IBMLINK again, with a changed date of 10/5/10. Curious to see what the change might be, I reordered it and compared it to the version that I have received on 10166. So, this is where I get into trouble! There were several changes (some assign statements added, which is fine) but also it seems that the actual PTF was also modified. So here are my questions: Does IBM usually modify a PTF after it has been released? How do I know if the version that I have is the latest one? Do other people receive all the PTFs on a RSU tape (which apply to your FMIDs, etc), even ones that they have already received? I was curious about this and it so happened the I had received UA54182 on 10166 also. I save the ptf and rejected it and re-ordered. They compare exactly the same as everyone would have expected. To compare I ran GIMCPTS and saved the ptf in a dataset for both ptfs. Then ran a compare. What makes you think they are different ? Doug -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
re: http://www.garlic.com/~lynn/2010n.html#62 When will MVS be able to use cheap dasd http://www.garlic.com/~lynn/2010n.html#65 When will MVS be able to use cheap dasd post from similar thread in this n.g. from 2007 http://www.garlic.com/~lynn/2007h.html#13 Question on DASD Hardware with references to commodity disk having MTBF in the million-plus hrs and google's (then) recently published study: Failure Trends in a Large Disk Drive Population (invluving more than 100,000 drives). there was similar but different study from the period that Google's computing infrastructure was about 1/3rd of the cost (including doing their own assembly, management, maintenance) compared to ordering from brand name vendor ... by carefully studying which components to buy in quantity and puttting them together themselves. -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
What would constitute a root kit for MVS? Perhaps an SVC with some hidden functionality? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of David Cole Sent: Thursday, October 14, 2010 5:08 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? I read that article, and it is a good one. Interestingly (to me at least), on the article's third web page, there is an excerpt from a post I made here in 2006. It's nice to know that someone is paying attention. My entire post can be found at: http://bama.ua.edu/cgi-bin/wa?A2=ind0608L=IBM-MAINP=R63457X=147B1F23465267AA41Y=dbcole%40colesoft.com I think the information in that post are highly relevant to the current thread. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Using ADDRESS SDSF in OPS/MVS
I don't know why the home='' code. I didn't code that part. I also tried the Isfjesname = 'JES2' with the same RC=-3 results. This is all the code that I need to reproduce the error Calling it this way works tso exec (sdsf1) exec Executing OPS/REXX with !OI , gives RC(-3) ZADDRBU.EXEC(SDSF1) * Top of Data ** /* */ ADDRESS 'TSO' RC=ISFCALLS('ON') ISFCOLS = 'JNAME JOBID OWNERID' ISFJESNAME = 'JES2' ISFPREFIX = 'ZADDRBU'/*PREFIX*/ ADDRESS SDSF ISFEXEC ST /*ACCESS THE ST PANEL*/ IF RC0 THEN EXIT RC thanks for the efforts. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Ted MacNEIL Sent: Wednesday, October 13, 2010 5:43 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Using ADDRESS SDSF in OPS/MVS home='' home=environment('HOME') Not as a criticism; rather curiosity. What is the purpose of: home='' ? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
-Some code that is executing in an authorized state - Supervisor state - PSW key 0-7 - Ability to issue MODESET SVC (APF authorized) -This code would have one of the following flaws: - Store into requester provided storage address while in an authorized state (usually means running in a system psw key (0-7)) - Branch to a requester provided storage address - Returning control to the requester in an authorized state SVCs, PC routines, and system exits all would have this potential. On 10/14/2010 10:43 AM, Lindy Mayfield wrote: What would constitute a root kit for MVS? Perhaps an SVC with some hidden functionality? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of David Cole Sent: Thursday, October 14, 2010 5:08 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? I read that article, and it is a good one. Interestingly (to me at least), on the article's third web page, there is an excerpt from a post I made here in 2006. It's nice to know that someone is paying attention. My entire post can be found at: http://bama.ua.edu/cgi-bin/wa?A2=ind0608L=IBM-MAINP=R63457X=147B1F23465267AA41Y=dbcole%40colesoft.com I think the information in that post are highly relevant to the current thread. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
d...@lists.duda.com (David Andrews) writes: You could stay up all night typing in random subscriber IDs to see what you would get. It didn't take long to discover that the first three digits of a subscriber ID was the telephone area code of the subscriber. That cut down on the search space quite a bit. Area code 212 (New York City) was a target-rich environment! re: http://www.garlic.com/~lynn/2010n.html#73 Mainframe hacking in 90s and there were summaries of wardialing ... dialing every number in an area code/region ... looking for modems ... and then taking signatures of the modems the connected systems (some areas had 3% of numbers with some sort of modem connection). in the late 90s, with the PDD-63 http://en.wikipedia.org/wiki/Critical_Infrastructure_Protection there was some amount spent in the financial industry meetings (in the white house annex) about Y2K remediation ... but a really hot topic was the ISACs (information sharing database of vulnerabilities and exploits) ... which had bunch of stuff ... a lot with mainframe dataprocessing ... since a lot of financial industry is mainframe based. Of major concern (and a lot of discussion) was constructing the ISAC in such a way that it wouldn't be subject to FOIA http://en.wikipedia.org/wiki/Freedom_of_Information_Act_%28United_States%29 Financial ISAC website http://www.fsisac.com/ launced in 1999 http://www.fsisac.com/faq/ since 9/11 ... public facing tends to be much more about terrorists I was tangentially involved with the (original) cal. data breach notification act ... having been brought in to help wordsmith the electronic signature legislation. Several of the participants were heavily involved with consumer privacy issues and had done detailed, indepth surveys and found that the NO.1 issue was identity theft, namely the accound fraud form where cardholder details from data breach was being used by criminals for fraudulent financial transactions. The issue at the time was that little or nothing appeared to being done about the problem (not even being publicized) ... so they seemed to think that the publicity from databreach notifications might motivate the institutions to provide corrective actions and countermeasures. A major issue was that institutions will put in place security measures to counteract bad things (risks) happending to the institutions. The problem with the account fraud scenario ... is that typically the fraudulent financial transactions were against consumer accounts ... not against the institution ... and therefor the institutions had nothing at risk and therefor little motivation to provide security. -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
I would think it means code that front-ends one of the First Level Interrupt Handlers, rather like the one that CA was using in 1996 (are they still using it?) to front-end program interrupts so that various CA products could easily become authorized by merely executing a particular invalid operation code. Doing this in the program FLIH made disassembling their code a little tricky, because the program new interrupt routine runs with DAT off, so it was not a no-brainer to find and display their code in storage. Bill Fairchild Rocket Software -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Lindy Mayfield Sent: Thursday, October 14, 2010 10:44 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? What would constitute a root kit for MVS? Perhaps an SVC with some hidden functionality? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of David Cole Sent: Thursday, October 14, 2010 5:08 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? I read that article, and it is a good one. Interestingly (to me at least), on the article's third web page, there is an excerpt from a post I made here in 2006. It's nice to know that someone is paying attention. My entire post can be found at: http://bama.ua.edu/cgi-bin/wa?A2=ind0608L=IBM-MAINP=R63457X=147B1F23465267AA41Y=dbcole%40colesoft.com I think the information in that post are highly relevant to the current thread. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: The meaning of SCIDS.
-Original Message- From: IBM Mainframe Discussion List On Behalf Of J R SHARE Conference Independent Communication Session. :-) That would be SCICS! :-( Oops! Showing my subsystem bias. :-) C /Communication/Discussion/ -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
VTS NL Tapes
We have several tapes that are not initialized and when the job executes it abends trying to use these tapes. I thought CA-1 was suppose to automatically init the tapes but that is not happening. I am trying to init the tapes using IEHINIT, the problem is these tapes are in a different library and the init job wants the tapes in its own library. I have all the ca-1 tape processing options set to yes (label change, density change, TRTCH change). When this was installed 5+ years somehow the contractor we brought in was able to add a nonexistence tape to the VOLCAT and we used that tape # as input to the INIT job. I tried to add another nonexistence tape pointing to the other library but the job doesn't allow that anymore. We are z/os v1r11. Any help would be appreciated. Thank You *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Using ADDRESS SDSF in OPS/MVS
Richard, Have you opened a case with CA OPS/MVS? I find they are very helpful with these kinds of questions. Lizette -Original Message- From: Burge, Richard richard.bu...@aig.com Sent: Oct 14, 2010 11:51 AM To: IBM-MAIN@bama.ua.edu Subject: Using ADDRESS SDSF in OPS/MVS I don't know why the home='' code. I didn't code that part. I also tried the Isfjesname = 'JES2' with the same RC=-3 results. This is all the code that I need to reproduce the error Calling it this way works tso exec (sdsf1) exec Executing OPS/REXX with !OI , gives RC(-3) ZADDRBU.EXEC(SDSF1) * Top of Data ** /* */ ADDRESS 'TSO' RC=ISFCALLS('ON') ISFCOLS = 'JNAME JOBID OWNERID' ISFJESNAME = 'JES2' ISFPREFIX = 'ZADDRBU'/*PREFIX*/ ADDRESS SDSF ISFEXEC ST /*ACCESS THE ST PANEL*/ IF RC0 THEN EXIT RC thanks for the efforts. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Ted MacNEIL Sent: Wednesday, October 13, 2010 5:43 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Using ADDRESS SDSF in OPS/MVS home='' home=environment('HOME') Not as a criticism; rather curiosity. What is the purpose of: home='' ? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
Some of this sounds like the magic svcs that I've seen people use for testing. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Ray Overby Sent: Thursday, October 14, 2010 6:54 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? -Some code that is executing in an authorized state - Supervisor state - PSW key 0-7 - Ability to issue MODESET SVC (APF authorized) -This code would have one of the following flaws: - Store into requester provided storage address while in an authorized state (usually means running in a system psw key (0-7)) - Branch to a requester provided storage address - Returning control to the requester in an authorized state SVCs, PC routines, and system exits all would have this potential. On 10/14/2010 10:43 AM, Lindy Mayfield wrote: What would constitute a root kit for MVS? Perhaps an SVC with some hidden functionality? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of David Cole Sent: Thursday, October 14, 2010 5:08 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? I read that article, and it is a good one. Interestingly (to me at least), on the article's third web page, there is an excerpt from a post I made here in 2006. It's nice to know that someone is paying attention. My entire post can be found at: http://bama.ua.edu/cgi-bin/wa?A2=ind0608L=IBM-MAINP=R63457X=147B1F2 3465267AA41Y=dbcole%40colesoft.com I think the information in that post are highly relevant to the current thread. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
The returning in an authorized state ones are exactly that. The others are typically the result of poor coding and/or design. On 10/14/2010 11:43 AM, Lindy Mayfield wrote: Some of this sounds like the magic svcs that I've seen people use for testing. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Ray Overby Sent: Thursday, October 14, 2010 6:54 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? -Some code that is executing in an authorized state - Supervisor state - PSW key 0-7 - Ability to issue MODESET SVC (APF authorized) -This code would have one of the following flaws: - Store into requester provided storage address while in an authorized state (usually means running in a system psw key (0-7)) - Branch to a requester provided storage address - Returning control to the requester in an authorized state SVCs, PC routines, and system exits all would have this potential. On 10/14/2010 10:43 AM, Lindy Mayfield wrote: What would constitute a root kit for MVS? Perhaps an SVC with some hidden functionality? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of David Cole Sent: Thursday, October 14, 2010 5:08 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? I read that article, and it is a good one. Interestingly (to me at least), on the article's third web page, there is an excerpt from a post I made here in 2006. It's nice to know that someone is paying attention. My entire post can be found at: http://bama.ua.edu/cgi-bin/wa?A2=ind0608L=IBM-MAINP=R63457X=147B1F2 3465267AA41Y=dbcole%40colesoft.com I think the information in that post are highly relevant to the current thread. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
Yes Ed, these sites all had RACF installed and yes, it still required the VTOC data set is RACF protected bit to be flipped for the data set protection call to even be made. The needed resource manager calls became more apparent as the resources which were being protected grew. The ACF2 protectall vs RACF protectnone philosophy soon became the guiding light to making RACF actually usable as a security system by also implementing protectall. However APF authorization still allows the keys to the kingdom with no trace for the clever programmer. And vendor PC calls are now the new point of entry for system penetration attempts since they have all but replaced most of the user written SVC's. The landscape changes but the dirt is still the same. The new hacker's lament might be so many entry points to choose from and so little time to play. Vigilance and automation in security checking are the keys to catching the silly things but the clever programmer still must have the integrity and character to NOT do what they have both the ability and opportunity to do. Quis custodiet ipsos custodes -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
... oh, and the software company (front for criminal organization) apparently was selected on the basis of being the low bidder. -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
At 10/14/2010 12:24 PM, Chris Craddock wrote: (as Bob knows) it is impossible to create/install a malicious FLIH or SVC or PC without already having the keys to the kingdom anyway. That is the foundation of integrity and the reason why the installation has to appropriately protect system datasets and APF libraries. Well that's just the problem, Chris, isn't it... The keys to the kingdom really are not well guarded. That's what my 2006 post was all about. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
The whole point, I think, is to get it by the system's guys. Not sure how to do that. So much easier on Windows. Still there are coming more and more freeware MVS utilities, like showmvs. (It can run authorized I think, yes?) I don't think that it is that carefully audited, somebody could slip something into there. Or some ported tool like TSOCMD. It would be very unlikely that something like that would get by you guys, but good sysprogs are getting fewer and fewer, and, as an inside job perhaps, someone may easily trick an admin into installing some useful utility that has been compromised. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of David Cole Sent: Thursday, October 14, 2010 7:27 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? At 10/14/2010 12:24 PM, Chris Craddock wrote: (as Bob knows) it is impossible to create/install a malicious FLIH or SVC or PC without already having the keys to the kingdom anyway. That is the foundation of integrity and the reason why the installation has to appropriately protect system datasets and APF libraries. Well that's just the problem, Chris, isn't it... The keys to the kingdom really are not well guarded. That's what my 2006 post was all about. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
p...@voltage.com (Phil Smith) writes: Long ago and far away, a friend was looking at the VSE microfiche and found an undocumented SVC that stored the top half of a register value in the address contained in the bottom half of the register. He promptly wrote a program that used that SVC to gain control of the system. (He was working at IBM, so this was an internal thing.) re: http://www.garlic.com/~lynn/2010n.html#73 Mainframe hacking? http://www.garlic.com/~lynn/2010n.html#76 Mainframe hacking? at the end of last century there is infamous case of large financial institution (with large number of ATM machines) outsourcing the Y2K remediation of their backend financial transaction processing system to a software company ... which they found out much later was a front for a criminal organization (eventually tripping across some very peculiar pieces of code that would do some stealthy transactions, that could be triggered by very specific combination of entries from ATM machine). oh, and pieces of relative recent linkedin mainframe discussion http://www.garlic.com/~lynn/2010l.html#28 Mainframe Hacking -- Fact or Fiction http://www.garlic.com/~lynn/2010l.html#37 Mainframe Hacking -- Fact or Fiction http://www.garlic.com/~lynn/2010l.html#51 Mainframe Hacking -- Fact or Fiction http://www.garlic.com/~lynn/2010l.html#55 Mainframe Hacking -- Fact or Fiction -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: VTS NL Tapes
Thanks for the information - I forgot about the OLDTAPE option. I updated the unit to point to the other library and that job worked. Thanks again. -Original Message- From: Campbell Jay [mailto:james.l.campb...@irs.gov] Sent: Thursday, October 14, 2010 11:16 AM To: Mark Steely Subject: FW: VTS NL Tapes //STEP1EXEC PGM=TMSTPNIT //SYSPRINT DD SYSOUT=* //LABELDD DD UNIT=(IBMATL6,,DEFER) ,EXPDT=98000 //SYSINDD * OLDTAPE SER=Y36088,LABTYPE=SL ??? Jay Campbell IBM OS Support Section -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Mark Steely Sent: Thursday, October 14, 2010 12:08 PM To: IBM-MAIN@bama.ua.edu Subject: VTS NL Tapes We have several tapes that are not initialized and when the job executes it abends trying to use these tapes. I thought CA-1 was suppose to automatically init the tapes but that is not happening. I am trying to init the tapes using IEHINIT, the problem is these tapes are in a different library and the init job wants the tapes in its own library. I have all the ca-1 tape processing options set to yes (label change, density change, TRTCH change). When this was installed 5+ years somehow the contractor we brought in was able to add a nonexistence tape to the VOLCAT and we used that tape # as input to the INIT job. I tried to add another nonexistence tape pointing to the other library but the job doesn't allow that anymore. We are z/os v1r11. Any help would be appreciated. Thank You *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
On Thu, Oct 14, 2010 at 11:13 AM, Bob Shannon bshan...@rocketsoftware.comwrote: I would think it means code that front-ends one of the First Level Interrupt Handlers That's how Amdahl implemented SE and SP assist years ago. I think IBM did it to implement the IEEE floating point instructions so that they would work on processors that lacked the hardware. Of course these were not malicious implementations. (as Bob knows) it is impossible to create/install a malicious FLIH or SVC or PC without already having the keys to the kingdom anyway. That is the foundation of integrity and the reason why the installation has to appropriately protect system datasets and APF libraries. -- This email might be from the artist formerly known as CC (or not) You be the judge. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
Lindy Mayfield wrote: What would constitute a root kit for MVS? Perhaps an SVC with some hidden functionality? Long ago and far away, a friend was looking at the VSE microfiche and found an undocumented SVC that stored the top half of a register value in the address contained in the bottom half of the register. He promptly wrote a program that used that SVC to gain control of the system. (He was working at IBM, so this was an internal thing.) -- ...phsiii Phil Smith III p...@voltage.com Voltage Security, Inc. www.voltage.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
I would think it means code that front-ends one of the First Level Interrupt Handlers That's how Amdahl implemented SE and SP assist years ago. I think IBM did it to implement the IEEE floating point instructions so that they would work on processors that lacked the hardware. Of course these were not malicious implementations. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
hi, if you are interested in details on this concern refer to http://www.fedtke.com/download.htm - select english - select the IT SECURITY FORUM best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
-The sad news is that integrity exposures exist today in every z/OS system. There is no need to install anything other than what you already have installed. -These integrity exposures have already gotten past the system's guys. - Current systems programmers (in general) do not have the expertise required to identify these problems. There are exceptions of course. :-) -Yes, installing shareware code can lead to introducing integrity exposures if you are not careful. On 10/14/2010 12:24 PM, Lindy Mayfield wrote: The whole point, I think, is to get it by the system's guys. Not sure how to do that. So much easier on Windows. Still there are coming more and more freeware MVS utilities, like showmvs. (It can run authorized I think, yes?) I don't think that it is that carefully audited, somebody could slip something into there. Or some ported tool like TSOCMD. It would be very unlikely that something like that would get by you guys, but good sysprogs are getting fewer and fewer, and, as an inside job perhaps, someone may easily trick an admin into installing some useful utility that has been compromised. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of David Cole Sent: Thursday, October 14, 2010 7:27 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? At 10/14/2010 12:24 PM, Chris Craddock wrote: (as Bob knows) it is impossible to create/install a malicious FLIH or SVC or PC without already having the keys to the kingdom anyway. That is the foundation of integrity and the reason why the installation has to appropriately protect system datasets and APF libraries. Well that's just the problem, Chris, isn't it... The keys to the kingdom really are not well guarded. That's what my 2006 post was all about. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
On 14 Oct 2010 05:56:48 -0700, in bit.listserv.ibm-main you wrote: I didn't see anyone explicitly mention social engineering. IMO this may be an easier way to get a not-very-technical user's id, but then you are back to how to hack with a normal user TSO account. But if a system guy gave out a password for an reason then, well, you know. What about digging through the trash? Dropping some USB sticks around with interesting programs on them? A few people mentioned some few months back how to get a program authorized from a non-authorized library (or something like that), but nobody gave any details. For sure no script kiddies should ever get in, and if they did they wouldn't know what to do. Someone who understands WebSphere/Eclipse/etc. might be able to get information they shouldn't. What vulnerabilities are set up by use of ziip and zap? My vague understanding is that use of either involves running in SRB mode but I admit I am out of my depth. One thing I didn't see in this thread, was what is the purpose of this hacking. What is to be gained? Sensitive information would be one thing I can think of. Think like a criminal out to make money. Then think banks, on-line order sites, etc. Lindy Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
Ricc, Yes, APF authorization still allows the keys to the kingdom. That is why installations are expected to severely limit update access to APF authorized load libraries, the SETPROG MVS command, all datasets in the PARMLIB concatenation and all libraries defined as system level PROCLIBS. If a general user has write auth to an APF authorized dataset, your system, by definition, is unsecure. That is why IBM and ISV's provide integrity statements and take seriously all reports of integrity holes. This is also why IBM refuses to provide any sort of details on integrity APAR's, so that shops without the appropriate PTF's applied are less likely to be compromised. === Wayne Driscoll OMEGAMON DB2 L3 Support/Development wdrisco(AT)us.ibm.com === From: Ricc Harding ricc.hard...@gmail.com To: IBM-MAIN@bama.ua.edu Date: 10/14/2010 12:10 PM Subject: Re: Mainframe hacking? Sent by: IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu Yes Ed, these sites all had RACF installed and yes, it still required the VTOC data set is RACF protected bit to be flipped for the data set protection call to even be made. The needed resource manager calls became more apparent as the resources which were being protected grew. The ACF2 protectall vs RACF protectnone philosophy soon became the guiding light to making RACF actually usable as a security system by also implementing protectall. However APF authorization still allows the keys to the kingdom with no trace for the clever programmer. And vendor PC calls are now the new point of entry for system penetration attempts since they have all but replaced most of the user written SVC's. The landscape changes but the dirt is still the same. The new hacker's lament might be so many entry points to choose from and so little time to play. Vigilance and automation in security checking are the keys to catching the silly things but the clever programmer still must have the integrity and character to NOT do what they have both the ability and opportunity to do. Quis custodiet ipsos custodes -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Lindy Mayfield Sent: Thursday, October 14, 2010 12:25 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? The whole point, I think, is to get it by the system's guys. Not sure how to do that. So much easier on Windows. Still there are coming more and more freeware MVS utilities, like showmvs. (It can run authorized I think, yes?) I don't think that it is that carefully audited, somebody could slip something into there. Or some ported tool like TSOCMD. It would be very unlikely that something like that would get by you guys, but good sysprogs are getting fewer and fewer, and, as an inside job perhaps, someone may easily trick an admin into installing some useful utility that has been compromised. And much easier in the UNIX environment where there is even more ignorance about why to not do: exattr +ap -F BIN myEvilProgram which could be hidden in the installation script. Or even in the compiled program where it couldn't be seen. And installed with SMP/E when running with SUPERUSER authority. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
On 14 Oct 2010 07:24:01 -0700, in bit.listserv.ibm-main you wrote: At 10/13/2010 10:26 AM, Greg Shirey wrote: I liked this article, and it's fairly recent. (Jan 2010) http://www.mainframezone.com/it-management/mainframe-hacking-fact-or-fiction/P1 Greg I read that article, and it is a good one. Interestingly (to me at least), on the article's third web page, there is an excerpt from a post I made here in 2006. It's nice to know that someone is paying attention. My entire post can be found at: http://bama.ua.edu/cgi-bin/wa?A2=ind0608L=IBM-MAINP=R63457X=147B1F23465267AA41Y=dbcole%40colesoft.com I think the information in that post are highly relevant to the current thread. For example, why do IDCAMS and IEBCOPY have to be authorized? The IEBCOPY replacement doesn't have to be authorized. Would it be worthwhile for both vendors and users to see what they can do to reduce the amount of code that has to be authorized? Clark Morris Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow RoadVOICE:540-456-8536 Afton, VA 22920FAX: 540-456-6658 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
STIMER(M) EXIT= question
Hello: Suppose you code something like this: STIMER(M) SET BINTVL=1 second, EXIT=exitaddress,WAIT=NO So the application program continues to run, and then 1 second later the timer interrupt happens. The ASM MACROS documentation says the exitaddress routine will get control at some point after the timer interrupt happens. My question is this: What if your application program that is running has just issued an SVC 99 or SVC 55 when the timer interrupt occurs? Can the exitaddress routine get control while the internal IBM SVC code is running, or will the exitaddress routine get control once the the internal IBM SVC code has returned control back to the NSI after the SVC instruction? My question actually could be extended to any IBM service--will the exitaddress routine get control while in the midst of the service program, or wait until control returns to application program? Thank you for any insight you can provide. Paul -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: STIMER(M) EXIT= question
Paul, Here is the answer: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/IEA2A8B0/22.1.5?SHELF=iea2bkb0DT=20100629141054 Basically, it states that if the TCB is waiting, it is given control immediately. Otherwise, any interrupt, such as a page fault, may allow it to begin execution. So the answer to your question is yes: it can get control while another SVC is executing. Tom Harper IMS Utilities Development Team Neon Enterprise Software Sugar Land, TX -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Paul Schuster Sent: Thursday, October 14, 2010 1:05 PM To: IBM-MAIN@bama.ua.edu Subject: STIMER(M) EXIT= question Hello: Suppose you code something like this: STIMER(M) SET BINTVL=1 second, EXIT=exitaddress,WAIT=NO So the application program continues to run, and then 1 second later the timer interrupt happens. The ASM MACROS documentation says the exitaddress routine will get control at some point after the timer interrupt happens. My question is this: What if your application program that is running has just issued an SVC 99 or SVC 55 when the timer interrupt occurs? Can the exitaddress routine get control while the internal IBM SVC code is running, or will the exitaddress routine get control once the the internal IBM SVC code has returned control back to the NSI after the SVC instruction? My question actually could be extended to any IBM service--will the exitaddress routine get control while in the midst of the service program, or wait until control returns to application program? Thank you for any insight you can provide. Paul -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On Wed, 13 Oct 2010 21:21:16 -0700, Ron Hawkins wrote: I really struggle with the fact that you think that the cost of goods for a disk drive assembly includes the disk drive and nothing else. Would you argue with David Bowie or Amazon about the price you pay for a CD that you can buy at Fry's for 20 cents. They're making 5400% mark-up on the cost of materials. Surely the jewel-case isn't worth $5-10. I don't recall stating what I believe. I fully understand there has to be markup. I believe I've also stated that I don't know how much it should be. I don't know what's reasonable. I've just related the revelation of discovering what retail is on the commodity compared to what we're being charged by the vendor. If it were for my own personal use, I'd find another vendor. This is for an enterprise storage solution. I don't have enough information to make a valid comparison there. And yes, I would argue that charging more than 20 cents for a David Bowie CD is price gouging, but do we really want to go there Perhaps you would be happier with a service model where you get charged per minute every time you call the Salesman, SE or CE, and the salesman charges you for a quote if you buy storage from another vendor. Back before the EMC/HDS price war in 2000 the mark-up on cost of goods - what we pay for the hardware - was quite high, but I think you would be horrified to know what it dropped to by 2001. It was certainly never 500%. Only Mainframes CPUs have that sort of markup. I agree the way you state the price differential makes for pervasive argument, but by excluding even basic costs like shipping and installation I feel that it is a tad misleading. No, I wouldn't. This is what it is. When we negotiate for these solutions, we get the best price we can get for both hardware and support at the time. When we go shopping for an upgrade or replacement, we use past experiences, desired capabilities and industry research to guide our decisions. I absolutely understand your point(s). You have to be able to recover your costs, fund future projects and earn a profit. What markup does that require ??? I have no idea. My only point in joining this discussion was to share the fact that it is now easier to make a comparison (or judgement, if you prefer) since they're loading these arrays with commodity disk. I believe it was you who floated the idea that disk prices don't change between host platform. This really doesn't address that observation, but it does point out disk prices do fluctuate. Maybe not by host, but certainly by the cabinet you plug them in to. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On Thu, 14 Oct 2010 07:11:33 -0500, Chase, John wrote: SEAGATE ST3500320NS465.76 GiB CDW's website says: This product was discontinued as of Wednesday, July 21, 2010. Call for availability. Their price: $95.99. Now what are we going to do ?!?!?!?!?! ;) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Why some programs are authorized Was: Mainframe hacking?
This has been a curiosity of mine of late. Why are on some systems, for example DELETE and LISTCAT authorized in IKJTSOxx? And some systems they aren't? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Clark Morris Sent: Thursday, October 14, 2010 8:57 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? For example, why do IDCAMS and IEBCOPY have to be authorized? The IEBCOPY replacement doesn't have to be authorized. Would it be worthwhile for both vendors and users to see what they can do to reduce the amount of code that has to be authorized? Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
New Z10 install [was Re: ... cheap dasd]
We are planning to install new z10s into two data centers that do not currently have mainframes. I'm not sure if we are planning to have standalone tape drives (we will have vtls). What is the process to install z/os 1.12 in this scenario? I was hoping we could load some kind of starter system from the HMC and use that to install the serverpac (or is it custompac?) from shopzseries. Greg Smith -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Why some programs are authorized Was: Mainframe hacking?
On Thu, 14 Oct 2010 20:43:31 +0200, Lindy Mayfield lindy.mayfi...@ssf.sas.com wrote: This has been a curiosity of mine of late. Why are on some systems, for example DELETE and LISTCAT authorized in IKJTSOxx? And some systems they aren't? I don't know the answer to LISTCAT. For DELETE, some operations that DELETE performs require APF-authorization, but most do not. IBM has never (as far as I know) shipped the default IKJTSOxx with DELETE in it, so it's probably only in IKJTSOxx on those systems where the users make use of those authorized functions of DELETE from TSO. If you need those functions, and do not have DELETE in IKJTSOxx, then you would have to run IDCAMS in batch to perform the functions. (And in response to another message, those functions of DELETE, and authorized functions of some other IDCAMS commands, are (I believe) why IDCAMS runs authorized.) -- Walt Farrell IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Why some programs are authorized Was: Mainframe hacking?
I thought that IEBCOPY being authorized was due to a (possible archaic) facility to invoke certain I/O appendage routines. IDCAMS and its subcommands must be able to invoke auth services to satisfy certain invocations - no surprise to find it in AUTHPGM. Rob Scott Lead Developer Rocket Software 275 Grove Street * Newton, MA 02466-2272 * USA Tel: +1.617.614.2305 Email: rsc...@rs.com Web: www.rocketsoftware.com -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Lindy Mayfield Sent: 14 October 2010 19:44 To: IBM-MAIN@bama.ua.edu Subject: Why some programs are authorized Was: Mainframe hacking? This has been a curiosity of mine of late. Why are on some systems, for example DELETE and LISTCAT authorized in IKJTSOxx? And some systems they aren't? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Clark Morris Sent: Thursday, October 14, 2010 8:57 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Mainframe hacking? For example, why do IDCAMS and IEBCOPY have to be authorized? The IEBCOPY replacement doesn't have to be authorized. Would it be worthwhile for both vendors and users to see what they can do to reduce the amount of code that has to be authorized? Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: New Z10 install [was Re: ... cheap dasd]
Your business partner and/or IBM would be my first choice for a start up plan. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Greg Smith Sent: Thursday, October 14, 2010 1:57 PM To: IBM-MAIN@bama.ua.edu Subject: New Z10 install [was Re: ... cheap dasd] We are planning to install new z10s into two data centers that do not currently have mainframes. I'm not sure if we are planning to have standalone tape drives (we will have vtls). What is the process to install z/os 1.12 in this scenario? I was hoping we could load some kind of starter system from the HMC and use that to install the serverpac (or is it custompac?) from shopzseries. Greg Smith -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Mainframe hacking?
-Original Message- From: IBM Mainframe Discussion List On Behalf Of Lindy Mayfield The whole point, I think, is to get it by the system's guys. Not sure how to do that. So much easier on Windows. Still there are coming more and more freeware MVS utilities, like showmvs. (It can run authorized I think, yes?) I don't think that it is that carefully audited, somebody could slip something into there. One thing that might be argued in its defense is that you get all of the source code for it -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FW: The meaning of SCIDS.
On Thu, 14 Oct 2010 10:58:08 +, Bob Shannon wrote: And I'd heard SHARE Collection of Inebriates, Drunkards, and Sots That's the definition I'd heard, but I don't think anyone really knows what SCIDS stands for. Q: What does SHARE stand for? A: SHARE is not an acronym. It stood for sharing information. Forty years ago, I heard Society to Help Avoid Redundant Effort, perhaps even from an IBM FE. I thought it was prevalent. But it might have been a retronym. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: STIMER(M) EXIT= question
On Thu, 14 Oct 2010 13:04:53 -0500 Paul Schuster pgs4ibmm...@pacbell.net wrote: :Suppose you code something like this: :STIMER(M) SET BINTVL=1 second, EXIT=exitaddress,WAIT=NO :So the application program continues to run, and then 1 second later the :timer interrupt happens. The ASM MACROS documentation says the exitaddress :routine will get control at some point after the timer interrupt happens. :My question is this: :What if your application program that is running has just issued an SVC 99 :or SVC 55 when the timer interrupt occurs? Can the exitaddress routine get :control while the internal IBM SVC code is running, or will the exitaddress :routine get control once the the internal IBM SVC code has returned control :back to the NSI after the SVC instruction? :My question actually could be extended to any IBM service--will the :exitaddress routine get control while in the midst of the service program, :or wait until control returns to application program? If a system routine does not wish to be interrupted by an IRB it can take a lock or ENQ SMC or STATUS SET,MC,PROCESS -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
Bus-Tech has a zDASD product as you have described. I am not aware that StorageTek has such a product. Based on my web searches and searching the Oracle (STK) website, I found no listing for zDASD by StorageTek. Pratt Parrish | WW Manager of Channel Development and Marketing | Bus-Tech, Inc. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Miklos Szigetvari Sent: Thursday, October 14, 2010 9:30 AM To: IBM-MAIN@bama.ua.edu Subject: Re: When will MVS be able to use cheap dasd On 10/14/2010 3:17 PM, Ted MacNEIL wrote: I think that sig is meant in jest. Of course it is! If people are taking it seriously ... - I'm a SuperHero with neither powers, nor motivation! Kimota! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html Maybe late in this track, but we have cheap DASD , as we have zDASD from StorageTech and DS4300 IBM Raid Array behind. (can emulate ESCON or FICON channels and using the Raid array behind) Till we don't have serious problems it was cheap, but as we got DASD errors in the daily backup jobs, it started to be not so cheap. After some GTF traces StorageTech has fixed this problem, so it it cheap again ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: When will MVS be able to use cheap dasd
On Fri, Oct 8, 2010 at 11:19 AM, Pommier, Rex R. rex.pomm...@cnasurety.com wrote: XIV supporting z/OS roadmap? Can you point me at something official that says this? I would like to look at the XIV but I was told by our VAR that XIV supporting FICON and (emulated) CKD isn't in the works. I for one would love to see it! Rex If they can get everything to work with PDSE so PDSs, IPL loading, VTOCs, and all other uses of the Key field are no longer needed, they would be very close. -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: New Z10 install [was Re: ... cheap dasd]
We have, as I alluded to yesterday, a workaround until the Customized Offerings Driver is orderable on DVD next year. You can have your IBM representative or business partner send me a note and I can get them in touch with the right people. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Greg Smith Sent: Thursday, October 14, 2010 1:57 PM To: IBM-MAIN@bama.ua.edu Subject: New Z10 install [was Re: ... cheap dasd] We are planning to install new z10s into two data centers that do not currently have mainframes. I'm not sure if we are planning to have standalone tape drives (we will have vtls). What is the process to install z/os 1.12 in this scenario? I was hoping we could load some kind of starter system from the HMC and use that to install the serverpac (or is it custompac?) from shopzseries. Greg Smith -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- John Eells z/OS Technical Marketing IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
PAGE FIX
I seem to recall, but old age is having its way with me today. Isn't there a way to dynamically determine if a page is fixed?? Any jarring of the memory is greatly appreciated. Larry Crilley Dino-Software Corporation 800.480.DINO 412.366.3566 outbind://92-0C19A532C55CD94285A5E250EF9EC5A7445E7B00/www.dino-soft ware.com www.dino-software.com blocked::blocked::http://www.dino-software.com/trex_factsheet.php T-REX - Superior ICF catalog mgmt with full Tape support and HSM Auditing blocked::blocked::http://www.dino-software.com/reorgadon_factsheet.php REORGadon - First ever online REORG for HSM blocked::blocked::http://www.dino-software.com/teradon_factsheet.php TERADON - First ever REPRO MERGECAT While-OPEN blocked::blocked::http://www.dino-software.com XTINCT - Secure DASD/TAPE data eradication blocked::blocked::http://www.dino-software.com/rtd_factsheet.php RTD - DASD Real Time Defrag blocked::blocked::http://www.dino-software.com/dal_details.php DAL - DINO healthcheck Analysis service for Legato blocked::blocked::http://www.dino-software.com/sentinel_factsheet.php SENTINEL - Real-time FTP Management. All Secure, all the time. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: New Z10 install [was Re: ... cheap dasd]
On 10/14/2010 12:57 PM, Greg Smith wrote: We are planning to install new z10s into two data centers that do not currently have mainframes. I'm not sure if we are planning to have standalone tape drives (we will have vtls). What is the process to install z/os 1.12 in this scenario? I was hoping we could load some kind of starter system from the HMC and use that to install the serverpac (or is it custompac?) from shopzseries. Greg Smith Hey! New mainframe sites. Terrific! -- Kind regards, -Steve Comstock The Trainer's Friend, Inc. 303-393-8716 http://www.trainersfriend.com * To get a good Return on your Investment, first make an investment! + Training your people is an excellent investment -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
EREP dump readout for MCIC
Hi listners. I was checking erep output to try to discover more about MCIC (Machine Check Interruption Code) and found following register, but I checked 02 Erep manuals, (User´s Guide Manual and Reference Manual), but can´t found any description how to readout these little dump. We are running z/vm 4.40 over MP3000 (soon z10 BC), but until there, I need to discover what means External Damage in MCIC code. If I remember in the past, we had some manuals called Logic Manuals, but I can´t located it for Erep. If anyone can tell me where I can found documentation about these dump, I will say Thank You! MODEL-7060 SERIAL NO- 071002 --- RECORD ENTRY SOURCE - MCH VM/ESAV4 R0 DAY YEAR HH MM SS.TH DATE- 285 10 TIME- 03 52 06 78 PROGRAM IDENTITY- @ JOB IDENTITY- OLD MACHINE CHECK PSW - 03 3C 00 00 80 21 09 14 HEX DUMP OF RECORD HEADER107018000010285F03520678 170710027060027C 033C80210914 0030 04000F3D40030004 0050 0070 0090 4040404040404040 00B0 40404040404040404040404040404040 40404040404040404000000F 00D0 0009D3800304 00D65B862C205000 00F0 20001000002107F08000 800014B1EE40004DB07F 0110 5B9D30805B9D3040 C8005B662124 0130 5BA2E7615B860101 1F00 0150 0170 0190 01B0 01D0 01F0 0210 0230 0250 0270 0037 00010400004000C07FFE74B4 0290 716508C0C6B73AF49CF658C004000F3D 40038000C6B725338021091404000F3D 02B0 40038000C6B72559802108E404000F3D 40038100C6B72E838019244204000F3D 02D0 40038000C6B731CA8021091404000F3D 40038000C6B73AF480210914 02F0 RECORD TYPE - 10 -- Carlos Bodra IBM zSeries Certified Specialist Sao Paulo - Brazil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: PAGE FIX
On Thu, 14 Oct 2010 16:37:37 -0400 Larry Crilley larry.cril...@dino-software.com wrote: :I seem to recall, but old age is having its way with me today. :Isn't there a way to dynamically determine if a page is fixed?? It is a wrong question, because if your process did not FIX it the process that did may free/unfix it. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: PAGE FIX
Sure. I just want to determine if a page is fixed. I'm not saying I want to free/unfix it. I just want to know... -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Binyamin Dissen Sent: Thursday, October 14, 2010 4:56 PM To: IBM-MAIN@bama.ua.edu Subject: Re: PAGE FIX On Thu, 14 Oct 2010 16:37:37 -0400 Larry Crilley larry.cril...@dino-software.com wrote: :I seem to recall, but old age is having its way with me today. :Isn't there a way to dynamically determine if a page is fixed?? It is a wrong question, because if your process did not FIX it the process that did may free/unfix it. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: PAGE FIX
Try a PGSER OUT against the page. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Larry Crilley Sent: Thursday, October 14, 2010 2:18 PM To: IBM-MAIN@bama.ua.edu Subject: Re: PAGE FIX Sure. I just want to determine if a page is fixed. I'm not saying I want to free/unfix it. I just want to know... -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Binyamin Dissen Sent: Thursday, October 14, 2010 4:56 PM To: IBM-MAIN@bama.ua.edu Subject: Re: PAGE FIX On Thu, 14 Oct 2010 16:37:37 -0400 Larry Crilley larry.cril...@dino-software.com wrote: :I seem to recall, but old age is having its way with me today. :Isn't there a way to dynamically determine if a page is fixed?? It is a wrong question, because if your process did not FIX it the process that did may free/unfix it. -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html