Re: FRBACKUP Still Not Working...
In this situation, we have used the TSO command: TSO fcwithdr tdevn() with some success. I'm afraid that is just a way around the problem rather than an explanation of what exactly the problem is. Best regards, David Tidy IS Technical Management/SAP-Mf Dow Benelux B.V. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of George Rodriguez Sent: 27 March 2012 19:31 To: IBM-MAIN@bama.ua.edu Subject: FRBACKUP Still Not Working... Since I now know that the problem is NOT hardware related, I've tried everything to figure out what the problem is. I've installed the patch that helps in problem determination (PATCH .FRGCB.+9 BITS(.1..)) and what I get follows: ARC1809I VOLUME CP00AA IS NOT A FAST REPLICATION CANDIDATE FOR L0 VOLUME PPRD46, VER=0012, RC=0002 and the RC=0002 says: volser1 is already paired with another source volume ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
That Xmas EXEC story was still hot news at IBM Sydney in Christmas 1989. They warned us not to code such inadvertent viruses (pardon, virii) despite the best of intentions by its author. Cheers, MARK DOUGLAS Senior IT Support Consultant Mainframe -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Anne Lynn Wheeler Sent: Wednesday, 28 March 2012 2:21 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Malicious Software Protection scott_j_f...@yahoo.com (Scott Ford) writes: You can't be serious...never never heard of anyone developing a virus for mainframes, I understand the fear, but firewalls, network apps do rat in front of the mainframe this discussion group, mailing list originated on BITNET ... recent discussion (with wiki references) http://www.garlic.com/~lynn/2012e.html#19 Inventor of e-mail honored by Smithsonian really long winded recent post in linkedin MainframeZone group http://www.garlic.com/~lynn/2012d.html#49 Do you know where all your sensitive data is located? mentions the xmas exec nov1987 ... reference from vmshare archive http://vm.marist.edu/~vmshare/browse?fn=CHRISTMAft=PROB was almost exactly a year before the morris worm on the internet. -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN * Disclaimer * The contents of this electronic message and any attachments are intended only for the addressee and may contain privileged or confidential information. They may only be used for the purposes for which they were supplied. If you are not the addressee, you are notified that any transmission, distribution, downloading, printing or photocopying of the contents of this message or attachments is strictly prohibited. The privilege of confidentiality attached to this message and attachments is not waived, lost or destroyed by reason of mistaken delivery to you. If you receive this message in error please notify the sender by return e-mail or telephone. Please note: the Department of Public Works carries out automatic software scanning, filtering and blocking of E-mails and attachments (including emails of a personal nature) for detection of viruses, malicious code, SPAM, executable programs or content it deems unacceptable. All reasonable precautions will be taken to respect the privacy of individuals in accordance with the Information Privacy Act 2009 (Qld). Personal information will only be used for official purposes, e.g. monitoring Departmental Personnel's compliance with Departmental Policies. Personal information will not be divulged or disclosed to others, unless authorised or required by Departmental Policy and/or law. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Yes, we know, you're a vendor. Please name few the most popular viruses for z/OS and two-three AV programs for z/OS. ;-))) Intergrity vulnerability - also, please name few popular, please omit those which stem from administrator mistakes. The integrity vulnerabilities *could* lead to viruses which would exploit such vulnerabilities. In other words no vulnerabilities - no malware, but existence of the hole does not imply existence of virus exploiting that hole. Last but not least: AV software is for virus finding, not for hole clogging. Yes, today AV suites do contain additional modules, even parent control filters or firewalls, but we don't talk about such software. I sustain my opinion: it is not mainframe problem. People who demand non-existent software to be present are not mainframe problem. -- Radoslaw Skorupka Lodz, Poland W dniu 2012-03-28 00:11, Ray Overby pisze: Every z/os system today has integrity vulnerabilities on it that if exploited would allow users with access to that system to crash that system or bypass installation controls and access any protected resource on that system regardless of the installed ESM. They would be able to do so with little to no audit trail. What part of this is not a mainframe problem? Ray Overby Key Resources, Inc. Ensuring System Integrity for z/Series^(TM) www.zassure.com (312)574-0007 On 3/27/2012 13:25 PM, R.S. wrote: W dniu 2012-03-27 17:06, Greg Dorner pisze: Dear IBM-MAINers, Our auditors are insisting that we install a product that protects against malicious software (viruses, worms, trojans, etc.). Does anyone know of a product that does this? I heard that McAfee is coming out with a z/OS product later this year, but I called them and they had no idea what I was talking about. z/OS, with proper security controls (and believe me - we have LOTS!) should not have to worry about such things, at least that's what I've always heard. Any input on this topic would be GREATLY appreciated!! This is NOT mainframe problem. Indeed, you have problem with uneducated auditors. Maybe stupid ones. Your problem is how to prove that requirement is both stupid and impossible to fulfill. We can provide you some arguments, like - there are no such products - there are no viruses, trojans or other malware for z/OS and it have never been last 47 years. (I said 'z/OS', so the only VM worm does not count) - no mainframe installation use such product - you have RACF *SECURITY SERVER* (or TS or ACF2) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Russell Witt wrote: To the list of 11 items that Elardus supplied earlier in the day, I would add one more. [... snipped ...] Thanks for correcting + adjusting my item. Much appreciated. I have added it to my list of things to remember. Please keep up with your valuable posts. :-) Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Fwd: MFNetDisk future
-- Forwarded message -- From: Shai Hess mfnetd...@mfnetdisk.com Date: Wed, Mar 28, 2012 at 9:02 AM Subject: MFNetDisk future To: shai.h...@gmail.com ** HI, In the coming days I will stop to work for IBM as a part time employee. IBM makes the move to let me go and I respect it. As you know I think that everything is from God and I sure that God make the good decision for me and I am sure that this change is the best for me and in time ( I am 58). Better not to wait to old age when my body will be more older and weaker and maybe not healthier as before to understand that it is now the time to stop to work and have fun as long as I can do it. MFNetDisk was big enjoyment, but working for IBM was duty and not big fun for me and for my personality. About the future of MFNetDisk. I will not be able to support alone this product financially anymore, so I will disable the downloading of this product because I think that I may stop to support this product. I will take my time and will decide what is the best for me to do with this product. MFNetDisk has success with many small but poor companies (MFNetDisk is free tape and disk storage and DR solution) but it seem to me that big companies never try the product that mean that all my customers are poor and can not pay for this product. The true is that I never ask them to pay. So, I know that for some customers I kept their heads financially above the water or I kept their business alive to keep working with MF at all but I need to think about my family and myself as well. So that is what I will do in the coming days. . Thanks, God bless you. Shai Hess, MFNetDisk product. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Ray Overby wrote: I am a vendor so take my post with a grain of salt. For those that don't like vendors to respond stop reading now.. (flame on) I will take your post seriously. I have reviewed you webpage. Very interesting. You confirmed what I suspected, especially after those threads about [mis]use of SVC. One question if you don't mind please: Can you use or prove your point (elevating TSO, suppress SMF, etc) without being given access to a system in the first place? The idea is that you could enter a system and elevate yourself and place somewhere a signature to prove that you could 'white hack' the target system. Just a yes or no, please, because I realize that due to the nature not too much info can be divulged. The ESM products did not stop the TSO user from exploiting this vulnerability. Very true. ESM is just a database. As said many times on RACF-L, it is the caller which call ESM, the ESM decides on what is found in its own database and report back with RC=0/4/8 plus reason codes. It is up to the whatever caller to honour the RC from an ESM. If you are not concerned that your users can crash your z/OS system at any time (maliciously or accidentally) As I have said, it is the INSIDER who are probably the greatest threat. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: SMPTLIB receive issue
Cant seem to receive new functions, error IKJ56228I DATA SET IBM.HABIA10.F1 NOT IN CATALOG OR CATALOG CAN NOT BE ACCESSED are you receiving from tape or from DASD ? can you post you receive job ? Walter Marguccio z/OS Systems Programmer BELENUS LOB Informatic GmbH Munich - Germany -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Tapeless solution (IBM or Sun) Enterprise class
Hi ALL, Our shop currently using VTS B20, and planning to either migrate the 7740 (no migration need) or migrate to tapeless 7720 or Sun storageTek VSM tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless solution. In market, I think all customer will use tapeless soultion instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many thanks -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Tommy, It is NOT true. Different shops have different requirements. We are also migrating from a B20 to a 7740 Grid solution in support of high availability, continuous operation and disaster recovery needs. One size, or in this case, one solution, does not fit all. Bob -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Tommy Tsui Sent: Wednesday, March 28, 2012 7:16 AM To: IBM-MAIN@bama.ua.edu Subject: Tapeless solution (IBM or Sun) Enterprise class Hi ALL, Our shop currently using VTS B20, and planning to either migrate the 7740 (no migration need) or migrate to tapeless 7720 or Sun storageTek VSM tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless solution. In market, I think all customer will use tapeless soultion instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many thanks -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
Does anyone know when zOS 1.12 will go out of support? I was planning to go to zOS 1.14 from 1.12, but seeing this new release schedule might make me reassess my plan. Mark Jacobs On 03/27/12 23:24, Skip Robinson wrote: We heard it stated at SHARE so often by so many very well-placed IBM folks that it's inconceivable that it will transpire otherwise. . . JO.Skip Robinson SCE Infrastructure Technology Services Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com From: Mike Schwabmike.a.sch...@gmail.com To: IBM-MAIN@bama.ua.edu Date: 03/27/2012 06:09 PM Subject:Re: z/os every two years Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu Not official. But plan on it. Official releases in Sept of odd years. On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com wrote: Does anyone know when IBM is going to make this official? It is official? I am putting together 2013 projects and we normally up to now did upgrades once a year. http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/ Andy S. White -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
In 4f724ce6.9030...@kr-inc.com, on 03/27/2012 at 06:27 PM, Ray Overby ray.ove...@kr-inc.com said: Lets say there is a SVC that when you IPL your z/OS system it is installed and available for use (i.e - any one can issue the SVC). The SVC either came with z/OS or your system programmers installed it because of an ISV product your company purchased or its an in-house written program. For this example lets assume one of your TSO users will attempt to exploit this vulnerability. You're begging the question; you haven't mentioned a vulberability yet. Like any SVC when invoked it will get control in an authorized state (PSW Key 0). Further this SVC issues a STM instruction very early in the SVC code storing into where ever R13 points to. That's only a vulnerability if such an SVC exists. You haven't shown that. No SVC in z/OS that I'm aware of has such an STM. It would certainly violate IBM's statement of integrity. This type of defect is easily exploited Only if it exists. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
In e84242463cbb7d4b9caf90e1fb2883985742dac...@egpcmbx01.egpcore.egp.qld.gov.au, on 03/28/2012 at 04:20 PM, Mark Douglas (CITEC) mark.doug...@citec.com.au said: That Xmas EXEC story was still hot news at IBM Sydney in Christmas 1989. They warned us not to code such inadvertent viruses (pardon, virii) despite the best of intentions by its author. It was a worm rather than a virus. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
In 4f72714f.50...@kr-inc.com, on 03/27/2012 at 09:02 PM, Ray Overby ray.ove...@kr-inc.com said: There are many reasons for these types of defects. The programmer(s) in these cases to the best of my knowledge were actually very experienced z/OS developers. Yes, but did they learn anything from their experience. I'm with Gerhard; that code should never have gotten past code review and casts serious doubts on the competence of the author. Very competent people. Not if they write code such as you described. Even then it only takes a single error Why the quotes? It *is* an error, and a serious one. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: SMPTLIB receive issue
In 95949d394b82e6478ba63b7920f3e...@mail.cenhud.com, on 03/27/2012 at 12:58 PM, Tim Brown tbr...@cenhud.com said: IBM is a valid prefix, Not from what you've written. it's a result of the RFDSNPFX in the function source That makes it expected; it doesn't make it valid. Have you defined the alias IBM? Do you have security rules in place for it? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
In 4f720628.8070...@bremultibank.com.pl, on 03/27/2012 at 08:25 PM, R.S. r.skoru...@bremultibank.com.pl said: - there are no viruses, trojans or other malware for z/OS and it have never been last 47 years. Nonsense. OS/360 was a swiss cheese. 07F0 0A0C -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/OS ftp and Unicode
In 1000645908993586.wa.paulgboulderaim@bama.ua.edu, on 03/27/2012 at 01:03 PM, Paul Gilmartin paulgboul...@aim.com said: WTF!? Didn't Shmuel tell us that UTF-8 contains all of Unicode? Yes, but I said nothiong about either IBM-424 or IBM-1047. Is there an easy way to find what code point it's choking on? Also, I thought that you wanted to tramslate IBM-424 to UTF-8, not UTF-8 to IBM-424. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Hi Tommy, I'm using a TS7720 with 2 3592 tape drives. The biggest issues with the unit had to do with whatever tape management system you'll use. I'm using TLMS and I finally got all the pieces to work together. I'm also a big user if DFSMShsm and recalling tapes is really fast when bring back datasets that have been migrated to ML2. I also purchased a product called CA-CopyCat to take certain datasets on virtual tapes and create a single 3592 cartridge for off-site storage. One issue to worry about is disaster recovery. The best and the most expensive solution for that is to have 2 TS7720; one at your shop and the other at the DR site, then recovery is a snap. * * *George Rodriguez* *Specialist II - IT Solutions* *Application Support / Quality Assurance* *PX - 47652* *(561) 357-7652 (office)* *(561) 707-3496 (mobile)* *School District of Palm Beach County* *3348 Forest Hill Blvd.* *Room B-251* *West Palm Beach, FL. 33406-5869* *Florida's Only A-Rated Urban District For Seven Consecutive Years* On Wed, Mar 28, 2012 at 7:16 AM, Tommy Tsui tommyt...@gmail.com wrote: Hi ALL, Our shop currently using VTS B20, and planning to either migrate the 7740 (no migration need) or migrate to tapeless 7720 or Sun storageTek VSM tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless solution. In market, I think all customer will use tapeless soultion instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many thanks -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN Home of Florida's first LEED Gold Certified School Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: LE enclave calls another LE enclave
In 4f71e7c6.7080...@t-online.de, on 03/27/2012 at 06:16 PM, Bernd Oppolzer bernd.oppol...@t-online.de said: all works well, if the test object is a PL/1 subroutine and not a main program. How do you invoke the MAIN? CALL? LINK? ATTACH? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
In 2664962449864714.wa.gdornerwpsic@bama.ua.edu, on 03/27/2012 at 10:06 AM, Greg Dorner gdor...@wpsic.com said: Our auditors are insisting that we install a product that protects against malicious software (viruses, worms, trojans, etc.). What are the politics? Are the auditors willing to assume liability if the hypothetical package is itself a security problem? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
September 2013, but not officially announced. Bob -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Mark Jacobs Sent: Wednesday, March 28, 2012 7:35 AM To: IBM-MAIN@bama.ua.edu Subject: Re: z/os every two years Does anyone know when zOS 1.12 will go out of support? I was planning to go to zOS 1.14 from 1.12, but seeing this new release schedule might make me reassess my plan. Mark Jacobs -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14 will be available from 2013 and not 2012, so probably V1R12 will be out of support about from 2014? 2012/3/28 Mark Jacobs mark.jac...@custserv.com Does anyone know when zOS 1.12 will go out of support? I was planning to go to zOS 1.14 from 1.12, but seeing this new release schedule might make me reassess my plan. Mark Jacobs On 03/27/12 23:24, Skip Robinson wrote: We heard it stated at SHARE so often by so many very well-placed IBM folks that it's inconceivable that it will transpire otherwise. . . JO.Skip Robinson SCE Infrastructure Technology Services Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com From: Mike Schwabmike.a.sch...@gmail.com** To: IBM-MAIN@bama.ua.edu Date: 03/27/2012 06:09 PM Subject:Re: z/os every two years Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu Not official. But plan on it. Official releases in Sept of odd years. On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com wrote: Does anyone know when IBM is going to make this official? It is official? I am putting together 2013 projects and we normally up to now did upgrades once a year. http://blogs.realdolmen.com/**experts/2012/03/13/a-new-zos-** release-every-2-year/http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/ Andy S. White --**--** -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein --**--**-- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Un saludo. Álvaro Guirao -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
A good guess, but until there's an official notification I can't plan on supposition. Mark Jacobs On 03/28/12 07:41, Alvaro Guirao Lopez wrote: zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14 will be available from 2013 and not 2012, so probably V1R12 will be out of support about from 2014? 2012/3/28 Mark Jacobsmark.jac...@custserv.com Does anyone know when zOS 1.12 will go out of support? I was planning to go to zOS 1.14 from 1.12, but seeing this new release schedule might make me reassess my plan. Mark Jacobs On 03/27/12 23:24, Skip Robinson wrote: We heard it stated at SHARE so often by so many very well-placed IBM folks that it's inconceivable that it will transpire otherwise. . . JO.Skip Robinson SCE Infrastructure Technology Services Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com From: Mike Schwabmike.a.sch...@gmail.com** To: IBM-MAIN@bama.ua.edu Date: 03/27/2012 06:09 PM Subject:Re: z/os every two years Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu Not official. But plan on it. Official releases in Sept of odd years. On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com wrote: Does anyone know when IBM is going to make this official? It is official? I am putting together 2013 projects and we normally up to now did upgrades once a year. http://blogs.realdolmen.com/**experts/2012/03/13/a-new-zos-** release-every-2-year/http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/ Andy S. White --**--** -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein --**--**-- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
I agree 2012/3/28 Mark Jacobs mark.jac...@custserv.com A good guess, but until there's an official notification I can't plan on supposition. Mark Jacobs On 03/28/12 07:41, Alvaro Guirao Lopez wrote: zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14 will be available from 2013 and not 2012, so probably V1R12 will be out of support about from 2014? 2012/3/28 Mark Jacobsmark.jacobs@custserv.**commark.jac...@custserv.com Does anyone know when zOS 1.12 will go out of support? I was planning to go to zOS 1.14 from 1.12, but seeing this new release schedule might make me reassess my plan. Mark Jacobs On 03/27/12 23:24, Skip Robinson wrote: We heard it stated at SHARE so often by so many very well-placed IBM folks that it's inconceivable that it will transpire otherwise. . . JO.Skip Robinson SCE Infrastructure Technology Services Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com From: Mike Schwabmike.a.sch...@gmail.com To: IBM-MAIN@bama.ua.edu Date: 03/27/2012 06:09 PM Subject:Re: z/os every two years Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu Not official. But plan on it. Official releases in Sept of odd years. On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com wrote: Does anyone know when IBM is going to make this official? It is official? I am putting together 2013 projects and we normally up to now did upgrades once a year. http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-http://blogs.realdolmen.com/**experts/2012/03/13/a-new-zos-** release-every-2-year/http://**blogs.realdolmen.com/experts/** 2012/03/13/a-new-zos-release-**every-2-year/http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/ Andy S. White --**--** -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein --** --**-- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein --**--**-- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Un saludo. Álvaro Guirao -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: LE enclave calls another LE enclave
Hi Probably no exact your case We had a C++ application main program (LE enclave), we got some errors as tried to call from COBOL LE We inserted a small LE conform assembler routine between the COBOL and C++, it issued a BPX1SDD DUB process and an ATTACH to attach the C++ main program . It is working in this way with COBOL and C++ On 3/27/2012 6:16 PM, Bernd Oppolzer wrote: Hello all, we have a problem that is not easy to describe. Let me try it. We are building a test supporting system, which allows to do tests of software components. The system consists of the following modules or parts: A - driver, written in ASSEMBLER. The driver builds a LE enclave, so that it can call C subfunctions and the test objects, which are (normally) PL/1 routines B - driver supporting routine, written in C. This routine provides services OPEN, WRITE and CLOSE. It is called by the driver. On OPEN, it fetches a testcase list from the testcase database and builds a linked list in memory (in the LE heap). It also opens a log file for writing. On WRITE, it writes some protocol data on the log file. On CLOSE, it closes the log file. C - driver exit, written in ASSEMBLER. It is called at the beginning of the test object (at the entry point) by means of TRAP2 interrupts. It has access to the testcase list element that B took from the testcase database for the current testcase. It then calls D, passing the address of the testcase list element. D reads the testcase data, builds a parameter list for the testcase, and returns a parameter list. Then the driver exits resumes the test object at the position of the entry point (this way the test data is passed to the test object). D - is a C routine which reads the data from the testcase data base and builds the parameter list for the test object - because this is much easier to do in C than in ASSEMBLER. Now the problem: all works well, if the test object is a PL/1 subroutine and not a main program. Then the LE enclave built by A is used by B, passed to the test object, and used by D as well. There is no problem passing the LE environment through the TRAP2 interrupt. But: we also want to be able to test PL/1 main programs this way. The PL/1 main programs are called by the driver the same way as the modules are called, but because they are started at CEESTART, a second LE enclave below the first enclave is built. Then C and D run below the second enclave. This is no problem so far, because there is no need to share ressources between the two enclaves; the only information exchange is through the testcase list element which belongs to the heap of the first enclave, and this is no problem, in our opinion. But: when we return from the test object and we try to execute the WRITE call to B in the first enclave, it fails in the prologue of B. We first thought that reg 12 had not be restored correctly, but this is not the case. Reg 12 is the same as before the call of the PL/1 main, points to the original CEECAA. Also, the save area (including NAB etc, the words behind offsets 72) are unchanged. But still, we get abends 0C4 etc. in the prologue of B. But only in the PL/1 main case, if there is a second enclave, not in the other case. We fixed this problem by doing the WRITE and CLOSE calls not in the same (first) enclave as the OPEN call, but instead we did all the subsequent calls by an intermediate PL/1 main, that is: after the PL/1 test object main destroyed somehow our first enclave, we didn't use it any more, but instead constructed new enclaves for every subsequent call at the same level. But this doesn't look very sound to me. My question is: has somebody out there an idea, what has happened here and what might be a solution to our problem? Is it possible to have one LE enclave call another and on return from the second still have the first one usable? What are we getting wrong? Kind regards Bernd -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
Check with your IBM rep, they should be able to share more info. There is an internal document that has a FAQ. Some specifics that address the questions asked: - The announcement should follow in 60 days (I assume starting from 12-Mar) - Support for 1.12 and 1.13 will be extended to bridge customers to new release cycles. N-2 compatibility will remain. To me this suggest 1.12 will go out of support no sooner than 1.15 (or whatever it will be called) availability, which would seem to be the 2nd half of 2014 (that's my interpretation, it wasn't explicitly stated in the communication). Bart -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Alvaro Guirao Lopez Sent: Wednesday, March 28, 2012 7:41 AM To: IBM-MAIN@bama.ua.edu Subject: Re: z/os every two years zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14 will be available from 2013 and not 2012, so probably V1R12 will be out of support about from 2014? 2012/3/28 Mark Jacobs mark.jac...@custserv.com Does anyone know when zOS 1.12 will go out of support? I was planning to go to zOS 1.14 from 1.12, but seeing this new release schedule might make me reassess my plan. Mark Jacobs On 03/27/12 23:24, Skip Robinson wrote: We heard it stated at SHARE so often by so many very well-placed IBM folks that it's inconceivable that it will transpire otherwise. . -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
A good guess, but until there's an official notification I can't plan on supposition. Then you will be wrong. In this case plan on supposition. Bob Shannon Rocket Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
What I concerns are: 1. Tape still have life time, if 1TB tape damage then we need more time to re-built or re-create it, except you implement dual copy or PPRC VTS and it cost you more. 2. Tape migration is my concern, I think disk to disk migration is more faster solution. I can't find any migration approach for B20 to TS7740 or TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read all tapes to cache and copy back to other tape subsystem 3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a new model comes and we need to preform another migrationcopy again and again from tape to another tape system because of new drives.TRUE -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
Methinks you have inside information :-) On 03/28/12 07:58, Bob Shannon wrote: A good guess, but until there's an official notification I can't plan on supposition. Then you will be wrong. In this case plan on supposition. Bob Shannon Rocket Software -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Add Tivoli Tape Optimizer to your list of migration utilities. Bob -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Tommy Tsui Sent: Wednesday, March 28, 2012 7:59 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Tapeless solution (IBM or Sun) Enterprise class What I concerns are: 1. Tape still have life time, if 1TB tape damage then we need more time to re-built or re-create it, except you implement dual copy or PPRC VTS and it cost you more. 2. Tape migration is my concern, I think disk to disk migration is more faster solution. I can't find any migration approach for B20 to TS7740 or TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read all tapes to cache and copy back to other tape subsystem 3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a new model comes and we need to preform another migrationcopy again and again from tape to another tape system because of new drives.TRUE -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
I attended SHARE. I looked at the positions the speakers have at IBM and concluded it's a done deal. Too much horsepower to be sending the wrong message. Bob -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Mark Jacobs Sent: Wednesday, March 28, 2012 8:03 AM To: IBM-MAIN@bama.ua.edu Subject: Re: z/os every two years Methinks you have inside information :-) On 03/28/12 07:58, Bob Shannon wrote: A good guess, but until there's an official notification I can't plan on supposition. Then you will be wrong. In this case plan on supposition. Bob Shannon Rocket Software -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Tommy Tsui tommyt...@gmail.com wrote in message news:cal96cms6abxwrwjtdlozcqjhzo-wbtxokdu-ws2hdmltfwu...@mail.gmail.com ... What I concerns are: 1. Tape still have life time, if 1TB tape damage then we need more time to re-built or re-create it, except you implement dual copy or PPRC VTS and it cost you more. Can you really recreate all your data on tape??? If not, you need duplication in some form. 2. Tape migration is my concern, I think disk to disk migration is more faster solution. I can't find any migration approach for B20 to TS7740 or TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read all tapes to cache and copy back to other tape subsystem Both 7720 and 7740 run at Ficon speed. The 7720 and 7740 will write to the disk cache and the 7720 will destage asynchroneously. 3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a new model comes and we need to preform another migrationcopy again and again from tape to another tape system because of new drives.TRUE This also holds for disk-only systems. You cannot move the SATA drives from your old to your new tape system. Kees. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
I agree that it is a done deal, however that I think it IS the wrong message. Too many users have based their procedures on the current schedule and waiting two years for new releases will just slow down the implementation of new functions. The cant that 'many users can't upgrade every year so we will help them by changing to every two years' doesn't pass muster. This will make those users upgrade every four years now and penalize those who do attempt to stay current. I don't like it. Just my ranting for the day, Jon -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Bob Shannon Sent: Wednesday, March 28, 2012 8:08 AM To: IBM-MAIN@bama.ua.edu Subject: Re: z/os every two years I attended SHARE. I looked at the positions the speakers have at IBM and concluded it's a done deal. Too much horsepower to be sending the wrong message. Bob -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Mark Jacobs Sent: Wednesday, March 28, 2012 8:03 AM To: IBM-MAIN@bama.ua.edu Subject: Re: z/os every two years Methinks you have inside information :-) On 03/28/12 07:58, Bob Shannon wrote: A good guess, but until there's an official notification I can't plan on supposition. Then you will be wrong. In this case plan on supposition. Bob Shannon Rocket Software -- Mark Jacobs Time Customer Service Tampa, FL Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN This e-mail may contain confidential or privileged information. If you think you have received this e-mail in error, please advise the sender by reply e-mail and then delete this e-mail immediately. Thank you. Aetna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
While you do need to use some type of tape copy utilities to move from a B20 to a TS7740; you also would have to use some type of dasd copy utility to move from one dasd subsystem to another UNLESS you stay within the same product line (they often have some upgrade utilities that make migration within the same vendor easier to handle). Granted, the dasd copy utilities now allow using flashcopy and other such techniques to improve performance - but that means you have a second copy of the file on the original device AS you are making a third copy on the new device (just how many copies do you want to make to move the data?). You are also mistaken in item 3; a TS1140 can read TS1120 and TS1130 tapes; and TS1130 can read TS1120 tapes. The direction from IBM is to read/write in the new format AND the -1 format; and to read both the -1 and -2 formats. So there is a lot of backward migration. And then there is the subject of how long a dasd box will last and how long a tape system will remain in effect. Since you are currently using a B20, I wonder just how old that unit is? Russell Witt CA 1 L2 Support Manager -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Tommy Tsui Sent: Wednesday, March 28, 2012 6:59 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Tapeless solution (IBM or Sun) Enterprise class What I concerns are: 1. Tape still have life time, if 1TB tape damage then we need more time to re-built or re-create it, except you implement dual copy or PPRC VTS and it cost you more. 2. Tape migration is my concern, I think disk to disk migration is more faster solution. I can't find any migration approach for B20 to TS7740 or TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read all tapes to cache and copy back to other tape subsystem 3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a new model comes and we need to preform another migrationcopy again and again from tape to another tape system because of new drives.TRUE -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
W dniu 2012-03-28 13:58, Tommy Tsui pisze: What I concerns are: 1. Tape still have life time, if 1TB tape damage then we need more time to re-built or re-create it, except you implement dual copy or PPRC VTS and it cost you more. Tape (real one) can be duplexed. In that case you can read data just after the tape failed. BTDT. For large amounts of data real tape is much cheaper and more scalable than virtual tape on disk. It is true, it has been true for years. The only change is treshold, a definition of large amount. 2. Tape migration is my concern, I think disk to disk migration is more faster solution. I can't find any migration approach for B20 to TS7740 or TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read all tapes to cache and copy back to other tape subsystem I see no problem with migration from tape to tape, even incompatible ones like STK and IBM. BTDT. 3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a new model comes and we need to preform another migrationcopy again and again from tape to another tape system because of new drives.TRUE Not true. There is some compatibility window, wider for R/O, more narrow for Read/Write. Compatibility window of IBM is similar to STK. -- Radoslaw Skorupka Lodz, Poland -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com wrote: The reason I brought up this 'vulnerability' is that we hired a consultant a while back to look for weaknesses. Of course they were able to logon with a vanilla userid that had no special authority. And this is what they did. We all spend a lot of time and mental energy focused on how to protect ourselves from sophisticated attack. We look at APF. We look at SVC screening. We look at access to sensitive libraries. But this particular 'denial of service' can be accomplished by anyone with a valid userid and password. And *only* because we lock up users for invalid password attempts. I'm just sayin'... It's just another form of disaster you have to plan for, Skip. It's easy, for example, to setup an STC that runs with an ID that has SPECIAL, or that is the OWNER of some IDs that have SPECIAL, and have that STC run IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that have SPECIAL. If they all get locked out, you just run the STC and that set of IDs is RESUMED. The STC itself will be able to run, even if its ID has been revoked, and so it provides protection against the issue you're suggesting. But yes, you need to be prepared for this, just as for anything that can compromise your system. (Other alternatives exist, by the way, including emergency copies of the RACF database that you can make available in such an emergency situation, but the STC approach is the simplest, in my opinion. Nonetheless, I would also recommend having an emergency RACF DB available, too, but that also goes along with having emergency system residence volumes available.) -- Walt Farrell IBM STSM, z/OS Security Design (for another half-hour or so) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Of course not! Most auditors that I've had the misfortune to interact with directly are like politicians. They have the bright ideas based on fundamental truths. But if they don't work, it's because the people who implemented them (us) are idiots and incompetents. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Shmuel Metz (Seymour J.) Sent: Tuesday, March 27, 2012 8:09 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Malicious Software Protection In 2664962449864714.wa.gdornerwpsic@bama.ua.edu, on 03/27/2012 at 10:06 AM, Greg Dorner gdor...@wpsic.com said: Our auditors are insisting that we install a product that protects against malicious software (viruses, worms, trojans, etc.). What are the politics? Are the auditors willing to assume liability if the hypothetical package is itself a security problem? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Our shop use B20 almost 5 years and sometime the IBM CE will notify me the tape cannot be recovered or the Gripper cannot move , some time need to reboot the library console and re-inventory again. Any problems when use VTS 7720? anyone can share? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
We have 2 7720 clusters in a grid configuration and are very happy with it. Kees. Tommy Tsui tommyt...@gmail.com wrote in message news:CAL96CmvY959T=nq+3C5h24w2isgSsajj6=ly+zzzmuv9dyo...@mail.gmail.com ... Our shop use B20 almost 5 years and sometime the IBM CE will notify me the tape cannot be recovered or the Gripper cannot move , some time need to reboot the library console and re-inventory again. Any problems when use VTS 7720? anyone can share? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: SMPTLIB receive issue
All is working, I got it to work differently!! We had downloaded all the function files HABIA10.F1, since the original package was in pax.z format, so I just renamed them all to what SMPE was expecting. SMPE.IBM.HABIA10.F1 SMPE.IBM.HABIA10.F2 SMPE.IBM.HABIA10.F3 And the receive worked. Never seen this with SMP/E and I have been using it since the 80's Thanks, Tim Brown Supervisor Computer Operations Central Hudson Gas Electric 284 South Ave Poughkeepsie, NY 12601 Email: tbr...@cenhud.com mailto:tbr...@cenhud.com Phone: 845-486-5643 Fax: 845-486-5921 Cell: 845-235-4255 -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Shmuel Metz (Seymour J.) Sent: Tuesday, 27 March, 2012 9:33 PM To: IBM-MAIN@bama.ua.edu Subject: Re: SMPTLIB receive issue In 95949d394b82e6478ba63b7920f3e...@mail.cenhud.com, on 03/27/2012 at 12:58 PM, Tim Brown tbr...@cenhud.com said: IBM is a valid prefix, Not from what you've written. it's a result of the RFDSNPFX in the function source That makes it expected; it doesn't make it valid. Have you defined the alias IBM? Do you have security rules in place for it? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Ditto for us. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Vernooij, CP - SPLXM Sent: Wednesday, March 28, 2012 7:40 AM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] Tapeless solution (IBM or Sun) Enterprise class We have 2 7720 clusters in a grid configuration and are very happy with it. Kees. Tommy Tsui tommyt...@gmail.com wrote in message news:CAL96CmvY959T=nq+3C5h24w2isgSsajj6=ly+zzzmuv9dyo...@mail.gmail.com ... Our shop use B20 almost 5 years and sometime the IBM CE will notify me the tape cannot be recovered or the Gripper cannot move , some time need to reboot the library console and re-inventory again. Any problems when use VTS 7720? anyone can share? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
For those few of you that also run zTPF: this OS is very sensitive to slight abnormalties and IBM tested and certified the TS7720 with zTPF and we still found some problems in the beginning, that were solved working with IBM. You should be careful with other vendors that have not proven their device with zTPF (or even don't know the word at all). Kees. Vernooij, CP - SPLXM kees.verno...@klm.com wrote in message news:ce3ffbb7e42033469ef752a1d8a19ba10216f...@kl1221tc.cs.ad.klmcorp.ne t... We have 2 7720 clusters in a grid configuration and are very happy with it. Kees. Tommy Tsui tommyt...@gmail.com wrote in message news:CAL96CmvY959T=nq+3C5h24w2isgSsajj6=ly+zzzmuv9dyo...@mail.gmail.com ... Our shop use B20 almost 5 years and sometime the IBM CE will notify me the tape cannot be recovered or the Gripper cannot move , some time need to reboot the library console and re-inventory again. Any problems when use VTS 7720? anyone can share? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
On Wed, 28 Mar 2012 08:16:34 -0400, Veilleux, Jon L veilleu...@aetna.com wrote: I agree that it is a done deal, however that I think it IS the wrong message. Too many users have based their procedures on the current schedule and waiting two years for new releases will just slow down the implementation of new functions. The cant that 'many users can't upgrade every year so we will help them by changing to every two years' doesn't pass muster. This will make those users upgrade every four years now and penalize those who do attempt to stay current. I don't like it. Just my ranting for the day, Jon I tend to agree. Too many shops I know of only upgrade because they don't want to go beyond the EOS date. What I wanted was an extra 6 months added to EOS. So if a release was skipped (for whatever reason) you weren't running up against the Sept. EOS date of the running release or year end freezes if there were any delays in installation and roll out of the new release. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Walt - good luck in retirement. Love the final signature line. Sam Sent from my Verizon Wireless BlackBerry -Original Message- From: Walt Farrell wfarr...@us.ibm.com Sender: IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu Date: Wed, 28 Mar 2012 07:28:58 To: IBM-MAIN@bama.ua.edu Reply-To: IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu Subject: Re: Malicious Software Protection On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com wrote: The reason I brought up this 'vulnerability' is that we hired a consultant a while back to look for weaknesses. Of course they were able to logon with a vanilla userid that had no special authority. And this is what they did. We all spend a lot of time and mental energy focused on how to protect ourselves from sophisticated attack. We look at APF. We look at SVC screening. We look at access to sensitive libraries. But this particular 'denial of service' can be accomplished by anyone with a valid userid and password. And *only* because we lock up users for invalid password attempts. I'm just sayin'... It's just another form of disaster you have to plan for, Skip. It's easy, for example, to setup an STC that runs with an ID that has SPECIAL, or that is the OWNER of some IDs that have SPECIAL, and have that STC run IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that have SPECIAL. If they all get locked out, you just run the STC and that set of IDs is RESUMED. The STC itself will be able to run, even if its ID has been revoked, and so it provides protection against the issue you're suggesting. But yes, you need to be prepared for this, just as for anything that can compromise your system. (Other alternatives exist, by the way, including emergency copies of the RACF database that you can make available in such an emergency situation, but the STC approach is the simplest, in my opinion. Nonetheless, I would also recommend having an emergency RACF DB available, too, but that also goes along with having emergency system residence volumes available.) -- Walt Farrell IBM STSM, z/OS Security Design (for another half-hour or so) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: SMPTLIB receive issue
Cant seem to receive new functions, error IKJ56228I DATA SET IBM.HABIA10.F1 NOT IN CATALOG OR CATALOG CAN NOT BE ACCESSED are you receiving from tape or from DASD ? can you post you receive job ? I suspect you are trying to receive from DASD. If so, what is the name of your RELFILE data set? Perhaps you need to specify the RFPREFIX operand on the RECEIVE command. Kurt Quackenbush -- IBM, SMP/E Development -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
On Wed, 28 Mar 2012 19:16:01 +0800, Tommy Tsui tommyt...@gmail.com wrote: Hi ALL, Our shop currently using VTS B20, and planning to either migrate the 7740 (no migration need) or migrate to tapeless 7720 or Sun storageTek VSM tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless solution. In market, I think all customer will use tapeless soultion instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many thanks Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech now). I have not worked with MDL (which I think is more of a small shop solution), but I have with DLm.I've also worked with VSM, but it was always backed by physical tape. BTW, the vendor is Oracle now, not Sun. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
We've been using a TS7720 for 3 years now but we are NOT in a grid which makes for some interesting operational procedures. The virtual volumes are copied/stacked to physical volumes using TAPECOPY from OPENTECH which works just fine. Our only problem so far is restoring the data for HSM ML2 and backup tapes at our DR site since the restore must be to an equivalent volume type and except for another VTS there aren't any 3490's that hold 4GB of data. The other problem with only 1 TS7720 is applying maintenance to the machine. When the CE needs to install software updates it often takes 3-4 hours and that means NO tape access for that period. Dennis -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Tommy Tsui Sent: Wednesday, March 28, 2012 7:34 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Tapeless solution (IBM or Sun) Enterprise class Our shop use B20 almost 5 years and sometime the IBM CE will notify me the tape cannot be recovered or the Gripper cannot move , some time need to reboot the library console and re-inventory again. Any problems when use VTS 7720? anyone can share? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Yes, the maintenance time also need to aware, if you already form a grid it will not interrupt you otherwise you need 3 or 4 hours to apply microcode because the aix inside which like ds8000 On 2012-3-28 下午8:40, Dennis Trojak dennis.tro...@radioshack.com wrote: We've been using a TS7720 for 3 years now but we are NOT in a grid which makes for some interesting operational procedures. The virtual volumes are copied/stacked to physical volumes using TAPECOPY from OPENTECH which works just fine. Our only problem so far is restoring the data for HSM ML2 and backup tapes at our DR site since the restore must be to an equivalent volume type and except for another VTS there aren't any 3490's that hold 4GB of data. The other problem with only 1 TS7720 is applying maintenance to the machine. When the CE needs to install software updates it often takes 3-4 hours and that means NO tape access for that period. Dennis -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Tommy Tsui Sent: Wednesday, March 28, 2012 7:34 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Tapeless solution (IBM or Sun) Enterprise class Our shop use B20 almost 5 years and sometime the IBM CE will notify me the tape cannot be recovered or the Gripper cannot move , some time need to reboot the library console and re-inventory again. Any problems when use VTS 7720? anyone can share? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
At 3/27/2012 04:06 PM, Joel C. Ewing wrote: The concept of allowing average-Joe user to be able to download data from arbitrary sources in arbitrary formats and being able from that to somehow introduce executable code into the system in ways that will execute with special privileges so as to introduce a virus or trojan is an issue that is endemic to Windows platforms but foreign to z/OS. Hmmm, excellent point! I guess part of the problem with Windows systems is that there are so many file types that in one way or another are executables, including many file type that you do not expect to be executable! Example: I was blown away when I learned only a few years ago that .PDFs could be an executable! Who knew? Not me. But the Chinese did... (It was interesting to see the flurry of fixes that Adobe published over the two years or so following the attack against Google...) Not only are so many file types executable, they often are executed by default! So it is a lot easier to let something maliscious slip in on a Windows system than it is on a mainframe. On mainframes files generally do not get executed by default. It generally takes an intentional and direct act to run a program. So worrying about random files upload to the mainframe is an unnecessary distraction. Dave -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/OS ftp and Unicode
On Tue, 27 Mar 2012 21:39:26 -0400, Shmuel Metz (Seymour J.) wrote: WTF!? Didn't Shmuel tell us that UTF-8 contains all of Unicode? Yes, but I said nothiong about either IBM-424 or IBM-1047. Is there an easy way to find what code point it's choking on? Also, I thought that you wanted to tramslate IBM-424 to UTF-8, not UTF-8 to IBM-424. Quite so. Which is the reason I think FTP is in error for claiming the data contain an invalid code point. Using a z/OS UNIX (whatever) temp file, it can all be done with a single FTP command and a bizarre script: # (Local stuff redacted) # MEMBER=$1 DSN=TEST.TESTPRT MVS_TEMP=/tmp/$MVS_USER ftp $MVS_USER@$MVS_HOST end-of-ftp ascii quote site encoding=sbcs quote site sbdataconn=(IBM-1047,ISO8859-1) get $DSN($MEMBER) $MEMBER put $MEMBER $MVS_TEMP/$MEMBER quote site encoding=mbcs quote site mbdataconn=(IBM-424,UTF-8) get $MVS_TEMP/$MEMBER $MEMBER delete $MVS_TEMP/$MEMBER quit end-of-ftp cat $MEMBER UGH!/ -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
On Wed, 28 Mar 2012 08:27:44 -0500, Mark Zelden m...@mzelden.com wrote: I tend to agree. Too many shops I know of only upgrade because they don't want to go beyond the EOS date. But as long as we are supposing here. Will they not extend the service discontinued date for 1.11 also? As it stands now, 1.11 goes EOS as of 2012/09/30, but the next release will not be available until approx 2013/09/30. So from 9/2012 to 9/2013, only 1.12 and 1.13 supported? Or will N-2 cease to be the supported coexistance policy? Dana -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Dennis Trojak dennis.tro...@radioshack.com wrote in message news:3d40fdfc24014e459f11e569c730d98e05bd4...@ntexmbapb.corp.radioshack .net... We've been using a TS7720 for 3 years now but we are NOT in a grid which makes for some interesting operational procedures. The virtual volumes are copied/stacked to physical volumes using TAPECOPY from OPENTECH which works just fine. Our only problem so far is restoring the data for HSM ML2 and backup tapes at our DR site since the restore must be to an equivalent volume type and except for another VTS there aren't any 3490's that hold 4GB of data. The other problem with only 1 TS7720 is applying maintenance to the machine. When the CE needs to install software updates it often takes 3-4 hours and that means NO tape access for that period. We have a similar problem with our grid: in that period there is no replication between the clusters, so we are not fully Disaster-Ready. However, this can be solved by a 3-way grid. Nothing is impossible if you have the money. Kees. Dennis -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Tommy Tsui Sent: Wednesday, March 28, 2012 7:34 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Tapeless solution (IBM or Sun) Enterprise class Our shop use B20 almost 5 years and sometime the IBM CE will notify me the tape cannot be recovered or the Gripper cannot move , some time need to reboot the library console and re-inventory again. Any problems when use VTS 7720? anyone can share? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Ask the auditors, and/or hire an independent research consultant specializing in mainframe security, to find some published accounts of mainframe penetration that were NOT due to insiders; e.g., viruses. Print your own copy of all such accounts. Study them closely to see where the real weakness was. Over the years I have heard of several mainframe penetrations and usurpations, but they were all due to insider activity. The first one I heard about, however, was an outsider who found program listings in a trash can outside of the data center's building, which had been tossed there by developers inside the building and/or janitors at night. The listings were not considered worth securing or shredding. The perp went to prison for a while, then after being released he turned into a mainframe security consultant. There are many things to consider besides anti-virus detections; e.g. who has keys to the data center room, to any of the offices containing terminals, logon passw! ord protection, etc. Maybe the auditors have already checked out all these other areas, are just trying to be comprehensive, and do not understand that one size does not fit all. Bill Fairchild -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Greg Dorner Sent: Tuesday, March 27, 2012 11:38 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Malicious Software Protection No,. I'm not serious. But the auditors at PWC are. I'm practicing my belly-laugh for when they actually want to discuss the issue. You are all telling me what I already knew, but I just wanted to get the feedback so it isn't just my understanding of it. Thanks everyone, for all the good quotes, quips, and entertainment! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Farewell Walt. Thanks for the memories. Was this your Last Post? (In the British military sense; ie. Taps to most on this list.) === Date: Wed, 28 Mar 2012 07:28:58 -0500 From: wfarr...@us.ibm.com Subject: Re: Malicious Software Protection To: IBM-MAIN@bama.ua.edu On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com wrote: The reason I brought up this 'vulnerability' is that we hired a consultant a while back to look for weaknesses. Of course they were able to logon with a vanilla userid that had no special authority. And this is what they did. We all spend a lot of time and mental energy focused on how to protect ourselves from sophisticated attack. We look at APF. We look at SVC screening. We look at access to sensitive libraries. But this particular 'denial of service' can be accomplished by anyone with a valid userid and password. And *only* because we lock up users for invalid password attempts. I'm just sayin'... It's just another form of disaster you have to plan for, Skip. It's easy, for example, to setup an STC that runs with an ID that has SPECIAL, or that is the OWNER of some IDs that have SPECIAL, and have that STC run IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that have SPECIAL. If they all get locked out, you just run the STC and that set of IDs is RESUMED. The STC itself will be able to run, even if its ID has been revoked, and so it provides protection against the issue you're suggesting. But yes, you need to be prepared for this, just as for anything that can compromise your system. (Other alternatives exist, by the way, including emergency copies of the RACF database that you can make available in such an emergency situation, but the STC approach is the simplest, in my opinion. Nonetheless, I would also recommend having an emergency RACF DB available, too, but that also goes along with having emergency system residence volumes available.) -- Walt Farrell IBM STSM, z/OS Security Design (for another half-hour or so) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: LE enclave calls another LE enclave
The Mains (and the PL/1 sub program test objects) are - or can be - DLLs, compiled with the RENT compile option, so they have to be called using CEEFETCH, because the proper WSA initialization etc has to be done. This is the part of a co-worker, so I'm not totally sure about this, but I believe that he does it the same way at the moment for the Mains and non-Mains, and that is CEEFETCH. We are thinking about other solutions, too, for example: get rid of the first enclave and do the control work totally in ASSEMBLER, without LE. Then we could build seperate enclaves for every testcase (in the case of Mains, the Main would build the enclave, and in the case of Non-Mains, the driver would do it). I forgot to mention how the TRAP2 interrupt is done. The location of the entry point is calculated by analyzing the compiler and linkage editor listing at compile time, and then, before transferring control to the test object, a TRAP2 machine instruction is placed at the location of the entry point. The TRAP2 interruption is then captured by the driver exit, which replaces the (undefined) reg 1 parm list by the right one, which comes from the testcase database, and resumes execution. This way, we manage to construct the reg 1 parameter list and present the parameters to the test object at a time when all the initialization work has already been done. When returning from the test object, the output parameters are extracted from the parameter area and written back to the testcase database (to verify the changes done by the test object and to enable regression testing). Kind regards Bernd Am Mittwoch, 28. März 2012 03:02 schrieben Sie: In 4f71e7c6.7080...@t-online.de, on 03/27/2012 at 06:16 PM, Bernd Oppolzer bernd.oppol...@t-online.de said: all works well, if the test object is a PL/1 subroutine and not a main program. How do you invoke the MAIN? CALL? LINK? ATTACH? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech now). I have not worked with MDL (which I think is more of a small shop solution), but I have with DLm.I've also worked with VSM, but it was always backed by physical tape. BTW, the vendor is Oracle now, not Sun. So my understanding is the MDL was the HDS version of the DLM - the Bustech appliance ahead of HDS storage. We have an HDS MDL which uses an AMS2500 for back-end storage. It's also my understanding that the MDL is no longer available as such. HDS now sells the Falconstor's VTL instead. I would consider the DLM the MDL to be roughly equivalent. We are very happy with the performance of the MDL. dd keller This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
How to Unpair Volumes
I'm still fighting this battle with Fast Replication... Is there a way of UNPAIRing volumes? * * *George Rodriguez* *Specialist II - IT Solutions* *Application Support / Quality Assurance* *PX - 47652* *(561) 357-7652 (office)* *(561) 707-3496 (mobile)* *School District of Palm Beach County* *3348 Forest Hill Blvd.* *Room B-251* *West Palm Beach, FL. 33406-5869* *Florida's Only A-Rated Urban District For Seven Consecutive Years* Home of Florida's first LEED Gold Certified School Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: How to Unpair Volumes
George, There are a couple TSO commands that may help with this. The fcquery - with the showrels(all) parm - will tell you what FR relationships are in place, and the fcwithdr (fhashcopy withdraw) command will allow you to break the relationships. Rex -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of George Rodriguez Sent: Wednesday, March 28, 2012 10:22 AM To: IBM-MAIN@bama.ua.edu Subject: How to Unpair Volumes I'm still fighting this battle with Fast Replication... Is there a way of UNPAIRing volumes? * * *George Rodriguez* *Specialist II - IT Solutions* *Application Support / Quality Assurance* *PX - 47652* *(561) 357-7652 (office)* *(561) 707-3496 (mobile)* *School District of Palm Beach County* *3348 Forest Hill Blvd.* *Room B-251* *West Palm Beach, FL. 33406-5869* *Florida's Only A-Rated Urban District For Seven Consecutive Years* Home of Florida's first LEED Gold Certified School Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN The information contained in this e-mail may contain confidential and/or privileged information and is intended for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any unauthorized use, disclosure, distribution or copying of this communication is strictly prohibited and that you will be held responsible for any such unauthorized activity, including liability for any resulting damages. As appropriate, such incident(s) may also be reported to law enforcement. If you received this e-mail in error, please reply to sender and destroy or delete the message and any attachments. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
On Wed, 28 Mar 2012 09:16:29 -0500, Dana Mitchell mitchd...@gmail.com wrote: On Wed, 28 Mar 2012 08:27:44 -0500, Mark Zelden m...@mzelden.com wrote: I tend to agree. Too many shops I know of only upgrade because they don't want to go beyond the EOS date. But as long as we are supposing here. Will they not extend the service discontinued date for 1.11 also? As it stands now, 1.11 goes EOS as of 2012/09/30, but the next release will not be available until approx 2013/09/30. So from 9/2012 to 9/2013, only 1.12 and 1.13 supported? Or will N-2 cease to be the supported coexistance policy? I wouldn't expect so. This new announcement (although not official yet) doesn't change things in respect to z/OS 1.11. It also doesn't keep you from upgrading to z/OS 1.12 or z/OS 1.13 which you should have already been planning or been in the progress of doing based on the known EOS date for 1.11. -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
On Wed, 28 Mar 2012 10:15:26 -0500, Darth Keller darth.kel...@assurant.com wrote: Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech now). I have not worked with MDL (which I think is more of a small shop solution), but I have with DLm.I've also worked with VSM, but it was always backed by physical tape. BTW, the vendor is Oracle now, not Sun. So my understanding is the MDL was the HDS version of the DLM - the Bustech appliance ahead of HDS storage. We have an HDS MDL which uses an AMS2500 for back-end storage. It's also my understanding that the MDL is no longer available as such. HDS now sells the Falconstor's VTL instead. I would consider the DLM the MDL to be roughly equivalent. We are very happy with the performance of the MDL. dd keller Thanks for that clarification. I really don't know the history behind the Bus-tech and I think I used MDL when I shouldn't have to refer to it pre- HDS (or is that not even correct). Was the original just called MAS (Mainframe Appliance for Storage). Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: LE C calling HLASM
Steve Comstock wrote: On 3/23/2012 2:57 PM, Phil Smith wrote: Now for the next question: this allows us to implement variable parameter lists in C, by declaring the functions thus: int SOMEFUNCTION(char *someparm, ...); Is there an equivalent way to do this in PL/I? In the declare of the subroutine, specify the word LIST in the last argument descriptor, for example: dcl avgyx entry (fixed bin(31), fixed decimal(7,2) optional, char (8), list byaddr) options(asm); This indicates there are zero or more arguments from the point of the LIST Then, in the invocation, pass at least as many arguments as arguments before the word LIST and any others you want: call avgyx (test_no, weight, test_name, rand_var, score_low, score_high); Hm. This isn't quite working: Declare THEFN External('THEFN') Entry( Char(*) byaddr, Char(*) byaddr, Fixed Bin(31) byaddr, Char(*) byaddr, Fixed Bin(31) byaddr, Char(*) byaddr ) returns( byvalue Fixed Bin(31) ) options ( nodescriptor ); On compile, this gets RC=4 and: IBM1214I W 35.0A dummy argument will be created for argument number 4 in entry reference VSHPROT. Then it linkedits OK but gets a ABENDU4038 on run. This differs from your recommendation by being an EXTERNAL function; I had to use NODESCRIPTOR because ASM isn't supported for functions, apparently. Ideas? -- ...phsiii Phil Smith III p...@voltage.com Voltage Security, Inc. www.voltage.com (703) 476-4511 (home office) (703) 568-6662 (cell) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
On 3/28/2012 4:41 AM, Alvaro Guirao Lopez wrote: zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14 will be available from 2013 and not 2012, so probably V1R12 will be out of support about from 2014? No. This is incorrect. z/OS 1.11 goes out of support _this_ year... in September 2012. -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
On 3/28/2012 5:08 AM, Bob Shannon wrote: I attended SHARE. I looked at the positions the speakers have at IBM and concluded it's a done deal. Too much horsepower to be sending the wrong message. Jeff Magdall (z/OS Product Development Team Leader) presented this information at the MVS Program Opening, Monday morning at SHARE in Atlanta. I believe he had charts showing all of the EOS dates for currently-supported and expected future releases. His entire presentation was only 10 minutes long. He didn't show any slide long enough for it to sink in. The room was dead quiet. I wonder if he uploaded his presentation to the SHARE proceedings? -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
On 3/28/2012 7:16 AM, Dana Mitchell wrote: But as long as we are supposing here. Will they not extend the service discontinued date for 1.11 also? Asked and answered at the MVS Program Opening in Atlanta. The answer (paraphrased) from Jeff Magdall was, z/OS 1.11 will go out of service as already announced at the end of September 2012. -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years - Vendor Perspective?
Starting a new thread: One of the benefits of this change is supposed to allow shops to focus more on business growth. I do see that as a potential benefit. I can also see it saving money for some of the larger shops that basically spend a year ordering, installing and rolling out a new version - then doing it again the next year. On the negative side, that could also translate to some job cuts if management thinks less work has to be done now. I'm interested in some vendor perspective. Do you see this as a good thing? How much of your development resources are taken up just making changes related to a new OS version or verifying your software functions with a new OS version? Will this allow you to focus more on product enhancements instead of just keeping up with z/OS changes. Do you plan to come out with new releases less often? For example, many of the CA products have changed version or release numbers pretty much in step with new z/OS releases. Obviously some products integrate much more closely with z/OS and internal OS changes than others, so I know the answer is it depends. So I guess I would be more interested in hearing from those vendors that support software that typically does required changes or more extensive testing and verification to support z/OS changes. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
On Wed, 28 Mar 2012 07:29:22 -0400, Shmuel Metz (Seymour J.) shmuel+ibm-m...@patriot.net wrote: . . . That's only a vulnerability if such an SVC exists. You haven't shown that. No SVC in z/OS that I'm aware of has such an STM. It would certainly violate IBM's statement of integrity. I have seen such an SVC, but it would not be the one Ray is talking about as it was locally written. I have no doubt other SVCs with the same problem exist, and it would not surprise me at all if some of them were vendor-supplied. Over a period of about twenty years I found dozens of problems like that. Practically all of them were in software provided by the who's who of mainframe software the guys most of you would call trusted vendors. The problems were often in SVC routines, or more specifically in the SVC frontends that could be found stacked waist-high on a typical system. The problems were usually coding errors of the nature of the R13 STM as described by Ray, however there were even deliberate backdoors. For example, magic SVCs that could return control to the caller in supervisor state, or with JSCBAUTH turned on. Such backdoors may have included some sort of checking to try to prevent misuse, but more often than not the checking could be defeated. Trust me, telling the good guys from the bad guys is very difficult when the bad guys refuse to cooperate. There was a problem of that nature in an early version of a certain IGX... module mentioned in a recent thread here. Of course, the problem is not restricted to SVC routines. I found similar issues all over the place. I have not done anything like that for over ten years now. Does that mean the problem has gone away? I doubt it, even though the last ten years has brought some improvements (for example, preventing allocation of user-key CSA by default). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Assembler - convrssion of Epoch (Unix) time to printable
Thanks guys, Real good stuff, although I hoped for some pure and natural Assembler macro or calling routine solution. I will loot into the various approaches suggested here, and probably will select the easiest one. Thanks again, Arye Shemer. On 27 March 2012 21:43, Mike Schwab mike.a.sch...@gmail.com wrote: http://en.wikipedia.org/wiki/Unix_time 0 is 1970 Jan 01 00:00:00 GMT or UTC (Starting point) 1 is 1970 Jan 01 00:00:01 GMT or UTC (1 second) 60 is 1970 Jan 01 00:01:00 GMT or UTC (1 minute) 3600 is 1970 Jan 01 01:00:00 GMT or UTC (1 hour) 86400 is 1970 Jan 02 00:00:00 GMT or UTC (1 day) 2678400 is 1970 Feb 01 00:00:00 GMT or UTC (31 days) 31536000 is 1971 Jan 01 00:00:00 GMT or UTC (365 days) 315532809 is 1980 Jan 01 00:00:00 GMT or UTC (i3650 days plus 2 leap days plus 9 leap seconds http://en.wikipedia.org/wiki/Leap_second ) On Tue, Mar 27, 2012 at 1:28 PM, Charles Mills charl...@mcn.org wrote: So Gil, you are saying that a UNIX time of, for example, 60, represents 1:34 am on 1/1/1970 -- or represents 0:26 am? (Theoretically -- there were no leap seconds before 1970.) Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Paul Gilmartin Sent: Tuesday, March 27, 2012 6:30 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Assembler - convrssion of Epoch (Unix) time to printable On Tue, 27 Mar 2012 07:47:39 -0500, McKown, John wrote: ..., the UNIX epoch is simply a number. The number of seconds since 00:00:00 GMT 1 Jan 1970. It would be rather easy to convert to -mm-ddThh:mm:ss if it weren't for the leap seconds. Which may or may not be of any interest to you. Not really. In effect, the origin of NTP shifts by one second every time a leap second occurs. It is now 00:00:34 GMT 1 Jan 1970; in a little over 3 months it will be 00:00:35 GMT 1 Jan 1970. http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap04.html ... it is inappropriate to require that a time represented as seconds since the Epoch precisely represent the number of seconds between the referenced time and the Epoch. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
Greetings to All, This link may help - http://www-03.ibm.com/systems/z/os/zos/support/zos_eos_dates.html Linda - Original Message - From: Edward Jaffe edja...@phoenixsoftware.com To: IBM-MAIN@bama.ua.edu Sent: Wednesday, March 28, 2012 11:10:11 AM Subject: Re: z/os every two years On 3/28/2012 7:16 AM, Dana Mitchell wrote: But as long as we are supposing here. Will they not extend the service discontinued date for 1.11 also? Asked and answered at the MVS Program Opening in Atlanta. The answer (paraphrased) from Jeff Magdall was, z/OS 1.11 will go out of service as already announced at the end of September 2012. -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Yes, I believe I have a way to attack a mainframe system where I don't have access. Ray Overby Key Resources, Inc. Ensuring System Integrity for z/Series™ www.zassure.com (312)574-0007 On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote: Ray Overby wrote: I am a vendor so take my post with a grain of salt. For those that don't like vendors to respond stop reading now.. (flame on) I will take your post seriously. I have reviewed you webpage. Very interesting. You confirmed what I suspected, especially after those threads about [mis]use of SVC. One question if you don't mind please: Can you use or prove your point (elevating TSO, suppress SMF, etc) without being given access to a system in the first place? The idea is that you could enter a system and elevate yourself and place somewhere a signature to prove that you could 'white hack' the target system. Just a yes or no, please, because I realize that due to the nature not too much info can be divulged. The ESM products did not stop the TSO user from exploiting this vulnerability. Very true. ESM is just a database. As said many times on RACF-L, it is the caller which call ESM, the ESM decides on what is found in its own database and report back with RC=0/4/8 plus reason codes. It is up to the whatever caller to honour the RC from an ESM. If you are not concerned that your users can crash your z/OS system at any time (maliciously or accidentally) As I have said, it is the INSIDER who are probably the greatest threat. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
The problem is we don't believe. :-) -- Radoslaw Skorupka Lodz, Poland W dniu 2012-03-28 22:45, Ray Overby pisze: Yes, I believe I have a way to attack a mainframe system where I don't have access. Ray Overby Key Resources, Inc. Ensuring System Integrity for z/Series™ www.zassure.com (312)574-0007 On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote: Ray Overby wrote: I am a vendor so take my post with a grain of salt. For those that don't like vendors to respond stop reading now.. (flame on) I will take your post seriously. I have reviewed you webpage. Very interesting. You confirmed what I suspected, especially after those threads about [mis]use of SVC. One question if you don't mind please: Can you use or prove your point (elevating TSO, suppress SMF, etc) without being given access to a system in the first place? The idea is that you could enter a system and elevate yourself and place somewhere a signature to prove that you could 'white hack' the target system. Just a yes or no, please, because I realize that due to the nature not too much info can be divulged. The ESM products did not stop the TSO user from exploiting this vulnerability. Very true. ESM is just a database. As said many times on RACF-L, it is the caller which call ESM, the ESM decides on what is found in its own database and report back with RC=0/4/8 plus reason codes. It is up to the whatever caller to honour the RC from an ESM. If you are not concerned that your users can crash your z/OS system at any time (maliciously or accidentally) As I have said, it is the INSIDER who are probably the greatest threat. -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
Just remember: The only secure computer is the one which is powered down. And likely smashed up by a sledge hammer. John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets® 9151 Boulevard 26 . N. Richland Hills . TX 76010 (817) 255-3225 phone . john.mck...@healthmarkets.com . www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets® is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of R.S. Sent: Wednesday, March 28, 2012 4:14 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Malicious Software Protection The problem is we don't believe. :-) -- Radoslaw Skorupka Lodz, Poland W dniu 2012-03-28 22:45, Ray Overby pisze: Yes, I believe I have a way to attack a mainframe system where I don't have access. Ray Overby Key Resources, Inc. Ensuring System Integrity for z/SeriesT www.zassure.com (312)574-0007 On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote: Ray Overby wrote: I am a vendor so take my post with a grain of salt. For those that don't like vendors to respond stop reading now.. (flame on) I will take your post seriously. I have reviewed you webpage. Very interesting. You confirmed what I suspected, especially after those threads about [mis]use of SVC. One question if you don't mind please: Can you use or prove your point (elevating TSO, suppress SMF, etc) without being given access to a system in the first place? The idea is that you could enter a system and elevate yourself and place somewhere a signature to prove that you could 'white hack' the target system. Just a yes or no, please, because I realize that due to the nature not too much info can be divulged. The ESM products did not stop the TSO user from exploiting this vulnerability. Very true. ESM is just a database. As said many times on RACF-L, it is the caller which call ESM, the ESM decides on what is found in its own database and report back with RC=0/4/8 plus reason codes. It is up to the whatever caller to honour the RC from an ESM. If you are not concerned that your users can crash your z/OS system at any time (maliciously or accidentally) As I have said, it is the INSIDER who are probably the greatest threat. -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions,
Re: Malicious Software Protection
Walt, May the wind be at your back...god bless enjoy your much earned retirement Sent from my iPad Scott Ford Senior Systems Engineer www.identityforge.com On Mar 28, 2012, at 8:28 AM, Walt Farrell wfarr...@us.ibm.com wrote: On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com wrote: The reason I brought up this 'vulnerability' is that we hired a consultant a while back to look for weaknesses. Of course they were able to logon with a vanilla userid that had no special authority. And this is what they did. We all spend a lot of time and mental energy focused on how to protect ourselves from sophisticated attack. We look at APF. We look at SVC screening. We look at access to sensitive libraries. But this particular 'denial of service' can be accomplished by anyone with a valid userid and password. And *only* because we lock up users for invalid password attempts. I'm just sayin'... It's just another form of disaster you have to plan for, Skip. It's easy, for example, to setup an STC that runs with an ID that has SPECIAL, or that is the OWNER of some IDs that have SPECIAL, and have that STC run IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that have SPECIAL. If they all get locked out, you just run the STC and that set of IDs is RESUMED. The STC itself will be able to run, even if its ID has been revoked, and so it provides protection against the issue you're suggesting. But yes, you need to be prepared for this, just as for anything that can compromise your system. (Other alternatives exist, by the way, including emergency copies of the RACF database that you can make available in such an emergency situation, but the STC approach is the simplest, in my opinion. Nonetheless, I would also recommend having an emergency RACF DB available, too, but that also goes along with having emergency system residence volumes available.) -- Walt Farrell IBM STSM, z/OS Security Design (for another half-hour or so) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
On Wed, 28 Mar 2012 23:13:58 +0200, R.S. wrote: The problem is we don't believe. :-) It's easy. Bribe the sysadmin. (FSVO access.) W dniu 2012-03-28 22:45, Ray Overby pisze: Yes, I believe I have a way to attack a mainframe system where I don't have access. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
On Wed, 28 Mar 2012 20:35:03 +, Linda Mooney linda.lst...@comcast.net wrote: This link may help - http://www-03.ibm.com/systems/z/os/zos/support/zos_eos_dates.html Not really. :-) It doesn't take into account the changes that will be announced. It isn't wrong since the z/OS 1.12 date has an asterisks that states that the EOS date is projected, but that date should move to the right. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: z/os every two years
Edward, I mean 2012, thanks for the correction. 2012/3/28 Edward Jaffe edja...@phoenixsoftware.com On 3/28/2012 4:41 AM, Alvaro Guirao Lopez wrote: zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14 will be available from 2013 and not 2012, so probably V1R12 will be out of support about from 2014? No. This is incorrect. z/OS 1.11 goes out of support _this_ year... in September 2012. -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.**com/ http://www.phoenixsoftware.com/ --**--**-- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- Un saludo. Álvaro Guirao -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Malicious Software Protection
W dniu 2012-03-28 23:39, Paul Gilmartin pisze: On Wed, 28 Mar 2012 23:13:58 +0200, R.S. wrote: The problem is we don't believe. :-) It's easy. Bribe the sysadmin. (FSVO access.) That's what I always mention. Bribe or blackmail. The last one is much more efficient IMHO, but both used to work. -- Radoslaw Skorupka Lodz, Poland -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Seven-Digit JES2 Job Number
We recently changed JES2 on a development z/OS LPAR to use seven-digit instead of five-digit job numbers. A coworker pointed out to me what appeared to be an increase in initiator input queue time on the LPAR after the change. My suspicion is that the increase was coincidental, but I have no way of conducting a true benchmark. Has anybody on the list noticed such an effect after converting to seven-digit job numbers? Thanks in advance for your comments. db -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
Darth, You said HDS now sells the Falconstor's VTL instead. To be pedantic, that's not entirely true. We have a lot of successful Falconstore implementations on the dark side of the computer room, but for mainframe you need something that virtualizes mainframe tape drives like Luminex or Secure Agent, and hands off the data to Falconstore. We can use VSP, AMS, or virtualized ACME brand disk as the back store with this solution. Ron -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Darth Keller Sent: Wednesday, March 28, 2012 8:15 AM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] Tapeless solution (IBM or Sun) Enterprise class Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech now). I have not worked with MDL (which I think is more of a small shop solution), but I have with DLm.I've also worked with VSM, but it was always backed by physical tape. BTW, the vendor is Oracle now, not Sun. So my understanding is the MDL was the HDS version of the DLM - the Bustech appliance ahead of HDS storage. We have an HDS MDL which uses an AMS2500 for back-end storage. It's also my understanding that the MDL is no longer available as such. HDS now sells the Falconstor's VTL instead. I would consider the DLM the MDL to be roughly equivalent. We are very happy with the performance of the MDL. dd keller This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Tapeless solution (IBM or Sun) Enterprise class
W dniu 2012-03-29 06:31, Ron Hawkins pisze: Darth, You said HDS now sells the Falconstor's VTL instead. To be pedantic, that's not entirely true. We have a lot of successful Falconstore implementations on the dark side of the computer room, but for mainframe you need something that virtualizes mainframe tape drives like Luminex or Secure Agent, and hands off the data to Falconstore. We can use VSP, AMS, or virtualized ACME brand disk as the back store with this solution. ...or even ACME brand disk + Luminex? vbg -- Radoslaw Skorupka Lodz, Poland -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN