date:20120328

Yes, we know, you're a vendor.
Please name few the most popular viruses for z/OS and two-three AV
programs for z/OS. ;-)))

Intergrity vulnerability - also, please name few popular, please omit
those which stem from administrator mistakes.

The integrity vulnerabilities *could* lead to viruses which would
exploit such vulnerabilities. In other words no vulnerabilities - no
malware, but existence of the hole does not imply existence of virus
exploiting that hole.
Last but not least: AV software is for virus finding, not for hole
clogging. Yes, today AV suites do contain additional modules, even
parent control filters or firewalls, but we don't talk about such
software.

I sustain my opinion: it is not mainframe problem. People who demand
non-existent software to be present are not mainframe problem.

--
Radoslaw Skorupka
Lodz, Poland

W dniu 2012-03-28 00:11, Ray Overby pisze:

Every z/os system today has integrity vulnerabilities on it that if
exploited would allow users with access to that system to crash that
system or bypass installation controls and access any protected resource
on that system regardless of the installed ESM. They would be able to do
so with little to no audit trail.

What part of this is not a mainframe problem?

Ray Overby
Key Resources, Inc.
Ensuring System Integrity for z/Series^(TM)
www.zassure.com
(312)574-0007

On 3/27/2012 13:25 PM, R.S. wrote:

W dniu 2012-03-27 17:06, Greg Dorner pisze:

Dear IBM-MAINers,

Our auditors are insisting that we install a product that protects
against malicious software (viruses, worms, trojans, etc.).

Does anyone know of a product that does this? I heard that McAfee is
coming out with a z/OS product later this year, but I called them
and they had no idea what I was talking about.

z/OS, with proper security controls (and believe me - we have LOTS!)
should not have to worry about such things, at least that's what I've
always heard.

Any input on this topic would be GREATLY appreciated!!

This is NOT mainframe problem.

Indeed, you have problem with uneducated auditors. Maybe stupid ones.
Your problem is how to prove that requirement is both stupid and
impossible to fulfill.

We can provide you some arguments, like
- there are no such products
- there are no viruses, trojans or other malware for z/OS and it have
never been last 47 years. (I said 'z/OS', so the only VM worm does not
count)
- no mainframe installation use such product
- you have RACF *SECURITY SERVER* (or TS or ACF2)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive.

BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax
+48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88.
Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Elardus Engelbrecht

Russell Witt wrote:

To the list of 11 items that Elardus supplied earlier in the day, I would add 
one more. 

[... snipped ...]

Thanks for correcting + adjusting my item. Much appreciated.

I have added it to my list of things to remember.

Please keep up with your valuable posts. :-)

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Fwd: MFNetDisk future

2012-03-28 Thread shai hess

-- Forwarded message --
From: Shai Hess mfnetd...@mfnetdisk.com
Date: Wed, Mar 28, 2012 at 9:02 AM
Subject: MFNetDisk future
To: shai.h...@gmail.com

**
HI,

 In the coming days I will stop to work for IBM as a part time employee.
 IBM makes the move to let me go and I respect it.
 As you know I think that everything is from God and I sure that God make
the good decision for me and I am sure  that this change is the best for me
and in time ( I am 58).
 Better not to wait to old age when my body will be more older and weaker
and maybe not healthier as before to understand that it is now the time
to stop to work and have fun as long as I can do it.
 MFNetDisk was big enjoyment, but working for IBM was duty and not big fun
for me and for my personality.

 About the future of MFNetDisk.
 I will not be able to support alone this product financially anymore, so I
will disable the downloading of this product because I think that I may
stop to support this product. I will take my time and will decide what is
the best for me to do with this product.
 MFNetDisk has success with many small but poor companies (MFNetDisk is
free tape and disk storage and DR solution) but it seem to me that big
companies never try the product that mean that all my customers are poor
and can not pay for this product.
The true is that I never ask them to pay.
So, I know that for some customers I kept their heads  financially  above
the water or I kept their business alive to keep working with MF at all but
I need to think about my family and myself as well. So that is what I will
do in the coming days.

.

Thanks,
God bless you.
Shai Hess, MFNetDisk product.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Elardus Engelbrecht

Ray Overby wrote:

I am a vendor so take my post with a grain of salt. For those that don't like 
vendors to respond stop reading now.. (flame on)

I will take your post seriously. I have reviewed you webpage. Very interesting.

You confirmed what I suspected, especially after those threads about [mis]use 
of SVC.

One question if you don't mind please:

Can you use or prove your point (elevating TSO, suppress SMF, etc) without 
being given access to a system in the first place? The idea is that you could 
enter a system and elevate yourself and place somewhere a signature to prove 
that you could 'white hack' the target system.

Just a yes or no, please, because I realize that due to the nature not too much 
info can be divulged.


The ESM products did not stop the TSO user from exploiting this vulnerability. 

Very true. ESM is just a database.

As said many times on RACF-L, it is the caller which call ESM, the ESM decides 
on what is found in its own database and report back with RC=0/4/8 plus reason 
codes.

It is up to the whatever caller to honour the RC from an ESM.


If you are not concerned that your users can crash your z/OS system at any 
time (maliciously or accidentally)

As I have said, it is the INSIDER who are probably the greatest threat.

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: SMPTLIB receive issue

2012-03-28 Thread Walter Marguccio

 Cant seem to receive new functions, error IKJ56228I DATA SET IBM.HABIA10.F1
 NOT IN CATALOG OR CATALOG CAN NOT BE ACCESSED

are you receiving from tape or from DASD ? 
can you post you receive job ? 



Walter Marguccio
z/OS Systems Programmer
BELENUS LOB Informatic GmbH
Munich - Germany

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Tapeless solution (IBM or Sun) Enterprise class

Hi ALL,

Our shop currently using VTS B20, and planning to either migrate the 7740
(no migration need) or migrate to tapeless 7720 or Sun storageTek VSM
tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless
solution. In market, I think all customer will use tapeless soultion
instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many
thanks

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread Richards, Robert B.

Tommy,

It is NOT true. Different shops have different requirements. We are also 
migrating from a B20 to a 7740 Grid solution in support of high availability, 
continuous operation and disaster recovery needs. One size, or in this case, 
one solution, does not fit all.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Tommy Tsui
Sent: Wednesday, March 28, 2012 7:16 AM
To: IBM-MAIN@bama.ua.edu
Subject: Tapeless solution (IBM or Sun) Enterprise class

Hi ALL,

Our shop currently using VTS B20, and planning to either migrate the 7740
(no migration need) or migrate to tapeless 7720 or Sun storageTek VSM
tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless
solution. In market, I think all customer will use tapeless soultion
instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many
thanks

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Mark Jacobs

Does anyone know when zOS 1.12 will go out of support? I was planning to 
go to zOS 1.14 from 1.12, but seeing this new release schedule might 
make me reassess my plan.


Mark Jacobs

On 03/27/12 23:24, Skip Robinson wrote:

We heard it stated at SHARE so often by so many very well-placed IBM folks
that it's inconceivable that it will transpire otherwise.

.
.
JO.Skip Robinson
SCE Infrastructure Technology Services
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
626-302-7535 Office
323-715-0595 Mobile
jo.skip.robin...@sce.com



From:   Mike Schwabmike.a.sch...@gmail.com
To: IBM-MAIN@bama.ua.edu
Date:   03/27/2012 06:09 PM
Subject:Re: z/os every two years
Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu



Not official.  But plan on it.  Official releases in Sept of odd years.

On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com  wrote:
   

Does anyone know when IBM is going to make this official? It is
 

official?
   

I am putting together 2013 projects and we normally up to now did
 

upgrades
   

once a year.


 

http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/

   

Andy S. White
 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

   



--
Mark Jacobs
Time Customer Service
Tampa, FL


Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

In 4f724ce6.9030...@kr-inc.com, on 03/27/2012
   at 06:27 PM, Ray Overby ray.ove...@kr-inc.com said:

Lets say there is a SVC that when you IPL your z/OS system it is 
installed and available for use (i.e - any one can issue the SVC).
The  SVC either came with z/OS or your system programmers installed
it  because of an ISV product your company purchased or its an
in-house  written program. For this example lets assume one of your
TSO users will  attempt to exploit this vulnerability.

You're begging the question; you haven't mentioned a vulberability
yet.

Like any SVC when invoked it will get control in an authorized state
 (PSW Key 0). Further this SVC issues a STM instruction very early
in the SVC code storing into where ever R13 points to.

That's only a vulnerability if such an SVC exists. You haven't shown
that. No SVC in z/OS that I'm aware of has such an STM. It would
certainly violate IBM's statement of integrity.

This type of defect is easily exploited

Only if it exists.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

In
e84242463cbb7d4b9caf90e1fb2883985742dac...@egpcmbx01.egpcore.egp.qld.gov.au,
on 03/28/2012
   at 04:20 PM, Mark Douglas (CITEC) mark.doug...@citec.com.au
said:

That Xmas EXEC story was still hot news at IBM Sydney in Christmas
1989. They warned us not to code such inadvertent viruses (pardon,
virii) despite the best of intentions by its author.

It was a worm rather than a virus.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

In 4f72714f.50...@kr-inc.com, on 03/27/2012
   at 09:02 PM, Ray Overby ray.ove...@kr-inc.com said:

There are many reasons for these types of defects. The 
programmer(s) in  these cases to the best of my knowledge were 
actually very experienced z/OS developers.

Yes, but did they learn anything from their experience. I'm with
Gerhard; that code should never have gotten past code review and casts
serious doubts on the competence of the author.

Very competent people.

Not if they write code such as you described.

Even then it only takes a single error

Why the quotes? It *is* an error, and a serious one.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: SMPTLIB receive issue

In 95949d394b82e6478ba63b7920f3e...@mail.cenhud.com, on 03/27/2012
   at 12:58 PM, Tim Brown tbr...@cenhud.com said:

IBM is a valid prefix,

Not from what you've written.

it's a result of the RFDSNPFX in the function source

That makes it expected; it doesn't make it valid. Have you defined the
alias IBM? Do you have security rules in place for it?
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

In 4f720628.8070...@bremultibank.com.pl, on 03/27/2012
   at 08:25 PM, R.S. r.skoru...@bremultibank.com.pl said:

- there are no viruses, trojans or other malware for z/OS and it 
have never been last 47 years.

Nonsense. OS/360 was a swiss cheese.

 07F0
 0A0C 
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/OS ftp and Unicode

In 1000645908993586.wa.paulgboulderaim@bama.ua.edu, on
03/27/2012
   at 01:03 PM, Paul Gilmartin paulgboul...@aim.com said:

WTF!?  Didn't Shmuel tell us that UTF-8 contains all of Unicode?

Yes, but I said nothiong about either IBM-424 or IBM-1047. Is there an
easy way to find what code point it's choking on? Also, I thought that
you wanted to tramslate IBM-424 to UTF-8, not UTF-8 to IBM-424.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread George Rodriguez

Hi Tommy,

I'm using a TS7720 with 2 3592 tape drives. The biggest issues with the
unit had to do with whatever tape management system you'll use. I'm using
TLMS and I finally got all the pieces to work together.

I'm also a big user if DFSMShsm and recalling tapes is really fast when
bring back datasets that have been migrated to ML2. I also purchased a
product called CA-CopyCat to take certain datasets on virtual tapes and
create a single 3592 cartridge for off-site storage.

One issue to worry about is disaster recovery. The best and the most
expensive solution for that is to have 2 TS7720; one at your shop and the
other at the DR site, then recovery is a snap.
*
*
*George Rodriguez*
*Specialist II - IT Solutions*
*Application Support / Quality Assurance*
*PX - 47652*
*(561) 357-7652 (office)*
*(561) 707-3496 (mobile)*
*School District of Palm Beach County*
*3348 Forest Hill Blvd.*
*Room B-251*
*West Palm Beach, FL. 33406-5869*
*Florida's Only A-Rated Urban District For Seven Consecutive Years*



On Wed, Mar 28, 2012 at 7:16 AM, Tommy Tsui tommyt...@gmail.com wrote:

 Hi ALL,

 Our shop currently using VTS B20, and planning to either migrate the 7740
 (no migration need) or migrate to tapeless 7720 or Sun storageTek VSM
 tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless
 solution. In market, I think all customer will use tapeless soultion
 instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many
 thanks

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN


Home of Florida's first LEED Gold Certified School

Under Florida law, e-mail addresses are public records. If you do not want your 
e-mail address
released in response to a public records request, do not send electronic mail 
to this entity. 
Instead, contact this office by phone or in writing.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: LE enclave calls another LE enclave

In 4f71e7c6.7080...@t-online.de, on 03/27/2012
   at 06:16 PM, Bernd Oppolzer bernd.oppol...@t-online.de said:

all works well, if the test object is a PL/1 subroutine and not a
main program.

How do you invoke the MAIN? CALL? LINK? ATTACH? 
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

In 2664962449864714.wa.gdornerwpsic@bama.ua.edu, on 03/27/2012
   at 10:06 AM, Greg Dorner gdor...@wpsic.com said:

Our auditors are insisting that we install a product that protects
against malicious software (viruses, worms, trojans, etc.).

What are the politics? Are the auditors willing to assume liability if
the hypothetical package is itself a security problem?
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Richards, Robert B.

September 2013, but not officially announced.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Mark Jacobs
Sent: Wednesday, March 28, 2012 7:35 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: z/os every two years

Does anyone know when zOS 1.12 will go out of support? I was planning to 
go to zOS 1.14 from 1.12, but seeing this new release schedule might 
make me reassess my plan.

Mark Jacobs

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Alvaro Guirao Lopez

zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14
will be available from 2013 and not 2012, so probably V1R12 will be out of
support about from 2014?

2012/3/28 Mark Jacobs mark.jac...@custserv.com

Does anyone know when zOS 1.12 will go out of support? I was planning to
go to zOS 1.14 from 1.12, but seeing this new release schedule might make
me reassess my plan.

Mark Jacobs

On 03/27/12 23:24, Skip Robinson wrote:

We heard it stated at SHARE so often by so many very well-placed IBM folks
that it's inconceivable that it will transpire otherwise.

.
.
JO.Skip Robinson
SCE Infrastructure Technology Services
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
626-302-7535 Office
323-715-0595 Mobile
jo.skip.robin...@sce.com

From: Mike Schwabmike.a.sch...@gmail.com**
To: IBM-MAIN@bama.ua.edu
Date: 03/27/2012 06:09 PM
Subject:Re: z/os every two years
Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu

Not official. But plan on it. Official releases in Sept of odd years.

On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com wrote:

Does anyone know when IBM is going to make this official? It is

official?

I am putting together 2013 projects and we normally up to now did

upgrades

once a year.

http://blogs.realdolmen.com/**experts/2012/03/13/a-new-zos-**
release-every-2-year/http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/

Andy S. White

--**--**
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
Mark Jacobs
Time Customer Service
Tampa, FL

Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--**--**--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
Un saludo.
Álvaro Guirao

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Mark Jacobs

A good guess, but until there's an official notification I can't plan on 
supposition.


Mark Jacobs

On 03/28/12 07:41, Alvaro Guirao Lopez wrote:

zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14
will be available from 2013 and not 2012, so probably V1R12 will be out of
support about from 2014?

2012/3/28 Mark Jacobsmark.jac...@custserv.com

   

Does anyone know when zOS 1.12 will go out of support? I was planning to
go to zOS 1.14 from 1.12, but seeing this new release schedule might make
me reassess my plan.

Mark Jacobs


On 03/27/12 23:24, Skip Robinson wrote:

 

We heard it stated at SHARE so often by so many very well-placed IBM folks
that it's inconceivable that it will transpire otherwise.

.
.
JO.Skip Robinson
SCE Infrastructure Technology Services
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
626-302-7535 Office
323-715-0595 Mobile
jo.skip.robin...@sce.com



From:   Mike Schwabmike.a.sch...@gmail.com**
To: IBM-MAIN@bama.ua.edu
Date:   03/27/2012 06:09 PM
Subject:Re: z/os every two years
Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu



Not official.  But plan on it.  Official releases in Sept of odd years.

On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com   wrote:


   

Does anyone know when IBM is going to make this official? It is


 

official?


   

I am putting together 2013 projects and we normally up to now did


 

upgrades


   

once a year.




 

http://blogs.realdolmen.com/**experts/2012/03/13/a-new-zos-**
release-every-2-year/http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/



   

Andy S. White


 

--**--**
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN



   


--
Mark Jacobs
Time Customer Service
Tampa, FL


Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein


--**--**--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

 



   



--
Mark Jacobs
Time Customer Service
Tampa, FL


Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Alvaro Guirao Lopez

I agree

2012/3/28 Mark Jacobs mark.jac...@custserv.com

A good guess, but until there's an official notification I can't plan on
supposition.

Mark Jacobs

On 03/28/12 07:41, Alvaro Guirao Lopez wrote:

zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14
will be available from 2013 and not 2012, so probably V1R12 will be out of
support about from 2014?

2012/3/28 Mark Jacobsmark.jacobs@custserv.**commark.jac...@custserv.com

Does anyone know when zOS 1.12 will go out of support? I was planning to
go to zOS 1.14 from 1.12, but seeing this new release schedule might make
me reassess my plan.

Mark Jacobs

On 03/27/12 23:24, Skip Robinson wrote:

We heard it stated at SHARE so often by so many very well-placed IBM
folks
that it's inconceivable that it will transpire otherwise.

.
.
JO.Skip Robinson
SCE Infrastructure Technology Services
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
626-302-7535 Office
323-715-0595 Mobile
jo.skip.robin...@sce.com

From: Mike Schwabmike.a.sch...@gmail.com

To: IBM-MAIN@bama.ua.edu
Date: 03/27/2012 06:09 PM
Subject:Re: z/os every two years
Sent by:IBM Mainframe Discussion ListIBM-MAIN@bama.ua.edu

Not official. But plan on it. Official releases in Sept of odd years.

On Tue, Mar 27, 2012 at 7:17 PM, Andy Whiteawh...@metlife.com
wrote:

Does anyone know when IBM is going to make this official? It is

official?

I am putting together 2013 projects and we normally up to now did

upgrades

once a year.

http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-http://blogs.realdolmen.com/**experts/2012/03/13/a-new-zos-**
release-every-2-year/http://**blogs.realdolmen.com/experts/**
2012/03/13/a-new-zos-release-**every-2-year/http://blogs.realdolmen.com/experts/2012/03/13/a-new-zos-release-every-2-year/

Andy S. White

--**--**

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
Mark Jacobs
Time Customer Service
Tampa, FL

Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--**
--**--

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
Mark Jacobs
Time Customer Service
Tampa, FL

Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--**--**--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
Un saludo.
Álvaro Guirao

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: LE enclave calls another LE enclave

2012-03-28 Thread Miklos Szigetvari


Hi

Probably no exact your case

We had a C++ application main program (LE enclave), we got some errors 
as tried to call from COBOL LE


We inserted a small  LE conform assembler routine between the COBOL and 
C++, it issued a BPX1SDD DUB process and

an ATTACH to attach the C++ main program .


It is working in this way with COBOL and C++

On 3/27/2012 6:16 PM, Bernd Oppolzer wrote:

Hello all,

we have a problem that is not easy to describe. Let me try it.

We are building a test supporting system, which allows to do tests of 
software

components. The system consists of the following modules or parts:

A - driver, written in ASSEMBLER. The driver builds a LE enclave, so 
that it
can call C subfunctions and the test objects, which are (normally) 
PL/1 routines


B - driver supporting routine, written in C. This routine provides 
services OPEN,
WRITE and CLOSE. It is called by the driver. On OPEN, it fetches a 
testcase list
from the testcase database and builds a linked list in memory (in the 
LE heap).
It also opens a log file for writing. On WRITE, it writes some 
protocol data

on the log file. On CLOSE, it closes the log file.

C - driver exit, written in ASSEMBLER. It is called at the beginning 
of the test object
(at the entry point) by means of TRAP2 interrupts. It has access to 
the testcase list
element that B took from the testcase database for the current 
testcase. It then calls
D, passing the address of the testcase list element. D reads the 
testcase data,
builds a parameter list for the testcase, and returns a parameter 
list. Then the
driver exits resumes the test object at the position of the entry 
point (this way

the test data is passed to the test object).

D - is a C routine which reads the data from the testcase data base 
and builds the
parameter list for the test object - because this is much easier to do 
in C than in

ASSEMBLER.

Now the problem:

all works well, if the test object is a PL/1 subroutine and not a main 
program. Then
the LE enclave built by A is used by B, passed to the test object, and 
used by D as well.
There is no problem passing the LE environment through the TRAP2 
interrupt.


But:

we also want to be able to test PL/1 main programs this way. The PL/1 
main programs
are called by the driver the same way as the modules are called, but 
because they are
started at CEESTART, a second LE enclave below the first enclave is 
built. Then C and
D run below the second enclave. This is no problem so far, because 
there is no need
to share ressources between the two enclaves; the only information 
exchange is through
the testcase list element which belongs to the heap of the first 
enclave, and this is no problem,

in our opinion.

But:

when we return from the test object and we try to execute the WRITE 
call to B in the

first enclave, it fails in the prologue of B.

We first thought that reg 12 had not be restored correctly, but this 
is not the case.
Reg 12 is the same as before the call of the PL/1 main, points to the 
original CEECAA.
Also, the save area (including NAB etc, the words behind offsets 72) 
are unchanged.
But still, we get abends 0C4 etc. in the prologue of B. But only in 
the PL/1 main case,

if there is a second enclave, not in the other case.

We fixed this problem by doing the WRITE and CLOSE calls not in the 
same (first)
enclave as the OPEN call, but instead we did all the subsequent calls 
by an intermediate
PL/1 main, that is: after the PL/1 test object main destroyed somehow 
our first enclave,
we didn't use it any more, but instead constructed new enclaves for 
every subsequent

call at the same level. But this doesn't look very sound to me.

My question is: has somebody out there an idea, what has happened here 
and what
might be a solution to our problem? Is it possible to have one LE 
enclave call another
and on return from the second still have the first one usable? What 
are we getting wrong?


Kind regards

Bernd

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread van der Grijn, Bart (B)

Check with your IBM rep, they should be able to share more info. There is an 
internal document that has a FAQ. Some specifics that address the questions 
asked: 

- The announcement should follow in 60 days (I assume starting from 12-Mar)

- Support for 1.12 and 1.13 will be extended to bridge customers to new release 
cycles. N-2 compatibility will remain. 

To me this suggest 1.12 will go out of support no sooner than 1.15 (or whatever 
it will be called) availability, which would seem to be the 2nd half of 2014 
(that's my interpretation, it wasn't explicitly stated in the communication).

Bart



-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Alvaro Guirao Lopez
Sent: Wednesday, March 28, 2012 7:41 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: z/os every two years

zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14
will be available from 2013 and not 2012, so probably V1R12 will be out of
support about from 2014?

2012/3/28 Mark Jacobs mark.jac...@custserv.com

 Does anyone know when zOS 1.12 will go out of support? I was planning to
 go to zOS 1.14 from 1.12, but seeing this new release schedule might make
 me reassess my plan.

 Mark Jacobs


 On 03/27/12 23:24, Skip Robinson wrote:

 We heard it stated at SHARE so often by so many very well-placed IBM folks
 that it's inconceivable that it will transpire otherwise.

 .

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Bob Shannon

 A good guess, but until there's an official notification I can't plan on 
 supposition.

Then you will be wrong. In this case plan on supposition.

Bob Shannon
Rocket Software

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

What I concerns are:
1. Tape still have life time, if 1TB tape damage then we need more time to
re-built or re-create it, except you implement dual copy or PPRC VTS and it
cost you more.
2. Tape migration is my concern, I think disk to disk migration is more
faster solution. I can't find any migration approach for B20 to TS7740 or
TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read
all  tapes to cache and copy back to other tape subsystem
3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a
new model comes and we need to preform another migrationcopy again and
again from tape to another tape system because of new drives.TRUE

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Mark Jacobs


Methinks you have inside information :-)


On 03/28/12 07:58, Bob Shannon wrote:

A good guess, but until there's an official notification I can't plan on 
supposition.
 

Then you will be wrong. In this case plan on supposition.

Bob Shannon
Rocket Software

   

--
Mark Jacobs
Time Customer Service
Tampa, FL


Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread Richards, Robert B.

Add Tivoli Tape Optimizer to your list of migration utilities.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Tommy Tsui
Sent: Wednesday, March 28, 2012 7:59 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Tapeless solution (IBM or Sun) Enterprise class

What I concerns are:
1. Tape still have life time, if 1TB tape damage then we need more time to
re-built or re-create it, except you implement dual copy or PPRC VTS and it
cost you more.
2. Tape migration is my concern, I think disk to disk migration is more
faster solution. I can't find any migration approach for B20 to TS7740 or
TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read
all  tapes to cache and copy back to other tape subsystem
3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a
new model comes and we need to preform another migrationcopy again and
again from tape to another tape system because of new drives.TRUE

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Bob Shannon

I attended SHARE. I looked at the positions the speakers have at IBM and 
concluded it's a done deal. Too much horsepower to be sending the wrong message.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Mark Jacobs
Sent: Wednesday, March 28, 2012 8:03 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: z/os every two years

Methinks you have inside information :-)

On 03/28/12 07:58, Bob Shannon wrote:
 A good guess, but until there's an official notification I can't plan on 
 supposition.

 Then you will be wrong. In this case plan on supposition.

 Bob Shannon
 Rocket Software

--
Mark Jacobs
Time Customer Service
Tampa, FL

Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

Tommy Tsui tommyt...@gmail.com wrote in message
news:cal96cms6abxwrwjtdlozcqjhzo-wbtxokdu-ws2hdmltfwu...@mail.gmail.com
...
 What I concerns are:
 1. Tape still have life time, if 1TB tape damage then we need more
time to
 re-built or re-create it, except you implement dual copy or PPRC VTS
and it
 cost you more.

Can you really recreate all your data on tape??? If not, you need
duplication in some form.

 2. Tape migration is my concern, I think disk to disk migration is
more
 faster solution. I can't find any migration approach for B20 to TS7740
or
 TS7740 to another new model, except using COPYCAT or TAPECOPY utility,
read
 all  tapes to cache and copy back to other tape subsystem

Both 7720 and 7740 run at Ficon speed. The 7720 and 7740 will write to
the disk cache and the 7720 will destage asynchroneously.

 3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If
a
 new model comes and we need to preform another migrationcopy again
and
 again from tape to another tape system because of new drives.TRUE
 

This also holds for disk-only systems. You cannot move the SATA drives
from your old to your new tape system.

Kees.


 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Veilleux, Jon L

I agree that it is a done deal, however that I think it IS the wrong message. 
Too many users have based their procedures on the current schedule and waiting 
two years for new releases will just slow down the implementation of new 
functions. The cant that 'many users can't upgrade every year so we will help 
them by changing to every two years' doesn't pass muster. This will make those 
users upgrade every four years now and penalize those who do attempt to stay 
current.
I don't like it.
Just my ranting for the day,
Jon  

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Bob Shannon
Sent: Wednesday, March 28, 2012 8:08 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: z/os every two years

I attended SHARE. I looked at the positions the speakers have at IBM and 
concluded it's a done deal. Too much horsepower to be sending the wrong message.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Mark Jacobs
Sent: Wednesday, March 28, 2012 8:03 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: z/os every two years

Methinks you have inside information :-)


On 03/28/12 07:58, Bob Shannon wrote:
 A good guess, but until there's an official notification I can't plan on 
 supposition.
  
 Then you will be wrong. In this case plan on supposition.

 Bob Shannon
 Rocket Software


--
Mark Jacobs
Time Customer Service
Tampa, FL


Learn from yesterday, live for today, hope for tomorrow.
The important thing is to not stop questioning.

- Albert Einstein

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@bama.ua.edu with the message: INFO IBM-MAIN
This e-mail may contain confidential or privileged information. If
you think you have received this e-mail in error, please advise the
sender by reply e-mail and then delete this e-mail immediately.
Thank you. Aetna   

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread Russell Witt

While you do need to use some type of tape copy utilities to move from a B20
to a TS7740; you also would have to use some type of dasd copy utility to
move from one dasd subsystem to another UNLESS you stay within the same
product line (they often have some upgrade utilities that make migration
within the same vendor easier to handle). Granted, the dasd copy utilities
now allow using flashcopy and other such techniques to improve performance -
but that means you have a second copy of the file on the original device AS
you are making a third copy on the new device (just how many copies do you
want to make to move the data?).

You are also mistaken in item 3; a TS1140 can read TS1120 and TS1130 tapes;
and TS1130 can read TS1120 tapes. The direction from IBM is to read/write in
the new format AND the -1 format; and to read both the -1 and -2 formats. So
there is a lot of backward migration.

And then there is the subject of how long a dasd box will last and how long
a tape system will remain in effect. Since you are currently using a B20, I
wonder just how old that unit is?

Russell Witt
CA 1 L2 Support Manager

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf
Of Tommy Tsui
Sent: Wednesday, March 28, 2012 6:59 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Tapeless solution (IBM or Sun) Enterprise class

What I concerns are:
1. Tape still have life time, if 1TB tape damage then we need more time to
re-built or re-create it, except you implement dual copy or PPRC VTS and it
cost you more.
2. Tape migration is my concern, I think disk to disk migration is more
faster solution. I can't find any migration approach for B20 to TS7740 or
TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read
all  tapes to cache and copy back to other tape subsystem 3. IBM Tape drives
cannot read each other, TS1120, TS1130, TS1140...If a new model comes and we
need to preform another migrationcopy again and again from tape to
another tape system because of new drives.TRUE

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email
to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

W dniu 2012-03-28 13:58, Tommy Tsui pisze:

What I concerns are:
1. Tape still have life time, if 1TB tape damage then we need more time to
re-built or re-create it, except you implement dual copy or PPRC VTS and it
cost you more.
Tape (real one) can be duplexed. In that case you can read data just
after the tape failed. BTDT.
For large amounts of data real tape is much cheaper and more scalable
than virtual tape on disk. It is true, it has been true for years. The
only change is treshold, a definition of large amount.

2. Tape migration is my concern, I think disk to disk migration is more
faster solution. I can't find any migration approach for B20 to TS7740 or
TS7740 to another new model, except using COPYCAT or TAPECOPY utility, read
all tapes to cache and copy back to other tape subsystem
I see no problem with migration from tape to tape, even incompatible
ones like STK and IBM. BTDT.

3. IBM Tape drives cannot read each other, TS1120, TS1130, TS1140...If a
new model comes and we need to preform another migrationcopy again and
again from tape to another tape system because of new drives.TRUE
Not true. There is some compatibility window, wider for R/O, more narrow
for Read/Write. Compatibility window of IBM is similar to STK.

--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Walt Farrell

On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com 
wrote:

The reason I brought up this 'vulnerability' is that we hired a consultant
a while back to look for weaknesses. Of course they were able to logon
with a vanilla userid that had no special authority. And this is what they
did.

We all spend a lot of time and mental energy focused on how to protect
ourselves from sophisticated attack. We look at APF. We look at SVC
screening. We look at access to sensitive libraries. But this particular
'denial of service' can be accomplished by anyone with a valid userid and
password. And *only* because we lock up users for invalid password
attempts. I'm just sayin'...

It's just another form of disaster you have to plan for, Skip.

It's easy, for example, to setup an STC that runs with an ID that has SPECIAL, 
or that is the OWNER of some IDs that have SPECIAL, and have that STC run 
IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that have 
SPECIAL.

If they all get locked out, you just run the STC and that set of IDs is 
RESUMED. 

The STC itself will be able to run, even if its ID has been revoked, and so it 
provides protection against the issue you're suggesting.

But yes, you need to be prepared for this, just as for anything that can 
compromise your system.

(Other alternatives exist, by the way, including emergency copies of the RACF 
database that you can make available in such an emergency situation, but the 
STC approach is the simplest, in my opinion. Nonetheless, I would also 
recommend having an emergency RACF DB available, too, but that also goes along 
with having emergency system residence volumes available.)

-- 
Walt Farrell
IBM STSM, z/OS Security Design (for another half-hour or so)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread McKown, John

Of course not! Most auditors that I've had the misfortune to interact with 
directly are like politicians. They have the bright ideas based on 
fundamental truths. But if they don't work, it's because the people who 
implemented them (us) are idiots and incompetents.

--
John McKown 
Systems Engineer IV
IT

Administrative Services Group

HealthMarkets(r)

9151 Boulevard 26 * N. Richland Hills * TX 76010
(817) 255-3225 phone * 
john.mck...@healthmarkets.com * www.HealthMarkets.com

Confidentiality Notice: This e-mail message may contain confidential or 
proprietary information. If you are not the intended recipient, please contact 
the sender by reply e-mail and destroy all copies of the original message. 
HealthMarkets(r) is the brand name for products underwritten and issued by the 
insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance 
Company(r), Mid-West National Life Insurance Company of TennesseeSM and The 
MEGA Life and Health Insurance Company.SM

 

 -Original Message-
 From: IBM Mainframe Discussion List 
 [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Shmuel Metz (Seymour J.)
 Sent: Tuesday, March 27, 2012 8:09 PM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: Malicious Software Protection
 
 In 2664962449864714.wa.gdornerwpsic@bama.ua.edu, on 03/27/2012
at 10:06 AM, Greg Dorner gdor...@wpsic.com said:
 
 Our auditors are insisting that we install a product that protects
 against malicious software (viruses, worms, trojans, etc.).
 
 What are the politics? Are the auditors willing to assume liability if
 the hypothetical package is itself a security problem?
  
 -- 
  Shmuel (Seymour J.) Metz, SysProg and JOAT
  ISO position; see http://patriot.net/~shmuel/resume/brief.html 
 We don't care. We don't have to care, we're Congress.
 (S877: The Shut up and Eat Your spam act of 2003)
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

Our shop use B20 almost 5 years and sometime the IBM CE will notify me the
tape cannot be recovered or  the Gripper cannot move , some time need to
reboot the library console and re-inventory again. Any problems when use
VTS 7720? anyone can share?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

We have 2 7720 clusters in a grid configuration and are very happy with
it.

Kees.

Tommy Tsui tommyt...@gmail.com wrote in message
news:CAL96CmvY959T=nq+3C5h24w2isgSsajj6=ly+zzzmuv9dyo...@mail.gmail.com
...
 Our shop use B20 almost 5 years and sometime the IBM CE will notify me
the
 tape cannot be recovered or  the Gripper cannot move , some time need
to
 reboot the library console and re-inventory again. Any problems when
use
 VTS 7720? anyone can share?
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: SMPTLIB receive issue

2012-03-28 Thread Tim Brown

All is working, I got it to work differently!!

We had downloaded all the function files HABIA10.F1, since the original package 
was in pax.z format, so I just renamed them all to what SMPE was expecting.


SMPE.IBM.HABIA10.F1
SMPE.IBM.HABIA10.F2
SMPE.IBM.HABIA10.F3


And the receive worked. Never seen this with SMP/E and I have been using it 
since the 80's

Thanks,
 
Tim Brown
Supervisor Computer Operations 
Central Hudson Gas  Electric
284 South Ave
Poughkeepsie, NY 12601
Email: tbr...@cenhud.com mailto:tbr...@cenhud.com
Phone: 845-486-5643
Fax: 845-486-5921
Cell: 845-235-4255
 


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Shmuel Metz (Seymour J.)
Sent: Tuesday, 27 March, 2012 9:33 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: SMPTLIB receive issue

In 95949d394b82e6478ba63b7920f3e...@mail.cenhud.com, on 03/27/2012
   at 12:58 PM, Tim Brown tbr...@cenhud.com said:

IBM is a valid prefix,

Not from what you've written.

it's a result of the RFDSNPFX in the function source

That makes it expected; it doesn't make it valid. Have you defined the
alias IBM? Do you have security rules in place for it?
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread Michael Wickman

Ditto for us.

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Vernooij, CP - SPLXM
Sent: Wednesday, March 28, 2012 7:40 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: [IBM-MAIN] Tapeless solution (IBM or Sun) Enterprise class

We have 2 7720 clusters in a grid configuration and are very happy with
it.

Kees.

Tommy Tsui tommyt...@gmail.com wrote in message
news:CAL96CmvY959T=nq+3C5h24w2isgSsajj6=ly+zzzmuv9dyo...@mail.gmail.com
...
 Our shop use B20 almost 5 years and sometime the IBM CE will notify me
the
 tape cannot be recovered or  the Gripper cannot move , some time need
to
 reboot the library console and re-inventory again. Any problems when
use
 VTS 7720? anyone can share?

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

font size=1
div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 
1.0pt 0in'
/div
This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system.
/font

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

For those few of you that also run zTPF: this OS is very sensitive to
slight abnormalties and IBM tested and certified the TS7720 with zTPF
and we still found some problems in the beginning, that were solved
working with IBM. You should be careful with other vendors that have not
proven their device with zTPF (or even don't know the word at all).

Kees.

Vernooij, CP - SPLXM kees.verno...@klm.com wrote in message
news:ce3ffbb7e42033469ef752a1d8a19ba10216f...@kl1221tc.cs.ad.klmcorp.ne
t...
 We have 2 7720 clusters in a grid configuration and are very happy
with
 it.
 
 Kees.
 
 Tommy Tsui tommyt...@gmail.com wrote in message

news:CAL96CmvY959T=nq+3C5h24w2isgSsajj6=ly+zzzmuv9dyo...@mail.gmail.com
 ...
  Our shop use B20 almost 5 years and sometime the IBM CE will notify
me
 the
  tape cannot be recovered or  the Gripper cannot move , some time
need
 to
  reboot the library console and re-inventory again. Any problems when
 use
  VTS 7720? anyone can share?
  
 
--
  For IBM-MAIN subscribe / signoff / archive access instructions,
  send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
 
 For information, services and offers, please visit our web site:
http://www.klm.com. This e-mail and any attachment may contain
confidential and privileged material intended for the addressee only. If
you are not the addressee, you are notified that no part of the e-mail
or any attachment may be disclosed, copied or distributed, and that any
other action related to this e-mail or attachment is strictly
prohibited, and may be unlawful. If you have received this e-mail by
error, please notify the sender immediately by return e-mail, and delete
this message. 
 
 Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or
its employees shall not be liable for the incorrect or incomplete
transmission of this e-mail or any attachments, nor responsible for any
delay in receipt. 
 Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal
Dutch Airlines) is registered in Amstelveen, The Netherlands, with
registered number 33014286
 
   
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

On Wed, 28 Mar 2012 08:16:34 -0400, Veilleux, Jon L veilleu...@aetna.com 
wrote:

I agree that it is a done deal, however that I think it IS the wrong message. 
Too many users have based their procedures on the current schedule and waiting 
two years for new releases will just slow down the implementation of new 
functions. The cant that 'many users can't upgrade every year so we will help 
them by changing to every two years' doesn't pass muster. This will make those 
users upgrade every four years now and penalize those who do attempt to stay 
current.
I don't like it.
Just my ranting for the day,
Jon


I tend to agree.  Too many shops I know of only upgrade because they don't
want to go beyond the EOS date.

What I wanted was an extra 6 months added to EOS.   So if a release was
skipped (for whatever reason) you weren't running up against the Sept. EOS
date of the running release or year end freezes if there were any delays in 
installation and roll out of the new release.

Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS   
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html 
Systems Programming expert at http://expertanswercenter.techtarget.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Sam Siegel

Walt - good luck in retirement. 

Love the final signature line.

Sam
Sent from my Verizon Wireless BlackBerry

-Original Message-
From: Walt Farrell wfarr...@us.ibm.com
Sender: IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu
Date: Wed, 28 Mar 2012 07:28:58 
To: IBM-MAIN@bama.ua.edu
Reply-To: IBM Mainframe Discussion List IBM-MAIN@bama.ua.edu
Subject: Re: Malicious Software Protection

On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com 
wrote:

The reason I brought up this 'vulnerability' is that we hired a consultant
a while back to look for weaknesses. Of course they were able to logon
with a vanilla userid that had no special authority. And this is what they
did.

We all spend a lot of time and mental energy focused on how to protect
ourselves from sophisticated attack. We look at APF. We look at SVC
screening. We look at access to sensitive libraries. But this particular
'denial of service' can be accomplished by anyone with a valid userid and
password. And *only* because we lock up users for invalid password
attempts. I'm just sayin'...

It's just another form of disaster you have to plan for, Skip.

It's easy, for example, to setup an STC that runs with an ID that has SPECIAL, 
or that is the OWNER of some IDs that have SPECIAL, and have that STC run 
IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that have 
SPECIAL.

If they all get locked out, you just run the STC and that set of IDs is 
RESUMED. 

The STC itself will be able to run, even if its ID has been revoked, and so it 
provides protection against the issue you're suggesting.

But yes, you need to be prepared for this, just as for anything that can 
compromise your system.

(Other alternatives exist, by the way, including emergency copies of the RACF 
database that you can make available in such an emergency situation, but the 
STC approach is the simplest, in my opinion. Nonetheless, I would also 
recommend having an emergency RACF DB available, too, but that also goes along 
with having emergency system residence volumes available.)

-- 
Walt Farrell
IBM STSM, z/OS Security Design (for another half-hour or so)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: SMPTLIB receive issue

2012-03-28 Thread Kurt Quackenbush


Cant seem to receive new functions, error IKJ56228I DATA SET IBM.HABIA10.F1
NOT IN CATALOG OR CATALOG CAN NOT BE ACCESSED


are you receiving from tape or from DASD ?
can you post you receive job ?


I suspect you are trying to receive from DASD.  If so, what is the name 
of your RELFILE data set?  Perhaps you need to specify the RFPREFIX 
operand on the RECEIVE command.


Kurt Quackenbush -- IBM, SMP/E Development

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

On Wed, 28 Mar 2012 19:16:01 +0800, Tommy Tsui tommyt...@gmail.com wrote:

Hi ALL,

Our shop currently using VTS B20, and planning to either migrate the 7740
(no migration need) or migrate to tapeless 7720 or Sun storageTek VSM
tapeless solution. Any shop using 7740 or 7720 or storageTek tapeless
solution. In market, I think all customer will use tapeless soultion
instead of IBM 7740. Is it TRUE? Any comment will be appreciated. Many
thanks

Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech now).  
I have not worked with MDL (which I think is more of a small shop solution),
but I have with DLm.I've also worked with VSM, but it was always 
backed by physical tape.   BTW, the vendor is Oracle now, not Sun.

Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS   
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html 
Systems Programming expert at http://expertanswercenter.techtarget.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread Dennis Trojak

We've been using a TS7720 for 3 years now but we are NOT in a grid which makes 
for some interesting operational procedures. The virtual volumes are 
copied/stacked to physical volumes using TAPECOPY from OPENTECH which works 
just fine. Our only problem so far is restoring the data for HSM ML2 and backup 
tapes at our DR site since the restore must be to an  equivalent volume type 
and except for another VTS there aren't any 3490's that hold 4GB of data.
The other problem with only 1 TS7720 is applying maintenance to the machine. 
When the CE needs to install software updates it often takes 3-4 hours and that 
means NO tape access for that period.
Dennis

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Tommy Tsui
Sent: Wednesday, March 28, 2012 7:34 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Tapeless solution (IBM or Sun) Enterprise class

Our shop use B20 almost 5 years and sometime the IBM CE will notify me the
tape cannot be recovered or  the Gripper cannot move , some time need to
reboot the library console and re-inventory again. Any problems when use
VTS 7720? anyone can share?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

Yes, the maintenance time also need to aware, if you already form a grid it
will not interrupt you otherwise you need 3 or 4 hours to apply microcode
because the aix inside which like ds8000
On 2012-3-28 下午8:40, Dennis Trojak dennis.tro...@radioshack.com wrote:

 We've been using a TS7720 for 3 years now but we are NOT in a grid which
 makes for some interesting operational procedures. The virtual volumes are
 copied/stacked to physical volumes using TAPECOPY from OPENTECH which works
 just fine. Our only problem so far is restoring the data for HSM ML2 and
 backup tapes at our DR site since the restore must be to an  equivalent
 volume type and except for another VTS there aren't any 3490's that hold
 4GB of data.
 The other problem with only 1 TS7720 is applying maintenance to the
 machine. When the CE needs to install software updates it often takes 3-4
 hours and that means NO tape access for that period.
 Dennis

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
 Behalf Of Tommy Tsui
 Sent: Wednesday, March 28, 2012 7:34 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: Tapeless solution (IBM or Sun) Enterprise class

 Our shop use B20 almost 5 years and sometime the IBM CE will notify me the
 tape cannot be recovered or  the Gripper cannot move , some time need to
 reboot the library console and re-inventory again. Any problems when use
 VTS 7720? anyone can share?

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread David Cole


At 3/27/2012 04:06 PM, Joel C. Ewing wrote:
The concept of allowing average-Joe user to be able to download data 
from arbitrary sources in arbitrary formats and being able from that 
to somehow introduce executable code into the system in ways that 
will execute with special privileges so as to introduce a virus or 
trojan is an issue that is endemic to Windows platforms but foreign to z/OS.


Hmmm, excellent point!

I guess part of the problem with Windows systems is that there are so 
many file types that in one way or another are executables, including 
many file type that you do not expect to be executable! Example: I 
was blown away when I learned only a few years ago that .PDFs could 
be an executable! Who knew? Not me. But the Chinese did... (It was 
interesting to see the flurry of fixes that Adobe published over the 
two years or so following the attack against Google...)


Not only are so many file types executable, they often are executed 
by default! So it is a lot easier to let something maliscious slip in 
on a Windows system than it is on a mainframe.


On mainframes files generally do not get executed by default. It 
generally takes an intentional and direct act to run a program. So 
worrying about random files upload to the mainframe is an unnecessary 
distraction.


Dave

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/OS ftp and Unicode

2012-03-28 Thread Paul Gilmartin

On Tue, 27 Mar 2012 21:39:26 -0400, Shmuel Metz (Seymour J.) wrote:

WTF!?  Didn't Shmuel tell us that UTF-8 contains all of Unicode?

Yes, but I said nothiong about either IBM-424 or IBM-1047. Is there an
easy way to find what code point it's choking on? Also, I thought that
you wanted to tramslate IBM-424 to UTF-8, not UTF-8 to IBM-424.
 
Quite so.  Which is the reason I think FTP is in error for claiming
the data contain an invalid code point.  Using a z/OS UNIX
(whatever) temp file, it can all be done with a single FTP command
and a bizarre script:

# (Local stuff redacted) #
MEMBER=$1
DSN=TEST.TESTPRT
MVS_TEMP=/tmp/$MVS_USER

ftp $MVS_USER@$MVS_HOST end-of-ftp

ascii
quote site encoding=sbcs
quote site sbdataconn=(IBM-1047,ISO8859-1)
get $DSN($MEMBER) $MEMBER

put $MEMBER $MVS_TEMP/$MEMBER

quote site encoding=mbcs
quote site mbdataconn=(IBM-424,UTF-8)
get $MVS_TEMP/$MEMBER $MEMBER

delete $MVS_TEMP/$MEMBER
quit
end-of-ftp

cat $MEMBER

UGH!/

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Dana Mitchell

On Wed, 28 Mar 2012 08:27:44 -0500, Mark Zelden m...@mzelden.com wrote:

I tend to agree.  Too many shops I know of only upgrade because they don't
want to go beyond the EOS date.

But as long as we are supposing here.   Will they not extend the service 
discontinued date for 1.11 also?  As it stands now, 1.11 goes EOS as of 
2012/09/30,  but the next release will not be available until approx 
2013/09/30.  So from 9/2012 to 9/2013, only 1.12 and 1.13 supported?  Or will 
N-2 cease to be the supported coexistance policy?

Dana

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

Dennis Trojak dennis.tro...@radioshack.com wrote in message
news:3d40fdfc24014e459f11e569c730d98e05bd4...@ntexmbapb.corp.radioshack
.net...
 We've been using a TS7720 for 3 years now but we are NOT in a grid
which makes for some interesting operational procedures. The virtual
volumes are copied/stacked to physical volumes using TAPECOPY from
OPENTECH which works just fine. Our only problem so far is restoring the
data for HSM ML2 and backup tapes at our DR site since the restore must
be to an  equivalent volume type and except for another VTS there aren't
any 3490's that hold 4GB of data.
 The other problem with only 1 TS7720 is applying maintenance to the
machine. When the CE needs to install software updates it often takes
3-4 hours and that means NO tape access for that period.

We have a similar problem with our grid: in that period there is no
replication between the clusters, so we are not fully Disaster-Ready.
However, this can be solved by a 3-way grid. Nothing is impossible if
you have the money.

Kees.

 Dennis
 
 -Original Message-
 From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
Behalf Of Tommy Tsui
 Sent: Wednesday, March 28, 2012 7:34 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: Tapeless solution (IBM or Sun) Enterprise class
 
 Our shop use B20 almost 5 years and sometime the IBM CE will notify me
the
 tape cannot be recovered or  the Gripper cannot move , some time need
to
 reboot the library console and re-inventory again. Any problems when
use
 VTS 7720? anyone can share?
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Bill Fairchild

Ask the auditors, and/or hire an independent research consultant specializing 
in mainframe security, to find some published accounts of mainframe penetration 
that were NOT due to insiders; e.g., viruses.  Print your own copy of all such 
accounts.  Study them closely to see where the real weakness was.  Over the 
years I have heard of several mainframe penetrations and usurpations, but they 
were all due to insider activity.  The first one I heard about, however, was an 
outsider who found program listings in a trash can outside of the data center's 
building, which had been tossed there by developers inside the building and/or 
janitors at night.  The listings were not considered worth securing or 
shredding.  The perp went to prison for a while, then after being released he 
turned into a mainframe security consultant.  There are many things to consider 
besides anti-virus detections; e.g. who has keys to the data center room, to 
any of the offices containing terminals, logon passw!
 ord protection, etc.  Maybe the auditors have already checked out all these 
other areas, are just trying to be comprehensive, and do not understand that 
one size does not fit all.

Bill Fairchild

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
Greg Dorner
Sent: Tuesday, March 27, 2012 11:38 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Malicious Software Protection

No,. I'm not serious. But the auditors at PWC are.  I'm practicing my 
belly-laugh for when they actually want to discuss the issue. You are all 
telling me what I already knew, but I just wanted to get the feedback so it 
isn't just my understanding of it. 


Thanks everyone, for all the good quotes, quips, and entertainment!

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread J R

Farewell Walt.  Thanks for the memories.  

Was this your Last Post?  (In the British military sense; ie. Taps to most 
on this list.)  

===
  Date: Wed, 28 Mar 2012 07:28:58 -0500
 From: wfarr...@us.ibm.com
 Subject: Re: Malicious Software Protection
 To: IBM-MAIN@bama.ua.edu

 On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com 
 wrote:

 The reason I brought up this 'vulnerability' is that we hired a consultant
 a while back to look for weaknesses. Of course they were able to logon
 with a vanilla userid that had no special authority. And this is what they
 did.

 We all spend a lot of time and mental energy focused on how to protect
 ourselves from sophisticated attack. We look at APF. We look at SVC
 screening. We look at access to sensitive libraries. But this particular
 'denial of service' can be accomplished by anyone with a valid userid and
 password. And *only* because we lock up users for invalid password
 attempts. I'm just sayin'...

 It's just another form of disaster you have to plan for, Skip.

 It's easy, for example, to setup an STC that runs with an ID that has 
 SPECIAL, or that is the OWNER of some IDs that have SPECIAL, and have that 
 STC run IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that 
 have SPECIAL.

 If they all get locked out, you just run the STC and that set of IDs is 
 RESUMED. 

 The STC itself will be able to run, even if its ID has been revoked, and so 
 it provides protection against the issue you're suggesting.

 But yes, you need to be prepared for this, just as for anything that can 
 compromise your system.

 (Other alternatives exist, by the way, including emergency copies of the RACF 
 database that you can make available in such an emergency situation, but the 
 STC approach is the simplest, in my opinion. Nonetheless, I would also 
 recommend having an emergency RACF DB available, too, but that also goes 
 along with having emergency system residence volumes available.)

 -- 
 Walt Farrell
 IBM STSM, z/OS Security Design (for another half-hour or so)

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: LE enclave calls another LE enclave

2012-03-28 Thread Bernd Oppolzer

The Mains (and the PL/1 sub program test objects) are - or can be - 
DLLs, compiled with the RENT compile option, so they have to be called
using CEEFETCH, because the proper WSA initialization etc has to be done. 

This is the part of a co-worker, so I'm not totally sure about this, but 
I believe that he does it the same way at the moment for the Mains and 
non-Mains, and that is CEEFETCH. 

We are thinking about other solutions, too, for example: get rid of the 
first enclave and do the control work totally in ASSEMBLER, without LE. 
Then we could build seperate enclaves for every testcase (in the case of 
Mains, the Main would build the enclave, and in the case of Non-Mains, 
the driver would do it). 

I forgot to mention how the TRAP2 interrupt is done. The location of 
the entry point is calculated by analyzing the compiler and linkage editor 
listing at compile time, and then, before transferring control to the 
test object, a TRAP2 machine instruction is placed at the location of 
the entry point. The TRAP2 interruption is then captured by the driver 
exit, which replaces the (undefined) reg 1 parm list by the right one, 
which comes from the testcase database, and resumes execution. 

This way, we manage to construct the reg 1 parameter list and present the 
parameters to the test object at a time when all the initialization work 
has already been done. 

When returning from the test object, the output parameters are extracted
from the parameter area and written back to the testcase database (to verify 
the changes done by the test object and to enable regression testing). 

Kind regards

Bernd



Am Mittwoch, 28. März 2012 03:02 schrieben Sie:
 In 4f71e7c6.7080...@t-online.de, on 03/27/2012

at 06:16 PM, Bernd Oppolzer bernd.oppol...@t-online.de said:
 all works well, if the test object is a PL/1 subroutine and not a
 main program.

 How do you invoke the MAIN? CALL? LINK? ATTACH?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread Darth Keller

Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech now). 
I have not worked with MDL (which I think is more of a small shop 
solution),
but I have with DLm.I've also worked with VSM, but it was always 
backed by physical tape.   BTW, the vendor is Oracle now, not Sun.


So my understanding is the MDL was the HDS version of the DLM - the 
Bustech appliance ahead of HDS storage.  We have an HDS MDL which uses an 
AMS2500 for back-end storage.  It's also my understanding that the MDL is 
no longer available as such.  HDS now sells the Falconstor's VTL instead.

I would consider the DLM  the MDL to be roughly equivalent.  We are very 
happy with the performance of the MDL.
dd keller





This e-mail message and all attachments transmitted with it may
contain legally privileged and/or confidential information intended
solely for the use of the addressee(s). If the reader of this
message is not the intended recipient, you are hereby notified that
any reading, dissemination, distribution, copying, forwarding or
other use of this message or its attachments is strictly
prohibited. If you have received this message in error, please
notify the sender immediately and delete this message and all
copies and backups thereof. Thank you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

How to Unpair Volumes

2012-03-28 Thread George Rodriguez

I'm still fighting this battle with Fast Replication... Is there a way of
UNPAIRing volumes?
*
*
*George Rodriguez*
*Specialist II - IT Solutions*
*Application Support / Quality Assurance*
*PX - 47652*
*(561) 357-7652 (office)*
*(561) 707-3496 (mobile)*
*School District of Palm Beach County*
*3348 Forest Hill Blvd.*
*Room B-251*
*West Palm Beach, FL. 33406-5869*
*Florida's Only A-Rated Urban District For Seven Consecutive Years*

Home of Florida's first LEED Gold Certified School

Under Florida law, e-mail addresses are public records. If you do not want your 
e-mail address
released in response to a public records request, do not send electronic mail 
to this entity. 
Instead, contact this office by phone or in writing.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: How to Unpair Volumes

2012-03-28 Thread Pommier, Rex R.

George,

There are a couple TSO commands that may help with this.  The fcquery - with 
the showrels(all) parm - will tell you what FR relationships are in place, and 
the fcwithdr (fhashcopy withdraw) command will allow you to break the 
relationships.

Rex

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of 
George Rodriguez
Sent: Wednesday, March 28, 2012 10:22 AM
To: IBM-MAIN@bama.ua.edu
Subject: How to Unpair Volumes

I'm still fighting this battle with Fast Replication... Is there a way of
UNPAIRing volumes?
*
*
*George Rodriguez*
*Specialist II - IT Solutions*
*Application Support / Quality Assurance*
*PX - 47652*
*(561) 357-7652 (office)*
*(561) 707-3496 (mobile)*
*School District of Palm Beach County*
*3348 Forest Hill Blvd.*
*Room B-251*
*West Palm Beach, FL. 33406-5869*
*Florida's Only A-Rated Urban District For Seven Consecutive Years*

Home of Florida's first LEED Gold Certified School

Under Florida law, e-mail addresses are public records. If you do not want your 
e-mail address
released in response to a public records request, do not send electronic mail 
to this entity.
Instead, contact this office by phone or in writing.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

The information contained in this e-mail may contain confidential and/or 
privileged information and is intended for the sole use of the intended 
recipient. If you are not the intended recipient, you are hereby notified that 
any unauthorized use, disclosure, distribution or copying of this communication 
is strictly prohibited and that you will be held responsible for any such 
unauthorized activity, including liability for any resulting damages. As 
appropriate, such incident(s) may also be reported to law enforcement. If you 
received this e-mail in error, please reply to sender and destroy or delete the 
message and any attachments. Thank you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

On Wed, 28 Mar 2012 09:16:29 -0500, Dana Mitchell mitchd...@gmail.com wrote:

On Wed, 28 Mar 2012 08:27:44 -0500, Mark Zelden m...@mzelden.com wrote:

I tend to agree.  Too many shops I know of only upgrade because they don't
want to go beyond the EOS date.

But as long as we are supposing here.   Will they not extend the service 
discontinued date for 1.11 also?  As it stands now, 1.11 goes EOS as of 
2012/09/30,  but the next release will not be available until approx 
2013/09/30.  So from 9/2012 to 9/2013, only 1.12 and 1.13 supported?  Or will 
N-2 cease to be the supported coexistance policy?


I wouldn't expect so.  This new announcement (although not official yet) 
doesn't change
things in respect to z/OS 1.11.   It also doesn't keep you from upgrading to
z/OS 1.12 or z/OS 1.13 which you should have already been planning or 
been in the progress of doing based on the known EOS date for 1.11.

--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS   
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html 
Systems Programming expert at http://expertanswercenter.techtarget.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

On Wed, 28 Mar 2012 10:15:26 -0500, Darth Keller darth.kel...@assurant.com 
wrote:

Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech now).
I have not worked with MDL (which I think is more of a small shop
solution),
but I have with DLm.I've also worked with VSM, but it was always
backed by physical tape.   BTW, the vendor is Oracle now, not Sun.


So my understanding is the MDL was the HDS version of the DLM - the
Bustech appliance ahead of HDS storage.  We have an HDS MDL which uses an
AMS2500 for back-end storage.  It's also my understanding that the MDL is
no longer available as such.  HDS now sells the Falconstor's VTL instead.

I would consider the DLM  the MDL to be roughly equivalent.  We are very
happy with the performance of the MDL.
dd keller


Thanks for that clarification.  I really don't know the history behind the
Bus-tech and I think I used MDL when I shouldn't have to refer to
it pre- HDS (or is that not even correct).   Was the original just
called MAS (Mainframe Appliance for Storage). 


Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS   
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html 
Systems Programming expert at http://expertanswercenter.techtarget.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: LE C calling HLASM

2012-03-28 Thread Phil Smith

Steve Comstock wrote:
On 3/23/2012 2:57 PM, Phil Smith wrote:
Now for the next question: this allows us to implement variable parameter 
lists in C, by declaring the functions thus:
int SOMEFUNCTION(char *someparm, ...);

Is there an equivalent way to do this in PL/I?

In the declare of the subroutine, specify the word LIST in the last
argument descriptor, for example:

dcl avgyx entry (fixed bin(31),
  fixed decimal(7,2) optional,
  char (8),
  list byaddr)
  options(asm);

This indicates there are zero or more arguments from the point
of the LIST

Then, in the invocation, pass at least as many arguments as
arguments before the word LIST and any others you want:

call avgyx (test_no,
   weight,
   test_name,
   rand_var,
   score_low,
   score_high);

Hm. This isn't quite working:

Declare THEFN  External('THEFN') Entry(
 Char(*) byaddr,
 Char(*) byaddr,
 Fixed Bin(31) byaddr,
 Char(*) byaddr,
 Fixed Bin(31) byaddr,
 Char(*) byaddr
)
returns( byvalue Fixed Bin(31) )
options ( nodescriptor );

On compile, this gets RC=4 and:
IBM1214I W  35.0A dummy argument will be created for argument number
4 in entry reference VSHPROT. 

Then it linkedits OK but gets a ABENDU4038 on run. This differs from your 
recommendation by being an EXTERNAL function; I had to use NODESCRIPTOR because 
ASM isn't supported for functions, apparently.

Ideas?
--
...phsiii

Phil Smith III
p...@voltage.com
Voltage Security, Inc.
www.voltage.com
(703) 476-4511 (home office)
(703) 568-6662 (cell)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Edward Jaffe


On 3/28/2012 4:41 AM, Alvaro Guirao Lopez wrote:

zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14
will be available from 2013 and not 2012, so probably V1R12 will be out of
support about from 2014?


No. This is incorrect. z/OS 1.11 goes out of support _this_ year... in September 
2012.


--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
edja...@phoenixsoftware.com
http://www.phoenixsoftware.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Edward Jaffe


On 3/28/2012 5:08 AM, Bob Shannon wrote:

I attended SHARE. I looked at the positions the speakers have at IBM and 
concluded it's a done deal. Too much horsepower to be sending the wrong message.


Jeff Magdall (z/OS Product Development Team Leader) presented this information 
at the MVS Program Opening, Monday morning at SHARE in Atlanta. I believe he had 
charts showing all of the EOS dates for currently-supported and expected future 
releases. His entire presentation was only 10 minutes long. He didn't show any 
slide long enough for it to sink in. The room was dead quiet.


I wonder if he uploaded his presentation to the SHARE proceedings?

--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
edja...@phoenixsoftware.com
http://www.phoenixsoftware.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Edward Jaffe


On 3/28/2012 7:16 AM, Dana Mitchell wrote:


But as long as we are supposing here.   Will they not extend the service 
discontinued date for 1.11 also?


Asked and answered at the MVS Program Opening in Atlanta. The answer 
(paraphrased) from Jeff Magdall was, z/OS 1.11 will go out of service as 
already announced at the end of September 2012.


--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
edja...@phoenixsoftware.com
http://www.phoenixsoftware.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years - Vendor Perspective?

Starting a new thread:

One of the benefits of this change is supposed to allow shops to focus more
on business growth.  I do see that as a potential benefit.   I can also see it 
saving money for some of the larger shops that basically spend a year
ordering, installing and rolling out a new version - then doing it again the
next year.  On the negative side, that could also translate to some job cuts
if management thinks less work has to be done now. 

I'm interested in some vendor perspective.   Do you see this as a good
thing?  How much of your development resources are taken up just
making changes related to a new OS version or verifying your software 
functions with a new OS version?  Will this allow you to focus more on
product enhancements instead of just keeping up with z/OS changes.
Do you plan to come out with new releases less often?  For example,
many of the CA products have changed version or release numbers
pretty much in step with new z/OS releases.

Obviously some products integrate much more closely with z/OS and
internal OS changes than others, so I know the answer is it depends.  
So I guess I would be more interested in hearing from those vendors
that support software that typically does required changes or more 
extensive testing and verification to support z/OS changes.

Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS   
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html 
Systems Programming expert at http://expertanswercenter.techtarget.com/


 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Andy Wood

On Wed, 28 Mar 2012 07:29:22 -0400, Shmuel Metz (Seymour J.) 
shmuel+ibm-m...@patriot.net wrote:

. . .

That's only a vulnerability if such an SVC exists. You haven't shown
that. No SVC in z/OS that I'm aware of has such an STM. It would
certainly violate IBM's statement of integrity.


I have seen such an SVC, but it would not be the one Ray is talking about as it 
was locally written. I have no doubt other SVCs with the same problem exist, 
and it would not surprise me at all if some of them were vendor-supplied.

Over a period of about twenty years I found dozens of problems like that. 
Practically all of them were in software provided by the who's who of 
mainframe software  the guys most of you would call trusted vendors. 

The problems were often in SVC routines, or more specifically in the SVC 
frontends that could be found stacked waist-high on a typical system. 

The problems were usually coding errors of the nature of the R13 STM as 
described by Ray, however there were even deliberate backdoors.  For example, 
magic SVCs that could return control to the caller in supervisor state, or 
with JSCBAUTH turned on. Such backdoors may have  included some sort of 
checking to try to prevent misuse, but more often than not the checking could 
be defeated. Trust me, telling the good guys from the bad guys is very 
difficult when the bad guys refuse to cooperate. There was a problem of that 
nature in an early version of a certain IGX... module mentioned in a recent 
thread here.

Of course, the problem is not restricted to SVC routines. I found similar 
issues all over the place.

I have not done anything like that for over ten years now. Does that mean the 
problem has gone away? I doubt it, even though the last ten years has brought 
some improvements (for example, preventing allocation of user-key CSA by 
default). 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Assembler - convrssion of Epoch (Unix) time to printable

2012-03-28 Thread Arye Shemer

Thanks guys,
Real good stuff,
although I hoped for some pure and natural Assembler macro or
calling routine solution.
I will loot into the various approaches suggested here, and probably will
select the easiest one.

Thanks again,
Arye Shemer.
On 27 March 2012 21:43, Mike Schwab mike.a.sch...@gmail.com wrote:

 http://en.wikipedia.org/wiki/Unix_time
 0 is 1970 Jan 01 00:00:00 GMT or UTC (Starting point)
 1 is 1970 Jan 01 00:00:01 GMT or UTC (1 second)
 60 is 1970 Jan 01 00:01:00 GMT or UTC (1 minute)
 3600 is 1970 Jan 01 01:00:00 GMT or UTC (1 hour)
 86400 is 1970 Jan 02 00:00:00 GMT or UTC (1 day)
 2678400 is 1970 Feb 01 00:00:00 GMT or UTC (31 days)
 31536000 is 1971 Jan 01 00:00:00 GMT or UTC (365 days)
 315532809 is 1980 Jan 01 00:00:00 GMT or UTC (i3650 days plus 2 leap
 days plus 9 leap seconds http://en.wikipedia.org/wiki/Leap_second )

 On Tue, Mar 27, 2012 at 1:28 PM, Charles Mills charl...@mcn.org wrote:
  So Gil, you are saying that a UNIX time of, for example, 60, represents
 1:34
  am on 1/1/1970 -- or represents 0:26 am? (Theoretically -- there were no
  leap seconds before 1970.)
 
  Charles
 
  -Original Message-
  From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
 Behalf
  Of Paul Gilmartin
  Sent: Tuesday, March 27, 2012 6:30 AM
  To: IBM-MAIN@bama.ua.edu
  Subject: Re: Assembler - convrssion of Epoch (Unix) time to printable
 
  On Tue, 27 Mar 2012 07:47:39 -0500, McKown, John wrote:
 
  ..., the UNIX epoch is simply a number. The number of seconds since
  00:00:00 GMT 1 Jan 1970. It would be rather easy to convert to
  -mm-ddThh:mm:ss if it weren't for the leap seconds. Which may or
 may
  not be of any interest to you.
 
  Not really.  In effect, the origin of NTP shifts by one second every
 time a
  leap second occurs.  It is now 00:00:34 GMT 1 Jan 1970; in a little over
 3
  months it will be 00:00:35 GMT 1 Jan 1970.
 
 
 http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap04.html
 
 ... it is inappropriate to require that a time represented as seconds
 since the Epoch precisely represent the number of seconds between
 the referenced time and the Epoch.
 
  --
  For IBM-MAIN subscribe / signoff / archive access instructions,
  send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN



 --
 Mike A Schwab, Springfield IL USA
 Where do Forest Rangers go to get away from it all?

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Linda Mooney

Greetings to All, 



This link may help - 



http://www-03.ibm.com/systems/z/os/zos/support/zos_eos_dates.html   

Linda 

- Original Message -


From: Edward Jaffe edja...@phoenixsoftware.com 
To: IBM-MAIN@bama.ua.edu 
Sent: Wednesday, March 28, 2012 11:10:11 AM 
Subject: Re: z/os every two years 

On 3/28/2012 7:16 AM, Dana Mitchell wrote: 
 
 But as long as we are supposing here.   Will they not extend the service 
 discontinued date for 1.11 also? 

Asked and answered at the MVS Program Opening in Atlanta. The answer 
(paraphrased) from Jeff Magdall was, z/OS 1.11 will go out of service as 
already announced at the end of September 2012. 

-- 
Edward E Jaffe 
Phoenix Software International, Inc 
831 Parkview Drive North 
El Segundo, CA 90245 
310-338-0400 x318 
edja...@phoenixsoftware.com 
http://www.phoenixsoftware.com/ 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Ray Overby

Yes, I believe I have a way to attack a mainframe system where I don't 
have access.



Ray Overby
Key Resources, Inc.
Ensuring System Integrity for z/Series™
www.zassure.com
(312)574-0007


On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote:

Ray Overby wrote:


I am a vendor so take my post with a grain of salt. For those that don't like 
vendors to respond stop reading now.. (flame on)

I will take your post seriously. I have reviewed you webpage. Very interesting.

You confirmed what I suspected, especially after those threads about [mis]use 
of SVC.

One question if you don't mind please:

Can you use or prove your point (elevating TSO, suppress SMF, etc) without 
being given access to a system in the first place? The idea is that you could 
enter a system and elevate yourself and place somewhere a signature to prove 
that you could 'white hack' the target system.

Just a yes or no, please, because I realize that due to the nature not too much 
info can be divulged.



The ESM products did not stop the TSO user from exploiting this vulnerability.

Very true. ESM is just a database.

As said many times on RACF-L, it is the caller which call ESM, the ESM decides 
on what is found in its own database and report back with RC=0/4/8 plus reason 
codes.

It is up to the whatever caller to honour the RC from an ESM.



If you are not concerned that your users can crash your z/OS system at any time 
(maliciously or accidentally)

As I have said, it is the INSIDER who are probably the greatest threat.

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

The problem is we don't believe. :-)

--
Radoslaw Skorupka
Lodz, Poland

W dniu 2012-03-28 22:45, Ray Overby pisze:

Yes, I believe I have a way to attack a mainframe system where I don't
have access.

Ray Overby
Key Resources, Inc.
Ensuring System Integrity for z/Series™
www.zassure.com
(312)574-0007

On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote:

Ray Overby wrote:

I am a vendor so take my post with a grain of salt. For those that
don't like vendors to respond stop reading now.. (flame on)

I will take your post seriously. I have reviewed you webpage. Very
interesting.

You confirmed what I suspected, especially after those threads about
[mis]use of SVC.

One question if you don't mind please:

Can you use or prove your point (elevating TSO, suppress SMF, etc)
without being given access to a system in the first place? The idea is
that you could enter a system and elevate yourself and place somewhere
a signature to prove that you could 'white hack' the target system.

Just a yes or no, please, because I realize that due to the nature not
too much info can be divulged.

The ESM products did not stop the TSO user from exploiting this
vulnerability.

Very true. ESM is just a database.

As said many times on RACF-L, it is the caller which call ESM, the ESM
decides on what is found in its own database and report back with
RC=0/4/8 plus reason codes.

It is up to the whatever caller to honour the RC from an ESM.

If you are not concerned that your users can crash your z/OS system
at any time (maliciously or accidentally)

As I have said, it is the INSIDER who are probably the greatest threat.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread McKown, John

Just remember: The only secure computer is the one which is powered down. And 
likely smashed up by a sledge hammer. 

John McKown 

Systems Engineer IV

IT

 

Administrative Services Group

 

HealthMarkets®

 

9151 Boulevard 26 . N. Richland Hills . TX 76010

(817) 255-3225 phone . 

john.mck...@healthmarkets.com . www.HealthMarkets.com

 

Confidentiality Notice: This e-mail message may contain confidential or 
proprietary information. If you are not the intended recipient, please contact 
the sender by reply e-mail and destroy all copies of the original message. 
HealthMarkets® is the brand name for products underwritten and issued by the 
insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance 
Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA 
Life and Health Insurance Company.SM

 

 -Original Message-
 From: IBM Mainframe Discussion List 
 [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of R.S.
 Sent: Wednesday, March 28, 2012 4:14 PM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: Malicious Software Protection
 
 The problem is we don't believe. :-)
 
 
 -- 
 Radoslaw Skorupka
 Lodz, Poland
 
 
 
 W dniu 2012-03-28 22:45, Ray Overby pisze:
  Yes, I believe I have a way to attack a mainframe system 
 where I don't
  have access.
 
 
  Ray Overby
  Key Resources, Inc.
  Ensuring System Integrity for z/SeriesT
  www.zassure.com
  (312)574-0007
 
 
  On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote:
  Ray Overby wrote:
 
  I am a vendor so take my post with a grain of salt. For those that
  don't like vendors to respond stop reading now.. (flame on)
  I will take your post seriously. I have reviewed you webpage. Very
  interesting.
 
  You confirmed what I suspected, especially after those 
 threads about
  [mis]use of SVC.
 
  One question if you don't mind please:
 
  Can you use or prove your point (elevating TSO, suppress SMF, etc)
  without being given access to a system in the first place? 
 The idea is
  that you could enter a system and elevate yourself and 
 place somewhere
  a signature to prove that you could 'white hack' the target system.
 
  Just a yes or no, please, because I realize that due to 
 the nature not
  too much info can be divulged.
 
 
  The ESM products did not stop the TSO user from exploiting this
  vulnerability.
  Very true. ESM is just a database.
 
  As said many times on RACF-L, it is the caller which call 
 ESM, the ESM
  decides on what is found in its own database and report back with
  RC=0/4/8 plus reason codes.
 
  It is up to the whatever caller to honour the RC from an ESM.
 
 
  If you are not concerned that your users can crash your 
 z/OS system
  at any time (maliciously or accidentally)
  As I have said, it is the INSIDER who are probably the 
 greatest threat.
 
 
 --
 Tre tej wiadomoci moe zawiera informacje prawnie 
 chronione Banku przeznaczone wycznie do uytku subowego 
 adresata. Odbiorc moe by jedynie jej adresat z wyczeniem 
 dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej 
 wiadomoci lub pracownikiem upowanionym do jej przekazania 
 adresatowi, informujemy, e jej rozpowszechnianie, 
 kopiowanie, rozprowadzanie lub inne dziaanie o podobnym 
 charakterze jest prawnie zabronione i moe by karalne. 
 Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
 zawiadomi nadawc wysyajc odpowied oraz trwale usun t 
 wiadomo wczajc w to wszelkie jej kopie wydrukowane lub 
 zapisane na dysku.
 
 This e-mail may contain legally privileged information of the 
 Bank and is intended solely for business use of the 
 addressee. This e-mail may only be received by the addressee 
 and may not be disclosed to any third parties. If you are not 
 the intended addressee of this e-mail or the employee 
 authorised to forward it to the addressee, be advised that 
 any dissemination, copying, distribution or any other similar 
 activity is legally prohibited and may be punishable. If you 
 received this e-mail by mistake please advise the sender 
 immediately by using the reply facility in your e-mail 
 software and delete permanently this e-mail including any 
 copies of it either printed or saved to hard drive. 
 
 BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 
 (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, 
 e-mail: i...@brebank.pl
 Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy 
 Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 
 025237, NIP: 526-021-50-88. 
 Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE 
 Banku SA (w caoci wpacony) wynosi 168.410.984 zotych.
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,

Re: Malicious Software Protection

2012-03-28 Thread Scott Ford

Walt,

May the wind be at your back...god bless enjoy your much earned retirement

Sent from my iPad
Scott Ford
Senior Systems Engineer
www.identityforge.com



On Mar 28, 2012, at 8:28 AM, Walt Farrell wfarr...@us.ibm.com wrote:

 On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson jo.skip.robin...@sce.com 
 wrote:
 
 The reason I brought up this 'vulnerability' is that we hired a consultant
 a while back to look for weaknesses. Of course they were able to logon
 with a vanilla userid that had no special authority. And this is what they
 did.
 
 We all spend a lot of time and mental energy focused on how to protect
 ourselves from sophisticated attack. We look at APF. We look at SVC
 screening. We look at access to sensitive libraries. But this particular
 'denial of service' can be accomplished by anyone with a valid userid and
 password. And *only* because we lock up users for invalid password
 attempts. I'm just sayin'...
 
 It's just another form of disaster you have to plan for, Skip.
 
 It's easy, for example, to setup an STC that runs with an ID that has 
 SPECIAL, or that is the OWNER of some IDs that have SPECIAL, and have that 
 STC run IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that 
 have SPECIAL.
 
 If they all get locked out, you just run the STC and that set of IDs is 
 RESUMED. 
 
 The STC itself will be able to run, even if its ID has been revoked, and so 
 it provides protection against the issue you're suggesting.
 
 But yes, you need to be prepared for this, just as for anything that can 
 compromise your system.
 
 (Other alternatives exist, by the way, including emergency copies of the RACF 
 database that you can make available in such an emergency situation, but the 
 STC approach is the simplest, in my opinion. Nonetheless, I would also 
 recommend having an emergency RACF DB available, too, but that also goes 
 along with having emergency system residence volumes available.)
 
 -- 
 Walt Farrell
 IBM STSM, z/OS Security Design (for another half-hour or so)
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

2012-03-28 Thread Paul Gilmartin

On Wed, 28 Mar 2012 23:13:58 +0200, R.S. wrote:

The problem is we don't believe. :-)

It's easy.  Bribe the sysadmin.  (FSVO access.)

W dniu 2012-03-28 22:45, Ray Overby pisze:
 Yes, I believe I have a way to attack a mainframe system where I don't
 have access.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

On Wed, 28 Mar 2012 20:35:03 +, Linda Mooney linda.lst...@comcast.net 
wrote:

This link may help - 

http://www-03.ibm.com/systems/z/os/zos/support/zos_eos_dates.html 


Not really. :-) It doesn't take into account the changes that will be announced.

It isn't wrong since the z/OS 1.12 date has an asterisks that states that the
EOS date is projected, but that date should move to the right.

Mark 
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS   
mailto:m...@mzelden.com
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html 
Systems Programming expert at http://expertanswercenter.techtarget.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: z/os every two years

2012-03-28 Thread Alvaro Guirao Lopez

Edward, I mean 2012, thanks for the correction.

2012/3/28 Edward Jaffe edja...@phoenixsoftware.com

 On 3/28/2012 4:41 AM, Alvaro Guirao Lopez wrote:

 zOS V1R11 is out of support at 30/09/2011, with this new issue z/OS V1R14
 will be available from 2013 and not 2012, so probably V1R12 will be out of
 support about from 2014?


 No. This is incorrect. z/OS 1.11 goes out of support _this_ year... in
 September 2012.

 --
 Edward E Jaffe
 Phoenix Software International, Inc
 831 Parkview Drive North
 El Segundo, CA 90245
 310-338-0400 x318
 edja...@phoenixsoftware.com
 http://www.phoenixsoftware.**com/ http://www.phoenixsoftware.com/


 --**--**--
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN




-- 
Un saludo.
Álvaro Guirao

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Malicious Software Protection

W dniu 2012-03-28 23:39, Paul Gilmartin pisze:

On Wed, 28 Mar 2012 23:13:58 +0200, R.S. wrote:

The problem is we don't believe. :-)

It's easy. Bribe the sysadmin. (FSVO access.)

That's what I always mention. Bribe or blackmail. The last one is much
more efficient IMHO, but both used to work.

--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Seven-Digit JES2 Job Number

2012-03-28 Thread Dave Barry

We recently changed JES2 on a development z/OS LPAR to use seven-digit instead 
of five-digit job numbers.  A coworker pointed out to me what appeared to be an 
increase in initiator input queue time on the LPAR after the change.  My 
suspicion is that the increase was coincidental, but I have no way of 
conducting a true benchmark.

Has anybody on the list noticed such an effect after converting to seven-digit 
job numbers?

Thanks in advance for your comments.

db

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class

2012-03-28 Thread Ron Hawkins

Darth,

You said  HDS now sells the Falconstor's VTL instead.

To be pedantic, that's not entirely true. We have a lot of successful
Falconstore implementations on the dark side of the computer room, but for
mainframe you need something that virtualizes mainframe tape drives like
Luminex or Secure Agent, and hands off the data to Falconstore. We can use
VSP, AMS, or virtualized ACME brand disk as the back store with this
solution.


Ron

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
 Behalf Of Darth Keller
 Sent: Wednesday, March 28, 2012 8:15 AM
 To: IBM-MAIN@bama.ua.edu
 Subject: Re: [IBM-MAIN] Tapeless solution (IBM or Sun) Enterprise class
 
 Have you considered EMC DLm or Bus-tech MDL (EMC owns Bus-tech
 now).
 I have not worked with MDL (which I think is more of a small shop
 solution),
 but I have with DLm.I've also worked with VSM, but it was always
 backed by physical tape.   BTW, the vendor is Oracle now, not Sun.
 
 
 So my understanding is the MDL was the HDS version of the DLM - the
 Bustech appliance ahead of HDS storage.  We have an HDS MDL which uses
 an
 AMS2500 for back-end storage.  It's also my understanding that the MDL is
no
 longer available as such.  HDS now sells the Falconstor's VTL instead.
 
 I would consider the DLM  the MDL to be roughly equivalent.  We are very
 happy with the performance of the MDL.
 dd keller
 
 
 
 
 
 This e-mail message and all attachments transmitted with it may
 contain legally privileged and/or confidential information intended
 solely for the use of the addressee(s). If the reader of this
 message is not the intended recipient, you are hereby notified that
 any reading, dissemination, distribution, copying, forwarding or
 other use of this message or its attachments is strictly
 prohibited. If you have received this message in error, please
 notify the sender immediately and delete this message and all
 copies and backups thereof. Thank you.
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Re: Tapeless solution (IBM or Sun) Enterprise class