IBMLINK -- AGAIN?
Anybody else? . 504 Gateway Time-out James (Jim) Chappell 503 745-7841 503 349-5603(cell) james.chapp...@daimler.com Daimler Trucks North America LLC If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLINK -- AGAIN?
I'm in - first try. Alan Schwartz -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Jim Chappell Sent: Tuesday, May 19, 2009 8:43 AM To: IBM-MAIN@bama.ua.edu Subject: IBMLINK -- AGAIN? Anybody else? . 504 Gateway Time-out James (Jim) Chappell 503 745-7841 503 349-5603(cell) james.chapp...@daimler.com Daimler Trucks North America LLC If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLINK -- AGAIN?
Works for me just fine. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Jim Chappell Sent: Tuesday, May 19, 2009 9:43 AM To: IBM-MAIN@bama.ua.edu Subject: IBMLINK -- AGAIN? Anybody else? . 504 Gateway Time-out James (Jim) Chappell 503 745-7841 503 349-5603(cell) james.chapp...@daimler.com Daimler Trucks North America LLC If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLINK -- AGAIN?
I'm in too. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Validation on client side was Re: IBMLink, again
On 29 Mar 2008 17:33:40 -0700, in bit.listserv.ibm-main you wrote: On 29/03/2008, Paul Gilmartin [EMAIL PROTECTED] wrote: There's a thread ongoing in MVS-OE on CGI security. The first principle is: don't trust data received over the network. The second is: don't trust Javascript validation on the client side. Always remember that your potential adversary controls the client. There's a recent thread on Bruce Schneier's blog on The Security Mindset. http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Somehow it seems that people either think this way or they don't. That anyone in 2008 could consider for a moment doing validation of anything important on the client side is astonishing. To save hassle to the person at the keyboard, I would validate what I can on the client side and revalidate with paranoia on the server. This is to cut down on the number of transmissions. Clark Morris Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Validation on client side was Re: IBMLink, again
-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Clark Morris Sent: Tuesday, April 01, 2008 7:36 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Validation on client side was Re: IBMLink, again On 29 Mar 2008 17:33:40 -0700, in bit.listserv.ibm-main you wrote: On 29/03/2008, Paul Gilmartin [EMAIL PROTECTED] wrote: There's a thread ongoing in MVS-OE on CGI security. The first principle is: don't trust data received over the network. The second is: don't trust Javascript validation on the client side. Always remember that your potential adversary controls the client. There's a recent thread on Bruce Schneier's blog on The Security Mindset. http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Somehow it seems that people either think this way or they don't. That anyone in 2008 could consider for a moment doing validation of anything important on the client side is astonishing. To save hassle to the person at the keyboard, I would validate what I can on the client side and revalidate with paranoia on the server. This is to cut down on the number of transmissions. Clark Morris This is what I do. I use Javascript on the client side simply as a favor to the user so that they can have errors detected earlier. On the server side, I trust nothing coming in from the client. Everything is validated. Even if I know for dead certain sure that the value cannot be wrong. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
On Fri, 28 Mar 2008 12:12:03 -0400, Tony Harminc wrote: On 27/03/2008, Bruce Hewson wrote: I would assume, like on some web screens we use here, that the text input fields are not transparent. By that I mean the characters entered are treated as HTTP control characters, or something like that. This sort of behaviour on a web page is a great place to look for security holes like code injection. Maybe that would help IBM see the light. IBM says: We are aware of this issue and the development team is working on a fix. The problem is with less than and greater than symbols being interpreted as HTML tags. In most cases, using the Printable version link at the bottom of the page is the workaround. However, there have been some ... A truly naive blunder, particularly given that they were able to get it right on one page but not on another from the same source. (and the Printable version is naive in its own way: I looked at the raw HTML and it uses nbsp; pervasively, pointlessly between PRE and /PRE tags. And I can imagine some printers considering NBSP (ASCII 0xA0) not to be very Printable.) I wonder what would happen if someone were to take an open-source 3270 emulator (or browser) and hack it to transmit 3270 command codes in the POST data? One might thus create a page that would display correctly in a browser but fail with TERMINAL ERROR on a 3270. There's a thread ongoing in MVS-OE on CGI security. The first principle is: don't trust data received over the network. The second is: don't trust Javascript validation on the client side. Always remember that your potential adversary controls the client. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
On 29/03/2008, Paul Gilmartin [EMAIL PROTECTED] wrote: There's a thread ongoing in MVS-OE on CGI security. The first principle is: don't trust data received over the network. The second is: don't trust Javascript validation on the client side. Always remember that your potential adversary controls the client. There's a recent thread on Bruce Schneier's blog on The Security Mindset. http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Somehow it seems that people either think this way or they don't. That anyone in 2008 could consider for a moment doing validation of anything important on the client side is astonishing. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
On 27/03/2008, Bruce Hewson [EMAIL PROTECTED] wrote: I would assume, like on some web screens we use here, that the text input fields are not transparent. By that I mean the characters entered are treated as HTTP control characters, or something like that. I am trying to convince some of our local system builders that text input fields should allow ANY character to be enteredbut they keep saying cannot. I see that IBM have said they would correct the problem. But that wont help my local code problem. This sort of behaviour on a web page is a great place to look for security holes like code injection. Maybe that would help IBM see the light. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
I've got the same problem with two currently open etr's that contain a sting of hex data. It is entirely viewable on 3270 IBMLINK however. ___ Dave Jousma Assistant Vice President Mainframe Services [EMAIL PROTECTED] 616.653.8429 -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Paul [EMAIL PROTECTED] Sent: Wednesday, March 26, 2008 7:05 PM To: IBM-MAIN@bama.ua.edu Subject: IBMLink, again My latest update to Record 79232,033,000: RESPOND ELECTRONICALLY: cp-extent Yow! I attempted to update this by adding a 40-line example in C, followed by some comments. This appears to have overstressed IBMLink: Most of my C code is missing; the remainder is garbled, and IBM's LAST TWO UPDATES ARE ENTIRELY MISSING. I guess that's OK because I really wasn't very happy with what IBM had to say. -- gil (Summarizing, they said WAD, of course. My comments, which survived, were a courteous (yes!) disagreement with WAD.) I had thought it an advantage of IBMLink WWW that I could so easily cut-and-paste samples, test cases, and log excerpts. I guess I should exercise moderation. (Unlikely?) -- gil This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
On Thu, 27 Mar 2008 06:01:13 -0400, Jousma, David wrote: I've got the same problem with two currently open etr's that contain a sting of hex data. It is entirely viewable on 3270 IBMLINK however. Is that: tn3270://ibmlink.advantis.com ... ? That tells me my ID has been revoked. I guess it was Use it or lose it. Did you make your updates via WWW or 3270? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
You can get your ID unrevoked if you call the 800 number. They just wont create new ID's anymore. Since the text was cutoff, I had to resort to updating the PMR via the 3270 interface. As a side-note, I attended the IBMLINK SHARE presentation, and the IBM Program manager that owns IBMLINK specifically asked for feedback on problems when calls to support didn't help. I forwarded to him two of my PMR's where this is happening. If you want to get in the action, go check out Share session 2839, and go to the last slide. His name, email, and direct phone number are listed. I just ask that you don't abuse it.. Dave ___ Dave Jousma Assistant Vice President Mainframe Services [EMAIL PROTECTED] 616.653.8429 -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Paul Gilmartin Sent: Thursday, March 27, 2008 6:35 AM To: IBM-MAIN@bama.ua.edu Subject: Re: IBMLink, again On Thu, 27 Mar 2008 06:01:13 -0400, Jousma, David wrote: I've got the same problem with two currently open etr's that contain a sting of hex data. It is entirely viewable on 3270 IBMLINK however. Is that: tn3270://ibmlink.advantis.com ... ? That tells me my ID has been revoked. I guess it was Use it or lose it. Did you make your updates via WWW or 3270? This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
Hi Gil, I would assume, like on some web screens we use here, that the text input fields are not transparent. By that I mean the characters entered are treated as HTTP control characters, or something like that. I am trying to convince some of our local system builders that text input fields should allow ANY character to be enteredbut they keep saying cannot. I see that IBM have said they would correct the problem. But that wont help my local code problem. Regards Bruce Hewson -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
IBMLink, again
My latest update to Record 79232,033,000: RESPOND ELECTRONICALLY: cp-extent Yow! I attempted to update this by adding a 40-line example in C, followed by some comments. This appears to have overstressed IBMLink: Most of my C code is missing; the remainder is garbled, and IBM's LAST TWO UPDATES ARE ENTIRELY MISSING. I guess that's OK because I really wasn't very happy with what IBM had to say. -- gil (Summarizing, they said WAD, of course. My comments, which survived, were a courteous (yes!) disagreement with WAD.) I had thought it an advantage of IBMLink WWW that I could so easily cut-and-paste samples, test cases, and log excerpts. I guess I should exercise moderation. (Unlikely?) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLink, again
thanks Paul [EMAIL PROTECTED] wrote: My latest update to Record 79232,033,000: RESPOND ELECTRONICALLY: cp-extent Yow! I attempted to update this by adding a 40-line example in C, followed by some comments. This appears to have overstressed IBMLink: Most of my C code is missing; the remainder is garbled, and IBM's LAST TWO UPDATES ARE ENTIRELY MISSING. I guess that's OK because I really wasn't very happy with what IBM had to say. -- gil (Summarizing, they said WAD, of course. My comments, which survived, were a courteous (yes!) disagreement with WAD.) I had thought it an advantage of IBMLink WWW that I could so easily cut-and-paste samples, test cases, and log excerpts. I guess I should exercise moderation. (Unlikely?) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Kevin M. Keyes Director of International Operations Phoenix Software International 310-338-0400 Ext: 310 [EMAIL PROTECTED] www.phoenixsoftware.com www.vikingsoft.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLINK again
That's normal. If you leave the field blank and hit enter you get a series of panels guiding you through the software choices until you get to the component you want to report on. -Original Message- From: Robert Justice [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 15, 2006 5:16 PM To: IBM-MAIN@BAMA.UA.EDU Subject: IBMLINK again Now I'm trying to open an etr and getting this message: from web page: The component ID you entered is not valid. Enter a valid component ID or, if you cannot identify it, do one of these: (a) leave the component ID blank and press Enter to see routing assistance prompts; (b) type 'unknown' in the Component ID field and press Enter to send the item to an IBM Support Center that provides routing assistance. or from green screen: The component ID you entered is not valid. Enter a valid component ID or, if you cannot identify it, do one of the following: Move the cursor to the Component ID field and press the Prompt key (F4) to select from a list of component IDs contained in the online Product Cross- Reference. Leave the component ID blank and press Enter to see routing assistance prompts. Type 'unknown' in the Component ID field and press Enter to send the item to an IBM Support Center that provides routing assistance. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
IBMLINK again
Now I'm trying to open an etr and getting this message: from web page: The component ID you entered is not valid. Enter a valid component ID or, if you cannot identify it, do one of these: (a) leave the component ID blank and press Enter to see routing assistance prompts; (b) type 'unknown' in the Component ID field and press Enter to send the item to an IBM Support Center that provides routing assistance. or from green screen: The component ID you entered is not valid. Enter a valid component ID or, if you cannot identify it, do one of the following: Move the cursor to the Component ID field and press the Prompt key (F4) to select from a list of component IDs contained in the online Product Cross- Reference. Leave the component ID blank and press Enter to see routing assistance prompts. Type 'unknown' in the Component ID field and press Enter to send the item to an IBM Support Center that provides routing assistance. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
IBMLINK again
OK, in what language does Envair translate to Send or Submit, about half of some IBMLINK panels changed to a different language today. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLINK again
-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Rugen, Len Sent: Wednesday, October 18, 2006 8:53 AM To: IBM-MAIN@BAMA.UA.EDU Subject: IBMLINK again OK, in what language does Envair translate to Send or Submit, about half of some IBMLINK panels changed to a different language today. Spanish. WOW! IBM is trying to force us to be bilingual? -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBMLINK again
At least you can get it to respond to you, which is more than I can achieve at the moment. Jon snip OK, in what language does Envair translate to Send or Submit, about half of some IBMLINK panels changed to a different language today. /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html